On 05.09.2011 04:36:29, +0200, Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
On Fri, Sep 2, 2011 at 10:37 PM, Jarod Wilson ja...@redhat.com wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
On 07.09.2011 23:18:58, +0200, Ted Ts'o ty...@mit.edu wrote:
Hi Ted,
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
When a system is underattack, do you really want to be using a PRNG
for anything like seeding openssl? Because a PRNG is what urandom
degrades into when its
On 10.02.2013 19:50:02, +0100, Theodore Ts'o ty...@mit.edu wrote:
Hi Ted,
On Sun, Feb 10, 2013 at 01:46:18PM +0100, Stephan Mueller wrote:
However, the CPU has timing jitter in the execution of instruction. And
I try to harvest that jitter. The good thing is that this jitter is
always present
On 21.02.2013 15:07:12, +0100, Phil Carmody pc+l...@asdf.org wrote:
Hi Phil,
Apologies if this is misthreaded, I had to hand-craft the headers.
The patch offers an entropy generator based on CPU timing jitter. The
entropy collector has the following properties:
* it does not maintain any
the documentation are available at the
web site as well.
Note: for the kernel crypto API, please read the provided Kconfig file
for the switches and which of them are recommended in regular
operation. These switches must currently be set manually in the
Makefile.
Ciao
Stephan
Signed-off-by: Stephan Mueller smuel
On Tue, 21 May 2013 12:09:02 -0400
Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
I very much like the basic notion here. The existing random(4) driver
may not get enough entropy in a VM or on a device like a Linux router
and I think work such as yours or HAVEGE (
On Tue, 21 May 2013 17:39:49 -0400
Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
On Tue, May 21, 2013 at 3:01 PM, Theodore Ts'o ty...@mit.edu wrote:
I continue to be suspicious about claims that userspace timing
measurements are measuring anything other than OS behaviour.
Yes,
On Wed, 22 May 2013 13:40:04 -0400
Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
Stephan Mueller smuel...@chronox.de wrote:
Ted is right that the non-deterministic behavior is caused by the OS
due to its complexity. ...
For VM's, it means we should definitely use
used as a
fallback.
The patch is tested with 3.9.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
diff -urNp linux-3.9.orig/drivers/char/Makefile linux-3.9/drivers/char/Makefile
--- linux-3.9.orig/drivers/char/Makefile2013-05-22 20:55:58.547094987
+0200
+++ linux-3.9/drivers/char
Hi Sandy, Ted,
(this is a reply to [3])
I prepared a new release of the CPU Jitter RNG available at [1]. The
core of the RNG remains unchanged. However, there are the following
changes:
- addition of a patch to integrate the RNG into /dev/random as explained
in appendix B.3 of [2], although
Am Sonntag, 18. August 2013, 20:05:52 schrieb Stephan Mueller:
Hi Ted, Sandy,
For FIPS 140-2, there is currently a draft of an Implementation Guidance
discussed covering the requirements of seed sources for deterministic
random number generators. The standard seed source when having
Hi Ted,
(this is a reply to [3] and possibly an addition to your blog [4])
I prepared a new release of the CPU Jitter RNG available at [1]. The
core of the RNG remains unchanged. However, there are the following
changes:
- addition of a patch to integrate the RNG into /dev/random as explained
Am Freitag, 11. Oktober 2013, 23:28:35 schrieb Theodore Ts'o:
Hi Theodore,
Hi Stephan,
I haven't had a chance to look at your paper in detail, yet, but a
quick scan has found a huge red flag for me that puts the rest of your
analysis in severe doubt for me.
You say that you got really good
Am Montag, 14. Oktober 2013, 09:38:34 schrieb Sandy Harris:
Hi Sandy,
Stephan Mueller smuel...@chronox.de wrote:
If what you are doing is not a parity computation, then you need a
better description so people like me do not misread it.
