Solaris /dev/random

A Solaris kernel module to emulate /dev/random and /dev/urandom known from Linux in Solaris. Use at your own risk.

FYI: SUN now provides /dev/random too:

• Solaris 9 (SunOS 5.9):
  Included in the OS distribution (32Bit / 64Bit).
• Solaris 8 (SunOS 5.8):
  Patch 112438 (32Bit / 64Bit).
• Solaris 8_x86 (SunOS 5.8_x86):
  Patch 112439 (32Bit / 64Bit).
• Solaris 7 / 7_x86 (SunOS 5.7 / 5.7_x86):
  Install "SUNWski" package, available at the "Solaris Easy Access CDs" in the "Sun Webserver" product.
• Solaris 2.6 (SunOS 5.6):
  Install "SUNWski" package, available at the "Solaris Easy Access CDs" in the "Sun Webserver" product.

More information is available at http://sunsolve.Sun.COM/. Please search for document "27606": "Differing /dev/random support requirements within Solaris [TM] Operating Environments".

Source code history:

• Version 0.8 (current, not tested):
  17-Jan-2003: Provided by Anthony Gialluca: Various kernel statistics (kstats) are used to achieve good randomnes. No packages are available but the file should fit into package of version 0.7. Anthony also provided a user space daemon which was a predecessor to including the kstats into the random driver. If in doubt see his original email. This version may not compile on Solaris 2.5.1 or earlier versions because they do not provide the necessary kstats functionality.
• Version 0.7b:
  5-Aug-2011: Functional identical to version 0.7 but avoids warnings when compiled with WorkShop Compilers 5.0. No packages are available.
• Version 0.7a (current):
  17-Jan-2002: Functional identical to version 0.7 but compiles under Solaris 2.4 (SunOS 5.4). New package for Solaris 2.4, no changes to other packages.
• Version 0.7:
  23-Nov-2001: Fix for possible denial-of-service attack: now one call only returns 30 bytes; package fix.
• Version 0.6:
  27-Nov-2000: Fix for index overflow; better data hiding; Solaris 2.5.1 fix; more documentation; package fix.
• Version 0.4:
  14-Oct-2000: Fix for pointer size error (data repetition error); install cleanup.
• Version 0.3:
  22-May-2000: Fixes for Sun CC; 64bit safe.
• Version 0.2:
  11-May-2000: rand_chpoll (for poll/select system call) added. [Used by gpg].
• Version 0.1:
  27-Apr-2000: Initial release.

New packages as of November 23, 2001:

Attention! The packages are built from version 0.7 of the driver but I forgot to change the version string before building some of the packages. I do not have access to different Solaris versions to rebuild the packages, so I decided to keep the packages although the output of 'modinfo' shows a wrong version (v0.6).

• Package for Solaris 2.4 (SunOS 5.4) at SunSparc/SunUltra [new at 17. Jan. 2002 from Peter]
• Package for Solaris 2.5.1 (SunOS 5.5.1) at SunSparc/SunUltra [compiled with gcc 2.7.2.3]
• Package for Solaris 2.6 (SunOS 5.6) at SunSparc/SunUltra [compiled with gcc 2.8.1]
• Package for Solaris 7 (SunOS 5.7) at SunSparc/SunUltra [compiled with Sun WorkShop Compilers 5.0 by Thomas]
• Package for Solaris 8 (SunOS 5.8) at SunSparc/SunUltra [compiled with Sun WorkShop 6 update 1 (32bit and 64bit)]
• Package for Solaris 2.5.1/2.6/7/8 (SunOS 5.5.1/5.6/5.7/5.8) at Intel x86 [compiled at SunOS 5.8 with gcc 2.95.2, but should work for 5.5.1, 5.6 and 5.7]
• Source for the Solaris packages

Common problems:

• Building 64bit binary:
  I think gcc is not able to build 64bit kernel modules for Solaris 7/8. Please use a SUN Compiler to build the binary. This is no longer true. starting with version 3.1 gcc includes 64bit support for Sparc code (-m64). [I did not test this].
• Install Solaris packages:
  su - root (become root)
  umask 022 (bug in Solaris?)
  pkgadd -d ANDIrand-0.7-5.8-sparc-1.pkg (install the package)
  
• Update random package:
  Remove old package first: pkgrm ANDIrand
• US crypto extensions for SUN Solaris:
  A /dev/random is available from SUN: SUNWski.
  For more information on how to get SUNWski look at this EMail.
  I have heard that it does not work in 64bit mode (EMail).
• Randomnes of data:
  The random data pool is mixed in a sophisticated way with the high resolution kernel timer on each open, read and write call. A better source would be the timestamp of a keyboard interrupt, a disk interrupt or a network card interrupt. Unfortunately I do not know enough of the Solaris kernel internals to find the right entry points. Maybe it is possible to use the 'kstat' sturct to mix the data pool. Help is quite welcome.
  An other point is that the high resolution timer on old hardware may not have a very high resolution.
• CPU hogging:
  Versions of ANDIrand prior to 0.7 can hog the cpu on huge read requests, e.g. 'dd if=/dev/random bs=10240k count=1'. This possible denial-of-service attack is fixed in version 0.7 by not returning more than 30 bytes per system call. Thanks to all who sent me reports and patches. This problem can be solved in a different way by using yield(). A description in more detail will be included soon.

List of tested configurations (version 0.4):

• Sun Sparc IPC / 4 / 5 / 10 / 20 / Classic
• Sun Ultra 1 / 2 / 5 / 10 / 60 / 80
• Sun Enterprise 220R / 420R / 250 / 450 / 4000
• Intel Celderon / Pentium III
• nearly all above with Solaris 7 (SunOS 5.7) 32 Bit and 64 Bit
• some with Solaris 8 (SunOS 5.8) 32 Bit an 64 Bit
• a few with Solaris 2.5.1 and 2.6 (SunOS 5.5.1 and 5.6) 32 Bit

Acknowledgements:

• David Bryant (SUNWski info)
• Willi Burmeister (Sun CC port; 64bit tests; Sun/Sparc packages; Sun/x86 package)
• Jeff Clark (startup script patch)
• Robert Dubinski (SUNWski info)
• Peter Eriksson (SunOS 5.4 port and package)
• Anthony Gialluca (kstats, version 0.8)
• Jorrit Jorritsma (SUNWski info)
• Lars Hecking (tests)
• Adrian Ho (package bug fix)
• Thomas 'Mike' Michlmayr (tests)
• Andreas Pommer (gpg support)
• Sam Roberts (suggestions)
• Boi Sletterink (data repetition error)
• Rob Stampfli (bug fixes, suggestions)
• Hans Werner Strube (64bit port; Sun CC port)
• Thomas Thorberger (Sun package)
• H.-G. Weinreich (tests; Sun/x86 package)
• Nicolas Williams (CPU hogging)
• Klaus Ziegler (WorkShop Compiler fix)