Merge pull request wolfSSL#8984 from douzzer/20250710-linuxkm-crng-fixes

philljj · web-flow · commit c7ff47d5ee2a · 2025-07-10T13:32:17.000-05:00
20250710-linuxkm-crng-fixes
diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c
@@ -1083,8 +1083,11 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in
         int expected = 0;
         if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)))
             return &ctx->rngs[n];
-        if (can_sleep)
+        if (can_sleep) {
+            if (signal_pending(current))
+                return NULL;
             cond_resched();
+        }
         else
             cpu_relax();
     }
@@ -1192,6 +1195,11 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
     for (n = ctx->n_rngs - 1; n >= 0; --n) {
         struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
 
+        if (! drbg) {
+            ret = -EINTR;
+            break;
+        }
+
         /* perturb the seed with the CPU ID, so that no DRBG has the exact same
          * seed.
          */
@@ -1425,6 +1433,7 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
     struct wc_linuxkm_drbg_ctx *ctx;
     size_t i;
     int n;
+    int can_sleep = (preempt_count() == 0);
 
     if (len == 0)
         return 0;
@@ -1434,15 +1443,23 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
 
     for (n = ctx->n_rngs - 1; n >= 0; --n) {
         struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
-        int V_offset = 0;
+        int V_offset;
 
-        for (i = 0; i < len; ++i) {
+        if (! drbg)
+            return -EINTR;
+
+        for (i = 0, V_offset = 0; i < len; ++i) {
             ((struct DRBG_internal *)drbg->rng.drbg)->V[V_offset++] += ((byte *)buf)[i];
             if (V_offset == (int)sizeof ((struct DRBG_internal *)drbg->rng.drbg)->V)
                 V_offset = 0;
         }
 
         put_drbg(drbg);
+        if (can_sleep) {
+            if (signal_pending(current))
+                return -EINTR;
+            cond_resched();
+        }
     }
 
     return 0;
@@ -1458,7 +1475,12 @@ static int wc_crng_reseed(void) {
 
     for (n = ctx->n_rngs - 1; n >= 0; --n) {
         struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
+
+        if (! drbg)
+            return -EINTR;
+
         ((struct DRBG_internal *)drbg->rng.drbg)->reseedCtr = WC_RESEED_INTERVAL;
+
         if (can_sleep) {
             byte scratch[4];
             int need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0);
@@ -1468,8 +1490,13 @@ static int wc_crng_reseed(void) {
             if (ret != 0)
                 pr_err("ERROR: wc_crng_reseed() wc_RNG_GenerateBlock() for DRBG #%d returned %d.", n, ret);
             put_drbg(drbg);
+            if (signal_pending(current))
+                return -EINTR;
             cond_resched();
         }
+        else {
+            put_drbg(drbg);
+        }
     }
 
     return 0;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -26199,9 +26199,9 @@ static wcchar END_PKCS7            = "-----END PKCS7-----";
     static wcchar END_DSA_PRIV     = "-----END DSA PRIVATE KEY-----";
 #endif
 #ifdef OPENSSL_EXTRA
-    wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
-    wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
-    wcchar END_PRIV_KEY_PREFIX   = "-----END";
+    static wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
+    static wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
+    static wcchar END_PRIV_KEY_PREFIX   = "-----END";
 #endif
 static wcchar BEGIN_PUB_KEY        = "-----BEGIN PUBLIC KEY-----";
 static wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
