---
- branch: MAIN
  date: Fri May 13 09:49:44 UTC 2022
  files:
  - new: '1.10'
    old: '1.9'
    path: src/sys/arch/arm/rockchip/rk_v1crypto.c
    pathrev: src/sys/arch/arm/rockchip/rk_v1crypto.c@1.10
    type: modified
  id: 20220513T094944Z.a6aa2cc71c732d196fab244392887facdc16e514
  log: |
    rkv1crypto(4): Fix units in RNG repeated-output health test.

    This code was intended to check whether the two 4-word halves of an
    8-word, 32-byte, 256-bit sample were repeated.

    Instead, it accidentally checked whether the first 4 _bytes_ of the
    two halves were repeated.

    The effect was a false alarm rate of 1/2^32, instead of a false alarm
    rate of 1/2^128, with no change on the true alarm rate in the event
    of an RNG wedged producing all-zero or all-one bits.  1/2^128 is an
    acceptable false alarm rate; 1/2^32, not so much.

    (The false alarm right might be higher if the samples are not
    perfectly uniformly distributed, which they most likey aren't,
    although the documentation doesn't give any details other than
    suggesting it's a ring oscillator under the hood, which provides
    entropy from jitter induced by thermal noise.  This driver records
    half a bit of entropy per bit of sample to be reasonably
    conservative.)
  module: src
  subject: 'CVS commit: src/sys/arch/arm/rockchip'
  unixtime: '1652435384'
  user: riastradh