svn commit: r355949 - head/sys/dev/random

Conrad Meyer cem at FreeBSD.org
Fri Dec 20 21:11:01 UTC 2019 

Author: cem
Date: Fri Dec 20 21:11:00 2019
New Revision: 355949
URL: https://svnweb.freebsd.org/changeset/base/355949

Log:
  random(4): Flip default Fortuna generator over to Chacha20
  
  The implementation was landed in r344913 and has had some bake time (at
  least on my personal systems).  There is some discussion of the motivation
  for defaulting to this cipher as a PRF in the commit log for r344913.
  
  As documented in that commit, administrators can retain the prior (AES-ICM)
  mode of operation by setting the 'kern.random.use_chacha20_cipher' tunable
  to 0 in loader.conf(5).
  
  Approved by:	csprng(delphij, markm)
  Differential Revision:	https://reviews.freebsd.org/D22878

Modified:
  head/sys/dev/random/hash.c

Modified: head/sys/dev/random/hash.c
==============================================================================
--- head/sys/dev/random/hash.c	Fri Dec 20 20:58:13 2019	(r355948)
+++ head/sys/dev/random/hash.c	Fri Dec 20 21:11:00 2019	(r355949)
@@ -68,18 +68,18 @@ CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE);
 _Static_assert(CHACHA_STATELEN == RANDOM_BLOCKSIZE, "");
 
 /*
- * Experimental Chacha20-based PRF for Fortuna keystream primitive.  For now,
- * disabled by default.  But we may enable it in the future.
+ * Knob to control use of Chacha20-based PRF for Fortuna keystream primitive.
  *
  * Benefits include somewhat faster keystream generation compared with
- * unaccelerated AES-ICM.
+ * unaccelerated AES-ICM; reseeding is much cheaper than computing AES key
+ * schedules.
  */
-bool random_chachamode __read_frequently = false;
+bool random_chachamode __read_frequently = true;
 #ifdef _KERNEL
 SYSCTL_BOOL(_kern_random, OID_AUTO, use_chacha20_cipher, CTLFLAG_RDTUN,
     &random_chachamode, 0,
-    "If non-zero, use the ChaCha20 cipher for randomdev PRF.  "
-    "If zero, use AES-ICM cipher for randomdev PRF (default).");
+    "If non-zero, use the ChaCha20 cipher for randomdev PRF (default). "
+    "If zero, use AES-ICM cipher for randomdev PRF (12.x default).");
 #endif
 
 /* Initialise the hash */

More information about the svn-src-head mailing list