mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-17 09:14:19 +08:00
random: introduce drain_entropy() helper to declutter crng_reseed()
In preparation for separating responsibilities, break out the entropy count management part of crng_reseed() into its own function. No functional changes. Cc: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
b2f408fe40
commit
246c03dd89
@ -260,6 +260,7 @@ static struct {
|
||||
};
|
||||
|
||||
static void extract_entropy(void *buf, size_t nbytes);
|
||||
static bool drain_entropy(void *buf, size_t nbytes);
|
||||
|
||||
static void crng_reseed(void);
|
||||
|
||||
@ -456,23 +457,13 @@ static void crng_slow_load(const void *cp, size_t len)
|
||||
static void crng_reseed(void)
|
||||
{
|
||||
unsigned long flags;
|
||||
int entropy_count;
|
||||
unsigned long next_gen;
|
||||
u8 key[CHACHA_KEY_SIZE];
|
||||
bool finalize_init = false;
|
||||
|
||||
/*
|
||||
* First we make sure we have POOL_MIN_BITS of entropy in the pool,
|
||||
* and then we drain all of it. Only then can we extract a new key.
|
||||
*/
|
||||
do {
|
||||
entropy_count = READ_ONCE(input_pool.entropy_count);
|
||||
if (entropy_count < POOL_MIN_BITS)
|
||||
/* Only reseed if we can, to prevent brute forcing a small amount of new bits. */
|
||||
if (!drain_entropy(key, sizeof(key)))
|
||||
return;
|
||||
} while (cmpxchg(&input_pool.entropy_count, entropy_count, 0) != entropy_count);
|
||||
extract_entropy(key, sizeof(key));
|
||||
wake_up_interruptible(&random_write_wait);
|
||||
kill_fasync(&fasync, SIGIO, POLL_OUT);
|
||||
|
||||
/*
|
||||
* We copy the new key into the base_crng, overwriting the old one,
|
||||
@ -900,6 +891,25 @@ static void extract_entropy(void *buf, size_t nbytes)
|
||||
memzero_explicit(&block, sizeof(block));
|
||||
}
|
||||
|
||||
/*
|
||||
* First we make sure we have POOL_MIN_BITS of entropy in the pool, and then we
|
||||
* set the entropy count to zero (but don't actually touch any data). Only then
|
||||
* can we extract a new key with extract_entropy().
|
||||
*/
|
||||
static bool drain_entropy(void *buf, size_t nbytes)
|
||||
{
|
||||
unsigned int entropy_count;
|
||||
do {
|
||||
entropy_count = READ_ONCE(input_pool.entropy_count);
|
||||
if (entropy_count < POOL_MIN_BITS)
|
||||
return false;
|
||||
} while (cmpxchg(&input_pool.entropy_count, entropy_count, 0) != entropy_count);
|
||||
extract_entropy(buf, nbytes);
|
||||
wake_up_interruptible(&random_write_wait);
|
||||
kill_fasync(&fasync, SIGIO, POLL_OUT);
|
||||
return true;
|
||||
}
|
||||
|
||||
#define warn_unseeded_randomness(previous) \
|
||||
_warn_unseeded_randomness(__func__, (void *)_RET_IP_, (previous))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user