diff mbox series

In _extract-crng mix in 64 bits if possible

Message ID CACXcFmm798P6mPErh9B4thz7uvBG1sUO-eJpa1MB+7ayDyTCvw@mail.gmail.com (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series In _extract-crng mix in 64 bits if possible | expand

Commit Message

Sandy Harris Sept. 9, 2021, 2:49 a.m. UTC
On some machines arch_get_random_long() gives 64 bits.
XORing it into a 32-bit state word uses only half of it.
This change makes it use it all instead.

Signed-off-by: Sandy Harris <sandyinchina@gmail.com>

---
 drivers/char/random.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

         (time_after(crng_global_init_time, crng->init_time) ||
@@ -996,7 +997,7 @@ static void _extract_crng(struct crng_state *crng,
         crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
     spin_lock_irqsave(&crng->lock, flags);
     if (arch_get_random_long(&v))
-        crng->state[14] ^= v;
+        *last ^= v;
     chacha20_block(&crng->state[0], out);
     if (crng->state[12] == 0)
         crng->state[13]++;
--

Comments

Eric Biggers Sept. 9, 2021, 3:43 a.m. UTC | #1
On Thu, Sep 09, 2021 at 10:49:20AM +0800, Sandy Harris wrote:
> On some machines arch_get_random_long() gives 64 bits.
> XORing it into a 32-bit state word uses only half of it.
> This change makes it use it all instead.
> 
> Signed-off-by: Sandy Harris <sandyinchina@gmail.com>
> 
> ---
>  drivers/char/random.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

This patch is corrupted and doesn't apply.

> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 57fe011fb5e4..fe7f3366b934 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -988,7 +988,8 @@ static void crng_reseed(struct crng_state *crng,
> struct entropy_store *r)
>  static void _extract_crng(struct crng_state *crng,
>                __u8 out[CHACHA_BLOCK_SIZE])
>  {
> -    unsigned long v, flags;
> +    unsigned long v, flags, *last;
> +    last = (unsigned long *) &crng->state[14] ;

How do you know that this has the right alignment for an unsigned long?

- Eric
Sandy Harris Sept. 9, 2021, 5:14 a.m. UTC | #2
On Thu, Sep 9, 2021 at 11:43 AM Eric Biggers <ebiggers@kernel.org> wrote:

> This patch is corrupted and doesn't apply.
> ...
> > -    unsigned long v, flags;
> > +    unsigned long v, flags, *last;
> > +    last = (unsigned long *) &crng->state[14] ;
>
> How do you know that this has the right alignment for an unsigned long?

Good question, thanks. I don't & that's definitely a bug.

On my version, which includes patches I have not sent yet, it is
necessarily 64-bit aligned.
Sandy Harris Sept. 11, 2021, 7:19 a.m. UTC | #3
On many machines arch_get_random_long() gives 64 bits
but current code uses only 32 of them since it XORs
the result into p[14] which is u32.
---
My previous patch made an unwarranted assumption that
an array declared u32 would be 64-bit aligned. Thanks to
Eric for catching that.

This version avoids that problem and also handles the case
where on some machines a long is only 32 bits.

 drivers/char/random.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 605969ed0f96..2c6b56cf8b27 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -989,14 +989,19 @@ static void _extract_crng(struct crng_state *crng,
               __u8 out[CHACHA_BLOCK_SIZE])
 {
     unsigned long v, flags;
+        u32 *q ;
+        q = (u32 *) &v ;

     if (crng_ready() &&
         (time_after(crng_global_init_time, crng->init_time) ||
          time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
         crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
     spin_lock_irqsave(&crng->lock, flags);
-    if (arch_get_random_long(&v))
-        crng->state[14] ^= v;
+    if (arch_get_random_long(&v))  {
+                p[14] ^= q[0] ;
+                if (sizeof(v) == 8)
+                        p[15] ^= q[1] ;
+        }
     chacha20_block(&crng->state[0], out);
     if (crng->state[12] == 0)
         crng->state[13]++;
Sandy Harris Sept. 13, 2021, 2:52 a.m. UTC | #4
Declare a variable that should have been in commit
 af4047981c61831da73f41d755fbf1f9f20b666a

---
 drivers/char/random.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 2c6b56cf8b27..a2360fb83dbe 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -989,7 +989,8 @@ static void _extract_crng(struct crng_state *crng,
               __u8 out[CHACHA_BLOCK_SIZE])
 {
     unsigned long v, flags;
-        u32 *q ;
+        u32 *p, *q ;
+        p = &crng->state[0] ;
         q = (u32 *) &v ;

     if (crng_ready() &&
diff mbox series

Patch

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 57fe011fb5e4..fe7f3366b934 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -988,7 +988,8 @@  static void crng_reseed(struct crng_state *crng,
struct entropy_store *r)
 static void _extract_crng(struct crng_state *crng,
               __u8 out[CHACHA_BLOCK_SIZE])
 {
-    unsigned long v, flags;
+    unsigned long v, flags, *last;
+    last = (unsigned long *) &crng->state[14] ;

     if (crng_ready() &&