| Message ID | 20231029204823.663930-2-dimitri.ledkov@canonical.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | [1/4] crypto: drbg - ensure most preferred type is FIPS health checked | expand |
Am Sonntag, 29. Oktober 2023, 21:48:21 CET schrieb Dimitri John Ledkov: Hi Dimitri, > When originally drbg was introduced FIPS self-checks for all types but > CTR were using the most preferred parameters for each type of > DRBG. Update CTR self-check to use aes256. > > Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit > Generator") Signed-off-by: Dimitri John Ledkov > <dimitri.ledkov@canonical.com> > --- > crypto/drbg.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/crypto/drbg.c b/crypto/drbg.c > index 2cce18dcfc..b120e2866b 100644 > --- a/crypto/drbg.c > +++ b/crypto/drbg.c > @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, > err = alg_test("drbg_pr_hmac_sha256", > "drbg_pr_hmac_sha256", 0, 0); > else if (drbg->core->flags & DRBG_CTR) > - err = alg_test("drbg_pr_ctr_aes128", > - "drbg_pr_ctr_aes128", 0, 0); > + err = alg_test("drbg_pr_ctr_aes256", > + "drbg_pr_ctr_aes256", 0, 0); > else > err = alg_test("drbg_pr_sha256", > "drbg_pr_sha256", 0, 0); > @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) > return 0; > > #ifdef CONFIG_CRYPTO_DRBG_CTR > - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); > + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); > #endif > #ifdef CONFIG_CRYPTO_DRBG_HASH > drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); I am not sure again whether this warrants a "Fixes" tag, because the first modification is in a commented-out code section and the latter again intends to test the DRBG thresholds and thus just needs "a" DRBG. Anyhow: Reviewed-by: Stephan Mueller <smueller@chronox.de> Ciao Stephan
On Mon, 30 Oct 2023 at 12:23, Stephan Mueller <smueller@chronox.de> wrote: > > Am Sonntag, 29. Oktober 2023, 21:48:21 CET schrieb Dimitri John Ledkov: > > Hi Dimitri, > > > When originally drbg was introduced FIPS self-checks for all types but > > CTR were using the most preferred parameters for each type of > > DRBG. Update CTR self-check to use aes256. > > > > Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit > > Generator") Signed-off-by: Dimitri John Ledkov > > <dimitri.ledkov@canonical.com> > > > > > --- > > crypto/drbg.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/crypto/drbg.c b/crypto/drbg.c > > index 2cce18dcfc..b120e2866b 100644 > > --- a/crypto/drbg.c > > +++ b/crypto/drbg.c > > @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, > > err = alg_test("drbg_pr_hmac_sha256", > > "drbg_pr_hmac_sha256", 0, 0); > > else if (drbg->core->flags & DRBG_CTR) > > - err = alg_test("drbg_pr_ctr_aes128", > > - "drbg_pr_ctr_aes128", 0, 0); > > + err = alg_test("drbg_pr_ctr_aes256", > > + "drbg_pr_ctr_aes256", 0, 0); > > else > > err = alg_test("drbg_pr_sha256", > > "drbg_pr_sha256", 0, 0); > > @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) > > return 0; > > > > #ifdef CONFIG_CRYPTO_DRBG_CTR > > - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); > > + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); > > #endif > > #ifdef CONFIG_CRYPTO_DRBG_HASH > > drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); > > I am not sure again whether this warrants a "Fixes" tag, because the first > modification is in a commented-out code section and the latter again intends > to test the DRBG thresholds and thus just needs "a" DRBG. > Agreed, it is more of a reference. But yes, I don't believe this needs to trigger stable backports - because yes it is like dead code, or fips only code which majority kernels don't do. Maybe I should reference that commit in description only? > Anyhow: > > Reviewed-by: Stephan Mueller <smueller@chronox.de> > > > Ciao > Stephan > >
Am Montag, 30. Oktober 2023, 11:30:32 CET schrieb Dimitri John Ledkov: Hi Dimitri, > On Mon, 30 Oct 2023 at 12:23, Stephan Mueller <smueller@chronox.de> wrote: > > Am Sonntag, 29. Oktober 2023, 21:48:21 CET schrieb Dimitri John Ledkov: > > > > Hi Dimitri, > > > > > When originally drbg was introduced FIPS self-checks for all types but > > > CTR were using the most preferred parameters for each type of > > > DRBG. Update CTR self-check to use aes256. > > > > > > Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit > > > Generator") Signed-off-by: Dimitri John Ledkov > > > <dimitri.ledkov@canonical.com> > > > > > > > > > > > > --- > > > > > > crypto/drbg.c | 6 +++--- > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/crypto/drbg.c b/crypto/drbg.c > > > index 2cce18dcfc..b120e2866b 100644 > > > --- a/crypto/drbg.c > > > +++ b/crypto/drbg.c > > > @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, > > > > > > err = alg_test("drbg_pr_hmac_sha256", > > > > > > "drbg_pr_hmac_sha256", 0, 0); > > > > > > else if (drbg->core->flags & DRBG_CTR) > > > > > > - err = alg_test("drbg_pr_ctr_aes128", > > > - "drbg_pr_ctr_aes128", 0, 0); > > > + err = alg_test("drbg_pr_ctr_aes256", > > > + "drbg_pr_ctr_aes256", 0, 0); > > > > > > else > > > > > > err = alg_test("drbg_pr_sha256", > > > > > > "drbg_pr_sha256", 0, 0); > > > > > > @@ -2017,7 +2017,7 @@ static inline int __init > > > drbg_healthcheck_sanity(void) return 0; > > > > > > #ifdef CONFIG_CRYPTO_DRBG_CTR > > > > > > - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); > > > + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); > > > > > > #endif > > > #ifdef CONFIG_CRYPTO_DRBG_HASH > > > > > > drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); > > > > I am not sure again whether this warrants a "Fixes" tag, because the first > > modification is in a commented-out code section and the latter again > > intends to test the DRBG thresholds and thus just needs "a" DRBG. > > Agreed, it is more of a reference. But yes, I don't believe this needs > to trigger stable backports - because yes it is like dead code, or > fips only code which majority kernels don't do. Maybe I should > reference that commit in description only? I think this would be good to avoid the need to trigger backports for this "trivial" patch. Thanks a lot. > > > Anyhow: > > > > Reviewed-by: Stephan Mueller <smueller@chronox.de> > > > > > > Ciao > > Stephan Ciao Stephan
diff --git a/crypto/drbg.c b/crypto/drbg.c index 2cce18dcfc..b120e2866b 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, err = alg_test("drbg_pr_hmac_sha256", "drbg_pr_hmac_sha256", 0, 0); else if (drbg->core->flags & DRBG_CTR) - err = alg_test("drbg_pr_ctr_aes128", - "drbg_pr_ctr_aes128", 0, 0); + err = alg_test("drbg_pr_ctr_aes256", + "drbg_pr_ctr_aes256", 0, 0); else err = alg_test("drbg_pr_sha256", "drbg_pr_sha256", 0, 0); @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) return 0; #ifdef CONFIG_CRYPTO_DRBG_CTR - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr);
When originally drbg was introduced FIPS self-checks for all types but CTR were using the most preferred parameters for each type of DRBG. Update CTR self-check to use aes256. Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit Generator") Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- crypto/drbg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)