On Sun, Apr 19, 2015 at 05:37:21PM +0200, Stephan Mueller wrote:
I am not sure I understand you correctly: shall the DRBG have these
precautions? If so, wouldn't we break the requirements in SP800-90A where the
DRBG is intended to seed itself?
Or would you want to update the
As we moved the mutex init out of drbg_instantiate and into cra_init
we need to explicitly initialise the mutex in drbg_healthcheck_sanity.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 30ec2a6..57fd479 100644
--- a/crypto/drbg.c
+++
On Mon, Apr 20, 2015 at 02:45:02AM +0200, Stephan Mueller wrote:
I do not want to deviate from the kernel crypto API by adding some additional
wrapper. But what we can do is to leave the DRBG unseeded during alloc time.
As long as the DRBG is unseeded, it will return EAGAIN to any request
Am Montag, 20. April 2015, 08:48:55 schrieb Herbert Xu:
Hi Herbert,
On Mon, Apr 20, 2015 at 02:45:02AM +0200, Stephan Mueller wrote:
I do not want to deviate from the kernel crypto API by adding some
additional wrapper. But what we can do is to leave the DRBG unseeded
during alloc time. As
Am Montag, 20. April 2015, 11:26:48 schrieb Herbert Xu:
Hi Herbert,
As we moved the mutex init out of drbg_instantiate and into cra_init
we need to explicitly initialise the mutex in drbg_healthcheck_sanity.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
Acked-by: Stephan Mueller
Initialising the RNG in drbg_kcapi_init is a waste of precious
entropy because all users will immediately seed the RNG after
the allocation.
In fact, all users should seed the RNG before using it. So there
is no point in doing the seeding in drbg_kcapi_init.
This patch removes the initial
This series converts the crypto_rng interface over to the new
style. I'm putting it in quotes because this style has been
around since 2008. In fact, RNG was the very last interface
type added before the introduction of the new style.
Eventually all existing interfaces should be converted over
This patch ocnverts the KRNG implementation to the new low-level
rng interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/krng.c | 33 ++---
1 file changed, 14 insertions(+), 19 deletions(-)
diff --git a/crypto/krng.c b/crypto/krng.c
index
This patch converts the DRBG implementation to the new low-level
rng interface.
This allows us to get rid of struct drbg_gen by using the new RNG
API instead.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/drbg.c | 123
This patch adds the helpers that allow the registration and removal
of multiple RNG algorithms.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/rng.c | 29 +
include/crypto/internal/rng.h |2 ++
2 files changed, 31
Now that all rng implementations have switched over to the new
interface, we can remove the old low-level interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/rng.c | 57 ++
include/crypto/internal/rng.h |3 --
This patch adds the function crypto_rng_set_entropy. It is only
meant to be used by testmgr when testing RNG implementations by
providing fixed entropy data in order to verify test vectors.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
include/crypto/internal/rng.h |6 ++
This patch converts the low-level crypto_rng interface to the
new style.
This allows existing implementations to be converted over one-
by-one. Once that is complete we can then remove the old rng
interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/rng.c
There is no reason why crypto_rng_reset should modify the seed
so this patch marks it as const. Since our algorithms don't
export a const seed function yet we have to go through some
contortions for now.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/rng.c | 27
This patch adds a crypto_alg_extsize helper that can be used
by algorithm types such as pcompress and shash.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/algapi.c |6 ++
crypto/internal.h |2 ++
2 files changed, 8 insertions(+)
diff --git a/crypto/algapi.c
This patch ocnverts the ANSI CPRNG implementation to the new
low-level rng interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/ansi_cprng.c | 86
1 file changed, 41 insertions(+), 45 deletions(-)
diff --git
The file internal.h is only meant to be used by internel API
implementation and not algorithm implementations. In fact it
isn't even needed here so this patch removes it.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/ansi_cprng.c |2 --
1 file changed, 2 deletions(-)
This patch replaces crypto_shash_extsize function with
crypto_alg_extsize.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/shash.c |7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 47c7139..ecb1e3d 100644
---
This patch converts the top-level crypto_rng to the new style.
It was the last algorithm type added before we switched over
to the new way of doing things exemplified by shash.
All users will automatically switch over to the new interface.
Note that this patch does not touch the low-level
This patch adds the new top-level function crypto_rng_generate
which generates random numbers with additional input. It also
extends the mid-level rng_gen_random function to take additional
data as input.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/rng.c |9
20 matches
Mail list logo