From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [PATCH v3] crypto: DRBG - add FIPS 140-2 CTRNG for noise source
Date: Fri, 03 May 2019 07:11:23 +0200 [thread overview]
Message-ID: <2145637.ukeSOrXKR8@tauon.chronox.de> (raw)
In-Reply-To: <20190503014241.cy35pjinezhapga7@gondor.apana.org.au>
Am Freitag, 3. Mai 2019, 03:42:41 CEST schrieb Herbert Xu:
Hi Herbert,
> On Thu, May 02, 2019 at 06:38:12PM +0200, Stephan Müller wrote:
> > +static int drbg_fips_continuous_test(struct drbg_state *drbg,
> > + const unsigned char *entropy)
> > +{
> > +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
>
> This should look like
>
> if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
> ...
> } else {
> ...
> }
>
> This way the compiler will see everything regardless of whether
> FIPS is enabled or not.
>
> > diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
> > index 3fb581bf3b87..939051480c83 100644
> > --- a/include/crypto/drbg.h
> > +++ b/include/crypto/drbg.h
> > @@ -129,6 +129,10 @@ struct drbg_state {
> >
> > bool seeded; /* DRBG fully seeded? */
> > bool pr; /* Prediction resistance enabled? */
> >
> > +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
> > + bool fips_primed; /* Continuous test primed? */
> > + unsigned char *prev; /* FIPS 140-2 continuous test value */
> > +#endif
>
> You can still use #ifdef here.
The variables would need to be defined unconditionally if we use a runtime
check in the C code. Is that what you want me to do?
Ciao
Stephan
next prev parent reply other threads:[~2019-05-03 5:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-02 12:40 [PATCH] crypto: DRBG - add FIPS 140-2 CTRNG for noise source Stephan Müller
2019-05-02 12:48 ` Herbert Xu
2019-05-02 12:49 ` Stephan Mueller
2019-05-02 15:43 ` [PATCH v2] " Stephan Müller
2019-05-02 16:38 ` [PATCH v3] " Stephan Müller
2019-05-03 1:42 ` Herbert Xu
2019-05-03 5:11 ` Stephan Mueller [this message]
2019-05-03 6:08 ` Herbert Xu
2019-05-03 19:58 ` [PATCH v4] " Stephan Müller
2019-05-07 8:19 ` Yann Droneaud
2019-05-07 9:29 ` [PATCH v5] " Stephan Müller
2019-05-07 13:10 ` Yann Droneaud
2019-05-07 13:18 ` Stephan Mueller
2019-05-07 13:34 ` Stephan Mueller
2019-05-08 14:19 ` [PATCH v6] " Stephan Mueller
2019-05-09 9:16 ` Yann Droneaud
2019-05-23 6:50 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2145637.ukeSOrXKR8@tauon.chronox.de \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).