Re: [PATCH 1/2] crypto: Jitter RNG SP800-90B compliance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 16. April 2020, 08:15:29 CEST schrieb Herbert Xu:

Hi Herbert,

> On Sat, Apr 11, 2020 at 09:35:03PM +0200, Stephan Müller wrote:
> > @@ -142,7 +143,47 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
> > 
> >  	int ret = 0;
> >  	
> >  	spin_lock(&rng->jent_lock);
> > 
> > +
> > +	/* Return a permanent error in case we had too many resets in a row. 
*/
> > +	if (rng->reset_cnt > (1<<10)) {
> > +		ret = -EFAULT;
> > +		goto out;
> > +	}
> > +
> > 
> >  	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
> > 
> > +
> > +	/* Reset RNG in case of health failures */
> > +	if (ret < -1) {
> > +		pr_warn_ratelimited("Reset Jitter RNG due to health test 
failure: %s
> > failure\n", +				    (ret == -2) ? "Repetition 
Count Test" :
> > +						  "Adaptive Proportion Test");
> > +
> > +		rng->reset_cnt++;
> > +
> > +		ret = jent_entropy_init();
> > +		if (ret) {
> > +			pr_warn_ratelimited("Jitter RNG self-tests failed: 
%d\n",
> > +					    ret);
> > +			ret = -EFAULT;
> > +			goto out;
> > +		}
> > +		jent_entropy_collector_free(rng->entropy_collector);
> > +		rng->entropy_collector = jent_entropy_collector_alloc(1, 0);
> 
> You can't do a GFP_KERNEL allocation inside spin-locks.

Of course, thanks for pointing that out. I will send an update shortly.

Ciao
Stephan






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux