Am Dienstag, 7. Mai 2019, 15:10:38 CEST schrieb Yann Droneaud:
Hi Yann,
> Hi,
>
> Le mardi 07 mai 2019 à 11:29 +0200, Stephan Müller a écrit :
> > FIPS 140-2 section 4.9.2 requires a continuous self test of the noise
> > source. Up to kernel 4.8 drivers/char/random.c provided this continuous
> > self test. Afterwards it was moved to a location that is inconsistent
> > with the FIPS 140-2 requirements. The relevant patch was
> > e192be9d9a30555aae2ca1dc3aad37cba484cd4a .
>
> Please elaborate: in commit e192be9d9a30 ("random: replace non-blocking
> pool with a Chacha20-based CRNG") the "self test" code was moved from
> extract_entropy() to _extract_entropy(), which is used by
> extract_entropy().
>
> Only crng_initialize() call _extract_entropy() with fips = 0, regarless
> of fips_enabled.
>
> Is this the issue ?
The issue is that _extract_entropy is invoked with the input_pool from the
ChaCha20 RNG during its initialization or reseed. So, this function is called
to extract data from the input_pool and inject it into the ChaCha20 RNG.
However, we need the test to be applied at the output of the ChaCha20 RNG (or
/dev/random).
>
> Could crng_initialize() pass fips_enabled to _extract_entropy() instead
> of 0 ?
This small change does not fix it. At the time the change to ChaCha20 was
applied, I provided a patch that moved the continuous test back to the
locations were we need it. But it was ignored.
Ciao
Stephan
