API: add failure mode support for randombytes() #1331
Conversation
L-series
commented
Dec 1, 2025
L-series
commented
- API: add failure mode support for randombytes()
- autogen: run to update randombytes declaration
- randombytes: add example to test failure
L-series
force-pushed
the
randombytes
branch
3 times, most recently
from
7733e4f to
6bbabfa
Compare
|
@L-series Do you need help debugging the CBMC and AWS-LC failures in CI, or are you fine investigating this? |
L-series
force-pushed
the
randombytes
branch
4 times, most recently
from
e42d879 to
226364d
Compare
|
Hi @hanno-becker, the CBMC proofs are fixed and the integration should now be on par with mldsa, however im still seeing an issue with the aws-lc tests after writing a post_import.patch file. Please let me know if you have any idea why the tests re failing. |
integration/aws-lc/post_import.patch
Outdated
| -static MLK_INLINE void mlk_randombytes(void *ptr, size_t len) { | ||
| - RAND_bytes(ptr, len); | ||
| +static MLK_INLINE int mlk_randombytes(void *ptr, size_t len) { | ||
| + return RAND_bytes(ptr, len); |
There was a problem hiding this comment.
Looking at the source in AWS-LC https://github.com/aws/aws-lc/blob/8238483a40b413c56b6a4a1dc336a9cc83b1b21c/crypto/fipsmodule/rand/rand.c#L524 it looks like RAND_bytes returns 1 upon success.
There was a problem hiding this comment.
Thank you! Edited the patch file to reflect this and now CI is passing.
hanno-becker
left a comment
hanno-becker
left a comment
There was a problem hiding this comment.
The AWS-LC tests likely fail because RAND_bytes has a different error code convention.
Change randombytes() to return int (0 on success, non-zero on failure) instead of void, allowing callers to detect and handle RNG failures. This commit: * Updates function signatures. * All call sites to check return values. * Changes test files to use CHECK macro. * Adds documentation of the new failure mode to sign.h and mlkem_native.h * Adds a new error code MLK_ERR_RNG_FAIL. * Declares src/randombytes with MLK_MUST_CHECK_RETURN_VALUE. Signed-off-by: Andreas Hatziiliou <[email protected]>
Tests that crypto_kem_enc and crypto_kem_keypair, correctly return MLD_ERR_RNG_FAIL when randombytes() fails. We systematically inject failures at each invocation point. This test is based off the work from the test_alloc implementation. Signed-off-by: Andreas Hatziiliou <[email protected]>
Add the rng failure test to the CI. Signed-off-by: Andreas Hatziiliou <[email protected]>
