From: Stephan Mueller <smueller@chronox.de>
To: George Spelvin <linux@horizon.com>
Cc: herbert@gondor.apana.org.au, nhorman@tuxdriver.com,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 01/17] crypto: ansi_cprng - Rename rand_data_valid more sensibly
Date: Tue, 02 Dec 2014 09:41:16 +0100 [thread overview]
Message-ID: <1707797.LWZf6k9llc@tauon> (raw)
In-Reply-To: <20141202083441.17772.qmail@ns.horizon.com>
Am Dienstag, 2. Dezember 2014, 03:34:41 schrieb George Spelvin:
Hi George,
>It's more like rand_data_invalid (data which has already been output),
>so it's a pretty bad misnomer. But rand_data_pos is even better.
>
>Signed-off-by: George Spelvin <linux@horizon.com>
>---
> crypto/ansi_cprng.c | 25 +++++++++++--------------
> 1 file changed, 11 insertions(+), 14 deletions(-)
>
>diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
>index 97fe3110..c9e1684b 100644
>--- a/crypto/ansi_cprng.c
>+++ b/crypto/ansi_cprng.c
>@@ -50,7 +50,7 @@ struct prng_context {
> unsigned char DT[DEFAULT_BLK_SZ];
> unsigned char I[DEFAULT_BLK_SZ];
> unsigned char V[DEFAULT_BLK_SZ];
>- u32 rand_data_valid;
>+ u32 rand_read_pos; /* Offset into rand_data[] */
> struct crypto_cipher *tfm;
> u32 flags;
> };
>@@ -174,7 +174,7 @@ static int _get_more_prng_bytes(struct prng_context
>*ctx, int cont_test) }
>
> dbgprint("Returning new block for context %p\n", ctx);
>- ctx->rand_data_valid = 0;
>+ ctx->rand_read_pos = 0;
>
> hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
> hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
>@@ -217,7 +217,7 @@ static int get_prng_bytes(char *buf, size_t nbytes,
>struct prng_context *ctx,
>
>
> remainder:
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0) {
> memset(buf, 0, nbytes);
> err = -EINVAL;
>@@ -230,12 +230,9 @@ remainder:
> */
> if (byte_count < DEFAULT_BLK_SZ) {
> empty_rbuf:
>- while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
>- *ptr = ctx->rand_data[ctx->rand_data_valid];
>- ptr++;
>- byte_count--;
>- ctx->rand_data_valid++;
>- if (byte_count == 0)
>+ while (ctx->rand_read_pos < DEFAULT_BLK_SZ) {
>+ *ptr++ = ctx->rand_data[ctx->rand_read_pos++];
>+ if (--byte_count == 0)
> goto done;
I am against such collapsing of constructs into one-liners. It is not
obvious at first sight, which value gets incremented in what order. Such
collapsing was the cause for CVE-2013-4345 as it caused an off-by one.
