diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 78b569972..5934c14df 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1942,29 +1942,32 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) if (!IS_INTEL_RDSEED(intel_flags)) return -1; + /* Note, access to rdseed_sanity_status is benignly racey on multithreaded + * targets. + */ if (rdseed_sanity_status == 0) { - static word64 sanity_words[2] = {0, 0}; + word64 sanity_word1 = 0, sanity_word2 = 0; - ret = IntelRDseed64_r(&sanity_words[0]); + ret = IntelRDseed64_r(&sanity_word1); if (ret != 0) return ret; - ret = IntelRDseed64_r(&sanity_words[1]); + ret = IntelRDseed64_r(&sanity_word2); if (ret != 0) return ret; - if (sanity_words[0] == sanity_words[1]) { - ret = IntelRDseed64_r(&sanity_words[0]); + if (sanity_word1 == sanity_word2) { + ret = IntelRDseed64_r(&sanity_word1); if (ret != 0) return ret; - if (sanity_words[0] == sanity_words[1]) { - rdseed_sanity_status = -1; + if (sanity_word1 == sanity_word2) { #ifdef WC_VERBOSE_RNG WOLFSSL_DEBUG_PRINTF( - "WARNING: RDSEED disabled due to repeating word 0x%lx -- " - "check CPU microcode version.", sanity_words[1]); + "WARNING: disabling RDSEED due to repeating word 0x%lx -- " + "check CPU microcode version.", sanity_word2); #endif + rdseed_sanity_status = -1; return -1; } } diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8ba9e9a22..a7a70060a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -378,10 +378,10 @@ #endif /* Ensure WC_VERBOSE_RNG is set when DEBUG_WOLFSSL is enabled, unless expressly - * requested otherwise. + * requested otherwise. Relies on a working WOLFSSL_DEBUG_PRINTF. */ -#if defined(DEBUG_WOLFSSL) && !defined(WC_NO_VERBOSE_RNG) && \ - !defined(WC_VERBOSE_RNG) +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_DEBUG_PRINTF) && \ + !defined(WC_NO_VERBOSE_RNG) && !defined(WC_VERBOSE_RNG) #define WC_VERBOSE_RNG #endif