[PATCH 5/8] crypto: drbg - Add stdrng alias and increase priority
This patch adds the stdrng module alias and increases the priority
to ensure that it is loaded in preference to other RNGs.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/drbg.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 9284348..04836b4 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct rng_alg
*alg,
const struct drbg_core *core, int pr)
{
int pos = 0;
- static int priority = 100;
+ static int priority = 200;
memcpy(alg-base.cra_name, stdrng, 6);
if (pr) {
@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random
Bit Generator (DRBG)
CRYPTO_DRBG_HASH_STRING
CRYPTO_DRBG_HMAC_STRING
CRYPTO_DRBG_CTR_STRING);
+MODULE_ALIAS_CRYPTO(stdrng);
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/8] crypto: drbg - Add stdrng alias and increase priority
On Wed, Jun 03, 2015 at 08:59:13AM +0200, Stephan Mueller wrote: Considering the patch 8/8 which removes krng, wouldn't it make sense to remove the following code from the DRBG: /* * If FIPS mode enabled, the selected DRBG shall have the * highest cra_priority over other stdrng instances to ensure * it is selected. */ if (fips_enabled) alg-base.cra_priority += 200; That code was added to get a higher prio than the krng in FIPS mode. As this is not needed any more (krng is gone), I would say it is safe to remove this code too. You'd have to remove it from ansi_cprng first. Feel free to send patches to do that. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/8] crypto: drbg - Add stdrng alias and increase priority
Am Mittwoch, 3. Juni 2015, 14:49:28 schrieb Herbert Xu:
Hi Herbert,
This patch adds the stdrng module alias and increases the priority
to ensure that it is loaded in preference to other RNGs.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/drbg.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 9284348..04836b4 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1876,7 +1876,7 @@ static inline void __init drbg_fill_array(struct
rng_alg *alg, const struct drbg_core *core, int pr)
{
int pos = 0;
- static int priority = 100;
+ static int priority = 200;
Considering the patch 8/8 which removes krng, wouldn't it make sense to remove
the following code from the DRBG:
/*
* If FIPS mode enabled, the selected DRBG shall have the
* highest cra_priority over other stdrng instances to ensure
* it is selected.
*/
if (fips_enabled)
alg-base.cra_priority += 200;
That code was added to get a higher prio than the krng in FIPS mode. As this
is not needed any more (krng is gone), I would say it is safe to remove this
code too.
memcpy(alg-base.cra_name, stdrng, 6);
if (pr) {
@@ -1965,3 +1965,4 @@ MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random
Bit Generator (DRBG) CRYPTO_DRBG_HASH_STRING
CRYPTO_DRBG_HMAC_STRING
CRYPTO_DRBG_CTR_STRING);
+MODULE_ALIAS_CRYPTO(stdrng);
Ciao
Stephan
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/8] crypto: drbg - Add stdrng alias and increase priority
Am Mittwoch, 3. Juni 2015, 15:01:39 schrieb Herbert Xu: Hi Herbert, You'd have to remove it from ansi_cprng first. Feel free to send patches to do that. Absolutely, my bad. -- Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
