From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org,
Stephan Mueller <smueller@chronox.de>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 37/38] crypto: drbg - Clean up generation code
Date: Sun, 19 Apr 2026 23:34:21 -0700 [thread overview]
Message-ID: <20260420063422.324906-38-ebiggers@kernel.org> (raw)
In-Reply-To: <20260420063422.324906-1-ebiggers@kernel.org>
A few miscellaneous cleanups to make the code a bit more readable:
- Replace (buf, buflen) with (out, outlen)
- Update (out, outlen) as we go along
- Use size_t for lengths
- Use min()
- Adjust some comments and log messages
- Rename a variable named 'len' to 'err', since it isn't a length
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
crypto/drbg.c | 53 ++++++++++++++++++---------------------------------
1 file changed, 19 insertions(+), 34 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index bab766026177..b54c807930af 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -178,16 +178,13 @@ static void drbg_hmac_update(struct drbg_state *drbg,
}
memzero_explicit(new_key, sizeof(new_key));
}
/* generate function of HMAC DRBG as defined in 10.1.2.5 */
-static void drbg_hmac_generate(struct drbg_state *drbg,
- unsigned char *buf,
- unsigned int buflen,
+static void drbg_hmac_generate(struct drbg_state *drbg, u8 *out, size_t outlen,
const u8 *addtl1, size_t addtl1_len)
{
- int len = 0;
u8 addtl2[32];
size_t addtl2_len = 0;
/*
* Append some bytes from get_random_bytes() to the additional input
@@ -208,21 +205,20 @@ static void drbg_hmac_generate(struct drbg_state *drbg,
/* 10.1.2.5 step 2 */
if (addtl1_len || addtl2_len)
drbg_hmac_update(drbg, addtl1, addtl1_len, addtl2, addtl2_len);
- while (len < buflen) {
- unsigned int outlen = 0;
+ while (outlen) {
+ size_t n = min(DRBG_STATE_LEN, outlen);
/* 10.1.2.5 step 4.1 */
hmac_sha512(&drbg->key, drbg->V, DRBG_STATE_LEN, drbg->V);
- outlen = (DRBG_STATE_LEN < (buflen - len)) ?
- DRBG_STATE_LEN : (buflen - len);
/* 10.1.2.5 step 4.2 */
- memcpy(buf + len, drbg->V, outlen);
- len += outlen;
+ memcpy(out, drbg->V, n);
+ out += n;
+ outlen -= n;
}
/* 10.1.2.5 step 6 */
drbg_hmac_update(drbg, addtl1, addtl1_len, addtl2, addtl2_len);
@@ -329,47 +325,42 @@ static int drbg_seed(struct drbg_state *drbg, const u8 *pers, size_t pers_len,
return ret;
}
/*
- * DRBG generate function as required by SP800-90A - this function
- * generates random numbers
+ * Generate random bytes from an SP800-90A DRBG.
*
* @drbg DRBG state handle
- * @buf Buffer where to store the random numbers -- the buffer must already
- * be pre-allocated by caller
- * @buflen Length of output buffer - this value defines the number of random
- * bytes pulled from DRBG
+ * @out Buffer where to store the random bytes
+ * @outlen Number of random bytes to generate
* @addtl Optional additional input that is mixed into state
* @addtl_len Length of @addtl in bytes, may be 0
*
* return: 0 when all bytes are generated; < 0 in case of an error
*/
-static int drbg_generate(struct drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
+static int drbg_generate(struct drbg_state *drbg, u8 *out, size_t outlen,
const u8 *addtl, size_t addtl_len)
__must_hold(&drbg->drbg_mutex)
{
- int len = 0;
+ int err;
if (!drbg->instantiated) {
pr_devel("DRBG: not yet instantiated\n");
return -EINVAL;
}
- if (0 == buflen || !buf) {
+ if (out == NULL || outlen == 0) {
pr_devel("DRBG: no output buffer provided\n");
return -EINVAL;
}
if (addtl == NULL && addtl_len != 0) {
pr_devel("DRBG: wrong format of additional information\n");
return -EINVAL;
}
/* 9.3.1 step 2 */
- if (buflen > DRBG_MAX_REQUEST_BYTES) {
- pr_devel("DRBG: requested random numbers too large %u\n",
- buflen);
+ if (outlen > DRBG_MAX_REQUEST_BYTES) {
+ pr_devel("DRBG: request length is too long %zu\n", outlen);
return -EINVAL;
}
/* 9.3.1 step 3 is implicit with the chosen DRBG */
@@ -391,20 +382,20 @@ static int drbg_generate(struct drbg_state *drbg,
*/
if (drbg->pr || drbg->reseed_ctr > DRBG_MAX_REQUESTS) {
pr_devel("DRBG: reseeding before generation (prediction resistance: %s)\n",
str_true_false(drbg->pr));
/* 9.3.1 steps 7.1 through 7.3 */
- len = drbg_seed(drbg, addtl, addtl_len, true);
- if (len)
- goto err;
+ err = drbg_seed(drbg, addtl, addtl_len, true);
+ if (err)
+ return err;
/* 9.3.1 step 7.4 */
addtl = NULL;
addtl_len = 0;
}
/* 9.3.1 step 8 and 10 */
- drbg_hmac_generate(drbg, buf, buflen, addtl, addtl_len);
+ drbg_hmac_generate(drbg, out, outlen, addtl, addtl_len);
/* 10.1.2.5 step 7 */
drbg->reseed_ctr++;
/*
@@ -418,17 +409,11 @@ static int drbg_generate(struct drbg_state *drbg,
* In this case, the entire kernel operation is questionable and it
* is unlikely that the integrity violation only affects the
* correct operation of the DRBG.
