From: Joachim Vandersmissen <joachim@jvdsn.com>
To: Eric Biggers <ebiggers@kernel.org>,
linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org,
Stephan Mueller <smueller@chronox.de>,
"Jason A . Donenfeld" <Jason@zx2c4.com>
Subject: Re: [PATCH 20/38] crypto: drbg - Move fixed values into constants
Date: Mon, 20 Apr 2026 11:06:04 -0500 [thread overview]
Message-ID: <f3e2f1d7-e541-45ef-961c-1d32e5dea655@jvdsn.com> (raw)
In-Reply-To: <20260420063422.324906-21-ebiggers@kernel.org>
Hi Eric,
If possible, I suggest using "DRBG_MAX_ADDTL_BYTES" for consistency with
DRBG_MAX_REQUEST_BYTES and avoiding any possible confusion in the future.
Kind regards,
Joachim
On 4/20/26 1:34 AM, Eric Biggers wrote:
> Since only one drbg_core remains, the state length, block length, and
> security strength are now fixed values. Moreover, the maximum request
> length, maximum additional data length, and maximum number of requests
> were all already fixed values.
>
> Simplify the code by just using #defines for all these fixed values.
>
> In drbg_seed_from_random(), take advantage of the constant to define the
> array size. Remove assertions that are no longer useful.
>
> In the case of drbg_blocklen() and drbg_statelen(), replace these with a
> single value DRBG_STATE_LEN, as for HMAC_DRBG they are the same thing.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
> crypto/drbg.c | 183 +++++++++++++++++---------------------------------
> 1 file changed, 61 insertions(+), 122 deletions(-)
>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index 04c798d7a8b6..34a7cbdda1f1 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -89,25 +89,22 @@
> */
>
> #include <crypto/internal/drbg.h>
> #include <crypto/internal/rng.h>
> #include <crypto/hash.h>
> +#include <crypto/sha2.h>
> #include <linux/fips.h>
> #include <linux/kernel.h>
> #include <linux/jiffies.h>
> #include <linux/module.h>
> #include <linux/mutex.h>
> #include <linux/string_choices.h>
> #include <linux/unaligned.h>
>
> struct drbg_state;
> -typedef uint32_t drbg_flag_t;
>
> struct drbg_core {
> - drbg_flag_t flags; /* flags for the cipher */
> - __u8 statelen; /* maximum state length */
> - __u8 blocklen_bytes; /* block size of output in bytes */
> char cra_name[CRYPTO_MAX_ALG_NAME]; /* mapping to kernel crypto API */
> /* kernel crypto API backend cipher name */
> char backend_cra_name[CRYPTO_MAX_ALG_NAME];
> };
>
> @@ -115,10 +112,36 @@ enum drbg_seed_state {
> DRBG_SEED_STATE_UNSEEDED,
> DRBG_SEED_STATE_PARTIAL, /* Seeded with !rng_is_initialized() */
> DRBG_SEED_STATE_FULL,
> };
>
> +/* State length in bytes */
> +#define DRBG_STATE_LEN SHA512_DIGEST_SIZE
> +
> +/* Security strength in bytes */
> +#define DRBG_SEC_STRENGTH (SHA512_DIGEST_SIZE / 2)
> +
> +/*
> + * Maximum number of requests before reseeding is forced.
> + * SP800-90A allows this to be up to 2**48. We use a lower value.
> + */
> +#define DRBG_MAX_REQUESTS (1 << 20)
> +
> +/*
> + * Maximum number of random bytes that can be requested at once.
> + * SP800-90A allows up to 2**19 bits, which is 2**16 bytes.
> + */
> +#define DRBG_MAX_REQUEST_BYTES (1 << 16)
> +
> +/*
> + * Maximum length of additional info and personalization strings, in bytes.
> + * SP800-90A allows up to 2**35 bits, i.e. 2**32 bytes. We use 2**32 - 2 bytes
> + * so that the value never quite completely fills the range of a size_t,
> + * allowing the health check to verify that larger values are rejected.
