Re: yarrow random generator

Thu, 24 Dec 2009 11:49:12 -0800 

On Thu, 24 Dec 2009, Paul Graphov wrote:
And also according to Schneier it is a good idea to save state of the PRNG and restore it on boot to make it "more seeded". 


In the default configuration, we save some PRNG output every few minutes 
(using cron) to a file in /var so that it can be re-injected into Yarrow on 
the next boot (done by /etc/rc.d/random).


Robert N M Watson
Computer Laboratory
University of Cambridge



2009/12/24 Colin Percival <cperc...@freebsd.org>


Hi all,

Looks like there's a bug here, but it doesn't matter since this is dead
code: .seeded is initialized to 1 and never modified, so we will never
call into random_yarrow_block.

IIRC this is because there are some places which ask for entropy before
yarrow is seeded but don't actually need *cryptographic* entropy.


Thu, Dec 24, 2009 at 03:45:15PM +0300, Paul Graphov wrote:

I've looked at FreeBSD 8.0 cryptographically secure pseudorandom
numbers generator and have a question. It looks like a bug but I'am
not sure.

In file sys/dev/randomdev.c, function random_read:

        if (!random_systat.seeded)
                error = (*random_systat.block)(flag);

It blocks until PRNG is seeded. For software random generator

implementation

block method looks as follows, sys/dev/randomdev_soft.c:

random_yarrow_block(int flag)
{
        int error = 0;

        mtx_lock(&random_reseed_mtx);

        /* Blocking logic */
        while (random_systat.seeded && !error) {
                if (flag & O_NONBLOCK)
                        error = EWOULDBLOCK;
                else {
                        printf("Entropy device is blocking.\n");
                        error = msleep(&random_systat,
                            &random_reseed_mtx,
                            PUSER | PCATCH, "block", 0);
                }
        }
        mtx_unlock(&random_reseed_mtx);

        return error;
}

It seems that random_systat.seeded in "while" condition should be

negated.

Or it will never block actually, or block erroneously until next reseed
(under very rare
conditions)


--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly
paranoid


_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"


_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"






















					Reply via email to