On 01/15/2014 05:44 PM, Dr. Stephen Henson wrote:
On Wed, Jan 15, 2014, Florian Weimer wrote:
Commit 3cd8547a2018ada88a4303067a2aa15eadc17f39 mixed the current
time into the randomness pool each time RAND_bytes is called. As
the resolution of gettimeofday() is limited, I propose to reseed the
PRNG each time a PID change is detected.
I know historically some platforms have different PIDs for different threads.
That would cause problems with this patch.
Ah, good old LinuxThreads. I admit it's not totally dead yet. I can
add a Linux- and glibc-specific detection function which disables the
reseeding if LinuxThreads is detected. (Other systems had strange
threading libraries as well, but those generally shared PIDs.)
Regarding replacing gettimeofday() with a CPU tick counter, I expect
that many systems have a very fast gettimeofday() implementation these
days (based in part on a CPU tick counter). However, time() has no such
acceleration on the machines I've tested, so the current code shows a
significant performance hit compared to 3cd8547a2^.
The additional resolution of a tick counter might make reseeding after
fork unnecessary, but it's difficult to be sure. Something not based on
timing information looks desirable to me.
--
Florian Weimer / Red Hat Product Security Team
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
