[PATCH 8/12] random pt3: Break up extract_user

From: Matt Mackall
Date: Wed Jan 19 2005 - 03:51:22 EST


Break apart extract_entropy into kernel and user versions, remove last
extract flag and some unnecessary variables. This makes the code more
readable and amenable to sparse.

Signed-off-by: Matt Mackall <mpm@xxxxxxxxxxx>

Index: rnd/drivers/char/random.c
===================================================================
--- rnd.orig/drivers/char/random.c 2005-01-18 10:39:47.360504569 -0800
+++ rnd/drivers/char/random.c 2005-01-18 10:40:00.654809689 -0800
@@ -1183,19 +1183,18 @@
*
*********************************************************************/

-#define EXTRACT_ENTROPY_USER 1
#define TMP_BUF_SIZE (HASH_BUFFER_SIZE + HASH_EXTRA_SIZE)
#define SEC_XFER_SIZE (TMP_BUF_SIZE*4)

static ssize_t extract_entropy(struct entropy_store *r, void * buf,
- size_t nbytes, int min, int rsvd, int flags);
+ size_t nbytes, int min, int rsvd);

/*
* This utility inline function is responsible for transfering entropy
* from the primary pool to the secondary extraction pool. We make
* sure we pull enough for a 'catastrophic reseed'.
*/
-static inline void xfer_secondary_pool(struct entropy_store *r,
+static void xfer_secondary_pool(struct entropy_store *r,
size_t nbytes, __u32 *tmp)
{
if (r->pull && r->entropy_count < nbytes * 8 &&
@@ -1209,18 +1208,15 @@
r->name, bytes * 8, nbytes * 8, r->entropy_count);

bytes=extract_entropy(r->pull, tmp, bytes,
- random_read_wakeup_thresh / 8, rsvd, 0);
+ random_read_wakeup_thresh / 8, rsvd);
add_entropy_words(r, tmp, bytes);
credit_entropy_store(r, bytes*8);
}
}

/*
- * This function extracts randomness from the "entropy pool", and
- * returns it in a buffer. This function computes how many remaining
- * bits of entropy are left in the pool, but it does not restrict the
- * number of bytes that are actually obtained. If the EXTRACT_ENTROPY_USER
- * flag is given, then the buf pointer is assumed to be in user space.
+ * These functions extracts randomness from the "entropy pool", and
+ * returns it in a buffer.
*
* The min parameter specifies the minimum amount we can pull before
* failing to avoid races that defeat catastrophic reseeding while the
@@ -1229,22 +1225,16 @@
*
* Note: extract_entropy() assumes that .poolwords is a multiple of 16 words.
*/
-static ssize_t extract_entropy(struct entropy_store *r, void * buf,
- size_t nbytes, int min, int reserved, int flags)
+
+static size_t account(struct entropy_store *r, size_t nbytes, int min,
+ int reserved)
{
- ssize_t ret, i;
- __u32 tmp[TMP_BUF_SIZE], data[16];
- __u32 x;
- unsigned long cpuflags;
-
- /* Redundant, but just in case... */
- if (r->entropy_count > r->poolinfo->POOLBITS)
- r->entropy_count = r->poolinfo->POOLBITS;
+ unsigned long flags;

- xfer_secondary_pool(r, nbytes, tmp);
+ BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);

/* Hold lock while accounting */
- spin_lock_irqsave(&r->lock, cpuflags);
+ spin_lock_irqsave(&r->lock, flags);

DEBUG_ENT("trying to extract %d bits from %s\n",
nbytes * 8, r->name);
@@ -1269,75 +1259,111 @@
DEBUG_ENT("debiting %d entropy credits from %s%s\n",
nbytes * 8, r->name, r->limit ? "" : " (unlimited)");

- spin_unlock_irqrestore(&r->lock, cpuflags);
+ spin_unlock_irqrestore(&r->lock, flags);
+
+ return nbytes;
+}
+
+static void extract_buf(struct entropy_store *r, __u32 *buf)
+{
+ int i, x;
+ __u32 data[16];
+
+ /* Hash the pool to get the output */
+ buf[0] = 0x67452301;
+ buf[1] = 0xefcdab89;
+ buf[2] = 0x98badcfe;
+ buf[3] = 0x10325476;
+#ifdef USE_SHA
+ buf[4] = 0xc3d2e1f0;
+#endif
+
+ /*
+ * As we hash the pool, we mix intermediate values of
+ * the hash back into the pool. This eliminates
+ * backtracking attacks (where the attacker knows
+ * the state of the pool plus the current outputs, and
+ * attempts to find previous ouputs), unless the hash
+ * function can be inverted.
+ */
+ for (i = 0, x = 0; i < r->poolinfo->poolwords; i += 16, x+=2) {
+ HASH_TRANSFORM(buf, r->pool+i);
+ add_entropy_words(r, &buf[x%HASH_BUFFER_SIZE], 1);
+ }
+
+ /*
+ * To avoid duplicates, we atomically extract a
+ * portion of the pool while mixing, and hash one
+ * final time.
+ */
+ __add_entropy_words(r, &buf[x%HASH_BUFFER_SIZE], 1, data);
+ HASH_TRANSFORM(buf, data);
+
+ /*
+ * In case the hash function has some recognizable
+ * output pattern, we fold it in half.
+ */
+ for (i = 0; i < HASH_BUFFER_SIZE / 2; i++)
+ buf[i] ^= buf[i + (HASH_BUFFER_SIZE + 1) / 2];
+
+ if (HASH_BUFFER_SIZE & 1) {
+ /* There's a middle word to deal with */
+ x = buf[HASH_BUFFER_SIZE/2];
+ x ^= (x >> 16); /* Fold it in half */
+ ((__u16 *)buf)[HASH_BUFFER_SIZE - 1] = (__u16)x;
+ }
+}
+
+static ssize_t extract_entropy(struct entropy_store *r, void * buf,
+ size_t nbytes, int min, int reserved)
+{
+ ssize_t ret = 0, i;
+ __u32 tmp[TMP_BUF_SIZE];
+
+ xfer_secondary_pool(r, nbytes, tmp);
+ nbytes = account(r, nbytes, min, reserved);