> + */
> +#define DRBG_MAX_ADDTL (U32_MAX - 1)
> +
> struct drbg_state {
> struct mutex drbg_mutex; /* lock around DRBG */
> unsigned char *V; /* internal state -- 10.1.2.1 1a */
> unsigned char *Vbuf;
> unsigned char *C; /* current key -- 10.1.2.1 1b */
> @@ -134,57 +157,10 @@ struct drbg_state {
> struct crypto_rng *jent;
> const struct drbg_core *core;
> struct drbg_string test_data;
> };
>
> -static inline __u8 drbg_statelen(struct drbg_state *drbg)
> -{
> - if (drbg && drbg->core)
> - return drbg->core->statelen;
> - return 0;
> -}
> -
> -static inline __u8 drbg_blocklen(struct drbg_state *drbg)
> -{
> - if (drbg && drbg->core)
> - return drbg->core->blocklen_bytes;
> - return 0;
> -}
> -
> -static inline size_t drbg_max_request_bytes(struct drbg_state *drbg)
> -{
> - /* SP800-90A requires the limit 2**19 bits, but we return bytes */
> - return (1 << 16);
> -}
> -
> -/*
> - * SP800-90A allows implementations to support additional info / personalization
> - * strings of up to 2**35 bits. Implementations can have a smaller maximum. We
> - * use 2**35 - 16 bits == U32_MAX - 1 bytes so that the max + 1 always fits in a
> - * size_t, allowing drbg_healthcheck_sanity() to verify its enforcement.
> - */
> -static inline size_t drbg_max_addtl(struct drbg_state *drbg)
> -{
> - return U32_MAX - 1;
> -}
> -
> -static inline size_t drbg_max_requests(struct drbg_state *drbg)
> -{
> - /* SP800-90A requires 2**48 maximum requests before reseeding */
> - return (1<<20);
> -}
> -
> -/* DRBG type flags */
> -#define DRBG_HMAC ((drbg_flag_t)1<<1)
> -#define DRBG_TYPE_MASK DRBG_HMAC
> -/* DRBG strength flags */
> -#define DRBG_STRENGTH128 ((drbg_flag_t)1<<3)
> -#define DRBG_STRENGTH192 ((drbg_flag_t)1<<4)
> -#define DRBG_STRENGTH256 ((drbg_flag_t)1<<5)
> -#define DRBG_STRENGTH_MASK (DRBG_STRENGTH128 | DRBG_STRENGTH192 | \
> - DRBG_STRENGTH256)
> -
> enum drbg_prefixes {
> DRBG_PREFIX0 = 0x00,
> DRBG_PREFIX1,
> };
>
> @@ -199,46 +175,17 @@ enum drbg_prefixes {
> *
> * Thus, the favored DRBGs are the latest entries in this array.
> */
> static const struct drbg_core drbg_cores[] = {
> {
> - .flags = DRBG_HMAC | DRBG_STRENGTH256,
> - .statelen = 64, /* block length of cipher */
> - .blocklen_bytes = 64,
> .cra_name = "hmac_sha512",
> .backend_cra_name = "hmac(sha512)",
> },
> };
>
> static int drbg_uninstantiate(struct drbg_state *drbg);
>
> -/******************************************************************
> - * Generic helper functions
> - ******************************************************************/
> -
> -/*
> - * Return strength of DRBG according to SP800-90A section 8.4
> - *
> - * @flags DRBG flags reference
> - *
> - * Return: normalized strength in *bytes* value or 32 as default
> - * to counter programming errors
> - */
> -static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
> -{
> - switch (flags & DRBG_STRENGTH_MASK) {
> - case DRBG_STRENGTH128:
> - return 16;
> - case DRBG_STRENGTH192:
> - return 24;
> - case DRBG_STRENGTH256:
> - return 32;
> - default:
> - return 32;
> - }
> -}
> -
> /******************************************************************
> * HMAC DRBG functions
> ******************************************************************/
>
> static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval,
> @@ -261,24 +208,24 @@ static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed,
> LIST_HEAD(seedlist);
> LIST_HEAD(vdatalist);
>
> if (!reseed) {
> /* 10.1.2.3 step 2 -- memset(0) of C is implicit with kzalloc */
> - memset(drbg->V, 1, drbg_statelen(drbg));
> + memset(drbg->V, 1, DRBG_STATE_LEN);
> drbg_kcapi_hmacsetkey(drbg, drbg->C);
> }
>
> - drbg_string_fill(&seed1, drbg->V, drbg_statelen(drbg));
> + drbg_string_fill(&seed1, drbg->V, DRBG_STATE_LEN);
> list_add_tail(&seed1.list, &seedlist);
> /* buffer of seed2 will be filled in for loop below with one byte */
> drbg_string_fill(&seed2, NULL, 1);
> list_add_tail(&seed2.list, &seedlist);
> /* input data of seed is allowed to be NULL at this point */
> if (seed)
> list_splice_tail(seed, &seedlist);
>
> - drbg_string_fill(&vdata, drbg->V, drbg_statelen(drbg));
> + drbg_string_fill(&vdata, drbg->V, DRBG_STATE_LEN);
> list_add_tail(&vdata.list, &vdatalist);
> for (i = 2; 0 < i; i--) {
> /* first round uses 0x0, second 0x1 */
> unsigned char prefix = DRBG_PREFIX0;
> if (1 == i)
> @@ -319,20 +266,20 @@ static int drbg_hmac_generate(struct drbg_state *drbg,
> ret = drbg_hmac_update(drbg, addtl, 1);
> if (ret)
> return ret;
> }
>
> - drbg_string_fill(&data, drbg->V, drbg_statelen(drbg));
> + drbg_string_fill(&data, drbg->V, DRBG_STATE_LEN);
> list_add_tail(&data.list, &datalist);
> while (len < buflen) {
> unsigned int outlen = 0;
> /* 10.1.2.5 step 4.1 */
> ret = drbg_kcapi_hash(drbg, drbg->V, &datalist);
> if (ret)
> return ret;
> - outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
> - drbg_blocklen(drbg) : (buflen - len);
> + outlen = (DRBG_STATE_LEN < (buflen - len)) ?
> + DRBG_STATE_LEN : (buflen - len);
>
> /* 10.1.2.5 step 4.2 */
> memcpy(buf + len, drbg->V, outlen);
> len += outlen;
> }
> @@ -375,11 +322,11 @@ static inline int __drbg_seed(struct drbg_state *drbg, struct list_head *seed,
> case DRBG_SEED_STATE_FULL:
> /*
> * Seed source has become fully initialized, frequent
> * reseeds no longer required.
