Google Git
Sign in
kernel / pub / scm / utils / kernel / rng-tools / rng-tools / db508e37fe83b720c45ce7f2cd180dade5e58f3a
commitdb508e37fe83b720c45ce7f2cd180dade5e58f3a[log] [tgz]
authorH. Peter Anvin <hpa@linux.intel.com>Wed Aug 01 14:31:39 2012 -0700
committerJeff Garzik <jgarzik@redhat.com>Thu Aug 02 00:19:01 2012 -0400
tree1d8a0ad1461e7b38598900e26f0ba7c20770f9aa
parent9b1a3bbbdf7da77cf84e2eaafb55260d357ae3de [diff]
rngd: Allow up to a 1:1000 false error rate on FIPS tests

The FIPS tests have a measured false positive error rate of
approximately 1:1250.  In order to not permanently disable a
functioning random number source under high traffic, allow
one failure per 1000 successful blocks.

However, never allow more than 25 subsequent failures; this is
handled by not allowing the failures counter to go below zero.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2 files changed
tree: 1d8a0ad1461e7b38598900e26f0ba7c20770f9aa
  1. contrib/
  2. .gitignore
  3. AUTHORS
  4. autogen.sh
  5. ChangeLog
  6. configure.ac
  7. COPYING
  8. exits.h
  9. fips.c
  10. fips.h
  11. LICENSE
  12. Makefile.am
  13. NEWS
  14. rdrand_asm.S
  15. README
  16. rngd.8.in
  17. rngd.c
  18. rngd.h
  19. rngd_entsource.c
  20. rngd_entsource.h
  21. rngd_linux.c
  22. rngd_linux.h
  23. rngd_rdrand.c
  24. rngtest.1.in
  25. rngtest.c
  26. stats.c
  27. stats.h
  28. util.c