From c1d2828dafa76c9190b73e7826222d67a36dec7b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 6 Jan 2026 01:51:26 -0600 Subject: [PATCH] wolfcrypt/src/random.c, wolfssl/wolfcrypt/random.h, wolfssl/wolfcrypt/wc_port.h, linuxkm/lkcapi_sha_glue.c: fixes from autotesting: * refactor to eliminate recursion in wc_RNG_GenerateBlock(); * refactor enum wc_rng_bank_flags as word32 and macros; * fix -Wconversions, -Wunused, and stray EINVAL in wc_rng_bank_init(); * make struct wc_rng_bank_inst a top-level definition for C++ compat; * fix several bugprone-macro-parentheses. --- linuxkm/lkcapi_sha_glue.c | 4 +- wolfcrypt/src/random.c | 115 +++++++++++++++++++++--------------- wolfssl/wolfcrypt/random.h | 40 ++++++------- wolfssl/wolfcrypt/wc_port.h | 2 +- 4 files changed, 89 insertions(+), 72 deletions(-) diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 26f9c09e9..846a9d5a0 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -995,7 +995,7 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm) { struct wc_rng_bank *ctx = (struct wc_rng_bank *)crypto_tfm_ctx(tfm); int ret; - enum wc_rng_bank_flags flags = WC_RNG_BANK_FLAG_CAN_WAIT; + word32 flags = WC_RNG_BANK_FLAG_CAN_WAIT; if (wc_linuxkm_drbg_init_tfm_disable_vector_registers) flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS; @@ -1048,7 +1048,7 @@ static struct wc_rng_bank_inst *linuxkm_get_drbg(struct crypto_rng *tfm) { struct wc_rng_bank *ctx = (struct wc_rng_bank *)crypto_rng_ctx(tfm); int err; struct wc_rng_bank_inst *ret; - enum wc_rng_bank_flags flags = + word32 flags = WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | WC_RNG_BANK_FLAG_CAN_WAIT | WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 904786061..51feeca2b 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1274,8 +1274,12 @@ static int PollAndReSeed(WC_RNG* rng) #endif /* place a generated block in output */ +#ifdef WC_RNG_BANK_SUPPORT +static int wc_local_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +#else WOLFSSL_ABI int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +#endif { int ret; @@ -1285,46 +1289,6 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) if (sz == 0) return 0; -#ifdef WC_RNG_BANK_SUPPORT - if (rng->status == WC_DRBG_BANKREF) { - struct wc_rng_bank_inst *bank_inst = NULL; - - if ((rng->bankref == NULL) || - (! (rng->bankref->flags & WC_RNG_BANK_FLAG_INITED))) - { - return BAD_FUNC_ARG; - } - - ret = wc_rng_bank_checkout(rng->bankref, &bank_inst, 0, 0, - WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | - WC_RNG_BANK_FLAG_CAN_WAIT | - WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | - WC_RNG_BANK_FLAG_AFFINITY_LOCK); - if (ret != 0) - return ret; - if (bank_inst == NULL) - return BAD_STATE_E; - if (bank_inst->rng.status != WC_DRBG_OK) { - (void)wc_rng_bank_checkin(rng->bankref, bank_inst); - return BAD_STATE_E; - } - ret = wc_RNG_GenerateBlock(&bank_inst->rng, output, sz); - { - int checkin_ret = wc_rng_bank_checkin(rng->bankref, bank_inst); - if (checkin_ret != 0) { -#ifdef WC_VERBOSE_RNG - WOLFSSL_DEBUG_PRINTF( - "ERROR: wc_RNG_GenerateBlock() wc_rng_bank_checkin() " - "failed with err %d.", checkin_ret); -#endif - if (ret == 0) - ret = checkin_ret; - } - } - return ret; - } -#endif - #ifdef WOLF_CRYPTO_CB #ifndef WOLF_CRYPTO_CB_FIND if (rng->devId != INVALID_DEVID) @@ -1416,6 +1380,55 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) return