linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_seed(), prefix the supplied seed with the CPU ID of each DRBG, to avoid duplicate states;

wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes); configure.ac: default smallstackcache on when linuxkm-defaults.
2026-02-04 01:05:05 +01:00 · 2025-06-05 16:31:46 +04:00
parent 29cf3eb84e
commit dbc34352c7
3 changed files with 22 additions and 12 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -7181,10 +7181,16 @@ then
 fi

 # Small Stack - Cache on object
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+then
+    ENABLED_SMALL_STACK_CACHE_DEFAULT=yes
+else
+    ENABLED_SMALL_STACK_CACHE_DEFAULT=no
+fi
 AC_ARG_ENABLE([smallstackcache],
    [AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
    [ ENABLED_SMALL_STACK_CACHE=$enableval ],
-    [ ENABLED_SMALL_STACK_CACHE=no ]
+    [ ENABLED_SMALL_STACK_CACHE=$ENABLED_SMALL_STACK_CACHE_DEFAULT ]
    )

 if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
--- a/linuxkm/lkcapi_sha_glue.c
+++ b/linuxkm/lkcapi_sha_glue.c
@@ -1007,19 +1007,31 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
                        const u8 *seed, unsigned int slen)
 {
    struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm);
+    u8 *seed_copy = NULL;
    int ret;
    unsigned int i;

    if (slen == 0)
        return 0;

+    seed_copy = (u8 *)malloc(slen + 2);
+    if (! seed_copy)
+        return -ENOMEM;
+    XMEMCPY(seed_copy + 2, seed, slen);
+
    for (i = 0; i < nr_cpu_ids; ++i) {
        wolfSSL_Mutex *lock = &ctx->rngs[i].lock;
        WC_RNG *rng = &ctx->rngs[i].rng;

+        /* perturb the seed with the CPU ID, so that no DRBG has the exact same
+         * seed.
+         */
+        seed_copy[0] = (u8)(i >> 8);
+        seed_copy[1] = (u8)i;
+
        wc_LockMutex(lock);

-        ret = wc_RNG_DRBG_Reseed(rng, seed, slen);
+        ret = wc_RNG_DRBG_Reseed(rng, seed_copy, slen + 2);
        if (ret != 0) {
            ret = -EINVAL;
        }
@@ -1030,6 +1042,8 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
            break;
    }

+    free(seed_copy);
+
    return ret;
 }

--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -647,14 +647,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
        return DRBG_NEED_RESEED;
    }
    else {
-    #ifndef WOLFSSL_SMALL_STACK
        byte digest[WC_SHA256_DIGEST_SIZE];
-    #else
-        byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
-            DYNAMIC_TYPE_DIGEST);
-        if (digest == NULL)
-            return DRBG_FAILURE;
-    #endif

        type = drbgGenerateH;
        reseedCtr = drbg->reseedCtr;
@@ -692,9 +685,6 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
            drbg->reseedCtr++;
        }
        ForceZero(digest, WC_SHA256_DIGEST_SIZE);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
-    #endif
    }

    return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;