crypto: drbg - panic on continuous self test error

[firefly-linux-kernel-4.4.55.git] / crypto / drbg.c

diff --git a/crypto/drbg.c b/crypto/drbg.c
index d748a1d0ca24b5c646953cd6a6cdfa240c4669e0..96138396ce019dc29e82be1bd46b5785e63719ed 100644 (file)
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -223,15 +223,6 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
  * function. Thus, the function implicitly knows the size of the
  * buffer.
  *
- * The FIPS test can be called in an endless loop until it returns
- * true. Although the code looks like a potential for a deadlock, it
- * is not the case, because returning a false cannot mathematically
- * occur (except once when a reseed took place and the updated state
- * would is now set up such that the generation of new value returns
- * an identical one -- this is most unlikely and would happen only once).
- * Thus, if this function repeatedly returns false and thus would cause
- * a deadlock, the integrity of the entire kernel is lost.
- *
  * @drbg DRBG handle
  * @buf output buffer of random data to be checked
  *
@@ -258,6 +249,8 @@ static bool drbg_fips_continuous_test(struct drbg_state *drbg,
                return false;
        }
        ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg));
+       if (!ret)
+               panic("DRBG continuous self test failed\n");
        memcpy(drbg->prev, buf, drbg_blocklen(drbg));
        /* the test shall pass when the two compared values are not equal */
        return ret != 0;