| Message ID | 20231030120517.39424-2-dimitri.ledkov@canonical.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2157300vqb;
Mon, 30 Oct 2023 05:06:08 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFfQJvkAoUVREGXSIXDsha9yAW+XwxppDOVZSn2vHP5JuF+7YGvZlh479OKljlFV6d0Ymxd
X-Received: by 2002:a05:6a21:4849:b0:173:3ef3:236a with SMTP id
au9-20020a056a21484900b001733ef3236amr6697348pzc.21.1698667568460;
Mon, 30 Oct 2023 05:06:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698667568; cv=none;
d=google.com; s=arc-20160816;
b=JXdHX8Dncmoe0e7BL5wn0fvAyKxdmggiRBlx2P/YtuKpJYGqev3ZtoLI+Nx5sX/kgu
LwsKb8kncOqnMZFiO5PPCoV8YT0gvWP02NIkz98xSGM4OHbtB4l95dCXwGPy2wvVgc0y
os3d1QvEI/2/cDyqCDYDkjxWUymZkgX+IFqGoodWE1lNLRiAsf/eV5aYN9VvivSeesKm
9B1/CewJUiFIe4BSvRRcNrhdoG53rxPvT9GWl6IhAygePvTfBY16BP0pPeFQgnHeRRNh
Ps8CXEbTupg+AoCUAYB54bxvUvPp4v+jqsc/dt4K2rVC9BaqLPg3UhycFglsCb1w/oTc
mx8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=goPlhkL/xzNb2R4OkDT742TxqiPYA+4C52wqVnxeTeU=;
fh=f7rGv/lZUKYPSVW4vmZTSpKGS2MqhLr4JDXhUskr9eQ=;
b=LZguZllwKarsuGoAJFpreHUyS8376zPDAaAtxbgJ49fxLUH4BW9XRExagjZppYVM6R
nixYNNwoAr1leu3gQA6L7MzRSrfYuxEjW5YMpaNKWxR/MfPEkQ9yRmh22h4W94O3OrOe
kDLPbaU19CbmzXtpvGtijsVkt4FLZ0k8Nl2aXCyG3MAryrbvURQPQPk7Jxj/3PoF2Mj8
d6f3FwLwc9jvJ0EXFCrPOocqetYLR26kP6LiO5SwclLWquD0xIB0hLAHo+M/dZp1fhlh
EOXzRzJmJFRC/h4OEXuI6aNxZFwEff4qW5rSvJC5yDRk5mg9pJYt3UaXKDY+jFMhzrb/
Owsw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=ViAmbB4a;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
by mx.google.com with ESMTPS id
w6-20020a63fb46000000b005b33c54df1esi4913058pgj.51.2023.10.30.05.06.08
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 30 Oct 2023 05:06:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=ViAmbB4a;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by agentk.vger.email (Postfix) with ESMTP id 68A7280A07EF;
Mon, 30 Oct 2023 05:06:06 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233095AbjJ3MFx (ORCPT <rfc822;zxc52fgh@gmail.com> + 31 others);
Mon, 30 Oct 2023 08:05:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37656 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233127AbjJ3MFr (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 30 Oct 2023 08:05:47 -0400
Received: from smtp-relay-internal-0.canonical.com
(smtp-relay-internal-0.canonical.com [185.125.188.122])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CAF9C9
for <linux-kernel@vger.kernel.org>;
Mon, 30 Oct 2023 05:05:45 -0700 (PDT)
Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com
[209.85.208.199])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256)
(No client certificate requested)
by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id
9402D3FADC
for <linux-kernel@vger.kernel.org>;
Mon, 30 Oct 2023 12:05:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
s=20210705; t=1698667543;
bh=goPlhkL/xzNb2R4OkDT742TxqiPYA+4C52wqVnxeTeU=;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
MIME-Version;
b=ViAmbB4aptfuB10K4nwvaQsoxkNVtCrGfGQb5NO4WQ9w8DkqCJLsiM10Vb9mZ0FtJ
09QB1iEKbnOdPSZBBlOsHF17sos+B4KHLHzDxCBWJ1cIZ4n57H6e+jD9BCvxVSnold
EWC7h6nQZ3CIg5Nw7oVQeU+H4GFAhHqYycdAi09NtxCVqSXJVmgnH3Z3Z0/3WTODd6
fDFasvU1DdQi8RUna1RAhOQtCw13VcgkTtEVLKVZHEk0g7cf+ZkRAqnUTFSRKV714Q
hJ1yl6jWylmc4oMSk/LMIxBvz64rxJ25CJoI5i3gCHb31h2U+a7S6N5tVDEgPvIqdK
leSoP3s4qjuqA==
Received: by mail-lj1-f199.google.com with SMTP id
38308e7fff4ca-2c53ea92642so44311401fa.2
