Re: getrandom and getentropy

[nia <nia%NetBSD.org@localhost>]

On Tue, May 12, 2020 at 11:18:02AM -0400, Terry Moore wrote:
> A useful definition requires that third-party code will not have surprising
> security defects compared to their operation on other operating systems.

There are other concerns for whether third party code works well..

I'll just copy what I said on IRC.

<nia> we really have two modes of operation now, never blocking with
('good') HWRNG, and blocking forever on first boot without HWRNG, but
never blocking otherwise (providing there's a seed file on-disk)

<nia> applications that do getrandom(0) are either gonna work just as
if they'd used kern.arandom, or never work until the sysadmin does some
bull**** intervention (write a byte to /dev/random)

<Riastradh> That's why if we provide the name getentropy I think
implementing it as may-block would run counter to general expectations...

<nia> right, other kernels that block include way more samples as valid
entropy than NetBSD does

<nia> from what you've said their criteria for unblocking might be
completely borked

But, it's time for core@ to be locked in a room until a decision is
reached...