From ea43bcba7240e2bab75ccc681049d86936b67b86 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 24 May 2024 12:22:32 -0700 Subject: [PATCH 01/11] Keep RNG seed file descriptor open until the RNG is freed. --- wolfcrypt/src/random.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 2945a88b99..8ea106897f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1373,6 +1373,12 @@ int wc_FreeRng(WC_RNG* rng) ret = WC_HW_E; #endif +#ifndef USE_WINDOWS_API + if(rng->seed.fd != 0 && rng->seed.fd != -1) { + close(rng->seed.fd); + } +#endif + return ret; } @@ -3553,20 +3559,22 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ - os->fd = open("/dev/urandom", O_RDONLY); + if (os->fd == 0 || os->fd == -1) { + os->fd = open("/dev/urandom", O_RDONLY); + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("opened /dev/urandom."); + #endif + if (os->fd == -1) + #endif + { + /* may still have /dev/random */ + os->fd = open("/dev/random", O_RDONLY); #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG("opened /dev/urandom."); + WOLFSSL_MSG("opened /dev/random."); #endif - if (os->fd == -1) - #endif - { - /* may still have /dev/random */ - os->fd = open("/dev/random", O_RDONLY); - #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG("opened /dev/random."); - #endif - if (os->fd == -1) - return OPEN_RAN_E; + if (os->fd == -1) + return OPEN_RAN_E; + } } #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("rnd read..."); @@ -3590,7 +3598,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif } } - close(os->fd); #else (void)output; (void)sz; From 6bcbfec2003be2dab21a70df956587bf513057c6 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 24 May 2024 12:57:34 -0700 Subject: [PATCH 02/11] Initalize RNG seed fd in _InitRng. --- wolfcrypt/src/random.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 8ea106897f..1e40401a86 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -894,6 +894,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, } #endif +#ifndef USE_WINDOWS_API + rng->seed.fd = 0; +#endif + #ifdef CUSTOM_RAND_GENERATE_BLOCK ret = 0; /* success */ #else From fb880e943bab92367657d50a5c6695e616b76b72 Mon Sep 17 00:00:00 2001 From: Kareem Date: Tue, 28 May 2024 16:15:19 -0700 Subject: [PATCH 03/11] Reset fd after closing it. --- wolfcrypt/src/random.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 1e40401a86..4277b840ae 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1380,6 +1380,7 @@ int wc_FreeRng(WC_RNG* rng) #ifndef USE_WINDOWS_API if(rng->seed.fd != 0 && rng->seed.fd != -1) { close(rng->seed.fd); + rng->seed.fd = -1; } #endif From 2e83b97909983de38769f6b930376342ed97be7b Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 15 Nov 2024 11:27:26 -0700 Subject: [PATCH 04/11] Only attempt to close RNG file descriptor on platforms with XCLOSE. --- wolfcrypt/src/random.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4277b840ae..acce26d99a 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1377,9 +1377,9 @@ int wc_FreeRng(WC_RNG* rng) ret = WC_HW_E; #endif -#ifndef USE_WINDOWS_API +#ifdef XCLOSE if(rng->seed.fd != 0 && rng->seed.fd != -1) { - close(rng->seed.fd); + XCLOSE(rng->seed.fd); rng->seed.fd = -1; } #endif From 0420c942a0861731098a9c50350a2311d26b0200 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 18 Dec 2025 11:22:22 -0700 Subject: [PATCH 05/11] Only use -1 for uninitialized fds as 0 is a valid fd. --- wolfcrypt/src/random.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index acce26d99a..766ef1e458 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -895,7 +895,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #endif #ifndef USE_WINDOWS_API - rng->seed.fd = 0; + rng->seed.fd = -1; #endif #ifdef CUSTOM_RAND_GENERATE_BLOCK @@ -1378,7 +1378,7 @@ int wc_FreeRng(WC_RNG* rng) #endif #ifdef XCLOSE - if(rng->seed.fd != 0 && rng->seed.fd != -1) { + if(rng->seed.fd != -1) { XCLOSE(rng->seed.fd); rng->seed.fd = -1; } @@ -3564,7 +3564,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ - if (os->fd == 0 || os->fd == -1) { + if (os->fd == -1) { os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); From 755097d512a226add52e5449312de8a9053d3111 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 18 Dec 2025 15:27:00 -0700 Subject: [PATCH 06/11] Track if RNG seed FD was opened and only close it if it was already open. This fixes the case where wc_FreeRng is called when _InitRng was not called on the RNG. Since the FD value defaults to 0 before _InitRng was called, and 0 is potentially a valid FD, it was being closed. --- wolfcrypt/src/random.c | 14 +++++++++++--- wolfssl/wolfcrypt/random.h | 1 + 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 766ef1e458..7d2fcfa60d 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -895,7 +895,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #endif #ifndef USE_WINDOWS_API - rng->seed.fd = -1; + if (!rng->seed.fdOpen) + rng->seed.fd = -1; #endif #ifdef CUSTOM_RAND_GENERATE_BLOCK @@ -1378,9 +1379,10 @@ int wc_FreeRng(WC_RNG* rng) #endif #ifdef XCLOSE - if(rng->seed.fd != -1) { + if(rng->seed.fdOpen && rng->seed.fd != -1) { XCLOSE(rng->seed.fd); rng->seed.fd = -1; + rng->seed.fdOpen = 0; } #endif @@ -3564,7 +3566,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ - if (os->fd == -1) { + if (!os->fdOpen && os->fd == -1) { os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); @@ -3579,6 +3581,12 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif if (os->fd == -1) return OPEN_RAN_E; + else + os->fdOpen = 1; + } + else + { + os->fdOpen = 1; } } #if defined(DEBUG_WOLFSSL) diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 93890fe9ac..f5c9ceb1da 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -156,6 +156,7 @@ struct OS_Seed { ProviderHandle handle; #else int fd; + byte fdOpen:1; #endif #if defined(WOLF_CRYPTO_CB) int devId; From b0b840aa0fe215fe48e702b4ac7328ed1ff1717a Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 18 Dec 2025 15:55:35 -0700 Subject: [PATCH 07/11] Rename fdOpen to seedFdOpen to avoid potential conflicts. Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only enable by default for HAProxy. It is causing issues on OS X and may cause issues on other OSes, and is generally a major behavior change. --- configure.ac | 2 +- wolfcrypt/src/random.c | 29 +++++++++++++++++------------ wolfssl/wolfcrypt/random.h | 4 +++- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac index d6c44305d6..138144a403 100644 --- a/configure.ac +++ b/configure.ac @@ -7835,7 +7835,7 @@ fi if test "$ENABLED_HAPROXY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT -DWOLFSSL_KEEP_RNG_SEED_FD_OPEN" # --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" then diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 7d2fcfa60d..d97c5258ac 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -894,8 +894,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, } #endif -#ifndef USE_WINDOWS_API - if (!rng->seed.fdOpen) +#if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && !defined(USE_WINDOWS_API) + if (!rng->seed.seedFdOpen) rng->seed.fd = -1; #endif @@ -1378,11 +1378,12 @@ int wc_FreeRng(WC_RNG* rng) ret = WC_HW_E; #endif -#ifdef XCLOSE - if(rng->seed.fdOpen && rng->seed.fd != -1) { +#if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && defined(XCLOSE) && \ + !defined(USE_WINDOWS_API) + if(rng->seed.seedFdOpen && rng->seed.fd != -1) { XCLOSE(rng->seed.fd); rng->seed.fd = -1; - rng->seed.fdOpen = 0; + rng->seed.seedFdOpen = 0; } #endif @@ -3566,7 +3567,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ - if (!os->fdOpen && os->fd == -1) { + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + if (os->fd == -1 && !os->seedFdOpen) + #endif + { os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); @@ -3581,13 +3585,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif if (os->fd == -1) return OPEN_RAN_E; - else - os->fdOpen = 1; - } - else - { - os->fdOpen = 1; } + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + if (os->fd != -1) + os->seedFdOpen = 1; + #endif } #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("rnd read..."); @@ -3611,6 +3613,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif } } + #ifndef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + close(os->fd); + #endif #else (void)output; (void)sz; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index f5c9ceb1da..f6e7143f2b 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -156,7 +156,9 @@ struct OS_Seed { ProviderHandle handle; #else int fd; - byte fdOpen:1; + #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) + byte seedFdOpen:1; + #endif #endif #if defined(WOLF_CRYPTO_CB) int devId; From 3e59b8372758e3a3d906fc65cfffbf67222f9834 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 15:57:49 -0700 Subject: [PATCH 08/11] Only keep /dev/urandom open, close /dev/random after each use. Improve logic for opening RNG seed FD. --- wolfcrypt/src/random.c | 21 ++++++++++++++++++--- wolfssl/wolfcrypt/random.h | 1 + 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index d97c5258ac..96ea00fa49 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3568,7 +3568,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN - if (os->fd == -1 && !os->seedFdOpen) + if (!os->seedFdOpen) #endif { os->fd = open("/dev/urandom", O_RDONLY); @@ -3585,10 +3585,18 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif if (os->fd == -1) return OPEN_RAN_E; + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + else { + os->keepSeedFdOpen = 0; + os->seedFdOpen = 1; + } + #endif } #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN - if (os->fd != -1) + else { + os->keepSeedFdOpen = 1; os->seedFdOpen = 1; + } #endif } #if defined(DEBUG_WOLFSSL) @@ -3613,7 +3621,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif } } - #ifndef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + if (!os->keepSeedFdOpen && os->seedFdOpen) + { + close(os->fd); + os->fd = -1; + os->seedFdOpen = 0; + } + #else close(os->fd); #endif #else diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index f6e7143f2b..22a485172f 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -158,6 +158,7 @@ struct OS_Seed { int fd; #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) byte seedFdOpen:1; + byte keepSeedFdOpen:1; #endif #endif #if defined(WOLF_CRYPTO_CB) From 06d8f69dac6f43a67506da4e17d3864ff9e4a608 Mon Sep 17 00:00:00 2001 From: Kareem Date: Tue, 23 Dec 2025 14:48:56 -0700 Subject: [PATCH 09/11] Separate new /dev/urandom opening logic into a new section in wc_GenerateSeed. --- wolfcrypt/src/random.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 7c77914ff8..68c3e2b430 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3561,11 +3561,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif #ifndef NO_FILESYSTEM - #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ - #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN if (!os->seedFdOpen) - #endif { + #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); @@ -3575,25 +3574,39 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { /* may still have /dev/random */ os->fd = open("/dev/random", O_RDONLY); - #if defined(DEBUG_WOLFSSL) + #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/random."); - #endif + #endif if (os->fd == -1) return OPEN_RAN_E; - #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN else { os->keepSeedFdOpen = 0; os->seedFdOpen = 1; } - #endif } - #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN else { os->keepSeedFdOpen = 1; os->seedFdOpen = 1; } + } + #else + #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ + os->fd = open("/dev/urandom", O_RDONLY); + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("opened /dev/urandom."); + #endif + if (os->fd == -1) + #endif + { + /* may still have /dev/random */ + os->fd = open("/dev/random", O_RDONLY); + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("opened /dev/random."); #endif + if (os->fd == -1) + return OPEN_RAN_E; } + #endif #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("rnd read..."); #endif From 0a02f5ef6bc0bfed05f00bc62899b3339e9b0d7a Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 24 Dec 2025 17:12:40 -0700 Subject: [PATCH 10/11] Code review feedback --- wolfcrypt/src/random.c | 38 ++++++++++++++++++------------------- wolfssl/wolfcrypt/random.h | 4 ++-- wolfssl/wolfcrypt/wc_port.h | 2 ++ 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4598a80adb..6b9147bced 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -827,7 +827,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && !defined(USE_WINDOWS_API) if (!rng->seed.seedFdOpen) - rng->seed.fd = -1; + rng->seed.fd = XBADFD; #endif #ifdef CUSTOM_RAND_GENERATE_BLOCK @@ -1311,9 +1311,9 @@ int wc_FreeRng(WC_RNG* rng) #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && defined(XCLOSE) && \ !defined(USE_WINDOWS_API) - if(rng->seed.seedFdOpen && rng->seed.fd != -1) { + if(rng->seed.seedFdOpen && rng->seed.fd != XBADFD) { XCLOSE(rng->seed.fd); - rng->seed.fd = -1; + rng->seed.fd = XBADFD; rng->seed.seedFdOpen = 0; } #endif @@ -3504,16 +3504,16 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); - #endif - if (os->fd == -1) - #endif + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) + #endif /* NO_DEV_URANDOM */ { /* may still have /dev/random */ os->fd = open("/dev/random", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/random."); - #endif - if (os->fd == -1) + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) return OPEN_RAN_E; else { os->keepSeedFdOpen = 0; @@ -3525,27 +3525,27 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) os->seedFdOpen = 1; } } - #else + #else /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); - #endif - if (os->fd == -1) - #endif + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) + #endif /* !NO_DEV_URANDOM */ { /* may still have /dev/random */ os->fd = open("/dev/random", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/random."); - #endif - if (os->fd == -1) + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) return OPEN_RAN_E; } - #endif + #endif /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("rnd read..."); - #endif + #endif /* DEBUG_WOLFSSL */ while (sz) { int len = (int)read(os->fd, output, sz); if (len == -1) { @@ -3562,7 +3562,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #else ret = RAN_BLOCK_E; break; - #endif + #endif /* BLOCKING || WC_RNG_BLOCKING */ } } #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN @@ -3574,8 +3574,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #else close(os->fd); - #endif -#else + #endif /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ +#else /* NO_FILESYSTEM */ (void)output; (void)sz; ret = NOT_COMPILED_IN; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 76a81f5e93..c9f54d924f 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -157,8 +157,8 @@ struct OS_Seed { #else int fd; #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) - byte seedFdOpen:1; - byte keepSeedFdOpen:1; + WC_BITFIELD seedFdOpen:1; + WC_BITFIELD keepSeedFdOpen:1; #endif #endif #if defined(WOLF_CRYPTO_CB) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index d9d97f3085..03564693fe 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1010,6 +1010,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_SET FS_SEEK_SET #define XSEEK_END FS_SEEK_END #define XBADFILE NULL + #define XBADFD -1 #define XFGETS(b,s,f) -2 /* Not ported yet */ #define XSTAT fs_stat @@ -1119,6 +1120,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_SET SEEK_SET #define XSEEK_END SEEK_END #define XBADFILE NULL + #define XBADFD -1 #define XFGETS fgets #define XFPRINTF fprintf #define XFFLUSH fflush From 17b6ce7b7bb9432ab0952b38f78ce4ff9e45eeb3 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 26 Dec 2025 12:38:54 -0700 Subject: [PATCH 11/11] Add parenthesis around XBADFD. --- wolfssl/wolfcrypt/wc_port.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 03564693fe..0a4fa5f6b2 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1010,7 +1010,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_SET FS_SEEK_SET #define XSEEK_END FS_SEEK_END #define XBADFILE NULL - #define XBADFD -1 + #define XBADFD (-1) #define XFGETS(b,s,f) -2 /* Not ported yet */ #define XSTAT fs_stat @@ -1120,7 +1120,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_SET SEEK_SET #define XSEEK_END SEEK_END #define XBADFILE NULL - #define XBADFD -1 + #define XBADFD (-1) #define XFGETS fgets #define XFPRINTF fprintf #define XFFLUSH fflush