WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

linuxkm: in configure.ac, fix feature dependency test for --enable-linuxkm-lkcapi-register=stdrng*, and in linuxkm/lkcapi_sha_glue.c, fix PRNG quality test in wc_linuxkm_drbg_startup().

pull/8718/head
Daniel Pouzzner 2025-05-01 13:07:23 -05:00
parent 1b59bc25d1
commit 5633a2fa76
2 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@ -9439,9 +9439,9 @@ then
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;;
'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.]) 'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;;
'stdrng') test "$ENABLED_HASHDRBG" != "no" && AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) 'stdrng') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG" ;;
'stdrng-default') test "$ENABLED_HASHDRBG" != "no" && AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.]) 'stdrng-default') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT" ;;
'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.]) 'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;

38
linuxkm/lkcapi_sha_glue.c
View File

@ -989,8 +989,8 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void)
#endif #endif
if (! ret) { if (! ret) {
u8 buf1[16], buf2[16]; u8 buf1[16], buf2[17];
int i; int i, j;
memset(buf1, 0, sizeof buf1); memset(buf1, 0, sizeof buf1);
memset(buf2, 0, sizeof buf2); memset(buf2, 0, sizeof buf2);
@ -1004,22 +1004,34 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void)
} }
if (! ret) { if (! ret) {
/* There's a 94% chance that 16 random bytes will all be nonzero, /*
* or a 6% chance that at least one of them will be zero. * Given a correctly functioning PRNG (perfectly rectangular
* Iterate up to 20 times to push that 6% chance to 5E-25, * PDF), There's a 94% chance that 17 random bytes will all be
* an effective certainty on a functioning PRNG. * nonzero, or a 6% chance that at least one of them will be
* zero. Iterate up to 20 times to push that 6% chance to 1.5
* E-24, an effective certainty on a functioning PRNG. With the
* contributions from iterations on shorter blocks, the overall
* expectation of failure is 2.13 E-24.
*/ */
for (i = 0; i < 20; ++i) { for (i = 1; i <= (int)sizeof buf2; ++i) {
if (! memchr(buf1, 0, sizeof buf1)) { for (j = 0; j < 20; ++j) {
ret = 0; memset(buf2, 0, (size_t)i);
break; ret = crypto_rng_generate(tfm, NULL, 0, buf2, (unsigned int)i);
if (ret)
break;
ret = -EBADMSG;
if (! memchr(buf2, 0, (size_t)i)) {
ret = 0;
break;
}
} }
ret = crypto_rng_generate(tfm, buf1, (unsigned int)sizeof buf1, buf2, (unsigned int)sizeof buf2);
if (ret) if (ret)
break; break;
ret = -EBADMSG;
} }
if (ret)
pr_err("wc_linuxkm_drbg_startup: PRNG quality test failed, block length %d, iters %d, ret %d",
i, j, ret);
} }
} }