Received: by mail.netbsd.org (Postfix, from userid 605)
	id D940884DE0; Tue,  3 Sep 2019 12:20:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 5BC0C84DBD
	for <source-changes@NetBSD.org>; Tue,  3 Sep 2019 12:20:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id JfF9VtzqrOrq for <source-changes@netbsd.org>;
	Tue,  3 Sep 2019 12:20:43 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id B7D0384D68
	for <source-changes@NetBSD.org>; Tue,  3 Sep 2019 12:20:43 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id B1755FBF4; Tue,  3 Sep 2019 12:20:43 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Tue, 3 Sep 2019 12:20:43 +0000
From: "Martin Husemann" <martin@netbsd.org>
Subject: CVS commit: [netbsd-7] src/sys
To: source-changes@NetBSD.org
X-Mailer: log_accum
Message-Id: <20190903122043.B1755FBF4@cvs.NetBSD.org>
Sender: source-changes-owner@NetBSD.org
List-Id: source-changes.NetBSD.org
Precedence: bulk
Reply-To: source-changes-d@NetBSD.org
Mail-Reply-To: "Martin Husemann" <martin@netbsd.org>
Mail-Followup-To: source-changes-d@NetBSD.org
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20source-changes&body=unsubscribe%20source-changes>

Module Name:	src
Committed By:	martin
Date:		Tue Sep  3 12:20:43 UTC 2019

Modified Files:
	src/sys/conf [netbsd-7]: files
	src/sys/dev [netbsd-7]: rndpseudo.c
	src/sys/kern [netbsd-7]: subr_cprng.c
	src/sys/rump/kern/lib/libcrypto [netbsd-7]: Makefile
	src/sys/rump/librump/rumpkern [netbsd-7]: Makefile.rumpkern
	src/sys/sys [netbsd-7]: cprng.h
Added Files:
	src/sys/crypto/nist_hash_drbg [netbsd-7]: files.nist_hash_drbg
	    nist_hash_drbg.c nist_hash_drbg.h
Removed Files:
	src/sys/crypto/nist_ctr_drbg [netbsd-7]: files.nist_ctr_drbg
	    nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h
	    nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h
	    nist_ctr_drbg_config.h

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1705):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.13 - 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...


To generate a diff of this commit:
cvs rdiff -u -r1.1096.2.9 -r1.1096.2.10 src/sys/conf/files
cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h
cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h
cvs rdiff -u -r0 -r1.1.6.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \
    src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \
    src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h
cvs rdiff -u -r1.21.2.1 -r1.21.2.2 src/sys/dev/rndpseudo.c
cvs rdiff -u -r1.24.2.1 -r1.24.2.2 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.3 -r1.3.4.1 src/sys/rump/kern/lib/libcrypto/Makefile
cvs rdiff -u -r1.148 -r1.148.2.1 \
    src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.10 -r1.10.2.1 src/sys/sys/cprng.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.