API: add failure mode support for randombytes()

Change randombytes() to return int (0 on success, non-zero on failure)
instead of void, allowing callers to detect and handle RNG failures.

Updated function signature, all call sites to check return
values and test files to use CHECK macro.

Signed-off-by: Andreas Hatziiliou <andreas.hatziiliou@savoirfairelinux.com>

Author: L-series

examples/monolithic_build_multilevel_native/multilevel_config.h

@@ -327,9 +327,9 @@
 #include <stdint.h>
 #include "sys.h"
 #include "test_only_rng/notrandombytes.h"
-static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
 {
-  randombytes(ptr, len);
+  return randombytes(ptr, len);
 }
 #endif /* !__ASSEMBLER__ */
 

integration/liboqs/config_aarch64.h

@@ -182,7 +182,7 @@
  *              consumer.
  *
  *              If this option is not set, mlkem-native expects a function
- *              void randombytes(uint8_t *out, size_t outlen).
+ *              int randombytes(uint8_t *out, size_t outlen).
  *
  *              Set this option and define `mlk_randombytes` if you want to
  *              use a custom method to sample randombytes with a different name
@@ -194,9 +194,10 @@
 #include <oqs/rand.h>
 #include <stdint.h>
 #include "../../mlkem/src/sys.h"
-static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
 {
   OQS_randombytes(ptr, len);
+  return 0;
 }
 #endif /* !__ASSEMBLER__ */
 

integration/liboqs/config_c.h

@@ -145,7 +145,7 @@
  *              consumer.
  *
  *              If this option is not set, mlkem-native expects a function
- *              void randombytes(uint8_t *out, size_t outlen).
+ *              int randombytes(uint8_t *out, size_t outlen).
  *
  *              Set this option and define `mlk_randombytes` if you want to
  *              use a custom method to sample randombytes with a different name
@@ -157,9 +157,10 @@
 #include <oqs/rand.h>
 #include <stdint.h>
 #include "../../mlkem/src/sys.h"
-static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
 {
   OQS_randombytes(ptr, len);
+  return 0;
 }
 #endif /* !__ASSEMBLER__ */
 

integration/liboqs/config_x86_64.h

@@ -182,7 +182,7 @@
  *              consumer.
  *
  *              If this option is not set, mlkem-native expects a function
- *              void randombytes(uint8_t *out, size_t outlen).
+ *              int randombytes(uint8_t *out, size_t outlen).
  *
  *              Set this option and define `mlk_randombytes` if you want to
  *              use a custom method to sample randombytes with a different name
@@ -194,9 +194,10 @@
 #include <oqs/rand.h>
 #include <stdint.h>
 #include "../../mlkem/src/sys.h"
-static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
 {
   OQS_randombytes(ptr, len);
+  return 0;
 }
 #endif /* !__ASSEMBLER__ */
 

mlkem/src/config.h

@@ -294,7 +294,7 @@
  *              consumer.
  *
  *              If this option is not set, mlkem-native expects a function
- *              void randombytes(uint8_t *out, size_t outlen).
+ *              int randombytes(uint8_t *out, size_t outlen).
  *
  *              Set this option and define `mlk_randombytes` if you want to
  *              use a custom method to sample randombytes with a different name
@@ -305,7 +305,7 @@
    #if !defined(__ASSEMBLER__)
    #include <stdint.h>
    #include "sys.h"
-   static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+   static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
    {
        ... your implementation ...
    }

mlkem/src/kem.c

@@ -202,7 +202,10 @@ int crypto_kem_keypair(uint8_t pk[MLKEM_INDCCA_PUBLICKEYBYTES],
   MLK_ALIGN uint8_t coins[2 * MLKEM_SYMBYTES];
 
   /* Acquire necessary randomness, and mark it as secret. */
-  mlk_randombytes(coins, 2 * MLKEM_SYMBYTES);
+  if (mlk_randombytes(coins, 2 * MLKEM_SYMBYTES) != 0)
+  {
+    return -1;
+  }
   MLK_CT_TESTING_SECRET(coins, sizeof(coins));
 
   res = crypto_kem_keypair_derand(pk, sk, coins);
@@ -263,7 +266,10 @@ int crypto_kem_enc(uint8_t ct[MLKEM_INDCCA_CIPHERTEXTBYTES],
   int res;
   MLK_ALIGN uint8_t coins[MLKEM_SYMBYTES];
 
