Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2712760imi; Mon, 25 Jul 2022 06:27:15 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sJvZmFqDkoYD+pa/xHNyqKg9oWqjWSDCjL7iVIaY6KOzESPFM7roRQ//wVTOvAkcSAYBMa X-Received: by 2002:aa7:ccd6:0:b0:43b:c2de:da04 with SMTP id y22-20020aa7ccd6000000b0043bc2deda04mr13109172edt.393.1658755635108; Mon, 25 Jul 2022 06:27:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658755635; cv=none; d=google.com; s=arc-20160816; b=l/VX0LJ2dCDO1mx3QAnwYssUZTgesswoCUL7sl/V4kiBrCkV/F0gVwlqOBgHGHGpOo nNzwLdC0bHpYTVx5mnzIfYD4RVQI3di4iJMz3h1MNSTShFcYnV6zd0KIRfFdHwTIsU2Z HYtyQdpMWQDblnBwwKmfTkB/RoYAgSIjBSOjn/XyB4uaNCa8H1cIAfdsIc6uEOWndOkM JnIChxt1t8zxysQnq6Ngz+bvfi8/FqQaFYsurUGunte3bYYGWRJZoyTUZJHIbXf8mz0u WyVpFctJIvmJwx8Emvvt6VHn7tYa8z9Sy9eRX8MAnEF1fhKF+DCVfWBztYLm+rmFKB1R CVyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:reply-to :in-reply-to:references:mime-version:dkim-signature; bh=ub7Jm7xVeiVXdiE/MTDklMnRqIlrehUSb1rrC7mzHfo=; b=EOKpmlPYysqsGhXt9+7XJYyzdUv5h3jiScLliPw8ytkJzWxkZBAAkMJT2+gxvtNk+t QjV0wsnm/sUQ0XSpoGJEBiutK4MSTpa/DvfI3v2dotkBUbIDEpqNcm5+rKMqokpB5cJs T/aNfwaFiv4sLOTw/E+Lh/g11EI3z4pblQ9/Imf15fsilWkChjc0stoZob4UP/g2s50g LpVbo9LyZzTOn4HzrhPHDoOD38ONdJXw7NdtNzbpW3cdwJPcr6UdBknvXWC1fvwsMfii XtmxH8H7AB2UlPfz8WIc+ZEMTtpmZo2lY0vo7TSyYN+wUrcbAwZ1RJq0ehE3YB/2AkpG kK6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=RG2zPm2u; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ne35-20020a1709077ba300b0072eff8bb1easi14148558ejc.672.2022.07.25.06.26.48; Mon, 25 Jul 2022 06:27:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=RG2zPm2u; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235503AbiGYN0M (ORCPT + 99 others); Mon, 25 Jul 2022 09:26:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235507AbiGYN0L (ORCPT ); Mon, 25 Jul 2022 09:26:11 -0400 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA517614F for ; Mon, 25 Jul 2022 06:26:10 -0700 (PDT) Received: by mail-pj1-x102c.google.com with SMTP id b10so10449754pjq.5 for ; Mon, 25 Jul 2022 06:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=ub7Jm7xVeiVXdiE/MTDklMnRqIlrehUSb1rrC7mzHfo=; b=RG2zPm2uLQgLXDwYaVDd//S7cD5Bjp73KEE5wHGg9ilTe7Z0Os5soDHzC957UhL2ux /ZNfb9t/SLTRoEtvRs/W1QhQYsEVII53L8oGjO4tZvP2FOj2zoyElmU5YxbH+gaDvzPF zVjdnblMgUU1EQBbuWrcjcyn+Hz66oNU4W4ydYw0HyKBlO1fDTwqARYZXGkTnnmoI/2i u4t9T7GO4h9ZIUKgoV9BfMVV9rYhXltnQRzAtHsfrvhS0zkNaICJJRWewsIP5+L8XUAy MGGbtUvQG1hMUns0AOBlW2BOgrLozP6R4hYDWKbQZ1SlTEsg4kD7WLKvM8aOyeO42oXs m9YQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ub7Jm7xVeiVXdiE/MTDklMnRqIlrehUSb1rrC7mzHfo=; b=Jvoo6bEWwSyFHnvVx+KYhHgGG8WHSWV2gUMUPCOgg7/9b7WRcQw9EeZ0qyQXDh+FAA co3zu+sCFzugYiAfSctYar8GxUFpw81/jm0XVsGGyf6nF0Yo9Jvhud3CD4l3HL7UULb+ WRr9ZNzhPmoWrXP1X+yez0D64jUtLcXUCNAvmzND0rD6D9lC9psRq1EKPuAQggX3Ap60 TpAxHBXDiP2IhXn1ngGkF8mcmhu0x9Isfse4ayOTkVnqx8MufzQUEGkjLBiYPDpXFXPB 1Lg8VCnHWC+jJClZNBILJtWHP/iX5PYIAJTXfWUJe22s9qqRbfefBDN1j5qsXKANz531 awTA== X-Gm-Message-State: AJIora/yQH8lwk6vQlU+PfKTVG+WZUCGyiZpxxubeITIfg3LDYk8bJNP JyB2bnS5eNxoCzp2PLcBrjBRmTlwH2gKHhWlzWJQfmel X-Received: by 2002:a17:90b:4aca:b0:1f0:3395:6432 with SMTP id mh10-20020a17090b4aca00b001f033956432mr31308778pjb.19.1658755570298; Mon, 25 Jul 2022 06:26:10 -0700 (PDT) MIME-Version: 1.0 References: <87bktdsdrk.fsf@oldenburg.str.redhat.com> In-Reply-To: Reply-To: noloader@gmail.com From: Jeffrey Walton Date: Mon, 25 Jul 2022 09:25:58 -0400 Message-ID: Subject: Re: arc4random - are you sure we want these? To: "Jason A. Donenfeld" Cc: Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 25, 2022 at 7:08 AM Jason A. Donenfeld wrote: > ... > > The performance numbers suggest that we benefit from buffering in user > > space. > > The question is whether it's safe and advisable to buffer this way in > userspace. Does userspace have the right information now of when to > discard the buffer and get a new one? I suspect it does not. I _think_ the sharp edge on userspace buffering is generator state. Most generator threat models I have seen assume the attacker does not know the generator's state. If buffering occurs in the application, then it may be easier for an attacker to learn of the generator's state. If buffering occurs in the kernel, then generator state should be private from an userspace application's view. Jeff