Re: [PATCH] crypto: force reset of cprng on allocation

From: Herbert Xu
Date: Tue Jan 27 2009 - 23:21:21 EST

Next message: Oleg Nesterov: "Re: [PATCH, RFC] Remove fasync() BKL usage, take 3325"
Previous message: Herbert Xu: "Re: [PATCH] crypto: Force panic on continuous CPRNG test failurewhen in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 23, 2009 at 11:50:27AM -0500, Neil Horman wrote:
> pseudo RNGs provide predictable outputs based on input parateters {key, V, DT},
> the idea behind them is that only the user should know what the inputs are.
> While its nice to have default known values for testing purposes, it seems
> dangerous to allow the use of those default values without some sort of safety
> measure in place, lest an attacker easily guess the output of the cprng. This
> patch forces the NEED_RESET flag on when allocating a cprng context, so that any
> user is forced to reseed it before use. The defaults can still be used for
> testing, but this will prevent their inadvertent use, and be more secure.
>
> Signed-off-by: Neil Horman <nhorman@xxxxxxxxxx>

Applied to cryptodev. Thanks Neil!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "Re: [PATCH, RFC] Remove fasync() BKL usage, take 3325"
Previous message: Herbert Xu: "Re: [PATCH] crypto: Force panic on continuous CPRNG test failurewhen in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]