Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Disable rngtest on output of cprng_strong.



details:   https://anonhg.NetBSD.org/src/rev/b14673efbf3f
branches:  trunk
changeset: 465791:b14673efbf3f
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Wed Dec 04 05:36:34 2019 +0000

description:
Disable rngtest on output of cprng_strong.

We already do a self-test for correctenss of Hash_DRBG output;
applying rngtest to it does nothing but give everyone warning fatigue
about spurious rngtest failures.

diffstat:

 sys/kern/subr_cprng.c |  50 ++------------------------------------------------
 1 files changed, 2 insertions(+), 48 deletions(-)

diffs (87 lines):

diff -r 91f13a284338 -r b14673efbf3f sys/kern/subr_cprng.c
--- a/sys/kern/subr_cprng.c     Wed Dec 04 05:19:10 2019 +0000
+++ b/sys/kern/subr_cprng.c     Wed Dec 04 05:36:34 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_cprng.c,v 1.33 2019/11/25 15:19:54 riastradh Exp $ */
+/*     $NetBSD: subr_cprng.c,v 1.34 2019/12/04 05:36:34 riastradh Exp $ */
 
 /*-
  * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.33 2019/11/25 15:19:54 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.34 2019/12/04 05:36:34 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -49,9 +49,6 @@
 #include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/rndsink.h>
-#if DIAGNOSTIC
-#include <sys/rngtest.h>
-#endif
 
 #include <crypto/nist_hash_drbg/nist_hash_drbg.h>
 
@@ -66,9 +63,6 @@
 static void    cprng_strong_reseed(struct cprng_strong *);
 static void    cprng_strong_reseed_from(struct cprng_strong *, const void *,
                    size_t, bool);
-#if DIAGNOSTIC
-static void    cprng_strong_rngtest(struct cprng_strong *);
-#endif
 
 static rndsink_callback_t      cprng_strong_rndsink_callback;
 
@@ -482,48 +476,8 @@
                /* XXX Fix nist_hash_drbg API so this can't happen.  */
                panic("cprng %s: NIST Hash_DRBG reseed failed",
                    cprng->cs_name);
-
-#if DIAGNOSTIC
-       cprng_strong_rngtest(cprng);
-#endif
 }
 
-#if DIAGNOSTIC
-/*
- * Generate some output and apply a statistical RNG test to it.
- */
-static void
-cprng_strong_rngtest(struct cprng_strong *cprng)
-{
-
-       KASSERT(mutex_owned(&cprng->cs_lock));
-
-       /* XXX Switch to a pool cache instead?  */
-       rngtest_t *const rt = kmem_intr_alloc(sizeof(*rt), KM_NOSLEEP);
-       if (rt == NULL)
-               /* XXX Warn?  */
-               return;
-
-       (void)strlcpy(rt->rt_name, cprng->cs_name, sizeof(rt->rt_name));
-
-       if (nist_hash_drbg_generate(&cprng->cs_drbg, rt->rt_b,
-               sizeof(rt->rt_b), NULL, 0))
-               panic("cprng %s: NIST Hash_DRBG failed after reseed",
-                   cprng->cs_name);
-
-       if (rngtest(rt)) {
-               printf("cprng %s: failed statistical RNG test\n",
-                   cprng->cs_name);
-               /* XXX Not clear that this does any good...  */
-               cprng->cs_ready = false;
-               rndsink_schedule(cprng->cs_rndsink);
-       }
-
-       explicit_memset(rt, 0, sizeof(*rt)); /* paranoia */
-       kmem_intr_free(rt, sizeof(*rt));
-}
-#endif
-
 /*
  * Feed entropy from an rndsink request into the CPRNG for which the
  * request was issued.



Home | Main Index | Thread Index | Old Index