WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_generate() and wc_linuxkm_drbg_seed(), check retval from wc_LockMutex(). 

wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
pull/8840/head
Daniel Pouzzner 2025-06-07 07:07:20 +04:00
parent dbc34352c7
commit ae15693fa8
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
linuxkm/lkcapi_sha_glue.c
View File

@ -971,18 +971,17 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm,
{ {
struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm); struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm);
int ret; int ret;
int my_cpu = /* Note, core is not locked, so the actual core ID may change while
raw_smp_processor_id(); /* Note, core is not locked, so the actual core * executing, hence the mutex.
* ID may change while executing, hence the * The mutex is also needed to coordinate with wc_linuxkm_drbg_seed(), which
* mutex. * seeds all instances.
* The mutex is also needed to coordinate with */
* wc_linuxkm_drbg_seed(), which seeds all int my_cpu = raw_smp_processor_id();
* instances.
*/
wolfSSL_Mutex *lock = &ctx->rngs[my_cpu].lock; wolfSSL_Mutex *lock = &ctx->rngs[my_cpu].lock;
WC_RNG *rng = &ctx->rngs[my_cpu].rng; WC_RNG *rng = &ctx->rngs[my_cpu].rng;
wc_LockMutex(lock); if (wc_LockMutex(lock) != 0)
return -EINVAL;
if (slen > 0) { if (slen > 0) {
ret = wc_RNG_DRBG_Reseed(rng, src, slen); ret = wc_RNG_DRBG_Reseed(rng, src, slen);
@ -1029,7 +1028,8 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
seed_copy[0] = (u8)(i >> 8); seed_copy[0] = (u8)(i >> 8);
seed_copy[1] = (u8)i; seed_copy[1] = (u8)i;
wc_LockMutex(lock); if (wc_LockMutex(lock) != 0)
return -EINVAL;
ret = wc_RNG_DRBG_Reseed(rng, seed_copy, slen + 2); ret = wc_RNG_DRBG_Reseed(rng, seed_copy, slen + 2);
if (ret != 0) { if (ret != 0) {

10
wolfcrypt/src/random.c
View File

@ -647,7 +647,14 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
return DRBG_NEED_RESEED; return DRBG_NEED_RESEED;
} }
else { else {
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (digest == NULL)
return DRBG_FAILURE;
#else
byte digest[WC_SHA256_DIGEST_SIZE]; byte digest[WC_SHA256_DIGEST_SIZE];
#endif
type = drbgGenerateH; type = drbgGenerateH;
reseedCtr = drbg->reseedCtr; reseedCtr = drbg->reseedCtr;
@ -685,6 +692,9 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
drbg->reseedCtr++; drbg->reseedCtr++;
} }
ForceZero(digest, WC_SHA256_DIGEST_SIZE); ForceZero(digest, WC_SHA256_DIGEST_SIZE);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
#endif
} }
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;