Received: by 10.192.165.156 with SMTP id m28csp142073imm; Thu, 12 Apr 2018 18:32:56 -0700 (PDT) X-Google-Smtp-Source: AIpwx48O8DwKL+YOqnDvdnHKC/RIIWrm/qPN/XQA+FO1mxkPnUE+xiaJw35chewVQVPD9MogVeyf X-Received: by 10.99.156.17 with SMTP id f17mr2461689pge.102.1523583176018; Thu, 12 Apr 2018 18:32:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523583175; cv=none; d=google.com; s=arc-20160816; b=06OowIWu7uk8YsO27D8HfH19c4Pwk7Sn8ahFAF8DNoKw0DoGSslmM4UA70GY9OhW8z +J9mP1gQEl1ulK7DBrc5yKmIAIxUk4GI/xQZ8rbo5vIAdCRdXFaFgCzMzFM0yBtUienr TN+59dorKYs6UiL73HbfhC9zyEMO6QhlSDioSLxuyqDfatu4/6TGFiGbf6LFmO02m2q7 OrbOSyGHhn86NykoZzvohTWc3XL4XXbO9CAoaE3U1AK5bmV7bl8DWh5byL7D4PYDqMww Jnj4JV/wet797jLnUmGMAhPiUX6OT/7bB1TEQC/tFIZ7uLtJwf4HAwQmtyLVFe/fzRiV IOrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=D5vOcVgwCYgGHHA4PRlnaTsZ9pPS3uNy/POzj64IrXM=; b=Q0SgOgNKgqViHcmi/3SBTbEnNg3FsdK5yA7Um/pkUsFP4K8ceY2bBrtAwGaCykeq+l cASKQ+H0lMo3etjp3Ns3zrzaFbzIrSjUVzKeaRh1D54qnhfjMcuDjRuR2zL8PymOgn9H QfaLNXOQuEP/UcDExfznyvlNaoWIX9wvG9WrIznI6Ijv1xLQCX3iAawYmeyp8/5JwPTr /nbzUPvxyvBb35513d0/sOe25oguPvvcPk0TZ3qU2Q3w1MpdZEuEBvIPWciMY6igCC+B Uon76MZMm1FjcLpxL9vjDF2eC0R3xVgQ8ZinPpa1R2uxFVxWL2cg1kY9ac3BqQzVGVwQ 4DJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=Sy3m+sLx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i9si3021149pgp.764.2018.04.12.18.32.42; Thu, 12 Apr 2018 18:32:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=Sy3m+sLx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753019AbeDMBa7 (ORCPT + 99 others); Thu, 12 Apr 2018 21:30:59 -0400 Received: from imap.thunk.org ([74.207.234.97]:37192 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751891AbeDMBa5 (ORCPT ); Thu, 12 Apr 2018 21:30:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=D5vOcVgwCYgGHHA4PRlnaTsZ9pPS3uNy/POzj64IrXM=; b=Sy3m+sLxZjgKqvghcBgw1QR6q2 6cPWzHTf6q5dxasINayOcQgtAFu72FOAGFAFTzlgo3w//dbYQCwQnwdeFra+xnkTI/IBCdtXbLi5Z 9SptmQzC2jAQCrC+w6ur5+FxIJPDKN9pkq/vQ2n/54xflFXcmuyJ0ybLm63SSQc2LNHk=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1f6nYG-0002d0-Ht; Fri, 13 Apr 2018 01:30:56 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 70CD97A3C0A; Thu, 12 Apr 2018 21:30:55 -0400 (EDT) From: Theodore Ts'o To: linux-crypto@vger.kernel.org Cc: Linux Kernel Developers List , Theodore Ts'o , stable@kernel.org Subject: [PATCH 5/5] random: add new ioctl RNDRESEEDCRNG Date: Thu, 12 Apr 2018 21:30:46 -0400 Message-Id: <20180413013046.404-5-tytso@mit.edu> X-Mailer: git-send-email 2.16.1.72.g5be1f00a9a In-Reply-To: <20180413013046.404-1-tytso@mit.edu> References: <20180413013046.404-1-tytso@mit.edu> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a new ioctl which forces the the crng to be reseeded. Signed-off-by: Theodore Ts'o Cc: stable@kernel.org --- drivers/char/random.c | 13 ++++++++++++- include/uapi/linux/random.h | 3 +++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 6e7fa13b1a89..c552431587a7 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -429,6 +429,7 @@ struct crng_state primary_crng = { static int crng_init = 0; #define crng_ready() (likely(crng_init > 1)) static int crng_init_cnt = 0; +static unsigned long crng_global_init_time = 0; #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE) static void _extract_crng(struct crng_state *crng, __u32 out[CHACHA20_BLOCK_WORDS]); @@ -933,7 +934,8 @@ static void _extract_crng(struct crng_state *crng, unsigned long v, flags; if (crng_ready() && - time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)) + (time_after(crng_global_init_time, crng->init_time) || + time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))) crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); spin_lock_irqsave(&crng->lock, flags); if (arch_get_random_long(&v)) @@ -1757,6 +1759,7 @@ static int rand_initialize(void) init_std_data(&input_pool); init_std_data(&blocking_pool); crng_initialize(&primary_crng); + crng_global_init_time = jiffies; return 0; } early_initcall(rand_initialize); @@ -1930,6 +1933,14 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) input_pool.entropy_count = 0; blocking_pool.entropy_count = 0; return 0; + case RNDRESEEDCRNG: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (crng_init < 2) + return -ENODATA; + crng_reseed(&primary_crng, NULL); + crng_global_init_time = jiffies - 1; + return 0; default: return -EINVAL; } diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h index c34f4490d025..26ee91300e3e 100644 --- a/include/uapi/linux/random.h +++ b/include/uapi/linux/random.h @@ -35,6 +35,9 @@ /* Clear the entropy pool and associated counters. (Superuser only.) */ #define RNDCLEARPOOL _IO( 'R', 0x06 ) +/* Reseed CRNG. (Superuser only.) */ +#define RNDRESEEDCRNG _IO( 'R', 0x07 ) + struct rand_pool_info { int entropy_count; int buf_size; -- 2.16.1.72.g5be1f00a9a