Message ID | CACXcFmm798P6mPErh9B4thz7uvBG1sUO-eJpa1MB+7ayDyTCvw@mail.gmail.com (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Herbert Xu |
Headers | show |
Series | In _extract-crng mix in 64 bits if possible | expand |
On Thu, Sep 09, 2021 at 10:49:20AM +0800, Sandy Harris wrote: > On some machines arch_get_random_long() gives 64 bits. > XORing it into a 32-bit state word uses only half of it. > This change makes it use it all instead. > > Signed-off-by: Sandy Harris <sandyinchina@gmail.com> > > --- > drivers/char/random.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) This patch is corrupted and doesn't apply. > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 57fe011fb5e4..fe7f3366b934 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -988,7 +988,8 @@ static void crng_reseed(struct crng_state *crng, > struct entropy_store *r) > static void _extract_crng(struct crng_state *crng, > __u8 out[CHACHA_BLOCK_SIZE]) > { > - unsigned long v, flags; > + unsigned long v, flags, *last; > + last = (unsigned long *) &crng->state[14] ; How do you know that this has the right alignment for an unsigned long? - Eric
On Thu, Sep 9, 2021 at 11:43 AM Eric Biggers <ebiggers@kernel.org> wrote: > This patch is corrupted and doesn't apply. > ... > > - unsigned long v, flags; > > + unsigned long v, flags, *last; > > + last = (unsigned long *) &crng->state[14] ; > > How do you know that this has the right alignment for an unsigned long? Good question, thanks. I don't & that's definitely a bug. On my version, which includes patches I have not sent yet, it is necessarily 64-bit aligned.
On many machines arch_get_random_long() gives 64 bits but current code uses only 32 of them since it XORs the result into p[14] which is u32. --- My previous patch made an unwarranted assumption that an array declared u32 would be 64-bit aligned. Thanks to Eric for catching that. This version avoids that problem and also handles the case where on some machines a long is only 32 bits. drivers/char/random.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 605969ed0f96..2c6b56cf8b27 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -989,14 +989,19 @@ static void _extract_crng(struct crng_state *crng, __u8 out[CHACHA_BLOCK_SIZE]) { unsigned long v, flags; + u32 *q ; + q = (u32 *) &v ; if (crng_ready() && (time_after(crng_global_init_time, crng->init_time) || time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))) crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); spin_lock_irqsave(&crng->lock, flags); - if (arch_get_random_long(&v)) - crng->state[14] ^= v; + if (arch_get_random_long(&v)) { + p[14] ^= q[0] ; + if (sizeof(v) == 8) + p[15] ^= q[1] ; + } chacha20_block(&crng->state[0], out); if (crng->state[12] == 0) crng->state[13]++;
Declare a variable that should have been in commit af4047981c61831da73f41d755fbf1f9f20b666a --- drivers/char/random.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 2c6b56cf8b27..a2360fb83dbe 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -989,7 +989,8 @@ static void _extract_crng(struct crng_state *crng, __u8 out[CHACHA_BLOCK_SIZE]) { unsigned long v, flags; - u32 *q ; + u32 *p, *q ; + p = &crng->state[0] ; q = (u32 *) &v ; if (crng_ready() &&
diff --git a/drivers/char/random.c b/drivers/char/random.c index 57fe011fb5e4..fe7f3366b934 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -988,7 +988,8 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) static void _extract_crng(struct crng_state *crng, __u8 out[CHACHA_BLOCK_SIZE]) { - unsigned long v, flags; + unsigned long v, flags, *last; + last = (unsigned long *) &crng->state[14] ; if (crng_ready() &&
On some machines arch_get_random_long() gives 64 bits. XORing it into a 32-bit state word uses only half of it. This change makes it use it all instead. Signed-off-by: Sandy Harris <sandyinchina@gmail.com> --- drivers/char/random.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (time_after(crng_global_init_time, crng->init_time) || @@ -996,7 +997,7 @@ static void _extract_crng(struct crng_state *crng, crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); spin_lock_irqsave(&crng->lock, flags); if (arch_get_random_long(&v)) - crng->state[14] ^= v; + *last ^= v; chacha20_block(&crng->state[0], out); if (crng->state[12] == 0) crng->state[13]++; --