From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by sourceware.org (Postfix) with ESMTPS id A002E385AE5E for ; Mon, 25 Jul 2022 13:58:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A002E385AE5E Received: by mail-wr1-f41.google.com with SMTP id bn9so5211066wrb.9 for ; Mon, 25 Jul 2022 06:58:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IhDDyub/tbS9mrMSZuLpshhTp0XVRGFWKnNd67pwL/o=; b=XWWosaEjZtS9bQXeZcMYpTaRy1X/So7Lj4zH/+kYxvHWp/h5+60UTvSGWGG7wNq3OZ rUOh0Th1WZIkEzUej4l5c8iONUBxzJpNsEAf0gHYFABdGPmyyVMPu4lHb1QulMKx6jWg 9QMyolcHJ/OlbpJ7pGDrJp7R13xkrKP1gzRPPFO0r6Qm9KFlLqmtDhMTtvDd4KhyxGT4 ud+Fa0zxULBYhY5vGWugZc99+nTwj+AZrCUUCxZGvUkZ+hXY+ZOi4EQRryU5Gh6CVZ7+ 5kn6awIqtVughanU9g8VkBUa1qq0umVDc0CHCuNZdYUWryPFDvXXy6KkSBffd22/XtvP kZnA== X-Gm-Message-State: AJIora8+t5HFJJAik+YOwFns5TNxhetEfTYpzz4JE47896jQj+alPoUG gZM0WMjUtU8wzR4+4ijVQRtGDXFdSTkA4kM3DXPwzw== X-Google-Smtp-Source: AGRyM1ucmXzAnxrh6tkvSEspV4vKUv9/ISjmDueRVf+T4RN93DsK1LhXWy6HyDxUXFAUgPDNy6l+GNPpZ+Tk8p04R+8= X-Received: by 2002:adf:e411:0:b0:21e:6315:80b8 with SMTP id g17-20020adfe411000000b0021e631580b8mr7840376wrm.219.1658757514541; Mon, 25 Jul 2022 06:58:34 -0700 (PDT) MIME-Version: 1.0 References: <87bktdsdrk.fsf@oldenburg.str.redhat.com> <87v8rlqscj.fsf@oldenburg.str.redhat.com> In-Reply-To: From: =?UTF-8?Q?Cristian_Rodr=C3=ADguez?= Date: Mon, 25 Jul 2022 09:58:23 -0400 Message-ID: Subject: Re: arc4random - are you sure we want these? To: "Jason A. Donenfeld" Cc: Florian Weimer , Yann Droneaud , jann@thejh.net, "Jason A. Donenfeld via Libc-alpha" , linux-crypto@vger.kernel.org, Michael@phoronix.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2022 13:58:36 -0000 On Mon, Jul 25, 2022 at 9:44 AM Jason A. Donenfeld via Libc-alpha wrote: > Or, if you insist on providing these functions t o d a y, and won't heed > my warnings about designing the APIs alongside the implementations, then > just make them thin wrappers over getrandom(0) *without* doing fancy > buffering, and then optimizations later can improve it. That would be > the incremental approach, which wouldn't harm potential users. It also > wouldn't shut the door on doing the buffering: if the kernel > optimization improvements go nowhere, and you decide it's a lost cause, > you can always change the way it works later, and make that decision > then. My 2CLP here if that matters..I agree with this sentiment/approach. provide this functions for source compat which all juist call getrandom and abort on failure *for now* and then a future iteration can have something done about the syscall overhead with kernel help.