summaryrefslogtreecommitdiff
path: root/drivers/char
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/random.c88
1 files changed, 61 insertions, 27 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 57ec883..e83f645 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -286,6 +286,18 @@
*/
#define FILL_FRAC(X) ((X)*3/4)
+typedef unsigned long long int ulonglong;
+#if defined __SIZEOF_LONG_LONG__ && __SIZEOF_LONG_LONG__ == 8
+/* This is how it should be using gcc
+ * on Intel x86_32 and also Intel 64 architectures.
+ * I don't know how to extrapolate to other architectures
+ * or other compilers ...
+ * but at least we are being properly defensive.
+ */
+#else
+#error Broken assumption: __SIZEOF_LONG_LONG__ should be defined and equal to 8
+#endif
+
#define LONGS(x) (((x) + sizeof(unsigned long) - 1)/sizeof(unsigned long))
#define W2BYTE(X) ((X)*4) /* convert #words to #bytes */
#define W2BIT(X) ((X)*32) /* convert #words to #bits */
@@ -447,8 +459,8 @@ struct entropy_store {
unsigned input_rotate;
int entropy_count;
int entropy_total; /* entropy input; used only during initialization */
- uint64_t extracted_subttl;
- uint64_t extracted_total;
+ ulonglong extracted_subttl;
+ ulonglong extracted_total;
unsigned int initialized:1;
bool last_data_init;
__u8 last_data[EXTRACT_SIZE];
@@ -458,10 +470,10 @@ static __u32 input_pool_data[INPUT_POOL_WORDS];
static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
#ifdef NOTUSED
- static uint64_t uint64_zero = 0;
- static uint64_t uint64_max = ~((uint64_t)0);
+ static ulonglong uint64_zero = 0;
+ static ulonglong uint64_max = ~((ulonglong)0);
#endif
-static uint64_t play = sizeof(uint64_t)*10000 + sizeof(ulong)*100 + sizeof(int);
+static ulonglong play = sizeof(ulonglong)*10000 + sizeof(ulong)*100 + sizeof(int);
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
@@ -836,35 +848,54 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
{
__u32 tmp[OUTPUT_POOL_WORDS];
- if (r->pull && r->entropy_count < nbytes * 8 &&
- r->entropy_count < r->poolinfo->POOLBITS) {
- /* If we're non-blocking, protect the reserved amount of entropy: */
- int rsvd = r->limit ? 0 : FILL_FRAC(W2BYTE(r->pull->poolinfo->poolwords));
+ if (!r->pull) return;
+ if (r->entropy_count < nbytes * 8 && r->entropy_count < r->poolinfo->POOLBITS) {
+ int rsvd = 0;
int bytes = nbytes;
-
- /* Request a big-enough batch: */
+ if (!r->limit) {
+/*
+ * Here if we are non-limited i.e. non-blocking i.e. urandom.
+ * Reserve a suitable amount of entropy in the input pool,
+ * based on how desperate we are to be reseeded.
+ *
+ * The dilution factor ranges from 819 to 1 (at appetite=0)
+ * to 858,993,459 to 1 (at appetite=20)
+ */
+ int appetite = fls64(r->extracted_subttl) - 18;
+ if (appetite < 0) return; /* 128k bits maps to appetite 0 */
+/* Max possible rsvd: */
+ rsvd = W2BIT(r->pull->poolinfo->poolwords) - RESEED_BATCH;
+/* When the appetite gets to 20, rsvd goes to zero: */
+ rsvd = rsvd - appetite*rsvd/20;
+ if (rsvd < 0) rsvd = 0;
+ }
+
+ /* Make the request big enough to be "significant" to any attacker: */
bytes = max_t(int, bytes, BIT2BYTE(RESEED_BATCH));
- /* but never more than the buffer size */
+ /* but never more than our buffer size */
bytes = min_t(int, bytes, sizeof(tmp));
- DEBUG_ENT("going to reseed %s with %d bits "
- "(%zu of %d requested)\n",
+ DEBUG_ENT("Going to reseed %s with %d bits; "
+ "caller requested: %zu prev level: %d\n",
r->name, bytes * 8, nbytes * 8, r->entropy_count);
- bytes = extract_entropy(r->pull, tmp, bytes, BIT2BYTE(RESEED_BATCH), rsvd);
+ bytes = extract_entropy(r->pull, tmp, bytes,
+ BIT2BYTE(RESEED_BATCH), BIT2BYTE(rsvd));
mix_pool_bytes(r, tmp, bytes, NULL);
credit_entropy_bits(r, bytes*8);
}
+// FIXME: return bytes;
}
/*
* These functions extracts randomness from the "entropy pool", and
* returns it in a buffer.
*
- * The min parameter specifies the minimum amount we can pull before
- * failing to avoid races that defeat catastrophic reseeding while the
- * reserved parameter indicates how much entropy we must leave in the
- * pool after each pull to avoid starving other readers.
+ * The /min/ parameter specifies the minimum amount we are allowed to pull;
+ * otherwise we pull nothing. This can be used to make sure the
+ * pull is "significant" to any attacker.
+ * The /reserved/ parameter indicates how much entropy we must leave
+ * in the pool after each pull to avoid starving other readers.
*
* Note: extract_entropy() assumes that .poolwords is a multiple of 16 words.
*/
@@ -1029,8 +1060,11 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
memset(tmp, 0, sizeof(tmp));
if (ret > 0) {
+/* Prevent overflow; saturate at a user-friendly round number: */
r->extracted_subttl += BYTE2BIT(ret);
+ if (r->extracted_subttl > 1000000000000000000LL) r->extracted_subttl = 1000000000000000000LL;
r->extracted_total += BYTE2BIT(ret);
+ if (r->extracted_total > 1000000000000000000LL) r->extracted_total = 1000000000000000000LL;
}
return ret;
}
@@ -1473,56 +1507,56 @@ struct ctl_table random_table[] = {
},
{
.procname = "play_int",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_dointvec,
.data = &play,
},
{
.procname = "play_long",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &play,
},
{
.procname = "extracted_total",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &input_pool.extracted_total,
},
{
.procname = "extracted_total_r",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &blocking_pool.extracted_total,
},
{
.procname = "extracted_total_ur",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &nonblocking_pool.extracted_total,
},
{
.procname = "extracted_subttl",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &input_pool.extracted_subttl,
},
{
.procname = "extracted_subttl_r",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &blocking_pool.extracted_subttl,
},
{
.procname = "extracted_subttl_ur",
- .maxlen = sizeof(uint64_t),
+ .maxlen = sizeof(ulonglong),
.mode = 0644,
.proc_handler = proc_doulonglongvec_minmax,
.data = &nonblocking_pool.extracted_subttl,