From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org,
Stephan Mueller <smueller@chronox.de>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 37/38] crypto: drbg - Clean up generation code
Date: Sun, 19 Apr 2026 23:34:21 -0700 [thread overview]
Message-ID: <20260420063422.324906-38-ebiggers@kernel.org> (raw)
In-Reply-To: <20260420063422.324906-1-ebiggers@kernel.org>
A few miscellaneous cleanups to make the code a bit more readable:
- Replace (buf, buflen) with (out, outlen)
- Update (out, outlen) as we go along
- Use size_t for lengths
- Use min()
- Adjust some comments and log messages
- Rename a variable named 'len' to 'err', since it isn't a length
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/drbg.c | 53 ++++++++++++++++++---------------------------------
1 file changed, 19 insertions(+), 34 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index bab766026177..b54c807930af 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -178,16 +178,13 @@ static void drbg_hmac_update(struct drbg_state *drbg,
}
memzero_explicit(new_key, sizeof(new_key));
}
/* generate function of HMAC DRBG as defined in 10.1.2.5 */
-static void drbg_hmac_generate(struct drbg_state *drbg,
- unsigned char *buf,
- unsigned int buflen,
+static void drbg_hmac_generate(struct drbg_state *drbg, u8 *out, size_t outlen,
const u8 *addtl1, size_t addtl1_len)
{
- int len = 0;
u8 addtl2[32];
size_t addtl2_len = 0;
/*
* Append some bytes from get_random_bytes() to the additional input
@@ -208,21 +205,20 @@ static void drbg_hmac_generate(struct drbg_state *drbg,
/* 10.1.2.5 step 2 */
if (addtl1_len || addtl2_len)
drbg_hmac_update(drbg, addtl1, addtl1_len, addtl2, addtl2_len);
- while (len < buflen) {
- unsigned int outlen = 0;
+ while (outlen) {
+ size_t n = min(DRBG_STATE_LEN, outlen);
/* 10.1.2.5 step 4.1 */
hmac_sha512(&drbg->key, drbg->V, DRBG_STATE_LEN, drbg->V);
- outlen = (DRBG_STATE_LEN < (buflen - len)) ?
- DRBG_STATE_LEN : (buflen - len);
/* 10.1.2.5 step 4.2 */
- memcpy(buf + len, drbg->V, outlen);
- len += outlen;
+ memcpy(out, drbg->V, n);
+ out += n;
+ outlen -= n;
}
/* 10.1.2.5 step 6 */
drbg_hmac_update(drbg, addtl1, addtl1_len, addtl2, addtl2_len);
@@ -329,47 +325,42 @@ static int drbg_seed(struct drbg_state *drbg, const u8 *pers, size_t pers_len,
return ret;
}
/*
- * DRBG generate function as required by SP800-90A - this function
- * generates random numbers
+ * Generate random bytes from an SP800-90A DRBG.
