| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Aug 2017 07:48:51 +0000
From: Horia Geantă <horia.geanta@....com>
To: Herbert Xu <herbert@...dor.apana.org.au>
CC: Harald Freudenberger <freude@...ux.vnet.ibm.com>,
Oleksij Rempel <ore@...gutronix.de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Oleksij Rempel <o.rempel@...gutronix.de>,
"Dan Douglass" <dan.douglass@....com>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"kernel@...gutronix.de" <kernel@...gutronix.de>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH v1] crypto: caam - set hwrng quality level
On 8/3/2017 6:17 AM, Herbert Xu wrote:
> On Wed, Aug 02, 2017 at 02:03:14PM +0000, Horia Geantă wrote:
>>
>> Take CAAM's engine HWRNG: it can work both as a TRNG and as a
>> TRNG-seeded DRBG (that's how it's currently configured).
>> IIUC, both setups are fit as source for the entropy pool.
>
> So which is it? If it's a DRBG then it should not be exposed through
> the hwrng interface. Only TRNG should go through hwrng. DRBGs
> can use the crypto rng API.
Right now it's configured as a DRBG.
If I read correctly, it doesn't matter it's using the internal TRNG for
(automated) seeding, it still shouldn't use hwrng.
This means it's broken since the very beginning:
e24f7c9e87d4 crypto: caam - hwrng support
Thanks,
Horia
Powered by blists - more mailing lists