From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 24 17:41:23 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D6FF106566B for ; Thu, 24 Dec 2009 17:41:23 +0000 (UTC) (envelope-from graphov@gmail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id CC5518FC0C for ; Thu, 24 Dec 2009 17:41:22 +0000 (UTC) Received: by ewy26 with SMTP id 26so4981899ewy.3 for ; Thu, 24 Dec 2009 09:41:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=BV8HETjDCuyGEDfUQEe4oswft7QvInBhw5pqi9c8CB0=; b=ASShR/BCHJlI/oFh24ANSyrx9hSK9iHyWp9zGe+yf7yOWjL8o3PnFntgV7ahEXWH1x ts3+faP16W9d7P76WwbDQ8qY1bUZ17TECWS+fLgb+RtVORy9TkhatJ47CWUkqHkeDh/P /vleEWFSmRaVTPrpx9v0n3U+e+XZj8eqim/lk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GS/tqW6mEu27lX+hfN+PuaVFO6zEH0gWwyGmIH8pP43h+C69HTcb324ayaz4wjeKDd kfRFiJNSPLOk01MG5BgJTtWLts/hNXDXcvswVnSDbGtwUqclFkhXvkXKYXqlyfMP4JRr QTfhlwtd/7EPnxK6CABLZLb1IRdSq5ux6cJzM= MIME-Version: 1.0 Received: by 10.213.0.196 with SMTP id 4mr14094831ebc.41.1261676481675; Thu, 24 Dec 2009 09:41:21 -0800 (PST) In-Reply-To: <4B339F27.6020707@freebsd.org> References: <5a5b03660912240445x7df1498dt42e29d93105efebc@mail.gmail.com> <4B339F27.6020707@freebsd.org> Date: Thu, 24 Dec 2009 20:41:21 +0300 Message-ID: <5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com> From: Paul Graphov To: secteam@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: Re: yarrow random generator X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 17:41:23 -0000 Dont these lines (random_yarrow_init function) make it available to set "seeded" to zero? SYSCTL_ADD_PROC(&random_clist, SYSCTL_CHILDREN(random_sys_o), OID_AUTO, "seeded", CTLTYPE_INT | CTLFLAG_RW, &random_systat.seeded, 1, random_check_boolean, "I", "Seeded State"); And also according to Schneier it is a good idea to save state of the PRNG and restore it on boot to make it "more seeded". 2009/12/24 Colin Percival > Hi all, > > Looks like there's a bug here, but it doesn't matter since this is dead > code: .seeded is initialized to 1 and never modified, so we will never > call into random_yarrow_block. > > IIRC this is because there are some places which ask for entropy before > yarrow is seeded but don't actually need *cryptographic* entropy. > > > Thu, Dec 24, 2009 at 03:45:15PM +0300, Paul Graphov wrote: > >> I've looked at FreeBSD 8.0 cryptographically secure pseudorandom > >> numbers generator and have a question. It looks like a bug but I'am > >> not sure. > >> > >> In file sys/dev/randomdev.c, function random_read: > >> > >> if (!random_systat.seeded) > >> error = (*random_systat.block)(flag); > >> > >> It blocks until PRNG is seeded. For software random generator > implementation > >> block method looks as follows, sys/dev/randomdev_soft.c: > >> > >> random_yarrow_block(int flag) > >> { > >> int error = 0; > >> > >> mtx_lock(&random_reseed_mtx); > >> > >> /* Blocking logic */ > >> while (random_systat.seeded && !error) { > >> if (flag & O_NONBLOCK) > >> error = EWOULDBLOCK; > >> else { > >> printf("Entropy device is blocking.\n"); > >> error = msleep(&random_systat, > >> &random_reseed_mtx, > >> PUSER | PCATCH, "block", 0); > >> } > >> } > >> mtx_unlock(&random_reseed_mtx); > >> > >> return error; > >> } > >> > >> It seems that random_systat.seeded in "while" condition should be > negated. > >> Or it will never block actually, or block erroneously until next reseed > >> (under very rare > >> conditions) > > -- > Colin Percival > Security Officer, FreeBSD | freebsd.org | The power to serve > Founder / author, Tarsnap | tarsnap.com | Online backups for the truly > paranoid >