Date: Fri, 30 May 2014 21:25:22 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: d@delphij.net Cc: Ted Unangst <tedu@tedunangst.com>, freebsd-hackers@freebsd.org Subject: Re: switch arc4random to chacha Message-ID: <20140530182522.GO3991@kib.kiev.ua> In-Reply-To: <5388C4C1.8030501@delphij.net> References: <f0b9ae8e7b2a40a9ab253438261c2c75@tedunangst.com> <20140530154103.GL3991@kib.kiev.ua> <5388C4C1.8030501@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--A6Z7MKnLVMfR85kG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 30, 2014 at 10:49:53AM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 05/30/14 08:41, Konstantin Belousov wrote: > > On Thu, May 29, 2014 at 09:04:11PM -0400, Ted Unangst wrote: > >> This syncs libc arc4random.c with OpenBSD, mostly to change the=20 > >> implementation to ChaCha20. > >>=20 > >> I removed the more complicated seed fetching code and changed it=20 > >> to just sysctl(). A quick check revealed that the FreeBSD kernel=20 > >> supports this for at least five years now. It's much simpler to=20 > >> use code that always works instead of a series of untested=20 > >> fallbacks that are even less likely to work. > >>=20 > >> Also removes the addrandom interface as a useless complication.=20 > >> If the kernel is incapable of properly seeding arc4random,=20 > >> application code can't do any better. > >>=20 > >> Unfortunately, I don't have any FreeBSD systems running at the=20 > >> moment, so I can't make any promises that this will even > >> compile, but it passed the eyeball test. > >=20 > > Am I right that the patch removes arc4random_stir and=20 > > arc4random_addrandom symbols ? If yes, this is done incorrect, > > and it in fact is disallowed, since it breaks ABI. > >=20 > > The compat shims must be provided, possibly issuing a warning, and=20 > > default version for the symbols must be removed to prevent linking=20 > > new consumers. >=20 > Actually I have a WIP patchset for this at: >=20 > https://github.com/delphij/freebsd/compare/featurefork;chacha20 >=20 > It provided compatibility shims for arc4random_stir and > arc4random_addrandom that logs the event for each process once. What you do WRT ABI is almost fine. You should remove the symbols from the gen/Symbol.map for the change to be complete. Did you verified readelf output on the patched libc to ensure that there is no default versions for the compat symbols ? >=20 > Another difference (which I haven't seek for review and would like to > see criticizes) from OpenBSD is that my version have added threading > support. What it does is that the system will create a maximum of CPU > number's random states and use the states in a LIFO manner, new state > is created on demand when a contention happens and the CPU number > limit haven't been reached. >=20 > (I made a further tweak which basically do #define arc4random_stir() > and #define arc4random_addrandom(a,b) in stdlib.h. This allows > existing applications that insists arc4random_stir() on FreeBSD to > compile -- is there a way to give a compile time warning?) There is a GNU linker feature which issues a warning when symbol is referenced, see sys/cdefs.h:__warn_referenced(). >=20 > One thing I haven't done yet is to make the kernel portion of > arc4random() (i.e. kern.arand) to use Chacha20. >=20 > Cheers, > - --=20 > Xin LI <delphij@delphij.net> https://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) >=20 > iQIcBAEBCgAGBQJTiMTBAAoJEJW2GBstM+nscjQP/RqFc3Hc5hm0mB9wd02OpO8N > WLm8tAlPS4hOMy3poEciT5WDE3++vx+EqKXGBpuseKE7QK7xyJiZbJZJWo6lFg9S > Lum+PM3CLuaLbzOQ4fyPZitpepyHRg6pHYNzlUQtcxyr+VCkTwS2J/gHXJVgAkVO > XtNkzVzG/UKczuOMfWr/4sVo1Dee16nNfhJWBRGCml0dnJ43lVVtH7w0pQ/7/oLJ > GFtrEKzoNqjyWmfL0Nn99xeyFwGZemdajm4q06rfVmWfY/uCL0Rl3kO8AHk+8tKk > 8kVLGGh5uKvc6oBhrXn/Uo38JO5I3lyjfnIyFngIrepQN9zTRxkpC2vkQRZxOEJd > AlVUnJaf8fdyTmIYZZ66IOkODwHFqStqbhtPLobVU7JVGoGTG2E13TBOEy78HuEJ > JUckFrZXGoSv7GHEqBJFVPqwHQqQUxjeJEGVD6k70hRhBH9+GTpeDDbo+x9ZnUtB > N7FFGnhGFeE3vY6TkvvuWkAy1S5NHiXzHp5PgelIVhbnHBxVoWwoSxGvBhnpUnoQ > VUKoRjlWaVm8MLhPPHrjScUBog9KTWLppv5wVPaLtPBKx9KKMPPg6mWi12Y3fA97 > JBdKEYNcMAyFzvcYdcHr5OkLwZ9dxroNZqTB82Nny8nD5B31Hl01ihzzT8y/zVna > Poy8DORRdGIIWekXjFtb > =3Dwsr6 > -----END PGP SIGNATURE----- --A6Z7MKnLVMfR85kG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTiM0SAAoJEJDCuSvBvK1B4ukP/j74VFB1HdVqmdJ99oP2HxcG /lqmVs0bVaOI3Z59jYOFHA2gR/R4c5MNQWQ/J9GPgYvkwp1TBxp2+vxXbWLp4eOw 7+akAPGk4tSdZ9ye3NifXcQfCYmUOWzvowaXGUj5oagyEVgvwGv//O94Qf0S6kaZ bcSHakvHW4Vg0H72LXHJu0/n/t1fgmRC1SCH76uexRugwXBt50Yqh9hXpiMHZF1Z nVVgUQeyVftIEh951JV+xrC5og58kefpppmVntOQxckXQWqB5UDoZs39XCMo+lZO USn1oJgbLLS+B0q6eHY8Qzl3akKs08DWYJGUd6Lsb8DWEXBAUFGWDO87RpIpYD2k uioP7USqd8A9M4a43jiVUPRhzfLMHeWhjM0+OZmdNgzab7TSTSfocY1WpYwWZq3s M7dqzsbgkdOgfBeOlagMKoXUmIaJkiV0PqKnMoxXHL8IrRsPqrf9MLUPAy3cImMD baS9YeWsrRE5U9lA+w0rLNA1v69bseryycSSg7/VMy+GV1Nydx21cWIB/Pg4a1R5 Qtw7BM2GQZdFLZs/8IN2/V/wfRNtj6prmMAGrWV+P7jYVKWuL648ijD8pVWoSqR2 V7VlpfOicXFl3d38vdSF88VySTbLCxB/U1aaCBnUlN4qUg50CA9S9bzOaId950VV n5U+WGhWsD1B/X8lIDNG =/bwH -----END PGP SIGNATURE----- --A6Z7MKnLVMfR85kG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140530182522.GO3991>