Am Mittwoch, 27. Oktober 2021, 10:40:12 CEST schrieb Nicolai Stange: Hi Nicolai, > Hi Stephan, > > first of all, many thanks for your prompt review! > > Stephan Müller <smueller@xxxxxxxxxx> writes: > > Am Montag, 25. Oktober 2021, 11:25:19 CEST schrieb Nicolai Stange: > >> - Replace the asynchronous random_ready_callback based DRBG reseeding > >> > >> logic with a synchronous solution leveraging rng_is_initialized(). > > > > Could you please help me why replacing an async method with a sync method > > is helpful? Which problems do you see with the async method that are > > alleviated with the swtich to the sync method? In general, an async > > method is more powerful, though it requires a bit more code. > > There is no problem with the async method (*), I just don't see any > advantage over the less complex approach of doing all reseeding > work synchronously from drbg_generate(). > > Before the change, there had been two sites taking care of reseeding: > the drbg_async_seed() work handler scheduled from the > random_ready_callback and drbg_generate(). > > After the change, all reseeding is handled at a single place only, namely > drbg_generate(), which, in my opinion, makes it easier to reason about. > In particular, in preparation for patch 6/6 from this series introducing > yet another condition for triggering a reseed... That makes sense. Thanks for clarifying. Ciao Stephan > > Thanks, > > Nicolai > > (*) Except for that a wait_for_random_bytes() issued by DRBG users won't > give any guarantees with respect to a subsequent drbg_generate() > operation, c.f. my other mail in reply to your review on 3/6 I'm > about to write in a second. As of now, there aren't any DRBG users > invoking wait_for_random_bytes(), but one might perhaps consider > changing that in the future. > > >> This > >> move simplifies the code IMO and, as a side-effect, would enable DRBG > >> users to rely on wait_for_random_bytes() to sync properly with > >> drbg_generate(), if desired. Implemented by patches 1-5/6. > >> > >> - Make the 'nopr' DRBGs to reseed themselves every 5min from > >> > >> get_random_bytes(). This achieves at least kind of a partial prediction > >> resistance over the time domain at almost no extra cost. Implemented > >> by patch 6/6, the preceding patches in this series are a prerequisite > >> for this. Ciao Stephan
