crypto: drbg - use pragmas for disabling optimization

Replace the global -O0 compiler flag from the Makefile with GCC pragmas to mark only the functions required to be compiled without optimizations. This patch also adds a comment describing the rationale for the functions chosen to be compiled without optimizations. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Mueller <smueller@chronox.de> 2015-06-08 22:08:49 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-09 10:26:00 -0400
commit: fbb145bc0a1c03b90a96cca99dc07c33aaad2318 (patch)
tree: 27e29447feac622abe0553ab12e695d94b0f48f6
parent: 70c3c8a96a85d333b3ff1f24df84c0e179261a8a (diff)
2 files changed, 26 insertions, 5 deletions
diff --git a/crypto/Makefile b/crypto/Makefile
index 83b3c4496ec7..c84203572477 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -97,7 +97,6 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
 obj-$(CONFIG_CRYPTO_RNG2) += rng.o
 obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
 obj-$(CONFIG_CRYPTO_DRBG) += drbg.o
-CFLAGS_jitterentropy.o = -O0
 obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy.o
 obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
 obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index a60147e4bb3f..d3c30452edee 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -57,10 +57,6 @@
 #include <linux/crypto.h>
 #include <crypto/internal/rng.h>
-#ifdef __OPTIMIZE__
- #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c."
-#endif
 /* The entropy pool */
 struct rand_data {
        /* all data values that are vital to maintain the security
@@ -188,6 +184,20 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
 * Noise sources
 ***************************************************************************/
+/*
+ * The disabling of the optimizations is performed as documented and assessed
+ * thoroughly in http://www.chronox.de/jent.html. However, instead of disabling
+ * the optimization of the entire C file, only the main functions the jitter is
+ * measured for are not optimized. These functions include the noise sources as
+ * well as the main functions triggering the noise sources. As the time
+ * measurement is done from one invocation of the jitter noise source to the
+ * next, even the execution jitter of the code invoking the noise sources
+ * contribute to the overall randomness as well. The behavior of the RNG and the
+ * statistical characteristics when only the mentioned functions are not
+ * optimized is almost equal to the a completely non-optimized RNG compilation
+ * as tested with the test tools provided at the initially mentioned web site.
+ */
 /**
 * CPU Jitter noise source -- this is the noise source based on the CPU
 *                            execution time jitter
@@ -222,6 +232,8 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
 *
 * @return Number of loops the folding operation is performed
 */
+#pragma GCC push_options
+#pragma GCC optimize ("-O0")
 static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
                            __u64 *folded, __u64 loop_cnt)
 {
@@ -251,6 +263,7 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
        *folded = new;
        return fold_loop_cnt;
 }
+#pragma GCC pop_options
 /**
 * Memory Access noise source -- this is a noise source based on variations in
@@ -279,6 +292,8 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
 *
 * @return Number of memory access operations
 */
+#pragma GCC push_options
+#pragma GCC optimize ("-O0")
 static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
 {
        unsigned char *tmpval = NULL;
@@ -318,6 +333,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
        }
        return i;
 }
+#pragma GCC pop_options
 /***************************************************************************
 * Start of entropy processing logic
@@ -366,6 +382,8 @@ static void jent_stuck(struct rand_data *ec, __u64 current_delta)
 *
 * @return One random bit
 */
+#pragma GCC push_options
+#pragma GCC optimize ("-O0")
 static __u64 jent_measure_jitter(struct rand_data *ec)
 {
        __u64 time = 0;
@@ -395,6 +413,7 @@ static __u64 jent_measure_jitter(struct rand_data *ec)
        return data;
 }
+#pragma GCC pop_options
 /**
 * Von Neuman unbias as explained in RFC 4086 section 4.2. As shown in the
@@ -495,6 +514,8 @@ static void jent_stir_pool(struct rand_data *entropy_collector)
 * Input:
 * @ec Reference to entropy collector
 */
+#pragma GCC push_options
+#pragma GCC optimize ("-O0")
 static void jent_gen_entropy(struct rand_data *ec)
 {
        unsigned int k = 0;
@@ -556,6 +577,7 @@ static void jent_gen_entropy(struct rand_data *ec)
        if (ec->stir)
                jent_stir_pool(ec);
 }
+#pragma GCC pop_options
 /**
 * The continuous test required by FIPS 140-2 -- the function automatically
author	Stephan Mueller <smueller@chronox.de>	2015-06-08 22:08:49 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2015-06-09 10:26:00 -0400
commit	fbb145bc0a1c03b90a96cca99dc07c33aaad2318 (patch)
tree	27e29447feac622abe0553ab12e695d94b0f48f6
parent	70c3c8a96a85d333b3ff1f24df84c0e179261a8a (diff)