From: "Jason A. Donenfeld" <Jason@zx2c4.com> To: Theodore Ts'o <tytso@mit.edu>, Linux Crypto Mailing List <linux-crypto@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>, kernel-hardening@lists.openwall.com, Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Subject: [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Date: Mon, 5 Jun 2017 05:47:49 +0200 [thread overview] Message-ID: <20170605034757.4803-1-Jason@zx2c4.com> (raw) As discussed in [1], there is a problem with get_random_bytes being used before the RNG has actually been seeded. The solution for fixing this appears to be multi-pronged. One of those prongs involves adding a simple blocking API so that modules that use the RNG in process context can just sleep (in an interruptable manner) until the RNG is ready to be used. This winds up being a very useful API that covers a few use cases, 5 of which are included in this patch set. [1] http://www.openwall.com/lists/kernel-hardening/2017/06/02/2 Changes v1->v2: - Rather than support both interruptable and non-interruptable waiting and also timeouts, we just support the case that people will actually use: ordinary interruptable waiting. This simplifies the API a bit. - This patch set now has a few examples of where it might be useful. Jason A. Donenfeld (8): random: add synchronous API for the urandom pool random: add get_random_{bytes,u32,u64,int,long,once}_wait family random: warn when kernel uses unseeded randomness crypto/rng: ensure that the RNG is ready before using security/keys: ensure RNG is seeded before use iscsi: ensure RNG is seeded before use bluetooth/smp: ensure RNG is properly seeded before ECDH use ceph: ensure RNG is seeded before using crypto/rng.c | 6 +++-- drivers/char/random.c | 44 ++++++++++++++++++++++--------- drivers/target/iscsi/iscsi_target_auth.c | 14 +++++++--- drivers/target/iscsi/iscsi_target_login.c | 22 ++++++++++------ include/linux/net.h | 2 ++ include/linux/once.h | 2 ++ include/linux/random.h | 26 ++++++++++++++++++ lib/Kconfig.debug | 15 +++++++++++ net/bluetooth/hci_request.c | 6 +++++ net/bluetooth/smp.c | 18 ++++++++++--- net/ceph/ceph_common.c | 6 ++++- security/keys/encrypted-keys/encrypted.c | 8 +++--- security/keys/key.c | 13 ++++++--- 13 files changed, 145 insertions(+), 37 deletions(-) -- 2.13.0
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com> To: Theodore Ts'o <tytso@mit.edu>, Linux Crypto Mailing List <linux-crypto@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>, kernel-hardening@lists.openwall.com, Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Subject: [kernel-hardening] [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Date: Mon, 5 Jun 2017 05:47:49 +0200 [thread overview] Message-ID: <20170605034757.4803-1-Jason@zx2c4.com> (raw) As discussed in [1], there is a problem with get_random_bytes being used before the RNG has actually been seeded. The solution for fixing this appears to be multi-pronged. One of those prongs involves adding a simple blocking API so that modules that use the RNG in process context can just sleep (in an interruptable manner) until the RNG is ready to be used. This winds up being a very useful API that covers a few use cases, 5 of which are included in this patch set. [1] http://www.openwall.com/lists/kernel-hardening/2017/06/02/2 Changes v1->v2: - Rather than support both interruptable and non-interruptable waiting and also timeouts, we just support the case that people will actually use: ordinary interruptable waiting. This simplifies the API a bit. - This patch set now has a few examples of where it might be useful. Jason A. Donenfeld (8): random: add synchronous API for the urandom pool random: add get_random_{bytes,u32,u64,int,long,once}_wait family random: warn when kernel uses unseeded randomness crypto/rng: ensure that the RNG is ready before using security/keys: ensure RNG is seeded before use iscsi: ensure RNG is seeded before use bluetooth/smp: ensure RNG is properly seeded before ECDH use ceph: ensure RNG is seeded before using crypto/rng.c | 6 +++-- drivers/char/random.c | 44 ++++++++++++++++++++++--------- drivers/target/iscsi/iscsi_target_auth.c | 14 +++++++--- drivers/target/iscsi/iscsi_target_login.c | 22 ++++++++++------ include/linux/net.h | 2 ++ include/linux/once.h | 2 ++ include/linux/random.h | 26 ++++++++++++++++++ lib/Kconfig.debug | 15 +++++++++++ net/bluetooth/hci_request.c | 6 +++++ net/bluetooth/smp.c | 18 ++++++++++--- net/ceph/ceph_common.c | 6 ++++- security/keys/encrypted-keys/encrypted.c | 8 +++--- security/keys/key.c | 13 ++++++--- 13 files changed, 145 insertions(+), 37 deletions(-) -- 2.13.0
next reply other threads:[~2017-06-05 3:48 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-06-05 3:47 Jason A. Donenfeld [this message] 2017-06-05 3:47 ` [kernel-hardening] [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 1/8] random: add synchronous API for the urandom pool Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 2/8] random: add get_random_{bytes,u32,u64,int,long,once}_wait family Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 3/8] random: warn when kernel uses unseeded randomness Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 4/8] crypto/rng: ensure that the RNG is ready before using Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 5/8] security/keys: ensure RNG is seeded before use Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 23:18 ` Jason A. Donenfeld 2017-06-05 23:18 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 6/8] iscsi: " Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 7/8] bluetooth/smp: ensure RNG is properly seeded before ECDH use Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 3:47 ` [PATCH RFC v2 8/8] ceph: ensure RNG is seeded before using Jason A. Donenfeld 2017-06-05 3:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-05 23:47 ` [PATCH RFC v2 0/8] get_random_bytes_wait family of APIs Jason A. Donenfeld 2017-06-05 23:47 ` [kernel-hardening] " Jason A. Donenfeld 2017-06-06 7:45 ` Greg Kroah-Hartman 2017-06-06 7:45 ` [kernel-hardening] " Greg Kroah-Hartman 2017-06-06 12:24 ` Jason A. Donenfeld 2017-06-06 12:24 ` [kernel-hardening] " Jason A. Donenfeld
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170605034757.4803-1-Jason@zx2c4.com \ --to=jason@zx2c4.com \ --cc=gregkh@linuxfoundation.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=tytso@mit.edu \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.