On 27/02/20, 12:30 PM, "Greg KH" <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Feb 27, 2020 at 05:58:05AM +0000, Vikash Bansal wrote:
>> From: Stephan Mueller <smueller@xxxxxxxxxx>
>>
>> commit db07cd26ac6a418dc2823187958edcfdb415fa83 upstream
>>
>> FIPS 140-2 section 4.9.2 requires a continuous self test of the noise
>> source. Up to kernel 4.8 drivers/char/random.c provided this continuous
>> self test. Afterwards it was moved to a location that is inconsistent
>> with the FIPS 140-2 requirements. The relevant patch was
>> e192be9d9a30555aae2ca1dc3aad37cba484cd4a .
>>
>> Thus, the FIPS 140-2 CTRNG is added to the DRBG when it obtains the
>> seed. This patch resurrects the function drbg_fips_continous_test that
>> existed some time ago and applies it to the noise sources. The patch
>> that removed the drbg_fips_continous_test was
>> b3614763059b82c26bdd02ffcb1c016c1132aad0 .
>>
>> The Jitter RNG implements its own FIPS 140-2 self test and thus does not
>> need to be subjected to the test in the DRBG.
>>
>> The patch contains a tiny fix to ensure proper zeroization in case of an
>> error during the Jitter RNG data gathering.
>>
>> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
>> Reviewed-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
>> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Vikash Bansal <bvikas@xxxxxxxxxx>
>> ---
>> crypto/drbg.c | 94 +++++++++++++++++++++++++++++++++++++++++--
>> include/crypto/drbg.h | 2 +
>> 2 files changed, 93 insertions(+), 3 deletions(-)
>
> This looks like a new feature to me, why is it needed in the stable
> kernel trees? What bug does it fix?
In 4.19.y, 4.14.y & 4.9.y, DRBG implementation is as per NIST recommendation
defined in NIST SP800-9A and it designed to be ready for FIPS certification.
But it has missed one of the NIST test requirement define in FIPS 140-2(4.9.2),
so it is not ready for NIST FIPS certification.
With this patch FIPS 140-2(4.9.2) continuous test requirement will be fulfilled.
- Vikash
> thanks,
>
> greg k-h
>
