Re: [PATCH] crypto: Jitter RNG - Permanent and Intermittent health errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 24. März 2023, 10:27:37 CET schrieb Herbert Xu:

Hi Herbert,

> On Thu, Mar 23, 2023 at 08:17:14AM +0100, Stephan Müller wrote:
> > @@ -138,29 +139,35 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
> > 
> >  	spin_lock(&rng->jent_lock);
> > 
> > -	/* Return a permanent error in case we had too many resets in a row. */
> > -	if (rng->reset_cnt > (1<<10)) {
> > +	/* Enforce a disabled entropy source. */
> > +	if (rng->disabled) {
> > 
> >  		ret = -EFAULT;
> >  		goto out;
> >  	
> >  	}
> 
> Can we please get rid of this completely when we're not in FIPS
> mode? Remember that jent is now used by all kernel users through
> drbg.  Having it fail permanently in this fashion is unacceptable.
> 
> If we're not in FIPS mode it should simply carry on or at least
> seek another source of entropy, perhaps from the kernel RNG.

I will remove that from this patch. I plan to release another patch where the 
oversampling rate will be increased in case of such health errors. This 
increase in the oversampling rate would handle this issue much more 
gracefully.

Thanks

Ciao
Stephan






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux