From: Greg KH <gregkh@linuxfoundation.org>
To: Vikash Bansal <bvikas@vmware.com>
Cc: stable@vger.kernel.org, srivatsab@vmware.com,
srivatsa@csail.mit.edu, amakhalov@vmware.com,
srinidhir@vmware.com, anishs@vmware.com, vsirnapalli@vmware.com,
sharathg@vmware.com, srostedt@vmware.com, akaher@vmware.com,
rostedt@goodmis.org, Stephan Mueller <smueller@chronox.de>,
Yann Droneaud <ydroneaud@opteya.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: [PATCH v4.19.y, v4.14.y, v4.9.y] crypto: drbg - add FIPS 140-2 CTRNG for noise source
Date: Thu, 27 Feb 2020 08:00:30 +0100 [thread overview]
Message-ID: <20200227070030.GA290231@kroah.com> (raw)
In-Reply-To: <20200227055805.3011-1-bvikas@vmware.com>
On Thu, Feb 27, 2020 at 05:58:05AM +0000, Vikash Bansal wrote:
> From: Stephan Mueller <smueller@chronox.de>
>
> commit db07cd26ac6a418dc2823187958edcfdb415fa83 upstream
>
> FIPS 140-2 section 4.9.2 requires a continuous self test of the noise
> source. Up to kernel 4.8 drivers/char/random.c provided this continuous
> self test. Afterwards it was moved to a location that is inconsistent
> with the FIPS 140-2 requirements. The relevant patch was
> e192be9d9a30555aae2ca1dc3aad37cba484cd4a .
>
> Thus, the FIPS 140-2 CTRNG is added to the DRBG when it obtains the
> seed. This patch resurrects the function drbg_fips_continous_test that
> existed some time ago and applies it to the noise sources. The patch
> that removed the drbg_fips_continous_test was
> b3614763059b82c26bdd02ffcb1c016c1132aad0 .
>
> The Jitter RNG implements its own FIPS 140-2 self test and thus does not
> need to be subjected to the test in the DRBG.
>
> The patch contains a tiny fix to ensure proper zeroization in case of an
> error during the Jitter RNG data gathering.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> Reviewed-by: Yann Droneaud <ydroneaud@opteya.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: Vikash Bansal <bvikas@vmware.com>
> ---
> crypto/drbg.c | 94 +++++++++++++++++++++++++++++++++++++++++--
> include/crypto/drbg.h | 2 +
> 2 files changed, 93 insertions(+), 3 deletions(-)
This looks like a new feature to me, why is it needed in the stable
kernel trees? What bug does it fix?
thanks,
greg k-h
next prev parent reply other threads:[~2020-02-27 7:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-27 5:58 [PATCH v4.19.y, v4.14.y, v4.9.y] crypto: drbg - add FIPS 140-2 CTRNG for noise source Vikash Bansal
2020-02-27 7:00 ` Greg KH [this message]
2020-02-29 10:01 ` Vikash Bansal
2020-02-29 19:02 ` Greg KH
2020-03-04 17:15 ` Vikash Bansal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200227070030.GA290231@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=akaher@vmware.com \
--cc=amakhalov@vmware.com \
--cc=anishs@vmware.com \
--cc=bvikas@vmware.com \
--cc=herbert@gondor.apana.org.au \
--cc=rostedt@goodmis.org \
--cc=sharathg@vmware.com \
--cc=smueller@chronox.de \
--cc=srinidhir@vmware.com \
--cc=srivatsa@csail.mit.edu \
--cc=srivatsab@vmware.com \
--cc=srostedt@vmware.com \
--cc=stable@vger.kernel.org \
--cc=vsirnapalli@vmware.com \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.