korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 17:24:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

random: introduce drain_entropy() helper to declutter crng_reseed()

Browse Source 
In preparation for separating responsibilities, break out the entropy
count management part of crng_reseed() into its own function.

No functional changes.

Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2022-02-11 12:19:49 +01:00
parent b2f408fe40
commit 246c03dd89
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
drivers/char/random.c
View File

@ -260,6 +260,7 @@ static struct {
}; };
static void extract_entropy(void *buf, size_t nbytes); static void extract_entropy(void *buf, size_t nbytes);
static bool drain_entropy(void *buf, size_t nbytes);
static void crng_reseed(void); static void crng_reseed(void);
@ -456,23 +457,13 @@ static void crng_slow_load(const void *cp, size_t len)
static void crng_reseed(void) static void crng_reseed(void)
{ {
unsigned long flags; unsigned long flags;
int entropy_count;
unsigned long next_gen; unsigned long next_gen;
u8 key[CHACHA_KEY_SIZE]; u8 key[CHACHA_KEY_SIZE];
bool finalize_init = false; bool finalize_init = false;
/* /* Only reseed if we can, to prevent brute forcing a small amount of new bits. */
* First we make sure we have POOL_MIN_BITS of entropy in the pool, if (!drain_entropy(key, sizeof(key)))
* and then we drain all of it. Only then can we extract a new key.
*/
do {
entropy_count = READ_ONCE(input_pool.entropy_count);
if (entropy_count < POOL_MIN_BITS)
return; return;
} while (cmpxchg(&input_pool.entropy_count, entropy_count, 0) != entropy_count);
extract_entropy(key, sizeof(key));
wake_up_interruptible(&random_write_wait);
kill_fasync(&fasync, SIGIO, POLL_OUT);
/* /*
* We copy the new key into the base_crng, overwriting the old one, * We copy the new key into the base_crng, overwriting the old one,
@ -900,6 +891,25 @@ static void extract_entropy(void *buf, size_t nbytes)
memzero_explicit(&block, sizeof(block)); memzero_explicit(&block, sizeof(block));
} }
/*
* First we make sure we have POOL_MIN_BITS of entropy in the pool, and then we
* set the entropy count to zero (but don't actually touch any data). Only then
* can we extract a new key with extract_entropy().
*/
static bool drain_entropy(void *buf, size_t nbytes)
{
unsigned int entropy_count;
do {
entropy_count = READ_ONCE(input_pool.entropy_count);
if (entropy_count < POOL_MIN_BITS)
return false;
} while (cmpxchg(&input_pool.entropy_count, entropy_count, 0) != entropy_count);
extract_entropy(buf, nbytes);
wake_up_interruptible(&random_write_wait);
kill_fasync(&fasync, SIGIO, POLL_OUT);
return true;
}
#define warn_unseeded_randomness(previous) \ #define warn_unseeded_randomness(previous) \
_warn_unseeded_randomness(__func__, (void *)_RET_IP_, (previous)) _warn_unseeded_randomness(__func__, (void *)_RET_IP_, (previous))