Merge pull request wolfSSL#9595 from douzzer/20251229-linuxkm-rng-wolfentropy

20251229-linuxkm-rng-wolfentropy

Author: philljj

.wolfssl_known_macro_extras

@@ -622,6 +622,7 @@ WC_LMS_FULL_HASH
 WC_NO_ASYNC_SLEEP
 WC_NO_RNG_SIMPLE
 WC_NO_STATIC_ASSERT
+WC_NO_VERBOSE_RNG
 WC_PKCS11_FIND_WITH_ID_ONLY
 WC_PROTECT_ENCRYPTED_MEM
 WC_RNG_BLOCKING

linuxkm/Makefile

@@ -290,7 +290,7 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 	# if the above make didn't build a fresh libwolfssl.ko, then the module is already up to date and we leave it untouched, assuring stability for purposes of module-update-fips-hash.
 	@if [[ ! "$@" -nt "$$RELOC_TMP" ]]; then echo '  Module already up-to-date.'; exit 0; fi
 	@SECTION_MAP=$$(mktemp)
-	@trap 'rm "$$SECTION_MAP"' EXIT
+	@trap 'rm "$$RELOC_TMP" "$$SECTION_MAP"' EXIT
 	@export SECTION_MAP
 	@$(READELF) --wide --sections --symbols "$@" | $(GENERATE_SECTION_MAP)
 	@$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| '$(MODULE_TOP)/linuxkm/wc_linuxkm_pie_reloc_tab.c'

linuxkm/lkcapi_sha_glue.c

@@ -990,6 +990,10 @@ static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx)
 
 static volatile int wc_linuxkm_drbg_init_tfm_disable_vector_registers = 0;
 
+#ifndef WC_LINUXKM_INITRNG_TIMEOUT_SEC
+    #define WC_LINUXKM_INITRNG_TIMEOUT_SEC 30
+#endif
+
 static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
 {
     struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_tfm_ctx(tfm);
@@ -1007,19 +1011,44 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
     XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * ctx->n_rngs);
 
     for (i = 0; i < ctx->n_rngs; ++i) {
-        ctx->rngs[i].lock = 0;
-        if (wc_linuxkm_drbg_init_tfm_disable_vector_registers)
-            need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0);
-        ret = wc_InitRng(&ctx->rngs[i].rng);
-        if (need_reenable_vec)
-            REENABLE_VECTOR_REGISTERS();
+        int nretries = 0;
+        u64 ts1 = ktime_get_ns();
+        for (;;) {
+            u64 ts2;
+            if (wc_linuxkm_drbg_init_tfm_disable_vector_registers)
+                need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0);
+            ret = wc_InitRng(&ctx->rngs[i].rng);
+            if (need_reenable_vec)
+                REENABLE_VECTOR_REGISTERS();
+            if (can_sleep) {
+                /* if we're allowed to sleep, relax the loop between each inner
+                 * iteration even on success, assuring relaxation of the outer
+                 * iterations.
+                 */
+                cond_resched();
+            }
+            if (ret == 0)
+                break;
+            if (can_sleep) {
+                /* Allow interrupt only if we're stuck spinning retries -- i.e.,
+                 * don't allow an untimely user signal to derail an
+                 * initialization that is proceeding expeditiously.
+                 */
+                if (WC_CHECK_FOR_INTR_SIGNALS() == WC_NO_ERR_TRACE(INTERRUPTED_E)) {
+                    ret = -EINTR;
+                    break;
+                }
+            }
+            ts2 = ktime_get_ns();
+            if (ts2 - ts1 > 1000000000L * WC_LINUXKM_INITRNG_TIMEOUT_SEC)
+                break;
+            ++nretries;
+        }
         if (ret != 0) {
-            pr_warn_once("WARNING: wc_InitRng returned %d\n",ret);
+            pr_warn("WARNING: wc_InitRng returned %d after %d retries.\n", ret, nretries);
             ret = -EINVAL;
             break;
         }
-        if (can_sleep)
-            cond_resched();
     }
 
     if (ret != 0) {

wolfcrypt/src/random.c

@@ -369,6 +369,11 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
     XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
 #endif
 
+#ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("%s failed with err = %d", __FUNCTION__, ret);
+#endif
+
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }
 
@@ -406,6 +411,12 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
 #ifndef WOLFSSL_SMALL_STACK_CACHE
     WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+
+    #ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Reseed failed with err %d.", ret);
+    #endif
+
     return ret;
 }
 
