tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: rework kernel random number subsystem



On Fri, Oct 21, 2011 at 05:15:55PM -0400, Thor Lancelot Simon wrote:
> 
> WARNING:      #7 and #8 reveal some kind of synchronization or locking
>               bug in this patch.  #8 causes the entropy pool to log to
>               the console whenever it supplies rekeying entropy.  #7
>               causes 'sysctl kern.urandom' to read from a cprng_strong
>               instance.
> 
>               Performing around 1000 consecutive such sysctl calls will
>               reveal corruption of the cprng_strong state: it is not
>               rekeyed (nor should it yet be), but is corrupted in such
>               a way that it thinks it has been, triggering the rngtest
>               statistical test, which then fails.

The patch at http://www.panix.com/~tls/rnd2.diff addresses the correctness
issues that Christos pointed out but does *not* fix the problem described
above.

Help much appreciated.

Thor


Home | Main Index | Thread Index | Old Index