On Mon, Apr 20, 2015 at 02:45:02AM +0200, Stephan Mueller wrote: > > I do not want to deviate from the kernel crypto API by adding some additional > wrapper. But what we can do is to leave the DRBG unseeded during alloc time. > As long as the DRBG is unseeded, it will return EAGAIN to any request for > random numbers, forcing the caller to use crypto_rng_reset to activate the > DRBG. > > When the DRBG receives a reset, it will always obtain the seed and treat any > user-provided data as personalization string / additional data. That's exactly what I was suggesting. I already have two patches that I will post once I finish testing. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html