Bug#343085: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

2008-01-08 Thread Werner Koch 
On Tue,  8 Jan 2008 11:59, [EMAIL PROTECTED] said:

 Anyway there 3000 calls to /dev/urandom are far too many for an initial
 pool filling.  I need to check this.

Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

2008-01-08  Werner Koch  [EMAIL PROTECTED]

* random.c (add_randomness): Do not just increment
POOL_FILLED_COUNTER but update it by the actual amount of data.

Index: cipher/random.c
===
--- cipher/random.c (revision 1277)
+++ cipher/random.c (working copy)
@@ -1115,6 +1115,7 @@
 add_randomness (const void *buffer, size_t length, enum random_origins origin)
 {
   const unsigned char *p = buffer;
+  size_t count = 0;
 
   assert (pool_is_locked);
 
@@ -1123,6 +1124,7 @@
   while (length-- )
 {
   rndpool[pool_writepos++] ^= *p++;
+  count++;
   if (pool_writepos = POOLSIZE )
 {
   /* It is possible that we are invoked before the pool is
@@ -1132,7 +1134,9 @@
  separately.  See also the remarks about the seed file. */
   if (origin = RANDOM_ORIGIN_SLOWPOLL  !pool_filled)
 {
-  if (++pool_filled_counter = POOLSIZE)
+  pool_filled_counter += count;
+  count = 0;
+  if (pool_filled_counter = POOLSIZE)
 pool_filled = 1;
 }
   pool_writepos = 0;


Also commited to SVN.  Old and new stats:

$ LD_PRELOAD=/usr/local/lib/libgcrypt.so ./benchmark --verbose random
random   130ms30ms
random usage: poolsize=600 mixed=972 polls=3000/200 added=4200/378400
  outmix=200 getlvl1=200/13600 getlvl2=0/0

$ ./benchmark --verbose random
random40ms30ms
random usage: poolsize=600 mixed=377 polls=25/200 added=1225/21400
  outmix=200 getlvl1=200/13600 getlvl2=0/0



Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#343085: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

2008-01-08 Thread Simon Josefsson 
Werner Koch [EMAIL PROTECTED] writes:

 On Tue,  8 Jan 2008 11:59, [EMAIL PROTECTED] said:

 Anyway there 3000 calls to /dev/urandom are far too many for an initial
 pool filling.  I need to check this.

 Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

Thanks.  Running gnutls-cli using libgcrypt SVN leads to:

random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
  outmix=3 getlvl1=3/136 getlvl2=0/0

Compared to the old situation:

random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
  outmix=3 getlvl1=3/136 getlvl2=0/0

So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right?  Strace also confirms the latter amount.  That's
good.

Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.

Thanks,
/Simon



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#343085: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

2008-01-08 Thread Werner Koch 
On Tue,  8 Jan 2008 17:16, [EMAIL PROTECTED] said:

 Still, 3kb per TLS connection is excessive, so I still recommend exim to
 set a libgcrypt seeds file to solve the problem.

Yes, definitely.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]