Skip to content

20260404-default_rng_bank#10132

Open
douzzer wants to merge 1 commit intowolfSSL:masterfrom
douzzer:20260404-default_rng_bank
Open

20260404-default_rng_bank#10132
douzzer wants to merge 1 commit intowolfSSL:masterfrom
douzzer:20260404-default_rng_bank

Conversation

@douzzer
Copy link
Copy Markdown
Contributor

@douzzer douzzer commented Apr 5, 2026

wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add new wc_rng_bank_default facility:

  • wc_rng_bank_default_set()
  • wc_rng_bank_default_checkout()
  • wc_rng_bank_default_checkin()
  • wc_rng_bank_default_clear()

wolfssl/wolfcrypt/wc_port.h:

  • add wolfSSL_RefInc2() and wolfSSL_RefDec2() returning the atomically determined new count in the second arg, currently only implemented for full atomic-capable targets;

  • Fix type of second arg in the fallback definition of wolfSSL_Atomic_Ptr_CompareExchange().

linuxkm/lkcapi_sha_glue.c:

Refactor the _REGISTER_HASH_DRBG / _REGISTER_HASH_DRBG_DEFAULT facility around
the new wc_rng_bank_default facility, eliminating post-init use of
kernel-native crypto_default_rng, crypto_get_default_rng(), and
crypto_put_default_rng(), and eliminating all use on kernel 7.1+ (where these
will become unexported kernel-native statics). With the refactor, the
LINUXKM_DRBG_GET_RANDOM_BYTES facility uses only direct native wolfCrypt
objects and calls to fulfill requests.

tested with

wolfssl-multi-test.sh ...
super-quick-check
.*cust-kernel.*
linuxkm-6.15-all-cryptonly-quantum-safe-fips-dev-intelasm-insmod-crypto-fuzzer-kmemleak
linuxkm-6.15-all-cryptonly-quantum-safe-fips-dev-intelasm-insmod-crypto-fuzzer-ksan
quantum-safe-wolfssl-all-crypto-only-intelasm-sp-asm-fips-dev-linuxkm-next-insmod
.*Wconversion.*

(with additional fixes to WolfGuard to accommodate the changes in linux-next)

See herbertx/cryptodev@bdd2cc93bfd

@douzzer douzzer added the For This Release Release version 5.9.1 label Apr 5, 2026
@douzzer douzzer mentioned this pull request Apr 5, 2026
Open
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10132

Scan targets checked: linuxkm-bugs, linuxkm-src, wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-portability, wolfcrypt-src

Findings: 4
4 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

@douzzer douzzer force-pushed the 20260404-default_rng_bank branch from 493c950 to ca88357 Compare April 5, 2026 20:48
@douzzer
wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add new wc…
b24b53f 
…_rng_bank_default facility:

  * wc_rng_bank_default_set()
  * wc_rng_bank_default_checkout()
  * wc_rng_bank_default_checkin()
  * wc_rng_bank_default_clear()

  * Added additional argument error checking to existing APIs, with a new
    rng_inst_matches_bank() helper function.

  * Implemented feature gates WC_RNG_BANK_DEFAULT_SUPPORT and
    WC_RNG_BANK_NO_DEFAULT_SUPPORT.  When WC_RNG_BANK_DEFAULT_SUPPORT, the new
    APIs are available, and a NULL bank passed to APIs implicitly refers to the
    default bank.

wolfcrypt/test/test.c: in random_bank_test() add comprehensive smoke test coverage of new APIs and argument checking.

wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c:

  * Add wolfSSL_RefInc2(), wolfSSL_RefDec2(), wolfSSL_RefWithMutexInc2(), and
    wolfSSL_RefWithMutexDec2(), returning the atomically determined new count in
    the second arg;

  * Fix type of second arg in the fallback definition of
    wolfSSL_Atomic_Ptr_CompareExchange().

linuxkm/lkcapi_sha_glue.c:

  Refactor the _REGISTER_HASH_DRBG / _REGISTER_HASH_DRBG_DEFAULT facility around
  the new wc_rng_bank_default facility, eliminating post-init use of
  kernel-native crypto_default_rng, crypto_get_default_rng(), and
  crypto_put_default_rng(), and eliminating all use on kernel 7.1+ (where these
  will become unexported kernel-native statics).  With the refactor, the
  LINUXKM_DRBG_GET_RANDOM_BYTES facility uses only direct native wolfCrypt
  objects and calls to fulfill requests.

wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c, wolfcrypt/test/test.c, tests/api.c: add WC_SUCCESS = 0 "wolfCrypt generic success".
@douzzer douzzer force-pushed the 20260404-default_rng_bank branch from ca88357 to b24b53f Compare April 5, 2026 22:11
@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented Apr 5, 2026

retest this please
(Java tooling glitch)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

@philljj philljj Awaiting requested review from philljj

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@douzzer @wolfSSL-Fenrir-bot @wolfSSL-Bot