fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng().

Author: douzzer

linuxkm/lkcapi_sha_glue.c

@@ -1020,11 +1020,20 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
             ret = wc_InitRng(&ctx->rngs[i].rng);
             if (need_reenable_vec)
                 REENABLE_VECTOR_REGISTERS();
-            if (can_sleep)
+            if (can_sleep) {
+                /* if we're allowed to sleep, relax the loop between each inner
+                 * iteration even on success, assuring relaxation of the outer
+                 * iterations.
+                 */
                 cond_resched();
+            }
             if (ret == 0)
                 break;
             if (can_sleep) {
+                /* Allow interrupt only if we're stuck spinning retries -- i.e.,
+                 * don't allow an untimely user signal to derail an
+                 * initialization that is proceeding expeditiously.
+                 */
                 if (WC_CHECK_FOR_INTR_SIGNALS() == WC_NO_ERR_TRACE(INTERRUPTED_E)) {
                     ret = -EINTR;
                     break;
@@ -1036,7 +1045,7 @@ static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
             ++nretries;
         }
         if (ret != 0) {
-            pr_warn("WARNING: wc_InitRng returned %d after %d retries.\n",ret,nretries);
+            pr_warn("WARNING: wc_InitRng returned %d after %d retries.\n", ret, nretries);
             ret = -EINVAL;
             break;
         }

wolfcrypt/src/random.c

@@ -537,8 +537,16 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
 #endif
 
     #ifdef WC_VERBOSE_RNG
-    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE))
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* Note, if we're just going to return DRBG_FAILURE to the caller, then
+         * there's no point printing it out here because (1) the lower-level
+         * code that was remapped to DRBG_FAILURE already got printed before the
+         * remapping, so a DRBG_FAILURE message would just be spamming the log,
+         * and (2) the caller will actually see the DRBG_FAILURE code, and is
+         * free to (and probably will) log it itself.
+         */
         WOLFSSL_DEBUG_PRINTF("Hash_gen failed with err %d.", ret);
+    }
     #endif
 
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -652,8 +660,10 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
     }
 
     #ifdef WC_VERBOSE_RNG
-    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE))
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* see note above regarding log spam reduction */
         WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Generate failed with err %d.", ret);
+    }
     #endif
 
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -1033,7 +1043,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
         ret = RNG_FAILURE_E;
     }
     else {
-    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE))
         rng->status = DRBG_FAILED;
     }
 #endif /* HAVE_HASHDRBG */