diff options
Diffstat (limited to 'crypto/ansi_cprng.c')
| -rw-r--r-- | crypto/ansi_cprng.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index 0fac8ffc2fb7..d80ed4c1e009 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c | |||
| @@ -132,9 +132,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx) | |||
| 132 | */ | 132 | */ |
| 133 | if (!memcmp(ctx->rand_data, ctx->last_rand_data, | 133 | if (!memcmp(ctx->rand_data, ctx->last_rand_data, |
| 134 | DEFAULT_BLK_SZ)) { | 134 | DEFAULT_BLK_SZ)) { |
| 135 | if (fips_enabled) { | ||
| 136 | panic("cprng %p Failed repetition check!\n", | ||
| 137 | ctx); | ||
| 138 | } | ||
| 139 | |||
| 135 | printk(KERN_ERR | 140 | printk(KERN_ERR |
| 136 | "ctx %p Failed repetition check!\n", | 141 | "ctx %p Failed repetition check!\n", |
| 137 | ctx); | 142 | ctx); |
| 143 | |||
| 138 | ctx->flags |= PRNG_NEED_RESET; | 144 | ctx->flags |= PRNG_NEED_RESET; |
| 139 | return -EINVAL; | 145 | return -EINVAL; |
| 140 | } | 146 | } |
| @@ -338,7 +344,16 @@ static int cprng_init(struct crypto_tfm *tfm) | |||
| 338 | 344 | ||
| 339 | spin_lock_init(&ctx->prng_lock); | 345 | spin_lock_init(&ctx->prng_lock); |
| 340 | 346 | ||
| 341 | return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL); | 347 | if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0) |
| 348 | return -EINVAL; | ||
| 349 | |||
| 350 | /* | ||
| 351 | * after allocation, we should always force the user to reset | ||
| 352 | * so they don't inadvertently use the insecure default values | ||
| 353 | * without specifying them intentially | ||
| 354 | */ | ||
| 355 | ctx->flags |= PRNG_NEED_RESET; | ||
| 356 | return 0; | ||
| 342 | } | 357 | } |
| 343 | 358 | ||
| 344 | static void cprng_exit(struct crypto_tfm *tfm) | 359 | static void cprng_exit(struct crypto_tfm *tfm) |