On 27/02/20, 12:30 PM, "Greg KH" gregkh@linuxfoundation.org wrote:
On Thu, Feb 27, 2020 at 05:58:05AM +0000, Vikash Bansal wrote:
From: Stephan Mueller smueller@chronox.de
commit db07cd26ac6a418dc2823187958edcfdb415fa83 upstream
FIPS 140-2 section 4.9.2 requires a continuous self test of the noise source. Up to kernel 4.8 drivers/char/random.c provided this continuous self test. Afterwards it was moved to a location that is inconsistent with the FIPS 140-2 requirements. The relevant patch was e192be9d9a30555aae2ca1dc3aad37cba484cd4a .
Thus, the FIPS 140-2 CTRNG is added to the DRBG when it obtains the seed. This patch resurrects the function drbg_fips_continous_test that existed some time ago and applies it to the noise sources. The patch that removed the drbg_fips_continous_test was b3614763059b82c26bdd02ffcb1c016c1132aad0 .
The Jitter RNG implements its own FIPS 140-2 self test and thus does not need to be subjected to the test in the DRBG.
The patch contains a tiny fix to ensure proper zeroization in case of an error during the Jitter RNG data gathering.
Signed-off-by: Stephan Mueller smueller@chronox.de Reviewed-by: Yann Droneaud ydroneaud@opteya.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Vikash Bansal bvikas@vmware.com
crypto/drbg.c | 94 +++++++++++++++++++++++++++++++++++++++++-- include/crypto/drbg.h | 2 + 2 files changed, 93 insertions(+), 3 deletions(-)
This looks like a new feature to me, why is it needed in the stable kernel trees? What bug does it fix?
In 4.19.y, 4.14.y & 4.9.y, DRBG implementation is as per NIST recommendation defined in NIST SP800-9A and it designed to be ready for FIPS certification. But it has missed one of the NIST test requirement define in FIPS 140-2(4.9.2), so it is not ready for NIST FIPS certification. With this patch FIPS 140-2(4.9.2) continuous test requirement will be fulfilled.
- Vikash
thanks, greg k-h