diff options
author | Ingo Molnar <mingo@elte.hu> | 2009-03-28 22:27:45 +0100 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-03-28 22:27:45 +0100 |
commit | fab2e030f9729c89dbcf6392f4c4a25105c9cbfa (patch) | |
tree | 0c954c437b1d5ea174af19cda413f0bbe3a60949 /crypto/ansi_cprng.c | |
parent | 9a9f3c8647eaaac118d55ad74a10eef558d2a557 (diff) | |
parent | fed2c5aea5e362f1ff83b27cfd4b50d858377a5f (diff) | |
download | linux-crypto-fab2e030f9729c89dbcf6392f4c4a25105c9cbfa.tar.gz linux-crypto-fab2e030f9729c89dbcf6392f4c4a25105c9cbfa.zip |
Merge branch 'linus' into x86/core
Diffstat (limited to 'crypto/ansi_cprng.c')
-rw-r--r-- | crypto/ansi_cprng.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index 0fac8ffc..d80ed4c1 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c @@ -132,9 +132,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx) */ if (!memcmp(ctx->rand_data, ctx->last_rand_data, DEFAULT_BLK_SZ)) { + if (fips_enabled) { + panic("cprng %p Failed repetition check!\n", + ctx); + } + printk(KERN_ERR "ctx %p Failed repetition check!\n", ctx); + ctx->flags |= PRNG_NEED_RESET; return -EINVAL; } @@ -338,7 +344,16 @@ static int cprng_init(struct crypto_tfm *tfm) spin_lock_init(&ctx->prng_lock); - return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL); + if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0) + return -EINVAL; + + /* + * after allocation, we should always force the user to reset + * so they don't inadvertently use the insecure default values + * without specifying them intentially + */ + ctx->flags |= PRNG_NEED_RESET; + return 0; } static void cprng_exit(struct crypto_tfm *tfm) |