[PATCH v5 1/1] crypto: atmel-sha204a - fix blocking and non-blocking rng logic
Thorsten Blum
thorsten.blum at linux.dev
Tue Apr 28 03:41:38 PDT 2026
On Sun, Apr 26, 2026 at 09:29:47PM +0000, Lothar Rubusch wrote:
> The blocking and non-blocking paths were failing to provide valid entropy
> due to improper buffer management. Reading the buffer starting from byte 1,
> only fetch the 32 bytes of random data from the return message.
>
> Tested on an Atmel SHA204A device.
>
> Before (here for blocking), tests showed repeatedly reading reduced bytes.
> $ head -c 32 /dev/hwrng | hexdump -C
> 00000000 02 28 85 b3 47 40 f2 ee 00 00 00 00 00 00 00 00 |.(..G at ..........|
> 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 00000020
>
> After, the result will be similar to the following:
> $ head -c 32 /dev/hwrng | hexdump -C
> 00000000 5a fc 3f 13 14 68 fe 06 68 0a bd 04 83 6e 09 69 |Z.?..h..h....n.i|
> 00000010 75 ff cf 87 10 84 3b c9 c1 df ae eb 45 53 4c c3 |u.....;.....ESL.|
> 00000020
>
> Fixes: da001fb651b0 ("crypto: atmel-i2c - add support for SHA204A random number generator")
> Suggested-by: Ard Biesheuvel <ardb at kernel.org>
> Signed-off-by: Lothar Rubusch <l.rubusch at gmail.com>
Tested on SHA204A hardware using rngtest:
$ sudo head -c 300000 /dev/hwrng | rngtest -c 100
rngtest: FIPS 140-2 successes: 100
rngtest: FIPS 140-2 failures: 0
and verified via hexdump that the byte stream is no longer zero-padded.
Tested-by: Thorsten Blum <thorsten.blum at linux.dev>
Thanks,
Thorsten
More information about the linux-arm-kernel
mailing list