It is not a parity computation that the folding loop
Am Montag, 14. Oktober 2013, 16:12:24 schrieb Stephan Mueller:
Hi Sandy,
(PS: I am aware that in case none of the individual bits would contain
one full bit of entropy, the folding operation may --mathematically
spoken-- not deliver one full bit of entropy. However, after speaking
Am Montag, 14. Oktober 2013, 10:14:00 schrieb Sandy Harris:
Hi Sandy,
On Mon, Oct 14, 2013 at 9:38 AM, Sandy Harris sandyinch...@gmail.com
wrote:
Stephan Mueller smuel...@chronox.de wrote:
Can you please help me understand why you think that a whitening
function (cryptographic
Am Montag, 14. Oktober 2013, 11:18:16 schrieb Sandy Harris:
Hi Sandy,
On Mon, Oct 14, 2013 at 10:40 AM, Stephan Mueller smuel...@chronox.de
wrote:
Another thing: when you start adding whitening functions, other
people
are starting (and did -- thus I added section 4.3 to my
documentation
Am Montag, 14. Oktober 2013, 11:18:16 schrieb Sandy Harris:
Hi Sandy,
Could you please review the following code to see that the mix is
function right in your eyes?
However, having done that, I see no reason not to add mixing.
Using bit() for getting one bit of input and rotl(x) for rotating
Am Freitag, 11. Oktober 2013, 20:38:51 schrieb Stephan Mueller:
Hi Ted,
Hi,
the CPU Jitter RNG [1] is a true random number generator that is
intended to work in user and kernel space equally well on a large
number of different CPUs. The heart of the RNG is about 30 lines of
code. The current
Am Montag, 28. Oktober 2013, 14:06:23 schrieb Henrique de Moraes
Holschuh:
Hi Henrique,
On Mon, 28 Oct 2013, Stephan Mueller wrote:
If it is accepted that the CPU Jitter RNG delivers entropy, the
latter
update may now allow us to get rid of storing the seed file during
shutdown
Am Montag, 28. Oktober 2013, 17:45:49 schrieb Theodore Ts'o:
Hi Theodore,
first of all, thank you for your thoughts.
And, before we continue any discussion, please consider that all the big
testing that is done to analyze the jitter so far did (a) not include
any whitening schema
Am Dienstag, 29. Oktober 2013, 09:24:48 schrieb Theodore Ts'o:
Hi Theodore,
On Tue, Oct 29, 2013 at 09:42:30AM +0100, Stephan Mueller wrote:
Based on this suggestion, I now added the tests in Appendix F.46.8
where I disable the caches and the tests in Appendix F.46.9 where I
disable
Am Dienstag, 29. Oktober 2013, 15:00:31 schrieb Stephan Mueller:
Hi Ted,
Am Dienstag, 29. Oktober 2013, 09:24:48 schrieb Theodore Ts'o:
Hi Theodore,
On Tue, Oct 29, 2013 at 09:42:30AM +0100, Stephan Mueller wrote:
Based on this suggestion, I now added the tests in Appendix F.46.8
where I
Am Samstag, 2. November 2013, 12:01:13 schrieb Pavel Machek:
Hi Pavel,
Hi!
sense of where the unpredictability might be coming from, and
whether
the unpredictability is coming from something which is fundamentally
arising from something which is chaotic or quantum effect, or just
because
Am Sonntag, 3. November 2013, 07:41:35 schrieb Theodore Ts'o:
Hi Theodore,
On Sun, Nov 03, 2013 at 08:20:34AM +0100, Stephan Mueller wrote:
Sandy Harris pointed out a very good paper that I would definitely
recommend that people read:
http://lwn.net/images/conf/rtlws11/random-hardware.pdf
Am Montag, 4. November 2013, 00:32:07 schrieb Pavel Machek:
Hi Pavel,
Hi!
Another friend of mine mentioned that he assumes the rise and fall
times of transistors varies very slightly and could be the main
reason for the jitter. I do not think that this is really the case,
because our gates
Am Dienstag, 5. November 2013, 13:25:40 schrieb Stephan Mueller:
Hi Pavel,
Am Montag, 4. November 2013, 00:32:07 schrieb Pavel Machek:
But they usually _do_ have RTC or other clock, not driven by CPU
oscilator. Good.
