From nobody Thu Feb 17 05:06:02 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 043F419D1C4D; Thu, 17 Feb 2022 05:06:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JzjTQ6fxzz574G; Thu, 17 Feb 2022 05:06:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645074363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IyAt6MpuKVrJcp+iLYmN7pLqfIAmCG7shUPpjg1UHi8=; b=HlOjYn/zWFnIU84DT783uxfKOdp0TGUw0S2Ev5xhRDElbTCPQDEPDledXOJd81g3AtDfx1 jXm8eMzs2zFlQfHpPkGTANinNYTBxOf+PffwkR6vDyRUBrgok/pldpHknwZfjRYftf9H/C GZ+Ipz6irpqFWf88FqsQRrn5OUudt5f9ff/hKM58TXQ2LamRET55gKfmkR4/CbNZ8AQ/Ue IooIMMRjQf0GuKE59JPwnxv9sceEca88O95XBjOEaKNKCI8qTAQHbWXFGNUJco4ItktyXm w+mtzpYwayq8KLUXsKqvoqBd5oquIYJhZdYqY6rgU+gZ0TGy+m9eburCZ9H2Rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 980A523C73; Thu, 17 Feb 2022 05:06:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21H562LU050746; Thu, 17 Feb 2022 05:06:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21H5622L050745; Thu, 17 Feb 2022 05:06:02 GMT (envelope-from git) Date: Thu, 17 Feb 2022 05:06:02 GMT Message-Id: <202202170506.21H5622L050745@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "David E. O'Brien" Subject: git: e24be8a6b6d6 - stable/12 - random(4): update Fortuna generator Chacha20 documentation. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: obrien X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: e24be8a6b6d6db00c474b11f2353f237689090f7 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645074363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IyAt6MpuKVrJcp+iLYmN7pLqfIAmCG7shUPpjg1UHi8=; b=lqQFYt5mA/f9i5T2zlCYwHDE9uH5RyLbjwsbYuLygOePuLaDrAOOIj3MF59DwUTrVjBBE2 51kLMsVtmDWTzuosqC1VsrSHVTBFoL73K/BdaviW+9CMKZ53hr+GUu0V+L/Uw/EOS6D/8Z CoklndpmyWh7oVajUqQEuWT9i20e/+HR1PksnQnJJE81IxxtTUf/zTN64KMv5G2M5aoAZL ZdILijjiX0s67PAOoO0dOr+0YmjyxV4tuvMBrkhHVT8v9zctHVEGiPy5EdW87c3KrFnnaN i646XjP0Lin4M6+KOZCdkl0nuSySE3UzBeAZD0EzCVXA1QAqpU3k2o2hgq6aAg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645074363; a=rsa-sha256; cv=none; b=URVWO1m2ZwUmXoOcLX5zBzotdRYXLubMTiahg5YF/feEXwb4IJlFJ/16M1s+MDkESyCmff STWwemyXnZnD6kwiRUGejWLiUN9gHE/fAT3JVj8PNlTDBYkHp3o1Ay09Bd/Errj3HlJeHl 5DEYN6RRmLXbewDyNy11gzxB7JdNjNoJOrWRwWYuUNdWbWK/e9UQ5YLebMLia2oTcesKag CHr9RhYscDGBo0IhV0HVo4RlcwH0B1wEWGBpftBmTj9oBhNsQNJS9PdWdmZ9DG1lVXb3Dl W7cKJIrLyeJiA7XTPO4t3F5d71AjXUIWYhYCcc3JVNQ7IfkJQo/pycVCoSidww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by obrien: URL: https://cgit.FreeBSD.org/src/commit/?id=e24be8a6b6d6db00c474b11f2353f237689090f7 commit e24be8a6b6d6db00c474b11f2353f237689090f7 Author: Conrad Meyer AuthorDate: 2019-12-20 21:11:00 +0000 Commit: David E. O'Brien CommitDate: 2022-02-17 04:57:46 +0000 random(4): update Fortuna generator Chacha20 documentation. The implementation was landed in r344913 and has had some bake time (at least on my personal systems). There is some discussion of the motivation for defaulting to this cipher as a PRF in the commit log for r344913. Administrators retain the prior (AES-ICM) mode of operation by default. The new mode may be used by setting the 'kern.random.use_chacha20_cipher' tunable to "1" in loader.conf(5). (cherry picked from commit 68b97d40fbe826585813f05042209db5490dbe08) --- sys/dev/random/hash.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c index 99965513350d..5903394eee3c 100644 --- a/sys/dev/random/hash.c +++ b/sys/dev/random/hash.c @@ -68,18 +68,18 @@ CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE); _Static_assert(CHACHA_STATELEN == RANDOM_BLOCKSIZE, ""); /* - * Experimental Chacha20-based PRF for Fortuna keystream primitive. For now, - * disabled by default. But we may enable it in the future. + * Knob to control use of Chacha20-based PRF for Fortuna keystream primitive. * * Benefits include somewhat faster keystream generation compared with - * unaccelerated AES-ICM. + * unaccelerated AES-ICM; reseeding is much cheaper than computing AES key + * schedules. */ bool random_chachamode __read_frequently = false; #ifdef _KERNEL SYSCTL_BOOL(_kern_random, OID_AUTO, use_chacha20_cipher, CTLFLAG_RDTUN, &random_chachamode, 0, - "If non-zero, use the ChaCha20 cipher for randomdev PRF. " - "If zero, use AES-ICM cipher for randomdev PRF (default)."); + "If non-zero, use the ChaCha20 cipher for randomdev PRF (13.0+ default). " + "If zero, use AES-ICM cipher for randomdev PRF (12.x default)."); #endif /* Initialise the hash */