*/
- /*
- * All operations were successful, return 0 as mandated by
- * the kernel crypto API interface.
- */
- len = 0;
-err:
- return len;
+ return 0;
}
/***************************************************************
* Kernel crypto API interface to DRBG
***************************************************************/
--
2.53.0
next prev parent reply other threads:[~2026-04-20 6:37 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 6:33 [PATCH 00/38] Fix and simplify the NIST DRBG implementation Eric Biggers
2026-04-20 6:33 ` [PATCH 01/38] crypto: drbg - Fix returning success on failure in CTR_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 02/38] crypto: drbg - Fix misaligned writes in CTR_DRBG and HASH_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 03/38] crypto: drbg - Fix ineffective sanity check Eric Biggers
2026-04-20 6:33 ` [PATCH 04/38] crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels Eric Biggers
2026-04-20 6:33 ` [PATCH 05/38] crypto: drbg - Fix the fips_enabled priority boost Eric Biggers
2026-04-20 6:33 ` [PATCH 06/38] crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC Eric Biggers
2026-04-20 6:33 ` [PATCH 07/38] crypto: drbg - Remove broken commented-out code Eric Biggers
2026-04-20 6:33 ` [PATCH 08/38] crypto: drbg - Remove unhelpful helper functions Eric Biggers
2026-04-20 6:33 ` [PATCH 09/38] crypto: drbg - Remove obsolete FIPS 140-2 continuous test Eric Biggers
2026-04-20 6:33 ` [PATCH 10/38] crypto: drbg - Fold include/crypto/drbg.h into crypto/drbg.c Eric Biggers
2026-04-20 6:33 ` [PATCH 11/38] crypto: drbg - Remove import of crypto_cipher functions Eric Biggers
2026-04-20 6:33 ` [PATCH 12/38] crypto: drbg - Remove support for CTR_DRBG Eric Biggers
2026-04-20 8:07 ` Geert Uytterhoeven
2026-04-20 14:40 ` Stephan Mueller
2026-04-20 17:47 ` Eric Biggers
2026-04-20 19:54 ` Stephan Mueller
2026-04-20 20:56 ` Eric Biggers
2026-04-20 20:58 ` Stephan Mueller
2026-04-20 6:33 ` [PATCH 13/38] crypto: drbg - Remove support for HASH_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 14/38] crypto: drbg - Flatten the DRBG menu Eric Biggers
2026-04-20 6:33 ` [PATCH 15/38] crypto: testmgr - Add test for drbg_pr_hmac_sha512 Eric Biggers
2026-04-20 16:04 ` Joachim Vandersmissen
2026-04-20 17:06 ` Eric Biggers
2026-04-20 6:34 ` [PATCH 16/38] crypto: testmgr - Update test for drbg_nopr_hmac_sha512 Eric Biggers
2026-04-20 6:34 ` [PATCH 17/38] crypto: drbg - Remove support for HMAC-SHA256 and HMAC-SHA384 Eric Biggers
2026-04-20 6:34 ` [PATCH 18/38] crypto: drbg - Simplify algorithm registration Eric Biggers
2026-04-20 6:34 ` [PATCH 19/38] crypto: drbg - De-virtualize drbg_state_ops Eric Biggers
2026-04-20 6:34 ` [PATCH 20/38] crypto: drbg - Move fixed values into constants Eric Biggers
2026-04-20 16:06 ` Joachim Vandersmissen
2026-04-20 6:34 ` [PATCH 21/38] crypto: drbg - Embed V and C into struct drbg_state Eric Biggers
2026-04-20 6:34 ` [PATCH 22/38] crypto: drbg - Use HMAC-SHA512 library API Eric Biggers
2026-04-20 6:34 ` [PATCH 23/38] crypto: drbg - Remove drbg_core Eric Biggers
2026-04-20 6:34 ` [PATCH 24/38] crypto: drbg - Install separate seed functions for pr and nopr Eric Biggers
2026-04-20 6:34 ` [PATCH 25/38] crypto: drbg - Move module aliases to end of file Eric Biggers
2026-04-20 6:34 ` [PATCH 26/38] crypto: drbg - Consolidate "instantiate" logic and remove drbg_state::C Eric Biggers
2026-04-20 6:34 ` [PATCH 27/38] crypto: drbg - Eliminate use of 'drbg_string' and lists Eric Biggers
2026-04-20 6:34 ` [PATCH 28/38] crypto: drbg - Simplify drbg_generate_long() and fold into caller Eric Biggers
2026-04-20 6:34 ` [PATCH 29/38] crypto: drbg - Put rng_alg methods in logical order Eric Biggers
2026-04-20 6:34 ` [PATCH 30/38] crypto: drbg - Fold drbg_instantiate() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 31/38] crypto: drbg - Separate "reseed" case in drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 32/38] crypto: drbg - Fold drbg_prepare_hrng() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 33/38] crypto: drbg - Simplify "uninstantiate" logic Eric Biggers
2026-04-20 6:34 ` [PATCH 34/38] crypto: drbg - Include get_random_bytes() output in additional input Eric Biggers
2026-04-20 6:34 ` [PATCH 35/38] crypto: drbg - Change DRBG_MAX_REQUESTS to 4096 Eric Biggers
2026-04-20 6:34 ` [PATCH 36/38] crypto: drbg - Remove redundant reseeding based on random.c state Eric Biggers
2026-04-20 16:48 ` Joachim Vandersmissen
2026-04-20 17:25 ` Eric Biggers
2026-04-20 6:34 ` Eric Biggers [this message]
2026-04-20 6:34 ` [PATCH 38/38] crypto: drbg - Clean up loop in drbg_hmac_update() Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420063422.324906-38-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox