提交 f8595815 编写于 作者: E Eric Dumazet 提交者: David S. Miller

[NET]: random functions can use nsec resolution instead of usec

In order to get more randomness for secure_tcpv6_sequence_number(),
secure_tcp_sequence_number(), secure_dccp_sequence_number() functions,
we can use the high resolution time services, providing nanosec
resolution.

I've also done two kmalloc()/kzalloc() conversions.
Signed-off-by: NEric Dumazet <dada1@cosmosbay.com>
Acked-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 4b19ca44
...@@ -881,15 +881,15 @@ EXPORT_SYMBOL(get_random_bytes); ...@@ -881,15 +881,15 @@ EXPORT_SYMBOL(get_random_bytes);
*/ */
static void init_std_data(struct entropy_store *r) static void init_std_data(struct entropy_store *r)
{ {
struct timeval tv; ktime_t now;
unsigned long flags; unsigned long flags;
spin_lock_irqsave(&r->lock, flags); spin_lock_irqsave(&r->lock, flags);
r->entropy_count = 0; r->entropy_count = 0;
spin_unlock_irqrestore(&r->lock, flags); spin_unlock_irqrestore(&r->lock, flags);
do_gettimeofday(&tv); now = ktime_get_real();
add_entropy_words(r, (__u32 *)&tv, sizeof(tv)/4); add_entropy_words(r, (__u32 *)&now, sizeof(now)/4);
add_entropy_words(r, (__u32 *)utsname(), add_entropy_words(r, (__u32 *)utsname(),
sizeof(*(utsname()))/4); sizeof(*(utsname()))/4);
} }
...@@ -911,14 +911,12 @@ void rand_initialize_irq(int irq) ...@@ -911,14 +911,12 @@ void rand_initialize_irq(int irq)
return; return;
/* /*
* If kmalloc returns null, we just won't use that entropy * If kzalloc returns null, we just won't use that entropy
* source. * source.
*/ */
state = kmalloc(sizeof(struct timer_rand_state), GFP_KERNEL); state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
if (state) { if (state)
memset(state, 0, sizeof(struct timer_rand_state));
irq_timer_state[irq] = state; irq_timer_state[irq] = state;
}
} }
#ifdef CONFIG_BLOCK #ifdef CONFIG_BLOCK
...@@ -927,14 +925,12 @@ void rand_initialize_disk(struct gendisk *disk) ...@@ -927,14 +925,12 @@ void rand_initialize_disk(struct gendisk *disk)
struct timer_rand_state *state; struct timer_rand_state *state;
/* /*
* If kmalloc returns null, we just won't use that entropy * If kzalloc returns null, we just won't use that entropy
* source. * source.
*/ */
state = kmalloc(sizeof(struct timer_rand_state), GFP_KERNEL); state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
if (state) { if (state)
memset(state, 0, sizeof(struct timer_rand_state));
disk->random = state; disk->random = state;
}
} }
#endif #endif
...@@ -1469,7 +1465,6 @@ late_initcall(seqgen_init); ...@@ -1469,7 +1465,6 @@ late_initcall(seqgen_init);
__u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr,
__be16 sport, __be16 dport) __be16 sport, __be16 dport)
{ {
struct timeval tv;
__u32 seq; __u32 seq;
__u32 hash[12]; __u32 hash[12];
struct keydata *keyptr = get_keyptr(); struct keydata *keyptr = get_keyptr();
...@@ -1485,8 +1480,7 @@ __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, ...@@ -1485,8 +1480,7 @@ __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr,
seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK; seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK;
seq += keyptr->count; seq += keyptr->count;
do_gettimeofday(&tv); seq += ktime_get_real().tv64;
seq += tv.tv_usec + tv.tv_sec * 1000000;
return seq; return seq;
} }
...@@ -1521,7 +1515,6 @@ __u32 secure_ip_id(__be32 daddr) ...@@ -1521,7 +1515,6 @@ __u32 secure_ip_id(__be32 daddr)
__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport) __be16 sport, __be16 dport)
{ {
struct timeval tv;
__u32 seq; __u32 seq;
__u32 hash[4]; __u32 hash[4];
struct keydata *keyptr = get_keyptr(); struct keydata *keyptr = get_keyptr();
...@@ -1543,12 +1536,11 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, ...@@ -1543,12 +1536,11 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
* As close as possible to RFC 793, which * As close as possible to RFC 793, which
* suggests using a 250 kHz clock. * suggests using a 250 kHz clock.
* Further reading shows this assumes 2 Mb/s networks. * Further reading shows this assumes 2 Mb/s networks.
* For 10 Mb/s Ethernet, a 1 MHz clock is appropriate. * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate.
* That's funny, Linux has one built in! Use it! * That's funny, Linux has one built in! Use it!
* (Networks are faster now - should this be increased?) * (Networks are faster now - should this be increased?)
*/ */
do_gettimeofday(&tv); seq += ktime_get_real().tv64;
seq += tv.tv_usec + tv.tv_sec * 1000000;
#if 0 #if 0
printk("init_seq(%lx, %lx, %d, %d) = %d\n", printk("init_seq(%lx, %lx, %d, %d) = %d\n",
saddr, daddr, sport, dport, seq); saddr, daddr, sport, dport, seq);
...@@ -1596,7 +1588,6 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 ...@@ -1596,7 +1588,6 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16
u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport) __be16 sport, __be16 dport)
{ {
struct timeval tv;
u64 seq; u64 seq;
__u32 hash[4]; __u32 hash[4];
struct keydata *keyptr = get_keyptr(); struct keydata *keyptr = get_keyptr();
...@@ -1609,8 +1600,7 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, ...@@ -1609,8 +1600,7 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
seq = half_md4_transform(hash, keyptr->secret); seq = half_md4_transform(hash, keyptr->secret);
seq |= ((u64)keyptr->count) << (32 - HASH_BITS); seq |= ((u64)keyptr->count) << (32 - HASH_BITS);
do_gettimeofday(&tv); seq += ktime_get_real().tv64;
seq += tv.tv_usec + tv.tv_sec * 1000000;
seq &= (1ull << 48) - 1; seq &= (1ull << 48) - 1;
#if 0 #if 0
printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n", printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n",
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册