crypto/testmgr: use prandom_u32_max() when possible, part 1
JIRA: https://issues.redhat.com/browse/RHEL-3646 Conflicts: - only crypto/testmgr.c to be able to apply later follow-up f900fde28883 ("crypto: testmgr - fix RNG performance in fuzz tests") commit 81895a65ec63ee1daec3255dc1a06675d2fbe915 Author: Jason A. Donenfeld <Jason@zx2c4.com> Date: Wed Oct 5 16:43:38 2022 +0200 treewide: use prandom_u32_max() when possible, part 1 Rather than incurring a division or requesting too many random bytes for the given range, use the prandom_u32_max() function, which only takes the minimum required bytes from the RNG and avoids divisions. This was done mechanically with this coccinelle script: @basic@ expression E; type T; identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; typedef u64; @@ ( - ((T)get_random_u32() % (E)) + prandom_u32_max(E) | - ((T)get_random_u32() & ((E) - 1)) + prandom_u32_max(E * XXX_MAKE_SURE_E_IS_POW2) | - ((u64)(E) * get_random_u32() >> 32) + prandom_u32_max(E) | - ((T)get_random_u32() & ~PAGE_MASK) + prandom_u32_max(PAGE_SIZE) ) @multi_line@ identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; identifier RAND; expression E; @@ - RAND = get_random_u32(); ... when != RAND - RAND %= (E); + RAND = prandom_u32_max(E); // Find a potential literal @literal_mask@ expression LITERAL; type T; identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32"; position p; @@ ((T)get_random_u32()@p & (LITERAL)) // Add one to the literal. @script:python add_one@ literal << literal_mask.LITERAL; RESULT; @@ value = None if literal.startswith('0x'): value = int(literal, 16) elif literal[0] in '123456789': value = int(literal, 10) if value is None: print("I don't know how to handle %s" % (literal)) cocci.include_match(False) elif value == 2**32 - 1 or value == 2**31 - 1 or value == 2**24 - 1 or value == 2**16 - 1 or value == 2**8 - 1: print("Skipping 0x%x for cleanup elsewhere" % (value)) cocci.include_match(False) elif value & (value + 1) != 0: print("Skipping 0x%x because it's not a power of two minus one" % (value)) cocci.include_match(False) elif literal.startswith('0x'): coccinelle.RESULT = cocci.make_expr("0x%x" % (value + 1)) else: coccinelle.RESULT = cocci.make_expr("%d" % (value + 1)) // Replace the literal mask with the calculated result. @plus_one@ expression literal_mask.LITERAL; position literal_mask.p; expression add_one.RESULT; identifier FUNC; @@ - (FUNC()@p & (LITERAL)) + prandom_u32_max(RESULT) @collapse_ret@ type T; identifier VAR; expression E; @@ { - T VAR; - VAR = (E); - return VAR; + return E; } @drop_var@ type T; identifier VAR; @@ { - T VAR; ... when != VAR } Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Yury Norov <yury.norov@gmail.com> Reviewed-by: KP Singh <kpsingh@kernel.org> Reviewed-by: Jan Kara <jack@suse.cz> # for ext4 and sbitmap Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com> # for drbd Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Heiko Carstens <hca@linux.ibm.com> # for s390 Acked-by: Ulf Hansson <ulf.hansson@linaro.org> # for mmc Acked-by: Darrick J. Wong <djwong@kernel.org> # for xfs Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Ivan Vecera <ivecera@redhat.com>
This commit is contained in:
Ivan Vecera
parent
7016644d9c
commit
929224d00b
|
|
@ -858,9 +858,9 @@ static int prepare_keybuf(const u8 *key, unsigned int ksize,
|
|||
/* Generate a random length in range [0, max_len], but prefer smaller values */
|
||||
