lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Mar 2014 16:36:26 -0700
From:	"H. Peter Anvin" <hpa@...ux.intel.com>
To:	Ted Ts'o <tytso@....edu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ingo Molnar <mingo@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>
Cc:	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Paul Mackerras <paulus@...ba.org>,
	Michael Ellerman <michael@...erman.id.au>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	"H. Peter Anvin" <hpa@...ux.intel.com>
Subject: [PATCH v2 0/4] RDSEED support for the Linux kernel

Upcoming Intel silicon adds a new RDSEED instruction.  Whereas RDRAND
returns output from a PRNG, the RDSEED instruction returns fully
conditioned entropy that is suitable for use as seeds to a PRNG.

This patchset adds support for RDSEED in the Linux kernel in three
places:

1. During bootup, use RDSEED to initialize the entropy pool if
   available (we already use RDRAND for this).  We don't add any
   credit at this point, but it will give much better starting point.

2. In the slow path to add_interrupt_randomness, executed once per
   second, we take a single RDSEED sample and mix it into the entropy
   pool, crediting it at 50% of its rated entropy.  This was suggested
   by Linus.

3. If we are about to block on /dev/random due to lack of entropy,
   attempt an "emergency pool refill" using RDSEED.

Changes since version 1:

a. Rebased on top of random.git:dev.
b. Unbreak the PowerPC build (I had managed to miss that PowerPC had
   grown archrandom.h support.)
c. Remove duplicate dummy function definitions in <linux/random.h>.
d. Add a fourth patch containing a microoptimization: avoid the loop
   in arch_random_refill() if arch_get_random_seed*() is unavailable.

Comments are, of course, appreciated.

Ted, if you are OK with this could you add this to random.git:dev so
linux-next can pick it up?

	-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