debian/0000755000000000000000000000000012204615053007164 5ustar debian/gbp.conf0000644000000000000000000000004112204615004010572 0ustar [DEFAULT] debian-branch = master debian/haveged.docs0000644000000000000000000000000712204615004011432 0ustar README debian/rules0000755000000000000000000000051112204615004010235 0ustar #!/usr/bin/make -f %: dh $@ --with=autoreconf --with=systemd override_dh_auto_configure: case $$(dpkg --print-architecture) in \ mips*) \ dh_auto_configure -- --enable-nistest=no; \ ;; \ *) \ dh_auto_configure -- --enable-nistest=yes; \ ;; \ esac override_dh_strip: dh_strip --dbg-package=libhavege1-dbg debian/haveged.default0000644000000000000000000000020212204615004012123 0ustar # Configuration file for haveged # Options to pass to haveged: # -w sets low entropy watermark (in bits) DAEMON_ARGS="-w 1024" debian/control0000644000000000000000000000526412204615004010572 0ustar Source: haveged Section: misc Priority: extra Maintainer: Jérémy Bobbio Build-Depends: debhelper (>= 9), dh-autoreconf, dh-systemd Standards-Version: 3.9.4 Homepage: http://www.issihosts.com/haveged/ Vcs-Git: git://git.debian.org/git/collab-maint/haveged.git Vcs-Browser: http://git.debian.org/?p=collab-maint/haveged.git Package: haveged Architecture: linux-any Depends: lsb-base (>= 3.2-14), ${shlibs:Depends}, ${misc:Depends} Description: Linux entropy source using the HAVEGE algorithm haveged is a userspace entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction (e.g. headless servers). . haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion) to maintain a 1M pool of random bytes used to fill /dev/random whenever the supply of random bits in dev/random falls below the low water mark of the device. . More information about HAVEGE is available at http://www.irisa.fr/caps/projects/hipsor/ Package: libhavege1 Section: libs Architecture: linux-any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: entropy source using the HAVEGE algorithm - shared library libhavege is a library that implements the HAVEGE (HArdware Volatile Entropy Gathering and Expansion). It provides a random number generator and it's associated tuning and testing factilities. . More information about HAVEGE is available at http://www.irisa.fr/caps/projects/hipsor/ . This package contains the shared library. Package: libhavege1-dbg Section: debug Architecture: linux-any Multi-Arch: same Depends: libhavege1 (= ${binary:Version}), ${misc:Depends} Description: entropy source using the HAVEGE algorithm - debug symbols libhavege is a library that implements the HAVEGE (HArdware Volatile Entropy Gathering and Expansion). It provides a random number generator and it's associated tuning and testing factilities. . More information about HAVEGE is available at http://www.irisa.fr/caps/projects/hipsor/ . This package contains the debug symbols. Package: libhavege-dev Section: libdevel Architecture: linux-any Depends: libhavege1 (= ${binary:Version}), ${misc:Depends} Description: entropy source using the HAVEGE algorithm - development files libhavege is a library that implements the HAVEGE (HArdware Volatile Entropy Gathering and Expansion). It provides a random number generator and it's associated tuning and testing factilities. . More information about HAVEGE is available at http://www.irisa.fr/caps/projects/hipsor/ . This package contains the development files. debian/haveged.install0000644000000000000000000000005612204615004012154 0ustar usr/sbin/haveged usr/share/man/man8/haveged.8 debian/libhavege-dev.install0000644000000000000000000000015112204615004013247 0ustar usr/share/man/man3/libhavege.3 usr/include/haveged/havege.h usr/lib/*/libhavege.a usr/lib/*/libhavege.so debian/haveged.init.d0000644000000000000000000000447312204615004011702 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: haveged # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: $syslog # Should-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Entropy daemon using the HAVEGE algorithm # Description: haveged uses HAVEGE (HArdware Volatile Entropy Gathering # and Expansion) to maintain a pool of random bytes used # to fill /dev/random whenever necessary. ### END INIT INFO # Do NOT "set -e" PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="entropy daemon" NAME=haveged DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. . /lib/lsb/init-functions do_start() { start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 } do_stop() { start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 rm -f $PIDFILE return "$RETVAL" } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : debian/libhavege1.symbols0000644000000000000000000000050512204615004012601 