*
* @drbg DRBG state handle
- * @buf Buffer where to store the random numbers -- the buffer must already
- * be pre-allocated by caller
- * @buflen Length of output buffer - this value defines the number of random
- * bytes pulled from DRBG
+ * @out Buffer where to store the random bytes
+ * @outlen Number of random bytes to generate
* @addtl Optional additional input that is mixed into state
* @addtl_len Length of @addtl in bytes, may be 0
*
* return: 0 when all bytes are generated; < 0 in case of an error
*/
-static int drbg_generate(struct drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
+static int drbg_generate(struct drbg_state *drbg, u8 *out, size_t outlen,
const u8 *addtl, size_t addtl_len)
__must_hold(&drbg->drbg_mutex)
{
- int len = 0;
+ int err;
if (!drbg->instantiated) {
pr_devel("DRBG: not yet instantiated\n");
return -EINVAL;
}
- if (0 == buflen || !buf) {
+ if (out == NULL || outlen == 0) {
pr_devel("DRBG: no output buffer provided\n");
return -EINVAL;
}
if (addtl == NULL && addtl_len != 0) {
pr_devel("DRBG: wrong format of additional information\n");
return -EINVAL;
}
/* 9.3.1 step 2 */
- if (buflen > DRBG_MAX_REQUEST_BYTES) {
- pr_devel("DRBG: requested random numbers too large %u\n",
- buflen);
+ if (outlen > DRBG_MAX_REQUEST_BYTES) {
+ pr_devel("DRBG: request length is too long %zu\n", outlen);
return -EINVAL;
}
/* 9.3.1 step 3 is implicit with the chosen DRBG */
@@ -391,20 +382,20 @@ static int drbg_generate(struct drbg_state *drbg,
*/
if (drbg->pr || drbg->reseed_ctr > DRBG_MAX_REQUESTS) {
pr_devel("DRBG: reseeding before generation (prediction resistance: %s)\n",
str_true_false(drbg->pr));
/* 9.3.1 steps 7.1 through 7.3 */
- len = drbg_seed(drbg, addtl, addtl_len, true);
- if (len)
- goto err;
+ err = drbg_seed(drbg, addtl, addtl_len, true);
+ if (err)
+ return err;
/* 9.3.1 step 7.4 */
addtl = NULL;
addtl_len = 0;
}
/* 9.3.1 step 8 and 10 */
- drbg_hmac_generate(drbg, buf, buflen, addtl, addtl_len);
+ drbg_hmac_generate(drbg, out, outlen, addtl, addtl_len);
/* 10.1.2.5 step 7 */
drbg->reseed_ctr++;
/*
@@ -418,17 +409,11 @@ static int drbg_generate(struct drbg_state *drbg,
* In this case, the entire kernel operation is questionable and it
* is unlikely that the integrity violation only affects the
* correct operation of the DRBG.
*/
- /*
- * All operations were successful, return 0 as mandated by
- * the kernel crypto API interface.
- */
- len = 0;
-err:
- return len;
+ return 0;
}
/***************************************************************
* Kernel crypto API interface to DRBG
***************************************************************/
--
2.53.0
next prev parent reply other threads:[~2026-04-20 6:37 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 6:33 [PATCH 00/38] Fix and simplify the NIST DRBG implementation Eric Biggers
2026-04-20 6:33 ` [PATCH 01/38] crypto: drbg - Fix returning success on failure in CTR_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 02/38] crypto: drbg - Fix misaligned writes in CTR_DRBG and HASH_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 03/38] crypto: drbg - Fix ineffective sanity check Eric Biggers
2026-04-20 6:33 ` [PATCH 04/38] crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels Eric Biggers
2026-04-20 6:33 ` [PATCH 05/38] crypto: drbg - Fix the fips_enabled priority boost Eric Biggers
2026-04-20 6:33 ` [PATCH 06/38] crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC Eric Biggers
2026-04-20 6:33 ` [PATCH 07/38] crypto: drbg - Remove broken commented-out code Eric Biggers