> }
> }
>@@ -244,17 +241,17 @@ empty_rbuf:
> * Now copy whole blocks
> */
> for (; byte_count >= DEFAULT_BLK_SZ; byte_count -=
DEFAULT_BLK_SZ) {
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0)
{
> memset(buf, 0, nbytes);
> err = -EINVAL;
> goto done;
> }
> }
>- if (ctx->rand_data_valid > 0)
>+ if (ctx->rand_read_pos > 0)
> goto empty_rbuf;
> memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
>- ctx->rand_data_valid += DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos += DEFAULT_BLK_SZ;
> ptr += DEFAULT_BLK_SZ;
> }
>
>@@ -304,7 +301,7 @@ static int reset_prng_context(struct prng_context
>*ctx, memset(ctx->rand_data, 0, DEFAULT_BLK_SZ);
> memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ);
>
>- ctx->rand_data_valid = DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos = DEFAULT_BLK_SZ; /* Force immediate
refill */
>
> ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen);
> if (ret) {
>@@ -413,7 +410,7 @@ static int fips_cprng_reset(struct crypto_rng *tfm,
>u8 *seed, unsigned int slen)
>
> /* this primes our continuity test */
> rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0);
>- prng->rand_data_valid = DEFAULT_BLK_SZ;
>+ prng->rand_read_pos = DEFAULT_BLK_SZ;
>
> out:
> return rc;
Ciao
Stephan
next prev parent reply other threads:[~2014-12-02 8:41 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-29 2:43 Is ansi_cprng.c supposed to implement X9.17/X9.31's RNG? George Spelvin
2014-11-29 17:26 ` George Spelvin
2014-11-29 17:59 ` Neil Horman
2014-12-02 8:33 ` [PATCH 00/17] Multiple changes to crypto/ansi_cprng.c George Spelvin
2014-12-02 8:34 ` [PATCH 01/17] crypto: ansi_cprng - Rename rand_data_valid more sensibly George Spelvin
2014-12-02 8:41 ` Stephan Mueller [this message]
2014-12-02 17:12 ` George Spelvin
2014-12-02 8:35 ` [PATCH 02/17] crypto: ansi_cprng - Eliminate ctx->last_rand_data George Spelvin
2014-12-02 8:57 ` Stephan Mueller
2014-12-02 9:08 ` George Spelvin
2014-12-02 14:46 ` Neil Horman
2014-12-02 19:45 ` George Spelvin
2014-12-02 8:37 ` [PATCH 03/17] crypto: ansi_cprng - Eliminate ctx->I George Spelvin
2014-12-02 14:52 ` Neil Horman
2014-12-02 20:03 ` George Spelvin
2014-12-03 11:08 ` Neil Horman
2014-12-02 8:37 ` PATCH 04/17] crypto: ansi_cprng - simplify xor_vectors() to xor_block() George Spelvin
2014-12-02 8:39 ` [PATCH 05/17] crypto: ansi_cprng - Add const annotations to hexdump() George Spelvin
2014-12-02 8:40 ` [PATCH 06/17] crypto: ansi_cprng - Eliminate unused PRNG_FIXED_SIZE flag George Spelvin
2014-12-02 8:43 ` [PATCH 07/17] crypto: ansi_cprng - Shrink rand_read_pos & flags George Spelvin
2014-12-02 14:59 ` Neil Horman
2014-12-02 20:28 ` George Spelvin
2014-12-03 11:11 ` Neil Horman
2014-12-02 8:46 ` [PATCH 08/17] crypto: ansi_cprng - Require non-null key & V in reset_prng_context George Spelvin
2014-12-02 8:50 ` [PATCH 09/17] crypto: ansi_cprng - Clean up some variable types George Spelvin
2014-12-02 8:52 ` [PATCH 10/17] crypto: ansi_cprng - simplify get_prng_bytes George Spelvin
2014-12-02 8:54 ` [PATCH 11/17] crypto: ansi_cprng - unroll _get_more_prng_bytes George Spelvin
2014-12-02 21:54 ` George Spelvin
2014-12-02 8:56 ` [PATCH 12/17] crypto: ansi_cprng - Create a "block buffer" data type George Spelvin
2014-12-02 8:57 ` [PATCH 13/17] crypto: ansi_cprng - If DT is not provided, use a fresh timestamp George Spelvin
2014-12-02 9:11 ` George Spelvin
2014-12-02 8:58 ` [PATCH 14/17] crypto: ansi_cprng - If DT is omitted, don't buffer old output George Spelvin
2014-12-02 8:59 ` [PATCH 15/17] crypto: testmgr - Teach test_cprng to handle non-default seed sizes George Spelvin
2014-12-02 9:01 ` [PATCH 16/17] crypto: testmgr - Merge seed arrays in struct cprng_testvec George Spelvin
2014-12-02 9:02 ` [PATCH 17/17] crypto: ansi_cprng - Shrink default seed size George Spelvin
2014-12-03 11:13 ` [PATCH 00/17] Multiple changes to crypto/ansi_cprng.c Neil Horman
2014-12-03 20:27 ` George Spelvin
2014-12-04 18:07 ` Stephan Mueller
2014-12-05 11:28 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1707797.LWZf6k9llc@tauon \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux@horizon.com \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.