0ustar libhavege.so.1 libhavege1 #MINVER# havege_create@Base 1.7 havege_destroy@Base 1.7 havege_ndcreate@Base 1.7 havege_nddestroy@Base 1.7 havege_ndread@Base 1.7 havege_ndsetup@Base 1.7 havege_rng@Base 1.7 havege_run@Base 1.7 havege_status@Base 1.7 havege_status_dump@Base 1.7 havege_test@Base 1.7 havege_tune@Base 1.7 debian/compat0000644000000000000000000000000212204615004010356 0ustar 9 debian/README.Debian0000644000000000000000000000617212204615004011227 0ustar Debian specific notes regarding haveged ======================================= Concerns regarding the RDTSC instructions in virtualized environments --------------------------------------------------------------------- PolarSSL issued a security advisory on 2011-12-05 regarding their implementation of the HAVEGE random generator and virtualized environment: When asked if the issue also applied to haveged, Gary Wuertz — haveged author — replied: First, there are significant differences between the polarssl and haveged implementations of HAVEGE. In general, haveged works much harder to provoke timing variations in the host (larger collection buffer, tuning collection code and walk table to the host L1 caches). See comparison below. I think items d) and e) in the comparison are items where polarssl is particularly weak. Second, since V1.5 haveged includes run time testing of haveged output. This is the only definitive way to deal with a poor timing source (virtual or otherwise). The test procedures are adapted from the German CC body, see: http://www.issihosts.com/haveged/ais31.html By default, AIS procedures A and B are run at start up and AIS procedure B is run continuously by the daemon. Procedure A is intended to detect statistical anomalies - it includes running the FIPS140-1 tests 257 times on successive 20,000 bit samples and an auto-correlation test. Procedure B runs a series of bit distribution tests of a more theoretical nature, terminating with an entropy estimate on a 256000+2560 bit sample using Coron's estimator. Dispensing with procedure A during continuous tests is a performance enhancement. haveged output gets mixed with other sources in /dev/random and as long as haveged does not lie about the entropy it is feeding into the pool, all should be fine. AIS31 defines a retry strategy that a ideal generator should never fail, so any haveged testing failure terminates output. Note that the test procedures are not synchronized with collection but all haveged output is guaranteed to come from a buffer not containing any failed individual test. Comparison of the polarssl and haveged implementations of HAVEGE a) Both use approximately the same collection code: * PolarSSL: havege.c inline macro * haveged: oniteration.h b) Adaptation of collection code to host: * PolarSSL: static - collection buffer: 1024*sizeof(int), - walk table: 8192 * sizeof(int), - fill loop: 4 iterations * haveged: dynamic (built in tuning or invocation parameters) - collection buffer: 512*1024*sizeof(int32) (default, adjustable), - walk table: (4K *sizeof(int32)) + (2 * size of L1 data cache) , - fill loop: number of iterations in that fit in a minimum of L1 instruction cache or 64K (approximately) c) Timer source * PolarSSL: hardware cycle counter, gettimeofday() fallback * haveged: hardware cycle counter, clock_gettime() fallback d) Collector warmup * PolarSSL: 1 fill * haveged: 32 fills plus self test e) Run time testing * PolarSSL: none * haveged: Continuous and start-up AIS-31 tests (configurable) debian/haveged.service0000644000000000000000000000035412204615004012147 0ustar [Unit] Description=Entropy daemon using the HAVEGE algorithm Documentation=man:haveged(8) http://www.issihosts.com/haveged/ [Service] ExecStart=/usr/sbin/haveged --Foreground --verbose=1 --write=1024 [Install] WantedBy=default.target debian/copyright0000644000000000000000000000607712204615004011125 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: haveged Source: http://www.issihosts.com/haveged/ Files: * Copyright: 2009-2013 Gary Wuertz License: GPL-3+ Files: debian/* Copyright: 2009-2012 Steve Kostecke 2011-2013 Jérémy Bobbio License: GPL-3+ Files: src/havege.c src/havege.h src/havegecollect.c src/havegecollect.h src/haveged.c src/havegetest.h src/havegetune.c Copyright: 2009-2013 Gary Wuertz 2011-2012 BenEleventh Consulting manolson@beneleventh.com License: GPL-3+ Files: src/havegetest.c Copyright: 2013 Gary Wuertz 2012 BenEleventh Consulting manolson@beneleventh.com License: GPL-3+ Files: src/cpuid-43.h Copyright: 2007, 2008, 2009, 2010 Free Software Foundation, Inc. License: GPL-3+ Files: contrib/diags/data_prep.c