What about just
while (!enough_entropy) {
cur_time = read_rtc
Am Dienstag, 5. November 2013, 14:45:58 schrieb Stephan Mueller:
Hi Pavel,
Am Dienstag, 5. November 2013, 13:25:40 schrieb Stephan Mueller:
Hi Pavel,
Am Montag, 4. November 2013, 00:32:07 schrieb Pavel Machek:
But they usually _do_ have RTC or other clock, not driven by CPU
oscilator. Good
Am Dienstag, 5. November 2013, 13:20:57 schrieb Stephan Mueller:
Hi Ted,
Am Sonntag, 3. November 2013, 07:41:35 schrieb Theodore Ts'o:
Hi Theodore,
On Sun, Nov 03, 2013 at 08:20:34AM +0100, Stephan Mueller wrote:
Sandy Harris pointed out a very good paper that I would definitely
recommend
Am Mittwoch, 6. November 2013, 07:43:54 schrieb Theodore Ts'o:
Hi Theodore,
On Wed, Nov 06, 2013 at 12:49:45PM +0100, Stephan Mueller wrote:
Here is a quote from his answer to my question whether he was able to
identify the root cause:
its inherent in the microtiming of Hardware
Am Mittwoch, 6. November 2013, 14:26:35 schrieb Pavel Machek:
Hi Pavel,
Hi!
I plugged that idea into my current Jitter RNG processing and
disabled
the other jitter measurements to get a clear, isolated picture.
The result is also a white noise! And it is even quite fast.
After doing
Am Mittwoch, 6. November 2013, 08:04:32 schrieb Theodore Ts'o:
Hi Theodore,
On Wed, Nov 06, 2013 at 01:51:17PM +0100, Stephan Mueller wrote:
That's unfortunate, since it leaves open the question of whether
this
jitter is something that could be at least somewhat predictable if
you
had a lot
Am Donnerstag, 7. November 2013, 02:03:57 schrieb Nicholas Mc Guire:
Hi Nicholas,
On Wed, 06 Nov 2013, Stephan Mueller wrote:
Am Mittwoch, 6. November 2013, 07:43:54 schrieb Theodore Ts'o:
Hi Theodore,
On Wed, Nov 06, 2013 at 12:49:45PM +0100, Stephan Mueller wrote:
Here is a quote from
Am Samstag, 9. November 2013, 23:04:49 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Mittwoch, 6. November 2013, 08:04:32 schrieb Theodore Ts'o:
On Wed, Nov 06, 2013 at 01:51:17PM +0100, Stephan Mueller wrote:
That's unfortunate, since it leaves open the question
Am Samstag, 9. November 2013, 23:04:07 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Donnerstag, 7. November 2013, 02:03:57 schrieb Nicholas Mc Guire:
On Wed, 06 Nov 2013, Stephan Mueller wrote:
Besides, how on earth shall an attacker even gain knowledge about the
state
Am Sonntag, 10. November 2013, 17:31:07 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Samstag, 9. November 2013, 23:04:49 schrieb Clemens Ladisch:
Stephan Mueller wrote:
Am Mittwoch, 6. November 2013, 08:04:32 schrieb Theodore Ts'o:
On Wed, Nov 06, 2013 at 01:51:17PM
Am Sonntag, 10. November 2013, 21:28:06 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Sonntag, 10. November 2013, 17:31:07 schrieb Clemens Ladisch:
In the case of CPUs, the jitter you observe in delta
times results in part from the complexities of the inner state
Am Dienstag, 29. Oktober 2013, 09:24:48 schrieb Theodore Ts'o:
Hi Theodore,
On Tue, Oct 29, 2013 at 09:42:30AM +0100, Stephan Mueller wrote:
Based on this suggestion, I now added the tests in Appendix F.46.8 where
I disable the caches and the tests in Appendix F.46.9 where I disable
Am Mittwoch, 13. November 2013, 12:51:44 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Sonntag, 10. November 2013, 21:28:06 schrieb Clemens Ladisch:
Many CPUs allow to disable branch prediction, but this is very
vendor
specific (try to find MSR documentation). The biggest
Am Donnerstag, 14. November 2013, 11:51:03 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Mittwoch, 13. November 2013, 12:51:44 schrieb Clemens Ladisch:
(And any setting that increases accesses to main memory is likey to
introduce more entropy due to clock drift between
Am Donnerstag, 14. November 2013, 19:30:22 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Donnerstag, 14. November 2013, 11:51:03 schrieb Clemens Ladisch:
An attacker would not try to detect patterns; he would apply
knowledge
of the internals.
I do not buy that argument
Am Freitag, 10. Januar 2014, 09:13:57 schrieb Clemens Ladisch:
Hi Clemens,
Rafael Aquini wrote:
This patch introduces changes to the random_write method so it can
split the given seed and completely stir the output pools with
different halves of it, when seed lenght allows us doing so.
