Opened 6 years ago

Closed 7 months ago

#13869 closed enhancement (fixed)

[RFC] Additions to libbsd

Reported by: leorize Owned by: nobody
Priority: normal Milestone: R1/beta5
Component: System Version: R1/Development
Keywords: Cc: PulkoMandy, axeld
Blocked By: Blocking:
Platform: All

Description

Functions added:

These should ease porting crypto-related programs from BSDs

Attachments (5)

0001-libs-bsd-add-readpassphrase-3.patch (8.3 KB ) - added by leorize 6 years ago.
0002-libs-bsd-add-be64dec-3-and-be64enc-3.patch (1.6 KB ) - added by leorize 6 years ago.
0003-libs-bsd-add-explicit_bzero-3.patch (1.8 KB ) - added by leorize 6 years ago.
0004-libs-bsd-add-getentropy-2.patch (23.5 KB ) - added by leorize 6 years ago.
0005-libs-bsd-add-arc4random-3.patch (16.1 KB ) - added by leorize 6 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 by leorize, 6 years ago

patch: 01

comment:2 by waddlesplash, 6 years ago

Cc: PulkoMandy axeld added

Patches 1-3 look very good to me and I think they can be applied right away, unless someone has objections.

Patch 4 is the one that merits some discussion. "Technically" the HP-UX implementation of getentropy is from OpenBSD (although I see you've modified it some), although we really should add kernel support for it. But since OpenBSD actually distributes that code ... I say it's "OK for now" (and probably better than what we have now anyway.)

Patch 5 is also fine (but depends on patch 4.)

comment:3 by pulkomandy, 6 years ago

Ok for 1, 2 and 3.

For 4 I'd rather get a real getentropy, or none at all. We shouldn't pretend that we have one and fail to deliver.

For 5, likewise, I'd rather get a solid implementation, that is, one that runs kernel-side as a syscall, so it is shared by all processes.

We are dealing with cryptography here, and these APIs are used because they are known to work as expected. So if we "fake" them, we will decrease the security level.

comment:4 by waddlesplash, 6 years ago

Patches 1-3 applied in hrev51681.

comment:6 by pulkomandy, 6 years ago

patch: 10

comment:7 by hoanga, 3 years ago

Hello Haiku devs,

I have been working on adding support for Haiku in Zig and hit a point where having something like arc4random would make the port for Zig go a little smoother (See discussion in https://github.com/ziglang/zig/pull/9025) and came across this ticket that still appears to be in progress.

Are there (still) plans to have support for arc4random sometime in the (near) future?

comment:8 by pulkomandy, 3 years ago

arc4random is not just about libbsd, it requires some rework of how we generate random numbers inside the kernel. Since it is a bit "critical" (for security implications), we don't want to provide a bad implementation of it, and prefer to delay it until we have everything right.

Until then you will have to do with the old way of getting random numbers from /dev/random, sorry.

comment:9 by hoanga, 3 years ago

Thanks for the explanation and can understood about taking the time to get the implementation as good as can be.

I can look into alternative approaches in the meantime. Cheers.

comment:10 by waddlesplash, 7 months ago

Milestone: UnscheduledR1/beta5
Resolution: fixed
Status: newclosed

getentropy and arc4random done in hrev57247.

Note: See TracTickets for help on using tickets.