• Stephan Mueller's avatar
    crypto: drbg - panic on continuous self test error · 905b42e5
    Stephan Mueller authored
    This patch adds a panic if the FIPS 140-2 self test error failed.
    Note, that entire code is only executed with fips_enabled (i.e. when the
    kernel is booted with fips=1. It is therefore not executed for 99.9% of
    all user base.
    As mathematically such failure cannot occur, this panic should never be
    triggered. But to comply with NISTs current requirements, an endless
    loop must be replaced with the panic.
    When the new version of FIPS 140 will be released, this entire
    continuous self test function will be ripped out as it will not be
    needed any more.
    This patch is functionally equivalent as implemented in ansi_cprng.c and drivers/char/random.c.
    Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
drbg.c 57.4 KB