wolfcrypt/src/random.c: backport changes from 20251229-linuxkm-rng-wolfentropy (WC_VERBOSE_RNG).

2025-12-30 13:46:31 -06:00
parent f21da9ddc1
commit 8df621a1ba
1 changed files with 60 additions and 5 deletions
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -369,6 +369,11 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
    XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
 #endif

+#ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("%s failed with err = %d", __FUNCTION__, ret);
+#endif
+
    return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }

@@ -406,6 +411,12 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
 #ifndef WOLFSSL_SMALL_STACK_CACHE
    WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+
+    #ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Reseed failed with err %d.", ret);
+    #endif
+
    return ret;
 }

@@ -525,6 +536,19 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
    WC_FREE_VAR_EX(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif

+    #ifdef WC_VERBOSE_RNG
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* Note, if we're just going to return DRBG_FAILURE to the caller, then
+         * there's no point printing it out here because (1) the lower-level
+         * code that was remapped to DRBG_FAILURE already got printed before the
+         * remapping, so a DRBG_FAILURE message would just be spamming the log,
+         * and (2) the caller will actually see the DRBG_FAILURE code, and is
+         * free to (and probably will) log it itself.
+         */
+        WOLFSSL_DEBUG_PRINTF("Hash_gen failed with err %d.", ret);
+    }
+    #endif
+
    return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }

@@ -635,6 +659,13 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
    #endif
    }

+    #ifdef WC_VERBOSE_RNG
+    if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) {
+        /* see note above regarding log spam reduction */
+        WOLFSSL_DEBUG_PRINTF("Hash_DRBG_Generate failed with err %d.", ret);
+    }
+    #endif
+
    return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }

@@ -721,7 +752,6 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
        if (ConstantCompare(seed + seedIdx,
                            seed + seedIdx + scratchSz,
                            (int)scratchSz) == 0) {
-
            ret = DRBG_CONT_FAILURE;
        }
        seedIdx += SEED_BLOCK_SZ;
@@ -922,6 +952,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
            else {
                ret = seedCb(&rng->seed, seed, seedSz);
                if (ret != 0) {
+#ifdef WC_VERBOSE_RNG
+                    WOLFSSL_DEBUG_PRINTF("seedCb in _InitRng() failed with err = %d", ret);
+#endif
                    ret = DRBG_FAILURE;
                }
            }
@@ -931,6 +964,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
            if (ret != 0) {
    #if defined(DEBUG_WOLFSSL)
                WOLFSSL_MSG_EX("Seed generation failed... %d", ret);
+    #elif defined(WC_VERBOSE_RNG)
+                WOLFSSL_DEBUG_PRINTF("wc_GenerateSeed() in _InitRng() failed with err %d", ret);
    #endif
                ret = DRBG_FAILURE;
                rng->status = DRBG_FAILED;
@@ -942,7 +977,12 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
            if (ret != 0) {
                WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
            }
+    #elif defined(WC_VERBOSE_RNG)
+            if (ret != DRBG_SUCCESS) {
+                WOLFSSL_DEBUG_PRINTF("wc_RNG_TestSeed() in _InitRng() returned err %d.", ret);
+            }
    #endif
+
            if (ret == DRBG_SUCCESS)
                ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
                            seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
@@ -1112,19 +1152,30 @@ static int PollAndReSeed(WC_RNG* rng)
            else {
                ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ);
                if (ret != 0) {
+    #ifdef WC_VERBOSE_RNG
+                    WOLFSSL_DEBUG_PRINTF("seedCb() in PollAndReSeed() failed with err %d", ret);
+    #endif
                    ret = DRBG_FAILURE;
                }
            }
        #else
            ret = wc_GenerateSeed(&rng->seed, newSeed,
                              SEED_SZ + SEED_BLOCK_SZ);
-        #endif
-            if (ret != 0)
+            if (ret != 0) {
+    #ifdef WC_VERBOSE_RNG
+                WOLFSSL_DEBUG_PRINTF("wc_GenerateSeed() in PollAndReSeed() failed with err %d", ret);
+    #endif
                ret = DRBG_FAILURE;
+            }
+        #endif
        }
-        if (ret == DRBG_SUCCESS)
+        if (ret == DRBG_SUCCESS) {
            ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
-
+    #ifdef WC_VERBOSE_RNG
+            if (ret != DRBG_SUCCESS)
+                WOLFSSL_DEBUG_PRINTF("wc_RNG_TestSeed() in PollAndReSeed() returned err %d.", ret);
+    #endif
+        }
        if (ret == DRBG_SUCCESS)
            ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
                                   newSeed + SEED_BLOCK_SZ, SEED_SZ);
@@ -1194,6 +1245,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 #ifdef CUSTOM_RAND_GENERATE_BLOCK
    XMEMSET(output, 0, sz);
    ret = (int)CUSTOM_RAND_GENERATE_BLOCK(output, sz);
+    #ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("CUSTOM_RAND_GENERATE_BLOCK failed with err %d.", ret);
+    #endif
 #else

 #ifdef HAVE_HASHDRBG