linuxkm:

* LKCAPI integration tweaks for buildability and streamlining.
* add DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS, with a kernel-compatible implementation of SAVE_VECTOR_REGISTERS2_fuzzer().

linuxkm/linuxkm_wc_port.h

@@ -146,6 +146,14 @@
     #include <linux/net.h>
     #include <linux/slab.h>
 
+    #ifdef LINUXKM_REGISTER_ALG
+        #include <linux/crypto.h>
+        #include <linux/scatterlist.h>
+        #include <crypto/scatterwalk.h>
+        #include <crypto/internal/aead.h>
+        #include <crypto/internal/skcipher.h>
+    #endif
+
     #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
         #ifndef CONFIG_X86
             #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
@@ -185,7 +193,11 @@
         #endif
         #ifndef SAVE_VECTOR_REGISTERS
             #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } }
-            #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+                #define SAVE_VECTOR_REGISTERS2() ({ int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); (_fuzzer_ret == 0) ? save_vector_registers_x86() : _fuzzer_ret; })
+            #else
+                #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #endif
         #endif
         #ifndef RESTORE_VECTOR_REGISTERS
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
@@ -643,8 +655,9 @@
         #define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), GFP_KERNEL)
     #endif
 
-#ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef WOLFSSL_TRACK_MEMORY
     #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); wolfSSL_Malloc(s);})
     #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
         #define XFREE(p, h, t)       ({(void)(h); (void)(t); wolfSSL_Free(p);})

linuxkm/module_hooks.c

@@ -317,6 +317,28 @@ static int wolfssl_init(void)
     pr_info("wolfCrypt self-test passed.\n");
 #endif
 
+#if defined(LINUXKM_REGISTER_ALG) && !defined(NO_AES)
+    ret = linuxkm_register_alg();
+
+    if (ret) {
+        pr_err("linuxkm_register_alg failed with return code %d.\n", ret);
+        linuxkm_unregister_alg();
+        (void)libwolfssl_cleanup();
+        msleep(10);
+        return -ECANCELED;
+    }
+
+    ret = linuxkm_test_alg();
+
+    if (ret) {
+        pr_err("linuxkm_test_alg failed with return code %d.\n", ret);
+        (void)libwolfssl_cleanup();
+        linuxkm_unregister_alg();
+        msleep(10);
+        return -ECANCELED;
+    }
+#endif
+
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
     wolfcrypt_benchmark_main(0, (char**)NULL);
 #endif
@@ -343,27 +365,6 @@ static int wolfssl_init(void)
         );
 #endif
 
-#if defined(LINUXKM_REGISTER_ALG) && !defined(NO_AES)
-    ret = linuxkm_register_alg();
-
-    if (ret) {
-        pr_err("linuxkm_register_alg failed with return code %d.\n", ret);
-        (void)libwolfssl_cleanup();
-        linuxkm_unregister_alg();
-        msleep(10);
-        return -ECANCELED;
-    }
-
-    ret = linuxkm_test_alg();
-
-    if (ret) {
-        pr_err("linuxkm_test_alg failed with return code %d.\n", ret);
-        (void)libwolfssl_cleanup();
-        linuxkm_unregister_alg();
-        msleep(10);
-        return -ECANCELED;
-    }
-#endif
     return 0;
 }
 
@@ -811,6 +812,8 @@ PRAGMA_GCC_DIAG_POP;
 /* km_AesX(): wrappers to wolfcrypt wc_AesX functions and
  * structures.  */
 
+#include <wolfssl/wolfcrypt/aes.h>
+
 struct km_AesCtx {
     Aes          aes;
     u8           key[AES_MAX_KEY_SIZE / 8];

wolfcrypt/src/memory.c

@@ -1534,9 +1534,38 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
         return 0;
 }
 
-#endif
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
 
-#endif
+#elif defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
+
+/* DEBUG_VECTOR_REGISTER_ACCESS is undefined but fuzzing requested --
+ * fuzz vector register access without the detailed debugging.
+ * this is useful for testing in the kernel module build, where glibc and
+ * thread-local storage are unavailable.
+ */
+
+WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
+    static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
+    unsigned long popcount;
+    /* access to prn is racey, but it doesn't matter. */
+    unsigned long new_prn = prn ^ 0xba86943da66ee701ul;
+    if (new_prn & 0x3f)
+        new_prn = (new_prn << (new_prn & 0x3f)) | (new_prn >> (0x40 - (new_prn & 0x3f)));
+    __asm__ volatile ("popcnt %1, %0;"
+                      :"=r"(popcount)
+                      :"r"(new_prn)
+                      :
+        );
+    new_prn ^= popcount;
+    prn = new_prn;
+
+    if (prn & 1)
+        return IO_FAILED_E;
+    else
+        return 0;
+}
+
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS || DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
 
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_memory.c"

wolfssl/wolfcrypt/memory.h

@@ -267,6 +267,13 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         ((void)(CipherLifecycleTag), (void)(heap), (void)(abort_p), 0)
 #endif
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+    WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
+    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
+        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
+    #endif
+#endif
+
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS
     WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
     WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;
@@ -320,11 +327,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
     } while (0)
 
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
-    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
-        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
-    #endif
-        WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
-
     #define SAVE_VECTOR_REGISTERS2(...) ({                          \
         int _svr2_val = SAVE_VECTOR_REGISTERS2_fuzzer();            \
         if (_svr2_val == 0) {                                       \