diff options
| author | Eric Dumazet <dada1@cosmosbay.com> | 2007-03-28 17:22:33 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:28:25 -0400 |
| commit | f85958151900f9d30fa5ff941b0ce71eaa45a7de (patch) | |
| tree | d42f056f6d9166db310ff4c398b6a73968e1ac35 | |
| parent | 4b19ca44cbafabfe0b7b98e2e24b21a96198f509 (diff) | |
[NET]: random functions can use nsec resolution instead of usec
In order to get more randomness for secure_tcpv6_sequence_number(),
secure_tcp_sequence_number(), secure_dccp_sequence_number() functions,
we can use the high resolution time services, providing nanosec
resolution.
I've also done two kmalloc()/kzalloc() conversions.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/char/random.c | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 03af50f900d2..46c1b97748b6 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c | |||
| @@ -881,15 +881,15 @@ EXPORT_SYMBOL(get_random_bytes); | |||
| 881 | */ | 881 | */ |
| 882 | static void init_std_data(struct entropy_store *r) | 882 | static void init_std_data(struct entropy_store *r) |
| 883 | { | 883 | { |
| 884 | struct timeval tv; | 884 | ktime_t now; |
| 885 | unsigned long flags; | 885 | unsigned long flags; |
| 886 | 886 | ||
| 887 | spin_lock_irqsave(&r->lock, flags); | 887 | spin_lock_irqsave(&r->lock, flags); |
| 888 | r->entropy_count = 0; | 888 | r->entropy_count = 0; |
| 889 | spin_unlock_irqrestore(&r->lock, flags); | 889 | spin_unlock_irqrestore(&r->lock, flags); |
| 890 | 890 | ||
| 891 | do_gettimeofday(&tv); | 891 | now = ktime_get_real(); |
| 892 | add_entropy_words(r, (__u32 *)&tv, sizeof(tv)/4); | 892 | add_entropy_words(r, (__u32 *)&now, sizeof(now)/4); |
| 893 | add_entropy_words(r, (__u32 *)utsname(), | 893 | add_entropy_words(r, (__u32 *)utsname(), |
| 894 | sizeof(*(utsname()))/4); | 894 | sizeof(*(utsname()))/4); |
| 895 | } | 895 | } |
| @@ -911,14 +911,12 @@ void rand_initialize_irq(int irq) | |||
| 911 | return; | 911 | return; |
| 912 | 912 | ||
| 913 | /* | 913 | /* |
| 914 | * If kmalloc returns null, we just won't use that entropy | 914 | * If kzalloc returns null, we just won't use that entropy |
| 915 | * source. | 915 | * source. |
| 916 | */ | 916 | */ |
| 917 | state = kmalloc(sizeof(struct timer_rand_state), GFP_KERNEL); | 917 | state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL); |
| 918 | if (state) { | 918 | if (state) |
| 919 | memset(state, 0, sizeof(struct timer_rand_state)); | ||
| 920 | irq_timer_state[irq] = state; | 919 | irq_timer_state[irq] = state; |
| 921 | } | ||
| 922 | } | 920 | } |
| 923 | 921 | ||
| 924 | #ifdef CONFIG_BLOCK | 922 | #ifdef CONFIG_BLOCK |
| @@ -927,14 +925,12 @@ void rand_initialize_disk(struct gendisk *disk) | |||
| 927 | struct timer_rand_state *state; | 925 | struct timer_rand_state *state; |
| 928 | 926 | ||
| 929 | /* | 927 | /* |
| 930 | * If kmalloc returns null, we just won't use that entropy | 928 | * If kzalloc returns null, we just won't use that entropy |
| 931 | * source. | 929 | * source. |
| 932 | */ | 930 | */ |
| 933 | state = kmalloc(sizeof(struct timer_rand_state), GFP_KERNEL); | 931 | state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL); |
| 934 | if (state) { | 932 | if (state) |
| 935 | memset(state, 0, sizeof(struct timer_rand_state)); | ||
| 936 | disk->random = state; | 933 | disk->random = state; |
| 937 | } | ||
| 938 | } | 934 | } |
| 939 | #endif | 935 | #endif |
| 940 | 936 | ||
| @@ -1469,7 +1465,6 @@ late_initcall(seqgen_init); | |||
| 1469 | __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, | 1465 | __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, |
| 1470 | __be16 sport, __be16 dport) | 1466 | __be16 sport, __be16 dport) |