Copyright: 2009-2011 Gary Wuertz 2011 BenEleventh Consulting License: GPL-3+ Files: init.d/sysv.lsb init.d/sysv.redhat Copyright: 2011-2012 Gary Wuertz 2011-2012 Jirka Hladky License: GPL-3+ Files: nist/dfft.c Copyright: Public Domain License: public-domain As the original fortran libraries are public domain, the C Fourier routines in this file are hereby released to the public domain as well. Files: nist/mconf.h Copyright: 1984, 1987, 1989, 1995 Stephen L. Moshier License: other Some software in this archive may be from the book _Methods and Programs for Mathematical Functions_ (Prentice-Hall or Simon & Schuster International, 1989) or from the Cephes Mathematical Library, a commercial product. In either event, it is copyrighted by the author. What you see here may be used freely but it comes with no support or guarantee. Files: nist/packtest.c Copyright: 1999 National Institute Of Standards & Technology License: other Permission to use, copy, and modify this software without fee is hereby granted, provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software. License: GPL-3+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-3'. debian/changelog0000644000000000000000000001210112204615004011025 0ustar haveged (1.7c-1) unstable; urgency=low * Imported Upstream version 1.7c: - Remove obsolete patch for MIPS alignment issues. * Ship a systemd service file using dh-systemd -- Jérémy Bobbio Tue, 20 Aug 2013 09:09:43 +0200 haveged (1.7b-2) unstable; urgency=low * Add a patch to fix alignment issues on MIPS. -- Jérémy Bobbio Fri, 07 Jun 2013 23:19:42 +0200 haveged (1.7b-1) unstable; urgency=low * New upstream version. * Refer to the file with the actual GPL version in debian/copyright. -- Jérémy Bobbio Fri, 07 Jun 2013 12:00:31 +0200 haveged (1.7a-1) unstable; urgency=low * New upstream version. * Include improved debian/watch from Bart Martens. * Bump Standards-Version to 3.9.4, no changes required. -- Jérémy Bobbio Tue, 07 May 2013 08:50:31 +0000 haveged (1.7-1) experimental; urgency=low * New upstream version: (Closes: #689673) - Since haveged 1.5, entropy is tested at runtime. (Closes: #651980) * Refresh Debian patches. * Update debian/copyright. * Add missing license paragraph in debian/copyright. * Switch to debhelper compatibility level 9 for hardening and multi-arch. * Switch to multiple binary packages as upstream has extracted most features to a library. We now ship libhavege1, libhavege1-dbg and libhavege-dev on top of haveged itself. * Add upstream answers to concerns regarding HAVEGE in virtualized environments in README.Debian. -- Jérémy Bobbio Mon, 11 Feb 2013 14:18:59 +0100 haveged (1.4-4) unstable; urgency=low * Disable NIST test suite on mips and mipsel as it takes way too long on these architectures. At least long enough to prevent the package build to complete properly. -- Jérémy Bobbio Fri, 13 Apr 2012 15:58:39 +0200 haveged (1.4-3) unstable; urgency=low * Add patch by Sven Hartge to overcome mips build failures: let's make the CUSUM and RANDOM EXCURSION tests be a little more verbose about their progress. That should help us stay under the 5 allowed minutes of inactivity. -- Jérémy Bobbio Tue, 10 Apr 2012 21:48:13 +0200 haveged (1.4-2) unstable; urgency=low * Restore patch to remove broken support for CPUID on ia64. * Update Format line in debian/copyright. * Bump Standards-Version to 3.9.3, no changes required. -- Jérémy Bobbio Fri, 06 Apr 2012 17:44:55 +0200 haveged (1.4-1) unstable; urgency=low * New upstream version. (Closes: #660198) * Drop obsolete Debian patches. * Refresh debian/copyright. -- Jérémy Bobbio Fri, 17 Feb 2012 13:20:51 +0100 haveged (1.3a-1) unstable; urgency=low * New upstream version. (Closes: #657683) -- Jérémy Bobbio Mon, 30 Jan 2012 12:52:28 +0100 haveged (1.1-2) unstable; urgency=low * Simplify extended description. * Remove buggy support for CPUID on ia64. -- Jérémy Bobbio Sun, 24 Apr 2011 21:38:20 +0200 haveged (1.1-1) unstable; urgency=low [ Sven Hartge ] * New upstream release. (Closes: #563938, #594379) * Build with default gcc. (Closes: #594284) * Correct LSB header, use $remote_fs instead of $local_fs twice. (Closes: #587535) [ Jérémy Bobbio ] * Take over maintenance. * Update debian/copyright. * Use debhelper 7 properly in debian/rules. * Remove useless debian/dirs and empty maintainer scripts. * Don't ship an empty NEWS file. * Remove the article from the start of the short description. * Bump Standards-Version, no changes required. * Rework initscript and default files. * Fix "haveged" casing in extended description. * Switch package source format to 3.0 (quilt). * Implement a generic time retrieval