random: skip fast_init if hwrng provides large chunk of entropy

zx2c4 · zx2c4 · commit af704c856e88 · 2022-03-25T08:49:40.000-06:00
At boot time, EFI calls add_bootloader_randomness(), which in turn calls
add_hwgenerator_randomness(). Currently add_hwgenerator_randomness()
feeds the first 64 bytes of randomness to the "fast init"
non-crypto-grade phase. But if add_hwgenerator_randomness() gets called
with more than POOL_MIN_BITS of entropy, there's no point in passing it
off to the "fast init" stage, since that's enough entropy to bootstrap
the real RNG. The "fast init" stage is just there to provide _something_
in the case where we don't have enough entropy to properly bootstrap the
RNG. But if we do have enough entropy to bootstrap the RNG, the current
logic doesn't serve a purpose. So, in the case where we're passed
greater than or equal to POOL_MIN_BITS of entropy, this commit makes us
skip the "fast init" phase.

Cc: Dominik Brodowski &lt;linux@dominikbrodowski.net&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
diff --git a/drivers/char/random.c b/drivers/char/random.c
@@ -1128,7 +1128,7 @@ void rand_initialize_disk(struct gendisk *disk)
 void add_hwgenerator_randomness(const void *buffer, size_t count,
 				size_t entropy)
 {
-	if (unlikely(crng_init == 0)) {
+	if (unlikely(crng_init == 0 && entropy < POOL_MIN_BITS)) {
 		size_t ret = crng_pre_init_inject(buffer, count, true);
 		mix_pool_bytes(buffer, ret);
 		count -= ret;

Original file line number	Diff line number	Diff line change
`@@ -1128,7 +1128,7 @@ void rand_initialize_disk(struct gendisk *disk)`
`1128`	`1128`	`void add_hwgenerator_randomness(const void *buffer, size_t count,`
`1129`	`1129`	`size_t entropy)`
`1130`	`1130`	`{`
`1131`		`- if (unlikely(crng_init == 0)) {`
	`1131`	`+ if (unlikely(crng_init == 0 && entropy < POOL_MIN_BITS)) {`
`1132`	`1132`	`size_t ret = crng_pre_init_inject(buffer, count, true);`
`1133`	`1133`	`mix_pool_bytes(buffer, ret);`
`1134`	`1134`	`count -= ret;`