* Neil Horman | 2009-09-14 12:30:43 [-0400]:
Ok, version 2 of the patch, taking comments into account
looks good.
Sebastian
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at
Ok, version 2 of the patch, taking comments into account
To be fips compliant, RNGs need to preform a continuous test on their output.
Specifically the requirement is that the first block of random data generated in
an RNG be saved to see the comparison test, and never returned to the caller.
* Neil Horman | 2009-09-12 12:44:11 [-0400]:
diff --git a/drivers/char/random.c b/drivers/char/random.c
index d8a9255..6700248 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -399,6 +399,12 @@ module_param(debug, bool, 0644);
* storing entropy in an entropy pool.
*
Hey all-
A while back I implemented a repetition check in the hardware RNG to
make it FIPS compliant. It was just pointed out to me that there was an item in
the requirement that I missed. Namely, when operating in FIPS mode, the RNG
should save the first n bit block that it produces for