Stephan Mueller wrote: > This is a clean-room implementation of the DRBG defined in SP800-90A. Why? I guess it's for certification? > +static bool drbg_fips_continuous_test(struct drbg_state *drbg, > + unsigned char *buf) > ... > + ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg)); > + ... > + /* invert the memcmp result, because the test shall pass when the > + * two compared values do not match */ > + if (ret) > + return true; > + else > + return false; This looks strange. The return value of memcmp() is not really a boolean, and the code appears not to match the comment because the numeric value of ret is not actually inverted. How about this: ret = memcmp(...); ... /* the test shall pass when the compared values are not equal */ return ret != 0; Regards, Clemens -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
