Module Name: src Committed By: riastradh Date: Sun Jun 9 20:07:33 UTC 2024
Modified Files: src/sys/arch/x86/x86: cpu_rng.c Log Message: x86/cpu_rng: Fix false alarm rate of CPU RNG health test. Lower it from 1/2^32 (about one in four billion) to 1/2^256 (approximately not gonna happen squared). PR port-amd64/58122 To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sys/arch/x86/x86/cpu_rng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/arch/x86/x86/cpu_rng.c diff -u src/sys/arch/x86/x86/cpu_rng.c:1.20 src/sys/arch/x86/x86/cpu_rng.c:1.21 --- src/sys/arch/x86/x86/cpu_rng.c:1.20 Thu Oct 7 12:52:27 2021 +++ src/sys/arch/x86/x86/cpu_rng.c Sun Jun 9 20:07:33 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu_rng.c,v 1.20 2021/10/07 12:52:27 msaitoh Exp $ */ +/* $NetBSD: cpu_rng.c,v 1.21 2024/06/09 20:07:33 riastradh Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -260,8 +260,12 @@ cpu_rng(enum cpu_rng_mode mode, uint64_t static void cpu_rng_get(size_t nbytes, void *cookie) { -#define N howmany(256, 64) - uint64_t buf[2*N]; + enum { + NBITS = 256, + NBYTES = howmany(NBITS, 8), + NWORDS = howmany(NBITS, 64), + }; + uint64_t buf[2*NWORDS]; unsigned i, nbits = 0; while (nbytes) { @@ -273,7 +277,7 @@ cpu_rng_get(size_t nbytes, void *cookie) */ for (i = 0; i < __arraycount(buf); i++) nbits += cpu_rng(cpu_rng_mode, &buf[i]); - if (consttime_memequal(buf, buf + N, N)) { + if (consttime_memequal(buf, buf + NWORDS, NBYTES)) { printf("cpu_rng %s: failed repetition test\n", cpu_rng_name[cpu_rng_mode]); nbits = 0; @@ -281,7 +285,6 @@ cpu_rng_get(size_t nbytes, void *cookie) rnd_add_data_sync(&cpu_rng_source, buf, sizeof buf, nbits); nbytes -= MIN(MIN(nbytes, sizeof buf), MAX(1, 8*nbits)); } -#undef N } void