lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130924054532.GA24446@order.stressinduktion.org>
Date:	Tue, 24 Sep 2013 07:45:32 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Tom Herbert <therbert@...gle.com>, davem@...emloft.net,
	netdev@...r.kernel.org, jesse.brandeburg@...el.com
Subject: Re: [PATCH 1/2] net: Toeplitz library functions

On Mon, Sep 23, 2013 at 10:38:38PM -0700, Eric Dumazet wrote:
> On Tue, 2013-09-24 at 05:35 +0200, Hannes Frederic Sowa wrote:
> 
> > > build_ehash_secret builds up the data which seeds fragmentation ids, ephermal
> > > port randomization etc. Could we drop the check of sock->type? I guess the
> > > idea was that in-kernel sockets of type raw/udp do not seed the keys when no
> > > entropy is available?
> > 
> > Would this be better (I checked inet_ehash_secret, ipv6_hash_secret
> > and net_secret to actual get initialized)?
> > 
> 
> inet_ehash_secret is used only to make jhash() for tcp ehash, not for
> fragmentation ids or other uses (port randomization).
> 
> 
> > [PATCH] inet: initialize hash secret values on first non-kernel socket creation
> > 
> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> > ---
> 
> Why ? This looks buggy to me.

It does initialize the rest of the key values (net_secret_init), too:

258 void build_ehash_secret(void)
259 {
260         u32 rnd;
261 
262         do {
263                 get_random_bytes(&rnd, sizeof(rnd));
264         } while (rnd == 0);
265 
266         if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) {
267                 get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
268                 net_secret_init();
269         }
270 }

Maybe I overlooked something?

Thanks,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