| Message ID | E1Z02US-0001Gy-Hd@gondolin.me.apana.org.au (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
Am Mittwoch, 3. Juni 2015, 14:49:28 schrieb Herbert Xu: Hi Herbert, >This patch adds the stdrng module alias and increases the priority >to ensure that it is loaded in preference to other RNGs. > >Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> >--- > > crypto/drbg.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/crypto/drbg.c b/crypto/drbg.c >index 9284348..04836b4 100644 >--- a/crypto/drbg.c >+++ b/crypto/drbg.c >@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct >rng_alg *alg, const struct drbg_core *core, int pr) > { > int pos = 0; >- static int priority = 100; >+ static int priority = 200; Considering the patch 8/8 which removes krng, wouldn't it make sense to remove the following code from the DRBG: /* * If FIPS mode enabled, the selected DRBG shall have the * highest cra_priority over other stdrng instances to ensure * it is selected. */ if (fips_enabled) alg->base.cra_priority += 200; That code was added to get a higher prio than the krng in FIPS mode. As this is not needed any more (krng is gone), I would say it is safe to remove this code too. > > memcpy(alg->base.cra_name, "stdrng", 6); > if (pr) { >@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random >Bit Generator (DRBG) " CRYPTO_DRBG_HASH_STRING > CRYPTO_DRBG_HMAC_STRING > CRYPTO_DRBG_CTR_STRING); >+MODULE_ALIAS_CRYPTO("stdrng"); Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jun 03, 2015 at 08:59:13AM +0200, Stephan Mueller wrote: > > Considering the patch 8/8 which removes krng, wouldn't it make sense to remove > the following code from the DRBG: > > /* > * If FIPS mode enabled, the selected DRBG shall have the > * highest cra_priority over other stdrng instances to ensure > * it is selected. > */ > if (fips_enabled) > alg->base.cra_priority += 200; > > That code was added to get a higher prio than the krng in FIPS mode. As this > is not needed any more (krng is gone), I would say it is safe to remove this > code too. You'd have to remove it from ansi_cprng first. Feel free to send patches to do that. Thanks,
Am Mittwoch, 3. Juni 2015, 15:01:39 schrieb Herbert Xu: Hi Herbert, > You'd have to remove it from ansi_cprng first. Feel free to send > patches to do that. Absolutely, my bad.
diff --git a/crypto/drbg.c b/crypto/drbg.c index 9284348..04836b4 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct rng_alg *alg, const struct drbg_core *core, int pr) { int pos = 0; - static int priority = 100; + static int priority = 200; memcpy(alg->base.cra_name, "stdrng", 6); if (pr) { @@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random Bit Generator (DRBG) " CRYPTO_DRBG_HASH_STRING CRYPTO_DRBG_HMAC_STRING CRYPTO_DRBG_CTR_STRING); +MODULE_ALIAS_CRYPTO("stdrng");
This patch adds the stdrng module alias and increases the priority to ensure that it is loaded in preference to other RNGs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> --- crypto/drbg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html