Module Name: src Committed By: martin Date: Thu Apr 30 15:35:57 UTC 2020
Modified Files: src/sys/kern [netbsd-8]: subr_cprng.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1543): sys/kern/subr_cprng.c: revision 1.34 Disable rngtest on output of cprng_strong. We already do a self-test for correctenss of Hash_DRBG output; applying rngtest to it does nothing but give everyone warning fatigue about spurious rngtest failures. To generate a diff of this commit: cvs rdiff -u -r1.27.10.2 -r1.27.10.3 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/subr_cprng.c diff -u src/sys/kern/subr_cprng.c:1.27.10.2 src/sys/kern/subr_cprng.c:1.27.10.3 --- src/sys/kern/subr_cprng.c:1.27.10.2 Mon Nov 25 16:03:08 2019 +++ src/sys/kern/subr_cprng.c Thu Apr 30 15:35:57 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_cprng.c,v 1.27.10.2 2019/11/25 16:03:08 martin Exp $ */ +/* $NetBSD: subr_cprng.c,v 1.27.10.3 2020/04/30 15:35:57 martin Exp $ */ /*- * Copyright (c) 2011-2013 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.27.10.2 2019/11/25 16:03:08 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.27.10.3 2020/04/30 15:35:57 martin Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -49,9 +49,6 @@ __KERNEL_RCSID(0, "$NetBSD: subr_cprng.c #include <sys/systm.h> #include <sys/sysctl.h> #include <sys/rndsink.h> -#if DIAGNOSTIC -#include <sys/rngtest.h> -#endif #include <crypto/nist_hash_drbg/nist_hash_drbg.h> @@ -66,9 +63,6 @@ static void cprng_strong_generate(struct static void cprng_strong_reseed(struct cprng_strong *); static void cprng_strong_reseed_from(struct cprng_strong *, const void *, size_t, bool); -#if DIAGNOSTIC -static void cprng_strong_rngtest(struct cprng_strong *); -#endif static rndsink_callback_t cprng_strong_rndsink_callback; @@ -450,48 +444,8 @@ cprng_strong_reseed_from(struct cprng_st /* XXX Fix nist_hash_drbg API so this can't happen. */ panic("cprng %s: NIST Hash_DRBG reseed failed", cprng->cs_name); - -#if DIAGNOSTIC - cprng_strong_rngtest(cprng); -#endif } -#if DIAGNOSTIC -/* - * Generate some output and apply a statistical RNG test to it. - */ -static void -cprng_strong_rngtest(struct cprng_strong *cprng) -{ - - KASSERT(mutex_owned(&cprng->cs_lock)); - - /* XXX Switch to a pool cache instead? */ - rngtest_t *const rt = kmem_intr_alloc(sizeof(*rt), KM_NOSLEEP); - if (rt == NULL) - /* XXX Warn? */ - return; - - (void)strlcpy(rt->rt_name, cprng->cs_name, sizeof(rt->rt_name)); - - if (nist_hash_drbg_generate(&cprng->cs_drbg, rt->rt_b, - sizeof(rt->rt_b), NULL, 0)) - panic("cprng %s: NIST Hash_DRBG failed after reseed", - cprng->cs_name); - - if (rngtest(rt)) { - printf("cprng %s: failed statistical RNG test\n", - cprng->cs_name); - /* XXX Not clear that this does any good... */ - cprng->cs_ready = false; - rndsink_schedule(cprng->cs_rndsink); - } - - explicit_memset(rt, 0, sizeof(*rt)); /* paranoia */ - kmem_intr_free(rt, sizeof(*rt)); -} -#endif - /* * Feed entropy from an rndsink request into the CPRNG for which the * request was issued.