On Sat, Feb 29, 2020 at 10:01:49AM +0000, Vikash Bansal wrote: > > On 27/02/20, 12:30 PM, "Greg KH" <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Thu, Feb 27, 2020 at 05:58:05AM +0000, Vikash Bansal wrote: > >> From: Stephan Mueller <smueller@xxxxxxxxxx> > >> > >> commit db07cd26ac6a418dc2823187958edcfdb415fa83 upstream > >> > >> FIPS 140-2 section 4.9.2 requires a continuous self test of the noise > >> source. Up to kernel 4.8 drivers/char/random.c provided this continuous > >> self test. Afterwards it was moved to a location that is inconsistent > >> with the FIPS 140-2 requirements. The relevant patch was > >> e192be9d9a30555aae2ca1dc3aad37cba484cd4a . > >> > >> Thus, the FIPS 140-2 CTRNG is added to the DRBG when it obtains the > >> seed. This patch resurrects the function drbg_fips_continous_test that > >> existed some time ago and applies it to the noise sources. The patch > >> that removed the drbg_fips_continous_test was > >> b3614763059b82c26bdd02ffcb1c016c1132aad0 . > >> > >> The Jitter RNG implements its own FIPS 140-2 self test and thus does not > >> need to be subjected to the test in the DRBG. > >> > >> The patch contains a tiny fix to ensure proper zeroization in case of an > >> error during the Jitter RNG data gathering. > >> > >> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> > >> Reviewed-by: Yann Droneaud <ydroneaud@xxxxxxxxxx> > >> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > >> Signed-off-by: Vikash Bansal <bvikas@xxxxxxxxxx> > >> --- > >> crypto/drbg.c | 94 +++++++++++++++++++++++++++++++++++++++++-- > >> include/crypto/drbg.h | 2 + > >> 2 files changed, 93 insertions(+), 3 deletions(-) > > > > This looks like a new feature to me, why is it needed in the stable > > kernel trees? What bug does it fix? > > In 4.19.y, 4.14.y & 4.9.y, DRBG implementation is as per NIST recommendation > defined in NIST SP800-9A and it designed to be ready for FIPS certification. > But it has missed one of the NIST test requirement define in FIPS 140-2(4.9.2), > so it is not ready for NIST FIPS certification. > With this patch FIPS 140-2(4.9.2) continuous test requirement will be fulfilled. Then use 5.4 or newer kernels if you need such a certification. Adding this new feature to older kernels is just that, a new feature. What is preventing you from using 5.4? It's much better security wise than older kernels for a whole load of reasons. thanks, greg k-h
