Opened 7 years ago
Closed 15 months ago
#13869 closed enhancement (fixed)
[RFC] Additions to libbsd
Reported by: | leorize | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R1/beta5 |
Component: | System | Version: | R1/Development |
Keywords: | Cc: | PulkoMandy, axeld | |
Blocked By: | Blocking: | ||
Platform: | All |
Description
Functions added:
These should ease porting crypto-related programs from BSDs
Attachments (5)
Change History (15)
by , 7 years ago
Attachment: | 0001-libs-bsd-add-readpassphrase-3.patch added |
---|
comment:1 by , 7 years ago
patch: | 0 → 1 |
---|
by , 7 years ago
Attachment: | 0002-libs-bsd-add-be64dec-3-and-be64enc-3.patch added |
---|
by , 7 years ago
Attachment: | 0003-libs-bsd-add-explicit_bzero-3.patch added |
---|
by , 7 years ago
Attachment: | 0004-libs-bsd-add-getentropy-2.patch added |
---|
by , 7 years ago
Attachment: | 0005-libs-bsd-add-arc4random-3.patch added |
---|
comment:2 by , 7 years ago
Cc: | added |
---|
comment:3 by , 7 years ago
Ok for 1, 2 and 3.
For 4 I'd rather get a real getentropy, or none at all. We shouldn't pretend that we have one and fail to deliver.
For 5, likewise, I'd rather get a solid implementation, that is, one that runs kernel-side as a syscall, so it is shared by all processes.
We are dealing with cryptography here, and these APIs are used because they are known to work as expected. So if we "fake" them, we will decrease the security level.
comment:6 by , 7 years ago
patch: | 1 → 0 |
---|
comment:7 by , 3 years ago
Hello Haiku devs,
I have been working on adding support for Haiku in Zig and hit a point where having something like arc4random would make the port for Zig go a little smoother (See discussion in https://github.com/ziglang/zig/pull/9025) and came across this ticket that still appears to be in progress.
Are there (still) plans to have support for arc4random sometime in the (near) future?
comment:8 by , 3 years ago
arc4random is not just about libbsd, it requires some rework of how we generate random numbers inside the kernel. Since it is a bit "critical" (for security implications), we don't want to provide a bad implementation of it, and prefer to delay it until we have everything right.
Until then you will have to do with the old way of getting random numbers from /dev/random, sorry.
comment:9 by , 3 years ago
Thanks for the explanation and can understood about taking the time to get the implementation as good as can be.
I can look into alternative approaches in the meantime. Cheers.
comment:10 by , 15 months ago
Milestone: | Unscheduled → R1/beta5 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
getentropy and arc4random done in hrev57247.
Patches 1-3 look very good to me and I think they can be applied right away, unless someone has objections.
Patch 4 is the one that merits some discussion. "Technically" the HP-UX implementation of getentropy is from OpenBSD (although I see you've modified it some), although we really should add kernel support for it. But since OpenBSD actually distributes that code ... I say it's "OK for now" (and probably better than what we have now anyway.)
Patch 5 is also fine (but depends on patch 4.)