Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time #9312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 3 commits into from
Oct 20, 2025
Merged

Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time #9312

dgarske merged 3 commits into from
Oct 20, 2025

Conversation

@night1rider
Copy link
Contributor

@night1rider night1rider commented Oct 16, 2025
edited
Loading

Found that when doing our RNG test it would fail to use my CryptoCallback. Noticed the test would use wc_rng_new and not wc_rng_new_ex and not supply my default devId which is set with WC_USE_DEVID.

Change is to assume that if WC_USE_DEVID is set that the user intends this to be the default device to use for crypto calls, so this means that if wc_rng_new is called it should be assumed the user intends it to use WC_USE_DEVID and not INVALID_DEVID which is our default solution. INVALID_DEVID can still be request if used with wc_rng_new_ex by the user

bigbrett
bigbrett requested changes Oct 16, 2025
View reviewed changes
Copy link
Contributor

@bigbrett bigbrett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@night1rider this fixes the RNG test for me but now is revealing a few other related problems that make sense to fix in this PR

test.c:47429

WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
{
    wc_test_ret_t ret;
    WC_RNG rng;

#ifndef HAVE_FIPS
    ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); // <--------- Needs global devId
#else
    ret = wc_InitRng(&rng);
#endif
    if (ret != 0) {
        ret = WC_TEST_RET_ENC_EC(ret);
        return ret;
    }

....

@night1rider
Copy link
Contributor Author

night1rider commented Oct 16, 2025

@bigbrett Updated the 4 tests that where initializing RNG without the global devId. I see a bunch of other tests that use INVALID_DEVID for their specific _ex versions, not sure it makes sense to update those in this PR.

I do see this failing, unsure if its due to be running on an embedded target do you see a similar failure?

MLKEM    test passed!
DILITHIUM test passed!
XMSS     test failed!
                      error L=47668 i=0
 [fiducial line numbers: 9751 28958 48739 61407]

@bigbrett
Copy link
Contributor

bigbrett commented Oct 16, 2025
edited
Loading

@night1rider yes I'm on an embedded target. The tests wouldn't fail unless you were building with NO_FILESYSTEM and NO_DEV_RANDOM, meaning you don't have a default random entropy source as your cryptoCb is the only way to get entroyp/randomness

@bigbrett
Copy link
Contributor

bigbrett commented Oct 16, 2025

@night1rider brings up a good point...

@bigbrett Updated the 4 tests that where initializing RNG without the global devId. I see a bunch of other tests that use INVALID_DEVID for their specific _ex versions, not sure it makes sense to update those in this PR.

@dgarske larger question - do you think it is ever appropriate for our unit tests to manually specify INVALID_DEVID over using the global devId?

IMO if user sets WC_USE_DEVID then this should always be respected regardless of the context (even though it perhaps only results in an issue for RNG or RSA/ECC in the CRYPTOCB_ONLY mode

bigbrett
bigbrett previously requested changes Oct 17, 2025
View reviewed changes
@bigbrett bigbrett mentioned this pull request Oct 17, 2025
Merged
@bigbrett bigbrett dismissed their stale review October 17, 2025 20:25

uneeded

@night1rider
Copy link
Contributor Author

night1rider commented Oct 20, 2025

Rebased to use fixed kernel test in github actions

@bigbrett bigbrett assigned wolfSSL-Bot and unassigned bigbrett and night1rider Oct 20, 2025
@dgarske dgarske merged commit d86575c into wolfSSL:master Oct 20, 2025
262 of 264 checks passed
@bigbrett bigbrett mentioned this pull request Oct 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@bigbrett bigbrett bigbrett approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@night1rider @bigbrett @dgarske @wolfSSL-Bot