summaryrefslogtreecommitdiff
path: root/include/crypto
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2015-04-18 19:36:17 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2015-04-21 09:14:45 +0800
commit76899a41f830d17affe6f9c58cc4b23ba26f5e00 (patch)
treebd110a6cb0612d42fcbc0c70517c9be4c4eec0f6 /include/crypto
parent082eb10ba97449a370e58f746522a4b90bcaee78 (diff)
crypto: drbg - replace spinlock with mutex
The creation of a shadow copy is intended to only hold a short term lock. But the drawback is that parallel users have a very similar DRBG state which only differs by a high-resolution time stamp. The DRBG will now hold a long term lock. Therefore, the lock is changed to a mutex which implies that the DRBG can only be used in process context. The lock now guards the instantiation as well as the entire DRBG generation operation. Therefore, multiple callers are fully serialized when generating a random number. As the locking is changed to use a long-term lock to avoid such similar DRBG states, the entire creation and maintenance of a shadow copy can be removed. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/drbg.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
index 5186f750c713..a43a7ed4d9fc 100644
--- a/include/crypto/drbg.h
+++ b/include/crypto/drbg.h
@@ -49,7 +49,7 @@
#include <crypto/internal/rng.h>
#include <crypto/rng.h>
#include <linux/fips.h>
-#include <linux/spinlock.h>
+#include <linux/mutex.h>
#include <linux/list.h>
/*
@@ -104,7 +104,7 @@ struct drbg_test_data {
};
struct drbg_state {
- spinlock_t drbg_lock; /* lock around DRBG */
+ struct mutex drbg_mutex; /* lock around DRBG */
unsigned char *V; /* internal state 10.1.1.1 1a) */
/* hash: static value 10.1.1.1 1b) hmac / ctr: key */
unsigned char *C;