Hi Stephan, For those less perfect noise source, can't pass the FIPS test. static int update_kernel_random(int random_step, unsigned char *buf, fips_ctx_t *fipsctx_in) { unsigned char *p; int fips; fips = fips_run_rng_test(fipsctx_in, buf); if (fips) return 1; for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE]; p += random_step) { random_add_entropy(p, random_step); random_sleep(); } return 0; } -- Miaoqing ________________________________________ From: Stephan Mueller <smueller@xxxxxxxxxx> Sent: Tuesday, August 9, 2016 5:37 PM To: Herbert Xu Cc: Pan, Miaoqing; Matt Mackall; miaoqing@xxxxxxxxxxxxxx; Valo, Kalle; linux-wireless@xxxxxxxxxxxxxxx; ath9k-devel; linux-crypto@xxxxxxxxxxxxxxx; jason@xxxxxxxxxxxxxx; Sepehrdad, Pouyan Subject: Re: [PATCH 2/2] ath9k: disable RNG by default Am Dienstag, 9. August 2016, 17:17:55 CEST schrieb Herbert Xu: Hi Herbert, > On Tue, Aug 09, 2016 at 11:02:58AM +0200, Stephan Mueller wrote: > > But shouldn't the default of the rngd then be adjusted a bit? > > Please elaborate. in rngd_linux.c:random_add_entropy(void *buf, size_t size): entropy.ent_count = size * 8; entropy.size = size; memcpy(entropy.data, buf, size); if (ioctl(random_fd, RNDADDENTROPY, &entropy) != 0) { ... in rngd.c:do_loop(): retval = iter->xread(buf, sizeof buf, iter); ... rc = update_kernel_random(random_step, buf, iter->fipsctx); where update_kernel_random simply invokes random_add_entropy in chunks. Hence, the rngd reads some bytes from /dev/hwrand and injects it into /dev/ random with an entropy estimate that is equal to the read bytes. With less than perfect noise sources, entropy.ent_count should be much smaller. > > Thanks, Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html