feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

linuxkm: fix line lengths throughout; in linuxkm/lkcapi_glue.c: fix/harmonize error catching, reporting, and error codes; further address peer review feedback.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-01-29 17:48:31 -06:00
parent 856c9a9a7f
commit 6261108d49
7 changed files with 494 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
linuxkm/linuxkm_wc_port.h
View File

@ -65,8 +65,8 @@
(int)_xatoi_res; \
})
/* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack objects,
* but gives adequate alignment with "32".
/* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack
* objects, but gives adequate alignment with "32".
*/
#if defined(CONFIG_X86) && !defined(ALIGN16)
#define ALIGN16 __attribute__ ( (aligned (32)))
@ -157,7 +157,9 @@
(sizeof(s) - 1) : strlen(s))
static inline void *my_memcpy(void *dest, const void *src, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) {
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
& (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t *src_longs = (uintptr_t *)src,
*dest_longs = (uintptr_t *)dest,
*endp = (uintptr_t *)((u8 *)src + n);
@ -176,13 +178,16 @@
#define memcpy my_memcpy
static inline void *my_memset(void *dest, int c, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) {
if (! (((uintptr_t)dest | (uintptr_t)n)
& (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t c_long = __builtin_choose_expr(
sizeof(uintptr_t) == 8,
(uintptr_t)(u8)c * 0x0101010101010101UL,
(uintptr_t)(u8)c * 0x01010101U
);
uintptr_t *dest_longs = (uintptr_t *)dest, *endp = (uintptr_t *)((u8 *)dest_longs + n);
uintptr_t *dest_longs = (uintptr_t *)dest,
*endp = (uintptr_t *)((u8 *)dest_longs + n);
while (dest_longs < endp)
*dest_longs++ = c_long;
} else {
@ -196,8 +201,11 @@
#define memset my_memset
static inline void *my_memmove(void *dest, const void *src, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) {
uintptr_t *src_longs = (uintptr_t *)src, *dest_longs = (uintptr_t *)dest;
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
& (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t *src_longs = (uintptr_t *)src,
*dest_longs = (uintptr_t *)dest;
n >>= __builtin_choose_expr(
sizeof(uintptr_t) == 8,
3U,
@ -270,12 +278,26 @@
#include <crypto/internal/aead.h>
#include <crypto/internal/skcipher.h>
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in
* linuxkm/lkcapi_glue.c (used for CBC, CFB, and GCM), we do the same
* thing with "struct km_AesCtx". however, wolfCrypt struct AesXts
* already has two AES expanded keys, the main and tweak, and the tweak
* is always used in the encrypt direction regardless of the main
* direction. to avoid allocating and computing a duplicate second
* tweak encrypt key, we set
* WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
* Aes slot to wolfCrypt's struct AesXts, and activates support for
* AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
*/
#ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#endif
#endif
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif
@ -301,21 +323,35 @@
#endif
#endif
/* benchmarks.c uses floating point math, so needs a working SAVE_VECTOR_REGISTERS(). */
#if defined(WOLFSSL_LINUXKM_BENCHMARKS) && !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
/* benchmarks.c uses floating point math, so needs a working
* SAVE_VECTOR_REGISTERS().
*/
#if defined(WOLFSSL_LINUXKM_BENCHMARKS) && \
!defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
defined(CONFIG_X86)
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#include <asm/i387.h>
#else
#include <asm/simd.h>
#endif
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } }
#define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = save_vector_registers_x86(); \
if (_svr_ret != 0) { \
fail_clause \
} \
}
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#define SAVE_VECTOR_REGISTERS2() ({ int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); (_fuzzer_ret == 0) ? save_vector_registers_x86() : _fuzzer_ret; })
#define SAVE_VECTOR_REGISTERS2() ({ \
int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
(_fuzzer_ret == 0) ? \
save_vector_registers_x86() : \
_fuzzer_ret; \
})
#else
#define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
#endif

