From owner-freebsd-hackers@FreeBSD.ORG Fri May 30 17:49:56 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0854644D for ; Fri, 30 May 2014 17:49:56 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D038C2F4A for ; Fri, 30 May 2014 17:49:55 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 5479421802; Fri, 30 May 2014 10:49:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1401472194; bh=TD719bIls2dxRpoIc9dnoBNwyLtULE8iIKTT8Ee97Xo=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=eQjRjtMdGMv/b2i4ZsXCkvPeKCbN4L7sApNwdjuhe6nkxLBtecthXI0pZCH9Xpw7/ suck5TrHmwFfPWaY2TzJ9f+yy4Sc9DdznB0knvqWhE3lWBOYbkAaZrb5CozEiOiJfY Q6kOEyD/9+Haty+W+oiCAtzVyhAfp1BiMK3oTL8w= Message-ID: <5388C4C1.8030501@delphij.net> Date: Fri, 30 May 2014 10:49:53 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Konstantin Belousov , Ted Unangst Subject: Re: switch arc4random to chacha References: <20140530154103.GL3991@kib.kiev.ua> In-Reply-To: <20140530154103.GL3991@kib.kiev.ua> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2014 17:49:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/30/14 08:41, Konstantin Belousov wrote: > On Thu, May 29, 2014 at 09:04:11PM -0400, Ted Unangst wrote: >> This syncs libc arc4random.c with OpenBSD, mostly to change the >> implementation to ChaCha20. >> >> I removed the more complicated seed fetching code and changed it >> to just sysctl(). A quick check revealed that the FreeBSD kernel >> supports this for at least five years now. It's much simpler to >> use code that always works instead of a series of untested >> fallbacks that are even less likely to work. >> >> Also removes the addrandom interface as a useless complication. >> If the kernel is incapable of properly seeding arc4random, >> application code can't do any better. >> >> Unfortunately, I don't have any FreeBSD systems running at the >> moment, so I can't make any promises that this will even >> compile, but it passed the eyeball test. > > Am I right that the patch removes arc4random_stir and > arc4random_addrandom symbols ? If yes, this is done incorrect, > and it in fact is disallowed, since it breaks ABI. > > The compat shims must be provided, possibly issuing a warning, and > default version for the symbols must be removed to prevent linking > new consumers. Actually I have a WIP patchset for this at: https://github.com/delphij/freebsd/compare/featurefork;chacha20 It provided compatibility shims for arc4random_stir and arc4random_addrandom that logs the event for each process once. Another difference (which I haven't seek for review and would like to see criticizes) from OpenBSD is that my version have added threading support. What it does is that the system will create a maximum of CPU number's random states and use the states in a LIFO manner, new state is created on demand when a contention happens and the CPU number limit haven't been reached. (I made a further tweak which basically do #define arc4random_stir() and #define arc4random_addrandom(a,b) in stdlib.h. This allows existing applications that insists arc4random_stir() on FreeBSD to compile -- is there a way to give a compile time warning?) One thing I haven't done yet is to make the kernel portion of arc4random() (i.e. kern.arand) to use Chacha20. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTiMTBAAoJEJW2GBstM+nscjQP/RqFc3Hc5hm0mB9wd02OpO8N WLm8tAlPS4hOMy3poEciT5WDE3++vx+EqKXGBpuseKE7QK7xyJiZbJZJWo6lFg9S Lum+PM3CLuaLbzOQ4fyPZitpepyHRg6pHYNzlUQtcxyr+VCkTwS2J/gHXJVgAkVO XtNkzVzG/UKczuOMfWr/4sVo1Dee16nNfhJWBRGCml0dnJ43lVVtH7w0pQ/7/oLJ GFtrEKzoNqjyWmfL0Nn99xeyFwGZemdajm4q06rfVmWfY/uCL0Rl3kO8AHk+8tKk 8kVLGGh5uKvc6oBhrXn/Uo38JO5I3lyjfnIyFngIrepQN9zTRxkpC2vkQRZxOEJd AlVUnJaf8fdyTmIYZZ66IOkODwHFqStqbhtPLobVU7JVGoGTG2E13TBOEy78HuEJ JUckFrZXGoSv7GHEqBJFVPqwHQqQUxjeJEGVD6k70hRhBH9+GTpeDDbo+x9ZnUtB N7FFGnhGFeE3vY6TkvvuWkAy1S5NHiXzHp5PgelIVhbnHBxVoWwoSxGvBhnpUnoQ VUKoRjlWaVm8MLhPPHrjScUBog9KTWLppv5wVPaLtPBKx9KKMPPg6mWi12Y3fA97 JBdKEYNcMAyFzvcYdcHr5OkLwZ9dxroNZqTB82Nny8nD5B31Hl01ihzzT8y/zVna Poy8DORRdGIIWekXjFtb =wsr6 -----END PGP SIGNATURE-----