Merge pull request #8727 from douzzer/20250501-linuxkm-ecdsa-workaround

20250501-linuxkm-ecdsa-workaround
2025-05-01 22:44:48 -05:00
parent aa50cfc92c fea5694e1d
commit 1075ce8cf4
5 changed files with 28 additions and 17 deletions
--- a/linuxkm/lkcapi_dh_glue.c
+++ b/linuxkm/lkcapi_dh_glue.c
@@ -2821,11 +2821,11 @@ static int linuxkm_test_kpp_driver(const char * driver,
    if (IS_ERR(tfm)) {
        pr_err("error: allocating kpp algorithm %s failed: %ld\n",
               driver, PTR_ERR(tfm));
        tfm = NULL;
        if (PTR_ERR(tfm) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        tfm = NULL;
        goto test_kpp_end;
    }
@@ -2833,11 +2833,11 @@ static int linuxkm_test_kpp_driver(const char * driver,
    if (IS_ERR(req)) {
        pr_err("error: allocating kpp request %s failed\n",
               driver);
        req = NULL;
        if (PTR_ERR(req) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        req = NULL;
        goto test_kpp_end;
    }
--- a/linuxkm/lkcapi_ecdh_glue.c
+++ b/linuxkm/lkcapi_ecdh_glue.c
@@ -804,11 +804,11 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
    if (IS_ERR(tfm)) {
        pr_err("error: allocating kpp algorithm %s failed: %ld\n",
               driver, PTR_ERR(tfm));
        tfm = NULL;
        if (PTR_ERR(tfm) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        tfm = NULL;
        goto test_ecdh_nist_end;
    }
@@ -816,11 +816,11 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
    if (IS_ERR(req)) {
        pr_err("error: allocating kpp request %s failed\n",
               driver);
        req = NULL;
        if (PTR_ERR(req) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        req = NULL;
        goto test_ecdh_nist_end;
    }
--- a/linuxkm/lkcapi_ecdsa_glue.c
+++ b/linuxkm/lkcapi_ecdsa_glue.c
@@ -680,11 +680,11 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
    if (IS_ERR(tfm)) {
        pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
               driver, PTR_ERR(tfm));
        tfm = NULL;
        if (PTR_ERR(tfm) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        tfm = NULL;
        goto test_ecdsa_nist_end;
    }
@@ -692,11 +692,11 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
    if (IS_ERR(req)) {
        pr_err("error: allocating akcipher request %s failed\n",
               driver);
        req = NULL;
        if (PTR_ERR(req) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        req = NULL;
        goto test_ecdsa_nist_end;
    }
--- a/linuxkm/lkcapi_glue.c
+++ b/linuxkm/lkcapi_glue.c
@@ -238,15 +238,6 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
 * extra checks on kernel version, and ecc sizes.
 */
 #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
    #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
        defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
        /*
         * note: ecdsa was not recognized as fips_allowed before linux v6.3
         * in kernel crypto/testmgr.c, and will not pass the tests.
         */
        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
    #endif /* linux < 6.3.0 && CONFIG_CRYPTO_FIPS && CONFIG_CRYPTO_MANAGER */
    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
        ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
        /* only register p192 if specifically enabled, and if not fips. */
@@ -562,6 +553,18 @@ static int linuxkm_lkcapi_register(void)
 #endif
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
    #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) &&    \
        defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
        defined(CONFIG_CRYPTO_MANAGER) &&                    \
        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
        /*
         * ecdsa was not recognized as fips_allowed before linux v6.3
         * in kernel crypto/testmgr.c.
         */
        fips_enabled = 0;
    #endif
    #if defined(LINUXKM_ECC192)
    REGISTER_ALG(ecdsa_nist_p192, akcipher,
                 linuxkm_test_ecdsa_nist_p192);
@@ -577,6 +580,14 @@ static int linuxkm_lkcapi_register(void)
    REGISTER_ALG(ecdsa_nist_p521, akcipher,
                 linuxkm_test_ecdsa_nist_p521);
    #endif /* HAVE_ECC521 */
    #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) &&    \
        defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
        defined(CONFIG_CRYPTO_MANAGER) &&                    \
        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
        fips_enabled = 1;
    #endif
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDH
--- a/linuxkm/lkcapi_rsa_glue.c
+++ b/linuxkm/lkcapi_rsa_glue.c
@@ -1653,11 +1653,11 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
    if (IS_ERR(tfm)) {
        pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
               driver, PTR_ERR(tfm));
        tfm = NULL;
        if (PTR_ERR(tfm) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        tfm = NULL;
        goto test_pkcs1_end;
    }
@@ -1665,11 +1665,11 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
    if (IS_ERR(req)) {
        pr_err("error: allocating akcipher request %s failed\n",
               driver);
        req = NULL;
        if (PTR_ERR(req) == -ENOMEM)
            test_rc = MEMORY_E;
        else
            test_rc = BAD_FUNC_ARG;
        req = NULL;
        goto test_pkcs1_end;
    }