-  mlk_randombytes(coins, MLKEM_SYMBYTES);
+  if (mlk_randombytes(coins, MLKEM_SYMBYTES) != 0)
+  {
+    return -1;
+  }
   MLK_CT_TESTING_SECRET(coins, sizeof(coins));
 
   res = crypto_kem_enc_derand(ct, ss, pk, coins);

mlkem/src/randombytes.h

@@ -12,11 +12,11 @@
 
 #if !defined(MLK_CONFIG_NO_RANDOMIZED_API)
 #if !defined(MLK_CONFIG_CUSTOM_RANDOMBYTES)
-void randombytes(uint8_t *out, size_t outlen);
-static MLK_INLINE void mlk_randombytes(uint8_t *out, size_t outlen)
+int randombytes(uint8_t *out, size_t outlen);
+static MLK_INLINE int mlk_randombytes(uint8_t *out, size_t outlen)
 __contract__(
   requires(memory_no_alias(out, outlen))
-  assigns(memory_slice(out, outlen))) { randombytes(out, outlen); }
+  assigns(memory_slice(out, outlen))) { return randombytes(out, outlen); }
 #endif /* !MLK_CONFIG_CUSTOM_RANDOMBYTES */
 #endif /* !MLK_CONFIG_NO_RANDOMIZED_API */
 #endif /* !MLK_RANDOMBYTES_H */

test/bench_components_mlkem.c

@@ -27,14 +27,14 @@ static int cmp_uint64_t(const void *a, const void *b)
   return (int)((*((const uint64_t *)a)) - (*((const uint64_t *)b)));
 }
 
-#define BENCH(txt, code)                                \
-  for (i = 0; i < NTESTS; i++)                          \
-  {                                                     \
-    randombytes((uint8_t *)data0, sizeof(data0));       \
-    randombytes((uint8_t *)data1, sizeof(data1));       \
-    randombytes((uint8_t *)data2, sizeof(data2));       \
-    randombytes((uint8_t *)data3, sizeof(data3));       \
-    randombytes((uint8_t *)data4, sizeof(data4));       \
+#define BENCH(txt, code)                                            \
+  for (i = 0; i < NTESTS; i++)                                      \
+  {                                                                 \
+    CHECK(randombytes((uint8_t *)data0, sizeof(data0)) == 0);       \
+    CHECK(randombytes((uint8_t *)data1, sizeof(data1)) == 0);       \
+    CHECK(randombytes((uint8_t *)data2, sizeof(data2)) == 0);       \
+    CHECK(randombytes((uint8_t *)data3, sizeof(data3)) == 0);       \
+    CHECK(randombytes((uint8_t *)data4, sizeof(data4)) == 0);       \
     for (j = 0; j < NWARMUP; j++)                       \
     {                                                   \
       code;                                             \

test/bench_mlkem.c

@@ -80,8 +80,8 @@ static int bench(void)
   for (i = 0; i < NTESTS; i++)
   {
     int ret = 0;
-    randombytes(kg_rand, 2 * CRYPTO_BYTES);
-    randombytes(enc_rand, CRYPTO_BYTES);
+    CHECK(randombytes(kg_rand, 2 * CRYPTO_BYTES) == 0);
+    CHECK(randombytes(enc_rand, CRYPTO_BYTES) == 0);
 
     /* Key-pair generation */
     for (j = 0; j < NWARMUP; j++)

test/configs.yml

@@ -37,9 +37,9 @@ configs:
           #include <stdint.h>
           #include "../mlkem/src/sys.h"
           #include "notrandombytes/notrandombytes.h"
-          static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+          static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
           {
-            randombytes(ptr, len);
+            return randombytes(ptr, len);
           }
           #endif /* !__ASSEMBLER__ */
 
@@ -367,9 +367,9 @@ configs:
           #include <stdint.h>
           #include "sys.h"
           #include "test_only_rng/notrandombytes.h"
-          static MLK_INLINE void mlk_randombytes(uint8_t *ptr, size_t len)
+          static MLK_INLINE int mlk_randombytes(uint8_t *ptr, size_t len)
           {
-            randombytes(ptr, len);
+            return randombytes(ptr, len);
           }
           #endif /* !__ASSEMBLER__ */