On Mon, Apr 10, 2023 at 10:55:13PM +0200, Stephan Müller wrote: > > +static int jent_kcapi_init(struct crypto_tfm *tfm) > +{ > + struct jitterentropy *rng = crypto_tfm_ctx(tfm); > + struct crypto_shash *hash; > + struct shash_desc *sdesc; > + int size, ret = 0; > + > + /* > + * Use SHA3-256 as conditioner. We allocate only the generic > + * implementation as we are not interested in high-performance. The > + * execution time of the SHA3 operation is measured and adds to the > + * Jitter RNG's unpredictable behavior. If we have a slower hash > + * implementation, the execution timing variations are larger. When > + * using a fast implementation, we would need to call it more often > + * as its variations are lower. > + */ > + hash = crypto_alloc_shash(JENT_CONDITIONING_HASH, 0, 0); > + if (IS_ERR(hash)) { > + pr_err("Cannot allocate conditioning digest\n"); > + return PTR_ERR(hash); > + } > + rng->tfm = hash; > + > + size = sizeof(struct shash_desc) + crypto_shash_descsize(hash); > + sdesc = kmalloc(size, GFP_KERNEL); > + if (!sdesc) { > + ret = -ENOMEM; > + goto err; > + } > + > + sdesc->tfm = hash; > + crypto_shash_init(sdesc); > + rng->sdesc = sdesc; > + > + rng->entropy_collector = jent_entropy_collector_alloc(1, 0, sdesc); > + if (!rng->entropy_collector) > + ret = -ENOMEM; Is this supposed to fail or not? > + > + spin_lock_init(&rng->jent_lock); > + return 0; > + > +err: > + jent_kcapi_cleanup(tfm); > + return ret; > +} > + Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt