Am Donnerstag, 20. März 2014, 09:12:55 schrieb Clemens Ladisch: Hi Clemens, > Stephan Mueller wrote: > > This is a clean-room implementation of the DRBG defined in SP800-90A. > > Why? I guess it's for certification? As per SP800-131A, the ANSI X9.31 DRNG is sunset by the end of 2014 and not allowed to be used in FIPS 140-2 compliant environments. The kernel crypto API implements an ANSI X9.31 DRNG in crypto/ansi_cprng.c as the only DRNG that complies with FIPS 140-2 at this time. Without a replacement for this ANSI X9.31 DRNG, the kernel will not have an FIPS 140-2 approved DRNG any more starting from 2015. > > > +static bool drbg_fips_continuous_test(struct drbg_state *drbg, > > + unsigned char *buf) > > ... > > + ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg)); > > + ... > > + /* invert the memcmp result, because the test shall pass when the > > + * two compared values do not match */ > > + if (ret) > > + return true; > > + else > > + return false; > > This looks strange. The return value of memcmp() is not really > a boolean, and the code appears not to match the comment because the > numeric value of ret is not actually inverted. How about this: Correct, the comment does not match the code as I had invered the logic of drbg_fips_continuous_test as per Rafael's comment. Yet, I did not update the comment. > > ret = memcmp(...); > ... > /* the test shall pass when the compared values are not equal */ > return ret != 0; I will add that change. > > > Regards, > Clemens Thanks Stephan -- | Cui bono? | -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
