superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: rng - Make crypto_stdrng_get_bytes() use normal RNG in non-FIPS mode 

"stdrng" is needed only in "FIPS mode".  Therefore, make
crypto_stdrng_get_bytes() delegate to either the normal Linux RNG or to
"stdrng", depending on the current mode.

This will eliminate the need to built the SP800-90A DRBG and its
dependencies into CRYPTO_FIPS=n kernels.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
master
Eric Biggers 2026-03-25 17:15:05 -07:00 committed by Herbert Xu
parent bdd2cc93bf
commit 65b3c2f627
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/rng.c
View File

@ -142,7 +142,7 @@ static void crypto_put_default_rng(void)
mutex_unlock(&crypto_default_rng_lock); mutex_unlock(&crypto_default_rng_lock);
} }
int crypto_stdrng_get_bytes(void *buf, unsigned int len) int __crypto_stdrng_get_bytes(void *buf, unsigned int len)
{ {
int err; int err;
@ -154,7 +154,7 @@ int crypto_stdrng_get_bytes(void *buf, unsigned int len)
crypto_put_default_rng(); crypto_put_default_rng();
return err; return err;
} }
EXPORT_SYMBOL_GPL(crypto_stdrng_get_bytes); EXPORT_SYMBOL_GPL(__crypto_stdrng_get_bytes);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE) #if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
int crypto_del_default_rng(void) int crypto_del_default_rng(void)

15
include/crypto/rng.h
View File

@ -12,6 +12,8 @@
#include <linux/atomic.h> #include <linux/atomic.h>
#include <linux/container_of.h> #include <linux/container_of.h>
#include <linux/crypto.h> #include <linux/crypto.h>
#include <linux/fips.h>
#include <linux/random.h>
struct crypto_rng; struct crypto_rng;
@ -57,18 +59,27 @@ struct crypto_rng {
struct crypto_tfm base; struct crypto_tfm base;
}; };
int __crypto_stdrng_get_bytes(void *buf, unsigned int len);
/** /**
* crypto_stdrng_get_bytes() - get cryptographically secure random bytes * crypto_stdrng_get_bytes() - get cryptographically secure random bytes
* @buf: output buffer holding the random numbers * @buf: output buffer holding the random numbers
* @len: length of the output buffer * @len: length of the output buffer
* *
* This function fills the caller-allocated buffer with random numbers using the * This function fills the caller-allocated buffer with random numbers using the
* highest-priority "stdrng" algorithm in the crypto_rng subsystem. * normal Linux RNG if fips_enabled=0, or the highest-priority "stdrng"
* algorithm in the crypto_rng subsystem if fips_enabled=1.
* *
* Context: May sleep * Context: May sleep
* Return: 0 function was successful; < 0 if an error occurred * Return: 0 function was successful; < 0 if an error occurred
*/ */
int crypto_stdrng_get_bytes(void *buf, unsigned int len); static inline int crypto_stdrng_get_bytes(void *buf, unsigned int len)
{
might_sleep();
if (fips_enabled)
return __crypto_stdrng_get_bytes(buf, len);
return get_random_bytes_wait(buf, len);
}
/** /**
* DOC: Random number generator API * DOC: Random number generator API