Opened 2 years ago

Last modified 23 months ago

#13869 new enhancement

[RFC] Additions to libbsd

Reported by: leorize Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System Version: R1/Development
Keywords: Cc: PulkoMandy, axeld
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

Functions added:

These should ease porting crypto-related programs from BSDs

Attachments (5)

0001-libs-bsd-add-readpassphrase-3.patch (8.3 KB ) - added by leorize 2 years ago.
0002-libs-bsd-add-be64dec-3-and-be64enc-3.patch (1.6 KB ) - added by leorize 2 years ago.
0003-libs-bsd-add-explicit_bzero-3.patch (1.8 KB ) - added by leorize 2 years ago.
0004-libs-bsd-add-getentropy-2.patch (23.5 KB ) - added by leorize 2 years ago.
0005-libs-bsd-add-arc4random-3.patch (16.1 KB ) - added by leorize 2 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 by leorize, 2 years ago

Has a Patch: set

comment:2 by waddlesplash, 2 years ago

Cc: PulkoMandy axeld added

Patches 1-3 look very good to me and I think they can be applied right away, unless someone has objections.

Patch 4 is the one that merits some discussion. "Technically" the HP-UX implementation of getentropy is from OpenBSD (although I see you've modified it some), although we really should add kernel support for it. But since OpenBSD actually distributes that code ... I say it's "OK for now" (and probably better than what we have now anyway.)

Patch 5 is also fine (but depends on patch 4.)

comment:3 by pulkomandy, 2 years ago

Ok for 1, 2 and 3.

For 4 I'd rather get a real getentropy, or none at all. We shouldn't pretend that we have one and fail to deliver.

For 5, likewise, I'd rather get a solid implementation, that is, one that runs kernel-side as a syscall, so it is shared by all processes.

We are dealing with cryptography here, and these APIs are used because they are known to work as expected. So if we "fake" them, we will decrease the security level.

comment:4 by waddlesplash, 2 years ago

Patches 1-3 applied in hrev51681.

comment:6 by pulkomandy, 23 months ago

Has a Patch: unset
Note: See TracTickets for help on using tickets.