Module Name: src
Committed By: martin
Date: Fri Aug 11 14:35:26 UTC 2023
Modified Files:
src/etc [netbsd-10]: security
src/etc/defaults [netbsd-10]: rc.conf
src/lib/libc/gen [netbsd-10]: getentropy.3
src/lib/libc/sys [netbsd-10]: getrandom.2
src/share/man/man4 [netbsd-10]: rnd.4
src/share/man/man5 [netbsd-10]: rc.conf.5
src/share/man/man7 [netbsd-10]: entropy.7
src/share/man/man9 [netbsd-10]: rnd.9
src/sys/crypto/cprng_fast [netbsd-10]: cprng_fast.c
src/sys/dev/pci [netbsd-10]: hifn7751.c ubsec.c viornd.c
src/sys/kern [netbsd-10]: kern_clock.c kern_entropy.c subr_cprng.c
subr_prf.c
src/sys/sys [netbsd-10]: rndio.h rndsource.h
src/tests/lib/libc/sys [netbsd-10]: t_getrandom.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #319):
sys/dev/pci/ubsec.c: revision 1.64
sys/dev/pci/hifn7751.c: revision 1.82
lib/libc/gen/getentropy.3: revision 1.5
lib/libc/gen/getentropy.3: revision 1.6
share/man/man4/rnd.4: revision 1.41
lib/libc/sys/getrandom.2: revision 1.2
lib/libc/sys/getrandom.2: revision 1.3
share/man/man5/rc.conf.5: revision 1.193
share/man/man7/entropy.7: revision 1.5
share/man/man7/entropy.7: revision 1.6
share/man/man7/entropy.7: revision 1.7
share/man/man7/entropy.7: revision 1.8
etc/security: revision 1.130
share/man/man7/entropy.7: revision 1.9
etc/security: revision 1.131
sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
sys/sys/rndio.h: revision 1.3
tests/lib/libc/sys/t_getrandom.c: revision 1.5
etc/defaults/rc.conf: revision 1.164
etc/defaults/rc.conf: revision 1.165
sys/sys/rndsource.h: revision 1.10
sys/kern/kern_entropy.c: revision 1.62
sys/kern/kern_entropy.c: revision 1.63
sys/kern/kern_entropy.c: revision 1.64
sys/kern/subr_cprng.c: revision 1.44
sys/kern/kern_entropy.c: revision 1.65
sys/kern/kern_clock.c: revision 1.149
sys/dev/pci/viornd.c: revision 1.22
share/man/man9/rnd.9: revision 1.32
sys/kern/subr_prf.c: revision 1.202
sys/sys/rndsource.h: revision 1.8
sys/sys/rndsource.h: revision 1.9
share/man/man7/entropy.7: revision 1.10
1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
parallel with assessment of only confident entropy sources (seed,
HWRNG) for security warnings like sshd keys in motd and daily
insecurity report.
2. Make multiuser boot wait for first /dev/random output soon after
loading a seed and configuring rndctl, so that getentropy(3) meets
its contract starting early at boot without introducing blocking
paths that could cause hangs in init(8) or single-user mode.
Operators can choose to disable this wait in rc.conf.
3. Fix some bugs left over from reducing the global entropy lock from
a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.
4. Update man pages.
To generate a diff of this commit:
cvs rdiff -u -r1.129 -r1.129.2.1 src/etc/security
cvs rdiff -u -r1.162 -r1.162.2.1 src/etc/defaults/rc.conf
cvs rdiff -u -r1.4 -r1.4.2.1 src/lib/libc/gen/getentropy.3
cvs rdiff -u -r1.1 -r1.1.6.1 src/lib/libc/sys/getrandom.2
cvs rdiff -u -r1.40 -r1.40.2.1 src/share/man/man4/rnd.4
cvs rdiff -u -r1.192 -r1.192.2.1 src/share/man/man5/rc.conf.5
cvs rdiff -u -r1.4 -r1.4.2.1 src/share/man/man7/entropy.7
cvs rdiff -u -r1.31 -r1.31.2.1 src/share/man/man9/rnd.9
cvs rdiff -u -r1.18 -r1.18.4.1 src/sys/crypto/cprng_fast/cprng_fast.c
cvs rdiff -u -r1.80 -r1.80.4.1 src/sys/dev/pci/hifn7751.c
cvs rdiff -u -r1.62 -r1.62.4.1 src/sys/dev/pci/ubsec.c
cvs rdiff -u -r1.18.4.1 -r1.18.4.2 src/sys/dev/pci/viornd.c
cvs rdiff -u -r1.148 -r1.148.4.1 src/sys/kern/kern_clock.c
cvs rdiff -u -r1.57.4.3 -r1.57.4.4 src/sys/kern/kern_entropy.c
cvs rdiff -u -r1.43 -r1.43.4.1 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.196.2.1 -r1.196.2.2 src/sys/kern/subr_prf.c
cvs rdiff -u -r1.2 -r1.2.50.1 src/sys/sys/rndio.h
cvs rdiff -u -r1.7 -r1.7.20.1 src/sys/sys/rndsource.h
cvs rdiff -u -r1.4 -r1.4.2.1 src/tests/lib/libc/sys/t_getrandom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
