lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <13171794.nZ9L9QUk69@tauon.chronox.de>
Date:   Mon, 30 Oct 2023 11:25:10 +0100
From:   Stephan Mueller <smueller@...onox.de>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        simo Sorce <simo@...hat.com>,
        Dimitri John Ledkov <dimitri.ledkov@...onical.com>
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS
 selftests

Am Sonntag, 29. Oktober 2023, 21:48:22 CET schrieb Dimitri John Ledkov:

Hi Dimitri,

> Update code comment, self test & healthcheck to use HMAC SHA512,
> instead of HMAC SHA256. These changes are in dead-code, or FIPS
> enabled code-paths only and have not effect on usual kernel builds.
> 
> On systems booting in FIPS mode that has the effect of switch sanity
> selftest to HMAC sha512 based (which has been the default DRBG).
> 
> Fixes: 9b7b94683a ("crypto: DRBG - switch to HMAC SHA512 DRBG as default
> DRBG") Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@...onical.com>
> ---
>  crypto/drbg.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index b120e2866b..99666193d9 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -111,9 +111,9 @@
>   * as stdrng. Each DRBG receives an increasing cra_priority values the
> later * they are defined in this array (see drbg_fill_array).
>   *
> - * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and
> - * the SHA256 / AES 256 over other ciphers. Thus, the favored
> - * DRBGs are the latest entries in this array.
> + * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and the
> + * HMAC-SHA512 / SHA256 / AES 256 over other ciphers. Thus, the
> + * favored DRBGs are the latest entries in this array.
>   */
>  static const struct drbg_core drbg_cores[] = {
>  #ifdef CONFIG_CRYPTO_DRBG_CTR
> @@ -1475,8 +1475,8 @@ static int drbg_generate(struct drbg_state *drbg,
>  		int err = 0;
>  		pr_devel("DRBG: start to perform self test\n");
>  		if (drbg->core->flags & DRBG_HMAC)
> -			err = alg_test("drbg_pr_hmac_sha256",
> -				       "drbg_pr_hmac_sha256", 0, 0);
> +			err = alg_test("drbg_pr_hmac_sha512",
> +				       "drbg_pr_hmac_sha512", 0, 0);
>  		else if (drbg->core->flags & DRBG_CTR)
>  			err = alg_test("drbg_pr_ctr_aes256",
>  				       "drbg_pr_ctr_aes256", 0, 0);
> @@ -2023,7 +2023,7 @@ static inline int __init drbg_healthcheck_sanity(void)
> drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr);
>  #endif
>  #ifdef CONFIG_CRYPTO_DRBG_HMAC
> -	drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr);
> +	drbg_convert_tfm_core("drbg_nopr_hmac_sha512", &coreref, &pr);
>  #endif
> 
>  	drbg = kzalloc(sizeof(struct drbg_state), GFP_KERNEL);

Reviewed-by: Stephan Mueller <smueller@...onox.de>

Ciao
Stephan


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