diff options
| author | Neil Horman <nhorman@tuxdriver.com> | 2009-06-18 07:50:21 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-06-18 07:50:21 -0400 |
| commit | 5b739ef8a4e8cf5201d21abff897e292c232477b (patch) | |
| tree | 6301126016ad869997b4ef31973999e16049dfeb /include/linux/fips.h | |
| parent | b6f34d44cb341ad32f08717d1a2c418e6053a031 (diff) | |
random: Add optional continuous repetition test to entropy store based rngs
FIPS-140 requires that all random number generators implement continuous self
tests in which each extracted block of data is compared against the last block
for repetition. The ansi_cprng implements such a test, but it would be nice if
the hw rng's did the same thing. Obviously its not something thats always
needed, but it seems like it would be a nice feature to have on occasion. I've
written the below patch which allows individual entropy stores to be flagged as
desiring a continuous test to be run on them as is extracted. By default this
option is off, but is enabled in the event that fips mode is selected during
bootup.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/linux/fips.h')
| -rw-r--r-- | include/linux/fips.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/fips.h b/include/linux/fips.h new file mode 100644 index 000000000000..f8fb07b0b6b8 --- /dev/null +++ b/include/linux/fips.h | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | #ifndef _FIPS_H | ||
| 2 | #define _FIPS_H | ||
| 3 | |||
| 4 | #ifdef CONFIG_CRYPTO_FIPS | ||
| 5 | extern int fips_enabled; | ||
| 6 | #else | ||
| 7 | #define fips_enabled 0 | ||
| 8 | #endif | ||
| 9 | |||
| 10 | #endif | ||