Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp2861634pxb;
        Thu, 10 Feb 2022 07:11:12 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyeRR6xVN9eDLZRYRfXasboDB0A/Q/hssqHT5dk0GNeSNPUOhSTEeJ79WTOTwXZDdUPQEUk
X-Received: by 2002:a65:6090:: with SMTP id t16mr6358662pgu.323.1644505871864;
        Thu, 10 Feb 2022 07:11:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644505871; cv=none;
        d=google.com; s=arc-20160816;
        b=syb+wpaOl0dNp/LKPxy0ovvDtq669YzCAVi6PUjjNJVucH8h8X8KRUcVHnw2r3+poe
         OsGOSH0otzzWICmmwkkpspw1onAC01yYANtMPKWlhDszhSkMDW7FRa/ekWAPQFpdPmGb
         //tQ3gkMHaYUJqbQTjuH0sMGPh2BT9VZIWxZrNdYQ9WYHl7vBpjcPhHN33jyE1o7kwSZ
         D810y3AndcDA+nmsO/lqOi1pEY6+rfvYkRmbSkMmh2thlY8lZOJ3lgRThdwovjwMEmKN
         6DBxJ71kEX9aRxTybR63TqgLVFQUhPfudHaJLH3jScn1t30k3dRrmPo1oJ87ndRLkIIz
         Cfig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:subject:message-id:date:from:mime-version
         :dkim-signature;
        bh=rbs0lLP9RZzJE2r4csi0yLh+4W1OkWH7RJI55o8FZNA=;
        b=JWEIsdzI6poTeMBoimd9DD/ibY8z+FwGfgjBf38teSbMnMVHJpiVuUKo0TsZsjzJ17
         gfppgxSHNV78KT34nBhQDFMHHbDbOvoEriVU2SBZgo/Pp0nzjdSXJDB9ihdr7egOLGyB
         alPF+f7KLVODEW9NnttGa2ZGicRJq2yU8UjkW4YCMWLdvW0UITlvHGrk6wIsfP6jYFVY
         GMdZ24jLhR6iI4feVMYy00hAGR8wogu/vQn9b/4gXxMsBbw3sBJ9Y169oNmRObWwJlnf
         KOaaHnBq7Up+tun7UolGa2eAnJmvZMZNGHESX35OEW/bVD9WyyRf/saBN/ZSYZXAv9Oc
         cOqA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=cTJLK79A;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u25si8100154pfh.109.2022.02.10.07.10.46;
        Thu, 10 Feb 2022 07:11:11 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=cTJLK79A;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238098AbiBJO2k (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Thu, 10 Feb 2022 09:28:40 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:44274 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242901AbiBJO2j (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 10 Feb 2022 09:28:39 -0500
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87C8821C
        for <linux-crypto@vger.kernel.org>; Thu, 10 Feb 2022 06:28:39 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id cz16so11171976edb.8
        for <linux-crypto@vger.kernel.org>; Thu, 10 Feb 2022 06:28:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:from:date:message-id:subject:to;
        bh=rbs0lLP9RZzJE2r4csi0yLh+4W1OkWH7RJI55o8FZNA=;
        b=cTJLK79A2fbaO/6529z1ftMxx8PoYIGkD9ErzRka7CLnBUF4nhqk33IASmVLsVHJM0
         j02LnSI6oivLVlnGOIG6taZhsYIcUAqLHZ1hVEeoDTZu0MwufJWOsT3aA4to1SlxiPC7
         9GUdbHFWW86moDneo9F9HtDGcmVmuceQWFWKeLlY/1FajJOmmna63+xpjMpy4uFEbfgL
         D1vm6Xc4eAxBew+YEc/Q3Db3c2Jza6/E1CbIqJ8yKAVCDzeldcWMrn5TzsXWACsR8fIo
         9s1BxctAgGdD3+BOjw/ys3IUFRqiR5OZiyzX+byrN+h7Reu97tEX7QE1iDolSb+K9QaY
         iAFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=rbs0lLP9RZzJE2r4csi0yLh+4W1OkWH7RJI55o8FZNA=;
        b=5aY43S/Na4QjyUksNynvkpn2ZzaT1XalCNFsfoAmFPStxr9UFRicAWCfPBHTKEOQUt
         t8Mw+pa5frbqlS3rOzRXfaeCS4AI4s/Cjl3g+gGT/n2XOMbp1KAuzZ5fvzuEgkPdgFRd
         xNvLMAZbF337jJ31XSSGMDCCC3qoKJOJyXZfp8HImcEjIrYl563me/abgaavsPg9sJkF
         zSAdZJQs/HZAhCVRCFzuuc9V3RuGBR/cYUMoATnRG+AvNNCNHJbJcGAB2J5AzW7wfv64
         94jzPCnaO0RZX1h37dmdDFbC1+K9XEThMnsLJeB4QWsvge/mVu2z9FcipSVp23v1PMNx
         OY5g==
X-Gm-Message-State: AOAM532LEfU85g/6Z2ZAhn6eGw2cywNTsLlxZK5FIQ8zQcSAaBPebIUR
        Ar4eVHXga2SuJafJjF/Qhom3D/LNW0Pxo5Ub+YkJoet4QHQ=
X-Received: by 2002:a05:6402:1601:: with SMTP id f1mr8599720edv.165.1644503317954;
 Thu, 10 Feb 2022 06:28:37 -0800 (PST)
MIME-Version: 1.0
From:   Sandy Harris <sandyinchina@gmail.com>
Date:   Thu, 10 Feb 2022 22:28:26 +0800
Message-ID: <CACXcFmkC=6DsDiTbtnu=LMSsg00Lxz7jvcWNV=yDibz8suoVgw@mail.gmail.com>
Subject: [PATCH 0/4] random: change usage of arch_get_random_long()
To:     Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        "Ted Ts'o" <tytso@mit.edu>, "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Herbert Xu <herbert@gondor.apana.org.au>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

This series of patches is not strictly necessary, but it is a
significant improvement.

The current code has a sequence in several places that calls one or
more of arch_get_random_long() or related functions, checks the return
value(s) and on failure falls back to random_get_entropy(). These
patches provide get_source_long(), which is intended to replace all
such sequences.

This is better in several ways. It never wastes effort by calling
arch_get_random_long() et al. when the relevant config variables are
not set. If config variables for a hardware rng or the latent entropy
plugin are set, then it uses those instead. It does not deliver raw
output from any of these sources, but masks it by mixing with stored
random data. In the fallback case it gives much more random output

In the cases where a good source is available, this adds a little
overhead, but not much. It also saves some by not trying
arch_get-random_long() unnecessarily.

If no better source is available, get_source_long() falls back to
get_xtea_long(), an internal-use-only pseudorandom generator based on
the xtea block cipher. In general, that is considerably more expensive
than random_get_entropy(), but also provably much stronger.

With no good source, there is still a problem at boot; xtea cannot
become secure until it is properly keyed. It does become safe
eventually, and in the meanwhile it is certainly no worse than
random_get_entropy().