* [PATCH 4.19 044/234] random: remove dead code left over from blocking pool
[not found] <20220623164343.042598055@linuxfoundation.org>
@ 2022-06-23 16:41 ` Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 056/234] random: initialize ChaCha20 constants with correct endianness Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 057/234] random: early initialization of ChaCha constants Greg Kroah-Hartman
2 siblings, 0 replies; 3+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-23 16:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-crypto, Andy Lutomirski,
Jann Horn, Theodore Tso, Ard Biesheuvel, Eric Biggers, Herbert Xu,
Jason A. Donenfeld
From: Eric Biggers <ebiggers@google.com>
commit 118a4417e14348b2e46f5e467da8444ec4757a45 upstream.
Remove some dead code that was left over following commit 90ea1c6436d2
("random: remove the blocking pool").
Cc: linux-crypto@vger.kernel.org
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jann Horn <jannh@google.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 17 +-------
include/trace/events/random.h | 83 ------------------------------------------
2 files changed, 3 insertions(+), 97 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -502,7 +502,6 @@ struct entropy_store {
unsigned short add_ptr;
unsigned short input_rotate;
int entropy_count;
- unsigned int initialized:1;
unsigned int last_data_init:1;
__u8 last_data[EXTRACT_SIZE];
};
@@ -662,7 +661,7 @@ static void process_random_ready_list(vo
*/
static void credit_entropy_bits(struct entropy_store *r, int nbits)
{
- int entropy_count, orig, has_initialized = 0;
+ int entropy_count, orig;
const int pool_size = r->poolinfo->poolfracbits;
int nfrac = nbits << ENTROPY_SHIFT;
@@ -719,23 +718,14 @@ retry:
if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
goto retry;
- if (has_initialized) {
- r->initialized = 1;
- kill_fasync(&fasync, SIGIO, POLL_IN);
- }
-
trace_credit_entropy_bits(r->name, nbits,
entropy_count >> ENTROPY_SHIFT, _RET_IP_);
if (r == &input_pool) {
int entropy_bits = entropy_count >> ENTROPY_SHIFT;
- if (crng_init < 2) {
- if (entropy_bits < 128)
- return;
+ if (crng_init < 2 && entropy_bits >= 128)
crng_reseed(&primary_crng, r);
- entropy_bits = ENTROPY_BITS(r);
- }
}
}
@@ -1391,8 +1381,7 @@ retry:
}
/*
- * This function does the actual extraction for extract_entropy and
- * extract_entropy_user.
+ * This function does the actual extraction for extract_entropy.
*
* Note: we assume that .poolwords is a multiple of 16 words.
*/
--- a/include/trace/events/random.h
+++ b/include/trace/events/random.h
@@ -85,28 +85,6 @@ TRACE_EVENT(credit_entropy_bits,
__entry->entropy_count, (void *)__entry->IP)
);
-TRACE_EVENT(push_to_pool,
- TP_PROTO(const char *pool_name, int pool_bits, int input_bits),
-
- TP_ARGS(pool_name, pool_bits, input_bits),
-
- TP_STRUCT__entry(
- __field( const char *, pool_name )
- __field( int, pool_bits )
- __field( int, input_bits )
- ),
-
- TP_fast_assign(
- __entry->pool_name = pool_name;
- __entry->pool_bits = pool_bits;
- __entry->input_bits = input_bits;
- ),
-
- TP_printk("%s: pool_bits %d input_pool_bits %d",
- __entry->pool_name, __entry->pool_bits,
- __entry->input_bits)
-);