-
Am Freitag, 10. Januar 2014, 12:37:26 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
Am Freitag, 10. Januar 2014, 09:13:57 schrieb Clemens Ladisch:
Rafael Aquini wrote:
This patch introduces changes to the random_write method so it can
split the given seed and completely stir
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/Makefile b/crypto/Makefile
index b29402a..0d63373 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj-$(CONFIG_CRYPTO_RNG2) += rng.o
obj-$(CONFIG_CRYPTO_RNG2) += krng.o
.
As defined in SP800-131A, the ANSI X9.31 DRNG is to be sunset by the end of
this year for official uses, including FIPS 140-2 compliance.
Additional tests are available at [1].
[1] http://www.chronox.de/drbg.html
Stephan Mueller (6):
SP800-90A Deterministic Random Bit Generator
header file
This is a clean-room implementation of the DRBG defined in SP800-90A.
All three viable DRBGs defined in the standard are implemented:
* HMAC
* Hash
* CTR
Signed-off-by: Stephan Mueller smuel...@chronox.de
create mode 100644 crypto/drbg.c
diff --git a/crypto/drbg.c b
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.
The default is the HMAC DRBG as its code base is smallest.
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/Kconfig b/crypto/Kconfig
index
of SHA-512.
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 7d44aa3..2ee3bba 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -92,6 +92,29 @@ struct cprng_testvec {
unsigned short loops;
};
+struct drbg_testvec
cipher
* getter functions for data from struct drbg_core
Signed-off-by: Stephan Mueller smuel...@chronox.de
create mode 100644 include/crypto/drbg.h
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
new file mode 100644
index 000..16515f9
--- /dev/null
+++ b/include/crypto/drbg.h
not covered with specific test cases.
All currently implemented DRBG types and backend ciphers are definined
in SP800-90A. Therefore, the fips_allowed flag is set for all.
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 7795550..e8cd57c
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
diff --git a/crypto/Makefile b/crypto/Makefile
index b29402a..0d63373 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj-$(CONFIG_CRYPTO_RNG2) += rng.o
obj-$(CONFIG_CRYPTO_RNG2
://www.chronox.de/drbg.html
- Performing tests by obtaining data which is not a multiple of cipher block
size and check it with the ent tool to ensure that the generation loop
does not reuse stale buffers to avoid errors like CVE-2013-4345.
Signed-off-by: Stephan Mueller smuel
of SHA-512.
Changes to v1:
* Fix coding style and apply scripts/checkpatch.pl
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 7d44aa3..1f48312 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -92,6 +92,29 @@ struct
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.
The default is the HMAC DRBG as its code base is smallest.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
diff --git a/crypto/Kconfig b/crypto/Kconfig
index
and backend cipher
* getter functions for data from struct drbg_core
Changes to v1:
* Changes due to modification of drbg.c as documented in PATCH 1
* Fix coding style and apply scripts/checkpatch.pl
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
create mode 100644 include/crypto/drbg.h
diff
/checkpatch.pl
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 7795550..baa6cb7 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -27,6 +27,7 @@
#include linux/slab.h
#include linux/string.h
#include crypto/rng.h
+#include crypto
Am Montag, 17. März 2014, 08:34:06 schrieb Stephan Mueller:
+static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
+ bool reseed)
+{
+ int ret = 0;
+ unsigned char *entropy = NULL;
+ size_t entropylen = 0;
+ struct drbg_string data1
Am Donnerstag, 20. März 2014, 09:12:55 schrieb Clemens Ladisch:
Hi Clemens,
Stephan Mueller wrote:
This is a clean-room implementation of the DRBG defined in SP800-90A.
Why? I guess it's for certification?
As per SP800-131A, the ANSI X9.31 DRNG is sunset by the end of 2014
Changes v4:
* change return codes of generate functions to signed int to convey error
codes and to match the kernel crypto API expecations on the generate
function.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
create mode 100644 include/crypto/drbg.h
diff --git a/include/crypto
Am Freitag, 11. April 2014, 11:20:21 schrieb Joe Perches:
Hi Joe,
It looks like const could be used a bit more often.
