diff options
author | codeworkx <daniel.hillenbrand@codeworkx.de> | 2012-06-02 13:09:29 +0200 |
---|---|---|
committer | codeworkx <daniel.hillenbrand@codeworkx.de> | 2012-06-02 13:09:29 +0200 |
commit | c6da2cfeb05178a11c6d062a06f8078150ee492f (patch) | |
tree | f3b4021d252c52d6463a9b3c1bb7245e399b009c /crypto/ansi_cprng.c | |
parent | c6d7c4dbff353eac7919342ae6b3299a378160a6 (diff) | |
download | kernel_samsung_smdk4412-c6da2cfeb05178a11c6d062a06f8078150ee492f.zip kernel_samsung_smdk4412-c6da2cfeb05178a11c6d062a06f8078150ee492f.tar.gz kernel_samsung_smdk4412-c6da2cfeb05178a11c6d062a06f8078150ee492f.tar.bz2 |
samsung update 1
Diffstat (limited to 'crypto/ansi_cprng.c')
-rw-r--r-- | crypto/ansi_cprng.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index ffa0245..e8213b9 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c @@ -126,6 +126,10 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) output = ctx->rand_data; break; case 2: +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EINVAL; +#endif /* * First check that we didn't produce the same * random data that we did last time around through this @@ -133,8 +137,9 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) if (!memcmp(ctx->rand_data, ctx->last_rand_data, DEFAULT_BLK_SZ)) { if (cont_test) { - panic("cprng %p Failed repetition check!\n", - ctx); +#ifdef CONFIG_CRYPTO_FIPS + set_in_fips_err(); +#endif } printk(KERN_ERR @@ -372,6 +377,11 @@ static int cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen) if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ) return -EINVAL; +#ifdef CONFIG_CRYPTO_FIPS + if (!memcmp(key, seed, DEFAULT_PRNG_KSZ)) + return -EINVAL; +#endif + if (slen >= (2 * DEFAULT_BLK_SZ + DEFAULT_PRNG_KSZ)) dt = key + DEFAULT_PRNG_KSZ; @@ -408,6 +418,11 @@ static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata, { struct prng_context *prng = crypto_rng_ctx(tfm); +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EINVAL; +#endif + return get_prng_bytes(rdata, dlen, prng, 1); } |