diff options
author | H. Peter Anvin <hpa@linux.intel.com> | 2012-08-01 14:31:39 -0700 |
---|---|---|
committer | Jeff Garzik <jgarzik@redhat.com> | 2012-08-02 00:19:01 -0400 |
commit | db508e37fe83b720c45ce7f2cd180dade5e58f3a (patch) | |
tree | 1d8a0ad1461e7b38598900e26f0ba7c20770f9aa | |
parent | 9b1a3bbbdf7da77cf84e2eaafb55260d357ae3de (diff) | |
download | rng-tools-db508e37fe83b720c45ce7f2cd180dade5e58f3a.tar.gz |
rngd: Allow up to a 1:1000 false error rate on FIPS tests
The FIPS tests have a measured false positive error rate of
approximately 1:1250. In order to not permanently disable a
functioning random number source under high traffic, allow
one failure per 1000 successful blocks.
However, never allow more than 25 subsequent failures; this is
handled by not allowing the failures counter to go below zero.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-rw-r--r-- | rngd.c | 14 | ||||
-rw-r--r-- | rngd.h | 2 |
2 files changed, 11 insertions, 5 deletions
@@ -213,11 +213,8 @@ static int update_kernel_random(int random_step, int fips; fips = fips_run_rng_test(fipsctx_in, buf); - if (fips) { - if (!arguments->quiet) - message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); + if (fips) return 1; - } for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE]; p += random_step) { @@ -256,8 +253,15 @@ static void do_loop(int random_step) rc = update_kernel_random(random_step, buf, iter->fipsctx); - if (rc == 0) + if (rc == 0) { + iter->success++; + if (iter->success >= RNG_OK_CREDIT) { + if (iter->failures) + iter->failures--; + iter->success = 0; + } break; /* succeeded, work done */ + } iter->failures++; if (iter->failures == MAX_RNG_FAILURES) { @@ -35,6 +35,7 @@ enum { MAX_RNG_FAILURES = 25, + RNG_OK_CREDIT = 1000, /* ~1:1250 false positives */ }; /* Command line arguments and processing */ @@ -59,6 +60,7 @@ struct rng { int rng_fd; bool disabled; int failures; + int success; int (*xread) (void *buf, size_t size, struct rng *ent_src); fips_ctx_t *fipsctx; |