> */
> - drbg->reseed_threshold = drbg_max_requests(drbg);
> + drbg->reseed_threshold = DRBG_MAX_REQUESTS;
> break;
> }
>
> return ret;
> }
> @@ -387,25 +334,21 @@ static inline int __drbg_seed(struct drbg_state *drbg, struct list_head *seed,
> static int drbg_seed_from_random(struct drbg_state *drbg)
> __must_hold(&drbg->drbg_mutex)
> {
> struct drbg_string data;
> LIST_HEAD(seedlist);
> - unsigned int entropylen = drbg_sec_strength(drbg->core->flags);
> - unsigned char entropy[32];
> + unsigned char entropy[DRBG_SEC_STRENGTH];
> int ret;
>
> - BUG_ON(!entropylen);
> - BUG_ON(entropylen > sizeof(entropy));
> -
> - drbg_string_fill(&data, entropy, entropylen);
> + drbg_string_fill(&data, entropy, DRBG_SEC_STRENGTH);
> list_add_tail(&data.list, &seedlist);
>
> - get_random_bytes(entropy, entropylen);
> + get_random_bytes(entropy, DRBG_SEC_STRENGTH);
>
> ret = __drbg_seed(drbg, &seedlist, true, DRBG_SEED_STATE_FULL);
>
> - memzero_explicit(entropy, entropylen);
> + memzero_explicit(entropy, DRBG_SEC_STRENGTH);
> return ret;
> }
>
> static bool drbg_nopr_reseed_interval_elapsed(struct drbg_state *drbg)
> {
> @@ -442,17 +385,17 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
> bool reseed)
> __must_hold(&drbg->drbg_mutex)
> {
> int ret;
> unsigned char entropy[((32 + 16) * 2)];
> - unsigned int entropylen = drbg_sec_strength(drbg->core->flags);
> + unsigned int entropylen;
> struct drbg_string data1;
> LIST_HEAD(seedlist);
> enum drbg_seed_state new_seed_state = DRBG_SEED_STATE_FULL;
>
> /* 9.1 / 9.2 / 9.3.1 step 3 */
> - if (pers && pers->len > (drbg_max_addtl(drbg))) {
> + if (pers && pers->len > DRBG_MAX_ADDTL) {
> pr_devel("DRBG: personalization string too long %zu\n",
> pers->len);
> return -EINVAL;
> }
>
> @@ -467,13 +410,14 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
> * to the entropy. A nonce must be at least 1/2 of the security
> * strength of the DRBG in size. Thus, entropy + nonce is 3/2
> * of the strength. The consideration of a nonce is only
> * applicable during initial seeding.
> */
> - BUG_ON(!entropylen);
> if (!reseed)
> - entropylen = ((entropylen + 1) / 2) * 3;
> + entropylen = ((DRBG_SEC_STRENGTH + 1) / 2) * 3;
> + else
> + entropylen = DRBG_SEC_STRENGTH;
> BUG_ON((entropylen * 2) > sizeof(entropy));
>
> /* Get seed from in-kernel /dev/urandom */
> if (!rng_is_initialized())
> new_seed_state = DRBG_SEED_STATE_PARTIAL;
> @@ -529,18 +473,18 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
> list_add_tail(&pers->list, &seedlist);
> pr_devel("DRBG: using personalization string\n");
> }
>
> if (!reseed) {
> - memset(drbg->V, 0, drbg_statelen(drbg));
> - memset(drbg->C, 0, drbg_statelen(drbg));
> + memset(drbg->V, 0, DRBG_STATE_LEN);
> + memset(drbg->C, 0, DRBG_STATE_LEN);
> }
>
> ret = __drbg_seed(drbg, &seedlist, reseed, new_seed_state);
>
> out:
> - memzero_explicit(entropy, entropylen * 2);
> + memzero_explicit(entropy, sizeof(entropy));
>
> return ret;
> }
>
> /* Free all substructures in a DRBG state without the DRBG state structure */
> @@ -568,17 +512,17 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
>
> ret = drbg_init_hash_kernel(drbg);
> if (ret < 0)
> goto err;
>
> - drbg->Vbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL);
> + drbg->Vbuf = kmalloc(DRBG_STATE_LEN + ret, GFP_KERNEL);
> if (!drbg->Vbuf) {
> ret = -ENOMEM;
> goto fini;
> }
> drbg->V = PTR_ALIGN(drbg->Vbuf, ret + 1);
> - drbg->Cbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL);
> + drbg->Cbuf = kmalloc(DRBG_STATE_LEN + ret, GFP_KERNEL);
> if (!drbg->Cbuf) {
> ret = -ENOMEM;
> goto fini;
> }
> drbg->C = PTR_ALIGN(drbg->Cbuf, ret + 1);
> @@ -628,24 +572,23 @@ static int drbg_generate(struct drbg_state *drbg,
> pr_devel("DRBG: wrong format of additional information\n");
> return -EINVAL;
> }
>
> /* 9.3.1 step 2 */
