Merge pull request #9589 from douzzer/20251226-fixes

20251226-fixes

linuxkm/lkcapi_sha_glue.c

@@ -2150,25 +2150,18 @@ static int wc_linuxkm_drbg_startup(void)
 }
 
 static int wc_linuxkm_drbg_cleanup(void) {
-    int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
+    int cur_refcnt;
 
     if (! wc_linuxkm_drbg_loaded) {
         pr_err("ERROR: wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded");
         return -EINVAL;
     }
 
-    if (cur_refcnt - wc_linuxkm_drbg_default_instance_registered != 1) {
-        pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d, with wc_linuxkm_drbg %sset as default rng",
-               cur_refcnt, wc_linuxkm_drbg_default_instance_registered ? "" : "not ");
-        return -EBUSY;
-    }
-
-    /* The below is racey, but the kernel doesn't provide any other way.  It's
-     * written to be retryable.
-     */
-
 #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
     if (wc_linuxkm_drbg_default_instance_registered) {
+        /* These deinstallations are racey, but the kernel doesn't provide any other
+         * way.  It's written to be retryable.
+         */
         int ret;
 
     #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
@@ -2193,16 +2186,16 @@ static int wc_linuxkm_drbg_cleanup(void) {
         #elif defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES)
 
         if (wc_get_random_bytes_kprobe_installed) {
-            wc_get_random_bytes_kprobe_installed = 0;
-            barrier();
             unregister_kprobe(&wc_get_random_bytes_kprobe);
+            barrier();
+            wc_get_random_bytes_kprobe_installed = 0;
             pr_info("libwolfssl: wc_get_random_bytes_kprobe uninstalled\n");
         }
         #ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE
         if (wc_get_random_bytes_user_kretprobe_installed) {
-            wc_get_random_bytes_user_kretprobe_installed = 0;
-            barrier();
             unregister_kretprobe(&wc_get_random_bytes_user_kretprobe);
+            barrier();
+            wc_get_random_bytes_user_kretprobe_installed = 0;
             pr_info("libwolfssl: wc_get_random_bytes_user_kretprobe uninstalled\n");
         }
         #endif /* WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE */
@@ -2218,14 +2211,18 @@ static int wc_linuxkm_drbg_cleanup(void) {
             pr_err("ERROR: crypto_del_default_rng failed: %d", ret);
             return ret;
         }
-        cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
-        if (cur_refcnt != 1) {
-            pr_warn("WARNING: wc_linuxkm_drbg refcnt = %d after crypto_del_default_rng()", cur_refcnt);
-            return -EINVAL;
-        }
+
+        wc_linuxkm_drbg_default_instance_registered = 0;
     }
 #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */
 
+    cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
+
+    if (cur_refcnt != 1) {
+        pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d", cur_refcnt);
+        return -EBUSY;
+    }
+
     crypto_unregister_rng(&wc_linuxkm_drbg);
 
     if (! (wc_linuxkm_drbg.base.cra_flags & CRYPTO_ALG_DEAD)) {
@@ -2233,10 +2230,6 @@ static int wc_linuxkm_drbg_cleanup(void) {
         return -EBUSY;
     }
 
-#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
-    wc_linuxkm_drbg_default_instance_registered = 0;
-#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */
-
     wc_linuxkm_drbg_loaded = 0;
 
     return 0;

wolfcrypt/benchmark/benchmark.c

@@ -10554,35 +10554,39 @@ static void bench_mlkem_encap(int type, const char* name, int keySize,
     int ret = 0, times, count, pending = 0;
     double start;
     const char**desc = bench_desc_words[lng_index];
-    byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
-    byte ss[WC_ML_KEM_SS_SZ];
-    byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    WC_DECLARE_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT);
+    WC_DECLARE_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT);
+    WC_DECLARE_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT);
     word32 pubLen;
     word32 ctSz;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     bench_stats_prepare();
 
+    WC_ALLOC_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT);
+
     ret = wc_KyberKey_PublicKeySize(key1, &pubLen);
     if (ret != 0) {
-        return;
+        goto exit;
     }
     ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen);
     if (ret != 0) {
-        return;
+        goto exit;
     }
     ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID);
     if (ret != 0) {
-        return;
+        goto exit;
     }
     ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen);
     if (ret != 0) {
-        return;
+        goto exit;
     }
 
     ret = wc_KyberKey_CipherTextSize(key2, &ctSz);
     if (ret != 0) {
-        return;
+        goto exit;
     }
 
 #ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
@@ -10641,7 +10645,19 @@ exit_decap:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
 #endif
+
+exit:
+
+    WC_FREE_VAR(ct, HEAP_HINT);
+    WC_FREE_VAR(ss, HEAP_HINT);
+    WC_FREE_VAR(pub, HEAP_HINT);
+
+    if (ret != 0)
+        printf("error: bench_mlkem_encap() failed with code %d.\n", ret);
+
+    return;
 }
 #endif
 

wolfcrypt/src/aes.c

@@ -4987,6 +4987,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
     #endif /* WOLFSSL_AESNI */
 
+#ifndef WC_C_DYNAMIC_FALLBACK
+
 #if defined(WOLFSSL_ARMASM)
 #if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
     #ifndef __aarch64__
@@ -5117,6 +5119,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     #endif
         return ret;
 #endif
+
+#endif /* !WC_C_DYNAMIC_FALLBACK */
+
     } /* wc_AesSetKeyLocal */
 
     int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,

wolfcrypt/src/random.c

@@ -3497,10 +3497,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
     #endif
 
-    #endif /* (!HAVE_INTEL_RDSEED && !HAVE_AMD_RDSEED) || !FORCE_FAILURE_RDSEED */
-
-    #endif /*!HAVE_ENTROPY_MEMUSE || !ENTROPY_MEMUSE_FORCE_FAILURE */
-
 #ifndef NO_FILESYSTEM
     #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
         os->fd = open("/dev/urandom", O_RDONLY);
@@ -3548,6 +3544,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 #endif /* NO_FILESYSTEM */
 
         return ret;
+
+    #endif /* (!HAVE_INTEL_RDSEED && !HAVE_AMD_RDSEED) || !FORCE_FAILURE_RDSEED */
+
+    #endif /*!HAVE_ENTROPY_MEMUSE || !ENTROPY_MEMUSE_FORCE_FAILURE */
+
     }
 
 #endif