Patchwork Patch for modification in random_init

login
register
mail settings
Submitter Prameela Rani Garnepudi
Date March 24, 2014, 7:07 a.m.
Message ID <C2.DE.14383.AD9DF235@epcpsbgx3.samsung.com>
Download mbox | patch
Permalink /patch/332969/
State Rejected
Headers show

Comments

Prameela Rani Garnepudi - March 24, 2014, 7:07 a.m.
Hi,
Please review the below patch ralated to random_init. Attached the same.


From efac6a92322a965454c17d132e7e79705f389af0 Mon Sep 17 00:00:00 2001
From: Prameela Rani Garnepudi <prameela.g@samsung.com>

Date: Mon, 24 Mar 2014 12:35:18 +0430
Subject: [PATCH] Random: Modification in random_init

In random_init return from the function immediately if random_entropy_file
is NULL. Because, the process of creating random_fd socket and thus,
eloop socket is unnecessary as the content read from /dev/random shall
be written to random_entropy_file which is NULL.

Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>

---
 src/crypto/random.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

--
1.7.6.5


Thanks,
Prameela
Jouni Malinen - March 25, 2014, 2:51 p.m.
On Mon, Mar 24, 2014 at 07:07:22AM +0000, Prameela Rani Garnepudi wrote:

> Please review the below patch ralated to random_init. Attached the same.

> In random_init return from the function immediately if random_entropy_file
> is NULL. Because, the process of creating random_fd socket and thus,
> eloop socket is unnecessary as the content read from /dev/random shall
> be written to random_entropy_file which is NULL.

This seems to disable reading of dummy_key completely and by doing that,
reduce the security of the internal backup entropy pool significantly.
This mechanism is used by random_get_bytes() regardless of whether the
entropy file is used to store entropy over process restarts. In other
words, I'm not going to be applying this without a significantly more
detailed justification that explain why this would not break internal
entropy pool design.

Patch

diff --git a/src/crypto/random.c b/src/crypto/random.c

index 053740e..121200e 100644

--- a/src/crypto/random.c

+++ b/src/crypto/random.c

@@ -409,6 +409,8 @@  void random_init(const char *entropy_file)

                random_entropy_file = os_strdup(entropy_file);
        else
                random_entropy_file = NULL;
+       if (!random_entropy_file)

+               return;

        random_read_entropy();

 #ifdef __linux__