-
TRACE_EVENT(debit_entropy,
TP_PROTO(const char *pool_name, int debit_bits),
@@ -161,35 +139,6 @@ TRACE_EVENT(add_disk_randomness,
MINOR(__entry->dev), __entry->input_bits)
);
-TRACE_EVENT(xfer_secondary_pool,
- TP_PROTO(const char *pool_name, int xfer_bits, int request_bits,
- int pool_entropy, int input_entropy),
-
- TP_ARGS(pool_name, xfer_bits, request_bits, pool_entropy,
- input_entropy),
-
- TP_STRUCT__entry(
- __field( const char *, pool_name )
- __field( int, xfer_bits )
- __field( int, request_bits )
- __field( int, pool_entropy )
- __field( int, input_entropy )
- ),
-
- TP_fast_assign(
- __entry->pool_name = pool_name;
- __entry->xfer_bits = xfer_bits;
- __entry->request_bits = request_bits;
- __entry->pool_entropy = pool_entropy;
- __entry->input_entropy = input_entropy;
- ),
-
- TP_printk("pool %s xfer_bits %d request_bits %d pool_entropy %d "
- "input_entropy %d", __entry->pool_name, __entry->xfer_bits,
- __entry->request_bits, __entry->pool_entropy,
- __entry->input_entropy)
-);
-
DECLARE_EVENT_CLASS(random__get_random_bytes,
TP_PROTO(int nbytes, unsigned long IP),
@@ -253,38 +202,6 @@ DEFINE_EVENT(random__extract_entropy, ex
TP_ARGS(pool_name, nbytes, entropy_count, IP)
);
-DEFINE_EVENT(random__extract_entropy, extract_entropy_user,
- TP_PROTO(const char *pool_name, int nbytes, int entropy_count,
- unsigned long IP),
-
- TP_ARGS(pool_name, nbytes, entropy_count, IP)
-);
-
-TRACE_EVENT(random_read,
- TP_PROTO(int got_bits, int need_bits, int pool_left, int input_left),
-
- TP_ARGS(got_bits, need_bits, pool_left, input_left),
-
- TP_STRUCT__entry(
- __field( int, got_bits )
- __field( int, need_bits )
- __field( int, pool_left )
- __field( int, input_left )
- ),
-
- TP_fast_assign(
- __entry->got_bits = got_bits;
- __entry->need_bits = need_bits;
- __entry->pool_left = pool_left;
- __entry->input_left = input_left;
- ),
-
- TP_printk("got_bits %d still_needed_bits %d "
- "blocking_pool_entropy_left %d input_entropy_left %d",
- __entry->got_bits, __entry->got_bits, __entry->pool_left,
- __entry->input_left)
-);
-
TRACE_EVENT(urandom_read,
TP_PROTO(int got_bits, int pool_left, int input_left),
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 4.19 056/234] random: initialize ChaCha20 constants with correct endianness
[not found] <20220623164343.042598055@linuxfoundation.org>
2022-06-23 16:41 ` [PATCH 4.19 044/234] random: remove dead code left over from blocking pool Greg Kroah-Hartman
@ 2022-06-23 16:42 ` Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 057/234] random: early initialization of ChaCha constants Greg Kroah-Hartman
2 siblings, 0 replies; 3+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-23 16:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-crypto, Andy Lutomirski,
Jann Horn, Theodore Tso, Ard Biesheuvel, Eric Biggers, Herbert Xu,
Jason A. Donenfeld
From: Eric Biggers <ebiggers@google.com>
commit a181e0fdb2164268274453b5b291589edbb9b22d upstream.
On big endian CPUs, the ChaCha20-based CRNG is using the wrong
endianness for the ChaCha20 constants.
This doesn't matter cryptographically, but technically it means it's not
ChaCha20 anymore. Fix it to always use the standard constants.
