bug+fix: linux /dev/random

Thu, 22 Jun 2000 14:32:17 -0700 

-----BEGIN PGP SIGNED MESSAGE-----

Hi Folks --

There is a bug in /usr/src/linux/drivers/char/random.c.
Basically, it acts as if it can hold 32x less entropy
than you would think based on the configuration parameters
or the ioctls.  For instance, if it is configured for 4096
bits max, and you fill it up, the first time you read a byte
it trims its entropy-estimate from 4098 to 128.

There is no loss of real entropy, just a loss of estimated
entropy.  There is no compromise of security.  There will alas
be a lot of situations where reads from /dev/random will
needlessly block waiting for somebody to deposit more entropy,
which is not good for entropy-hungry applications like IPsec.

This is observed in random.c version 1.85 (and maybe earlier versions)
and version 1.89 [which is what ships with the latest kernel 2.3.99]
(and maybe later versions).

I wrote to Ted about this a couple of days ago but got no response.

Here's a patch for 1.89.  It should succeed with a little fuzz
for nearby versions.

Cheers --- jsd


*** drivers/char/random.c.orig  Wed Apr 12 12:38:52 2000
- --- drivers/char/random.c       Wed Jun 21 10:38:16 2000
***************
*** 1239,1250 ****
          ssize_t ret, i;
          __u32 tmp[TMP_BUF_SIZE];
          __u32 x;

          add_timer_randomness(&extract_timer_state, nbytes);

          /* Redundant, but just in case... */
!       if (r->entropy_count > r->poolinfo.poolwords)
!               r->entropy_count = r->poolinfo.poolwords;

          if (flags & EXTRACT_ENTROPY_SECONDARY)
                  xfer_secondary_pool(r, nbytes);
- --- 1239,1251 ----
          ssize_t ret, i;
          __u32 tmp[TMP_BUF_SIZE];
          __u32 x;
+       int     max_entropy = r->poolinfo.poolwords*32;

          add_timer_randomness(&extract_timer_state, nbytes);

          /* Redundant, but just in case... */
!       if (r->entropy_count > max_entropy)
!               r->entropy_count = max_entropy;

          if (flags & EXTRACT_ENTROPY_SECONDARY)
                  xfer_secondary_pool(r, nbytes);

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1

iQCVAwUBOVDVqNhgLICx1u2JAQE9nwQAzigQ0CMyHt3vBTHtSNjG2+9xi/UU/H5r
18zt7FEd6uBuNXRRK3ua33J8YcZxaHIiHMWWagi1q7D9MUE+DwJFLkOKshXNcdr6
sXL5cCfxfeQ6GUkar0s7/RP3o10T1qTXXGNE+SGunpRZF6erBgr3NgLrgOUrkvzg
AR02WMfERdc=
=PqC3
-----END PGP SIGNATURE-----

Reply via email to