Merged
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10132
Scan targets checked: linuxkm-bugs, linuxkm-src, wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-portability, wolfcrypt-src
Findings: 4
4 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
douzzer
force-pushed
the
20260404-default_rng_bank
branch
2 times, most recently
from
ca88357 to
b24b53f
Compare
Contributor
Author
|
retest this please |
dgarske
previously approved these changes
Apr 6, 2026
philljj
requested changes
Apr 6, 2026
Contributor
philljj
left a comment
philljj
left a comment
There was a problem hiding this comment.
Overall looks good, just have some suggestions and nits.
…_rng_bank_default facility:
* wc_rng_bank_default_set()
* wc_rng_bank_default_checkout()
* wc_rng_bank_default_checkin()
* wc_rng_bank_default_clear()
* Added additional argument error checking to existing APIs, with a new
rng_inst_matches_bank() helper function.
* Implemented feature gates WC_RNG_BANK_DEFAULT_SUPPORT and
WC_RNG_BANK_NO_DEFAULT_SUPPORT. When WC_RNG_BANK_DEFAULT_SUPPORT, the new
APIs are available, and a NULL bank passed to APIs implicitly refers to the
default bank.
wolfcrypt/test/test.c: in random_bank_test() add comprehensive smoke test coverage of new APIs and argument checking.
wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c:
* Add wolfSSL_RefInc2(), wolfSSL_RefDec2(), wolfSSL_RefWithMutexInc2(), and
wolfSSL_RefWithMutexDec2(), returning the atomically determined new count in
the second arg;
* Fix type of second arg in the fallback definition of
wolfSSL_Atomic_Ptr_CompareExchange().
linuxkm/lkcapi_sha_glue.c:
Refactor the _REGISTER_HASH_DRBG / _REGISTER_HASH_DRBG_DEFAULT facility around
the new wc_rng_bank_default facility, eliminating post-init use of
kernel-native crypto_default_rng, crypto_get_default_rng(), and
crypto_put_default_rng(), and eliminating all use on kernel 7.1+ (where these
will become unexported kernel-native statics). With the refactor, the
LINUXKM_DRBG_GET_RANDOM_BYTES facility uses only direct native wolfCrypt
objects and calls to fulfill requests.
wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c, wolfcrypt/test/test.c, tests/api.c: add WC_SUCCESS = 0 "wolfCrypt generic success".
douzzer
force-pushed
the
20260404-default_rng_bank
branch
from
b24b53f to
31d0fce
Compare
Contributor
Author
|
retest this please |
Contributor
Author
|
retest this please |
philljj
approved these changes
Apr 7, 2026
Contributor
|
note: last ubuntu-macos runner stuck. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
wolfcrypt/src/rng_bank.candwolfssl/wolfcrypt/rng_bank.h: add newwc_rng_bank_defaultfacility:wc_rng_bank_default_set()wc_rng_bank_default_checkout()wc_rng_bank_default_checkin()wc_rng_bank_default_clear()wolfssl/wolfcrypt/wc_port.h:add
wolfSSL_RefInc2()andwolfSSL_RefDec2()returning the atomically determined new count in the second arg, currently only implemented for full atomic-capable targets;Fix type of second arg in the fallback definition of
wolfSSL_Atomic_Ptr_CompareExchange().linuxkm/lkcapi_sha_glue.c:Refactor the
_REGISTER_HASH_DRBG/_REGISTER_HASH_DRBG_DEFAULTfacility aroundthe new
wc_rng_bank_defaultfacility, eliminating post-init use ofkernel-native
crypto_default_rng,crypto_get_default_rng(), andcrypto_put_default_rng(), and eliminating all use on kernel 7.1+ (where thesewill become unexported kernel-native statics). With the refactor, the
LINUXKM_DRBG_GET_RANDOM_BYTESfacility uses only direct native wolfCryptobjects and calls to fulfill requests.
tested with
(with additional fixes to WolfGuard to accommodate the changes in linux-next)
See herbertx/cryptodev@bdd2cc93bfd