[PATCH 21/38] crypto: drbg - Embed V and C into struct drbg_state
From: Eric Biggers
Date: Mon Apr 20 2026 - 02:43:25 EST
Now that the sizes of V and C are known at compile time, embed them into
struct drbg_state rather than using separate allocations.
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
crypto/drbg.c | 30 ++++--------------------------
1 file changed, 4 insertions(+), 26 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 34a7cbdda1f1..e62bde7aab43 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -140,14 +140,12 @@ enum drbg_seed_state {
*/
#define DRBG_MAX_ADDTL (U32_MAX - 1)
struct drbg_state {
struct mutex drbg_mutex; /* lock around DRBG */
- unsigned char *V; /* internal state -- 10.1.2.1 1a */
- unsigned char *Vbuf;
- unsigned char *C; /* current key -- 10.1.2.1 1b */
- unsigned char *Cbuf;
+ u8 V[DRBG_STATE_LEN]; /* internal state -- 10.1.2.1 1a */
+ u8 C[DRBG_STATE_LEN]; /* current key -- 10.1.2.1 1b */
/* Number of RNG requests since last reseed -- 10.1.2.1 1c */
size_t reseed_ctr;
size_t reseed_threshold;
void *priv_data; /* Cipher handle */
@@ -490,16 +488,12 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
/* Free all substructures in a DRBG state without the DRBG state structure */
static inline void drbg_dealloc_state(struct drbg_state *drbg)
{
if (!drbg)
return;
- kfree_sensitive(drbg->Vbuf);
- drbg->Vbuf = NULL;
- drbg->V = NULL;
- kfree_sensitive(drbg->Cbuf);
- drbg->Cbuf = NULL;
- drbg->C = NULL;
+ memzero_explicit(drbg->V, sizeof(drbg->V));
+ memzero_explicit(drbg->C, sizeof(drbg->C));
drbg->reseed_ctr = 0;
drbg->core = NULL;
}
/*
@@ -511,28 +505,12 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
int ret = -ENOMEM;
ret = drbg_init_hash_kernel(drbg);
if (ret < 0)
goto err;
-
- drbg->Vbuf = kmalloc(DRBG_STATE_LEN + ret, GFP_KERNEL);
- if (!drbg->Vbuf) {
- ret = -ENOMEM;
- goto fini;
- }
- drbg->V = PTR_ALIGN(drbg->Vbuf, ret + 1);
- drbg->Cbuf = kmalloc(DRBG_STATE_LEN + ret, GFP_KERNEL);
- if (!drbg->Cbuf) {
- ret = -ENOMEM;
- goto fini;
- }
- drbg->C = PTR_ALIGN(drbg->Cbuf, ret + 1);
-
return 0;
-fini:
- drbg_fini_hash_kernel(drbg);
err:
drbg_dealloc_state(drbg);
return ret;
}
--
2.53.0