> - len = -EINVAL;
> - if (buflen > (drbg_max_request_bytes(drbg))) {
> + if (buflen > DRBG_MAX_REQUEST_BYTES) {
> pr_devel("DRBG: requested random numbers too large %u\n",
> buflen);
> - goto err;
> + return -EINVAL;
> }
>
> /* 9.3.1 step 3 is implicit with the chosen DRBG */
>
> /* 9.3.1 step 4 */
> - if (addtl && addtl->len > (drbg_max_addtl(drbg))) {
> + if (addtl && addtl->len > DRBG_MAX_ADDTL) {
> pr_devel("DRBG: additional information string too long %zu\n",
> addtl->len);
> - goto err;
> + return -EINVAL;
> }
> /* 9.3.1 step 5 is implicit with the chosen DRBG */
>
> /*
> * 9.3.1 step 6 and 9 supplemented by 9.3.2 step c is implemented
> @@ -721,12 +664,12 @@ static int drbg_generate_long(struct drbg_state *drbg,
> unsigned int len = 0;
> unsigned int slice = 0;
> do {
> int err = 0;
> unsigned int chunk = 0;
> - slice = ((buflen - len) / drbg_max_request_bytes(drbg));
> - chunk = slice ? drbg_max_request_bytes(drbg) : (buflen - len);
> + slice = (buflen - len) / DRBG_MAX_REQUEST_BYTES;
> + chunk = slice ? DRBG_MAX_REQUEST_BYTES : (buflen - len);
> mutex_lock(&drbg->drbg_mutex);
> err = drbg_generate(drbg, buf + len, chunk, addtl);
> mutex_unlock(&drbg->drbg_mutex);
> if (0 > err)
> return err;
> @@ -783,22 +726,21 @@ static int drbg_instantiate(struct drbg_state *drbg, struct drbg_string *pers,
>
> /* 9.1 step 1 is implicit with the selected DRBG type */
>
> /*
> * 9.1 step 2 is implicit as caller can select prediction resistance
> - * and the flag is copied into drbg->flags --
> * all DRBG types support prediction resistance
> */
>
> - /* 9.1 step 4 is implicit in drbg_sec_strength */
> + /* 9.1 step 4 is implicit in DRBG_SEC_STRENGTH */
>
> if (!drbg->core) {
> drbg->core = &drbg_cores[coreref];
> drbg->pr = pr;
> drbg->seeded = DRBG_SEED_STATE_UNSEEDED;
> drbg->last_seed_time = 0;
> - drbg->reseed_threshold = drbg_max_requests(drbg);
> + drbg->reseed_threshold = DRBG_MAX_REQUESTS;
>
> ret = drbg_alloc_state(drbg);
> if (ret)
> goto unlock;
>
> @@ -882,11 +824,11 @@ static int drbg_init_hash_kernel(struct drbg_state *drbg)
> if (IS_ERR(tfm)) {
> pr_info("DRBG: could not allocate digest TFM handle: %s\n",
> drbg->core->backend_cra_name);
> return PTR_ERR(tfm);
> }
> - BUG_ON(drbg_blocklen(drbg) != crypto_shash_digestsize(tfm));
> + BUG_ON(DRBG_STATE_LEN != crypto_shash_digestsize(tfm));
> sdesc = kzalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
> GFP_KERNEL);
> if (!sdesc) {
> crypto_free_shash(tfm);
> return -ENOMEM;
> @@ -912,11 +854,11 @@ static int drbg_fini_hash_kernel(struct drbg_state *drbg)
> static void drbg_kcapi_hmacsetkey(struct drbg_state *drbg,
> const unsigned char *key)
> {
> struct sdesc *sdesc = drbg->priv_data;
>
> - crypto_shash_setkey(sdesc->shash.tfm, key, drbg_statelen(drbg));
> + crypto_shash_setkey(sdesc->shash.tfm, key, DRBG_STATE_LEN);
> }
>
> static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval,
> const struct list_head *in)
> {
> @@ -1058,11 +1000,10 @@ static inline int __init drbg_healthcheck_sanity(void)
> int ret;
> int rc = -EFAULT;
> bool pr = false;
> int coreref = 0;
> struct drbg_string addtl;
> - size_t max_addtllen, max_request_bytes;
>
> /* only perform test in FIPS mode */
> if (!fips_enabled)
> return 0;
>
> @@ -1072,28 +1013,26 @@ static inline int __init drbg_healthcheck_sanity(void)
> if (!drbg)
> return -ENOMEM;
>
> guard(mutex_init)(&drbg->drbg_mutex);
> drbg->core = &drbg_cores[coreref];
> - drbg->reseed_threshold = drbg_max_requests(drbg);
> + drbg->reseed_threshold = DRBG_MAX_REQUESTS;
>
> /*
> * if the following tests fail, it is likely that there is a buffer
> * overflow as buf is much smaller than the requested or provided
> * string lengths -- in case the error handling does not succeed
> * we may get an OOPS. And we want to get an OOPS as this is a
> * grave bug.
