Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 505172e11f5a0d9916e20e40d3b0a6f87d3a59b6
commit505172e11f5a0d9916e20e40d3b0a6f87d3a59b6[log] [tgz]
authorJarod Wilson <jarod@redhat.com>Wed Nov 09 12:04:06 2011 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>Wed Nov 09 12:04:06 2011 +0800
treede5c671a37c3b3479595c1c9c891848953199985
parentbae6d3038b7faff187f4207448a40b9912cf787d [diff]
crypto: ansi_cprng - enforce key != seed in fips mode

Apparently, NIST is tightening up its requirements for FIPS validation
with respect to RNGs. Its always been required that in fips mode, the
ansi cprng not be fed key and seed material that was identical, but
they're now interpreting FIPS 140-2, section AS07.09 as requiring that
the implementation itself must enforce the requirement. Easy fix, we
just do a memcmp of key and seed in fips_cprng_reset and call it a day.

v2: Per Neil's advice, ensure slen is sufficiently long before we
compare key and seed to avoid looking at potentially unallocated mem.

CC: Stephan Mueller <smueller@atsec.com>
CC: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 file changed
tree: de5c671a37c3b3479595c1c9c891848953199985
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS