diff options
| author | Stephan Mueller <smueller@chronox.de> | 2016-08-09 15:02:36 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2016-08-16 05:20:19 -0400 |
| commit | d89a67134fcc7e863530624fe5a88dde0159cfb8 (patch) | |
| tree | 3c4e658292ecb86f636d57e72b7128acc54524f2 | |
| parent | c5f91cde6ba3e16772bca3885a3d51db73ed6a97 (diff) | |
crypto: drbg - do not call drbg_instantiate in healt test
When calling the DRBG health test in FIPS mode, the Jitter RNG is not
yet present in the kernel crypto API which will cause the instantiation
to fail and thus the health test to fail.
As the health tests cover the enforcement of various thresholds, invoke
the functions that are supposed to enforce the thresholds directly.
This patch also saves precious seed.
Reported-by: Tapas Sarangi <TSarangi@trustwave.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | crypto/drbg.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c index f752da3a7c75..edf3ce04e87f 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c | |||
| @@ -1917,6 +1917,8 @@ static inline int __init drbg_healthcheck_sanity(void) | |||
| 1917 | return -ENOMEM; | 1917 | return -ENOMEM; |
| 1918 | 1918 | ||
| 1919 | mutex_init(&drbg->drbg_mutex); | 1919 | mutex_init(&drbg->drbg_mutex); |
| 1920 | drbg->core = &drbg_cores[coreref]; | ||
| 1921 | drbg->reseed_threshold = drbg_max_requests(drbg); | ||
| 1920 | 1922 | ||
| 1921 | /* | 1923 | /* |
| 1922 | * if the following tests fail, it is likely that there is a buffer | 1924 | * if the following tests fail, it is likely that there is a buffer |
| @@ -1926,12 +1928,6 @@ static inline int __init drbg_healthcheck_sanity(void) | |||
| 1926 | * grave bug. | 1928 | * grave bug. |
| 1927 | */ | 1929 | */ |
| 1928 | 1930 | ||
| 1929 | /* get a valid instance of DRBG for following tests */ | ||
| 1930 | ret = drbg_instantiate(drbg, NULL, coreref, pr); | ||
| 1931 | if (ret) { | ||
| 1932 | rc = ret; | ||
| 1933 | goto outbuf; | ||
| 1934 | } | ||
| 1935 | max_addtllen = drbg_max_addtl(drbg); | 1931 | max_addtllen = drbg_max_addtl(drbg); |
| 1936 | max_request_bytes = drbg_max_request_bytes(drbg); | 1932 | max_request_bytes = drbg_max_request_bytes(drbg); |
| 1937 | drbg_string_fill(&addtl, buf, max_addtllen + 1); | 1933 | drbg_string_fill(&addtl, buf, max_addtllen + 1); |
| @@ -1941,10 +1937,9 @@ static inline int __init drbg_healthcheck_sanity(void) | |||
| 1941 | /* overflow max_bits */ | 1937 | /* overflow max_bits */ |
| 1942 | len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL); | 1938 | len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL); |
| 1943 | BUG_ON(0 < len); | 1939 | BUG_ON(0 < len); |
| 1944 | drbg_uninstantiate(drbg); | ||
| 1945 | 1940 | ||
| 1946 | /* overflow max addtllen with personalization string */ | 1941 | /* overflow max addtllen with personalization string */ |
| 1947 | ret = drbg_instantiate(drbg, &addtl, coreref, pr); | 1942 | ret = drbg_seed(drbg, &addtl, false); |
| 1948 | BUG_ON(0 == ret); | 1943 | BUG_ON(0 == ret); |
| 1949 | /* all tests passed */ | 1944 | /* all tests passed */ |
| 1950 | rc = 0; | 1945 | rc = 0; |
| @@ -1952,9 +1947,7 @@ static inline int __init drbg_healthcheck_sanity(void) | |||
| 1952 | pr_devel("DRBG: Sanity tests for failure code paths successfully " | 1947 | pr_devel("DRBG: Sanity tests for failure code paths successfully " |
| 1953 | "completed\n"); | 1948 | "completed\n"); |
| 1954 | 1949 | ||
| 1955 | drbg_uninstantiate(drbg); | 1950 | kfree(drbg); |
| 1956 | outbuf: | ||
| 1957 | kzfree(drbg); | ||
| 1958 | return rc; | 1951 | return rc; |
| 1959 | } | 1952 | } |
| 1960 | 1953 | ||