wolfSSL · JacobBarthelmeh · Mar 18, 2026 · Mar 17, 2026 · Mar 17, 2026
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
@@ -216,6 +216,19 @@
         #define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD
     #endif
 
+    /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here
+     * to assure that calls to get_random_bytes() in random.c are gated out
+     * (they would recurse, potentially infinitely).
+     */
+    #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
+        !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
+        !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
+        !defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
+        defined(HAVE_HASHDRBG)
+        #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
+    #endif
+
     #ifdef BUILDING_WOLFSSL
 
     #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \
@@ -560,18 +573,6 @@
             #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
         #endif
 
-        /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here
-         * to assure that calls to get_random_bytes() in random.c are gated out
-         * (they would recurse, potentially infinitely).
-         */
-        #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
-            !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
-            !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
-            !defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
-            !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
-            #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
-        #endif
-
         #ifndef WC_CONTAINERIZE_THIS
             #include <linux/crypto.h>
             #include <linux/scatterlist.h>
@@ -603,6 +604,7 @@
             #endif
             #define WC_LKM_REFCOUNT_TO_INT(refcount) wc_lkm_refcount_to_int(&(refcount))
         #endif /* !WC_CONTAINERIZE_THIS */
+
     #endif /* LINUXKM_LKCAPI_REGISTER */
 
     /* benchmarks.c uses floating point math, so needs a working
@@ -1778,6 +1780,11 @@
 
     #endif
 
+    #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
+        struct crypto_rng;
+        WOLFSSL_API int wc_linux_kernel_rng_is_wolfcrypt(struct crypto_rng *rng);
+    #endif
+
     /* Undo copied defines from wc_port.h, to avoid redefinition warnings. */
     #ifdef HAVE_FIPS
     #undef wc_InitMutex

diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c
@@ -1128,6 +1128,18 @@ static void linuxkm_put_drbg(struct crypto_rng *tfm, struct wc_rng_bank_inst **d
 
 #if defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && defined(HAVE_HASHDRBG)
 
+int wc_linux_kernel_rng_is_wolfcrypt(struct crypto_rng *rng) {
+    if (rng &&
+        wc_linuxkm_drbg_default_instance_registered &&
+        (rng->base.__crt_alg->cra_init == wc_linuxkm_drbg_init_tfm))
+    {
+        return 1;
+    }
+    else {
+        return 0;
+    }
+}
+
 static inline struct crypto_rng *get_crypto_default_rng(void) {
     struct crypto_rng *current_crypto_default_rng = crypto_default_rng;
 
@@ -1149,7 +1161,6 @@ static inline struct crypto_rng *get_crypto_default_rng(void) {
 
     if (current_crypto_default_rng->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) {
         pr_err("BUG: get_default_drbg_ctx() found wrong crypto_default_rng \"%s\"\n", crypto_tfm_alg_driver_name(&current_crypto_default_rng->base));
-        crypto_put_default_rng();
         return NULL;
     }
 

diff --git a/wolfcrypt/src/rng_bank.c b/wolfcrypt/src/rng_bank.c
@@ -708,7 +708,7 @@ WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng)
     return ret;
 }
 
-#ifndef WC_RNG_BANK_STATIC
+#if !defined(WC_RNG_BANK_STATIC) && !defined(WC_NO_CONSTRUCTORS)
 WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng) {
     int ret;
 
@@ -732,7 +732,7 @@ WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng) {
 
     return ret;
 }
-#endif /* !WC_RNG_BANK_STATIC */
+#endif /* !WC_RNG_BANK_STATIC && !WC_NO_CONSTRUCTORS */
 
 #endif /* WC_DRBG_BANKREF */
 

diff --git a/wolfssl/wolfcrypt/rng_bank.h b/wolfssl/wolfcrypt/rng_bank.h
@@ -156,8 +156,9 @@ WOLFSSL_API int wc_InitRng_BankRef(struct wc_rng_bank *bank, WC_RNG *rng);
 
 WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng);
 
-#ifndef WC_RNG_BANK_STATIC
+#if !defined(WC_RNG_BANK_STATIC) && !defined(WC_NO_CONSTRUCTORS)
 WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng);
+/* note, free with wc_rng_free(). */
 #endif
 #endif /* WC_DRBG_BANKREF */