ret; } +#ifdef WC_RNG_BANK_SUPPORT +WOLFSSL_ABI +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +{ + if ((rng == NULL) || (output == NULL)) + return BAD_FUNC_ARG; + + if (rng->status == WC_DRBG_BANKREF) { + int ret; + struct wc_rng_bank_inst *bank_inst = NULL; + + if ((rng->bankref == NULL) || + (! (rng->bankref->flags & WC_RNG_BANK_FLAG_INITED))) + { + return BAD_FUNC_ARG; + } + + ret = wc_rng_bank_checkout(rng->bankref, &bank_inst, 0, 0, + WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | + WC_RNG_BANK_FLAG_CAN_WAIT | + WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | + WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + return ret; + if (bank_inst == NULL) + return BAD_STATE_E; + if (bank_inst->rng.status != WC_DRBG_OK) { + (void)wc_rng_bank_checkin(rng->bankref, bank_inst); + return BAD_STATE_E; + } + ret = wc_local_RNG_GenerateBlock(&bank_inst->rng, output, sz); + { + int checkin_ret = wc_rng_bank_checkin(rng->bankref, bank_inst); + if (checkin_ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_RNG_GenerateBlock() wc_rng_bank_checkin() " + "failed with err %d.", checkin_ret); +#endif + if (ret == 0) + ret = checkin_ret; + } + } + return ret; + } + else + return wc_local_RNG_GenerateBlock(rng, output, sz); +} +#endif int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { @@ -3833,7 +3846,7 @@ int wc_hwrng_generate_block(byte *output, word32 sz) WOLFSSL_API int wc_rng_bank_init( struct wc_rng_bank *ctx, int n_rngs, - enum wc_rng_bank_flags flags, + word32 flags, int timeout_secs, void *heap) { @@ -3853,17 +3866,20 @@ WOLFSSL_API int wc_rng_bank_init( ctx->flags = flags | WC_RNG_BANK_FLAG_INITED; ctx->heap = heap; - ctx->rngs = (struct wc_rng_bank_inst *)XMALLOC(sizeof(*ctx->rngs) * n_rngs, - heap, DYNAMIC_TYPE_RNG); + ctx->rngs = (struct wc_rng_bank_inst *) + XMALLOC(sizeof(*ctx->rngs) * (size_t)n_rngs, + heap, DYNAMIC_TYPE_RNG); if (! ctx->rngs) ret = MEMORY_E; if (ret == 0) { - XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * n_rngs); + XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * (size_t)n_rngs); ctx->n_rngs = n_rngs; for (i = 0; i < n_rngs; ++i) { +#ifdef WC_VERBOSE_RNG int nretries = 0; +#endif time_t ts1 = XTIME(0); for (;;) { time_t ts2; @@ -3893,7 +3909,9 @@ WOLFSSL_API int wc_rng_bank_init( ret = WC_TIMEOUT_E; break; } +#ifdef WC_VERBOSE_RNG ++nretries; +#endif } if (ret != 0) { #ifdef WC_VERBOSE_RNG @@ -3901,7 +3919,6 @@ WOLFSSL_API int wc_rng_bank_init( "ERROR: wc_InitRng returned %d after %d retries.\n", ret, nretries); #endif - ret = -EINVAL; break; } } @@ -3998,7 +4015,7 @@ WOLFSSL_API int wc_rng_bank_checkout( struct wc_rng_bank_inst **rng, int preferred_inst_offset, int timeout_secs, - enum wc_rng_bank_flags flags) + word32 flags) { int new_lock_value, ret = 0; time_t ts1, ts2; @@ -4183,7 +4200,7 @@ WOLFSSL_API int wc_rng_bank_inst_reinit( struct wc_rng_bank *bank, struct wc_rng_bank_inst *rng_inst, int timeout_secs, - enum wc_rng_bank_flags flags) + word32 flags) { int ret; time_t ts1 = 0; @@ -4238,7 +4255,7 @@ WOLFSSL_API int wc_rng_bank_inst_reinit( WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank, const byte* seed, word32 seedSz, int timeout_secs, - enum wc_rng_bank_flags flags) + word32 flags) { int ret = 0; int n; @@ -4294,7 +4311,7 @@ WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank, WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank, int