| 1471 | { | 1467 | { |
| 1472 | struct timeval tv; | ||
| 1473 | __u32 seq; | 1468 | __u32 seq; |
| 1474 | __u32 hash[12]; | 1469 | __u32 hash[12]; |
| 1475 | struct keydata *keyptr = get_keyptr(); | 1470 | struct keydata *keyptr = get_keyptr(); |
| @@ -1485,8 +1480,7 @@ __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, | |||
| 1485 | seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK; | 1480 | seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK; |
| 1486 | seq += keyptr->count; | 1481 | seq += keyptr->count; |
| 1487 | 1482 | ||
| 1488 | do_gettimeofday(&tv); | 1483 | seq += ktime_get_real().tv64; |
| 1489 | seq += tv.tv_usec + tv.tv_sec * 1000000; | ||
| 1490 | 1484 | ||
| 1491 | return seq; | 1485 | return seq; |
| 1492 | } | 1486 | } |
| @@ -1521,7 +1515,6 @@ __u32 secure_ip_id(__be32 daddr) | |||
| 1521 | __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, | 1515 | __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, |
| 1522 | __be16 sport, __be16 dport) | 1516 | __be16 sport, __be16 dport) |
| 1523 | { | 1517 | { |
| 1524 | struct timeval tv; | ||
| 1525 | __u32 seq; | 1518 | __u32 seq; |
| 1526 | __u32 hash[4]; | 1519 | __u32 hash[4]; |
| 1527 | struct keydata *keyptr = get_keyptr(); | 1520 | struct keydata *keyptr = get_keyptr(); |
| @@ -1543,12 +1536,11 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, | |||
| 1543 | * As close as possible to RFC 793, which | 1536 | * As close as possible to RFC 793, which |
| 1544 | * suggests using a 250 kHz clock. | 1537 | * suggests using a 250 kHz clock. |
| 1545 | * Further reading shows this assumes 2 Mb/s networks. | 1538 | * Further reading shows this assumes 2 Mb/s networks. |
| 1546 | * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate. | 1539 | * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate. |
| 1547 | * That's funny, Linux has one built in! Use it! | 1540 | * That's funny, Linux has one built in! Use it! |
| 1548 | * (Networks are faster now - should this be increased?) | 1541 | * (Networks are faster now - should this be increased?) |
| 1549 | */ | 1542 | */ |
| 1550 | do_gettimeofday(&tv); | 1543 | seq += ktime_get_real().tv64; |
| 1551 | seq += tv.tv_usec + tv.tv_sec * 1000000; | ||
| 1552 | #if 0 | 1544 | #if 0 |
| 1553 | printk("init_seq(%lx, %lx, %d, %d) = %d\n", | 1545 | printk("init_seq(%lx, %lx, %d, %d) = %d\n", |
| 1554 | saddr, daddr, sport, dport, seq); | 1546 | saddr, daddr, sport, dport, seq); |
| @@ -1596,7 +1588,6 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 | |||
| 1596 | u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, | 1588 | u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, |
| 1597 | __be16 sport, __be16 dport) | 1589 | __be16 sport, __be16 dport) |
| 1598 | { | 1590 | { |
| 1599 | struct timeval tv; | ||
| 1600 | u64 seq; | 1591 | u64 seq; |
| 1601 | __u32 hash[4]; | 1592 | __u32 hash[4]; |
| 1602 | struct keydata *keyptr = get_keyptr(); | 1593 | struct keydata *keyptr = get_keyptr(); |
| @@ -1609,8 +1600,7 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, | |||
| 1609 | seq = half_md4_transform(hash, keyptr->secret); | 1600 | seq = half_md4_transform(hash, keyptr->secret); |
| 1610 | seq |= ((u64)keyptr->count) << (32 - HASH_BITS); | 1601 | seq |= ((u64)keyptr->count) << (32 - HASH_BITS); |
| 1611 | 1602 | ||
| 1612 | do_gettimeofday(&tv); | 1603 | seq += ktime_get_real().tv64; |
| 1613 | seq += tv.tv_usec + tv.tv_sec * 1000000; | ||
| 1614 | seq &= (1ull << 48) - 1; | 1604 | seq &= (1ull << 48) - 1; |
| 1615 | #if 0 | 1605 | #if 0 |
| 1616 | printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n", | 1606 | printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n", |