Diffusion FreeBSD src repository - subversion rS317015

Replace the RC4 algorithm for generating in-kernel secure random
rS317015
Actions

Description

Replace the RC4 algorithm for generating in-kernel secure random
numbers with Chacha20. Keep the API, though, as that is what the
other *BSD's have done.

Use the boot-time entropy stash (if present) to bootstrap the
in-kernel entropy source.

Reviewed by: delphij,rwatson
Approved by: so(delphij)
MFC after: 2 months
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D10048
--This line, and those below, will be ignored--

Description of fields to fill in above: 76 columns --|
PR: If and which Problem Report is related.
Submitted by: If someone else sent in the change.
Reported by: If someone else reported the issue.
Reviewed by: If someone else reviewed your modification.
Approved by: If you needed approval for this commit.
Obtained from: If the change is from a third party.
MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email.
MFH: Ports tree branch name. Request approval for merge.
Relnotes: Set to 'yes' for mention in release notes.
Security: Vulnerability reference (one per line) or description.
Sponsored by: If the change was sponsored by an organization.
Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed).
Empty fields above will be automatically removed.

Details

Provenance

markm

Authored on

Reviewer

delphij

Differential Revision

D10048: Replace the kernel RC4 with Chacha20.

Parents

rS317014: MFC r307686:

Branches

Unknown

Tags

Unknown

Event Timeline

markm committed rS317015: Replace the RC4 algorithm for generating in-kernel secure random.Apr 16 2017, 9:11 AM

Dear FreeBSD experts,

This approach will resolve the "TCP uses weak initial sequence numbers" problem ?? Kindly confirm

with the below script problem getting re pro with python 3.6

#!/usr/local/bin/python
from scapy.all import *

VARIABLES

src = str(input('IP SRC: '))
dst = str(input('IP DST: '))

sport = random.randint(1024,65535)
dport = int(input("DST PORT: "))

SYN

ip=IP(src=src,dst=dst)
SYN=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576), ack=0)
SYNACK=sr1(ip/SYN)
print('Seq1 Number is :',SYNACK[TCP].seq)

RST

RST=TCP(sport=sport, dport=dport, flags='R', seq=SYNACK.ack, ack=0)
send(ip/RST)

#SYN
SYN2=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576), ack=0)
SYNACK2=sr1(ip/SYN2)
print('Seq2 Number is :',SYNACK2[TCP].seq)