Re: [PATCH v3] crypto: DRBG - add FIPS 140-2 CTRNG for noise source

Herbert Xu Thu, 02 May 2019 18:43:01 -0700

On Thu, May 02, 2019 at 06:38:12PM +0200, Stephan Müller wrote:
> +static int drbg_fips_continuous_test(struct drbg_state *drbg,
> +                                  const unsigned char *entropy)
> +{
> +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)


This should look like

        if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
                ...
        } else {
                ...
        }

This way the compiler will see everything regardless of whether
FIPS is enabled or not.

> diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
> index 3fb581bf3b87..939051480c83 100644
> --- a/include/crypto/drbg.h
> +++ b/include/crypto/drbg.h
> @@ -129,6 +129,10 @@ struct drbg_state {
>  
>       bool seeded;            /* DRBG fully seeded? */
>       bool pr;                /* Prediction resistance enabled? */
> +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
> +     bool fips_primed;       /* Continuous test primed? */
> +     unsigned char *prev;    /* FIPS 140-2 continuous test value */
> +#endif

You can still use #ifdef here.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v3] crypto: DRBG - add FIPS 140-2 CTRNG for noise source

Reply via email to