diff options
| author | Kevin Hilman <khilman@linaro.org> | 2013-10-14 15:46:26 -0700 |
|---|---|---|
| committer | Kevin Hilman <khilman@linaro.org> | 2013-10-14 15:46:42 -0700 |
| commit | 5b5bbc20fdddd7dd5a2c5b9fa85dfb3b5695616d (patch) | |
| tree | 5ddd89d323e1dfe6a5ad204c34882e961ee57b9c /net/core/secure_seq.c | |
| parent | 4fd0376356ed2e1f6c2a4e8628782aedf903292e (diff) | |
| parent | 9e490f486ea9ce7644be913e03ee5ccdf1be20f7 (diff) | |
Merge tag 'omap-for-v3.13/board-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into next/boards
From Tony Lindgren:
Platform data changes for omaps for the display subsystem and
n900 secure mode changes. Note that the n900 secure mode changes
will still be needed for device tree based booting also.
* tag 'omap-for-v3.13/board-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (508 commits)
ARM: OMAP2+: display: Create omap_vout device inside omap_display_init
ARM: OMAP2+: display: Create omapvrfb and omapfb devices inside omap_display_init
ARM: OMAP2+: display: Create omapdrm device inside omap_display_init
ARM: OMAP2+: drm: Don't build device for DMM
RX-51: Add support for OMAP3 ROM Random Number Generator
ARM: OMAP3: RX-51: ARM errata 430973 workaround
ARM: OMAP3: Add secure function omap_smc3() which calling instruction smc #1
+Linux 3.12-rc4
Signed-off-by: Kevin Hilman <khilman@linaro.org>
Diffstat (limited to 'net/core/secure_seq.c')
| -rw-r--r-- | net/core/secure_seq.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c index 6a2f13cee86a..3f1ec1586ae1 100644 --- a/net/core/secure_seq.c +++ b/net/core/secure_seq.c @@ -10,11 +10,24 @@ #include <net/secure_seq.h> -static u32 net_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; +#define NET_SECRET_SIZE (MD5_MESSAGE_BYTES / 4) -void net_secret_init(void) +static u32 net_secret[NET_SECRET_SIZE] ____cacheline_aligned; + +static void net_secret_init(void) { - get_random_bytes(net_secret, sizeof(net_secret)); + u32 tmp; + int i; + + if (likely(net_secret[0])) + return; + + for (i = NET_SECRET_SIZE; i > 0;) { + do { + get_random_bytes(&tmp, sizeof(tmp)); + } while (!tmp); + cmpxchg(&net_secret[--i], 0, tmp); + } } #ifdef CONFIG_INET @@ -42,6 +55,7 @@ __u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr, u32 hash[MD5_DIGEST_WORDS]; u32 i; + net_secret_init(); memcpy(hash, saddr, 16); for (i = 0; i < 4; i++) secret[i] = net_secret[i] + (__force u32)daddr[i]; @@ -63,6 +77,7 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, u32 hash[MD5_DIGEST_WORDS]; u32 i; + net_secret_init(); memcpy(hash, saddr, 16); for (i = 0; i < 4; i++) secret[i] = net_secret[i] + (__force u32) daddr[i]; @@ -82,6 +97,7 @@ __u32 secure_ip_id(__be32 daddr) { u32 hash[MD5_DIGEST_WORDS]; + net_secret_init(); hash[0] = (__force __u32) daddr; hash[1] = net_secret[13]; hash[2] = net_secret[14]; @@ -96,6 +112,7 @@ __u32 secure_ipv6_id(const __be32 daddr[4]) { __u32 hash[4]; + net_secret_init(); memcpy(hash, daddr, 16); md5_transform(hash, net_secret); @@ -107,6 +124,7 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, { u32 hash[MD5_DIGEST_WORDS]; + net_secret_init(); hash[0] = (__force u32)saddr; hash[1] = (__force u32)daddr; hash[2] = ((__force u16)sport << 16) + (__force u16)dport; @@ -121,6 +139,7 @@ u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) { u32 hash[MD5_DIGEST_WORDS]; + net_secret_init(); hash[0] = (__force u32)saddr; hash[1] = (__force u32)daddr; hash[2] = (__force u32)dport ^ net_secret[14]; @@ -140,6 +159,7 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, u32 hash[MD5_DIGEST_WORDS]; u64 seq; + net_secret_init(); hash[0] = (__force u32)saddr; hash[1] = (__force u32)daddr; hash[2] = ((__force u16)sport << 16) + (__force u16)dport; @@ -164,6 +184,7 @@ u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, u64 seq; u32 i; + net_secret_init(); memcpy(hash, saddr, 16); for (i = 0; i < 4; i++) secret[i] = net_secret[i] + daddr[i]; |