User: Password:
Subscribe / Log in / New account

Entropy from uninitialized memory

Entropy from uninitialized memory

Posted May 15, 2008 11:53 UTC (Thu) by zdzichu (subscriber, #17118)
Parent article: Debian vulnerability has widespread effects

I have two questions about this mechanisms.

First, how it comes that only PID and unitialized memory is feed to OpenSSL's PRNG? The other
comments indicate that there are systems specific feeds (like /dev/random) in sources, yet
Debian one only used PID and this uninitialized buffer.

Second, let's say that offending patch is removed, and PRNG is seeded from PID and unitialized
memory. How big is this buffer? This matters, because on Linux malloc()s larger than certain
size (128k?) are done via mmap(). And kernel zeores mmaped memory. Thus, if buffer used as
entropy was allocated as big enough by malloc(), it would end zeroed. And _even reverting_
this patch won't help, as this buffer would still be zeroed. On every Linux, not only Debian.

Of course this buffer may be statically allocated, but this raises another question. I presume
various "hardening" patchsets would clear all memory before passing it to applications, just
to mitigate posssibly information disclosure. Won't this actions defeat seeding PRG with
unitialized memory ?

(Log in to post comments)

Entropy from uninitialized memory

Posted May 15, 2008 13:36 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

/dev/random (or similar source) is fed in by the first MD_Update() call, which has now been

Entropy from uninitialized memory

Posted May 15, 2008 18:06 UTC (Thu) by iabervon (subscriber, #722) [Link]

There is a function that adds entropy to the pool. This function is called with secure random
values in some places, and called with uninitialized memory in other places. The Debian
developers commented out the line that actually mixes the buffer into the pool, rather than
making the function only get called with initialized values. This took care of the
uninitialized memory getting used, but also meant that the secure random numbers didn't get
used, either.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds