lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 11 May 2017 03:53:55 +0200
From:   Stephan Müller <smueller@...onox.de>
To:     Octavian Purdila <octavian.purdila@....com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: jitterentropy init test failure on ARMv7 with gcc 6.2

Am Mittwoch, 10. Mai 2017, 17:40:40 CEST schrieb Octavian Purdila:

Hi Octavian,

> Hi Stephan,
> 
> Recently I started seeing the following on some of our ARMv7 boards
> (IMX7D):
> 
> jitterentropy: Initialization failed with host not compliant with
> requirements: 2
> 
> and I traced this to the followin init test:
> 
> 	lowdelta = time2 - time;
> 	if (!(lowdelta % 100))
> 		count_mod++;
> 	...
>         /*
>          * Ensure that we have variations in the time stamp below 10
> 	 * for at least 10% of all checks -- on some platforms, the
> 	 * counter increments in multiples of 100, but not always.
>          */
> 	if ((TESTLOOPCOUNT/10 * 9) < count_mod)
> 		return JENT_ECOARSETIME;
> 
> Digging deeper, I've noticed that the delta between the timestamp is
> almost always constant. With the gcc 4.9 it is 102 but with gcc 6.2 it
> is 100 and this is the reason the above test fails.
> 
> Running a tight loop and measuring the delta in between shows that the
> timestamp counter increments with a fairly low value of 7 (it looks
> like random_get_entropy() is used and that it is defined to
> get_cycles()). 
> 
> So the reason is not that the counter increments in multiples of 100,
> but that the time to run jent_fold_time() is constant during the
> initialization tests. Further analyzing it, it looks like
> jent_fold_time() is called with a constant loop count of 1 which would
> explain why the delta is constant.
> 
> At this point, I am not sure that the test above is correct. Am I
> missing something?

Based on your description, the above test is very much correct. The inital 
self test code determined that the timer is too coarse to be used for the RNG. 
Thus, the RNG will not produce enough or any entropy on this hardware. This 
ultimately means that the RNG shall not be used. With the indicated error, the 
RNG is not allocated and thus not usable on your system.

Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