function. (Closes: #576375) * Also test haveged using NIST tests. * Fix Architecture field in debian/control (haveged is Linux only). * Add Vcs-* fields to debian/control. * Add debian/README.source. -- Jérémy Bobbio Fri, 15 Apr 2011 15:39:43 +0200 haveged (0.9-3) unstable; urgency=low * Cleaned up init.d script dependencies: missing $remote_fs (lintian warning), extraneous $named and $network * Added debian/watch file (lintian warning) * Re-enabled STARTTIME= in debian/init.d (Closes: #565755) -- Steve Kostecke Wed, 20 Jan 2010 16:14:22 -0500 haveged (0.9-2) unstable; urgency=low * Removed '--' from init script start_daemon line. It was preventing haveged from using the options passed from the default file. * Set '-w 1024' in the defaults file to raise the low water mark and increase the average depth of the entropy pool. * Added build-dep for gcc-4.3 (Closes: #563938). Thanks to Sven Hartge for solving this. * Replaced dh_clean -k with dh_prep (lintian warning) * Updated standards to 3.8.3 -- Steve Kostecke Sun, 17 Jan 2010 21:34:39 -0500 haveged (0.9-1) unstable; urgency=low * Initial release (Closes: #559096) -- Steve Kostecke Tue, 01 Dec 2009 16:00:55 -0500 debian/source/0000755000000000000000000000000012204615004010460 5ustar debian/source/format0000644000000000000000000000001412204615004011666 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000015412204615004010211 0ustar version=3 http://www.issihosts.com/haveged/downloads.html .*haveged-(\d.*)\.(?:tgz|tbz2|tar\.(?:gz|bz2|xz)) debian/libhavege1.install0000644000000000000000000000003112204615004012551 0ustar usr/lib/*/libhavege.so.* debian/patches/0000755000000000000000000000000012204615004010607 5ustar debian/patches/0001-Remove-support-for-CPUID-on-ia64.patch0000644000000000000000000000167512204615004017767 0ustar From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= Date: Fri, 6 Apr 2012 17:47:43 +0200 Subject: Remove support for CPUID on ia64 The current implementation simply fail to build and the 'cpuid' instruction on Itanium spreads out value differently than what 'cpuid' does on i386 and amd64. So the code needs to be worked out quite differently to work. In the meantime, disabling CPUID support will make haveged use the default cache values on ia64. --- src/havegecollect.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/havegecollect.h b/src/havegecollect.h index 370af6b..7f4b34f 100644 --- a/src/havegecollect.h +++ b/src/havegecollect.h @@ -117,11 +117,7 @@ typedef struct h_collect { #ifdef HAVE_ISA_IA64 #define ARCH "ia64" -#define CPUID(op,reg) ASM("mov %0=cpuid[%1]"\ - : "=r" (value)\ - : "r" (reg)) #define HARDCLOCK(x) ASM("mov %0=ar.itc" : "=r"(x)) -#define HASCPUID(x) x=1 #endif #ifdef HAVE_ISA_SPARC debian/patches/series0000644000000000000000000000015412204615004012024 0ustar 0001-Remove-support-for-CPUID-on-ia64.patch 0002-Output-some-progress-during-CUSUM-and-RANDOM-EXCURSI.patch debian/patches/0002-Output-some-progress-during-CUSUM-and-RANDOM-EXCURSI.patch0000644000000000000000000000211612204615004023330 0ustar From: Sven Hartge Date: Tue, 10 Apr 2012 21:42:13 +0200 Subject: [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test Those tests takes enough time on mips to outbound the allowed 5 minutes of inactivity. So let's output a little more progress messages as a workaround. --- nist/packtest.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/nist/packtest.c b/nist/packtest.c index 9439607..879cd73 100644 --- a/nist/packtest.c +++ b/nist/packtest.c @@ -557,6 +557,7 @@ PackTestL (int *ARRAY, int ArraySize, char *C) for (i = 4; i < ArraySize; i = (i << 1)) { int inter; + fprintf (stderr, "\t\t ArraySize: %d\n", i); inter = MOD (ARRAY[ArraySize - i], ArraySize - i); if (failure >= 8) { @@ -600,6 +601,7 @@ PackTestL (int *ARRAY, int ArraySize, char *C) for (i = 0; i < 8; i++) { int index; + fprintf (stderr, "\t\t Slice number: %d\n", i); index = (ArraySize / 8) * i; if (ArraySize > 262144) index = index + (MOD (ARRAY[index], (ArraySize / 8) - 32768)); -- debian/README.source0000644000000000000000000000106012204615004011334 0ustar README.source for the haveged package ===================================== haveged is managed in a Git repository using git-buildpackage using pristine-tar. Quilt patches are managed using gbp-pq. Packaging practices also follow most of the advices provided by Russ Allbery at: http://www.eyrie.org/~eagle/notes/debian/git.html The branches are organized as follow: * upstream: imports of upstream tarballs * patch-queue/*: branches exported to quilt patches (handled by gbp-pq) * master: export of patch-queue/* branches and Debian specific changes