static unsigned int generate_random_length(unsigned int max_len)
|
||||
{
|
||||
unsigned int len = prandom_u32() % (max_len + 1);
|
||||
unsigned int len = prandom_u32_max(max_len + 1);
|
||||
|
||||
switch (prandom_u32() % 4) {
|
||||
switch (prandom_u32_max(4)) {
|
||||
case 0:
|
||||
return len % 64;
|
||||
case 1:
|
||||
|
|
@ -877,14 +877,14 @@ static void flip_random_bit(u8 *buf, size_t size)
|
|||
{
|
||||
size_t bitpos;
|
||||
|
||||
bitpos = prandom_u32() % (size * 8);
|
||||
bitpos = prandom_u32_max(size * 8);
|
||||
buf[bitpos / 8] ^= 1 << (bitpos % 8);
|
||||
}
|
||||
|
||||
/* Flip a random byte in the given nonempty data buffer */
|
||||
static void flip_random_byte(u8 *buf, size_t size)
|
||||
{
|
||||
buf[prandom_u32() % size] ^= 0xff;
|
||||
buf[prandom_u32_max(size)] ^= 0xff;
|
||||
}
|
||||
|
||||
/* Sometimes make some random changes to the given nonempty data buffer */
|
||||
|
|
@ -894,15 +894,15 @@ static void mutate_buffer(u8 *buf, size_t size)
|
|||
size_t i;
|
||||
|
||||
/* Sometimes flip some bits */
|
||||
if (prandom_u32() % 4 == 0) {
|
||||
num_flips = min_t(size_t, 1 << (prandom_u32() % 8), size * 8);
|
||||
if (prandom_u32_max(4) == 0) {
|
||||
num_flips = min_t(size_t, 1 << prandom_u32_max(8), size * 8);
|
||||
for (i = 0; i < num_flips; i++)
|
||||
flip_random_bit(buf, size);
|
||||
}
|
||||
|
||||
/* Sometimes flip some bytes */
|
||||
if (prandom_u32() % 4 == 0) {
|
||||
num_flips = min_t(size_t, 1 << (prandom_u32() % 8), size);
|
||||
if (prandom_u32_max(4) == 0) {
|
||||
num_flips = min_t(size_t, 1 << prandom_u32_max(8), size);
|
||||
for (i = 0; i < num_flips; i++)
|
||||
flip_random_byte(buf, size);
|
||||
}
|
||||
|
|
@ -918,11 +918,11 @@ static void generate_random_bytes(u8 *buf, size_t count)
|
|||
if (count == 0)
|
||||
return;
|
||||
|
||||
switch (prandom_u32() % 8) { /* Choose a generation strategy */
|
||||
switch (prandom_u32_max(8)) { /* Choose a generation strategy */
|
||||
case 0:
|
||||
case 1:
|
||||
/* All the same byte, plus optional mutations */
|
||||
switch (prandom_u32() % 4) {
|
||||
switch (prandom_u32_max(4)) {
|
||||
case 0:
|
||||
b = 0x00;
|
||||
break;
|
||||
|
|
@ -962,24 +962,24 @@ static char *generate_random_sgl_divisions(struct test_sg_division *divs,
|
|||
unsigned int this_len;
|
||||
const char *flushtype_str;
|
||||
|
||||
if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0)
|
||||
if (div == &divs[max_divs - 1] || prandom_u32_max(2) == 0)
|
||||
this_len = remaining;
|
||||
else
|
||||
this_len = 1 + (prandom_u32() % remaining);
|
||||
this_len = 1 + prandom_u32_max(remaining);
|
||||
div->proportion_of_total = this_len;
|
||||
|
||||
if (prandom_u32() % 4 == 0)
|
||||
div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128);
|
||||
else if (prandom_u32() % 2 == 0)
|
||||
div->offset = prandom_u32() % 32;
|
||||
if (prandom_u32_max(4) == 0)
|
||||
div->offset = (PAGE_SIZE - 128) + prandom_u32_max(128);
|
||||
else if (prandom_u32_max(2) == 0)
|
||||
div->offset = prandom_u32_max(32);
|
||||
else
|
||||
div->offset = prandom_u32() % PAGE_SIZE;
|
||||
if (prandom_u32() % 8 == 0)
|
||||
div->offset = prandom_u32_max(PAGE_SIZE);
|
||||
if (prandom_u32_max(8) == 0)
|
||||
div->offset_relative_to_alignmask = true;
|
||||
|
||||
div->flush_type = FLUSH_TYPE_NONE;
|
||||
if (gen_flushes) {
|
||||
switch (prandom_u32() % 4) {
|
||||
switch (prandom_u32_max(4)) {
|
||||
case 0:
|
||||
div->flush_type = FLUSH_TYPE_REIMPORT;
|
||||
break;
|
