lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20170626233038.GA48751@beast>
Date:   Mon, 26 Jun 2017 16:30:38 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Theodore Ts'o <tytso@....edu>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jessica Yu <jeyu@...hat.com>,
        "Steven Rostedt (VMware)" <rostedt@...dmis.org>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        Tejun Heo <tj@...nel.org>, Prarit Bhargava <prarit@...hat.com>,
        Lokesh Vutla <lokeshvutla@...com>,
        Nicholas Piggin <npiggin@...il.com>,
        AKASHI Takahiro <takahiro.akashi@...aro.org>,
        kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org
Subject: [PATCH] random: Do not ignore early device randomness

The add_device_randomness() function would ignore incoming bytes if the
crng wasn't ready. This additionally makes sure to make an early enough
call to add_latent_entropy() to influence the initial stack canary, which
is especially important on non-x86 systems where it stays the same through
the life of the boot.

Signed-off-by: Kees Cook <keescook@...omium.org>
---
 drivers/char/random.c | 5 +++++
 init/main.c           | 1 +
 2 files changed, 6 insertions(+)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01a260f67437..23cab7a8c1c1 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -987,6 +987,11 @@ void add_device_randomness(const void *buf, unsigned int size)
 	unsigned long time = random_get_entropy() ^ jiffies;
 	unsigned long flags;
 
+	if (!crng_ready()) {
+		crng_fast_load(buf, size);
+		return;
+	}
+
 	trace_add_device_randomness(size, _RET_IP_);
 	spin_lock_irqsave(&input_pool.lock, flags);
 	_mix_pool_bytes(&input_pool, buf, size);
diff --git a/init/main.c b/init/main.c
index f866510472d7..6b2c3ab7d76b 100644
--- a/init/main.c
+++ b/init/main.c
@@ -497,6 +497,7 @@ asmlinkage __visible void __init start_kernel(void)
 	/*
 	 * Set up the initial canary ASAP:
 	 */
+	add_latent_entropy();
 	boot_init_stack_canary();
 
 	cgroup_init_early();
-- 
2.7.4


-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