for <linux-kernel@vger.kernel.org>;
Mon, 30 Oct 2023 05:05:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1698667543; x=1699272343;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=goPlhkL/xzNb2R4OkDT742TxqiPYA+4C52wqVnxeTeU=;
b=uPH/g6juV6mqioSo91mni508UnPP8EVnGn0+9uv41SIqpO6IZierNWYP1aNNRQbihu
Qzacy0CRf8WbISyk8ca8sh+d+2M9svgt1Cg6AghNh0WSuz7G4cidv9FFaLr9CVGYmTMX
2WWxMEydcUPifmJ1kSBWotRLjnZQnFc0kubtafVUVEjIXQljt0RdVhAQ18dVP/0WMTdP
umGNLFs4aJMxQb9apB2w/xdW5M7LfGabFUpNlm6v6vxeesZCGMfluo36VfcAE/gZmvcy
Bj5nvhdh6TMk3UV1ipxyAxqYr6h/6blgxI2Kid07iJb9Hri31rtWiqRloefr6RDJj3nu
bhEg==
X-Gm-Message-State: AOJu0Ywq9ozKlnG4qW9y5M6H0SuNm+BreKkrXES8ATK4yftEsW9DMwEw
BbGDiToiYAhOQLiMl/Fqpp9V073A1box9zyrRl4D5WpYyPCcx56vXsmrOrCJMC/r0i6S7wwnO0s
PaZAlcWUMYWInOuZCv8nS/IgZJRsMynnYZXYMRtTxzA==
X-Received: by 2002:a05:6512:3b97:b0:507:9777:a34a with SMTP id
g23-20020a0565123b9700b005079777a34amr9719637lfv.39.1698667543043;
Mon, 30 Oct 2023 05:05:43 -0700 (PDT)
X-Received: by 2002:a05:6512:3b97:b0:507:9777:a34a with SMTP id
g23-20020a0565123b9700b005079777a34amr9719602lfv.39.1698667542331;
Mon, 30 Oct 2023 05:05:42 -0700 (PDT)
Received: from localhost ([159.148.223.140])
by smtp.gmail.com with ESMTPSA id
n18-20020a056512311200b005056ccb222asm1418808lfb.105.2023.10.30.05.05.41
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 30 Oct 2023 05:05:42 -0700 (PDT)
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: smueller@chronox.de, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 1/4] crypto: drbg - ensure most preferred type is FIPS
health checked
Date: Mon, 30 Oct 2023 14:05:13 +0200
Message-Id: <20231030120517.39424-2-dimitri.ledkov@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20231030120517.39424-1-dimitri.ledkov@canonical.com>
References: <20231029204823.663930-1-dimitri.ledkov@canonical.com>
<20231030120517.39424-1-dimitri.ledkov@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]);
Mon, 30 Oct 2023 05:06:06 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781124332562268922
X-GMAIL-MSGID: 1781182044207619995
|
| Series |
drbg small fixes
|
|
Commit Message
Dimitri John Ledkov
Oct. 30, 2023, 12:05 p.m. UTC
drbg supports multiple types of drbg, and multiple parameters of
each. Health check sanity only checks one drbg of a single type. One
can enable all three types of drbg. And instead of checking the most
preferred algorithm (last one wins), it is currently checking first
one instead.
Update ifdef to ensure that healthcheck prefers HMAC, over HASH, over
CTR, last one wins, like all other code and functions.
This patch updates code from 541af946fe ("crypto: drbg - SP800-90A
Deterministic Random Bit Generator"), but is not interesting to
cherry-pick for stable updates, because it doesn't affect regular
builds, nor has any tangible effect on FIPS certifcation.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
---
crypto/drbg.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c index ff4ebbc68e..2cce18dcfc 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -2018,9 +2018,11 @@ static inline int __init drbg_healthcheck_sanity(void) #ifdef CONFIG_CRYPTO_DRBG_CTR drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); -#elif defined CONFIG_CRYPTO_DRBG_HASH +#endif +#ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); -#else +#endif +#ifdef CONFIG_CRYPTO_DRBG_HMAC drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr); #endif