||||
|
|
@ -991,7 +991,7 @@ static char *generate_random_sgl_divisions(struct test_sg_division *divs,
|
|||
|
||||
if (div->flush_type != FLUSH_TYPE_NONE &&
|
||||
!(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
|
||||
prandom_u32() % 2 == 0)
|
||||
prandom_u32_max(2) == 0)
|
||||
div->nosimd = true;
|
||||
|
||||
switch (div->flush_type) {
|
||||
|
|
@ -1038,7 +1038,7 @@ static void generate_random_testvec_config(struct testvec_config *cfg,
|
|||
|
||||
p += scnprintf(p, end - p, "random:");
|
||||
|
||||
switch (prandom_u32() % 4) {
|
||||
switch (prandom_u32_max(4)) {
|
||||
case 0:
|
||||
case 1:
|
||||
cfg->inplace_mode = OUT_OF_PLACE;
|
||||
|
|
@ -1053,12 +1053,12 @@ static void generate_random_testvec_config(struct testvec_config *cfg,
|
|||
break;
|
||||
}
|
||||
|
||||
if (prandom_u32() % 2 == 0) {
|
||||
if (prandom_u32_max(2) == 0) {
|
||||
cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP;
|
||||
p += scnprintf(p, end - p, " may_sleep");
|
||||
}
|
||||
|
||||
switch (prandom_u32() % 4) {
|
||||
switch (prandom_u32_max(4)) {
|
||||
case 0:
|
||||
cfg->finalization_type = FINALIZATION_TYPE_FINAL;
|
||||
p += scnprintf(p, end - p, " use_final");
|
||||
|
|
@ -1074,7 +1074,7 @@ static void generate_random_testvec_config(struct testvec_config *cfg,
|
|||
}
|
||||
|
||||
if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
|
||||
prandom_u32() % 2 == 0) {
|
||||
prandom_u32_max(2) == 0) {
|
||||
cfg->nosimd = true;
|
||||
p += scnprintf(p, end - p, " nosimd");
|
||||
}
|
||||
|
|
@ -1087,7 +1087,7 @@ static void generate_random_testvec_config(struct testvec_config *cfg,
|
|||
cfg->req_flags);
|
||||
p += scnprintf(p, end - p, "]");
|
||||
|
||||
if (cfg->inplace_mode == OUT_OF_PLACE && prandom_u32() % 2 == 0) {
|
||||
if (cfg->inplace_mode == OUT_OF_PLACE && prandom_u32_max(2) == 0) {
|
||||
p += scnprintf(p, end - p, " dst_divs=[");
|
||||
p = generate_random_sgl_divisions(cfg->dst_divs,
|
||||
ARRAY_SIZE(cfg->dst_divs),
|
||||
|
|
@ -1096,13 +1096,13 @@ static void generate_random_testvec_config(struct testvec_config *cfg,
|
|||
p += scnprintf(p, end - p, "]");
|
||||
}
|
||||
|
||||
if (prandom_u32() % 2 == 0) {
|
||||
cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK);
|
||||
if (prandom_u32_max(2) == 0) {
|
||||
cfg->iv_offset = 1 + prandom_u32_max(MAX_ALGAPI_ALIGNMASK);
|
||||
p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset);
|
||||
}
|
||||
|
||||
if (prandom_u32() % 2 == 0) {
|
||||
cfg->key_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK);
|
||||
if (prandom_u32_max(2) == 0) {
|
||||
cfg->key_offset = 1 + prandom_u32_max(MAX_ALGAPI_ALIGNMASK);
|
||||
p += scnprintf(p, end - p, " key_offset=%u", cfg->key_offset);
|
||||
}
|
||||
|
||||
|
|
@ -1655,8 +1655,8 @@ static void generate_random_hash_testvec(struct shash_desc *desc,
|
|||
vec->ksize = 0;
|
||||
if (maxkeysize) {
|
||||
vec->ksize = maxkeysize;
|
||||
if (prandom_u32() % 4 == 0)
|
||||
vec->ksize = 1 + (prandom_u32() % maxkeysize);
|
||||
if (prandom_u32_max(4) == 0)
|
||||
vec->ksize = 1 + prandom_u32_max(maxkeysize);
|
||||
generate_random_bytes((u8 *)vec->key, vec->ksize);
|
||||
|
||||
vec->setkey_error = crypto_shash_setkey(desc->tfm, vec->key,
|
||||
|
|
@ -2221,13 +2221,13 @@ static void mutate_aead_message(struct aead_testvec *vec, bool aad_iv,
|
|||
const unsigned int aad_tail_size = aad_iv ? ivsize : 0;
|
||||
const unsigned int authsize = vec->clen - vec->plen;
|
||||
|
||||
