From owner-freebsd-bugs@freebsd.org Fri Oct 6 00:45:03 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F3DBE100F6 for ; Fri, 6 Oct 2017 00:45:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2D516684CB for ; Fri, 6 Oct 2017 00:45:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v960j3Of028031 for ; Fri, 6 Oct 2017 00:45:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 222807] PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements Date: Fri, 06 Oct 2017 00:45:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: badfilemagic@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2017 00:45:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222807 Bug ID: 222807 Summary: PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: badfilemagic@gmail.com Created attachment 186932 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D186932&action= =3Dedit patche that enable "pure" entropy sources such as RDRND to actually be mixed At vBSDCon, JMG and I co-presented a talk on an entropy analysis and audit = on /dev/random that we conducted out of mutual interest. In the course of our work, we found the following: * so-called "PURE" sources of entropy, such as RDRND on Intel chips, are harvested however the results of the harvest are never mixed in due to the harvest mask bit never being set, with no way to set it. * Conducting an SP800-90B entropy analysis on the non-IID track for non-whitened entropy (the data fed into randomdev_hash_iterate, essentially= ), min-entropy is rather low because of a) the trng sources weren't being mixe= d, and b) there is a lot of repeat and predictable garbage that is of no value= in the harvest_event structure, especially for events with only 4 bytes worth = of data from their source in the he_entropy field. Attached are patches which correct these two issues. They are from work done downstream with the HardenedBSD team and have been tested. --=20 You are receiving this mail because: You are the assignee for the bug.=