- ret = 0;
while (nbytes) {
- /*
- * Check if we need to break out or reschedule....
- */
- if ((flags & EXTRACT_ENTROPY_USER) && need_resched()) {
+ extract_buf(r, tmp);
+ i = min(nbytes, HASH_BUFFER_SIZE * sizeof(__u32) / 2);
+ memcpy(buf, (__u8 const *)tmp, i);
+ nbytes -= i;
+ buf += i;
+ ret += i;
+ }
+
+ /* Wipe data just returned from memory */
+ memset(tmp, 0, sizeof(tmp));
+
+ return ret;
+}
+
+static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+ size_t nbytes)
+{
+ ssize_t ret = 0, i;
+ __u32 tmp[TMP_BUF_SIZE];
+
+ xfer_secondary_pool(r, nbytes, tmp);
+ nbytes = account(r, nbytes, 0, 0);
+
+ while (nbytes) {
+ if (need_resched()) {
if (signal_pending(current)) {
if (ret == 0)
ret = -ERESTARTSYS;
break;
}
-
schedule();
}

- /* Hash the pool to get the output */
- tmp[0] = 0x67452301;
- tmp[1] = 0xefcdab89;
- tmp[2] = 0x98badcfe;
- tmp[3] = 0x10325476;
-#ifdef USE_SHA
- tmp[4] = 0xc3d2e1f0;
-#endif
- /*
- * As we hash the pool, we mix intermediate values of
- * the hash back into the pool. This eliminates
- * backtracking attacks (where the attacker knows
- * the state of the pool plus the current outputs, and
- * attempts to find previous ouputs), unless the hash
- * function can be inverted.
- */
- for (i = 0, x = 0; i < r->poolinfo->poolwords; i += 16, x+=2) {
- HASH_TRANSFORM(tmp, r->pool+i);
- add_entropy_words(r, &tmp[x%HASH_BUFFER_SIZE], 1);
+ extract_buf(r, tmp);
+ i = min(nbytes, HASH_BUFFER_SIZE * sizeof(__u32) / 2);
+ if (copy_to_user(buf, tmp, i)) {
+ ret = -EFAULT;
+ break;
}

- /*
- * To avoid duplicates, we atomically extract a
- * portion of the pool while mixing, and hash one
- * final time.
- */
- __add_entropy_words(r, &tmp[x%HASH_BUFFER_SIZE], 1, data);
- HASH_TRANSFORM(tmp, data);
-
- /*
- * In case the hash function has some recognizable
- * output pattern, we fold it in half.
- */
- for (i = 0; i < HASH_BUFFER_SIZE/2; i++)
- tmp[i] ^= tmp[i + (HASH_BUFFER_SIZE+1)/2];
-#if HASH_BUFFER_SIZE & 1 /* There's a middle word to deal with */
- x = tmp[HASH_BUFFER_SIZE/2];
- x ^= (x >> 16); /* Fold it in half */
- ((__u16 *)tmp)[HASH_BUFFER_SIZE-1] = (__u16)x;
-#endif
-
- /* Copy data to destination buffer */
- i = min(nbytes, HASH_BUFFER_SIZE*sizeof(__u32)/2);
- if (flags & EXTRACT_ENTROPY_USER) {
- i -= copy_to_user(buf, (__u8 const *)tmp, i);
- if (!i) {
- ret = -EFAULT;
- break;
- }
- } else
- memcpy(buf, (__u8 const *)tmp, i);
-
nbytes -= i;
buf += i;
ret += i;
@@ -1356,7 +1382,7 @@
*/
void get_random_bytes(void *buf, int nbytes)
{
- extract_entropy(&nonblocking_pool, (char *) buf, nbytes, 0, 0, 0);
+ extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
}

EXPORT_SYMBOL(get_random_bytes);
@@ -1445,8 +1471,7 @@

DEBUG_ENT("reading %d bits\n", n*8);

- n = extract_entropy(&blocking_pool, buf, n, 0, 0,
- EXTRACT_ENTROPY_USER);
+ n = extract_entropy_user(&blocking_pool, buf, n);

DEBUG_ENT("read got %d bits (%d still needed)\n",
n*8, (nbytes-n)*8);
@@ -1497,8 +1522,7 @@
urandom_read(struct file * file, char __user * buf,
size_t nbytes, loff_t *ppos)
{
- return extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0,
- EXTRACT_ENTROPY_USER);
+ return extract_entropy_user(&nonblocking_pool, buf, nbytes);
}

static unsigned int
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/