Am Dienstag, 2. Dezember 2014, 03:34:41 schrieb George Spelvin:
Hi George,
>It's more like rand_data_invalid (data which has already been output),
>so it's a pretty bad misnomer. But rand_data_pos is even better.
>
>Signed-off-by: George Spelvin <linux@xxxxxxxxxxx>
>---
> crypto/ansi_cprng.c | 25 +++++++++++--------------
> 1 file changed, 11 insertions(+), 14 deletions(-)
>
>diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
>index 97fe3110..c9e1684b 100644
>--- a/crypto/ansi_cprng.c
>+++ b/crypto/ansi_cprng.c
>@@ -50,7 +50,7 @@ struct prng_context {
> unsigned char DT[DEFAULT_BLK_SZ];
> unsigned char I[DEFAULT_BLK_SZ];
> unsigned char V[DEFAULT_BLK_SZ];
>- u32 rand_data_valid;
>+ u32 rand_read_pos; /* Offset into rand_data[] */
> struct crypto_cipher *tfm;
> u32 flags;
> };
>@@ -174,7 +174,7 @@ static int _get_more_prng_bytes(struct prng_context
>*ctx, int cont_test) }
>
> dbgprint("Returning new block for context %p\n", ctx);
>- ctx->rand_data_valid = 0;
>+ ctx->rand_read_pos = 0;
>
> hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
> hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
>@@ -217,7 +217,7 @@ static int get_prng_bytes(char *buf, size_t nbytes,
>struct prng_context *ctx,
>
>
> remainder:
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0) {
> memset(buf, 0, nbytes);
> err = -EINVAL;
>@@ -230,12 +230,9 @@ remainder:
> */
> if (byte_count < DEFAULT_BLK_SZ) {
> empty_rbuf:
>- while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
>- *ptr = ctx->rand_data[ctx->rand_data_valid];
>- ptr++;
>- byte_count--;
>- ctx->rand_data_valid++;
>- if (byte_count == 0)
>+ while (ctx->rand_read_pos < DEFAULT_BLK_SZ) {
>+ *ptr++ = ctx->rand_data[ctx->rand_read_pos++];
>+ if (--byte_count == 0)
> goto done;
I am against such collapsing of constructs into one-liners. It is not
obvious at first sight, which value gets incremented in what order. Such
collapsing was the cause for CVE-2013-4345 as it caused an off-by one.
> }
> }
>@@ -244,17 +241,17 @@ empty_rbuf:
> * Now copy whole blocks
> */
> for (; byte_count >= DEFAULT_BLK_SZ; byte_count -=
DEFAULT_BLK_SZ) {
>- if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
>+ if (ctx->rand_read_pos == DEFAULT_BLK_SZ) {
> if (_get_more_prng_bytes(ctx, do_cont_test) < 0)
{
> memset(buf, 0, nbytes);
> err = -EINVAL;
> goto done;
> }
> }
>- if (ctx->rand_data_valid > 0)
>+ if (ctx->rand_read_pos > 0)
> goto empty_rbuf;
> memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
>- ctx->rand_data_valid += DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos += DEFAULT_BLK_SZ;
> ptr += DEFAULT_BLK_SZ;
> }
>
>@@ -304,7 +301,7 @@ static int reset_prng_context(struct prng_context
>*ctx, memset(ctx->rand_data, 0, DEFAULT_BLK_SZ);
> memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ);
>
>- ctx->rand_data_valid = DEFAULT_BLK_SZ;
>+ ctx->rand_read_pos = DEFAULT_BLK_SZ; /* Force immediate
refill */
>
> ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen);
> if (ret) {
>@@ -413,7 +410,7 @@ static int fips_cprng_reset(struct crypto_rng *tfm,
>u8 *seed, unsigned int slen)
>
> /* this primes our continuity test */
> rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0);
>- prng->rand_data_valid = DEFAULT_BLK_SZ;
>+ prng->rand_read_pos = DEFAULT_BLK_SZ;
>
> out:
> return rc;
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
