Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp41785ybl; Thu, 29 Aug 2019 18:15:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqy1YweBO4ciVTRNAojuMQ8Cm4ohoijZd7qzsxQAuSSKwcnglcR1u4OVyRLqbRasQwRlwbfT X-Received: by 2002:a65:430b:: with SMTP id j11mr10729872pgq.383.1567127731059; Thu, 29 Aug 2019 18:15:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567127731; cv=none; d=google.com; s=arc-20160816; b=CP8ayYsojGMa4sd5xO8mIwXtnmCRPMf3Y1q2BMDmjAB80FrFhcm342ljgnuAuzpctI N2qjErM5m7a6SezLVB5nPY8mhD20z8aTYQy8JPDgsD/IeVgX3Xu9d2PBe7yleldgRrJR QbfhJQBnTTIvO2Ir0msdoEDncaiv5pbm9NfKb5pCajtMcUQ9HP+IiodyhQxrToUYTX8c pSw/3p49VdGJjNWjNAszLQ0IU8Q1ooFArxeL/R8Spm6o0MjRJ/lstvhubS6hLKldByU7 4mJgD95cwcnpvfcE7VjvaWLd9dqfHoYt7p9/vDm4GgOT61MofDe4XfP8fszkhs5Z/4PL +abw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=FmHrwcCk3VfwGeCKxvkg/14+6st6sz1KIInRztbAjlo=; b=zHAD53HE2eNeWJSp0evd49WX51N00ApvpEb84+P4l+65GgVTSjP1M/oLzGfakYo7no m21a+sDXvM6arui7ze+TzSutWYpan5z9e9FDOuKnP1Esc/1Kx4KQYvObRsAtmPicpCMl dcdEE0Tx9mwIUvHYYKpm+KOQpDPqb5zarw8gJPt4s0ZkT0Pg0dgzeXXORHcvc+8/BMOS FoN5Ciq7WDXDDIwZgB8q7HL60NoS3uEUvGiTr7ScR9aMQrrMSA4iwy2IFieaoQ1nzxrw qq4IYm34+qN8nbmF52cIKuBtbUzS3d1Aex/o/JjYYjD3fv/kI6bDy/9cUQPlDqXon5RT jwMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="l/e54Qwq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a33si3265078pgl.436.2019.08.29.18.15.15; Thu, 29 Aug 2019 18:15:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="l/e54Qwq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727361AbfH3BLp (ORCPT + 99 others); Thu, 29 Aug 2019 21:11:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:58244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726825AbfH3BLp (ORCPT ); Thu, 29 Aug 2019 21:11:45 -0400 Received: from localhost (c-67-180-165-146.hsd1.ca.comcast.net [67.180.165.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 15A1021726; Fri, 30 Aug 2019 01:11:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567127504; bh=cxG/Csv0dO0dzHh0hw8hEJaJviptwRvJ+VuvpnA+zQ4=; h=From:To:Cc:Subject:Date:From; b=l/e54Qwqc4S7T7xLPRTF6aL4Jp+Ft+XfOURSQfTJJcFanYajZm4eXqJvTB/OWotdG e/Z4n40q+Lpn5mGyt7s9me5IKpUekh65VHkFqGcCsx0O7PwtDupXtBV+/1hsbyShOO lxQPHtbVUafs469dKHT7RY8OanI7Fq4cbzJy4+hM= From: Andy Lutomirski To: Theodore Tso Cc: LKML , Linux API , Kees Cook , "Jason A. Donenfeld" , Andy Lutomirski Subject: [PATCH 0/7] Rework random blocking Date: Thu, 29 Aug 2019 18:11:35 -0700 Message-Id: X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This makes two major semantic changes to Linux's random APIs: It adds getentropy(..., GRND_INSECURE). This causes getentropy to always return *something*. There is no guarantee whatsoever that the result will be cryptographically random or even unique, but the kernel will give the best quality random output it can. The name is a big hint: the resulting output is INSECURE. The purpose of this is to allow programs that genuinely want best-effort entropy to get it without resorting to /dev/urandom. Plenty of programs do this because they need to do *something* during boot and they can't afford to wait. Calling it "INSECURE" is probably the best we can do to discourage using this API for things that need security. This series also removes the blocking pool and makes /dev/random work just like getentropy(..., 0) and makes GRND_RANDOM a no-op. I believe that Linux's blocking pool has outlived its usefulness. Linux's CRNG generates output that is good enough to use even for key generation. The blocking pool is not stronger in any material way, and keeping it around requires a lot of infrastructure of dubious value. This series should not break any existing programs. /dev/urandom is unchanged. /dev/random will still block just after booting, but it will block less than it used to. getentropy() with existing flags will return output that is, for practical purposes, just as strong as before. Andy Lutomirski (7): random: Don't wake crng_init_wait when crng_init == 1 random: Add GRND_INSECURE to return best-effort non-cryptographic bytes random: Ignore GRND_RANDOM in getentropy(2) random: Make /dev/random be almost like /dev/urandom random: Remove the blocking pool random: Delete code to pull data into pools random: Remove kernel.random.read_wakeup_threshold drivers/char/random.c | 234 ++++-------------------------------- include/uapi/linux/random.h | 4 +- 2 files changed, 27 insertions(+), 211 deletions(-) -- 2.21.0