bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

crypto: rng - Make crypto_stdrng_get_bytes() use normal RNG in non-FIPS mode

Browse Source 
"stdrng" is needed only in "FIPS mode".  Therefore, make
crypto_stdrng_get_bytes() delegate to either the normal Linux RNG or to
"stdrng", depending on the current mode.

This will eliminate the need to built the SP800-90A DRBG and its
dependencies into CRYPTO_FIPS=n kernels.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers
2026-03-25 17:15:05 -07:00
committed by Herbert Xu
parent bdd2cc93bf
commit 65b3c2f627
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/rng.c
View File

@@ -142,7 +142,7 @@ static void crypto_put_default_rng(void)
mutex_unlock(&crypto_default_rng_lock);
}
int crypto_stdrng_get_bytes(void *buf, unsigned int len)
int __crypto_stdrng_get_bytes(void *buf, unsigned int len)
{
int err;
@@ -154,7 +154,7 @@ int crypto_stdrng_get_bytes(void *buf, unsigned int len)
crypto_put_default_rng();
return err;
}
EXPORT_SYMBOL_GPL(crypto_stdrng_get_bytes);
EXPORT_SYMBOL_GPL(__crypto_stdrng_get_bytes);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
int crypto_del_default_rng(void)

15
include/crypto/rng.h
View File

@@ -12,6 +12,8 @@
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
#include <linux/fips.h>
#include <linux/random.h>
struct crypto_rng;
@@ -57,18 +59,27 @@ struct crypto_rng {
struct crypto_tfm base;
};
int __crypto_stdrng_get_bytes(void *buf, unsigned int len);
/**
* crypto_stdrng_get_bytes() - get cryptographically secure random bytes
* @buf: output buffer holding the random numbers
* @len: length of the output buffer
*
* This function fills the caller-allocated buffer with random numbers using the
* highest-priority "stdrng" algorithm in the crypto_rng subsystem.
* normal Linux RNG if fips_enabled=0, or the highest-priority "stdrng"
* algorithm in the crypto_rng subsystem if fips_enabled=1.
*
* Context: May sleep
* Return: 0 function was successful; < 0 if an error occurred
*/
int crypto_stdrng_get_bytes(void *buf, unsigned int len);
static inline int crypto_stdrng_get_bytes(void *buf, unsigned int len)
{
might_sleep();
if (fips_enabled)
return __crypto_stdrng_get_bytes(buf, len);
return get_random_bytes_wait(buf, len);
}
/**
* DOC: Random number generator API