From owner-freebsd-hackers@FreeBSD.ORG Fri May 30 18:25:36 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0724A526 for ; Fri, 30 May 2014 18:25:36 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9CEA422E9 for ; Fri, 30 May 2014 18:25:35 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id s4UIPMIq096399; Fri, 30 May 2014 21:25:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua s4UIPMIq096399 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.8/Submit) id s4UIPMaM096398; Fri, 30 May 2014 21:25:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 30 May 2014 21:25:22 +0300 From: Konstantin Belousov To: d@delphij.net Subject: Re: switch arc4random to chacha Message-ID: <20140530182522.GO3991@kib.kiev.ua> References: <20140530154103.GL3991@kib.kiev.ua> <5388C4C1.8030501@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="A6Z7MKnLVMfR85kG" Content-Disposition: inline In-Reply-To: <5388C4C1.8030501@delphij.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home Cc: Ted Unangst , freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2014 18:25:36 -0000 --A6Z7MKnLVMfR85kG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 30, 2014 at 10:49:53AM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 05/30/14 08:41, Konstantin Belousov wrote: > > On Thu, May 29, 2014 at 09:04:11PM -0400, Ted Unangst wrote: > >> This syncs libc arc4random.c with OpenBSD, mostly to change the=20 > >> implementation to ChaCha20. > >>=20 > >> I removed the more complicated seed fetching code and changed it=20 > >> to just sysctl(). A quick check revealed that the FreeBSD kernel=20 > >> supports this for at least five years now. It's much simpler to=20 > >> use code that always works instead of a series of untested=20 > >> fallbacks that are even less likely to work. > >>=20 > >> Also removes the addrandom interface as a useless complication.=20 > >> If the kernel is incapable of properly seeding arc4random,=20 > >> application code can't do any better. > >>=20 > >> Unfortunately, I don't have any FreeBSD systems running at the=20 > >> moment, so I can't make any promises that this will even > >> compile, but it passed the eyeball test. > >=20 > > Am I right that the patch removes arc4random_stir and=20 > > arc4random_addrandom symbols ? If yes, this is done incorrect, > > and it in fact is disallowed, since it breaks ABI. > >=20 > > The compat shims must be provided, possibly issuing a warning, and=20 > > default version for the symbols must be removed to prevent linking=20 > > new consumers. >=20 > Actually I have a WIP patchset for this at: >=20 > https://github.com/delphij/freebsd/compare/featurefork;chacha20 >=20 > It provided compatibility shims for arc4random_stir and > arc4random_addrandom that logs the event for each process once. What you do WRT ABI is almost fine. You should remove the symbols from the gen/Symbol.map for the change to be complete. Did you verified readelf output on the patched libc to ensure that there is no default versions for the compat symbols ? >=20 > Another difference (which I haven't seek for review and would like to > see criticizes) from OpenBSD is that my version have added threading > support. What it does is that the system will create a maximum of CPU > number's random states and use the states in a LIFO manner, new state > is created on demand when a contention happens and the CPU number > limit haven't been reached. >=20 > (I made a further tweak which basically do #define arc4random_stir() > and #define arc4random_addrandom(a,b) in stdlib.h. This allows > existing applications that insists arc4random_stir() on FreeBSD to > compile -- is there a way to give a compile time warning?) There is a GNU linker feature which issues a warning when symbol is referenced, see sys/cdefs.h:__warn_referenced(). >=20 > One thing I haven't done yet is to make the kernel portion of > arc4random() (i.e. kern.arand) to use Chacha20. >=20 > Cheers, > - --=20 > Xin LI https://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) >=20 > iQIcBAEBCgAGBQJTiMTBAAoJEJW2GBstM+nscjQP/RqFc3Hc5hm0mB9wd02OpO8N > WLm8tAlPS4hOMy3poEciT5WDE3++vx+EqKXGBpuseKE7QK7xyJiZbJZJWo6lFg9S > Lum+PM3CLuaLbzOQ4fyPZitpepyHRg6pHYNzlUQtcxyr+VCkTwS2J/gHXJVgAkVO > XtNkzVzG/UKczuOMfWr/4sVo1Dee16nNfhJWBRGCml0dnJ43lVVtH7w0pQ/7/oLJ > GFtrEKzoNqjyWmfL0Nn99xeyFwGZemdajm4q06rfVmWfY/uCL0Rl3kO8AHk+8tKk > 8kVLGGh5uKvc6oBhrXn/Uo38JO5I3lyjfnIyFngIrepQN9zTRxkpC2vkQRZxOEJd > AlVUnJaf8fdyTmIYZZ66IOkODwHFqStqbhtPLobVU7JVGoGTG2E13TBOEy78HuEJ > JUckFrZXGoSv7GHEqBJFVPqwHQqQUxjeJEGVD6k70hRhBH9+GTpeDDbo+x9ZnUtB > N7FFGnhGFeE3vY6TkvvuWkAy1S5NHiXzHp5PgelIVhbnHBxVoWwoSxGvBhnpUnoQ > VUKoRjlWaVm8MLhPPHrjScUBog9KTWLppv5wVPaLtPBKx9KKMPPg6mWi12Y3fA97 > JBdKEYNcMAyFzvcYdcHr5OkLwZ9dxroNZqTB82Nny8nD5B31Hl01ihzzT8y/zVna > Poy8DORRdGIIWekXjFtb > =3Dwsr6 > -----END PGP SIGNATURE----- --A6Z7MKnLVMfR85kG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTiM0SAAoJEJDCuSvBvK1B4ukP/j74VFB1HdVqmdJ99oP2HxcG /lqmVs0bVaOI3Z59jYOFHA2gR/R4c5MNQWQ/J9GPgYvkwp1TBxp2+vxXbWLp4eOw 7+akAPGk4tSdZ9ye3NifXcQfCYmUOWzvowaXGUj5oagyEVgvwGv//O94Qf0S6kaZ bcSHakvHW4Vg0H72LXHJu0/n/t1fgmRC1SCH76uexRugwXBt50Yqh9hXpiMHZF1Z nVVgUQeyVftIEh951JV+xrC5og58kefpppmVntOQxckXQWqB5UDoZs39XCMo+lZO USn1oJgbLLS+B0q6eHY8Qzl3akKs08DWYJGUd6Lsb8DWEXBAUFGWDO87RpIpYD2k uioP7USqd8A9M4a43jiVUPRhzfLMHeWhjM0+OZmdNgzab7TSTSfocY1WpYwWZq3s M7dqzsbgkdOgfBeOlagMKoXUmIaJkiV0PqKnMoxXHL8IrRsPqrf9MLUPAy3cImMD baS9YeWsrRE5U9lA+w0rLNA1v69bseryycSSg7/VMy+GV1Nydx21cWIB/Pg4a1R5 Qtw7BM2GQZdFLZs/8IN2/V/wfRNtj6prmMAGrWV+P7jYVKWuL648ijD8pVWoSqR2 V7VlpfOicXFl3d38vdSF88VySTbLCxB/U1aaCBnUlN4qUg50CA9S9bzOaId950VV n5U+WGhWsD1B/X8lIDNG =/bwH -----END PGP SIGNATURE----- --A6Z7MKnLVMfR85kG--