search

smuellerDD / jitterentropy-library

Jitterentropy Library
http://www.chronox.de/jent
Other
101 stars 40 forks source link

jent_read_entropy_safe could be safer #121

Closed blackbird1999 closed 2 months ago

blackbird1999 commented 2 months ago

I've found some cases where increasing osr by one is insufficient to pass the health test. Changing if (jent_entropy_init_ex(osr,flags) { return -1; } to a while that increments osr appears to address the issue.

while (jent_entropy_init_ex(osr, flags)) { osr++; if (osr > 20) { return ret; } }

smuellerDD commented 2 months ago

Am Dienstag, 27. August 2024, 15:00:37 MESZ schrieb blackbird1999:

Hi blackbird1999,

I've found some cases where increasing osr by one is insufficient to pass the health test. Changing if (jent_entropy_init_ex(osr,flags) { return -1; } to a while that increments osr appears to address the issue.

while (jent_entropy_init_ex(osr, flags)) { osr++; if (osr > 20) { return ret; } }

Thank you for the note, but may be expected if the timer is coarse. Is there any concern with this approach?

Ciao Stephan

blackbird1999 commented 2 months ago

Hi Stephan,

IMO, if it's OK to "reset" after a failure in jent_read_entropy due to a health test failure (-2, -3) then it should be OK to "reset" after a health test failure in jent_entropy_init_ex. The while loop doesn't differentiate between failures under the assumption that if it's a memory or pointer issue it will fail quickly enough via the if (osr > 20) check.

The environment in which I'm seeing this is Windows Server 2022 running under VMWare Workstation 17.5.1. It's intermittent, rarely fails initially, but after repeated calls jent_read_entropy will fail and then jent_entropy_init_ex will intermittently also fail with OSR bumped by 1. With the change suggested, it usually settles in at OSR == 11 and chugs along just fine.

Sincerely, Jonathan

smuellerDD commented 2 months ago

Am Donnerstag, 29. August 2024, 15:37:12 MESZ schrieb blackbird1999:

Hi blackbird1999,

Hi Stephan,

IMO, if it's OK to "reset" after a failure in jent_read_entropy due to a health test failure (-2, -3) then it should be OK to "reset" after a health test failure in jent_entropy_init_ex. The while loop doesn't differentiate between failures under the assumption that if it's a memory or pointer issue it will fail quickly enough via the if (osr > 20) check.

The environment in which I'm seeing this is Windows Server 2022 running under VMWare Workstation 17.5.1. It's intermittent, rarely fails initially, but after repeated calls jent_read_entropy will fail and then jent_entropy_init_ex will intermittently also fail with OSR bumped by 1. With the change suggested, it usually settles in at OSR == 11 and chugs along just fine.

Well, if you need such support as you describe, why not using the jent_read_entropy_safe API?

That should exactly do what you want, I would think

Ciao Stephan

smuellerDD commented 2 months ago

Sorry, I seem to have missed your point as I did not connect it to the subject of this topic 😊. Anyhow you want the implementation in the API updated with the while loop? Ok, let me see.

smuellerDD commented 2 months ago

Suggested patch applied.