aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add BUGS file.HEADmasterJeff Garzik2013-04-181-0/+7
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd.8: Delete obsolete FIXMEJeff Garzik2013-04-181-1/+0
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Provide support for RDRAND capable systems that don't have AES-NI.John Mechalas2013-04-182-6/+129
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Fix the AES keys so that they are correct and match the comments.John Mechalas2013-04-181-11/+11
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Update FSF mailing address in license.Jeff Garzik2012-08-0614-15/+15
| | | | | | Caught by rpmlint. Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngtest.1.in: Import spelling fixes from FedoraJeff Garzik2012-08-061-2/+2
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Release version 4.Jeff Garzik2012-08-022-1/+11
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Polish README a bit.Jeff Garzik2012-08-021-2/+7
|
* rngd: As long as FIPS error rates are low, re-try the same sourceH. Peter Anvin2012-08-021-1/+5
| | | | | | | | | | | Allow for a small number of FIPS errors before advancing to the next source. This prevents a high bandwidth source from stalling out by shifting to a low bandwidth source (e.g. DRNG->TPM) just because of a single FIPS failure. FIPS failures are frequent enough (1:1250) that this happens on a regular basis. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd: Initialize RNGs in order of preferenceH. Peter Anvin2012-08-021-1/+1
| | | | | | | | | The DRNG entropy source, if present, is going to be orders of magnitudes faster than most other sources, so initialize it first so that it shows up first in the list. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd: Allow up to a 1:1000 false error rate on FIPS testsH. Peter Anvin2012-08-022-5/+11
| | | | | | | | | | | | | The FIPS tests have a measured false positive error rate of approximately 1:1250. In order to not permanently disable a functioning random number source under high traffic, allow one failure per 1000 successful blocks. However, never allow more than 25 subsequent failures; this is handled by not allowing the failures counter to go below zero. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd: don't open the TPM if hwrng is availableH. Peter Anvin2012-08-021-2/+2
| | | | | | | | | | If /dev/hwrng is avaiable, do not open the TPM. Newer kernels export TPM randomness via /dev/hwrng; this properly handles multiplexing of the TPM so that we don't interfere with TrouSerS. Thus, we don't want to open /dev/tpm0 if we can open /dev/hwrng. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd_linux: Log a warning if write_wakeup_threshold can't be adjustedH. Peter Anvin2012-08-021-2/+11
| | | | | | | | If we fail to write write_wakeup_threshold, log a warning but continue. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd_rdrand: Actually perform the correct AES data reductionH. Peter Anvin2012-08-021-42/+23
| | | | | | | | | | | The pointers were confused in such a way that the AES data reduction wasn't actually being performed. Furthermore, architecturally we need a 512:1 data reduction, rather than 128:1. Finally, initialize the IV to random value during startup and remove some unnecessary buffer shuffling. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* drng: Move DRNG code to a separate file and make safe on non-x86H. Peter Anvin2012-08-024-149/+200
| | | | | | | | | Move all the DRNG code to a separate file, and make sure it is properly stubbed out on non-x86. Furthermore, fix the CPUID bits we check for; in particular we need AES-ni for the whitening code. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rdrand_asm.S: Mark stack non-executableH. Peter Anvin2012-08-021-0/+6
| | | | | | | There is no reason for the stack to be executable. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Change the default device from /dev/hw_random to /dev/hwrngH. Peter Anvin2012-07-311-2/+2
| | | | | | | | | | Change the default device name for the hardware random number device from /dev/hw_random to /dev/hwrng, which is the filename documented in devices.txt and appears to be the device name created by udev and devtmpfs. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd_linux: Modify write_wakeup_threshold to the fill thresholdH. Peter Anvin2012-07-313-1/+45
| | | | | | | | | | | The kernel.random.write_wakeup_threshold sysctl needs to be set to the point where we want poll() on the random device to wake up. This replaces the level check in ioctl() used during polling. Set it by default to 3/4 to the value of kernel.random.poolsize. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd_linux: Fix () used in prototypeH. Peter Anvin2012-07-312-2/+2
| | | | | | | () is an acceptable prototype in C++, but C requires (void). Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Add RDRAND supportBrad Hill2012-07-319-14/+390
|
* Removed timeout option, leaving poll unlimitedBrad Hill2012-07-265-31/+8
| | | | | Removed timeout variables, parameters, and argument. Poll is now called with -1 as the timeout.
* Prefer 'bool' to 'int', for boolean valuesJeff Garzik2012-07-172-16/+16
|
* Create PID file at startup, in daemon modeJeff Garzik2012-07-175-3/+146
| | | | Code imported from Project Hail
* Added -q and -v flags, updated help and man pageBrad Hill2012-07-174-16/+74
| | | | | | -q and --quiet flags to suppress error messages from rngd.c -v and --verbose flags to list available entropy sources help and man page reflect these changes and have minor fixes
* Fix -Wshadow warning.Jeff Garzik2010-08-171-2/+2
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Disable entropy source, if facing continued failures.Jeff Garzik2010-08-172-9/+40
| | | | | | If all entropy sources are disabled, exit. Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Release version 3.Jeff Garzik2010-07-033-2/+21
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* s/list_add/src_list_add/Jeff Garzik2010-07-033-4/+4
| | | | | | Avoid global namespace clashes. Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Add TPM RNG support.Jeff Garzik2010-07-0312-95/+266
| | | | | | | | also, trim trailing whitespace. Contributed by Dell, with bug fixes by David Howells @ Red Hat. Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Default to /dev/hw_random for RNG device name.Jeff Garzik2010-07-031-2/+2
| | | | | | | | This matches the most prevalent, current Linux usage. Imported from RHEL 6 rng-tools. Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* rngd: fix build warningJeff Garzik2009-12-241-2/+0
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Explicitly ship GPLv2 license.Jeff Garzik2009-12-243-1/+343
| | | | Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* Fix uint64_t/unsigned long long printf(3) warnings.Jeff Garzik2007-12-032-3/+6
|
* Update .gitignore.Jeff Garzik2005-10-251-0/+9
|
* Import rng-tools from private subversion repo.Jeff Garzik2005-10-2525-0/+2179