For instance:
perhaps uses of key could be changed to const unsigned char *key
Good point. I will try to find areas where const can be used. However, due to
the use of
Am Montag, 14. April 2014, 22:51:05 schrieb Joe Perches:
Hi Joe,
On Tue, 2014-04-15 at 07:35 +0200, Stephan Mueller wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
[]
@@ -0,0 +1,1997 @@
[]
+/***
+ * Backend cipher
Hi,
before I start, please allow me to point out that this email is not a
discussion about entropy. There was already too much such discussion without
any conclusion. This email shall just explore the pros and cons as well as an
implementation of making the logic behind /dev/random available
Am Sonntag, 27. April 2014, 20:19:41 schrieb Theodore Ts'o:
Hi Theodore,
On Sun, Apr 27, 2014 at 08:49:48PM +0200, Stephan Mueller wrote:
With the heavy update of random.c during the 3.13 development, the
re-seeding of the nonblocking_pool from the input_pool is now prevented
Am Montag, 28. April 2014, 10:23:50 schrieb Theodore Ts'o:
Hi Theodore,
I am not too convinced of RDRAND due to the lack of usable source code
(i.e. source code that I can build myself). But that is my personal taste
:-)
The problem is the FIPS validation would presumably require obeying
that is invoked once the
request is completed.
A third API call, get_blocking_random_bytes_cancel, is provided to
cancel the random number gathering operation.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
drivers/char/random.c | 113
fully equally to the blocking and
nonblocking pool with respect to the initialization and update. As now
there are three output pools, the patch adds a round-robin logic for
processing additional entropy when the input_pool is nearly full.
Signed-off-by: Stephan Mueller smuel...@chronox.de
the
collection process is ongoing.
[1] https://lkml.org/lkml/2014/4/27/174
Stephan Mueller (2):
Addition of kernel_pool
Asynchronous and syncronous API for accessing kernel_pool
drivers/char/random.c | 163
+
include/linux/random.h | 16 +
2
Hi Peter,
some time back when the RDRAND instruction was debated, a patch was offered
for driver/char/random.c that in essence turned /dev/random into a frontend
for RDRAND in case that instruction was available. The patch kind of
monopolized the noise sources such that if a user space random
Am Sonntag, 11. Mai 2014, 20:22:28 schrieb H. Peter Anvin:
Hi Peter,
Note, I do not see an issue with the patch that adds RDSEED as part of
add_interrupt_randomness outlined in [2]. The reason is that this patch
does not monopolizes the noise sources.
I do not want to imply that
not covered with specific test cases.
All currently implemented DRBG types and backend ciphers are defined
in SP800-90A. Therefore, the fips_allowed flag is set for all.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/testmgr.c | 248
of SHA-512.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/testmgr.h | 843 +++
1 file changed, 843 insertions(+)
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 3db83db..0030ff5 100644
--- a/crypto/testmgr.h
+++ b/crypto
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/Makefile b/crypto/Makefile
index 38e64231..bfa94fa 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.
The default is the HMAC DRBG as its code base is smallest.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 36
cipher
* getter functions for data from struct drbg_core
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/drbg.h | 291 ++
1 file changed, 291 insertions(+)
create mode 100644 include/crypto/drbg.h
diff --git a/include/crypto
.
As defined in SP800-131A, the ANSI X9.31 DRNG is to be sunset by the end of
this year for official uses, including FIPS 140-2 compliance.
Additional tests including the CAVS test framework are available at [1].
[1] http://www.chronox.de/drbg.html
Stephan Mueller (6):
SP800-90A Deterministic Random
Am Mittwoch, 21. Mai 2014, 06:18:58 schrieb Stephan Mueller:
Hi,
+/*
+ * Tests as defined in 11.3.2 in addition to the cipher tests: testing
+ * of the error handling.
+ *
+ * Note: testing of failing seed source as defined in 11.3.2 is not
applicable + * as seed source of get_random_bytes
Am Samstag, 24. Mai 2014, 05:14:59 schrieb Herbert Xu:
Hi Herbert,
Stephan Mueller smuel...@chronox.de wrote:
Hi,
the following set of patches implements the deterministic random bit
generator (DRBG) specified by SP800-90A.
The DRBG implementation offers the following
Am Samstag, 24. Mai 2014, 05:10:07 schrieb Herbert Xu:
Hi Herbert,
Stephan Mueller smuel...@chronox.de wrote:
+ memset(drbg_algs[i], 0, sizeof(struct crypto_alg));
+ if (pr) {
+ memcpy(drbg_algs[i].cra_name, drbg(pr(, 8);
+ memcpy(drbg_algs[i
The drbg.stdrng kernel command line flag allows the selection of the
DRBG used as stdrng.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
Documentation/kernel-parameters.txt | 10 ++
1 file changed, 10 insertions(+)
diff --git a/Documentation/kernel-parameters.txt
b
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/Makefile b/crypto/Makefile
index 38e64231..bfa94fa 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.
