| Message ID | 20171205124214.31263-1-l.stelmach@samsung.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
Am Dienstag, 5. Dezember 2017, 13:42:14 CET schrieb Łukasz Stelmach: Hi Łukasz, > exynos-rng is one of many implementations of stdrng. With priority as > low as 100 it isn't selected, if software implementations (DRBG) are > available. What about using 300? The reason is the following: in the normal case, the software PRNGs have 100 (X9.31) and 200 (SP800-90A DRBG). Thus, in normal case, the hardware takes precedence. In FIPS mode, the DRBG prio is increased by 200. As in FIPS mode you must have a DRBG and assuming that the hardware does not implement a DRBG, the software DRBG should be used as otherwise you have a FIPS-problem. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c index 0bf07a655813..3c514eaae9dc 100644 --- a/drivers/crypto/exynos-rng.c +++ b/drivers/crypto/exynos-rng.c @@ -259,7 +259,7 @@ static struct rng_alg exynos_rng_alg = { .base = { .cra_name = "stdrng", .cra_driver_name = "exynos_rng", - .cra_priority = 100, + .cra_priority = 1000, .cra_ctxsize = sizeof(struct exynos_rng_ctx), .cra_module = THIS_MODULE, .cra_init = exynos_rng_kcapi_init,
exynos-rng is one of many implementations of stdrng. With priority as low as 100 it isn't selected, if software implementations (DRBG) are available. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com> --- If not 1000, what is the best value, what is the policy? drivers/crypto/exynos-rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)