| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 16:48:14 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
Stephen Boyd <swboyd@...omium.org>,
Russell King <linux@...linux.org.uk>,
Arnd Bergmann <arnd@...db.de>,
Phil Elwell <phil@...pberrypi.com>
Subject: Re: [PATCH] random: defer use of bootloader randomness to
random_init()
Hi Ard,
On Tue, Jun 07, 2022 at 04:19:26PM +0200, Ard Biesheuvel wrote:
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/random.h>
>
> static unsigned char buf[16];
>
> int main(void)
> {
> for (int i = 0; i < 1000000; i++) {
> if (getrandom(buf, sizeof(buf),
> GRND_RANDOM | GRND_NONBLOCK) < sizeof(buf)) {
> fprintf(stderr, "getrandom() error!\n");
> exit(-1);
> }
> }
> return 0;
> }
I'm actually more worried about the random input flow than the random
output flow and branch misprediction. But more generally, I'd just like
to keep that code as cold as possible after crng init. It's code that's
only used in that one phase and then never again. It can be entirely
disabled.
Anyway, we've got a few solutions now to pick from on the random.c side
of things. I'm going to investigate the arm32 situation next. And then
we'll see what it all looks like.
Jason
Powered by blists - more mailing lists