| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2019 07:16:28 +0000
From: Bernd Edlinger <bernd.edlinger@...mail.de>
To: "Theodore Y. Ts'o" <tytso@....edu>, Arnd Bergmann <arnd@...db.de>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCHv4] random: Make /dev/random wait for input_pool
initialized
> @@ -1826,7 +1830,9 @@ _random_read(int nonblock, char __user *buf, size_t nbytes)
>
> nbytes = min_t(size_t, nbytes, SEC_XFER_SIZE);
> while (1) {
> - n = extract_entropy_user(&blocking_pool, buf, nbytes);
> + n = input_pool.initialized
> + ? extract_entropy_user(&blocking_pool, buf, nbytes)
Aehm, sorry, now I see this creates a race condition with this code here, since
this the crng_reseed here also tries to read from the input_pool,
but input_pool.initialized is already true:
if (crng_init < 2 && entropy_bits >= 128) {
crng_reseed(&primary_crng, r);
entropy_bits = r->entropy_count >> ENTROPY_SHIFT;
I was able to get a system in this behavior by running 3 instances of
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
int main()
{
int f = open("/dev/random", O_NDELAY);
if (f<0) return 1;
for(;;)
{
unsigned char buf[16];
int x = read(f, buf, sizeof(buf));
if (x>=0)
{
int i;
printf("read %d bytes: ", x);
for (i=0; i<x; i++) printf("%02x ", buf[i]);
printf("\n");
}
}
}
and it managed to steal the entropy away,
before the crng_reseed was able to run.
So I think I will have to change this condition to:
> + n = input_pool.initialized && crng_ready()
> + ? extract_entropy_user(&blocking_pool, buf, nbytes)
Thanks (for your patience :-)
Bernd.
Powered by blists - more mailing lists