linuxkm/lkcapi_sha_glue.c: add interruptibility and additional relaxation where possible, and fix a leaked lock scenario, in get_drbg_n(), wc_linuxkm_drbg_seed(), wc_mix_pool_bytes(), and wc_crng_reseed();

wolfcrypt/src/asn.c: add a couple static attributes missed on the previous round of fixups.
2025-07-31 19:24:42 +02:00 · 2025-07-10 10:59:57 -05:00
parent ed6d189f1a
commit b4137fe2f8
2 changed files with 33 additions and 6 deletions
--- a/linuxkm/lkcapi_sha_glue.c
+++ b/linuxkm/lkcapi_sha_glue.c
@@ -1083,8 +1083,11 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in
        int expected = 0;
        if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)))
            return &ctx->rngs[n];
-        if (can_sleep)
+        if (can_sleep) {
+            if (signal_pending(current))
+                return NULL;
            cond_resched();
+        }
        else
            cpu_relax();
    }
@@ -1192,6 +1195,11 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
    for (n = ctx->n_rngs - 1; n >= 0; --n) {
        struct wc_rng_inst *drbg = get_drbg_n(ctx, n);

+        if (! drbg) {
+            ret = -EINTR;
+            break;
+        }
+
        /* perturb the seed with the CPU ID, so that no DRBG has the exact same
         * seed.
         */
@@ -1425,6 +1433,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
    struct wc_linuxkm_drbg_ctx *ctx;
    size_t i;
    int n;
+    int can_sleep = (preempt_count() == 0);

    if (len == 0)
        return 0;
@@ -1434,15 +1443,23 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {

    for (n = ctx->n_rngs - 1; n >= 0; --n) {
        struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
-        int V_offset = 0;
+        int V_offset;

-        for (i = 0; i < len; ++i) {
+        if (! drbg)
+            return -EINTR;
+
+        for (i = 0, V_offset = 0; i < len; ++i) {
            ((struct DRBG_internal *)drbg->rng.drbg)->V[V_offset++] += ((byte *)buf)[i];
            if (V_offset == (int)sizeof ((struct DRBG_internal *)drbg->rng.drbg)->V)
                V_offset = 0;
        }

        put_drbg(drbg);
+        if (can_sleep) {
+            if (signal_pending(current))
+                return -EINTR;
+            cond_resched();
+        }
    }

    return 0;
@@ -1458,7 +1475,12 @@ static int wc_crng_reseed(void) {

    for (n = ctx->n_rngs - 1; n >= 0; --n) {
        struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
+
+        if (! drbg)
+            return -EINTR;
+
        ((struct DRBG_internal *)drbg->rng.drbg)->reseedCtr = WC_RESEED_INTERVAL;
+
        if (can_sleep) {
            byte scratch[4];
            int need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0);
@@ -1468,8 +1490,13 @@ static int wc_crng_reseed(void) {
            if (ret != 0)
                pr_err("ERROR: wc_crng_reseed() wc_RNG_GenerateBlock() for DRBG #%d returned %d.", n, ret);
            put_drbg(drbg);
+            if (signal_pending(current))
+                return -EINTR;
            cond_resched();
        }
+        else {
+            put_drbg(drbg);
+        }
    }

    return 0;
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -26199,9 +26199,9 @@ static wcchar END_PKCS7            = "-----END PKCS7-----";
    static wcchar END_DSA_PRIV     = "-----END DSA PRIVATE KEY-----";
 #endif
 #ifdef OPENSSL_EXTRA
-    wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
-    wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
-    wcchar END_PRIV_KEY_PREFIX   = "-----END";
+    static wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
+    static wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
+    static wcchar END_PRIV_KEY_PREFIX   = "-----END";
 #endif
 static wcchar BEGIN_PUB_KEY        = "-----BEGIN PUBLIC KEY-----";
 static wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";