Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp890813pxb;
        Wed, 27 Oct 2021 14:33:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzJRae7XuYd7Vd0mXaXdAfzIhdeMTnKt7+i3NR5lNQa5CmiNqVAoEtDEjoWG6cjZCxxfFUC
X-Received: by 2002:a17:906:c301:: with SMTP id s1mr88320ejz.409.1635370438540;
        Wed, 27 Oct 2021 14:33:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635370438; cv=none;
        d=google.com; s=arc-20160816;
        b=X8G/LQ0mGhDvJt8rEq91+9WIpZKY5O/5n8/XKuZ13RK4PZD6CmWW1jhaS8hFJPTDjB
         0CkSH/txZUZKG7jU4JCK91EjBgnp+ExPLhhuD48M2sRDMVenl9LwBzlydwuSER0QyojL
         o7lH+tUmQ/DvOkRhVASxWG/Ifx8c8ZVsjw1xvkWvRA9mF+ySfaT9XTkvBk+xYFQM4WkO
         3jgPzUEMmWG8KT4eVEX64Z8yWnnnKtUngpirUl/KcdcD7pfqzWNKPhCYPgzNgXBbz7zi
         7ibu6Zo6bAcybV33BM01TFQUvxeLiZXBs9c8Za8vyc7FPTM6VzyQzuwMM0fZYfJguNPa
         Hkmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=8dmzvbAY2zD0jIDT/JUNyjCXUAI+Jsnu1YfCVPC0KNo=;
        b=wG0dThqnfTYci5OiefM39MOVGxuoWweZVsMj85BK3sqf/fjr1VyBjbHgRQnycUx5UY
         Y9rw7veU+BjPJFfi6eWd6GXSGlIRcgepQR6ku/HIDF8xtPEkGm67iP3EoLcpfMHq3SAe
         OLr9TPRhuirVANSjrfjb5gJCA/IM8K1EYHp1Wxt1D0HUlPVJcqWc/3RORp+Nbt57ppwy
         8kT13HHktDBIk6idwnmbt5YSI3LalBWVo+MdYq2VXfK//RyRPMjSm0XgDAYADNjayEx/
         V/LO7o0/McI4phZJjgCekMZwHSBlumvKeNxHBKstmIcJW6Kz39uJhKEDbI/XgFO4+BP5
         ynbg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=db+zZ6Ih;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g17si1346275ejm.399.2021.10.27.14.33.35;
        Wed, 27 Oct 2021 14:33:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=db+zZ6Ih;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240472AbhJ0SqP (ORCPT <rfc822;luming.yu@gmail.com> + 97 others);
        Wed, 27 Oct 2021 14:46:15 -0400
Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.53]:30097 "EHLO
        mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238382AbhJ0SqN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Oct 2021 14:46:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1635360224;
    s=strato-dkim-0002; d=chronox.de;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=8dmzvbAY2zD0jIDT/JUNyjCXUAI+Jsnu1YfCVPC0KNo=;
    b=db+zZ6Iho1wVd4JUzzFZ0kNn5AYxFHkzuvkDWyOnspxXgNCW/+r5BEsGksSSn7MWQA
    w/XOIr0bR7wXyIxQxu7T+91xYuvyTZqna0OwcHSafsJZkZu7dFC9Mpa/MpPONphVllMU
    vs7d3GXSeT6hWDf4m4OjdU2u8/aHNw4uP6i+CopxOe5J97jdtyyJtfnzf5C6tPe/NSRY
    8ijlXxOxYJjlG7IDO1BV95RohZ1qIuSmbQZ+cGS4rQFKdjXjj7+OOk+OMf4AM401xVpN
    K7CsXytQotVZW7HBoMdek6xsB7tEDYlzHRFspnuwpmmxao/F5ffVhKPgFgbUdQtowdwt
    +/0A==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xm0dNS3JdRcQGaevZhmp"
X-RZG-CLASS-ID: mo00
Received: from positron.chronox.de
    by smtp.strato.de (RZmta 47.34.1 DYNA|AUTH)
    with ESMTPSA id n020a8x9RIhhA1i
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
    Wed, 27 Oct 2021 20:43:43 +0200 (CEST)
From:   Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To:     Nicolai Stange <nstange@suse.de>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Nicolai Stange <nstange@suse.de>, Torsten Duwe <duwe@suse.de>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding
Date:   Wed, 27 Oct 2021 20:43:42 +0200
Message-ID: <2466958.tJBOlap2oN@positron.chronox.de>
In-Reply-To: <87zgqurhcj.fsf@suse.de>
References: <20211025092525.12805-1-nstange@suse.de> <2120606.3HGXcN3vsr@positron.chronox.de> <87zgqurhcj.fsf@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am Mittwoch, 27. Oktober 2021, 10:40:12 CEST schrieb Nicolai Stange:

Hi Nicolai,

> Hi Stephan,
>=20
> first of all, many thanks for your prompt review!
>=20
> Stephan M=FCller <smueller@chronox.de> writes:
> > Am Montag, 25. Oktober 2021, 11:25:19 CEST schrieb Nicolai Stange:
> >> - Replace the asynchronous random_ready_callback based DRBG reseeding
> >>=20
> >>   logic with a synchronous solution leveraging rng_is_initialized().
> >=20
> > Could you please help me why replacing an async method with a sync meth=
od
> > is helpful? Which problems do you see with the async method that are
> > alleviated with the swtich to the sync method? In general, an async
> > method is more powerful, though it requires a bit more code.
>=20
> There is no problem with the async method (*), I just don't see any
> advantage over the less complex approach of doing all reseeding
> work synchronously from drbg_generate().
>=20
> Before the change, there had been two sites taking care of reseeding:
> the drbg_async_seed() work handler scheduled from the
> random_ready_callback and drbg_generate().
>=20
> After the change, all reseeding is handled at a single place only, namely
> drbg_generate(), which, in my opinion, makes it easier to reason about.
> In particular, in preparation for patch 6/6 from this series introducing
> yet another condition for triggering a reseed...

That makes sense. Thanks for clarifying.

Ciao
Stephan
>=20
> Thanks,
>=20
> Nicolai
>=20
> (*) Except for that a wait_for_random_bytes() issued by DRBG users won't
>     give any guarantees with respect to a subsequent drbg_generate()
>     operation, c.f. my other mail in reply to your review on 3/6 I'm
>     about to write in a second. As of now, there aren't any DRBG users
>     invoking wait_for_random_bytes(), but one might perhaps consider
>     changing that in the future.
>=20
> >>   This
> >>   move simplifies the code IMO and, as a side-effect, would enable DRBG
> >>   users to rely on wait_for_random_bytes() to sync properly with
> >>   drbg_generate(), if desired. Implemented by patches 1-5/6.
> >>=20
> >> - Make the 'nopr' DRBGs to reseed themselves every 5min from
> >>=20
> >>   get_random_bytes(). This achieves at least kind of a partial predict=
ion
> >>   resistance over the time domain at almost no extra cost. Implemented
> >>   by patch 6/6, the preceding patches in this series are a prerequisite
> >>   for this.


Ciao
Stephan