rpms/libgcrypt/devel libgcrypt-1.4.0-randinit.patch, NONE, 1.1 libgcrypt.spec, 1.25, 1.26

Joe Orton (jorton) fedora-extras-commits at redhat.com
Thu Apr 3 12:44:08 UTC 2008 

Author: jorton

Update of /cvs/extras/rpms/libgcrypt/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16897

Modified Files:
	libgcrypt.spec 
Added Files:
	libgcrypt-1.4.0-randinit.patch 
Log Message:
* Thu Apr  3 2008 Joe Orton <jorton at redhat.com> 1.4.0-3
- add patch from upstream to fix severe performance regression
  in entropy gathering


libgcrypt-1.4.0-randinit.patch:

--- NEW FILE libgcrypt-1.4.0-randinit.patch ---
>From gnutls-devel-bounces+joe=manyfish.co.uk at gnu.org Tue Jan 08 18:41:52 2008
From: Werner Koch <wk at gnupg.org>
To: Simon Josefsson <simon at josefsson.org>
Mail-Followup-To: Simon Josefsson <simon at josefsson.org>,
	Guus Sliepen <guus at debian.org>, gnutls-devel at gnu.org,
	343085 at bugs.debian.org, gcrypt-devel at gnupg.org
Date: Tue, 08 Jan 2008 12:39:02 +0100
Cc: Guus Sliepen <guus at debian.org>, gcrypt-devel at gnupg.org,
	gnutls-devel at gnu.org, 343085 at bugs.debian.org
Subject: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
Status: RO

On Tue,  8 Jan 2008 11:59, wk at gnupg.org said:

> Anyway there 3000 calls to /dev/urandom are far too many for an initial
> pool filling.  I need to check this.

Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

2008-01-08  Werner Koch  <wk at g10code.com>

	* random.c (add_randomness): Do not just increment
	POOL_FILLED_COUNTER but update it by the actual amount of data.

Index: cipher/random.c
===================================================================
--- cipher/random.c	(revision 1277)
+++ cipher/random.c	(working copy)
@@ -1115,6 +1115,7 @@
 add_randomness (const void *buffer, size_t length, enum random_origins origin)
 {
   const unsigned char *p = buffer;
+  size_t count = 0;
 
   assert (pool_is_locked);
 
@@ -1123,6 +1124,7 @@
   while (length-- )
     {
       rndpool[pool_writepos++] ^= *p++;
+      count++;
       if (pool_writepos >= POOLSIZE )
         {
           /* It is possible that we are invoked before the pool is
@@ -1132,7 +1134,9 @@
              separately.  See also the remarks about the seed file. */
           if (origin >= RANDOM_ORIGIN_SLOWPOLL && !pool_filled)
             {
-              if (++pool_filled_counter >= POOLSIZE)
+              pool_filled_counter += count;
+              count = 0;
+              if (pool_filled_counter >= POOLSIZE)
                 pool_filled = 1;
             }
           pool_writepos = 0;


Also commited to SVN.  Old and new stats:

$ LD_PRELOAD=/usr/local/lib/libgcrypt.so ./benchmark --verbose random
random       130ms    30ms
random usage: poolsize=600 mixed=972 polls=3000/200 added=4200/378400
              outmix=200 getlvl1=200/13600 getlvl2=0/0

$ ./benchmark --verbose random
random        40ms    30ms
random usage: poolsize=600 mixed=377 polls=25/200 added=1225/21400
              outmix=200 getlvl1=200/13600 getlvl2=0/0



Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



_______________________________________________
Gnutls-devel mailing list
Gnutls-devel at gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel



Index: libgcrypt.spec
===================================================================
RCS file: /cvs/extras/rpms/libgcrypt/devel/libgcrypt.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- libgcrypt.spec	19 Feb 2008 15:52:59 -0000	1.25
+++ libgcrypt.spec	3 Apr 2008 12:43:26 -0000	1.26
@@ -1,9 +1,10 @@
 Name: libgcrypt
 Version: 1.4.0
-Release: 2
+Release: 3
 Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
 Source2: wk at g10code.com
+Patch0: libgcrypt-1.4.0-randinit.patch
 License: LGPLv2+
 Summary: A general-purpose cryptography library.
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
@@ -28,6 +29,7 @@
 
 %prep
 %setup -q
+%patch0 -p1 -b .randinit
 
 %build
 %configure --disable-static --enable-noexecstack
@@ -112,6 +114,10 @@
 %{_infodir}/gcrypt.info*
 
 %changelog
+* Thu Apr  3 2008 Joe Orton <jorton at redhat.com> 1.4.0-3
+- add patch from upstream to fix severe performance regression
+  in entropy gathering
+
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.0-2
 - Autorebuild for GCC 4.3

More information about the fedora-extras-commits mailing list