Cc: linux-crypto@vger.kernel.org
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jann Horn <jannh@google.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 4 ++--
include/crypto/chacha20.h | 8 ++++++++
2 files changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -817,7 +817,7 @@ static bool __init crng_init_try_arch_ea
static void crng_initialize_secondary(struct crng_state *crng)
{
- memcpy(&crng->state[0], "expand 32-byte k", 16);
+ chacha_init_consts(crng->state);
_get_random_bytes(&crng->state[4], sizeof(__u32) * 12);
crng_init_try_arch(crng);
crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;
@@ -825,7 +825,7 @@ static void crng_initialize_secondary(st
static void __init crng_initialize_primary(struct crng_state *crng)
{
- memcpy(&crng->state[0], "expand 32-byte k", 16);
+ chacha_init_consts(crng->state);
_extract_entropy(&input_pool, &crng->state[4], sizeof(__u32) * 12, 0);
if (crng_init_try_arch_early(crng) && trust_cpu && crng_init < 2) {
invalidate_batched_entropy();
--- a/include/crypto/chacha20.h
+++ b/include/crypto/chacha20.h
@@ -24,4 +24,12 @@ int crypto_chacha20_setkey(struct crypto
unsigned int keysize);
int crypto_chacha20_crypt(struct skcipher_request *req);
+static inline void chacha_init_consts(u32 *state)
+{
+ state[0] = 0x61707865; /* "expa" */
+ state[1] = 0x3320646e; /* "nd 3" */
+ state[2] = 0x79622d32; /* "2-by" */
+ state[3] = 0x6b206574; /* "te k" */
+}
+
#endif
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 4.19 057/234] random: early initialization of ChaCha constants
[not found] <20220623164343.042598055@linuxfoundation.org>
2022-06-23 16:41 ` [PATCH 4.19 044/234] random: remove dead code left over from blocking pool Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 056/234] random: initialize ChaCha20 constants with correct endianness Greg Kroah-Hartman
@ 2022-06-23 16:42 ` Greg Kroah-Hartman
2 siblings, 0 replies; 3+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-23 16:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Herbert Xu, David S. Miller,
linux-crypto, Dominik Brodowski, Jason A. Donenfeld
From: Dominik Brodowski <linux@dominikbrodowski.net>
commit 96562f286884e2db89c74215b199a1084b5fb7f7 upstream.
Previously, the ChaCha constants for the primary pool were only
initialized in crng_initialize_primary(), called by rand_initialize().
However, some randomness is actually extracted from the primary pool
beforehand, e.g. by kmem_cache_create(). Therefore, statically
initialize the ChaCha constants for the primary pool.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: <linux-crypto@vger.kernel.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 5 ++++-
include/crypto/chacha20.h | 15 +++++++++++----
2 files changed, 15 insertions(+), 5 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -458,6 +458,10 @@ struct crng_state {
static struct crng_state primary_crng = {
.lock = __SPIN_LOCK_UNLOCKED(primary_crng.lock),
+ .state[0] = CHACHA_CONSTANT_EXPA,
+ .state[1] = CHACHA_CONSTANT_ND_3,
+ .state[2] = CHACHA_CONSTANT_2_BY,
+ .state[3] = CHACHA_CONSTANT_TE_K,
};
/*
@@ -825,7 +829,6 @@ static void crng_initialize_secondary(st
static void __init crng_initialize_primary(struct crng_state *crng)
{
- chacha_init_consts(crng->state);
_extract_entropy(&input_pool, &crng->state[4], sizeof(__u32) * 12, 0);
if (crng_init_try_arch_early(crng) && trust_cpu && crng_init < 2) {
invalidate_batched_entropy();
--- a/include/crypto/chacha20.h
+++ b/include/crypto/chacha20.h
@@ -24,12 +24,19 @@ int crypto_chacha20_setkey(struct crypto
unsigned int keysize);
int crypto_chacha20_crypt(struct skcipher_request *req);
+enum chacha_constants { /* expand 32-byte k */
+ CHACHA_CONSTANT_EXPA = 0x61707865U,
+ CHACHA_CONSTANT_ND_3 = 0x3320646eU,
+ CHACHA_CONSTANT_2_BY = 0x79622d32U,
+ CHACHA_CONSTANT_TE_K = 0x6b206574U
+};
+
static inline void chacha_init_consts(u32 *state)
{
- state[0] = 0x61707865; /* "expa" */
- state[1] = 0x3320646e; /* "nd 3" */
- state[2] = 0x79622d32; /* "2-by" */
- state[3] = 0x6b206574; /* "te k" */
+ state[0] = CHACHA_CONSTANT_EXPA;
+ state[1] = CHACHA_CONSTANT_ND_3;
+ state[2] = CHACHA_CONSTANT_2_BY;
+ state[3] = CHACHA_CONSTANT_TE_K;
}
#endif
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-23 17:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20220623164343.042598055@linuxfoundation.org>
2022-06-23 16:41 ` [PATCH 4.19 044/234] random: remove dead code left over from blocking pool Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 056/234] random: initialize ChaCha20 constants with correct endianness Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.19 057/234] random: early initialization of ChaCha constants Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).