netdev
[Top] [All Lists]

Re: [PATCH] fix secure tcp sequence number generation

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: [PATCH] fix secure tcp sequence number generation
From: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Date: Mon, 04 Oct 2004 06:06:18 +0200
Cc: netdev@xxxxxxxxxxx
In-reply-to: <20041003150052.4dba0c60.davem@redhat.com>
References: <415EEF0E.3080808@colorfullife.com> <20041003150052.4dba0c60.davem@redhat.com>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.3) Gecko/20040922
David S. Miller wrote:

On Sat, 02 Oct 2004 20:10:22 +0200
Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> wrote:



Ted's recent random.c update broke the periodic rekeying:
schedule_work() doesn't provide synchronization. Additionally the first
syn values after boot are generated with secret 0 - not good.



Are you referring to his changes done back in August or some
other change? August is the last time I see that Ted made
a change to drivers/char/random.c


The change to revision 1.49 of random.c, with the comment "dev/random: Fix latency in rekeying sequence number"
http://linux.bkbits.net:8080/linux-2.5/diffs/drivers/char/random.c@xxxx


There are two problems with that patch:
- The first call of check_and_rekey must be synchroneous, otherwise the secret stays 0 for the first ISN values after boot.
- schedule_work() doesn't provide synchronization, thus rekey_seq_generator could end up running twice.


I tried to fix it and then I noticed that it's possible to simplify the code a lot.
--
Manfred


<Prev in Thread] Current Thread [Next in Thread>