From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 24 19:48:43 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA67D106566B; Thu, 24 Dec 2009 19:48:43 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id B318C8FC15; Thu, 24 Dec 2009 19:48:43 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 4BABF46B03; Thu, 24 Dec 2009 14:48:43 -0500 (EST) Date: Thu, 24 Dec 2009 19:48:43 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Paul Graphov In-Reply-To: <5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com> Message-ID: References: <5a5b03660912240445x7df1498dt42e29d93105efebc@mail.gmail.com> <4B339F27.6020707@freebsd.org> <5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, secteam@freebsd.org Subject: Re: yarrow random generator X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 19:48:43 -0000 On Thu, 24 Dec 2009, Paul Graphov wrote: > And also according to Schneier it is a good idea to save state of the PRNG > and restore it on boot to make it "more seeded". In the default configuration, we save some PRNG output every few minutes (using cron) to a file in /var so that it can be re-injected into Yarrow on the next boot (done by /etc/rc.d/random). Robert N M Watson Computer Laboratory University of Cambridge > > 2009/12/24 Colin Percival > >> Hi all, >> >> Looks like there's a bug here, but it doesn't matter since this is dead >> code: .seeded is initialized to 1 and never modified, so we will never >> call into random_yarrow_block. >> >> IIRC this is because there are some places which ask for entropy before >> yarrow is seeded but don't actually need *cryptographic* entropy. >> >>> Thu, Dec 24, 2009 at 03:45:15PM +0300, Paul Graphov wrote: >>>> I've looked at FreeBSD 8.0 cryptographically secure pseudorandom >>>> numbers generator and have a question. It looks like a bug but I'am >>>> not sure. >>>> >>>> In file sys/dev/randomdev.c, function random_read: >>>> >>>> if (!random_systat.seeded) >>>> error = (*random_systat.block)(flag); >>>> >>>> It blocks until PRNG is seeded. For software random generator >> implementation >>>> block method looks as follows, sys/dev/randomdev_soft.c: >>>> >>>> random_yarrow_block(int flag) >>>> { >>>> int error = 0; >>>> >>>> mtx_lock(&random_reseed_mtx); >>>> >>>> /* Blocking logic */ >>>> while (random_systat.seeded && !error) { >>>> if (flag & O_NONBLOCK) >>>> error = EWOULDBLOCK; >>>> else { >>>> printf("Entropy device is blocking.\n"); >>>> error = msleep(&random_systat, >>>> &random_reseed_mtx, >>>> PUSER | PCATCH, "block", 0); >>>> } >>>> } >>>> mtx_unlock(&random_reseed_mtx); >>>> >>>> return error; >>>> } >>>> >>>> It seems that random_systat.seeded in "while" condition should be >> negated. >>>> Or it will never block actually, or block erroneously until next reseed >>>> (under very rare >>>> conditions) >> >> -- >> Colin Percival >> Security Officer, FreeBSD | freebsd.org | The power to serve >> Founder / author, Tarsnap | tarsnap.com | Online backups for the truly >> paranoid >> > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >