| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Oct 2020 21:46:18 +0200 From: Willy Tarreau <w@....eu> To: unlisted-recipients:; (no To-header on input) Cc: linux-kernel@...r.kernel.org, Willy Tarreau <w@....eu> Subject: [PATCH v4 0/3] random32: make prandom_u32() less predictable This is the cleanup of the latest series of prandom_u32 experimentations consisting in using SipHash instead of Tausworthe to produce the randoms used by the network stack. The changes to the files were kept minimal, and the controversial commit that used to take noise from the fast_pool (f227e3ec3b5c) was reverted. Instead, a dedicated "net_rand_noise" per_cpu variable is fed from various sources of activities (networking, scheduling) to perturb the SipHash state using fast, non-trivially predictable data, instead of keeping it fully deterministic. The goal is essentially to make any occasional memory leakage or brute-force attempt useless. The resulting code was verified to be very slightly faster on x86_64 than what is was with the controversial commit above, though this remains barely above measurement noise. It was also tested on i386 and arm, and build- tested only on arm64. The whole discussion around this is archived here: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/ The code is also available for you to pull at: git://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/prandom.git tags/20201024-v4-5.10 --- v4: - access noise using raw_cpu_read() instead of this_cpu_read() - fixed build with CONFIG_RANDOM32_SELFTEST - added a selftest for the prandom32 code v3: This v3 is a rebase on top of 5.9-final, and switches __this_cpu_read() for this_cpu_read() to address a crash on i386+SMP+PREEMPT reported by LKP. Nothing else was changed. George Spelvin (1): random32: make prandom_u32() output unpredictable Willy Tarreau (2): random32: add noise from network and scheduling activity random32: add a selftest for the prandom32 code drivers/char/random.c | 1 - include/linux/prandom.h | 55 ++++- kernel/time/timer.c | 9 +- lib/random32.c | 525 ++++++++++++++++++++++++++-------------- net/core/dev.c | 4 + 5 files changed, 404 insertions(+), 190 deletions(-) -- 2.28.0
Powered by blists - more mailing lists