From: Stephan Mueller <smueller@chronox.de>
To: George Spelvin <linux@horizon.com>
Cc: herbert@gondor.apana.org.au, nhorman@tuxdriver.com,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 01/17] crypto: ansi_cprng - Rename rand_data_valid more sensibly
Date: Tue, 02 Dec 2014 09:41:16 +0100 [thread overview]
Message-ID: <1707797.LWZf6k9llc@tauon> (raw)
In-Reply-To: <20141202083441.17772.qmail@ns.horizon.com>
Am Dienstag, 2. Dezember 2014, 03:34:41 schrieb George Spelvin:
Hi George,
>It's more like rand_data_invalid (data which has already been output),
>so it's a pretty bad misnomer. But rand_data_pos is even better.
>
>Signed-off-by: George Spelvin <linux@horizon.com>
>---
> crypto/ansi_cprng.c | 25 +++++++++++--------------
> 1 file changed, 11 insertions(+), 14 deletions(-)
>
>diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
>index 97fe3110..c9e1684b 100644
>--- a/crypto/ansi_cprng.c
>+++ b/crypto/ansi_cprng.c
>@@ -50,7 +50,7 @@ struct prng_context {
> unsigned char DT[DEFAULT_BLK_SZ];
> unsigned char I[DEFAULT_BLK_SZ];
> unsigned char V[DEFAULT_BLK_SZ];
>- u32 rand_data_valid;
>+ u32 rand_read_pos; /* Offset into rand_data[] */
> struct crypto_cipher *tfm;
> u32 flags;
> };
>@@ -174,7 +174,7 @@ static int _get_more_prng_bytes(struct prng_context
>*ctx, int cont_test) }
>
> dbgprint("Returning new block for context %p\n", ctx);
>- ctx->rand_data_valid = 0;
>+ ctx->rand_read_pos = 0;
>
> hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
> hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
>@@ -217,7 +217,7 @@ static int get_prng_bytes(char *buf, size_t nbytes,
>struct prng_context *ctx,
>
>
> remainder:
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0) {
> memset(buf, 0, nbytes);
> err = -EINVAL;
>@@ -230,12 +230,9 @@ remainder:
> */
> if (byte_count < DEFAULT_BLK_SZ) {
> empty_rbuf:
>- while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
>- *ptr = ctx->rand_data[ctx->rand_data_valid];
>- ptr++;
>- byte_count--;
>- ctx->rand_data_valid++;
>- if (byte_count == 0)
>+ while (ctx->rand_read_pos < DEFAULT_BLK_SZ) {
>+ *ptr++ = ctx->rand_data[ctx->rand_read_pos++];
>+ if (--byte_count == 0)
> goto done;
I am against such collapsing of constructs into one-liners. It is not
obvious at first sight, which value gets incremented in what order. Such
collapsing was the cause for CVE-2013-4345 as it caused an off-by one.
