| Message ID | 12219330.O9o76ZdvQC@positron.chronox.de (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: jitter - correct health test during initialization | expand |
On Thu, May 25, 2023 at 07:00:05PM +0200, Stephan Müller wrote: > With the update of the permanent and intermittent health errors, the > actual indicator for the health test indicates a potential error only > for the one offending time stamp gathered in the current iteration > round. The next iteration round will "overwrite" the health test result. > > Thus, the entropy collection loop in jent_gen_entropy checks for > the health test failure upon each loop iteration. However, the > initialization operation checked for the APT health test once for > an APT window which implies it would not catch most errors. > > Thus, the check for all health errors is now invoked unconditionally > during each loop iteration for the startup test. > > With the change, the error JENT_ERCT becomes unused as all health > errors are only reported with the JENT_HEALTH return code. This > allows the removal of the error indicator. > > Fixes: 3fde2fe99aa6 ("crypto: jitter - permanent and intermittent health errors" > ) > Reported-by: Joachim Vandersmissen <git@jvdsn.com> > Signed-off-by: Stephan Mueller <smueller@chronox.de> > --- > crypto/jitterentropy.c | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) Patch applied. Thanks.
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c index dc423210c9f9..c7d7f2caa779 100644 --- a/crypto/jitterentropy.c +++ b/crypto/jitterentropy.c @@ -118,7 +118,6 @@ struct rand_data { * zero). */ #define JENT_ESTUCK 8 /* Too many stuck results during init. */ #define JENT_EHEALTH 9 /* Health test failed during initialization */ -#define JENT_ERCT 10 /* RCT failed during initialization */ /* * The output n bits can receive more than n bits of min entropy, of course, @@ -713,14 +712,12 @@ int jent_entropy_init(void *hash_state) if ((nonstuck % JENT_APT_WINDOW_SIZE) == 0) { jent_apt_reset(&ec, delta & JENT_APT_WORD_MASK); - if (jent_health_failure(&ec)) - return JENT_EHEALTH; } } - /* Validate RCT */ - if (jent_rct_failure(&ec)) - return JENT_ERCT; + /* Validate health test result */ + if (jent_health_failure(&ec)) + return JENT_EHEALTH; /* test whether we have an increasing timer */ if (!(time2 > time))
With the update of the permanent and intermittent health errors, the actual indicator for the health test indicates a potential error only for the one offending time stamp gathered in the current iteration round. The next iteration round will "overwrite" the health test result. Thus, the entropy collection loop in jent_gen_entropy checks for the health test failure upon each loop iteration. However, the initialization operation checked for the APT health test once for an APT window which implies it would not catch most errors. Thus, the check for all health errors is now invoked unconditionally during each loop iteration for the startup test. With the change, the error JENT_ERCT becomes unused as all health errors are only reported with the JENT_HEALTH return code. This allows the removal of the error indicator. Fixes: 3fde2fe99aa6 ("crypto: jitter - permanent and intermittent health errors" ) Reported-by: Joachim Vandersmissen <git@jvdsn.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> --- crypto/jitterentropy.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)