[PATCH v2 00/25] Multiple changes to crypto/ansi_cprng.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a reworked version of my earlier patch series, based on feedback
from Neil Horman and Stephan Mueller.  Thank you both very much!

It's mostly the same content as before, but I've tried to improve comments
and commit messages to address questions, to reorder the patches to put
the questionable stuff at the end, and I've also (at Neil's prodding)
made some larger scale changes.

I've added appropriate const qualifiers to the RNG API, and also const
declarations to all of the self-tests in testmgr.h.  (That's a very
large but simple patch.)

The significant code improvement is the addition of what I call the
"stutter test" to testmgr.  This reads from the RNG in irregular chunks
and verifies that the output matches that produced by a more regular
pattern.  This should prevent any recurrence of CVE-2013-4345.
(It itself passed an important test by detecting a bug in my code!)

Dropped change:
* Neil said he wanted deterministic to remain the default, so I dropped
  the patch that changed the default seedsize.

Pending issues:
* Neil would like me to post the results of the NIST and FIPS test
  vectors.  The current code doesn't print anything on a successful
  test; I need to know what result format is wanted.
* Stephan says he has the FIPS test vectors referred to above and
  will send them to me when he finds them.
* Is non-deterministic mode (last three patches) wanted?

George Spelvin (25):
  crypto: ansi_cprng - unroll _get_more_prng_bytes
  crypto: ansi_cprng - Additional _get_more_prng_bytes cleanup
  crypto: ansi_cprng - Use %phN rather than print_hex_dump for debug
  crypto: ansi_cprng - Make debug output more like NIST test vectors
  crypto: ansi_cprng - Eliminate ctx->I and ctx->last_rand_data
  crypto: ansi_cprng - Make cont_test a bool
  crypto: ansi_cprng - Shrink context some more
  crypto: ansi_cprng - Don't call reset_prng_context from cprng_init
  crypto: ansi_cprng - Make length types consistent
  crypto: ansi_cprng - Use u8 data types consistently internally
  crypto: ansi_cprng - Eliminate unused PRNG_FIXED_SIZE flag
  crypto: ansi_cprng - Get rid of rdata buffer in fips_cprng_reset
  crypto: Add appropriate consts to RNG API
  crypto: tcrypt - Add const qualifiers all over the test code.
  crypto: testmgr - Merge seed arrays in struct cprng_testvec
  crypto: testmgr - Report failure on zero-length crypto_rng_get_bytes
  crypto: testmgr - Don't crash if CPRNG test result is large
  crypto: testmgr - Add CPRNG stutter test.
  crypto: ansi_cprng - simplify get_prng_bytes
  crypto: ansi_cprng - simplify xor_vectors() to xor_block()
  crypto: ansi_cprng - Rename rand_data_valid more sensibly
  crypto: ansi_cprng - Tweak comments
  crypto: ansi_cprng - Introduce a "union cipherblock"
  crypto: ansi_cprng - Introduce non-deterministic mode
  crypto: ansi_cprng - If non-deterministic, don't buffer old output

 crypto/ansi_cprng.c    | 369 ++++++++++++++++--------------------
 crypto/krng.c          |   2 +-
 crypto/rng.c           |   3 +-
 crypto/tcrypt.c        |  46 ++---
 crypto/tcrypt.h        |  30 +--
 crypto/testmgr.c       | 190 +++++++++++++------
 crypto/testmgr.h       | 502 ++++++++++++++++++++++++-------------------------
 include/crypto/rng.h   |   2 +-
 include/linux/crypto.h |   6 +-
 9 files changed, 587 insertions(+), 563 deletions(-)

-- 
2.1.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux