ecting it based on configuration.
I.e., if the box is configured to boot in FIPS mode, it should use NIST
SP800-90 HMAC-DRBG adaptor. Otherwise, it uses the default FreeBSD
adaptor (Fortuna I guess).
We do not need ability to switch adaptors at run-time.
Thanks
--
Arthur Mesh
Juniper Networ
od check list item for people evaluating the use of freebsd in an
> appliance.
Adrian,
Absolutely, once our FIPS lab approves our implementation. Otherwise, it
may cause more harm than good.
--
Arthur Mesh
Juniper Networks
+1 408 936-4968
pgpBvL1bWKrEW.pgp
Description: PGP signature
* In case where both the random driver and RNG's are built
* as seperate modules, random.ko is loaded prior to *_rng.ko's
* (by dependency). This event handler is there to delay
* creation of /dev/{u,}random and attachment of this *_rng.ko.
*/
EVENTHANDLER_INVOKE(random_adaptor_attach, &random_hmac_drbg);
return (0);
}
return (EINVAL);
}
RANDOM_ADAPTOR_MODULE(random_hmac_drbg, random_hmac_drbg_modevent, 1);
--
Arthur Mesh
Juniper Networks
+1 408 936-4968
pgp_tB5_CRwr2.pgp
Description: PGP signature
Funny, I've also implemented RdRand backing for /dev/random over the
weekend, w/o being aware of kib@'s work. Oh well.
One comment I have: IVY_RNG is potentially not the best name. RdRand
will be available on future architectures, such as Haswell.
Perhaps RDRAND_RNG would make a better name?
Th
On Wed, Sep 12, 2012 at 07:33:02AM +0300, Konstantin Belousov wrote:
> Can you submit the desired patch ?
Sure,
Index: sys/i386/conf/GENERIC
===
--- sys/i386/conf/GENERIC (revision 240406)
+++ sys/i386/conf/GENERIC (worki
