Add entropy pool and strong random number generator

Entropy pool gathers environmental noise from device drivers, user-space, etc., and returns good random numbers, suitable for cryptographic use. Based on entropy pool design from *BSDs and uses BLAKE2Xs algorithm for CSPRNG output. Patch also adds /dev/urandom support for using entropy pool RNG and new 'getrandom' system call for getting randomness without file-descriptor usage (thus avoiding file-descriptor exhaustion attacks). The 'getrandom' interface is similar as 'getentropy' and 'getrandom' available on OpenBSD and Linux respectively.
2026-06-07 09:18:00 +08:00 · 2017-03-30 07:38:37 -06:00
parent 21545ab643
commit dffb8a67e3
50 changed files with 2005 additions and 9 deletions
@@ -524,10 +524,19 @@
 /* The following is defined only if CONFIG_TASK_NAME_SIZE > 0 */

 #if CONFIG_TASK_NAME_SIZE > 0
-#  define SYS_prctl                    (SYS_nnetsocket+0)
-#  define SYS_maxsyscall               (SYS_nnetsocket+1)
+#  define SYS_prctl                    (SYS_nnetsocket+1)
 #else
-#  define SYS_maxsyscall               SYS_nnetsocket
+#  define SYS_prctl                    SYS_nnetsocket
+#endif
+
+/* The following is defined only if entropy pool random number generator
+ * is enabled. */
+
+#ifdef CONFIG_CRYPTO_RANDOM_POOL
+#  define SYS_getrandom                (SYS_prctl+1)
+#  define SYS_maxsyscall               (SYS_prctl+2)
+#else
+#  define SYS_maxsyscall               SYS_prctl
 #endif

 /* Note that the reported number of system calls does *NOT* include the