Am Mittwoch, 3. Juni 2015, 14:49:28 schrieb Herbert Xu: Hi Herbert, >This patch adds the stdrng module alias and increases the priority >to ensure that it is loaded in preference to other RNGs. > >Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> >--- > > crypto/drbg.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/crypto/drbg.c b/crypto/drbg.c >index 9284348..04836b4 100644 >--- a/crypto/drbg.c >+++ b/crypto/drbg.c >@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct >rng_alg *alg, const struct drbg_core *core, int pr) > { > int pos = 0; >- static int priority = 100; >+ static int priority = 200; Considering the patch 8/8 which removes krng, wouldn't it make sense to remove the following code from the DRBG: /* * If FIPS mode enabled, the selected DRBG shall have the * highest cra_priority over other stdrng instances to ensure * it is selected. */ if (fips_enabled) alg->base.cra_priority += 200; That code was added to get a higher prio than the krng in FIPS mode. As this is not needed any more (krng is gone), I would say it is safe to remove this code too. > > memcpy(alg->base.cra_name, "stdrng", 6); > if (pr) { >@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random >Bit Generator (DRBG) " CRYPTO_DRBG_HASH_STRING > CRYPTO_DRBG_HMAC_STRING > CRYPTO_DRBG_CTR_STRING); >+MODULE_ALIAS_CRYPTO("stdrng"); Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html