From b487287abf82f27ab0d4fd0671462414759e772d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 26 Dec 2025 12:45:26 -0600 Subject: [PATCH 1/4] wolfcrypt/benchmark/benchmark.c: smallstack refactor of bench_mlkem_encap() --- wolfcrypt/benchmark/benchmark.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 041a10334..3e1dcf050 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -10554,35 +10554,39 @@ static void bench_mlkem_encap(int type, const char* name, int keySize, int ret = 0, times, count, pending = 0; double start; const char**desc = bench_desc_words[lng_index]; - byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; - byte ss[WC_ML_KEM_SS_SZ]; - byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + WC_DECLARE_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT); + WC_DECLARE_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT); + WC_DECLARE_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT); word32 pubLen; word32 ctSz; DECLARE_MULTI_VALUE_STATS_VARS() bench_stats_prepare(); + WC_ALLOC_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT); + WC_ALLOC_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT); + WC_ALLOC_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT); + ret = wc_KyberKey_PublicKeySize(key1, &pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_CipherTextSize(key2, &ctSz); if (ret != 0) { - return; + goto exit; } #ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE @@ -10641,7 +10645,19 @@ exit_decap: #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif + #endif + +exit: + + WC_FREE_VAR(ct, HEAP_HINT); + WC_FREE_VAR(ss, HEAP_HINT); + WC_FREE_VAR(pub, HEAP_HINT); + + if (ret != 0) + printf("error: bench_mlkem_encap() failed with code %d.\n", ret); + + return; } #endif From 3b3ddd1fb426c69cb584b0c5c04f650fb2436b1e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 26 Dec 2025 14:16:11 -0600 Subject: [PATCH 2/4] wolfcrypt/src/random.c: in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method. --- wolfcrypt/src/random.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 9b92e9f88..2d375ac86 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3497,10 +3497,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #endif - #endif /* (!HAVE_INTEL_RDSEED && !HAVE_AMD_RDSEED) || !FORCE_FAILURE_RDSEED */ - - #endif /*!HAVE_ENTROPY_MEMUSE || !ENTROPY_MEMUSE_FORCE_FAILURE */ - #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ os->fd = open("/dev/urandom", O_RDONLY); @@ -3548,6 +3544,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif /* NO_FILESYSTEM */ return ret; + + #endif /* (!HAVE_INTEL_RDSEED && !HAVE_AMD_RDSEED) || !FORCE_FAILURE_RDSEED */ + + #endif /*!HAVE_ENTROPY_MEMUSE || !ENTROPY_MEMUSE_FORCE_FAILURE */ + } #endif From 283792c20790d8bc790ec37a030a0d1bdc4ff74d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 26 Dec 2025 16:41:43 -0600 Subject: [PATCH 3/4] linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_startup(), deinstall the callbacks and stdrng first before checking refcnt. --- linuxkm/lkcapi_sha_glue.c | 41 ++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index fb3dc222f..f1db9a775 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -2150,25 +2150,18 @@ static int wc_linuxkm_drbg_startup(void) } static int wc_linuxkm_drbg_cleanup(void) { - int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); + int cur_refcnt; if (! wc_linuxkm_drbg_loaded) { pr_err("ERROR: wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded"); return -EINVAL; } - if (cur_refcnt - wc_linuxkm_drbg_default_instance_registered != 1) { - pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d, with wc_linuxkm_drbg %sset as default rng", - cur_refcnt, wc_linuxkm_drbg_default_instance_registered ? "" : "not "); - return -EBUSY; - } - - /* The below is racey, but the kernel doesn't provide any other way. It's - * written to be retryable. - */ - #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT if (wc_linuxkm_drbg_default_instance_registered) { + /* These deinstallations are racey, but the kernel doesn't provide any other + * way. It's written to be retryable. + */ int ret; #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES @@ -2193,16 +2186,16 @@ static int wc_linuxkm_drbg_cleanup(void) { #elif defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES) if (wc_get_random_bytes_kprobe_installed) { - wc_get_random_bytes_kprobe_installed = 0; - barrier(); unregister_kprobe(&wc_get_random_bytes_kprobe); + barrier(); + wc_get_random_bytes_kprobe_installed = 0; pr_info("libwolfssl: wc_get_random_bytes_kprobe uninstalled\n"); } #ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE if (wc_get_random_bytes_user_kretprobe_installed) { - wc_get_random_bytes_user_kretprobe_installed = 0; - barrier(); unregister_kretprobe(&wc_get_random_bytes_user_kretprobe); + barrier(); + wc_get_random_bytes_user_kretprobe_installed = 0; pr_info("libwolfssl: wc_get_random_bytes_user_kretprobe uninstalled\n"); } #endif /* WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE */ @@ -2218,14 +2211,18 @@ static int wc_linuxkm_drbg_cleanup(void) { pr_err("ERROR: crypto_del_default_rng failed: %d", ret); return ret; } - cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); - if (cur_refcnt != 1) { - pr_warn("WARNING: wc_linuxkm_drbg refcnt = %d after crypto_del_default_rng()", cur_refcnt); - return -EINVAL; - } + + wc_linuxkm_drbg_default_instance_registered = 0; } #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */ + cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); + + if (cur_refcnt != 1) { + pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d", cur_refcnt); + return -EBUSY; + } + crypto_unregister_rng(&wc_linuxkm_drbg); if (! (wc_linuxkm_drbg.base.cra_flags & CRYPTO_ALG_DEAD)) { @@ -2233,10 +2230,6 @@ static int wc_linuxkm_drbg_cleanup(void) { return -EBUSY; } -#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT - wc_linuxkm_drbg_default_instance_registered = 0; -#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */ - wc_linuxkm_drbg_loaded = 0; return 0; From 7bbd28d369511c6454637c47e3ef08f7208c5c1e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 26 Dec 2025 18:13:44 -0600 Subject: [PATCH 4/4] wolfcrypt/src/aes.c: fix clang-diagnostic-unreachable-code in AesSetKey_C(). --- wolfcrypt/src/aes.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index ddb7e31db..314ef13c5 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4987,6 +4987,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #endif /* WOLFSSL_AESNI */ +#ifndef WC_C_DYNAMIC_FALLBACK + #if defined(WOLFSSL_ARMASM) #if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) #ifndef __aarch64__ @@ -5117,6 +5119,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif return ret; #endif + +#endif /* !WC_C_DYNAMIC_FALLBACK */ + } /* wc_AesSetKeyLocal */ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,