wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

Entropy - fix off by ones in continuous testing

Open SparkiDev opened this issue 7 months ago • 7 comments

Description

rep_cnt is count of contiguous bytes with same value. First ever sample must set count to 1.

Wasn't filling the cache up completely. Off by one in check for initial fill.

Testing

./configure --disable-shared --enable-entropy-memuse

Checklist

  • [ ] added tests
  • [ ] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

SparkiDev avatar May 29 '25 22:05 SparkiDev

@SparkiDev can you rebase this on master please so you get the updates to the workflow file? There are known issues with Ubuntu mirrors at the moment so the following has been added to the workflow file to update the repositories list after VM creation. Unfortunately your PR workflow file is missing the updates:

LATEST:

 37       - name: install_multilib                                                   
 38         run: |                                                                   
 39           export DEBIAN_FRONTEND=noninteractive                                  
 40           sudo apt-get update                                                    
 41           sudo apt-get install -y gcc-multilib

Your branch:

37      - name: install_multilib
38        run: sudo apt-get install -y gcc-multilib

kaleb-himes avatar Jun 02 '25 15:06 kaleb-himes

rebased and now failing on multi-test that is failing for all PRs.

SparkiDev avatar Jun 02 '25 23:06 SparkiDev

retest this please

SparkiDev avatar Jun 05 '25 02:06 SparkiDev

I did notice a new behavior with this update, one now has to call wolfCrypt_Init() two times, once to "prime the entropy source" and then a second time to get a successful init. The first call seems to fail 100% of the time with ENTROPY_APT_E = -295, /* Entropy Adaptive Proportion Test failed */ at least on the system I am using to gather noise samples.

Do we want to look into that more or is that expected?

kaleb-himes avatar Jun 05 '25 22:06 kaleb-himes

Since we're making a change anyway, now might be a good time to address that longer initial time slice we were seeing during startup sequences due the SHA3-256 Conditional Algorithm Self Test (CAST) on initial priming of the entropy pool, here is a tentitive patch to address that if you care to include it (no obligation):

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 822f069f7..650945fc4 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1086,7 +1086,15 @@ static word64 Entropy_GetSample(void)
     word64 now;
     word64 ret;
 
+    /* If zero we know this is the very first call */
+    if (entropy_last_time == 0) {
+        Entropy_MemUse(); /* do INITIAL work to trigger the CAST in FIPS mode */
+        entropy_last_time = Entropy_TimeHiRes(); /* Exclude CAST time from first
+                                                  * sample */
+    }
+
     /* Use memory such that it will take an unpredictable amount of time. */
+    /* All other times just do 'the work' */
     Entropy_MemUse();

kaleb-himes avatar Jun 05 '25 22:06 kaleb-himes

Made sure all values are reset.

SparkiDev avatar Jun 11 '25 01:06 SparkiDev

retest this please

SparkiDev avatar Jun 11 '25 05:06 SparkiDev