random: Add optional continuous repetition test to entropy store based rngs
FIPS-140 requires that all random number generators implement continuous self tests in which each extracted block of data is compared against the last block for repetition. The ansi_cprng implements such a test, but it would be nice if the hw rng's did the same thing. Obviously its not something thats always needed, but it seems like it would be a nice feature to have on occasion. I've written the below patch which allows individual entropy stores to be flagged as desiring a continuous test to be run on them as is extracted. By default this option is off, but is enabled in the event that fips mode is selected during bootup. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Neil Horman
Herbert Xu
@@ -25,12 +25,7 @@
|
||||
#include <linux/notifier.h>
|
||||
#include <linux/rwsem.h>
|
||||
#include <linux/slab.h>
|
||||
|
||||
#ifdef CONFIG_CRYPTO_FIPS
|
||||
extern int fips_enabled;
|
||||
#else
|
||||
#define fips_enabled 0
|
||||
#endif
|
||||
#include <linux/fips.h>
|
||||
|
||||
/* Crypto notification events. */
|
||||
enum {
|
||||
|
||||
Reference in New Issue
Block a user