From: H. Peter Anvin Date: Wed, 1 Aug 2012 21:31:39 +0000 (-0700) Subject: rngd: Allow up to a 1:1000 false error rate on FIPS tests X-Git-Tag: v4~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=db508e37fe83b720c45ce7f2cd180dade5e58f3a;p=thirdparty%2Frng-tools.git rngd: Allow up to a 1:1000 false error rate on FIPS tests The FIPS tests have a measured false positive error rate of approximately 1:1250. In order to not permanently disable a functioning random number source under high traffic, allow one failure per 1000 successful blocks. However, never allow more than 25 subsequent failures; this is handled by not allowing the failures counter to go below zero. Signed-off-by: H. Peter Anvin Signed-off-by: Jeff Garzik --- diff --git a/rngd.c b/rngd.c index 8ab219c..d7cd1b2 100644 --- a/rngd.c +++ b/rngd.c @@ -213,11 +213,8 @@ static int update_kernel_random(int random_step, int fips; fips = fips_run_rng_test(fipsctx_in, buf); - if (fips) { - if (!arguments->quiet) - message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); + if (fips) return 1; - } for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE]; p += random_step) { @@ -256,8 +253,15 @@ static void do_loop(int random_step) rc = update_kernel_random(random_step, buf, iter->fipsctx); - if (rc == 0) + if (rc == 0) { + iter->success++; + if (iter->success >= RNG_OK_CREDIT) { + if (iter->failures) + iter->failures--; + iter->success = 0; + } break; /* succeeded, work done */ + } iter->failures++; if (iter->failures == MAX_RNG_FAILURES) { diff --git a/rngd.h b/rngd.h index ca321d6..2dd8481 100644 --- a/rngd.h +++ b/rngd.h @@ -35,6 +35,7 @@ enum { MAX_RNG_FAILURES = 25, + RNG_OK_CREDIT = 1000, /* ~1:1250 false positives */ }; /* Command line arguments and processing */ @@ -59,6 +60,7 @@ struct rng { int rng_fd; bool disabled; int failures; + int success; int (*xread) (void *buf, size_t size, struct rng *ent_src); fips_ctx_t *fipsctx;