wolfcrypt/src/random.c, wolfssl/wolfcrypt/random.h, wolfssl/wolfcrypt/wc_port.h, linuxkm/lkcapi_sha_glue.c: fixes from autotesting:

* refactor to eliminate recursion in wc_RNG_GenerateBlock(); * refactor enum wc_rng_bank_flags as word32 and macros; * fix -Wconversions, -Wunused, and stray EINVAL in wc_rng_bank_init(); * make struct wc_rng_bank_inst a top-level definition for C++ compat; * fix several bugprone-macro-parentheses.
2026-01-27 17:22:27 +01:00 · 2026-01-06 01:51:26 -06:00
parent b87af914bc
commit c1d2828daf
4 changed files with 89 additions and 72 deletions
--- a/linuxkm/lkcapi_sha_glue.c
+++ b/linuxkm/lkcapi_sha_glue.c
@@ -995,7 +995,7 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
 {
    struct wc_rng_bank *ctx = (struct wc_rng_bank *)crypto_tfm_ctx(tfm);
    int ret;
-    enum wc_rng_bank_flags flags = WC_RNG_BANK_FLAG_CAN_WAIT;
+    word32 flags = WC_RNG_BANK_FLAG_CAN_WAIT;
    if (wc_linuxkm_drbg_init_tfm_disable_vector_registers)
        flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS;
@@ -1048,7 +1048,7 @@ static struct wc_rng_bank_inst *linuxkm_get_drbg(struct crypto_rng *tfm) {
    struct wc_rng_bank *ctx = (struct wc_rng_bank *)crypto_rng_ctx(tfm);
    int err;
    struct wc_rng_bank_inst *ret;
-    enum wc_rng_bank_flags flags =
+    word32 flags =
        WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST |
        WC_RNG_BANK_FLAG_CAN_WAIT |
        WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST;
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1274,8 +1274,12 @@ static int PollAndReSeed(WC_RNG* rng)
 #endif
 /* place a generated block in output */
 #ifdef WC_RNG_BANK_SUPPORT
 static int wc_local_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 #else
 WOLFSSL_ABI
 int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 #endif
 {
    int ret;
@@ -1285,46 +1289,6 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
    if (sz == 0)
        return 0;
 #ifdef WC_RNG_BANK_SUPPORT
    if (rng->status == WC_DRBG_BANKREF) {
        struct wc_rng_bank_inst *bank_inst = NULL;
        if ((rng->bankref == NULL) ||
            (! (rng->bankref->flags & WC_RNG_BANK_FLAG_INITED)))
        {
            return BAD_FUNC_ARG;
        }
        ret = wc_rng_bank_checkout(rng->bankref, &bank_inst, 0, 0,
                                   WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST |
                                   WC_RNG_BANK_FLAG_CAN_WAIT |
                                   WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST |
                                   WC_RNG_BANK_FLAG_AFFINITY_LOCK);
        if (ret != 0)
            return ret;
        if (bank_inst == NULL)
            return BAD_STATE_E;
        if (bank_inst->rng.status != WC_DRBG_OK) {
            (void)wc_rng_bank_checkin(rng->bankref, bank_inst);
            return BAD_STATE_E;
        }
        ret = wc_RNG_GenerateBlock(&bank_inst->rng, output, sz);
        {
            int checkin_ret = wc_rng_bank_checkin(rng->bankref, bank_inst);
            if (checkin_ret != 0) {
 #ifdef WC_VERBOSE_RNG
                WOLFSSL_DEBUG_PRINTF(
                    "ERROR: wc_RNG_GenerateBlock() wc_rng_bank_checkin() "
                    "failed with err %d.", checkin_ret);
 #endif
                if (ret == 0)
                    ret = checkin_ret;
            }
        }
        return ret;
    }
 #endif
 #ifdef WOLF_CRYPTO_CB
    #ifndef WOLF_CRYPTO_CB_FIND
    if (rng->devId != INVALID_DEVID)
@@ -1416,6 +1380,55 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
    return ret;
 }
 #ifdef WC_RNG_BANK_SUPPORT
 WOLFSSL_ABI
 int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
    if ((rng == NULL) || (output == NULL))
        return BAD_FUNC_ARG;
    if (rng->status == WC_DRBG_BANKREF) {
        int ret;
        struct wc_rng_bank_inst *bank_inst = NULL;
        if ((rng->bankref == NULL) ||
            (! (rng->bankref->flags & WC_RNG_BANK_FLAG_INITED)))
        {
            return BAD_FUNC_ARG;
        }
        ret = wc_rng_bank_checkout(rng->bankref, &bank_inst, 0, 0,
                                   WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST |
                                   WC_RNG_BANK_FLAG_CAN_WAIT |
                                   WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST |
                                   WC_RNG_BANK_FLAG_AFFINITY_LOCK);
        if (ret != 0)
            return ret;
        if (bank_inst == NULL)
            return BAD_STATE_E;
        if (bank_inst->rng.status != WC_DRBG_OK) {
            (void)wc_rng_bank_checkin(rng->bankref, bank_inst);
            return BAD_STATE_E;
        }
        ret = wc_local_RNG_GenerateBlock(&bank_inst->rng, output, sz);
        {
            int checkin_ret = wc_rng_bank_checkin(rng->bankref, bank_inst);
            if (checkin_ret != 0) {
 #ifdef WC_VERBOSE_RNG
                WOLFSSL_DEBUG_PRINTF(
                    "ERROR: wc_RNG_GenerateBlock() wc_rng_bank_checkin() "
                    "failed with err %d.", checkin_ret);
 #endif
                if (ret == 0)
                    ret = checkin_ret;
            }
        }
        return ret;
    }
    else
        return wc_local_RNG_GenerateBlock(rng, output, sz);
 }
 #endif
 int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
@@ -3833,7 +3846,7 @@ int wc_hwrng_generate_block(byte *output, word32 sz)
 WOLFSSL_API int wc_rng_bank_init(
    struct wc_rng_bank *ctx,
    int n_rngs,
-    enum wc_rng_bank_flags flags,
+    word32 flags,
    int timeout_secs,
    void *heap)
 {
@@ -3853,17 +3866,20 @@ WOLFSSL_API int wc_rng_bank_init(
    ctx->flags = flags | WC_RNG_BANK_FLAG_INITED;
    ctx->heap = heap;
-    ctx->rngs = (struct wc_rng_bank_inst *)XMALLOC(sizeof(*ctx->rngs) * n_rngs,
+    ctx->rngs = (struct wc_rng_bank_inst *)
-                                                   heap, DYNAMIC_TYPE_RNG);
+        XMALLOC(sizeof(*ctx->rngs) * (size_t)n_rngs,
                heap, DYNAMIC_TYPE_RNG);
    if (! ctx->rngs)
        ret = MEMORY_E;
    if (ret == 0) {
-        XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * n_rngs);
+        XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * (size_t)n_rngs);
        ctx->n_rngs = n_rngs;
        for (i = 0; i < n_rngs; ++i) {
 #ifdef WC_VERBOSE_RNG
            int nretries = 0;
 #endif
            time_t ts1 = XTIME(0);
            for (;;) {
                time_t ts2;
@@ -3893,7 +3909,9 @@ WOLFSSL_API int wc_rng_bank_init(
                    ret = WC_TIMEOUT_E;
                    break;
                }
 #ifdef WC_VERBOSE_RNG
                ++nretries;
 #endif
            }
            if (ret != 0) {
 #ifdef WC_VERBOSE_RNG
@@ -3901,7 +3919,6 @@ WOLFSSL_API int wc_rng_bank_init(
                    "ERROR: wc_InitRng returned %d after %d retries.\n", ret,
                    nretries);
 #endif
                ret = -EINVAL;
                break;
            }
        }
@@ -3998,7 +4015,7 @@ WOLFSSL_API int wc_rng_bank_checkout(
    struct wc_rng_bank_inst **rng,
    int preferred_inst_offset,
    int timeout_secs,
-    enum wc_rng_bank_flags flags)
+    word32 flags)
 {
    int new_lock_value, ret = 0;
    time_t ts1, ts2;
@@ -4183,7 +4200,7 @@ WOLFSSL_API int wc_rng_bank_inst_reinit(
    struct wc_rng_bank *bank,
    struct wc_rng_bank_inst *rng_inst,
    int timeout_secs,
-    enum wc_rng_bank_flags flags)
+    word32 flags)
 {
    int ret;
    time_t ts1 = 0;
@@ -4238,7 +4255,7 @@ WOLFSSL_API int wc_rng_bank_inst_reinit(
 WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank,
                                 const byte* seed, word32 seedSz,
                                 int timeout_secs,
-                                 enum wc_rng_bank_flags flags)
+                                 word32 flags)
 {
    int ret = 0;
    int n;
@@ -4294,7 +4311,7 @@ WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank,
 WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank,
                                   int timeout_secs,
-                                   enum wc_rng_bank_flags flags)
+                                   word32 flags)
 {
    int n;
    int ret;
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -414,39 +414,39 @@ WOLFSSL_API int  wc_FreeRng(WC_RNG* rng);
 * applications.
