diff options
author | Neil Horman <nhorman@tuxdriver.com> | 2009-06-18 19:50:21 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-06-18 19:50:21 +0800 |
commit | 246b726cf13b8415348382f06b94f92ecb6f5b6e (patch) | |
tree | ae5f68c0dfedb17bbe811478cf44218ddb2351bc /crypto | |
parent | e286091b2b21d1ff9166609cd19e0df62b56f4bc (diff) | |
download | linux-crypto-246b726cf13b8415348382f06b94f92ecb6f5b6e.tar.gz linux-crypto-246b726cf13b8415348382f06b94f92ecb6f5b6e.zip |
random: Add optional continuous repetition test to entropy store based rngs
FIPS-140 requires that all random number generators implement continuous self
tests in which each extracted block of data is compared against the last block
for repetition. The ansi_cprng implements such a test, but it would be nice if
the hw rng's did the same thing. Obviously its not something thats always
needed, but it seems like it would be a nice feature to have on occasion. I've
written the below patch which allows individual entropy stores to be flagged as
desiring a continuous test to be run on them as is extracted. By default this
option is off, but is enabled in the event that fips mode is selected during
bootup.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/internal.h | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/crypto/internal.h b/crypto/internal.h index 113579a8..95baaea2 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -25,12 +25,7 @@ #include <linux/notifier.h> #include <linux/rwsem.h> #include <linux/slab.h> - -#ifdef CONFIG_CRYPTO_FIPS -extern int fips_enabled; -#else -#define fips_enabled 0 -#endif +#include <linux/fips.h> /* Crypto notification events. */ enum { |