flak rss random

libc version 78

OpenBSD libc is now at version 78.0, featuring a good mix of features. Something old, something new, something different.


The setkey and encrypt functions were deleted. Traditionally, they implement the DES algorithm, however the the standard doesn’t mandate any algorithm, meaning interoperability is not guaranteed. XOR would satisfy the requirement, for instance. It’s not really possible to use a much better algorithm, however, because the block size is fixed at 64 bits (expressed as 64 bytes, because that’s convenient), which rules out AES. Switching to blowfish just doesn’t seem worth it, given that the interface only supports a global key. The good news is that out of the ports tree, only one program used these functions. claws mail encrypts users’ passwords with the key “passkey0”. Hope that wasn’t a secret.

The cfree function was also removed. It was added long ago to be compatible with SunOS. SunOS is dead; so is the software written for it.


SipHash was added to libc. It’s been in the kernel for a little while, slowly replacing other ad hoc hash functions. It’s faster than algorithms like MD5 or SHA, but less predictable than simpler functions like add and shift or FNV due to the introduction of a random key. Although the round counts are variable, we’ve standardized on 2/4 as a good enough mix. Easily changed later if it becomes necessary, but we’d like to keep things fast so that SipHash24 becomes the goto default hash function.

guenther@ added one more at syscall, chflagsat, which is like fchmodat, etc. Gotta have ‘em all.


deraadt@ decided that another fix for programs relying on bobo rand calls for randomness is to simply break the standard and give them what they’ve been hoping for all along.

Posted 08 Dec 2014 21:46 by tedu Updated: 08 Dec 2014 21:46
Tagged: openbsd