Merge pull request #10732 from douzzer/20260618-FORCE_FAILURE_RDSEED-fixes

20260618-FORCE_FAILURE_RDSEED-fixes
This commit is contained in:
JacobBarthelmeh
2026-06-18 15:30:54 -06:00
committed by GitHub
2 changed files with 28 additions and 5 deletions
+6 -1
View File
@@ -217,7 +217,7 @@
#endif
#endif
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(5, 2, 4)
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(7, 0, 0)
#if defined(HAVE_HASHDRBG) && \
defined(HAVE_ENTROPY_MEMUSE) && \
!defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER)
@@ -227,6 +227,11 @@
!defined(HAVE_ENTROPY_MEMUSE) && \
!defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER)
#define WC_LINUXKM_RDSEED_IN_GLUE_LAYER
/* Work around -Wmaybe-uninitialized in old FIPS random.c.
* Glue-layer wc_linuxkm_GenerateSeed_IntelRD() always forces
* failure if RDSEED is missing or fails.
*/
#undef FORCE_FAILURE_RDSEED
#endif
#endif
#if defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER)
+22 -4
View File
@@ -3934,7 +3934,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
}
#endif
#ifdef HAVE_INTEL_RDSEED
#if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)
if (IS_INTEL_RDSEED(intel_flags)) {
if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) {
/* success, we're done */
@@ -3945,7 +3945,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return READ_RAN_E;
#endif
}
#endif /* HAVE_INTEL_RDSEED */
#ifdef FORCE_FAILURE_RDSEED
else {
/* Don't fall back to system randomness */
return MISSING_RNG_E;
}
#endif
#endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
#ifdef WIN_REUSE_CRYPT_HANDLE
/* Check that handle was initialized.
@@ -4914,7 +4920,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
(void)os;
int ret;
int ret = WC_NO_ERR_TRACE(RNG_FAILURE_E);
#ifdef HAVE_ENTROPY_MEMUSE
ret = wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz);
@@ -4934,6 +4940,12 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return ret;
#endif
}
#ifdef FORCE_FAILURE_RDSEED
else {
/* Don't fall back to get_random_bytes() */
return MISSING_RNG_E;
}
#endif
#endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
@@ -4957,7 +4969,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
(void)os;
int ret;
int ret = WC_NO_ERR_TRACE(RNG_FAILURE_E);
#ifdef HAVE_ENTROPY_MEMUSE
ret = wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz);
@@ -4980,6 +4992,12 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return ret;
}
}
#ifdef FORCE_FAILURE_RDSEED
else {
/* Don't fall back to arc4random_buf() */
return MISSING_RNG_E;
}
#endif
#endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
(void)ret;