From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Theodore Ts'o <tytso@mit.edu>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
kernel-hardening@lists.openwall.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs
Date: Mon, 5 Jun 2017 05:47:49 +0200 [thread overview]
Message-ID: <20170605034757.4803-1-Jason@zx2c4.com> (raw)
As discussed in [1], there is a problem with get_random_bytes being
used before the RNG has actually been seeded. The solution for fixing
this appears to be multi-pronged. One of those prongs involves adding
a simple blocking API so that modules that use the RNG in process
context can just sleep (in an interruptable manner) until the RNG is
ready to be used. This winds up being a very useful API that covers
a few use cases, 5 of which are included in this patch set.
[1] http://www.openwall.com/lists/kernel-hardening/2017/06/02/2
Changes v1->v2:
- Rather than support both interruptable and non-interruptable
waiting and also timeouts, we just support the case that people
will actually use: ordinary interruptable waiting. This simplifies
the API a bit.
- This patch set now has a few examples of where it might be useful.
Jason A. Donenfeld (8):
random: add synchronous API for the urandom pool
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: warn when kernel uses unseeded randomness
crypto/rng: ensure that the RNG is ready before using
security/keys: ensure RNG is seeded before use
iscsi: ensure RNG is seeded before use
bluetooth/smp: ensure RNG is properly seeded before ECDH use
ceph: ensure RNG is seeded before using
crypto/rng.c | 6 +++--
drivers/char/random.c | 44 ++++++++++++++++++++++---------
drivers/target/iscsi/iscsi_target_auth.c | 14 +++++++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++++++++++------
include/linux/net.h | 2 ++
include/linux/once.h | 2 ++
include/linux/random.h | 26 ++++++++++++++++++
lib/Kconfig.debug | 15 +++++++++++
net/bluetooth/hci_request.c | 6 +++++
net/bluetooth/smp.c | 18 ++++++++++---
net/ceph/ceph_common.c | 6 ++++-
security/keys/encrypted-keys/encrypted.c | 8 +++---
security/keys/key.c | 13 ++++++---
13 files changed, 145 insertions(+), 37 deletions(-)
--
2.13.0
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Theodore Ts'o <tytso@mit.edu>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
kernel-hardening@lists.openwall.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [kernel-hardening] [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs
Date: Mon, 5 Jun 2017 05:47:49 +0200 [thread overview]
Message-ID: <20170605034757.4803-1-Jason@zx2c4.com> (raw)
As discussed in [1], there is a problem with get_random_bytes being
used before the RNG has actually been seeded. The solution for fixing
this appears to be multi-pronged. One of those prongs involves adding
a simple blocking API so that modules that use the RNG in process
context can just sleep (in an interruptable manner) until the RNG is
ready to be used. This winds up being a very useful API that covers
a few use cases, 5 of which are included in this patch set.
[1] http://www.openwall.com/lists/kernel-hardening/2017/06/02/2
Changes v1->v2:
- Rather than support both interruptable and non-interruptable
waiting and also timeouts, we just support the case that people
will actually use: ordinary interruptable waiting. This simplifies
the API a bit.
- This patch set now has a few examples of where it might be useful.
Jason A. Donenfeld (8):
random: add synchronous API for the urandom pool
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: warn when kernel uses unseeded randomness
crypto/rng: ensure that the RNG is ready before using
security/keys: ensure RNG is seeded before use
iscsi: ensure RNG is seeded before use
bluetooth/smp: ensure RNG is properly seeded before ECDH use
ceph: ensure RNG is seeded before using
crypto/rng.c | 6 +++--
drivers/char/random.c | 44 ++++++++++++++++++++++---------
drivers/target/iscsi/iscsi_target_auth.c | 14 +++++++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++++++++++------
include/linux/net.h | 2 ++
include/linux/once.h | 2 ++
include/linux/random.h | 26 ++++++++++++++++++
lib/Kconfig.debug | 15 +++++++++++
net/bluetooth/hci_request.c | 6 +++++
net/bluetooth/smp.c | 18 ++++++++++---
net/ceph/ceph_common.c | 6 ++++-
security/keys/encrypted-keys/encrypted.c | 8 +++---
security/keys/key.c | 13 ++++++---
13 files changed, 145 insertions(+), 37 deletions(-)
--
2.13.0
next reply other threads:[~2017-06-05 3:48 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 3:47 Jason A. Donenfeld [this message]
2017-06-05 3:47 ` [kernel-hardening] [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 1/8] random: add synchronous API for the urandom pool Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 2/8] random: add get_random_{bytes,u32,u64,int,long,once}_wait family Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 3/8] random: warn when kernel uses unseeded randomness Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 4/8] crypto/rng: ensure that the RNG is ready before using Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 5/8] security/keys: ensure RNG is seeded before use Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 23:18 ` Jason A. Donenfeld
2017-06-05 23:18 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 6/8] iscsi: " Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 7/8] bluetooth/smp: ensure RNG is properly seeded before ECDH use Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 3:47 ` [PATCH RFC v2 8/8] ceph: ensure RNG is seeded before using Jason A. Donenfeld
2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-05 23:47 ` [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Jason A. Donenfeld
2017-06-05 23:47 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-06 7:45 ` Greg Kroah-Hartman
2017-06-06 7:45 ` [kernel-hardening] " Greg Kroah-Hartman
2017-06-06 12:24 ` Jason A. Donenfeld
2017-06-06 12:24 ` [kernel-hardening] " Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170605034757.4803-1-Jason@zx2c4.com \
--to=jason@zx2c4.com \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.