On Fri, Nov 04, 2011 at 11:25:13AM -0400, Neil Horman wrote: > On Fri, Nov 04, 2011 at 10:01:25AM -0400, Jarod Wilson wrote: > > Apparently, NIST is tightening up its requirements for FIPS validation > > with respect to RNGs. Its always been required that in fips mode, the > > ansi cprng not be fed key and seed material that was identical, but > > they're now interpreting FIPS 140-2, section AS07.09 as requiring that > > the implementation itself must enforce the requirement. Easy fix, we > > just do a memcmp of key and seed in fips_cprng_reset and call it a day. > > > > v2: Per Neil's advice, ensure slen is sufficiently long before we > > compare key and seed to avoid looking at potentially unallocated mem. > > > > CC: Neil Horman <nhorman@xxxxxxxxxxxxx> > > CC: Stephan Mueller <smueller@xxxxxxxxx> > > CC: Steve Grubb <sgrubb@xxxxxxxxxx> > > Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx> > Thanks Jarod. Adding Herbert to the cc list so he can pull this into the crypto > tree. > > Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx> Patch applied. Jarod, please cc me in future for patches. Thanks! -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