The default is the HMAC DRBG as its code base is smallest.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 36
cipher
* getter functions for data from struct drbg_core
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/drbg.h | 289 ++
1 file changed, 289 insertions(+)
create mode 100644 include/crypto/drbg.h
diff --git a/include/crypto
* rebase patch to 3.15-rc7
Stephan Mueller (7):
SP800-90A Deterministic Random Bit Generator
header file for DRBG
DRBG kernel configuration options
compile the DRBG code
DRBG testmgr test vectors
Add DRBG test code to testmgr
Add documentation of drbg.stdrng
Documentation/kernel
Am Freitag, 30. Mai 2014, 17:05:48 schrieb Herbert Xu:
Hi Herbert,
On Mon, May 26, 2014 at 07:42:57AM +0200, Stephan Mueller wrote:
A second aspect is the implementation of the stdrng. Currently, the
offered
patch does not include the stdrng selection. I am currently working
of SHA-512.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/testmgr.h | 843 +++
1 file changed, 843 insertions(+)
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 3db83db..0030ff5 100644
--- a/crypto/testmgr.h
+++ b/crypto
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.
The default is the HMAC DRBG as its code base is smallest.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 36
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/Makefile b/crypto/Makefile
index 38e64231..bfa94fa 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
obj
is
chosen as stdrng, in non-fips mode, the krng).
Stephan Mueller (6):
SP800-90A Deterministic Random Bit Generator
header file for DRBG
DRBG kernel configuration options
compile the DRBG code
DRBG testmgr test vectors
Add DRBG test code to testmgr
crypto/Kconfig| 36 +-
crypto
Am Freitag, 6. Juni 2014, 13:59:00 schrieb Pavel Machek:
Hi Pavel,
On Mon 2014-05-12 00:36:01, Stephan Mueller wrote:
Hi,
as discussed in thread [1], an in-kernel equivalent to the blocking
/dev/random device behavior is suggested. This in-kernel blocking
access to the RNG can be used
Am Donnerstag, 26. Juni 2014, 14:45:42 schrieb Herbert Xu:
Hi Herbert,
On Wed, Jun 25, 2014 at 05:08:28PM +0800, Herbert Xu wrote:
On Mon, Jun 23, 2014 at 09:11:29AM +0200, Stephan Mueller wrote:
As reported by a static code analyzer, the code for the ordering of
the linked list can
. This information is
provided with the reseed parameter to the update function.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 41 ++---
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index
The initial format strings caused warnings on several architectures. The
updated format strings now match the variable types.
Reported-by: kbuild test robot fengguang...@intel.com
Reported-by: Randy Dunlap rdun...@infradead.org
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c
in favor of an init function reporting the erroneous built of
the DRBG.
Lastly, a fix of the use use of CONFIG_CRYPTO_DRBG_HASH has been
applied.
Reported-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 43
robot fengguang...@intel.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 233 +++---
include/crypto/drbg.h | 7 +-
2 files changed, 128 insertions(+), 112 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index
Hi,
The following patches cover requested changes based on the sparse tool test
run and suggestions by peer reviewers.
In addition, a patch to make the CTR DRBG more efficient is added.
Stephan Mueller (4):
DRBG: use of kernel linked list
DRBG: cleanup of preprocessor macros
DRBG: Fix
Am Sonntag, 29. Juni 2014, 12:24:02 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel...@chronox.de
wrote:
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs
Am Samstag, 28. Juni 2014, 20:53:19 schrieb Joe Perches:
Hi Joe,
On Sun, 2014-06-29 at 05:46 +0200, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:24:02 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
Am Sonntag, 29. Juni 2014, 00:41:22 schrieb Randy Dunlap:
Hi Randy,
On 06/28/14 22:07, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote
Am Sonntag, 29. Juni 2014, 22:52:46 schrieb Fengguang Wu:
Hi Fengguang,
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
May I ask whether there is anything special in your kernel config?
This very bug should have been triggered already in all previous
1 - 100 of 1294 matches
Mail list logo