lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 9 Nov 2013 05:47:24 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>
Subject: Re: [RFC] tcp: randomize TCP source ports

On Fri, Nov 08, 2013 at 07:11:18AM -0800, Eric Dumazet wrote:
> On Fri, 2013-11-08 at 15:28 +0100, Hannes Frederic Sowa wrote:
> 
> > What do you think about using a timer to keep the reseed out of fast-path
> > and switch to the non-arch get_random_bytes instead?
> 
> Well, the initial seed value is get_random_bytes(). I felt that using a
> xor with the _arch() version would be safe enough.
> 
> For the timer, I do not think its worth the pain : Do you want a per cpu
> timer, or a global one ?

This untested diff came to my mind (it is based on the random tree). I
actually consider to propose something like this for 3.13. UDP port
randomization is really critical.

In 3.14 timeframe I suggest abandon net_random and use prandom_u32
directly so code gets easier to audit.

Would it hurt to use "proper" get_random_byte calls for port randomization?

diff --git a/drivers/char/random.c b/drivers/char/random.c
index cdf4cfb..e9d0136 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -657,9 +657,11 @@ retry:
 	r->entropy_total += nbits;
 	if (!r->initialized && nbits > 0) {
 		if (r->entropy_total > 128) {
-			if (r == &nonblocking_pool)
+			if (r == &nonblocking_pool) {
 				pr_notice("random: %s pool is initialized\n",
 					  r->name);
+				prandom_reseed();
+			}
 			r->initialized = 1;
 			r->entropy_total = 0;
 		}
diff --git a/include/linux/random.h b/include/linux/random.h
index 6312dd9..4f878c0 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -29,6 +29,7 @@ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned l
 u32 prandom_u32(void);
 void prandom_bytes(void *buf, int nbytes);
 void prandom_seed(u32 seed);
+void prandom_reseed(void);
 
 u32 prandom_u32_state(struct rnd_state *);
 void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
diff --git a/lib/random32.c b/lib/random32.c
index 52280d5..1ee611f 100644
--- a/lib/random32.c
+++ b/lib/random32.c
@@ -174,11 +174,31 @@ static int __init prandom_init(void)
 }
 core_initcall(prandom_init);
 
+static void __prandom_timer(unsigned long dontcare);
+static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0);
+
+static void __prandom_timer(unsigned long dontcare)
+{
+	u32 entropy;
+	get_random_bytes(&entropy, sizeof(entropy));
+	prandom_seed(entropy);
+	seed_timer.expires = jiffies + 60 * HZ;
+	add_timer(&seed_timer);
+}
+
+static int prandom_start_seed_timer(void)
+{
+	seed_timer.expires = jiffies + 60 * HZ;
+	add_timer(&seed_timer);
+	return 0;
+}
+late_initcall(prandom_start_seed_timer);
+
 /*
  *	Generate better values after random number generator
  *	is fully initialized.
  */
-static int __init prandom_reseed(void)
+void prandom_reseed(void)
 {
 	int i;
 
@@ -196,4 +216,3 @@ static int __init prandom_reseed(void)
 	}
 	return 0;
 }
-late_initcall(prandom_reseed);

Greetings,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists