lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1494430839.8189.22.camel@nxp.com>
Date:   Wed, 10 May 2017 15:40:40 +0000
From:   Octavian Purdila <octavian.purdila@....com>
To:     "smueller@...onox.de" <smueller@...onox.de>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: jitterentropy init test failure on ARMv7 with gcc 6.2

Hi Stephan,

Recently I started seeing the following on some of our ARMv7 boards
(IMX7D):

jitterentropy: Initialization failed with host not compliant with
requirements: 2

and I traced this to the followin init test:

	lowdelta = time2 - time;
	if (!(lowdelta % 100))
		count_mod++;
	...
        /*
         * Ensure that we have variations in the time stamp below 10
	 * for at least 10% of all checks -- on some platforms, the
	 * counter increments in multiples of 100, but not always.
         */
	if ((TESTLOOPCOUNT/10 * 9) < count_mod)
		return JENT_ECOARSETIME;

Digging deeper, I've noticed that the delta between the timestamp is
almost always constant. With the gcc 4.9 it is 102 but with gcc 6.2 it
is 100 and this is the reason the above test fails.

Running a tight loop and measuring the delta in between shows that the
timestamp counter increments with a fairly low value of 7 (it looks
like random_get_entropy() is used and that it is defined to
get_cycles()). 

So the reason is not that the counter increments in multiples of 100,
but that the time to run jent_fold_time() is constant during the
initialization tests. Further analyzing it, it looks like
jent_fold_time() is called with a constant loop count of 1 which would
explain why the delta is constant.

At this point, I am not sure that the test above is correct. Am I
missing something?

Thanks,
Tavi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