Re: (none) - Stephan Mueller

Linux cryptographic layer development
 help / color / mirror / Atom feed

From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: noloader@gmail.com, linux-crypto@vger.kernel.org
Subject: Re: (none)
Date: Wed, 01 Jun 2016 07:53:38 +0200	[thread overview]
Message-ID: <3022334.qkucHDndN1@tauon.atsec.com> (raw)
In-Reply-To: <20160601045943.GA31881@gondor.apana.org.au>

Am Mittwoch, 1. Juni 2016, 12:59:43 schrieb Herbert Xu:

Hi Herbert,

> Jeffrey Walton <noloader@gmail.com> wrote:
> > Please forgive my ignorance here...
> > 
> > I have test system with a VIA C7-M processor and PM-400 chipset. This
> > is one of those Thin Client/Internet of Things processor and chipsets
> > I test security libraries on (like OpenSSL, Cryptlib and Crypto++).
> > 
> > The processor includes the Padlock extensions. Padlock is similar to
> > Intel's RDRAND, RDSEED and AES-NI, and it predates Intel's
> > instructions by about a decade.
> > 
> > The Padlock Security Engine can produce a stream of random numbers at
> > megabits per socond, so I've been kind of surprised it has been
> > 
> > suffering entropy depletion. Here's what the audit trail looks like:
> >    Testing operating system provided blocking random number generator...
> >    FAILED:  it took 74 seconds to generate 5 bytes
> >    passed:  5 generated bytes compressed to 7 bytes by DEFLATE
> > 
> > Above, the blocking RNG is drained. Then, 16 bytes are requested. It
> > appears to take over one minute to gather five bytes when effectively
> > an endless stream is available.
> > 
> > My question is, is this system expected to suffer entropy depletion
> > out of the box? Or are users expected to do something special so the
> > system does not fail?
> 
> I don't think anybody has written either an hwrng driver or a rdrand
> hook for padlock.  Patches are welcome.

I thought via-rng.c covers the VIA Padlock RNG?

Ciao
Stephan

next prev parent reply	other threads:[~2016-06-01  5:53 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-01  4:21 (unknown), Jeffrey Walton
2016-06-01  4:59 ` (none) Herbert Xu
2016-06-01  5:53   ` Stephan Mueller [this message]
2016-06-01  6:19     ` (none) Herbert Xu
2016-06-01  6:59       ` (none) Jeffrey Walton
2016-06-01  7:05         ` (none) Stephan Mueller
2016-06-01  7:05         ` (none) Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3022334.qkucHDndN1@tauon.atsec.com \
    --to=smueller@chronox.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=noloader@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox