tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: rework kernel random number subsystem (*nearly final*)
tls%panix.com@localhost said:
> There's a new patch at http://www.panix.com/~tls/rnd4.diff
I've been running a system with this for a couple of hours now and it appears
stable. (With "rnd3.diff" I got locking related panics indeed.)
Just some mostly formal comments:
-shouldn't the remaining uses of arc4random() be converted to cprng_strong/fast
as appropriate (what I noticed was in "opencrypto") and arc4random removed
from public namespace?
-not a big issue, but it seems wrong to me that the arc4random implementation
in lib/libkern calls back into the kernel's rngtest(). I'd suggest to move
rngtest() to libkern as well -- it doesn't have any connection to kernel
specific services.
-while the NIST thing is approved and so, arc4random is still strong enough
for most uses, as I understand it. The mapping cprng_fast/strong to
arc4random/nist_ctr could be controlled by some kernel defines, with the
option to map both to arc4random. At least I wouldn't remove all the
infrastructure which makes rijndael an optional kernel component, in case
someone wants to do this later.
-would it be feasible to use the opencrypto framework for AES stuff, to
get crypto hardware support? From a brief look at the code, my impression
is that key scheduling code may be called at random number extraction
time. With opencrypto, as it looks now, this would mean memory allocations
etc. which would be too expensive. Did you look at this?
-the aes256 header seems to be unused.
-not directly related: What is the "Mersenne Twister" code in libkern
good for?
best regards
Matthias
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index