if (prandom_u32() % 2 == 0 && vec->alen > aad_tail_size) {
|
||||
if (prandom_u32_max(2) == 0 && vec->alen > aad_tail_size) {
|
||||
/* Mutate the AAD */
|
||||
flip_random_bit((u8 *)vec->assoc, vec->alen - aad_tail_size);
|
||||
if (prandom_u32() % 2 == 0)
|
||||
if (prandom_u32_max(2) == 0)
|
||||
return;
|
||||
}
|
||||
if (prandom_u32() % 2 == 0) {
|
||||
if (prandom_u32_max(2) == 0) {
|
||||
/* Mutate auth tag (assuming it's at the end of ciphertext) */
|
||||
flip_random_bit((u8 *)vec->ctext + vec->plen, authsize);
|
||||
} else {
|
||||
|
|
@ -2252,7 +2252,7 @@ static void generate_aead_message(struct aead_request *req,
|
|||
const unsigned int ivsize = crypto_aead_ivsize(tfm);
|
||||
const unsigned int authsize = vec->clen - vec->plen;
|
||||
const bool inauthentic = (authsize >= MIN_COLLISION_FREE_AUTHSIZE) &&
|
||||
(prefer_inauthentic || prandom_u32() % 4 == 0);
|
||||
(prefer_inauthentic || prandom_u32_max(4) == 0);
|
||||
|
||||
/* Generate the AAD. */
|
||||
generate_random_bytes((u8 *)vec->assoc, vec->alen);
|
||||
|
|
@ -2260,7 +2260,7 @@ static void generate_aead_message(struct aead_request *req,
|
|||
/* Avoid implementation-defined behavior. */
|
||||
memcpy((u8 *)vec->assoc + vec->alen - ivsize, vec->iv, ivsize);
|
||||
|
||||
if (inauthentic && prandom_u32() % 2 == 0) {
|
||||
if (inauthentic && prandom_u32_max(2) == 0) {
|
||||
/* Generate a random ciphertext. */
|
||||
generate_random_bytes((u8 *)vec->ctext, vec->clen);
|
||||
} else {
|
||||
|
|
@ -2324,8 +2324,8 @@ static void generate_random_aead_testvec(struct aead_request *req,
|
|||
|
||||
/* Key: length in [0, maxkeysize], but usually choose maxkeysize */
|
||||
vec->klen = maxkeysize;
|
||||
if (prandom_u32() % 4 == 0)
|
||||
vec->klen = prandom_u32() % (maxkeysize + 1);
|
||||
if (prandom_u32_max(4) == 0)
|
||||
vec->klen = prandom_u32_max(maxkeysize + 1);
|
||||
generate_random_bytes((u8 *)vec->key, vec->klen);
|
||||
vec->setkey_error = crypto_aead_setkey(tfm, vec->key, vec->klen);
|
||||
|
||||
|
|
@ -2334,8 +2334,8 @@ static void generate_random_aead_testvec(struct aead_request *req,
|
|||
|
||||
/* Tag length: in [0, maxauthsize], but usually choose maxauthsize */
|
||||
authsize = maxauthsize;
|
||||
if (prandom_u32() % 4 == 0)
|
||||
authsize = prandom_u32() % (maxauthsize + 1);
|
||||
if (prandom_u32_max(4) == 0)
|
||||
authsize = prandom_u32_max(maxauthsize + 1);
|
||||
if (prefer_inauthentic && authsize < MIN_COLLISION_FREE_AUTHSIZE)
|
||||
authsize = MIN_COLLISION_FREE_AUTHSIZE;
|
||||
if (WARN_ON(authsize > maxdatasize))
|
||||
|
|
@ -2345,7 +2345,7 @@ static void generate_random_aead_testvec(struct aead_request *req,
|
|||
|
||||
/* AAD, plaintext, and ciphertext lengths */
|
||||
total_len = generate_random_length(maxdatasize);
|
||||
if (prandom_u32() % 4 == 0)
|
||||
if (prandom_u32_max(4) == 0)
|
||||
vec->alen = 0;
|
||||
else
|
||||
vec->alen = generate_random_length(total_len);
|
||||
|
|
@ -2961,8 +2961,8 @@ static void generate_random_cipher_testvec(struct skcipher_request *req,
|
|||
|
||||
/* Key: length in [0, maxkeysize], but usually choose maxkeysize */
|
||||
vec->klen = maxkeysize;
|
||||
if (prandom_u32() % 4 == 0)
|
||||
vec->klen = prandom_u32() % (maxkeysize + 1);
|
||||
if (prandom_u32_max(4) == 0)
|
||||
vec->klen = prandom_u32_max(maxkeysize + 1);
|
||||
generate_random_bytes((u8 *)vec->key, vec->klen);
|
||||
vec->setkey_error = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue