Skip to content

20260618-FORCE_FAILURE_RDSEED-fixes#10732

Merged
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
douzzer:20260618-FORCE_FAILURE_RDSEED-fixes
Jun 18, 2026
Merged

20260618-FORCE_FAILURE_RDSEED-fixes#10732
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
douzzer:20260618-FORCE_FAILURE_RDSEED-fixes

Conversation

@douzzer

@douzzer douzzer commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

wolfcrypt/src/random.c:

  • in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

  • in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

  • in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

detected and tested with

wolfssl-multi-test.sh ...
check-source-text
linuxkm-fips-v5-strict-dist-insmod-cust-kernel-2-amdrdseed
quantum-safe-wolfssl-all-crypto-only-intelasm-sp-asm-rdseed-fips-dev-linuxkm-next-insmod
clang-tidy-all-sp-all

@douzzer douzzer added the For This Release Release version 5.9.2 label Jun 18, 2026
@github-actions

github-actions Bot commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

MemBrowse Memory Report

No memory changes detected for:

@douzzer
wolfcrypt/src/random.c:
296bfc8 
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
@douzzer douzzer force-pushed the 20260618-FORCE_FAILURE_RDSEED-fixes branch from 992a3db to 296bfc8 Compare June 18, 2026 16:54
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 18, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10732

Scan targets checked: linuxkm-bugs, linuxkm-src, wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src
Findings: 1

Critical (1)

Default wc_GenerateSeed returns RNG_FAILURE_E on successful seed read

File: wolfcrypt/src/random.c:5515
Function: wc_GenerateSeed
Category: Incorrect error handling

ret is now initialized to RNG_FAILURE_E, but the getrandom and /dev/urandom read loops set ret only on error. On a successful read ret stays RNG_FAILURE_E, so return ret yields -199 and if (ret == 0) at 5417 never fires, breaking the default seed path.

Recommendation: Set ret = 0 on the getrandom and /dev/urandom success paths, or keep this function's ret initializer at 0.

Referenced code: wolfcrypt/src/random.c:5515-5520 (6 lines)

This review was generated automatically by Fenrir. Findings are non-blocking.

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 18, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10732

Scan targets checked: linuxkm-bugs, linuxkm-src, wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src

No new issues found in the changed files. ✅

@douzzer

douzzer commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

retest this please

FAIL: scripts/google.test

lealem47
lealem47 approved these changes Jun 18, 2026
View reviewed changes

@lealem47 lealem47 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks douzzer!

@philljj

philljj commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Tests good on bsdkm with this PR:

@JacobBarthelmeh JacobBarthelmeh merged commit dd6da70 into wolfSSL:master Jun 18, 2026
305 of 307 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

@lealem47 lealem47 lealem47 approved these changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

@philljj philljj Awaiting requested review from philljj

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@douzzer @philljj @JacobBarthelmeh @lealem47 @wolfSSL-Fenrir-bot @wolfSSL-Bot