@@ -525,6 +536,19 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
     WC_FREE_VAR_EX(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
+    #ifdef WC_VERBOSE_RNG
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* Note, if we're just going to return DRBG_FAILURE to the caller, then
+         * there's no point printing it out here because (1) the lower-level
+         * code that was remapped to DRBG_FAILURE already got printed before the
+         * remapping, so a DRBG_FAILURE message would just be spamming the log,
+         * and (2) the caller will actually see the DRBG_FAILURE code, and is
+         * free to (and probably will) log it itself.
+         */
+        WOLFSSL_DEBUG_PRINTF("Hash_gen failed with err %d.", ret);
+    }
+    #endif
+
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }
 
@@ -635,6 +659,13 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
     #endif
     }
 
+    #ifdef WC_VERBOSE_RNG
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* see note above regarding log spam reduction */
+        WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Generate failed with err %d.", ret);
+    }
+    #endif
+
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }
 
@@ -721,7 +752,6 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
         if (ConstantCompare(seed + seedIdx,
                             seed + seedIdx + scratchSz,
                             (int)scratchSz) == 0) {
-
             ret = DRBG_CONT_FAILURE;
         }
         seedIdx += SEED_BLOCK_SZ;
@@ -926,6 +956,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             else {
                 ret = seedCb(&rng->seed, seed, seedSz);
                 if (ret != 0) {
+#ifdef WC_VERBOSE_RNG
+                    WOLFSSL_DEBUG_PRINTF("seedCb in _InitRng() failed with err = %d", ret);
+#endif
                     ret = DRBG_FAILURE;
                 }
             }
@@ -935,6 +968,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             if (ret != 0) {
     #if defined(DEBUG_WOLFSSL)
                 WOLFSSL_MSG_EX("Seed generation failed... %d", ret);
+    #elif defined(WC_VERBOSE_RNG)
+                WOLFSSL_DEBUG_PRINTF("wc_GenerateSeed() in _InitRng() failed with err %d", ret);
     #endif
                 ret = DRBG_FAILURE;
                 rng->status = DRBG_FAILED;
@@ -946,7 +981,12 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             if (ret != 0) {
                 WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
             }
+    #elif defined(WC_VERBOSE_RNG)
+            if (ret != DRBG_SUCCESS) {
+                WOLFSSL_DEBUG_PRINTF("wc_RNG_TestSeed() in _InitRng() returned err %d.", ret);
+            }
     #endif
+
             if (ret == DRBG_SUCCESS)
                 ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
             #if defined(HAVE_FIPS) || !defined(WOLFSSL_RNG_USE_FULL_SEED)
@@ -1120,19 +1160,30 @@ static int PollAndReSeed(WC_RNG* rng)
             else {
                 ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ);
                 if (ret != 0) {
+    #ifdef WC_VERBOSE_RNG
+                    WOLFSSL_DEBUG_PRINTF("seedCb() in PollAndReSeed() failed with err %d", ret);
+    #endif
                     ret = DRBG_FAILURE;
                 }
             }
         #else
             ret = wc_GenerateSeed(&rng->seed, newSeed,
                               SEED_SZ + SEED_BLOCK_SZ);
-        #endif
-            if (ret != 0)
+            if (ret != 0) {
+    #ifdef WC_VERBOSE_RNG
+                WOLFSSL_DEBUG_PRINTF("wc_GenerateSeed() in PollAndReSeed() failed with err %d", ret);
+    #endif
                 ret = DRBG_FAILURE;
+            }
+        #endif
         }
-        if (ret == DRBG_SUCCESS)
+        if (ret == DRBG_SUCCESS) {
             ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
-
+    #ifdef WC_VERBOSE_RNG
+            if (ret != DRBG_SUCCESS)
+                WOLFSSL_DEBUG_PRINTF("wc_RNG_TestSeed() in PollAndReSeed() returned err %d.", ret);
+    #endif
+        }
         if (ret == DRBG_SUCCESS)
             ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
                                    newSeed + SEED_BLOCK_SZ, SEED_SZ);
@@ -1202,6 +1253,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 #ifdef CUSTOM_RAND_GENERATE_BLOCK
     XMEMSET(output, 0, sz);
     ret = (int)CUSTOM_RAND_GENERATE_BLOCK(output, sz);
+    #ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("CUSTOM_RAND_GENERATE_BLOCK failed with err %d.", ret);
+    #endif
 #else
 
 #ifdef HAVE_HASHDRBG

wolfssl/wolfcrypt/settings.h

@@ -3934,6 +3934,11 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_HAVE_MAX
 #endif
 
+#if defined(WOLFSSL_KERNEL_MODE) && !defined(WC_NO_VERBOSE_RNG) && \
+    !defined(WC_VERBOSE_RNG)
+    #define WC_VERBOSE_RNG
+#endif
+
 #if defined(WC_SYM_RELOC_TABLES) && defined(HAVE_FIPS) && \
     !defined(WC_PIE_RELOC_TABLES)
     /* backward compat */