2026-04-20 6:33 ` [PATCH 08/38] crypto: drbg - Remove unhelpful helper functions Eric Biggers
2026-04-20 6:33 ` [PATCH 09/38] crypto: drbg - Remove obsolete FIPS 140-2 continuous test Eric Biggers
2026-04-20 6:33 ` [PATCH 10/38] crypto: drbg - Fold include/crypto/drbg.h into crypto/drbg.c Eric Biggers
2026-04-20 6:33 ` [PATCH 11/38] crypto: drbg - Remove import of crypto_cipher functions Eric Biggers
2026-04-20 6:33 ` [PATCH 12/38] crypto: drbg - Remove support for CTR_DRBG Eric Biggers
2026-04-20 8:07 ` Geert Uytterhoeven
2026-04-20 14:40 ` Stephan Mueller
2026-04-20 17:47 ` Eric Biggers
2026-04-20 19:54 ` Stephan Mueller
2026-04-20 20:56 ` Eric Biggers
2026-04-20 20:58 ` Stephan Mueller
2026-04-20 6:33 ` [PATCH 13/38] crypto: drbg - Remove support for HASH_DRBG Eric Biggers
2026-04-21 7:21 ` Geert Uytterhoeven
2026-04-20 6:33 ` [PATCH 14/38] crypto: drbg - Flatten the DRBG menu Eric Biggers
2026-04-20 6:33 ` [PATCH 15/38] crypto: testmgr - Add test for drbg_pr_hmac_sha512 Eric Biggers
2026-04-20 16:04 ` Joachim Vandersmissen
2026-04-20 17:06 ` Eric Biggers
2026-04-20 6:34 ` [PATCH 16/38] crypto: testmgr - Update test for drbg_nopr_hmac_sha512 Eric Biggers
2026-04-20 6:34 ` [PATCH 17/38] crypto: drbg - Remove support for HMAC-SHA256 and HMAC-SHA384 Eric Biggers
2026-04-20 6:34 ` [PATCH 18/38] crypto: drbg - Simplify algorithm registration Eric Biggers
2026-04-20 6:34 ` [PATCH 19/38] crypto: drbg - De-virtualize drbg_state_ops Eric Biggers
2026-04-20 6:34 ` [PATCH 20/38] crypto: drbg - Move fixed values into constants Eric Biggers
2026-04-20 16:06 ` Joachim Vandersmissen
2026-04-20 6:34 ` [PATCH 21/38] crypto: drbg - Embed V and C into struct drbg_state Eric Biggers
2026-04-20 6:34 ` [PATCH 22/38] crypto: drbg - Use HMAC-SHA512 library API Eric Biggers
2026-04-20 6:34 ` [PATCH 23/38] crypto: drbg - Remove drbg_core Eric Biggers
2026-04-20 6:34 ` [PATCH 24/38] crypto: drbg - Install separate seed functions for pr and nopr Eric Biggers
2026-04-20 6:34 ` [PATCH 25/38] crypto: drbg - Move module aliases to end of file Eric Biggers
2026-04-20 6:34 ` [PATCH 26/38] crypto: drbg - Consolidate "instantiate" logic and remove drbg_state::C Eric Biggers
2026-04-20 6:34 ` [PATCH 27/38] crypto: drbg - Eliminate use of 'drbg_string' and lists Eric Biggers
2026-04-20 6:34 ` [PATCH 28/38] crypto: drbg - Simplify drbg_generate_long() and fold into caller Eric Biggers
2026-04-20 6:34 ` [PATCH 29/38] crypto: drbg - Put rng_alg methods in logical order Eric Biggers
2026-04-20 6:34 ` [PATCH 30/38] crypto: drbg - Fold drbg_instantiate() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 31/38] crypto: drbg - Separate "reseed" case in drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 32/38] crypto: drbg - Fold drbg_prepare_hrng() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 33/38] crypto: drbg - Simplify "uninstantiate" logic Eric Biggers
2026-04-20 6:34 ` [PATCH 34/38] crypto: drbg - Include get_random_bytes() output in additional input Eric Biggers
2026-04-20 6:34 ` [PATCH 35/38] crypto: drbg - Change DRBG_MAX_REQUESTS to 4096 Eric Biggers
2026-04-20 6:34 ` [PATCH 36/38] crypto: drbg - Remove redundant reseeding based on random.c state Eric Biggers
2026-04-20 16:48 ` Joachim Vandersmissen
2026-04-20 17:25 ` Eric Biggers
2026-04-20 6:34 ` Eric Biggers [this message]
2026-04-20 6:34 ` [PATCH 38/38] crypto: drbg - Clean up loop in drbg_hmac_update() Eric Biggers
2026-05-05 8:49 ` [PATCH 00/38] Fix and simplify the NIST DRBG implementation Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420063422.324906-38-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.