diff options
author | Stephan Mueller | 2015-04-18 19:36:17 +0200 |
---|---|---|
committer | Herbert Xu | 2015-04-21 09:14:45 +0800 |
commit | 76899a41f830d17affe6f9c58cc4b23ba26f5e00 (patch) | |
tree | bd110a6cb0612d42fcbc0c70517c9be4c4eec0f6 /include/crypto | |
parent | 082eb10ba97449a370e58f746522a4b90bcaee78 (diff) |
crypto: drbg - replace spinlock with mutex
The creation of a shadow copy is intended to only hold a short term
lock. But the drawback is that parallel users have a very similar DRBG
state which only differs by a high-resolution time stamp.
The DRBG will now hold a long term lock. Therefore, the lock is changed
to a mutex which implies that the DRBG can only be used in process
context.
The lock now guards the instantiation as well as the entire DRBG
generation operation. Therefore, multiple callers are fully serialized
when generating a random number.
As the locking is changed to use a long-term lock to avoid such similar
DRBG states, the entire creation and maintenance of a shadow copy can be
removed.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
-rw-r--r-- | include/crypto/drbg.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 5186f750c713..a43a7ed4d9fc 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h @@ -49,7 +49,7 @@ #include <crypto/internal/rng.h> #include <crypto/rng.h> #include <linux/fips.h> -#include <linux/spinlock.h> +#include <linux/mutex.h> #include <linux/list.h> /* @@ -104,7 +104,7 @@ struct drbg_test_data { }; struct drbg_state { - spinlock_t drbg_lock; /* lock around DRBG */ + struct mutex drbg_mutex; /* lock around DRBG */ unsigned char *V; /* internal state 10.1.1.1 1a) */ /* hash: static value 10.1.1.1 1b) hmac / ctr: key */ unsigned char *C; |