Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-10-17 Thread Shawn Webb
On Sun, Apr 16, 2017 at 09:11:03AM +, Mark Murray wrote: > Author: markm > Date: Sun Apr 16 09:11:02 2017 > New Revision: 317015 > URL: https://svnweb.freebsd.org/changeset/base/317015 > > Log: > Replace the RC4 algorithm for generating in-kernel secure random > numbers with Chacha20.

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Xin Li
On 4/16/17 08:30, Rodney W. Grimes wrote: >> >>> On 16 Apr 2017, at 13:07, Rodney W. Grimes >>> wrote: >>> > From replacing the rc4 algorithm with chacha20, this chalice has now become poisoned with the job of redesigning the entire structure of

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Dag-Erling Smørgrav
Mark R V Murray writes: > "Dubious legal status"? Please go and look at the chacha that OpenSSH uses. > You will find it strangely familiar. I know exactly where that code comes from. It lacks a proper license. DES -- Dag-Erling Smørgrav - d...@des.no

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Warner Losh
On Sun, Apr 16, 2017 at 10:35 AM, Ian Lepore wrote: > On Sun, 2017-04-16 at 09:04 -0700, Rodney W. Grimes wrote: >> What watch list is this? And do we have a watch list that is just "New >> Phabricator >> created" so we can make just that incident go to some mailling list so

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark Linimon
On Sun, Apr 16, 2017 at 10:35:59AM -0600, Ian Lepore wrote: > (The most basic rule would be "notify me about every new change put > up for review", which seems like it would be a real spam generator, > but at least one person uses such a rule.) I tried the latter once, as a test. I doubt many

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 20:26, Dag-Erling Smørgrav wrote: > > Mark Murray writes: >> Added: >> head/sys/crypto/chacha20/chacha.c (contents, props changed) >> head/sys/crypto/chacha20/chacha.h (contents, props changed) > > Really? You committed this code

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Dag-Erling Smørgrav
Mark Murray writes: > Added: > head/sys/crypto/chacha20/chacha.c (contents, props changed) > head/sys/crypto/chacha20/chacha.h (contents, props changed) Really? You committed this code despite having been informed of its dubious legal status, and despite knowing full

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Ian Lepore
On Sun, 2017-04-16 at 09:04 -0700, Rodney W. Grimes wrote: > What watch list is this?  And do we have a watch list that is just "New > Phabricator > created" so we can make just that incident go to some mailling list so people > stop > getting caught off guard by commits that have been reviews

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 15:26, Conrad Meyer wrote: > * I believe you've taken the right approach. But somehow your import > of chacha should be reconciled with DES' import (i.e., keep only one > copy in the tree). > * I don't believe the chacha code being standard is an undue

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 17:04, Rodney W. Grimes > wrote: > So you can understand me being started when any of this arrived? I am > on several of the mailling list, and I think -security is probably one > of them. I was thoroughly ignored last time I tried to use

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Rodney W. Grimes
> > > On 16 Apr 2017, at 15:21, Rodney W. Grimes > > wrote: > RC4 has been standard for many years. > >>> Probably another rapid mode of design rather than a thoughful mode, we > >>> have a chance to correct this here, and imho, should. > >> > >> Fix it,

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Pedro Giffuni
On 04/16/17 09:26, Conrad Meyer wrote: On Sun, Apr 16, 2017 at 2:19 AM, Mark R V Murray wrote: This does not use DES' Chacha20 commit, as I had already completed the testing for it, and received SO@ approval. DES's commit made Chaha20 a module. This is of no use to

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 15:21, Rodney W. Grimes > wrote: RC4 has been standard for many years. >>> Probably another rapid mode of design rather than a thoughful mode, we >>> have a chance to correct this here, and imho, should. >> >> Fix it, sure. What's wrong

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Conrad Meyer
Furthmore: chacha20.ko: 7 kB GENERIC w/out chacha20: 27095416 GENERIC w/ chacha20: 27097976 device chacha20 adds 2560 *bytes* to the kernel. That's +0.009%. Not worth bikeshedding about. Best, Conrad On Sun, Apr 16, 2017 at 7:26 AM, Conrad Meyer wrote: > On Sun, Apr 16,

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Conrad Meyer
On Sun, Apr 16, 2017 at 2:19 AM, Mark R V Murray wrote: > This does not use DES' Chacha20 commit, as I had already completed the > testing for it, and received SO@ approval. > > DES's commit made Chaha20 a module. This is of no use to arc4random(9), > which needs the code to be

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Rodney W. Grimes
> > On 16 Apr 2017, at 13:30, Rodney W. Grimes > > wrote: > > > >> The RC4 algorithm is standard. Making the alogorithm pluggable means more > >> code, more testing and more time (time which I am rather short of). > > > > I would rather see a proper

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 13:30, Rodney W. Grimes > wrote: > >> The RC4 algorithm is standard. Making the alogorithm pluggable means more >> code, more testing and more time (time which I am rather short of). > > I would rather see a proper implementation later,

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Rodney W. Grimes
> > > On 16 Apr 2017, at 13:07, Rodney W. Grimes > > wrote: > > > >>> From replacing the rc4 algorithm with chacha20, this chalice has now > >> become poisoned with the job of redesigning the entire structure of > >> kernel random-number generation. > >> > >>

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 13:07, Rodney W. Grimes > wrote: > >>> From replacing the rc4 algorithm with chacha20, this chalice has now >> become poisoned with the job of redesigning the entire structure of >> kernel random-number generation. >> >> This may take a

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Rodney W. Grimes
> > > On 16 Apr 2017, at 12:50, Rodney W. Grimes > > wrote: > > > >> This does not use DES' Chacha20 commit, as I had already completed the > >> testing for it, and received SO@ approval. > >> > >> DES's commit made Chaha20 a module. This is of no use to

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
> On 16 Apr 2017, at 12:50, Rodney W. Grimes > wrote: > >> This does not use DES' Chacha20 commit, as I had already completed the >> testing for it, and received SO@ approval. >> >> DES's commit made Chaha20 a module. This is of no use to arc4random(9), >>

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Rodney W. Grimes
> This does not use DES' Chacha20 commit, as I had already completed the > testing for it, and received SO@ approval. > > DES's commit made Chaha20 a module. This is of no use to arc4random(9), > which needs the code to be standard. Also his API is different. > > I have no objection to reworking

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark R V Murray
This does not use DES' Chacha20 commit, as I had already completed the testing for it, and received SO@ approval. DES's commit made Chaha20 a module. This is of no use to arc4random(9), which needs the code to be standard. Also his API is different. I have no objection to reworking the

svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

2017-04-16 Thread Mark Murray
Author: markm Date: Sun Apr 16 09:11:02 2017 New Revision: 317015 URL: https://svnweb.freebsd.org/changeset/base/317015 Log: Replace the RC4 algorithm for generating in-kernel secure random numbers with Chacha20. Keep the API, though, as that is what the other *BSD's have done. Use the