X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=crypto%2Fansi_cprng.c;h=d80ed4c1e009da061b4d35d2e4bf3187e267b454;hb=e4636d535e32768c8c500641ddb144f56e3dc5c0;hp=0fac8ffc2fb7ef5dc6d39cca05d0292b584bb472;hpb=09fbf7c0f24176ef3b450c590f220ed8033dd2c3;p=safe%2Fjmp%2Flinux-2.6

diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 0fac8ff..d80ed4c 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -132,9 +132,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
 			 */
 			if (!memcmp(ctx->rand_data, ctx->last_rand_data,
 					DEFAULT_BLK_SZ)) {
+				if (fips_enabled) {
+					panic("cprng %p Failed repetition check!\n",
+						ctx);
+				}
+
 				printk(KERN_ERR
 					"ctx %p Failed repetition check!\n",
 					ctx);
+
 				ctx->flags |= PRNG_NEED_RESET;
 				return -EINVAL;
 			}
@@ -338,7 +344,16 @@ static int cprng_init(struct crypto_tfm *tfm)
 
 	spin_lock_init(&ctx->prng_lock);
 
-	return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL);
+	if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+		return -EINVAL;
+
+	/*
+	 * after allocation, we should always force the user to reset
+	 * so they don't inadvertently use the insecure default values
+	 * without specifying them intentially
+	 */
+	ctx->flags |= PRNG_NEED_RESET;
+	return 0;
 }
 
 static void cprng_exit(struct crypto_tfm *tfm)