diff --git a/configure.ac b/configure.ac index a5f9e7ffe..7fe8748df 100644 --- a/configure.ac +++ b/configure.ac @@ -9439,9 +9439,9 @@ then AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;; 'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;; - 'stdrng') test "$ENABLED_HASHDRBG" != "no" && AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) + 'stdrng') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG" ;; - 'stdrng-default') test "$ENABLED_HASHDRBG" != "no" && AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) + 'stdrng-default') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT" ;; 'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;; diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 6c5da4f0a..037b0520a 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -989,8 +989,8 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void) #endif if (! ret) { - u8 buf1[16], buf2[16]; - int i; + u8 buf1[16], buf2[17]; + int i, j; memset(buf1, 0, sizeof buf1); memset(buf2, 0, sizeof buf2); @@ -1004,22 +1004,34 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void) } if (! ret) { - /* There's a 94% chance that 16 random bytes will all be nonzero, - * or a 6% chance that at least one of them will be zero. - * Iterate up to 20 times to push that 6% chance to 5E-25, - * an effective certainty on a functioning PRNG. + /* + * Given a correctly functioning PRNG (perfectly rectangular + * PDF), There's a 94% chance that 17 random bytes will all be + * nonzero, or a 6% chance that at least one of them will be + * zero. Iterate up to 20 times to push that 6% chance to 1.5 + * E-24, an effective certainty on a functioning PRNG. With the + * contributions from iterations on shorter blocks, the overall + * expectation of failure is 2.13 E-24. */ - for (i = 0; i < 20; ++i) { - if (! memchr(buf1, 0, sizeof buf1)) { - ret = 0; - break; + for (i = 1; i <= (int)sizeof buf2; ++i) { + for (j = 0; j < 20; ++j) { + memset(buf2, 0, (size_t)i); + ret = crypto_rng_generate(tfm, NULL, 0, buf2, (unsigned int)i); + if (ret) + break; + ret = -EBADMSG; + if (! memchr(buf2, 0, (size_t)i)) { + ret = 0; + break; + } } - ret = crypto_rng_generate(tfm, buf1, (unsigned int)sizeof buf1, buf2, (unsigned int)sizeof buf2); if (ret) break; - ret = -EBADMSG; - } + + if (ret) + pr_err("wc_linuxkm_drbg_startup: PRNG quality test failed, block length %d, iters %d, ret %d", + i, j, ret); } }