git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Mon, 20 Apr 2026 06:34:10 +0000 (23:34 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 7 May 2026 08:10:01 +0000 (16:10 +0800)
commit	2245b1bfecc861e000f115f017e08eeed4808191
tree	57dd6fad0a5108026e4da3c3e7bb674509bee083	tree \| snapshot
parent	54957e44db1fc3524da15e34c6c86f77bbd664da	commit \| diff

crypto: drbg - Consolidate "instantiate" logic and remove drbg_state::C

Currently some of the steps of "Instantiate the DRBG" occur in a
convoluted way in different places in the call stack:

drbg_instantiate()

    => drbg_seed(reseed=0) sets the raw HMAC key drbg_state::C to its
       correct initial value, and it sets the state value
       drbg_state::V to an *incorrect* initial value.

        => drbg_hmac_update(reseed=0) overwrites drbg_state::V with the
           correct initial value, then prepares the hmac_sha512_key
           drbg_state::key from the initial raw HMAC key drbg_state::C.

Later, each time the HMAC key is updated, drbg_hmac_update() also uses
drbg_state::C to temporarily store the new raw key.

Simplify all of this by:

    - Making drbg_instantiate() set the correct initial values of
      drbg_state::V and drbg_state::key.

    - Converting drbg_hmac_update() to generate the raw key in a
      temporary on-stack array instead of drbg_state::C.

    - Removing drbg_state::C.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>