Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp2186711iog; Sun, 19 Jun 2022 09:48:31 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sR2sLRN+oXvQYZ/9bMMV6Xyt+vE+FfXEz933/MuV2Ppva2dMXEc5QR6PURssxpJp/eMkFL X-Received: by 2002:a05:6402:3484:b0:42e:1f3b:4a4c with SMTP id v4-20020a056402348400b0042e1f3b4a4cmr24538337edc.326.1655657311416; Sun, 19 Jun 2022 09:48:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655657311; cv=none; d=google.com; s=arc-20160816; b=BL7wmrPKAbW3EW5q2UvsAGN1mOxbunsX88U2kqZFaQPY7XqOYk7Lmkr6PV5+xZslwG l4Vf7btdDEKRBh8ZwOmplLcO15QoGt2n91O3HtgNkyrJOirCYmVbrMbgq81M3LubRhaN ww+mWNvDxh2ET+dEfAmMtK5Ai6z+9P6FYJPzZ8QU01BikPKrVV5UnZuIRXyRjblldzsD cafMuPk8LIaAKf2/FVTCw67TQX6DApic27LJNxXgWgqUlJVId9x9kQ1/C2Cta3f8mcuo eIY07aOZ3GQniPvDB+AlLvN7sXPyppccizoAVTjQYTxDkuiefYSjAO+QuUjSaU9hZzNT ZuxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ePp0XoVUrER47dSeu2uBgSWkJ1tmyR1DCxj/efV2n90=; b=dFBPU8vnNvVVitGINgbQpgh73Xh5PTZJmgNhUGNzUBcj17WbDX09zSbFx0rmNNTegZ BptgeqaOTUhu+IzQG5WoY7L97EDhn8911ja+Ynko/ihP2C3Giqvt6nQAXY1tAJV3LA0w m8v8lFzHBo8DtwL9DA929Nvf6bG3rd//4t1491QEW9oSWUsrvEBRbNO5ZfzGvbZx89OX dcHoE+u/C72ClzhL3L4gw8TKyeYdD7lZt1Vanq3L/NGHGpLMs/aiHgbBlTTNcbD520p2 im0cPqsnyX720nS1JvAVifL9Siu3q3WbHXcVIxju9FucbmP8UzSdpkBgk6yyczjt42rL PHYA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gh13-20020a1709073c0d00b00709f8689818si8658763ejc.627.2022.06.19.09.47.50; Sun, 19 Jun 2022 09:48:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234808AbiFSQoX convert rfc822-to-8bit (ORCPT + 99 others); Sun, 19 Jun 2022 12:44:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229490AbiFSQoX (ORCPT ); Sun, 19 Jun 2022 12:44:23 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AE91D113; Sun, 19 Jun 2022 09:44:21 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id E38071C0B8F; Sun, 19 Jun 2022 18:44:19 +0200 (CEST) Date: Sun, 19 Jun 2022 18:44:16 +0200 From: Pavel Machek To: "Jason A. Donenfeld" Cc: "Alex Xu (Hello71)" , Jann Horn , Dominik Brodowski , Guenter Roeck , Linus Torvalds , Theodore Ts'o , Linux Crypto Mailing List , LKML Subject: Re: [PATCH] random: allow writes to /dev/urandom to influence fast init Message-ID: <20220619164416.GA3362@bug> References: <20220322191436.110963-1-Jason@zx2c4.com> <1648009787.fah6dos6ya.none@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 8BIT In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi! > > Very much so, thanks again. What I take away from your results is: > > > > - RNDADDTOENTCNT is in active use in a safe way. Sure, RNDADDENTROPY > > is still much better, but RNDADDTOENTCNT isn't entirely broken in the > > above configurations either. > > - This patch would make RNDADDTOENTCNT unsafe for some of the above > > configurations in a way that it currently isn't unsafe. > > - Plenty of things are seeding the RNG correctly, and buildroot's > > shell script is just "doing it wrong". > > > > On that last point, I should reiterate that buildroot's shell script > > still isn't actually initializing the RNG, despite what it says in its > > echo; there's never been a way to initialize the RNG from a shell > > script, without calling out to various special purpose ioctl-aware > > binaries. > > Based on this, the fact that shell scripts cannot seed the RNG anyway, > and due to the hazards in trying to retrofit some heuristics onto an > interface that was never designed to work like this, I'm convinced at > this point that the right course of action here is to leave this > alone. There's no combination of /dev/urandom write hacks/heuristics > that do the right thing without creating some big problem elsewhere. > It just does not have the right semantics for it, and changing the > existing semantics will break existing users. > > In light of that conclusion, I'm going to work with every userspace > downstream I can find to help them fix their file-based seeding, if it > has bugs. I've started talking with the buildroot folks, and then I'll > speak with the OpenRC people (being a Gentoo dev, that should be easy > going). Systemd does the right thing already. > > I wrote a little utility for potential inclusion in > busybox/util-linux/whatever when it matures beyond its current age of > being half hour old: > - https://git.zx2c4.com/seedrng/about/ > - https://git.zx2c4.com/seedrng/tree/seedrng.c > So I'll see what the buildroot people think of this and take it from there. You could put it into the kernel into tools/ directory... Best regards, Pavel