From: Markus Theil <theil.markus@gmail.com>
To: linux-crypto@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org,
akpm@linux-foundation.org, Jason@zx2c4.com,
Markus Theil <theil.markus@gmail.com>
Subject: [PATCH 1/2] prandom: add usage comments for cryptography
Date: Fri, 14 Feb 2025 09:18:39 +0100 [thread overview]
Message-ID: <20250214081840.47229-2-theil.markus@gmail.com> (raw)
In-Reply-To: <20250214081840.47229-1-theil.markus@gmail.com>
Make it more explicit, that the PRNG must not
be used for cryptographic purposes.
Future code may also check such things in checkpatch.pl,
but it is probably hard to differentiate valid testing
code only by looking at paths. Therefore this is left
out here by intention.
Signed-off-by: Markus Theil <theil.markus@gmail.com>
---
include/linux/prandom.h | 2 ++
lib/random32.c | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index ff7dcc3fa105..63d1fe4b30c8 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -17,7 +17,9 @@ struct rnd_state {
__u32 s1, s2, s3, s4;
};
+/* WARNING: this API MUST NOT be used for cryptographic purposes! */
u32 prandom_u32_state(struct rnd_state *state);
+/* WARNING: this API MUST NOT be used for cryptographic purposes! */
void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
diff --git a/lib/random32.c b/lib/random32.c
index 24e7acd9343f..c808745a4b53 100644
--- a/lib/random32.c
+++ b/lib/random32.c
@@ -1,5 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
/*
+ * WARNING: this API MUST NOT be used for cryptographic purposes!
+ *
* This is a maximally equidistributed combined Tausworthe generator
* based on code from GNU Scientific Library 1.5 (30 Jun 2004)
*
@@ -48,6 +50,8 @@
*
* This is used for pseudo-randomness with no outside seeding.
* For more random results, use get_random_u32().
+ *
+ * WARNING: this API MUST NOT be used for cryptographic purposes!
*/
u32 prandom_u32_state(struct rnd_state *state)
{
@@ -70,6 +74,8 @@ EXPORT_SYMBOL(prandom_u32_state);
*
* This is used for pseudo-randomness with no outside seeding.
* For more random results, use get_random_bytes().
+ *
+ * WARNING: this API MUST NOT be used for cryptographic purposes!
*/
void prandom_bytes_state(struct rnd_state *state, void *buf, size_t bytes)
{
--
2.47.2
next prev parent reply other threads:[~2025-02-14 8:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 8:18 [PATCH 0/2] prandom: add crypto warnings and switch to new PRNG Markus Theil
2025-02-14 8:18 ` Markus Theil [this message]
2025-02-14 8:18 ` [PATCH 2/2] prandom/random32: switch to Xoshiro256++ Markus Theil
2025-02-17 11:18 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250214081840.47229-2-theil.markus@gmail.com \
--to=theil.markus@gmail.com \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.