lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 18 Aug 2016 13:19:59 +0100
From:	Daniel Thompson <daniel.thompson@...aro.org>
To:	LABBE Corentin <clabbe.montjoie@...il.com>,
	PrasannaKumar Muralidharan <prasannatsmkumar@...il.com>
Cc:	mpm@...enic.com, Herbert Xu <herbert@...dor.apana.org.au>,
	robh+dt@...nel.org, mark.rutland@....com,
	Ralf Baechle <ralf@...ux-mips.org>, davem@...emloft.net,
	geert@...ux-m68k.org, Andrew Morton <akpm@...ux-foundation.org>,
	Greg KH <gregkh@...uxfoundation.org>, mchehab@...nel.org,
	Guenter Roeck <linux@...ck-us.net>,
	boris.brezillon@...e-electrons.com, harvey.hunt@...tec.com,
	alex.smith@...tec.com, Lee Jones <lee.jones@...aro.org>,
	Florian Fainelli <f.fainelli@...il.com>,
	kieran@...uared.org.uk, Krzysztof Kozlowski <krzk@...nel.org>,
	joshua.henderson@...rochip.com, yendapally.reddy@...adcom.com,
	narmstrong@...libre.com, wangkefeng.wang@...wei.com,
	Christian Lamparter <chunkeey@...glemail.com>,
	Álvaro Fernández Rojas <noltari@...il.com>,
	Linus Walleij <linus.walleij@...aro.org>, pankaj.dev@...com,
	Mathieu Poirier <mathieu.poirier@...aro.org>,
	linux-crypto@...r.kernel.org, devicetree@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-mips@...ux-mips.org
Subject: Re: [PATCH] Add Ingenic JZ4780 hardware RNG driver

On 18/08/16 12:53, LABBE Corentin wrote:
> On Thu, Aug 18, 2016 at 10:44:18AM +0530, PrasannaKumar Muralidharan wrote:
>>>> +static int jz4780_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait)
>>>> +{
>>>> +     struct jz4780_rng *jz4780_rng = container_of(rng, struct jz4780_rng,
>>>> +                                                     rng);
>>>> +     u32 *data = buf;
>>>> +     *data = jz4780_rng_readl(jz4780_rng, REG_RNG_DATA);
>>>> +     return 4;
>>>> +}
>>>
>>> If max is less than 4, its bad
>>
>> Data will be 4 bytes.
>>
>
> No, according to comment in include/linux/hw_random.h "drivers can fill up to max bytes of data"
> So you cannot write more than max bytes without risking buffer overflow.
>
> And if max > 4, hwrng client need to recall your read function.
> The better example I found is tpm_get_random() in drivers/char/tpm/tpm-interface.c for handling both problem.

Right now the core code will never actually ask a RNG driver for <4 
bytes so perhaps it would be better to update the comment in 
include/linux/hw_random.h !

For devices with 32-bit RNG registers the extra code to handle a special 
case that doesn't actually exist is a waste.

There are 14 drivers in drivers/char/hw_random that support the ->read() 
interface but only three of these actually support max == 1 (existing 
accepted behavior varies between return 0, return 2, return 4 and return 
-EIO).


Daniel.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