Re: [PATCH v24 00/12] /dev/random - a new approach with full SP800-90B compliance
From: Stephan Müller
Date: Tue Nov 12 2019 - 17:45:10 EST
Am Dienstag, 12. November 2019, 14:23:10 CET schrieb Florian Weimer:
Hi Florian,
> * Stephan Müller:
> > * support deactivation of TRNG (i.e. blocking behavior of /dev/random)
> >
> > at compile time. If deactivated, /dev/random behaves like
> > getrandom(2).
>
> I don't quite understand this comment. Doesn't getrandom with the
> GRND_RANDOM always behave like /dev/random? Presumably, without the
> TRNG tap, the GRND_RANDOM flag for getrandom is ignored, and reading
> from /dev/random behaves like reading from /dev/urandom.
Absolutely. Apologies for the imprecision here. I will correct that.
The idea is that the constant blocking behavior of /dev/random and GRND_RANDOM
is replaced with the blocking behavior of getrandom(2) without the GRND_RANDOM
flag (i.e. the interface waits until the LRNG thinks it is completely seeded
before it provides ulimited data).
>
> Anyway, reading the accompanying PDF, this looks rather impressive:
> the userspace bootstrapping problem is gone (the issue where waiting
> for more entropy prevents the collection of more entropy), *and* we
> can still make the standards people happy.
>
> (Replying from my other account due to mail issues, sorry.)
Ciao
Stephan