Am Mittwoch, 3. Juni 2015, 14:49:28 schrieb Herbert Xu:
Hi Herbert,
>This patch adds the stdrng module alias and increases the priority
>to ensure that it is loaded in preference to other RNGs.
>
>Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>---
>
> crypto/drbg.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/crypto/drbg.c b/crypto/drbg.c
>index 9284348..04836b4 100644
>--- a/crypto/drbg.c
>+++ b/crypto/drbg.c
>@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct
>rng_alg *alg, const struct drbg_core *core, int pr)
> {
> int pos = 0;
>- static int priority = 100;
>+ static int priority = 200;
Considering the patch 8/8 which removes krng, wouldn't it make sense to remove
the following code from the DRBG:
/*
* If FIPS mode enabled, the selected DRBG shall have the
* highest cra_priority over other stdrng instances to ensure
* it is selected.
*/
if (fips_enabled)
alg->base.cra_priority += 200;
That code was added to get a higher prio than the krng in FIPS mode. As this
is not needed any more (krng is gone), I would say it is safe to remove this
code too.
>
> memcpy(alg->base.cra_name, "stdrng", 6);
> if (pr) {
>@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random
>Bit Generator (DRBG) " CRYPTO_DRBG_HASH_STRING
> CRYPTO_DRBG_HMAC_STRING
> CRYPTO_DRBG_CTR_STRING);
>+MODULE_ALIAS_CRYPTO("stdrng");
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
