random: allow reseeding DRBG with getrandom (!1236) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Daiki Ueno requested to merge dueno/centos-stream-9:wip/dueno/drbg-reseed into main Aug 05, 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114854

According to SP800-90C, when multiple DRBGs are chained, meaning that
a target DRBG is seeded using the output of the source DRBG, the
source DRBG shall be reseeded with fresh entropy before generating the
output.  This patch extends the getrandom syscall to allow userspace
programs to request the kernel to reseed the internal DRBG at the same
time it generates new pseudorandom bytes, repurposing the currently
unused GRND_RANDOM flag.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Edited Aug 26, 2022 by Daiki Ueno

random: allow reseeding DRBG with getrandom

Merge request reports