rngd: As long as FIPS error rates are low, re-try the same source

Allow for a small number of FIPS errors before advancing to the
next source.  This prevents a high bandwidth source from stalling
out by shifting to a low bandwidth source (e.g. DRNG->TPM) just
because of a single FIPS failure.  FIPS failures are frequent
enough (1:1250) that this happens on a regular basis.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

diff --git a/rngd.c b/rngd.c
index 7fe339865763953bbb9c5e6f8588eb2f59ed194e..a9dbcb8496074cb08fc98c7fd5a3b34bc0e0da4e 100644 (file)
--- a/rngd.c
+++ b/rngd.c
@@ -242,6 +242,7 @@ static void do_loop(int random_step)
                        if (!server_running)
                                return;
 
+               retry_same:
                        if (iter->disabled)
                                continue;       /* failed, no work */
 
@@ -264,7 +265,10 @@ static void do_loop(int random_step)
                        }
 
                        iter->failures++;
-                       if (iter->failures == MAX_RNG_FAILURES) {
+                       if (iter->failures <= MAX_RNG_FAILURES/4) {
+                               /* FIPS tests have false positives */
+                               goto retry_same;
+                       } else if (iter->failures >= MAX_RNG_FAILURES) {
                                if (!arguments->quiet)
                                        message(LOG_DAEMON|LOG_ERR,
                                        "too many FIPS failures, disabling entropy source\n");