From owner-freebsd-hackers@FreeBSD.ORG Fri May 30 15:41:14 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 31018727 for ; Fri, 30 May 2014 15:41:14 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 98505228F for ; Fri, 30 May 2014 15:41:13 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id s4UFf3u4049117; Fri, 30 May 2014 18:41:03 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua s4UFf3u4049117 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.8/Submit) id s4UFf30m049116; Fri, 30 May 2014 18:41:03 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 30 May 2014 18:41:03 +0300 From: Konstantin Belousov To: Ted Unangst Subject: Re: switch arc4random to chacha Message-ID: <20140530154103.GL3991@kib.kiev.ua> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hdhkc9EpVJoq6PQ6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home Cc: freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2014 15:41:14 -0000 --hdhkc9EpVJoq6PQ6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 29, 2014 at 09:04:11PM -0400, Ted Unangst wrote: > This syncs libc arc4random.c with OpenBSD, mostly to change the > implementation to ChaCha20. >=20 > I removed the more complicated seed fetching code and changed it to > just sysctl(). A quick check revealed that the FreeBSD kernel supports > this for at least five years now. It's much simpler to use code that > always works instead of a series of untested fallbacks that are even > less likely to work. >=20 > Also removes the addrandom interface as a useless complication. If the > kernel is incapable of properly seeding arc4random, application code > can't do any better. >=20 > Unfortunately, I don't have any FreeBSD systems running at the moment, > so I can't make any promises that this will even compile, but it > passed the eyeball test. Am I right that the patch removes arc4random_stir and arc4random_addrandom symbols ? If yes, this is done incorrect, and it in fact is disallowed, since it breaks ABI. The compat shims must be provided, possibly issuing a warning, and default version for the symbols must be removed to prevent linking new consumers. --hdhkc9EpVJoq6PQ6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTiKaPAAoJEJDCuSvBvK1BhHoP/2jpaIfQRiSteBMwymrXgo8r viD7Rx/uWKhR3KjD9as5De79guExpgxf5jgkEuRYOdMIjUdvGanYPe19e/kKCfKl BP9pMUcXumjoOrt/7rcMZEPuHyoU6WnrrEAVxbmkEN2YSDiWNovw29HaYDVZjqdo TRAoTiPkauq78zhDQtHOrxfc3ixbCoqzPvQuP9D76fRM/bmCM0x9fU9cwffQU8tC YgRKWYkgOxz1fQ1Wg2sDCNxKIGj/5d8uIRuw7gaWeiTjA2MMi17VtajylFmrvfx4 HAtj5B/nFa3zL4DT1tc6SmFvxIpmnxTIySaTCp1SDjFK9Mpu2EiWlTMdbAPO/EmK CpyYT+jTHl2l7bMKwDSrEZEVbnI0qt3WgUCsiSO1pCyVwNuDey+sqED2t2DU5f/Q yBy/tkLL/tYROXMN7Zv801QrQz7cbUJCSeLZ7V+KWu7Q8Wv4d3CGALmSvyh/VV4W vuDgoZ6KZ/Kpe80scMR+3+Usm0gRv7AgTJkLJqo5ZjSrzFNLLn5Vo4+G16002xzI slt3RwibmMalY8oIWpUL5GsNW8PaVP1Uaa+XUsXSM0zRxJOFm4PSI/xBsLRRcf/D wCwWnIbwRgB4ntY5lmooLSru6/yk5fU9dTZygww0KfumtFqfMG2f93aPfgk5WLER Id58NHYSSq9/3ZgJoMcy =14XU -----END PGP SIGNATURE----- --hdhkc9EpVJoq6PQ6--