Re: [PATCH 5/8] crypto: drbg - Add stdrng alias and increase priority

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mittwoch, 3. Juni 2015, 14:49:28 schrieb Herbert Xu:

Hi Herbert,

>This patch adds the stdrng module alias and increases the priority
>to ensure that it is loaded in preference to other RNGs.
>
>Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>---
>
> crypto/drbg.c |    3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/crypto/drbg.c b/crypto/drbg.c
>index 9284348..04836b4 100644
>--- a/crypto/drbg.c
>+++ b/crypto/drbg.c
>@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct
>rng_alg *alg, const struct drbg_core *core, int pr)
> {
> 	int pos = 0;
>-	static int priority = 100;
>+	static int priority = 200;

Considering the patch 8/8 which removes krng, wouldn't it make sense to remove 
the following code from the DRBG:

        /*
         * If FIPS mode enabled, the selected DRBG shall have the
         * highest cra_priority over other stdrng instances to ensure
         * it is selected.
         */
        if (fips_enabled)
                alg->base.cra_priority += 200;

That code was added to get a higher prio than the krng in FIPS mode. As this 
is not needed any more (krng is gone), I would say it is safe to remove this 
code too.

>
> 	memcpy(alg->base.cra_name, "stdrng", 6);
> 	if (pr) {
>@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random
>Bit Generator (DRBG) " CRYPTO_DRBG_HASH_STRING
> 		   CRYPTO_DRBG_HMAC_STRING
> 		   CRYPTO_DRBG_CTR_STRING);
>+MODULE_ALIAS_CRYPTO("stdrng");


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux