Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp2637038rdh; Mon, 30 Oct 2023 03:22:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGqvzBqT4F0WCnvi2OHpfxdN86yuz2XE2wN24MQ7EbhHgiPjfhugNRY16oILrOMRBH0y9Fr X-Received: by 2002:a05:6e02:d09:b0:359:445:845e with SMTP id g9-20020a056e020d0900b003590445845emr5994965ilj.18.1698661378871; Mon, 30 Oct 2023 03:22:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698661378; cv=pass; d=google.com; s=arc-20160816; b=wd+GAqj9Nk56PjOoAV13/FePf5socp9ep8+K7u1sMlGnUoYUP7juVCpccThQJZRS8J c6ZRZWks8QqxhvDTHXy/VSuXWTDTMcWDPN4+0dkd153nobqYsn+7ST3vKY5edDoqLQgm mi4dzI9m9P5/g2g3YULEWwCIKBrN8qE7hyEelh0PNxdwkeMyFXhtJluNBk0QL9FioD3i lRb7JsOegAG8HqLOxnCUfz6cZIiqwr9Ae3ZSf+p1Ai4nGGnngT+zB2mWqS37Db4yFNUX Ln5LK9vzwNV11KmywGB+Puhp9jQ6nd+Wck4irKtndFBG5gl0n9YHUmQWGlzb0pqu+nog iPng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=jk9VHVG1Y85+swsU8ss+ygDPPDTaFf9QKwd7qXdBves=; fh=h63CLocenEMtNqIbNpgsPJN2RFDQBwtLWQS/l/9B930=; b=W5/TJsjDMEP1SQkFsduacdNaxxwIhJcKP0T0cBU+x9hMSIVJK4Kc9CTlRQuTh21nEj 5Mx/ji2gwvjOSDRI7OMELDS9eWBU/WtQUGCL8sLqiIM6PWcRHRWu1z/Wksk0MlGZo2SJ QrodRudBVWvLviVa5FtnFJC38VNBp2MliUq6mMN6bAbs/EQYMb3nIe3vj72MwkZq8JQH rFQS51ZS5UQQeDBH1BxZ83cLRdap8oV9/wYjKhGoGMTd4AWAJyQniXj2AP7kZ2nG3G/3 NcFhbjmMWdzA/eJhCvgQQFQgZ/jlPN1B2teKDPkyskPOIUxm70AGtnFLhFXwLYKCWMZM Ow4A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=Z5a0uy8c; dkim=neutral (no key) header.i=@chronox.de header.s=strato-dkim-0003 header.b="B57cX/UM"; arc=pass (i=1); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id k6-20020a056a00134600b0068a3c575900si4770170pfu.84.2023.10.30.03.22.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 03:22:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=Z5a0uy8c; dkim=neutral (no key) header.i=@chronox.de header.s=strato-dkim-0003 header.b="B57cX/UM"; arc=pass (i=1); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id D38FF80ACFDC; Mon, 30 Oct 2023 03:22:54 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232517AbjJ3KWy (ORCPT + 99 others); Mon, 30 Oct 2023 06:22:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232922AbjJ3KWn (ORCPT ); Mon, 30 Oct 2023 06:22:43 -0400 Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [81.169.146.161]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7DFA6A67 for ; Mon, 30 Oct 2023 03:19:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698661160; cv=none; d=strato.com; s=strato-dkim-0002; b=d4CbDmW0lzFZGzkJb9PH0ojbkA0f2VawzUJDlauAvni4yvhNc9DOTv+wVacGgeG8W/ MgvHfmhLC5vgIyjDyubcB9dor0zShPpPJ7fIQpd0RjAFjTi5ko0smu+dMbBJdaRH86Gl VTZMmILuoHtAKo7177spVaPnqlXyRbLdWYNx8tsI+K8x6RMpGsGNSCr6FjnTKtypB/yg qFzo8EoNA8dzOMC+gBpHQWLmJYbO+lHo5LELn1Y+szh9EQn8L2BOa4NioZAWzyF+rRGK Nh+OHcgxLz5t0+4nKuMcXkbM+ylBQFpoDZkerSQiicKB4mmoV4YmYbzUsqKfrWksYHHJ LGnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1698661160; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=jk9VHVG1Y85+swsU8ss+ygDPPDTaFf9QKwd7qXdBves=; b=SNmfnrjkqxsqWvAPWo8fuO4LRlWjfICoU9nFD+aAHdqHZxJSfdVDs/tFNW7Br/sW4h pqnWqni7+wj8JxMacGC4O8HNHo9b2yJWrjD2a4BefHLp/RxLYRbCC9O42BXlPd18BBTk h71dwWXdbE8FgRspDx1OqSgj+wgsM1334tZ8RskW5Bd+mErColZCxdgjnwbdFMRYIuWz JeZcUveSsn4olEUtDD02CC0n8iIWGk/5FENx1VVfA2jwjOHtrpB3okKFFo29M19Tb+xP esmhCOWpDQWQ3GZ0ENOaAs6ZDfseBiwMrAt4keZAmFjGqPY7mZXgy0A7KSui0uivndeO RwSg== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1698661160; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=jk9VHVG1Y85+swsU8ss+ygDPPDTaFf9QKwd7qXdBves=; b=Z5a0uy8cmCwMtg0A6VcwfGhHSQBKUzcpzwweimmh6I3WvpbZDW20cKttQXkkEuJWRt JroPhd/QTjKdU129GpiJ3JqRk0K+AVr/hH9ZsWVDunzPqikZSqGDKWCGEZCiSMn6M17N KmYfTJrye9I5oq+/xjpwA7OnAgbszrFbI8EhzaVVXOr1qe0V4ivqyJVQ/syt6b3PFyFL 7vXNds1Vm7UrchuWUoKrJMxRUAoK/ldB/a1mFX6XO6aar7y+0cWGPY3Xl13Q3ZQqXixn OLplRHyp0giP/0AmAStXqwbyr8l6PWzKCx6nzloPMN+JLOtnwgA+nTMGyIGhvq4WlyaJ j9pA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1698661160; s=strato-dkim-0003; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=jk9VHVG1Y85+swsU8ss+ygDPPDTaFf9QKwd7qXdBves=; b=B57cX/UMpWnZ/25gaPZQHfZejXbhVTSYM7IFJVghMrlklbCnl0E+uBVEa446PEs8c3 hNfvD63oJdSbq5dGAhCA== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9yWsdNeEDyFXR1lg3JD8=" Received: from tauon.chronox.de by smtp.strato.de (RZmta 49.9.1 AUTH) with ESMTPSA id 6b1cadz9UAJITbU (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Mon, 30 Oct 2023 11:19:18 +0100 (CET) From: Stephan Mueller To: Herbert Xu , "David S. Miller" , Dimitri John Ledkov Cc: simo@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/4] crypto: drbg - ensure most preferred type is FIPS health checked Date: Mon, 30 Oct 2023 11:19:17 +0100 Message-ID: <2739240.yfhAjsIXQE@tauon.chronox.de> In-Reply-To: <20231029204823.663930-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 30 Oct 2023 03:22:55 -0700 (PDT) Am Sonntag, 29. Oktober 2023, 21:48:20 CET schrieb Dimitri John Ledkov: Hi Dimitri, > drbg supports multiple types of drbg, and multiple parameters of > each. Health check sanity only checks one drbg of a single type. One > can enable all three types of drbg. And instead of checking the most > preferred algorithm (last one wins), it is currently checking first > one instead. The purpose of the sanity check is to make sure the various thresholds are effective. For this, you need "a" DRBG, no matter which one. > > Update ifdef to ensure that healthcheck prefers HMAC, over HASH, over > CTR, last one wins, like all other code and functions. I can see that this patch makes the code more consistent with the rest. Yet, I would doubt the "Fixes" indicator below is needed, though. Anyhow: Reviewed-by: Stephan Mueller Ciao Stephan