[RFC] crypto: exynos - Icrease the priority of the driver
diff mbox

Message ID 20171205124214.31263-1-l.stelmach@samsung.com
State Superseded
Delegated to: Herbert Xu
Headers show

Commit Message

Łukasz Stelmach Dec. 5, 2017, 12:42 p.m. UTC
exynos-rng is one of many implementations of stdrng. With priority as
low as 100 it isn't selected, if software implementations (DRBG) are
available.

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
---

If not 1000, what is the best value, what is the policy?


 drivers/crypto/exynos-rng.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Stephan Mueller Dec. 5, 2017, 1:48 p.m. UTC | #1
Am Dienstag, 5. Dezember 2017, 13:42:14 CET schrieb Łukasz Stelmach:

Hi Łukasz,

> exynos-rng is one of many implementations of stdrng. With priority as
> low as 100 it isn't selected, if software implementations (DRBG) are
> available.

What about using 300? The reason is the following: in the normal case, the 
software PRNGs have 100 (X9.31) and 200 (SP800-90A DRBG). Thus, in normal 
case, the hardware takes precedence.

In FIPS mode, the DRBG prio is increased by 200. As in FIPS mode you must have 
a DRBG and assuming that the hardware does not implement a DRBG, the software 
DRBG should be used as otherwise you have a FIPS-problem.

Ciao
Stephan

Patch
diff mbox

diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c
index 0bf07a655813..3c514eaae9dc 100644
--- a/drivers/crypto/exynos-rng.c
+++ b/drivers/crypto/exynos-rng.c
@@ -259,7 +259,7 @@  static struct rng_alg exynos_rng_alg = {
 	.base			= {
 		.cra_name		= "stdrng",
 		.cra_driver_name	= "exynos_rng",
-		.cra_priority		= 100,
+		.cra_priority		= 1000,
 		.cra_ctxsize		= sizeof(struct exynos_rng_ctx),
 		.cra_module		= THIS_MODULE,
 		.cra_init		= exynos_rng_kcapi_init,