From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp3-g21.free.fr (smtp3-g21.free.fr [212.27.42.3]) by sourceware.org (Postfix) with ESMTPS id 9CD123858D3C for ; Thu, 14 Apr 2022 07:36:28 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9CD123858D3C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=opteya.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=opteya.com Received: from [IPV6:2a01:e35:39f2:1220:cb5:5124:9bd8:8b0c] (unknown [IPv6:2a01:e35:39f2:1220:cb5:5124:9bd8:8b0c]) by smtp3-g21.free.fr (Postfix) with ESMTPS id A0BB513F814; Thu, 14 Apr 2022 09:36:25 +0200 (CEST) Message-ID: <7a992928-7a8f-1f62-3153-15e8748bda59@opteya.com> Date: Thu, 14 Apr 2022 09:36:25 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH 0/7] Add arc4random support Content-Language: fr-FR To: Adhemerval Zanella , GNU C Library References: <20220413202401.408267-1-adhemerval.zanella@linaro.org> From: Yann Droneaud Organization: OPTEYA In-Reply-To: <20220413202401.408267-1-adhemerval.zanella@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2022 07:36:30 -0000 Hi, Le 13/04/2022 à 22:23, Adhemerval Zanella via Libc-alpha a écrit : > This patch adds the arc4random, arc4random_buf, and arc4random_uniform > along with optimized versions for x86_64, aarch64, and powerpc64. > > The generic implementation is based on scalar Chacha20, with a global > cache and locking. It uses getrandom or /dev/urandom as fallback to > get the initial entropy, and reseeds the internal state on every 16MB > of consumed entropy. > > It maintains an internal buffer which consumes at maximum one page on > most systems (assuming 4k pages). The internal buffer optimizes the > cipher encrypt calls, by amortize arc4random calls (where both > function call and locks cost are the dominating factor). > > Fork detection is done by checking if MADV_WIPEONFORK supported. If not > the fork callback will reset the state on the fork call. It does not > handle direct clone calls, nor vfork or _Fork (arc4random is not > async-signal-safe due the internal lock usage, althought the > implementation does try to handle fork cases). > > The generic ChaCha20 implementation is based on the RFC8439 [1], which > a simple memcpy with xor implementation. The xor (with 0) is a waste of CPU cycles as the ChaCha20 keystream is the PRNG output. Regards. -- Yann Droneaud OPTEYA