random: add new ioctl RNDRESEEDCRNG
commit d848e5f8e1ebdb227d045db55fe4f825e82965fa upstream. Add a new ioctl which forces the the crng to be reseeded. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Theodore Ts'o
Greg Kroah-Hartman
parent
befd00cfc1
commit
1d49e2ab76
@ -436,6 +436,7 @@ struct crng_state primary_crng = {
|
||||
static int crng_init = 0;
|
||||
#define crng_ready() (likely(crng_init > 1))
|
||||
static int crng_init_cnt = 0;
|
||||
static unsigned long crng_global_init_time = 0;
|
||||
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
|
||||
static void _extract_crng(struct crng_state *crng,
|
||||
__u8 out[CHACHA20_BLOCK_SIZE]);
|
||||
@ -873,7 +874,8 @@ static void _extract_crng(struct crng_state *crng,
|
||||
unsigned long v, flags;
|
||||
|
||||
if (crng_ready() &&
|
||||
time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
|
||||
(time_after(crng_global_init_time, crng->init_time) ||
|
||||
time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
|
||||
crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
|
||||
spin_lock_irqsave(&crng->lock, flags);
|
||||
if (arch_get_random_long(&v))
|
||||
@ -1668,6 +1670,7 @@ static int rand_initialize(void)
|
||||
init_std_data(&input_pool);
|
||||
init_std_data(&blocking_pool);
|
||||
crng_initialize(&primary_crng);
|
||||
crng_global_init_time = jiffies;
|
||||
|
||||
#ifdef CONFIG_NUMA
|
||||
pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
|
||||
@ -1854,6 +1857,14 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
|
||||
input_pool.entropy_count = 0;
|
||||
blocking_pool.entropy_count = 0;
|
||||
return 0;
|
||||
case RNDRESEEDCRNG:
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
if (crng_init < 2)
|
||||
return -ENODATA;
|
||||
crng_reseed(&primary_crng, NULL);
|
||||
crng_global_init_time = jiffies - 1;
|
||||
return 0;
|
||||
default:
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@ -34,6 +34,9 @@
|
||||
/* Clear the entropy pool and associated counters. (Superuser only.) */
|
||||
#define RNDCLEARPOOL _IO( 'R', 0x06 )
|
||||
|
||||
/* Reseed CRNG. (Superuser only.) */
|
||||
#define RNDRESEEDCRNG _IO( 'R', 0x07 )
|
||||
|
||||
struct rand_pool_info {
|
||||
int entropy_count;
|
||||
int buf_size;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user