lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YfOVHnM+cfIw1Ii7@owl.dominikbrodowski.net>
Date:   Fri, 28 Jan 2022 08:02:54 +0100
From:   Dominik Brodowski <linux@...inikbrodowski.net>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
        "Jason A . Donenfeld" <Jason@...c4.com>
Subject: [PATCH v2 6/6] hw_random: credit entropy for low quality sources of
 randomness

In case the entropy quality is low, there may be less than one bit to
credit in the call to add_hwgenerator_randomness(): The number of bytes
returned by rng_get_data() multiplied by the current quality (in entropy
bits per 1024 bits of input) must be larger than 128 to credit at least
one bit. However, imx-rngc.c sets the quality to 19, but may return less
than 32 bytes; hid_u2fzero.c sets the quality to 1; and users may override
the quality setting manually.

In case there is less than one bit to credit, keep track of it and add
that credit to the next iteration.

Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Jason A. Donenfeld <Jason@...c4.com>
Signed-off-by: Dominik Brodowski <linux@...inikbrodowski.net>
---
 drivers/char/hw_random/core.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

This patch needed an update, as noted by the kernel test robot: the
initialiation of entropy_credit = 0 must be outside the loop.

That's the only change between v1 and v2 of this patch. The other five
patches sent earlier do not (yet?) need an update.

diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index bc9f95cbac92..f327f7493585 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -424,6 +424,7 @@ static int __init register_miscdev(void)
 
 static int hwrng_fillfn(void *unused)
 {
+	size_t entropy, entropy_credit = 0; /* in 1/1024 of a bit */
 	long rc;
 
 	while (!kthread_should_stop()) {
@@ -445,9 +446,17 @@ static int hwrng_fillfn(void *unused)
 			msleep_interruptible(10000);
 			continue;
 		}
+
+		/* If we cannot credit at least one bit of entropy,
+		 * keep track of the remainder for the next iteration
+		 */
+		entropy = rc * current_quality * 8 + entropy_credit;
+		if ((entropy >> 10) == 0)
+			entropy_credit = entropy;
+
 		/* Outside lock, sure, but y'know: randomness. */
 		add_hwgenerator_randomness((void *)rng_fillbuf, rc,
-					   rc * current_quality * 8 >> 10);
+					   entropy >> 10);
 	}
 	hwrng_fill = NULL;
 	return 0;
-- 
2.35.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