PQ FS 2026 part1

[kaleb-himes]

Description

Replace the DRBG legacy CRNGT test with the more modern RCT/APT tests.

CRNGT: Simply compares each block of output from the entropy source with each previous block of output to detect a "stuck entropy source" but suffers a probability failure rate of ~29.80 failures for every 4 billion checks. (keeping in mind a single failure means the module must be power cycled to recover from this catastrophic scenario per FIPS 140-2 ss 4.9.2) which leads to high volumes of real-world failures.

RCT/APT - The Repetition Count Test (RCT) acts as a "stuck-at" detector by failing if a single value repeats consecutively more than a calculated threshold, effectively catching total hardware failures. The Adaptive Proportion Test (APT) functions as a "bias" detector by counting how many times a specific value appears within a sliding window of samples, identifying subtle statistical collapses that the RCT would otherwise miss.

Fixes zd# 21032

Testing

There is a new test (but it's off by default because it is very slow) in wolfcrypt/test/test.c with two flavors for the Re-Init test, a single threaded and a multi-threaded test.

Single threaded takes a long time but will produce the same rate of failures as the multi-threaded test if entropy pool depletion is not a concern. If entropy pool is small the single threaded option is the best way but it takes longer.

The multi threaded test completes faster by using 40 threads and 100Million iterations per thread to hit the 4 billion goal more quickly. Entropy depletion is a concern so only use this on modern large scale desktop and servers, not on embedded linux.

Examples of configuring and running the tests with and without FIPS enabled are in wolfcrypt/test/README.md along with the investigation results into this issue.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation