lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Apr 2022 10:17:50 -0700 From: Kees Cook <keescook@...omium.org> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org, PaX Team <pageexec@...email.hu> Subject: Re: [PATCH v2] gcc-plugins: latent_entropy: use /dev/urandom On Tue, Apr 05, 2022 at 02:38:58PM +0200, Jason A. Donenfeld wrote: > Hi Kees, > > On 4/5/22, Kees Cook <keescook@...omium.org> wrote: > > On Tue, Apr 05, 2022 at 12:47:14AM +0200, Jason A. Donenfeld wrote: > >> On Mon, Apr 4, 2022 at 8:49 PM Kees Cook <keescook@...omium.org> wrote: > >> > This mixes two changes: the pRNG change and the "use urandom if > >> > non-deterministic" change. I think these should be split, so the pRNG > >> > change can be explicitly justified. > >> > >> Alright, I'll split those. Or, more probably, just drop the xorshift > >> thing. There's not actually a strong reason for preferring xorshift. I > >> did it because it produces more uniformity and is faster to compute and > >> all that. But none of that stuff actually matters here. It was just a > >> sort of "well I'm at it..." thing. > > > > Well, it's nice to have and you already wrote it, so seems a waste to > > just drop it. :) > > > >> > > static struct plugin_info latent_entropy_plugin_info = { > >> > > - .version = "201606141920vanilla", > >> > > + .version = "202203311920vanilla", > >> > > >> > This doesn't really need to be versioned. We can change this to just > >> > "vanilla", IMO. > >> > >> Okay. I suppose you want it to be in a different patch too, right? In > >> which case I'll leave it out and maybe get to it later. (I suppose one > >> probably needs to double check whether it's used for anything > >> interesting like dwarf debug info or whatever, where maybe it's > >> helpful?) > > > > Hm, I don't think it shows up anywhere, but you can just drop the hunk > > that touch it. I can remove them all with a separate patch later. > > > > Okay. That's what I did here > https://lore.kernel.org/lkml/20220404230709.124508-1-Jason@zx2c4.com/ > so awaiting your merge. (I still find all aspects of v2 more > preferable for a variety of weak reasons in case you'd like to merge > that instead, but v3 is available now.) v3 uses a different check for the -f option, though? Isn't that preferred over the v2 method? Also, I did some quick benchmarking, and any difference in runtime is completely lost in the noise, so that's good. -- Kees Cook
Powered by blists - more mailing lists