leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: drbg - use pragmas for disabling optimization

Browse Source 
Replace the global -O0 compiler flag from the Makefile with GCC
pragmas to mark only the functions required to be compiled without
optimizations.

This patch also adds a comment describing the rationale for the
functions chosen to be compiled without optimizations.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Stephan Mueller 2015-06-09 04:08:49 +02:00 committed by Herbert Xu
parent 70c3c8a96a
commit fbb145bc0a
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/Makefile
View File

@ -97,7 +97,6 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj-$(CONFIG_CRYPTO_RNG2) += rng.o obj-$(CONFIG_CRYPTO_RNG2) += rng.o
obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
obj-$(CONFIG_CRYPTO_DRBG) += drbg.o obj-$(CONFIG_CRYPTO_DRBG) += drbg.o
CFLAGS_jitterentropy.o = -O0
obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy.o obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy.o
obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o

30
crypto/jitterentropy.c
View File

@ -57,10 +57,6 @@
#include <linux/crypto.h> #include <linux/crypto.h>
#include <crypto/internal/rng.h> #include <crypto/internal/rng.h>
#ifdef __OPTIMIZE__
#error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c."
#endif
/* The entropy pool */ /* The entropy pool */
struct rand_data { struct rand_data {
/* all data values that are vital to maintain the security /* all data values that are vital to maintain the security
@ -188,6 +184,20 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
* Noise sources * Noise sources
***************************************************************************/ ***************************************************************************/
/*
* The disabling of the optimizations is performed as documented and assessed
* thoroughly in http://www.chronox.de/jent.html. However, instead of disabling
* the optimization of the entire C file, only the main functions the jitter is
* measured for are not optimized. These functions include the noise sources as
* well as the main functions triggering the noise sources. As the time
* measurement is done from one invocation of the jitter noise source to the
* next, even the execution jitter of the code invoking the noise sources
* contribute to the overall randomness as well. The behavior of the RNG and the
* statistical characteristics when only the mentioned functions are not
* optimized is almost equal to the a completely non-optimized RNG compilation
* as tested with the test tools provided at the initially mentioned web site.
*/
/** /**
* CPU Jitter noise source -- this is the noise source based on the CPU * CPU Jitter noise source -- this is the noise source based on the CPU
* execution time jitter * execution time jitter
@ -222,6 +232,8 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
* *
* @return Number of loops the folding operation is performed * @return Number of loops the folding operation is performed
*/ */
#pragma GCC push_options
#pragma GCC optimize ("-O0")
static __u64 jent_fold_time(struct rand_data *ec, __u64 time, static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
__u64 *folded, __u64 loop_cnt) __u64 *folded, __u64 loop_cnt)
{ {
@ -251,6 +263,7 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
*folded = new; *folded = new;
return fold_loop_cnt; return fold_loop_cnt;
} }
#pragma GCC pop_options
/** /**
* Memory Access noise source -- this is a noise source based on variations in * Memory Access noise source -- this is a noise source based on variations in
@ -279,6 +292,8 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
* *
* @return Number of memory access operations * @return Number of memory access operations
*/ */
#pragma GCC push_options
#pragma GCC optimize ("-O0")
static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt) static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
{ {
unsigned char *tmpval = NULL; unsigned char *tmpval = NULL;
@ -318,6 +333,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
} }
return i; return i;
} }
#pragma GCC pop_options
/*************************************************************************** /***************************************************************************
* Start of entropy processing logic * Start of entropy processing logic
@ -366,6 +382,8 @@ static void jent_stuck(struct rand_data *ec, __u64 current_delta)
* *
* @return One random bit * @return One random bit
*/ */
#pragma GCC push_options
#pragma GCC optimize ("-O0")
static __u64 jent_measure_jitter(struct rand_data *ec) static __u64 jent_measure_jitter(struct rand_data *ec)
{ {
__u64 time = 0; __u64 time = 0;
@ -395,6 +413,7 @@ static __u64 jent_measure_jitter(struct rand_data *ec)
return data; return data;
} }
#pragma GCC pop_options
/** /**
* Von Neuman unbias as explained in RFC 4086 section 4.2. As shown in the * Von Neuman unbias as explained in RFC 4086 section 4.2. As shown in the
@ -495,6 +514,8 @@ static void jent_stir_pool(struct rand_data *entropy_collector)
* Input: * Input:
* @ec Reference to entropy collector * @ec Reference to entropy collector
*/ */
#pragma GCC push_options
#pragma GCC optimize ("-O0")
static void jent_gen_entropy(struct rand_data *ec) static void jent_gen_entropy(struct rand_data *ec)
{ {
unsigned int k = 0; unsigned int k = 0;
@ -556,6 +577,7 @@ static void jent_gen_entropy(struct rand_data *ec)
if (ec->stir) if (ec->stir)
jent_stir_pool(ec); jent_stir_pool(ec);
} }
#pragma GCC pop_options
/** /**
* The continuous test required by FIPS 140-2 -- the function automatically * The continuous test required by FIPS 140-2 -- the function automatically