Hi,

On 7/1/26 12:54 AM, Demi Marie Obenour wrote:

That said, if the crypto_rng support is to remain, should it have a
non-empty allowlist for privileged processes?  Otherwise, it's dead code
with the default sysctl value.

For desktop users, it is indeed dead, but only if we can guarantee that they will never change the sysctl value to allow all algorithms.

So I'd probably do an enabled-by-default configuration option that takes away the option to enable all algorithms, and the RNG code in AF_ALG becomes conditional on that option.

I think that embedded systems will still use this code until a better alternative exists, so it's not entirely dead, and the best way to get rid of it is to build something better.

I'd love to see a vDSO based interface for all crypto operations that allows reusing the code in the kernel from userspace, avoids the system call overhead in the likely case that the CPU based implementation is also the most efficient, and allows for more flexibility with hardware interfaces (quite a few allow submission directly from unprivileged processes).

   Simon

Reply via email to