| Message ID | 20211130141009.6791-2-nstange@suse.de (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: jitterentropy - bound collection loop | expand |
Am Dienstag, 30. November 2021, 15:10:07 CET schrieb Nicolai Stange: Hi Nicolai, > A subsequent patch will make the jitterentropy RNG to unconditionally > report health test errors back to callers, independent of whether > fips_enabled is set or not. The DRBG needs access to a functional > jitterentropy instance only in FIPS mode (because it's the only SP800-90B > compliant entropy source as it currently stands). Thus, it is perfectly > fine for the DRBGs to obtain entropy from the jitterentropy source only > on a best effort basis if fips_enabled is off. > > Make the DRBGs to ignore jitterentropy failures if fips_enabled is not set. > > Signed-off-by: Nicolai Stange <nstange@suse.de> Reviewed-by: Stephan Mueller <smueller@chronox.de> Thanks Stephan > --- > crypto/drbg.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/crypto/drbg.c b/crypto/drbg.c > index 5977a72afb03..177983b6ae38 100644 > --- a/crypto/drbg.c > +++ b/crypto/drbg.c > @@ -1193,11 +1193,14 @@ static int drbg_seed(struct drbg_state *drbg, struct > drbg_string *pers, pr_devel("DRBG: (re)seeding with %u bytes of entropy\n", > entropylen); > } else { > - /* Get seed from Jitter RNG */ > + /* > + * Get seed from Jitter RNG, failures are > + * fatal only in FIPS mode. > + */ > ret = crypto_rng_get_bytes(drbg->jent, > entropy + entropylen, > entropylen); > - if (ret) { > + if (fips_enabled && ret) { > pr_devel("DRBG: jent failed with %d\n", ret); > > /* Ciao Stephan
diff --git a/crypto/drbg.c b/crypto/drbg.c index 5977a72afb03..177983b6ae38 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1193,11 +1193,14 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers, pr_devel("DRBG: (re)seeding with %u bytes of entropy\n", entropylen); } else { - /* Get seed from Jitter RNG */ + /* + * Get seed from Jitter RNG, failures are + * fatal only in FIPS mode. + */ ret = crypto_rng_get_bytes(drbg->jent, entropy + entropylen, entropylen); - if (ret) { + if (fips_enabled && ret) { pr_devel("DRBG: jent failed with %d\n", ret); /*
A subsequent patch will make the jitterentropy RNG to unconditionally report health test errors back to callers, independent of whether fips_enabled is set or not. The DRBG needs access to a functional jitterentropy instance only in FIPS mode (because it's the only SP800-90B compliant entropy source as it currently stands). Thus, it is perfectly fine for the DRBGs to obtain entropy from the jitterentropy source only on a best effort basis if fips_enabled is off. Make the DRBGs to ignore jitterentropy failures if fips_enabled is not set. Signed-off-by: Nicolai Stange <nstange@suse.de> --- crypto/drbg.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)