Date: Fri, 30 May 2014 10:49:53 -0700 From: Xin Li <delphij@delphij.net> To: Konstantin Belousov <kostikbel@gmail.com>, Ted Unangst <tedu@tedunangst.com> Cc: freebsd-hackers@freebsd.org Subject: Re: switch arc4random to chacha Message-ID: <5388C4C1.8030501@delphij.net> In-Reply-To: <20140530154103.GL3991@kib.kiev.ua> References: <f0b9ae8e7b2a40a9ab253438261c2c75@tedunangst.com> <20140530154103.GL3991@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/30/14 08:41, Konstantin Belousov wrote: > On Thu, May 29, 2014 at 09:04:11PM -0400, Ted Unangst wrote: >> This syncs libc arc4random.c with OpenBSD, mostly to change the >> implementation to ChaCha20. >> >> I removed the more complicated seed fetching code and changed it >> to just sysctl(). A quick check revealed that the FreeBSD kernel >> supports this for at least five years now. It's much simpler to >> use code that always works instead of a series of untested >> fallbacks that are even less likely to work. >> >> Also removes the addrandom interface as a useless complication. >> If the kernel is incapable of properly seeding arc4random, >> application code can't do any better. >> >> Unfortunately, I don't have any FreeBSD systems running at the >> moment, so I can't make any promises that this will even >> compile, but it passed the eyeball test. > > Am I right that the patch removes arc4random_stir and > arc4random_addrandom symbols ? If yes, this is done incorrect, > and it in fact is disallowed, since it breaks ABI. > > The compat shims must be provided, possibly issuing a warning, and > default version for the symbols must be removed to prevent linking > new consumers. Actually I have a WIP patchset for this at: https://github.com/delphij/freebsd/compare/featurefork;chacha20 It provided compatibility shims for arc4random_stir and arc4random_addrandom that logs the event for each process once. Another difference (which I haven't seek for review and would like to see criticizes) from OpenBSD is that my version have added threading support. What it does is that the system will create a maximum of CPU number's random states and use the states in a LIFO manner, new state is created on demand when a contention happens and the CPU number limit haven't been reached. (I made a further tweak which basically do #define arc4random_stir() and #define arc4random_addrandom(a,b) in stdlib.h. This allows existing applications that insists arc4random_stir() on FreeBSD to compile -- is there a way to give a compile time warning?) One thing I haven't done yet is to make the kernel portion of arc4random() (i.e. kern.arand) to use Chacha20. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTiMTBAAoJEJW2GBstM+nscjQP/RqFc3Hc5hm0mB9wd02OpO8N WLm8tAlPS4hOMy3poEciT5WDE3++vx+EqKXGBpuseKE7QK7xyJiZbJZJWo6lFg9S Lum+PM3CLuaLbzOQ4fyPZitpepyHRg6pHYNzlUQtcxyr+VCkTwS2J/gHXJVgAkVO XtNkzVzG/UKczuOMfWr/4sVo1Dee16nNfhJWBRGCml0dnJ43lVVtH7w0pQ/7/oLJ GFtrEKzoNqjyWmfL0Nn99xeyFwGZemdajm4q06rfVmWfY/uCL0Rl3kO8AHk+8tKk 8kVLGGh5uKvc6oBhrXn/Uo38JO5I3lyjfnIyFngIrepQN9zTRxkpC2vkQRZxOEJd AlVUnJaf8fdyTmIYZZ66IOkODwHFqStqbhtPLobVU7JVGoGTG2E13TBOEy78HuEJ JUckFrZXGoSv7GHEqBJFVPqwHQqQUxjeJEGVD6k70hRhBH9+GTpeDDbo+x9ZnUtB N7FFGnhGFeE3vY6TkvvuWkAy1S5NHiXzHp5PgelIVhbnHBxVoWwoSxGvBhnpUnoQ VUKoRjlWaVm8MLhPPHrjScUBog9KTWLppv5wVPaLtPBKx9KKMPPg6mWi12Y3fA97 JBdKEYNcMAyFzvcYdcHr5OkLwZ9dxroNZqTB82Nny8nD5B31Hl01ihzzT8y/zVna Poy8DORRdGIIWekXjFtb =wsr6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5388C4C1.8030501>