lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20131215020103.GC27191@athena.dialup.mit.edu>
Date:	Sat, 14 Dec 2013 21:01:03 -0500
From:	Greg Price <price@....EDU>
To:	"Theodore Ts'o" <tytso@....edu>
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH 03/14] random: reserve for /dev/random only once /dev/urandom
 seeded

Early in boot, we really want to make sure the nonblocking pool (for
/dev/urandom and the kernel's own use) gets an adequate amount of
entropy ASAP.  Anyone reading /dev/random is prepared to wait
potentially a long time anyway, so delaying them a little bit more at
boot until /dev/urandom is seeded is no big deal.  This logic still
ensures that /dev/random readers won't starve indefinitely.

At present most input goes directly to the nonblocking pool early on
anyway, but this helps put us in a position to change that.

Signed-off-by: Greg Price <price@....edu>
---
 drivers/char/random.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 92d9f6862..bf7fedadd 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -923,19 +923,21 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
 static void _xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
 {
 	__u32 tmp[OUTPUT_POOL_WORDS];
-	int bytes, min_bytes;
-
-	/* For /dev/random's pool, always leave two wakeups' worth */
-	int rsvd_bytes = r->limit ? 0 : random_read_wakeup_bits / 4;
+	int bytes, min_bytes, reserved_bytes;
 
 	/* pull at least as much as a wakeup */
 	min_bytes = random_read_wakeup_bits / 8;
 	/* but never more than the buffer size */
 	bytes = min(sizeof(tmp), max_t(size_t, min_bytes, nbytes));
 
+	/* reserve some for /dev/random's pool, unless we really need it */
+	reserved_bytes = 0;
+	if (!r->limit && r->initialized)
+		reserved_bytes = 2 * (random_read_wakeup_bits / 8);
+
 	trace_xfer_secondary_pool(r->name, bytes * 8, nbytes * 8,
 				  ENTROPY_BITS(r), ENTROPY_BITS(r->pull));
-	bytes = extract_entropy(r->pull, tmp, bytes, min_bytes, rsvd_bytes);
+	bytes = extract_entropy(r->pull, tmp, bytes, min_bytes, reserved_bytes);
 	mix_pool_bytes(r, tmp, bytes, NULL);
 	credit_entropy_bits(r, bytes*8);
 }
-- 
1.8.3.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