random: trigger reseeding DRBG on more occasions (!1360) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Daiki Ueno requested to merge dueno/centos-stream-9:wip/dueno/drbg-reseed-followup into main Sep 13, 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2131988

Upstream Status: RHEL only

To adhere to the new requirements in the FIPS140-3 Implementation
Guidance, This patch enforces getrandom syscall to trigger reseeding
DRBG, if the previous getrandom syscall requested reseeding with the
GRND_RANDOM flag.  That is implemented by making the internal flag
(CRYPTO_TFM_REQ_NEED_RESEED) retain after the getrandom(GRND_RANDOM)
call until the next generate operation.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Edited Oct 04, 2022 by Daiki Ueno

random: trigger reseeding DRBG on more occasions

Merge request reports