> }
> }
>@@ -244,17 +241,17 @@ empty_rbuf:
> * Now copy whole blocks
> */
> for (; byte_count >= DEFAULT_BLK_SZ; byte_count -=
DEFAULT_BLK_SZ) {
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0)
{
> memset(buf, 0, nbytes);
> err = -EINVAL;
> goto done;
> }
> }
>- if (ctx->rand_data_valid > 0)
>+ if (ctx->rand_read_pos > 0)
> goto empty_rbuf;
> memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
>- ctx->rand_data_valid += DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos += DEFAULT_BLK_SZ;
> ptr += DEFAULT_BLK_SZ;
> }
>
>@@ -304,7 +301,7 @@ static int reset_prng_context(struct prng_context
>*ctx, memset(ctx->rand_data, 0, DEFAULT_BLK_SZ);
> memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ);
>
>- ctx->rand_data_valid = DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos = DEFAULT_BLK_SZ; /* Force immediate
refill */
>
> ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen);
> if (ret) {
>@@ -413,7 +410,7 @@ static int fips_cprng_reset(struct crypto_rng *tfm,
>u8 *seed, unsigned int slen)
>
> /* this primes our continuity test */
> rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0);
>- prng->rand_data_valid = DEFAULT_BLK_SZ;
>+ prng->rand_read_pos = DEFAULT_BLK_SZ;
>
> out:
> return rc;
Ciao
Stephan
next prev parent reply other threads:[~2014-12-02 8:41 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-29 2:43 Is ansi_cprng.c supposed to implement X9.17/X9.31's RNG? George Spelvin
2014-11-29 17:26 ` George Spelvin
2014-11-29 17:59 ` Neil Horman
2014-12-02 8:33 ` [PATCH 00/17] Multiple changes to crypto/ansi_cprng.c George Spelvin
2014-12-02 8:34 ` [PATCH 01/17] crypto: ansi_cprng - Rename rand_data_valid more sensibly George Spelvin
2014-12-02 8:41 ` Stephan Mueller [this message]
2014-12-02 17:12 ` George Spelvin
2014-12-02 8:35 ` [PATCH 02/17] crypto: ansi_cprng - Eliminate ctx->last_rand_data George Spelvin
2014-12-02 8:57 ` Stephan Mueller
2014-12-02 9:08 ` George Spelvin
2014-12-02 14:46 ` Neil Horman
2014-12-02 19:45 ` George Spelvin
2014-12-02 8:37 ` [PATCH 03/17] crypto: ansi_cprng - Eliminate ctx->I George Spelvin
2014-12-02 14:52 ` Neil Horman
2014-12-02 20:03 ` George Spelvin
2014-12-03 11:08 ` Neil Horman
2014-12-02 8:37 ` PATCH 04/17] crypto: ansi_cprng - simplify xor_vectors() to xor_block() George Spelvin
2014-12-02 8:39 ` [PATCH 05/17] crypto: ansi_cprng - Add const annotations to hexdump() George Spelvin
2014-12-02 8:40 ` [PATCH 06/17] crypto: ansi_cprng - Eliminate unused PRNG_FIXED_SIZE flag George Spelvin
2014-12-02 8:43 ` [PATCH 07/17] crypto: ansi_cprng - Shrink rand_read_pos & flags George Spelvin
2014-12-02 14:59 ` Neil Horman
2014-12-02 20:28 ` George Spelvin
2014-12-03 11:11 ` Neil Horman
2014-12-02 8:46 ` [PATCH 08/17] crypto: ansi_cprng - Require non-null key & V in reset_prng_context George Spelvin
2014-12-02 8:50 ` [PATCH 09/17] crypto: ansi_cprng - Clean up some variable types George Spelvin
2014-12-02 8:52 ` [PATCH 10/17] crypto: ansi_cprng - simplify get_prng_bytes George Spelvin
2014-12-02 8:54 ` [PATCH 11/17] crypto: ansi_cprng - unroll _get_more_prng_bytes George Spelvin
2014-12-02 21:54 ` George Spelvin
2014-12-02 8:56 ` [PATCH 12/17] crypto: ansi_cprng - Create a "block buffer" data type George Spelvin
2014-12-02 8:57 ` [PATCH 13/17] crypto: ansi_cprng - If DT is not provided, use a fresh timestamp George Spelvin
2014-12-02 9:11 ` George Spelvin
2014-12-02 8:58 ` [PATCH 14/17] crypto: ansi_cprng - If DT is omitted, don't buffer old output George Spelvin
2014-12-02 8:59 ` [PATCH 15/17] crypto: testmgr - Teach test_cprng to handle non-default seed sizes George Spelvin
2014-12-02 9:01 ` [PATCH 16/17] crypto: testmgr - Merge seed arrays in struct cprng_testvec George Spelvin
2014-12-02 9:02 ` [PATCH 17/17] crypto: ansi_cprng - Shrink default seed size George Spelvin
2014-12-03 11:13 ` [PATCH 00/17] Multiple changes to crypto/ansi_cprng.c Neil Horman
2014-12-03 20:27 ` George Spelvin
2014-12-04 18:07 ` Stephan Mueller
2014-12-05 11:28 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1707797.LWZf6k9llc@tauon \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux@horizon.com \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).