The entropy device can be obtained at compile time. Adjusted the
assertion message slightly, as it no longer uses the entropy macro
label. Also adjusted the entropy_driver variable to entropy_dev, since
it does not hold a "driver" but a "device".
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
When ctr_drbg_initialize fails the function returns without unlock irq
that was previously locked.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
entropy_get_entropy return is not being checked what may result in a
vulnerability because tc_ctr_prng_reseed will not get proper entropy
data.
Fixes#29869
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Create syscalls to make possible using random APIs from user mode
threads. These APIs can have different implementations, like using
entropy driver or Xoroshiro128. Some of these implementations also have
some globals to preserve state between calls.
Make it run entire in user space would require user adding these globals
to their memeory domains and/or grant access to entropy device. Syscalls
simplify its usage.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Initialize function has to fail when a call to get entropy fails.
TinyCrypt prng_init relies on a proper entropy data, so we need to
check if the driver return it properly.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The build infrastructure should not be adding the drivers subdirectory
to the include path. Fix the legacy uses that depended on that
addition.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
1) Add cryptographically secure random functions to provide
FIPS 140-2 compliant random functions.
2) Add name to random function choice selectors to ease
selection in SOC .defconfig files
3) Add bulk fill random functions.
Signed-off-by: David Leach <david.leach@nxp.com>
Gerard Marull-Paretas