crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test
[linux-2.6.git] / crypto / ansi_cprng.c
index 1b3b1da..d80ed4c 100644 (file)
@@ -132,9 +132,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
                         */
                        if (!memcmp(ctx->rand_data, ctx->last_rand_data,
                                        DEFAULT_BLK_SZ)) {
+                               if (fips_enabled) {
+                                       panic("cprng %p Failed repetition check!\n",
+                                               ctx);
+                               }
+
                                printk(KERN_ERR
                                        "ctx %p Failed repetition check!\n",
                                        ctx);
+
                                ctx->flags |= PRNG_NEED_RESET;
                                return -EINVAL;
                        }
@@ -161,7 +167,7 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
        /*
         * Now update our DT value
         */
-       for (i = 0; i < DEFAULT_BLK_SZ; i++) {
+       for (i = DEFAULT_BLK_SZ - 1; i >= 0; i--) {
                ctx->DT[i] += 1;
                if (ctx->DT[i] != 0)
                        break;
@@ -338,7 +344,16 @@ static int cprng_init(struct crypto_tfm *tfm)
 
        spin_lock_init(&ctx->prng_lock);
 
-       return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL);
+       if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+               return -EINVAL;
+
+       /*
+        * after allocation, we should always force the user to reset
+        * so they don't inadvertently use the insecure default values
+        * without specifying them intentially
+        */
+       ctx->flags |= PRNG_NEED_RESET;
+       return 0;
 }
 
 static void cprng_exit(struct crypto_tfm *tfm)