@@ -1195,9 +1195,13 @@ static int min_crng_reseed_pool_entropy(void)
* up to one half of the minimum entropy needed for
* reseeding. That way it won't dominate the entropy
* collected by other means at input_pool.
+ * If in FIPS mode, restrict this to SP900-90B compliant
+ * architectural RNGs.
*/
- if (arch_has_random() || arch_has_random_seed())
+ if (arch_has_sp800_90b_random_seed() ||
+ (!fips_enabled && (arch_has_random() || arch_has_random_seed()))) {
return 8;
+ }
return 16;
}
@@ -1233,7 +1237,8 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
for (i = 0; i < 8; i++) {
unsigned long rv;
if (!arch_get_random_seed_long(&rv) &&
- !arch_get_random_long(&rv)) {
+ ((arch_randomness_required && fips_enabled) ||
+ !arch_get_random_long(&rv))) {
if (arch_randomness_required) {
/*
* The input_pool failed to provide
It is required by SP800-90C that only SP800-90B compliant entropy sources may be used for seeding DRBGs. Don't award any entropy to arch_get_random_long() if fips_enabled is true. Don't award any entropy to arch_get_random_seed_long() if fips_enabled && !arch_has_sp800_90b_random_seed(). This is achieved by making min_crng_reseed_pool_entropy() return the full minimum seed size if fips_enabled && !arch_has_sp800_90b_random_seed() is true. This prevents crng_reseed() from attempting to make up for any lack of entropy in the input_pool by reading from the architectural RNG. Make crng_reseed() bail out in FIPS mode if the input_pool provides insufficient entropy and any of the arch_get_random_seed_long() invocations fails: there's no statement regarding SP900-90B compliance of arch_get_random_long() and so it can't be used as a backup. Signed-off-by: Nicolai Stange <nstange@suse.de> --- drivers/char/random.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)