static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata, unsigned int dlen) { struct prng_context *prng = crypto_rng_ctx(tfm); return get_prng_bytes(rdata, dlen, prng, 1); }
static int fips_cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen) { u8 rdata[DEFAULT_BLK_SZ]; u8 *key = seed + DEFAULT_BLK_SZ; int rc; struct prng_context *prng = crypto_rng_ctx(tfm); if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ) return -EINVAL; /* fips strictly requires seed != key */ if (!memcmp(seed, key, DEFAULT_PRNG_KSZ)) return -EINVAL; rc = cprng_reset(tfm, seed, slen); if (!rc) goto out; /* this primes our continuity test */ rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0); prng->rand_data_valid = DEFAULT_BLK_SZ; out: return rc; }
static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata, unsigned int dlen) { struct prng_context *prng = crypto_rng_ctx(tfm); // fail fast if we're in a FIPS error state if (unlikely(fips_error())) return -EINVAL; return get_prng_bytes(rdata, dlen, prng, 1); }
static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata, unsigned int dlen) { struct prng_context *prng = crypto_rng_ctx(tfm); // [email protected] - disable kernel panic in FIPS mode - starts if(in_fips_err()) { return -EINVAL; } // [email protected] - disable kernel panic in FIPS mode - ends return get_prng_bytes(rdata, dlen, prng, 1); }
static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata, unsigned int dlen) { struct prng_context *prng = crypto_rng_ctx(tfm); #ifdef CONFIG_CRYPTO_FIPS if (unlikely(in_fips_err())) return -EINVAL; #endif return get_prng_bytes(rdata, dlen, prng, 1); }
static int fips_cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen) { u8 rdata[DEFAULT_BLK_SZ]; int rc; struct prng_context *prng = crypto_rng_ctx(tfm); rc = cprng_reset(tfm, seed, slen); if (!rc) goto out; /* this primes our continuity test */ rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0); prng->rand_data_valid = DEFAULT_BLK_SZ; out: return rc; }