> */
>
> - max_addtllen = drbg_max_addtl(drbg);
> - max_request_bytes = drbg_max_request_bytes(drbg);
> - drbg_string_fill(&addtl, buf, max_addtllen + 1);
> + drbg_string_fill(&addtl, buf, DRBG_MAX_ADDTL + 1);
> /* overflow addtllen with additional info string */
> ret = drbg_generate(drbg, buf, OUTBUFLEN, &addtl);
> BUG_ON(ret == 0);
> /* overflow max_bits */
> - ret = drbg_generate(drbg, buf, max_request_bytes + 1, NULL);
> + ret = drbg_generate(drbg, buf, DRBG_MAX_REQUEST_BYTES + 1, NULL);
> BUG_ON(ret == 0);
>
> /* overflow max addtllen with personalization string */
> ret = drbg_seed(drbg, &addtl, false);
> BUG_ON(0 == ret);
next prev parent reply other threads:[~2026-04-20 16:06 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 6:33 [PATCH 00/38] Fix and simplify the NIST DRBG implementation Eric Biggers
2026-04-20 6:33 ` [PATCH 01/38] crypto: drbg - Fix returning success on failure in CTR_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 02/38] crypto: drbg - Fix misaligned writes in CTR_DRBG and HASH_DRBG Eric Biggers
2026-04-20 6:33 ` [PATCH 03/38] crypto: drbg - Fix ineffective sanity check Eric Biggers
2026-04-20 6:33 ` [PATCH 04/38] crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels Eric Biggers
2026-04-20 6:33 ` [PATCH 05/38] crypto: drbg - Fix the fips_enabled priority boost Eric Biggers
2026-04-20 6:33 ` [PATCH 06/38] crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC Eric Biggers
2026-04-20 6:33 ` [PATCH 07/38] crypto: drbg - Remove broken commented-out code Eric Biggers
2026-04-20 6:33 ` [PATCH 08/38] crypto: drbg - Remove unhelpful helper functions Eric Biggers
2026-04-20 6:33 ` [PATCH 09/38] crypto: drbg - Remove obsolete FIPS 140-2 continuous test Eric Biggers
2026-04-20 6:33 ` [PATCH 10/38] crypto: drbg - Fold include/crypto/drbg.h into crypto/drbg.c Eric Biggers
2026-04-20 6:33 ` [PATCH 11/38] crypto: drbg - Remove import of crypto_cipher functions Eric Biggers
2026-04-20 6:33 ` [PATCH 12/38] crypto: drbg - Remove support for CTR_DRBG Eric Biggers
2026-04-20 8:07 ` Geert Uytterhoeven
2026-04-20 14:40 ` Stephan Mueller
2026-04-20 17:47 ` Eric Biggers
2026-04-20 19:54 ` Stephan Mueller
2026-04-20 20:56 ` Eric Biggers
2026-04-20 20:58 ` Stephan Mueller
2026-04-20 6:33 ` [PATCH 13/38] crypto: drbg - Remove support for HASH_DRBG Eric Biggers
2026-04-21 7:21 ` Geert Uytterhoeven
2026-04-20 6:33 ` [PATCH 14/38] crypto: drbg - Flatten the DRBG menu Eric Biggers
2026-04-20 6:33 ` [PATCH 15/38] crypto: testmgr - Add test for drbg_pr_hmac_sha512 Eric Biggers
2026-04-20 16:04 ` Joachim Vandersmissen
2026-04-20 17:06 ` Eric Biggers