641
linuxkm/lkcapi_glue.c
View File

File diff suppressed because it is too large Load Diff

13
linuxkm/module_hooks.c
View File

@ -245,7 +245,8 @@ static int wolfssl_init(void)
return -ECANCELED;
}
pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup self-test succeeded.\n",
pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup "
"self-test succeeded.\n",
#ifdef HAVE_FIPS_VERSION_MAJOR
HAVE_FIPS_VERSION_MAJOR,
#else
@ -306,7 +307,8 @@ static int wolfssl_init(void)
}
pr_info("wolfCrypt self-test passed.\n");
#else
pr_info("skipping full wolfcrypt_test() (configure with --enable-crypttests to enable).\n");
pr_info("skipping full wolfcrypt_test() "
"(configure with --enable-crypttests to enable).\n");
#endif
#ifdef LINUXKM_LKCAPI_REGISTER
@ -559,12 +561,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
/* runtime assert that the table has no null slots after initialization. */
{
unsigned long *i;
static_assert(sizeof(unsigned long) == sizeof(void *),
"unexpected pointer size");
for (i = (unsigned long *)&wolfssl_linuxkm_pie_redirect_table;
i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
++i)
if (*i == 0) {
pr_err("wolfCrypt container redirect table initialization was incomplete [%lu].\n",
i - (unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
pr_err("wolfCrypt container redirect table initialization was "
"incomplete [%lu].\n",
i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
return -EFAULT;
}
}

22
wolfcrypt/src/aes.c
View File

@ -12321,18 +12321,25 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
return WC_KEY_SIZE_E;
}
#ifdef HAVE_FIPS_VERSION
#ifdef HAVE_FIPS
if (XMEMCMP(key, key + keySz, keySz) == 0) {
WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ");
return BAD_FUNC_ARG;
}
#endif
if ((dir == AES_ENCRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION))
if ((dir == AES_ENCRYPTION)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)
#endif
)
{
ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_ENCRYPTION);
}
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
if ((ret == 0) && ((dir == AES_DECRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)))
if ((ret == 0) && ((dir == AES_DECRYPTION)
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)))
ret = wc_AesSetKey(&aes->aes_decrypt, key, keySz, NULL, AES_DECRYPTION);
#else
if (dir == AES_DECRYPTION)
@ -12349,11 +12356,16 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
* conflicting _aesni status, but the AES-XTS asm implementations need
* them to all be AESNI. If any aren't, disable AESNI on all.
*/
if ((((dir == AES_ENCRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)) &&
if ((((dir == AES_ENCRYPTION)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)
#endif
) &&
(aes->aes.use_aesni != aes->tweak.use_aesni))
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
||
(((dir == AES_DECRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)) &&
(((dir == AES_DECRYPTION)
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)) &&
(aes->aes_decrypt.use_aesni != aes->tweak.use_aesni))
#endif
)

19
wolfcrypt/src/memory.c
View File

@ -1560,25 +1560,18 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
*/
/* barrel-roll using the bottom 6 bits. */
if (new_prn & 0x3f)
new_prn = (new_prn << (new_prn & 0x3f)) | (new_prn >> (0x40 - (new_prn & 0x3f)));
new_prn = (new_prn << (new_prn & 0x3f)) |
(new_prn >> (0x40 - (new_prn & 0x3f)));
prn = new_prn;
balance_bit = !balance_bit;
if (balance_bit) {
if (prn & 1)
return IO_FAILED_E;
else
return 0;
} else {
if (prn & 1)
return 0;
else
return IO_FAILED_E;
}
return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
}
#endif /* DEBUG_VECTOR_REGISTER_ACCESS || DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
#endif /* DEBUG_VECTOR_REGISTER_ACCESS ||
* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
*/
#ifdef WOLFSSL_LINUXKM
#include "../../linuxkm/linuxkm_memory.c"

3
wolfcrypt/test/test.c
View File

@ -9740,7 +9740,8 @@ static wc_test_ret_t aes_xts_128_test(void)
sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif

2
wolfssl/wolfcrypt/aes.h
View File

@ -179,7 +179,9 @@ enum {
AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */
AES_ENCRYPTION = 0,
AES_DECRYPTION = 1,
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
AES_ENCRYPTION_AND_DECRYPTION = 2,
#endif
AES_BLOCK_SIZE = 16,