From owner-svn-src-head@freebsd.org Fri Dec 20 21:11:00 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF5C31E3573; Fri, 20 Dec 2019 21:11:00 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fhHS65r5z4Ppf; Fri, 20 Dec 2019 21:11:00 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CCB464CA9; Fri, 20 Dec 2019 21:11:00 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKLB0u2086925; Fri, 20 Dec 2019 21:11:00 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xBKLB0JA086924; Fri, 20 Dec 2019 21:11:00 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201912202111.xBKLB0JA086924@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Fri, 20 Dec 2019 21:11:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r355949 - head/sys/dev/random X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: head/sys/dev/random X-SVN-Commit-Revision: 355949 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 21:11:01 -0000 Author: cem Date: Fri Dec 20 21:11:00 2019 New Revision: 355949 URL: https://svnweb.freebsd.org/changeset/base/355949 Log: random(4): Flip default Fortuna generator over to Chacha20 The implementation was landed in r344913 and has had some bake time (at least on my personal systems). There is some discussion of the motivation for defaulting to this cipher as a PRF in the commit log for r344913. As documented in that commit, administrators can retain the prior (AES-ICM) mode of operation by setting the 'kern.random.use_chacha20_cipher' tunable to 0 in loader.conf(5). Approved by: csprng(delphij, markm) Differential Revision: https://reviews.freebsd.org/D22878 Modified: head/sys/dev/random/hash.c Modified: head/sys/dev/random/hash.c ============================================================================== --- head/sys/dev/random/hash.c Fri Dec 20 20:58:13 2019 (r355948) +++ head/sys/dev/random/hash.c Fri Dec 20 21:11:00 2019 (r355949) @@ -68,18 +68,18 @@ CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE); _Static_assert(CHACHA_STATELEN == RANDOM_BLOCKSIZE, ""); /* - * Experimental Chacha20-based PRF for Fortuna keystream primitive. For now, - * disabled by default. But we may enable it in the future. + * Knob to control use of Chacha20-based PRF for Fortuna keystream primitive. * * Benefits include somewhat faster keystream generation compared with - * unaccelerated AES-ICM. + * unaccelerated AES-ICM; reseeding is much cheaper than computing AES key + * schedules. */ -bool random_chachamode __read_frequently = false; +bool random_chachamode __read_frequently = true; #ifdef _KERNEL SYSCTL_BOOL(_kern_random, OID_AUTO, use_chacha20_cipher, CTLFLAG_RDTUN, &random_chachamode, 0, - "If non-zero, use the ChaCha20 cipher for randomdev PRF. " - "If zero, use AES-ICM cipher for randomdev PRF (default)."); + "If non-zero, use the ChaCha20 cipher for randomdev PRF (default). " + "If zero, use AES-ICM cipher for randomdev PRF (12.x default)."); #endif /* Initialise the hash */