Hi, the current implementation of the DRBG generates a shadow copy of its DRBG state for each incoming request. The idea is that only a short term lock is needed to spawn the shadow copy. The drawback is that if multiple parallel requests come in, the generated DRBG shadow states only differ by a high-resolution timer that was mixed in during the shadow state generation. This patch now removes this shadow state and introduces a mutex to serialize all requests to one DRBG instance. The patch was fully CAVS tested and demonstrates that the DRBG still complies with the standard. Changes v2: * fix return code check of drbg_generate in drbg_generate_long * move mutex_init to drbg_kcapi_init to ensure the mutex is initialized only during the instantiation of a DRBG and during a reset * merge the patch for replacing the spinlock with a mutex and the removal of the shadow copy generation as both patches cannot stand alone and would therefore break bisection * drop patch that fixes the memory release (Herbert: you mentioned the patch is applied but it is not yet in the repo -- this patch is vital as otherwise AES192 now breaks without the shadow copy operation) Changes v3: * patch for fixing the return code handling in drbg_generate_long did not cover all code paths -- now the issue should be truly fixed Stephan Mueller (3): crypto: drbg - fix drbg_generate return val check crypto: drbg - replace spinlock with mutex crypto: drbg - leave cipher handles operational crypto/drbg.c | 166 +++++++++++--------------------------------------- include/crypto/drbg.h | 4 +- 2 files changed, 36 insertions(+), 134 deletions(-) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
