From d21e43a9d69ef78d0b224f4ea19de146bcb52a09 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 12 May 2022 17:54:05 +0000 Subject: [PATCH] rkv1crypto(4): Fix units in self-test. This previously checked whether the first 8 _bytes_ of two consecutive 8-_word_ (32-byte, 256-bit) samples were repeated. Instead, it was intended to check whether the two 8-word samples were repeated. The effect was a false alarm rate of 1/2^64, instead of a false alarm rate of 1/2^256, with no change on the true alarm rate in the event of an RNG wedged producing all-zero or all-one bits. --- sys/arch/arm/rockchip/rk_v1crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/arch/arm/rockchip/rk_v1crypto.c b/sys/arch/arm/rockchip/rk_v1crypto.c index 0183f9d3ba48..689b1ef73329 100644 --- a/sys/arch/arm/rockchip/rk_v1crypto.c +++ b/sys/arch/arm/rockchip/rk_v1crypto.c @@ -268,7 +268,7 @@ rk_v1crypto_rng_get(size_t nbytes, void *cookie) device_printf(self, "timed out\n"); break; } - if (consttime_memequal(buf, buf + n/2, n/2)) { + if (consttime_memequal(buf, buf + n/2, sizeof(buf[0]) * n/2)) { device_printf(self, "failed repeated output test\n"); break; }