![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / conf
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: netbsd-7-1
Revision 1.1096.2.8.2.1 / (download) - annotate - [select for diffs], Tue Sep 3 12:28:31 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-7-1
Changes since 1.1096.2.8: +3 -3
lines
Diff to previous 1.1096.2.8 (colored) next main 1.1096.2.9 (colored)
Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away...
Revision 1.1096.2.8 / (download) - annotate - [select for diffs], Sun Nov 13 07:27:22 2016 UTC (7 years, 5 months ago) by snj
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE
Branch point for: netbsd-7-1
Changes since 1.1096.2.7: +2 -2
lines
Diff to previous 1.1096.2.7 (colored) to branchpoint 1.1096 (colored)
Pull up following revision(s) (requested by pgoyette in ticket #1270): sys/conf/files: revision 1.1165 Update dependencies for COMPAT_LINUX32 to include COMPAT_NETBSD32 Without this, an attempt to build a kernel with COMPAT_LINUX32 but without COMPAT_NETBSD32 will fail during the execution of genassym, and the error messages are not very helpful. With this change, config(1) will automatically (and silently) select/add COMPAT_NETBSD32 to the configuration. It might be better if config(1) were to issue an appropriate diagnostic, but that is a change for some future day.