[Pkg-gnutls-commits] r471 - in /packages/libgcrypt11/trunk/debian: changelog patches/13_fixexcessiverandom.diff
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Tue Jan 8 19:15:14 UTC 2008
Author: ametzler
Date: Tue Jan 8 19:15:14 2008
New Revision: 471
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=471
Log:
Added debian/patches/13_fixexcessiverandom.diff
Added:
packages/libgcrypt11/trunk/debian/patches/13_fixexcessiverandom.diff
Modified:
packages/libgcrypt11/trunk/debian/changelog
Modified: packages/libgcrypt11/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/changelog?rev=471&op=diff
==============================================================================
--- packages/libgcrypt11/trunk/debian/changelog (original)
+++ packages/libgcrypt11/trunk/debian/changelog Tue Jan 8 19:15:14 2008
@@ -1,3 +1,11 @@
+libgcrypt11 (1.4.0-3) unstable; urgency=low
+
+ * Added debian/patches/13_fixexcessiverandom.diff: Patch by upstream fixing
+ reducing /dev/*random usage for initialising the RNG to less than 1/100.
+ This bug was introduced in 1.3.1.
+
+ -- Andreas Metzler <ametzler at debian.org> Tue, 08 Jan 2008 19:49:13 +0100
+
libgcrypt11 (1.4.0-2) unstable; urgency=low
* Bump shlibs, new symbols added. (Should have been done in 1.4.0-1.)
Added: packages/libgcrypt11/trunk/debian/patches/13_fixexcessiverandom.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/patches/13_fixexcessiverandom.diff?rev=471&op=file
==============================================================================
--- packages/libgcrypt11/trunk/debian/patches/13_fixexcessiverandom.diff (added)
+++ packages/libgcrypt11/trunk/debian/patches/13_fixexcessiverandom.diff Tue Jan 8 19:15:14 2008
@@ -1,0 +1,119 @@
+From gnutls-devel-bounces+xxxxxxxr=yyyyyyyy..org at gnu.org Tue Jan 8 12:39:51 2008
+From: Werner Koch <wk at gnupg.org>
+To: Simon Josefsson <simon at josefsson.org>
+References: <20080103003214.GB14155 at torres.zugschlus.de>
+ <c331d99a0801032356i4e8be690h56be9db32318bdfc at mail.gmail.com>
+ <20080104094848.GB4528 at downhill.g.la>
+ <20080105131725.GK3717 at sliepen.org>
+ <87sl184p8x.fsf at wheatstone.g10code.de>
+ <878x30ab2u.fsf at mocca.josefsson.org>
+ <87bq7w4m7i.fsf at wheatstone.g10code.de>
+Organisation: g10 Code GmbH
+OpenPGP: id=5B0358A2; url=finger:wk at g10code.com
+Mail-Followup-To: Simon Josefsson <simon at josefsson.org>, Guus Sliepen
+ <guus at debian.org>, gnutls-devel at gnu.org, 343085 at bugs.debian.org,
+ gcrypt-devel at gnupg.org
+Date: Tue, 08 Jan 2008 12:39:02 +0100
+In-Reply-To: <87bq7w4m7i.fsf at wheatstone.g10code.de> (Werner Koch's message of
+ "Tue, 08 Jan 2008 11:59:29 +0100")
+Message-ID: <87zlvg35t5.fsf_-_ at wheatstone.g10code.de>
+User-Agent: Gnus/5.110007 (No Gnus v0.7)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=us-ascii
+X-detected-kernel: by monty-python.gnu.org: Linux 2.2 (2)
+Cc: Guus Sliepen <guus at debian.org>, gcrypt-devel at gnupg.org,
+ gnutls-devel at gnu.org, 343085 at bugs.debian.org
+Subject: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
+X-BeenThere: gnutls-devel at gnu.org
+X-Mailman-Version: 2.1.5
+Precedence: list
+List-Id: GnuTLS development discussions <gnutls-devel.gnu.org>
+List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
+ <mailto:gnutls-devel-request at gnu.org?subject=unsubscribe>
+List-Archive: <http://lists.gnu.org/pipermail/gnutls-devel>
+List-Post: <mailto:gnutls-devel at gnu.org>
+List-Help: <mailto:gnutls-devel-request at gnu.org?subject=help>
+List-Subscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
+ <mailto:gnutls-devel-request at gnu.org?subject=subscribe>
+Sender: gnutls-devel-bounces+ametzler=downhill.at.eu.org at gnu.org
+Errors-To: gnutls-devel-bounces+ametzler=downhill.at.eu.org at gnu.org
+X-Spam-Score: -3.0 (---)
+X-Spam-Report: (-3.0 / 8.0 requ) AWL=0.568,BAYES_00=-2.599,RCVD_IN_DNSWL_LOW=-1,SPF_PASS=-0.001 autolearn=ham
+Status: RO
+Content-Length: 2103
+
+On Tue, 8 Jan 2008 11:59, wk at gnupg.org said:
+
+> Anyway there 3000 calls to /dev/urandom are far too many for an initial
+> pool filling. I need to check this.
+
+Found it. The bug was introduced with libgcrypt 1.3.1. Here is a patch:
+
+2008-01-08 Werner Koch <wk at g10code.com>
+
+ * random.c (add_randomness): Do not just increment
+ POOL_FILLED_COUNTER but update it by the actual amount of data.
+
+Index: cipher/random.c
+===================================================================
+--- cipher/random.c (revision 1277)
++++ cipher/random.c (working copy)
+@@ -1115,6 +1115,7 @@
+ add_randomness (const void *buffer, size_t length, enum random_origins origin)
+ {
+ const unsigned char *p = buffer;
++ size_t count = 0;
+
+ assert (pool_is_locked);
+
+@@ -1123,6 +1124,7 @@
+ while (length-- )
+ {
+ rndpool[pool_writepos++] ^= *p++;
++ count++;
+ if (pool_writepos >= POOLSIZE )
+ {
+ /* It is possible that we are invoked before the pool is
+@@ -1132,7 +1134,9 @@
+ separately. See also the remarks about the seed file. */
+ if (origin >= RANDOM_ORIGIN_SLOWPOLL && !pool_filled)
+ {
+- if (++pool_filled_counter >= POOLSIZE)
++ pool_filled_counter += count;
++ count = 0;
++ if (pool_filled_counter >= POOLSIZE)
+ pool_filled = 1;
+ }
+ pool_writepos = 0;
+
+
+Also commited to SVN. Old and new stats:
+
+$ LD_PRELOAD=/usr/local/lib/libgcrypt.so ./benchmark --verbose random
+random 130ms 30ms
+random usage: poolsize=600 mixed=972 polls=3000/200 added=4200/378400
+ outmix=200 getlvl1=200/13600 getlvl2=0/0
+
+$ ./benchmark --verbose random
+random 40ms 30ms
+random usage: poolsize=600 mixed=377 polls=25/200 added=1225/21400
+ outmix=200 getlvl1=200/13600 getlvl2=0/0
+
+
+
+Shalom-Salam,
+
+ Werner
+
+
+
+--
+Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
+
+
+
+_______________________________________________
+Gnutls-devel mailing list
+Gnutls-devel at gnu.org
+http://lists.gnu.org/mailman/listinfo/gnutls-devel
+
More information about the Pkg-gnutls-commits
mailing list