lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220208150625.374191-1-Jason@zx2c4.com>
Date:   Tue,  8 Feb 2022 16:06:25 +0100
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org
Subject: [GIT PULL] random number generator fixes for 5.17-rc4

Hi Linus,

Please pull the following fixes for 5.17-rc4. This week's pull contains fixes
for the crypto ~vuln I mentioned last week. There are extensive details about
it and some simple PoC code in the commit message of the first patch if you're
curious.

Code-wise, the change is both insubstantial and substantial. It is
insubstantial in that we're talking about removing over 400 lines of old code,
many of which are outdated comments, and replacing them with less than 90
lines, so it's not "big" on the additive side.  On the other hand, it is a
substantial change, as it's doing away with the heart of our entropy collector
that we've had in one form or another forever. It would seem fitting with the
times that we're able to replace gobs of old stuff from the 90s with a boring
cryptographic hash function.

Given that these fixes are for a security issue (albeit a probably relatively
low grade one), sending this mid-cycle feels like the "responsible" thing to
do, and 5.17 will resultantly have a more secure RNG. However, I also would
understand that, diffstat not withstanding, you think this is a bit much and
want to reject this pull until 5.18. Either way works for me, though I
naturally lean heavily toward the former, hence making this pull request in
the first place.

Thanks,
Jason


The following changes since commit dfd42facf1e4ada021b939b4e19c935dcdd55566:

  Linux 5.17-rc3 (2022-02-06 12:20:50 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git tags/random-5.17-rc4-for-linus

for you to fetch changes up to 966038a49e2b31ff9aa86862295be3915c51dbdd:

  random: make credit_entropy_bits() always safe (2022-02-08 11:53:05 +0100)

----------------------------------------------------------------
Jason A. Donenfeld (5):
      random: use computational hash for entropy extraction
      random: simplify entropy debiting
      random: use linear min-entropy accumulation crediting
      random: always wake up entropy writers after extraction
      random: make credit_entropy_bits() always safe

 drivers/char/random.c         | 499 +++++++-----------------------------------
 include/trace/events/random.h |  30 +--
 2 files changed, 86 insertions(+), 443 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