wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 10:22:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng().

Browse Source
This commit is contained in:
Daniel Pouzzner
2025-12-30 12:13:15 -06:00
parent d504baaf3a
commit 299ca1cfef
2 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
linuxkm/lkcapi_sha_glue.c
View File

@@ -1020,11 +1020,20 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
ret = wc_InitRng(&ctx->rngs[i].rng); ret = wc_InitRng(&ctx->rngs[i].rng);
if (need_reenable_vec) if (need_reenable_vec)
REENABLE_VECTOR_REGISTERS(); REENABLE_VECTOR_REGISTERS();
if (can_sleep) if (can_sleep) {
/* if we're allowed to sleep, relax the loop between each inner
* iteration even on success, assuring relaxation of the outer
* iterations.
*/
cond_resched(); cond_resched();
}
if (ret == 0) if (ret == 0)
break; break;
if (can_sleep) { if (can_sleep) {
/* Allow interrupt only if we're stuck spinning retries -- i.e.,
* don't allow an untimely user signal to derail an
* initialization that is proceeding expeditiously.
*/
if (WC_CHECK_FOR_INTR_SIGNALS() == WC_NO_ERR_TRACE(INTERRUPTED_E)) { if (WC_CHECK_FOR_INTR_SIGNALS() == WC_NO_ERR_TRACE(INTERRUPTED_E)) {
ret = -EINTR; ret = -EINTR;
break; break;
@@ -1036,7 +1045,7 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
++nretries; ++nretries;
} }
if (ret != 0) { if (ret != 0) {
pr_warn("WARNING: wc_InitRng returned %d after %d retries.\n",ret,nretries); pr_warn("WARNING: wc_InitRng returned %d after %d retries.\n", ret, nretries);
ret = -EINVAL; ret = -EINVAL;
break; break;
} }

15
wolfcrypt/src/random.c
View File

@@ -537,8 +537,16 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
#endif #endif
#ifdef WC_VERBOSE_RNG #ifdef WC_VERBOSE_RNG
if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
/* Note, if we're just going to return DRBG_FAILURE to the caller, then
* there's no point printing it out here because (1) the lower-level
* code that was remapped to DRBG_FAILURE already got printed before the
* remapping, so a DRBG_FAILURE message would just be spamming the log,
* and (2) the caller will actually see the DRBG_FAILURE code, and is
* free to (and probably will) log it itself.
*/
WOLFSSL_DEBUG_PRINTF("Hash_gen failed with err %d.", ret); WOLFSSL_DEBUG_PRINTF("Hash_gen failed with err %d.", ret);
}
#endif #endif
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -652,8 +660,10 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
} }
#ifdef WC_VERBOSE_RNG #ifdef WC_VERBOSE_RNG
if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
/* see note above regarding log spam reduction */
WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Generate failed with err %d.", ret); WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Generate failed with err %d.", ret);
}
#endif #endif
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -1033,7 +1043,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
ret = RNG_FAILURE_E; ret = RNG_FAILURE_E;
} }
else { else {
if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE))
rng->status = DRBG_FAILED; rng->status = DRBG_FAILED;
} }
#endif /* HAVE_HASHDRBG */ #endif /* HAVE_HASHDRBG */