[86] in The Cryptographic File System users list
Re: truerand.c/setitimer problem with RedHat 5.0
daemon@ATHENA.MIT.EDU (George M. Sipe)
Fri Jun 19 12:52:51 1998
From owner-cfs-users@research.att.com Fri Jun 19 16:52:50 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 22594 invoked from network); 19 Jun 1998 16:52:49 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 19 Jun 1998 16:52:49 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Fri Jun 19 12:47:01 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research; Fri Jun 19 12:49:35 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id MAA22349;
Fri, 19 Jun 1998 12:49:42 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id MAA08315 for cfs-users-list; Fri, 19 Jun 1998 12:45:32 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id MAA08311 for <cfs-users@nsa.research.att.com>; Fri, 19 Jun 1998 12:45:30 -0400 (EDT)
Received: from camel7.mindspring.com ([207.69.200.57]) by research; Fri Jun 19 12:47:09 EDT 1998
Received: from mindspring.com (user-38lcar1.dialup.mindspring.com [209.86.43.97])
by camel7.mindspring.com (8.8.5/8.8.5) with ESMTP id MAA26375;
Fri, 19 Jun 1998 12:46:39 -0400 (EDT)
Received: (from gsipe@localhost)
by mindspring.com (8.8.7/8.8.7) id MAA20342;
Fri, 19 Jun 1998 12:47:01 -0400
Message-Id: <199806191647.MAA20342@mindspring.com>
Subject: Re: truerand.c/setitimer problem with RedHat 5.0
In-Reply-To: <199806191319.JAA04038@lig.net> from Stephen Williams at "Jun 19, 98 09:19:21 am"
To: sdw@lig.net (Stephen Williams)
Date: Fri, 19 Jun 1998 12:47:00 -0400 (EDT)
Cc: cfs-users@research.att.com
Reply-To: gsipe@pobox.com
Organization: at home in Berkeley Lake, GA
From: "George M. Sipe" <gsipe@pobox.com>
X-Mailer: ELM [version 2.4ME+ PL39 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cfs-users@research.att.com
Precedence: bulk
In your message you (Stephen Williams) wrote:
>
> Something isn't working as expected...
>
> The timer (setitimer) never goes off in truerand.c so the for(;;) loop
> eats cpu forever (in cmkdir for instance).
>
> I tried adding a memset to initialize 'it' already.
>
> I'd be surprised if setitimer is that broken.
>
> Has anyone else had to solve this problem??
Yes. I "solved" it at least for myself by changing the code to use the
high quality kernel random number generator.
(I posted the following in January. I have not included random.c below,
refer to /usr/src/linux-2.0.34/drivers/char/random.c)
Subject: 1.4.0b2 cmkdir experience on Linux
To: mab@research.att.com (Matt Blaze)
Cc: cfs-users@nsa.research.att.com
I have been successfully using the latest version of CFS (1.4.0b2)
under RedHat Linux 5.0 which uses glibc2 and gcc 2.7.2 on a single CPU
266MHz Pentium II. However, I had not needed to create new encrypted
directories so I didn't test cmkdir.
For some reason, cmkdir hangs in truerand's roulette() function (it
might be a signal or timer problem in glibc2 or perhaps timing related
on a fast CPU, both, something else?).
To avoid actually debugging this thing, and to possibly improve the
randomness needed for key generation, I have patched truerand.c to
use the Linux /dev/random interface. My short patch is below. It is
followed by the kernel code which implements /dev/random, FYI.
Regards,
George
*** truerand.c.orig Sun Dec 7 00:16:36 1997
--- truerand.c Sun Jan 4 08:21:10 1998
***************
*** 89,94 ****
--- 89,96 ----
#include <math.h>
#include <stdio.h>
+ #ifndef linux
+
static jmp_buf env;
static unsigned count;
static unsigned ocount;
***************
*** 157,162 ****
--- 159,188 ----
return buf;
}
+
+ #else
+
+ #include <fcntl.h>
+ #include <unistd.h>
+
+ /*
+ * return 32 bits of high quality randomness.
+ */
+ unsigned long
+ raw_truerand()
+ {
+ int randfd;
+ unsigned long buf;
+ static const char err[] = "\ncould not access /dev/random\n";
+
+ if (((randfd = open("/dev/random", O_RDONLY)) != -1) &&
+ (read(randfd, &buf, 4) == 4) &&
+ close(randfd) == 0)
+ return buf;
+ write(2, err, sizeof(err));
+ exit(-1);
+ }
+ #endif
int
raw_n_truerand(n)
