From: Andy Lutomirski <luto@kernel.org>
To: Theodore Tso <tytso@google.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Andy Lutomirski <luto@kernel.org>
Subject: [PATCH 0/7] Rework random blocking
Date: Thu, 29 Aug 2019 18:11:35 -0700 [thread overview]
Message-ID: <cover.1567126741.git.luto@kernel.org> (raw)
This makes two major semantic changes to Linux's random APIs:
It adds getentropy(..., GRND_INSECURE). This causes getentropy to
always return *something*. There is no guarantee whatsoever that
the result will be cryptographically random or even unique, but the
kernel will give the best quality random output it can. The name is
a big hint: the resulting output is INSECURE.
The purpose of this is to allow programs that genuinely want
best-effort entropy to get it without resorting to /dev/urandom.
Plenty of programs do this because they need to do *something*
during boot and they can't afford to wait. Calling it "INSECURE" is
probably the best we can do to discourage using this API for things
that need security.
This series also removes the blocking pool and makes /dev/random
work just like getentropy(..., 0) and makes GRND_RANDOM a no-op. I
believe that Linux's blocking pool has outlived its usefulness.
Linux's CRNG generates output that is good enough to use even for
key generation. The blocking pool is not stronger in any material
way, and keeping it around requires a lot of infrastructure of
dubious value.
This series should not break any existing programs. /dev/urandom is
unchanged. /dev/random will still block just after booting, but it
will block less than it used to. getentropy() with existing flags
will return output that is, for practical purposes, just as strong
as before.
Andy Lutomirski (7):
random: Don't wake crng_init_wait when crng_init == 1
random: Add GRND_INSECURE to return best-effort non-cryptographic
bytes
random: Ignore GRND_RANDOM in getentropy(2)
random: Make /dev/random be almost like /dev/urandom
random: Remove the blocking pool
random: Delete code to pull data into pools
random: Remove kernel.random.read_wakeup_threshold
drivers/char/random.c | 234 ++++--------------------------------
include/uapi/linux/random.h | 4 +-
2 files changed, 27 insertions(+), 211 deletions(-)
--
2.21.0
next reply other threads:[~2019-08-30 1:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-30 1:11 Andy Lutomirski [this message]
2019-08-30 1:11 ` [PATCH 1/7] random: Don't wake crng_init_wait when crng_init == 1 Andy Lutomirski
2019-08-30 1:11 ` [PATCH 2/7] random: Add GRND_INSECURE to return best-effort non-cryptographic bytes Andy Lutomirski
2019-08-30 1:11 ` [PATCH 3/7] random: Ignore GRND_RANDOM in getentropy(2) Andy Lutomirski
2019-08-30 1:11 ` [PATCH 4/7] random: Make /dev/random be almost like /dev/urandom Andy Lutomirski
2019-08-30 1:11 ` [PATCH 5/7] random: Remove the blocking pool Andy Lutomirski
2019-08-30 1:11 ` [PATCH 6/7] random: Delete code to pull data into pools Andy Lutomirski
2019-08-30 1:11 ` [PATCH 7/7] random: Remove kernel.random.read_wakeup_threshold Andy Lutomirski
2019-08-30 1:49 ` [PATCH 0/7] Rework random blocking Theodore Y. Ts'o
2019-08-30 2:01 ` Andy Lutomirski
2019-09-09 9:42 ` Pavel Machek
2019-09-09 22:57 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1567126741.git.luto@kernel.org \
--to=luto@kernel.org \
--cc=Jason@zx2c4.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).