2026-04-20 6:34 ` [PATCH 16/38] crypto: testmgr - Update test for drbg_nopr_hmac_sha512 Eric Biggers
2026-04-20 6:34 ` [PATCH 17/38] crypto: drbg - Remove support for HMAC-SHA256 and HMAC-SHA384 Eric Biggers
2026-04-20 6:34 ` [PATCH 18/38] crypto: drbg - Simplify algorithm registration Eric Biggers
2026-04-20 6:34 ` [PATCH 19/38] crypto: drbg - De-virtualize drbg_state_ops Eric Biggers
2026-04-20 6:34 ` [PATCH 20/38] crypto: drbg - Move fixed values into constants Eric Biggers
2026-04-20 16:06 ` Joachim Vandersmissen [this message]
2026-04-20 6:34 ` [PATCH 21/38] crypto: drbg - Embed V and C into struct drbg_state Eric Biggers
2026-04-20 6:34 ` [PATCH 22/38] crypto: drbg - Use HMAC-SHA512 library API Eric Biggers
2026-04-20 6:34 ` [PATCH 23/38] crypto: drbg - Remove drbg_core Eric Biggers
2026-04-20 6:34 ` [PATCH 24/38] crypto: drbg - Install separate seed functions for pr and nopr Eric Biggers
2026-04-20 6:34 ` [PATCH 25/38] crypto: drbg - Move module aliases to end of file Eric Biggers
2026-04-20 6:34 ` [PATCH 26/38] crypto: drbg - Consolidate "instantiate" logic and remove drbg_state::C Eric Biggers
2026-04-20 6:34 ` [PATCH 27/38] crypto: drbg - Eliminate use of 'drbg_string' and lists Eric Biggers
2026-04-20 6:34 ` [PATCH 28/38] crypto: drbg - Simplify drbg_generate_long() and fold into caller Eric Biggers
2026-04-20 6:34 ` [PATCH 29/38] crypto: drbg - Put rng_alg methods in logical order Eric Biggers
2026-04-20 6:34 ` [PATCH 30/38] crypto: drbg - Fold drbg_instantiate() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 31/38] crypto: drbg - Separate "reseed" case in drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 32/38] crypto: drbg - Fold drbg_prepare_hrng() into drbg_kcapi_seed() Eric Biggers
2026-04-20 6:34 ` [PATCH 33/38] crypto: drbg - Simplify "uninstantiate" logic Eric Biggers
2026-04-20 6:34 ` [PATCH 34/38] crypto: drbg - Include get_random_bytes() output in additional input Eric Biggers
2026-04-20 6:34 ` [PATCH 35/38] crypto: drbg - Change DRBG_MAX_REQUESTS to 4096 Eric Biggers
2026-04-20 6:34 ` [PATCH 36/38] crypto: drbg - Remove redundant reseeding based on random.c state Eric Biggers
2026-04-20 16:48 ` Joachim Vandersmissen
2026-04-20 17:25 ` Eric Biggers
2026-04-20 6:34 ` [PATCH 37/38] crypto: drbg - Clean up generation code Eric Biggers
2026-04-20 6:34 ` [PATCH 38/38] crypto: drbg - Clean up loop in drbg_hmac_update() Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f3e2f1d7-e541-45ef-961c-1d32e5dea655@jvdsn.com \
--to=joachim@jvdsn.com \
--cc=Jason@zx2c4.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox