linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_seed(), prefix the supplied seed with the CPU ID of each DRBG, to avoid duplicate states;

douzzer · douzzer · commit dbc34352c70d · 2025-06-05T16:31:46.000+04:00
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes);

configure.ac: default smallstackcache on when linuxkm-defaults.
diff --git a/configure.ac b/configure.ac
@@ -7181,10 +7181,16 @@ then
 fi
 
 # Small Stack - Cache on object
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+then
+    ENABLED_SMALL_STACK_CACHE_DEFAULT=yes
+else
+    ENABLED_SMALL_STACK_CACHE_DEFAULT=no
+fi
 AC_ARG_ENABLE([smallstackcache],
     [AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
     [ ENABLED_SMALL_STACK_CACHE=$enableval ],
-    [ ENABLED_SMALL_STACK_CACHE=no ]
+    [ ENABLED_SMALL_STACK_CACHE=$ENABLED_SMALL_STACK_CACHE_DEFAULT ]
     )
 
 if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c
@@ -1007,19 +1007,31 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
                         const u8 *seed, unsigned int slen)
 {
     struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm);
+    u8 *seed_copy = NULL;
     int ret;
     unsigned int i;
 
     if (slen == 0)
         return 0;
 
+    seed_copy = (u8 *)malloc(slen + 2);
+    if (! seed_copy)
+        return -ENOMEM;
+    XMEMCPY(seed_copy + 2, seed, slen);
+
     for (i = 0; i < nr_cpu_ids; ++i) {
         wolfSSL_Mutex *lock = &ctx->rngs[i].lock;
         WC_RNG *rng = &ctx->rngs[i].rng;
 
+        /* perturb the seed with the CPU ID, so that no DRBG has the exact same
+         * seed.
+         */
+        seed_copy[0] = (u8)(i >> 8);
+        seed_copy[1] = (u8)i;
+
         wc_LockMutex(lock);
 
-        ret = wc_RNG_DRBG_Reseed(rng, seed, slen);
+        ret = wc_RNG_DRBG_Reseed(rng, seed_copy, slen + 2);
         if (ret != 0) {
             ret = -EINVAL;
         }
@@ -1030,6 +1042,8 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
             break;
     }
 
+    free(seed_copy);
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
@@ -647,14 +647,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
         return DRBG_NEED_RESEED;
     }
     else {
-    #ifndef WOLFSSL_SMALL_STACK
         byte digest[WC_SHA256_DIGEST_SIZE];
-    #else
-        byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
-            DYNAMIC_TYPE_DIGEST);
-        if (digest == NULL)
-            return DRBG_FAILURE;
-    #endif
 
         type = drbgGenerateH;
         reseedCtr = drbg->reseedCtr;
@@ -692,9 +685,6 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
             drbg->reseedCtr++;
         }
         ForceZero(digest, WC_SHA256_DIGEST_SIZE);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
-    #endif
     }
 
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