timeout_secs, - enum wc_rng_bank_flags flags) + word32 flags) { int n; int ret; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index e5c1d2337..4efabe70f 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -414,39 +414,39 @@ WOLFSSL_API int wc_FreeRng(WC_RNG* rng); * applications. */ -enum wc_rng_bank_flags { - WC_RNG_BANK_FLAG_NONE = 0, - WC_RNG_BANK_FLAG_INITED = (1<<0), - WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST = (1<<1), - WC_RNG_BANK_FLAG_CAN_WAIT = (1<<2), - WC_RNG_BANK_FLAG_NO_VECTOR_OPS = (1<<3), - WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST = (1<<4), - WC_RNG_BANK_FLAG_AFFINITY_LOCK = (1<<5) -}; +#define WC_RNG_BANK_FLAG_NONE 0 +#define WC_RNG_BANK_FLAG_INITED (1<<0) +#define WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST (1<<1) +#define WC_RNG_BANK_FLAG_CAN_WAIT (1<<2) +#define WC_RNG_BANK_FLAG_NO_VECTOR_OPS (1<<3) +#define WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST (1<<4) +#define WC_RNG_BANK_FLAG_AFFINITY_LOCK (1<<5) typedef int (*wc_affinity_lock_fn_t)(void *arg); typedef int (*wc_affinity_get_id_fn_t)(void *arg, int *id); typedef int (*wc_affinity_unlock_fn_t)(void *arg); +struct wc_rng_bank_inst { + wolfSSL_Atomic_Int lock; + WC_RNG rng; +}; + struct wc_rng_bank { wolfSSL_Ref refcount; void *heap; - enum wc_rng_bank_flags flags; + word32 flags; wc_affinity_lock_fn_t affinity_lock_cb; wc_affinity_get_id_fn_t affinity_get_id_cb; wc_affinity_unlock_fn_t affinity_unlock_cb; void *cb_arg; /* if mutable, caller is responsible for thread safety. */ int n_rngs; - struct wc_rng_bank_inst { - wolfSSL_Atomic_Int lock; - WC_RNG rng; - } *rngs; /* typically one per CPU ID, plus a few */ + struct wc_rng_bank_inst *rngs; /* typically one per CPU ID, plus a few */ }; WOLFSSL_API int wc_rng_bank_init( struct wc_rng_bank *ctx, int n_rngs, - enum wc_rng_bank_flags flags, + word32 flags, int timeout_secs, void *heap); @@ -464,7 +464,7 @@ WOLFSSL_API int wc_rng_bank_checkout( struct wc_rng_bank_inst **rng, int preferred_inst_offset, int timeout_secs, - enum wc_rng_bank_flags flags); + word32 flags); WOLFSSL_API int wc_rng_bank_checkin( struct wc_rng_bank *bank, @@ -474,22 +474,22 @@ WOLFSSL_API int wc_rng_bank_inst_reinit( struct wc_rng_bank *bank, struct wc_rng_bank_inst *rng_inst, int timeout_secs, - enum wc_rng_bank_flags flags); + word32 flags); WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank, const byte* seed, word32 seedSz, int timeout_secs, - enum wc_rng_bank_flags flags); + word32 flags); WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank, int timeout_secs, - enum wc_rng_bank_flags flags); + word32 flags); WOLFSSL_API int wc_InitRng_BankRef(struct wc_rng_bank *bank, WC_RNG *rng); WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng); -#define WC_RNG_BANK_INST_TO_RNG(rng_inst) (&rng_inst->rng) +#define WC_RNG_BANK_INST_TO_RNG(rng_inst) (&(rng_inst)->rng) #endif /* WC_DRBG_BANK_SUPPORT */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 742ec3d4e..875511d72 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -699,7 +699,7 @@ typedef struct wolfSSL_RefWithMutex { typedef struct wolfSSL_Ref { wolfSSL_Atomic_Int count; } wolfSSL_Ref; -#define wolfSSL_RefCur(ref) WOLFSSL_ATOMIC_LOAD(ref.count) +#define wolfSSL_RefCur(ref) WOLFSSL_ATOMIC_LOAD((ref).count) #else typedef struct wolfSSL_RefWithMutex wolfSSL_Ref; #define wolfSSL_RefCur(ref) wolfSSL_RefWithMutexCur(ref)