 */
-enum wc_rng_bank_flags {
+#define WC_RNG_BANK_FLAG_NONE 0
-    WC_RNG_BANK_FLAG_NONE = 0,
+#define WC_RNG_BANK_FLAG_INITED (1<<0)
-    WC_RNG_BANK_FLAG_INITED = (1<<0),
+#define WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST (1<<1)
-    WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST = (1<<1),
+#define WC_RNG_BANK_FLAG_CAN_WAIT (1<<2)
-    WC_RNG_BANK_FLAG_CAN_WAIT = (1<<2),
+#define WC_RNG_BANK_FLAG_NO_VECTOR_OPS (1<<3)
-    WC_RNG_BANK_FLAG_NO_VECTOR_OPS = (1<<3),
+#define WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST (1<<4)
-    WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST = (1<<4),
+#define WC_RNG_BANK_FLAG_AFFINITY_LOCK (1<<5)
    WC_RNG_BANK_FLAG_AFFINITY_LOCK = (1<<5)
 };
 typedef int (*wc_affinity_lock_fn_t)(void *arg);
 typedef int (*wc_affinity_get_id_fn_t)(void *arg, int *id);
 typedef int (*wc_affinity_unlock_fn_t)(void *arg);
 struct wc_rng_bank_inst {
    wolfSSL_Atomic_Int lock;
    WC_RNG rng;
 };
 struct wc_rng_bank {
    wolfSSL_Ref refcount;
    void *heap;
-    enum wc_rng_bank_flags flags;
+    word32 flags;
    wc_affinity_lock_fn_t affinity_lock_cb;
    wc_affinity_get_id_fn_t affinity_get_id_cb;
    wc_affinity_unlock_fn_t affinity_unlock_cb;
    void *cb_arg; /* if mutable, caller is responsible for thread safety. */
    int n_rngs;
-    struct wc_rng_bank_inst {
+    struct wc_rng_bank_inst *rngs; /* typically one per CPU ID, plus a few */
        wolfSSL_Atomic_Int lock;
        WC_RNG rng;
    } *rngs; /* typically one per CPU ID, plus a few */
 };
 WOLFSSL_API int wc_rng_bank_init(
    struct wc_rng_bank *ctx,
    int n_rngs,
-    enum wc_rng_bank_flags flags,
+    word32 flags,
    int timeout_secs,
    void *heap);
@@ -464,7 +464,7 @@ WOLFSSL_API int wc_rng_bank_checkout(
    struct wc_rng_bank_inst **rng,
    int preferred_inst_offset,
    int timeout_secs,
-    enum wc_rng_bank_flags flags);
+    word32 flags);
 WOLFSSL_API int wc_rng_bank_checkin(
    struct wc_rng_bank *bank,
@@ -474,22 +474,22 @@ WOLFSSL_API int wc_rng_bank_inst_reinit(
    struct wc_rng_bank *bank,
    struct wc_rng_bank_inst *rng_inst,
    int timeout_secs,
-    enum wc_rng_bank_flags flags);
+    word32 flags);
 WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank,
                                 const byte* seed, word32 seedSz,
                                 int timeout_secs,
-                                 enum wc_rng_bank_flags flags);
+                                 word32 flags);
 WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank,
                                   int timeout_secs,
-                                   enum wc_rng_bank_flags flags);
+                                   word32 flags);
 WOLFSSL_API int wc_InitRng_BankRef(struct wc_rng_bank *bank, WC_RNG *rng);
 WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng);
-#define WC_RNG_BANK_INST_TO_RNG(rng_inst) (&rng_inst->rng)
+#define WC_RNG_BANK_INST_TO_RNG(rng_inst) (&(rng_inst)->rng)
 #endif /* WC_DRBG_BANK_SUPPORT */
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -699,7 +699,7 @@ typedef struct wolfSSL_RefWithMutex {
 typedef struct wolfSSL_Ref {
    wolfSSL_Atomic_Int count;
 } wolfSSL_Ref;
-#define wolfSSL_RefCur(ref) WOLFSSL_ATOMIC_LOAD(ref.count)
+#define wolfSSL_RefCur(ref) WOLFSSL_ATOMIC_LOAD((ref).count)
 #else
 typedef struct wolfSSL_RefWithMutex wolfSSL_Ref;
 #define wolfSSL_RefCur(ref) wolfSSL_RefWithMutexCur(ref)