feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

wolfcrypt/src/aes.c: fix WOLFSSL_AESGCM_STREAM && WC_AES_C_DYNAMIC_FALLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI.

Browse Source 
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.

linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.

wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.

wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
This commit is contained in:
Daniel Pouzzner
2024-02-10 01:09:15 -06:00
parent 6146485d2a
commit 63fe12efe3
6 changed files with 101 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@ -720,6 +720,7 @@ then
# this set is also enabled by enable-all-crypto: # this set is also enabled by enable-all-crypto:
test "$enable_atomicuser" = "" && enable_atomicuser=yes test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes test "$enable_aesgcm" = "" && enable_aesgcm=yes
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesccm" = "" && enable_aesccm=yes test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aeseax" = "" && enable_aeseax=yes test "$enable_aeseax" = "" && enable_aeseax=yes
@ -796,7 +797,6 @@ then
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then then
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_compkey" = "" && enable_compkey=yes test "$enable_compkey" = "" && enable_compkey=yes
test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
@ -909,6 +909,7 @@ if test "$ENABLED_ALL_CRYPT" = "yes"
then then
test "$enable_atomicuser" = "" && enable_atomicuser=yes test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes test "$enable_aesgcm" = "" && enable_aesgcm=yes
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesccm" = "" && enable_aesccm=yes test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aeseax" = "" && enable_aeseax=yes test "$enable_aeseax" = "" && enable_aeseax=yes
@ -969,7 +970,6 @@ then
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then then
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_compkey" = "" && enable_compkey=yes test "$enable_compkey" = "" && enable_compkey=yes
fi fi
@ -8050,7 +8050,7 @@ if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
then then
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER" AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_AESNI" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_FIPS" = "no"; then if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_FIPS" = "no"; then
ENABLED_AESGCM_STREAM=yes ENABLED_AESGCM_STREAM=yes
fi fi

112
linuxkm/lkcapi_glue.c
View File

@ -24,12 +24,6 @@
#error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif #endif
#if defined(LINUXKM_LKCAPI_REGISTER_AESGCM) && defined(WOLFSSL_AESNI) && \
defined(WC_AES_C_DYNAMIC_FALLBACK)
/* xxx temporary */
#error LINUXKM_LKCAPI_REGISTER_AESGCM is incompatible with WOLFSSL_AESNI && WC_AES_C_DYNAMIC_FALLBACK
#endif
#ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY #ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY
/* Larger number means higher priority. The highest in-tree priority is 4001, /* Larger number means higher priority. The highest in-tree priority is 4001,
* in the Cavium driver. * in the Cavium driver.
@ -88,8 +82,7 @@ static int linuxkm_test_aescfb(void);
#endif #endif
#if defined(HAVE_AESGCM) && \ #if defined(HAVE_AESGCM) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) && \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
(! (defined(WOLFSSL_AESNI) && defined(WC_AES_C_DYNAMIC_FALLBACK)))
static int linuxkm_test_aesgcm(void); static int linuxkm_test_aesgcm(void);
#endif #endif
#if defined(WOLFSSL_AES_XTS) && \ #if defined(WOLFSSL_AES_XTS) && \
@ -503,8 +496,7 @@ static int cfbAesAlg_loaded = 0;
#if defined(HAVE_AESGCM) && \ #if defined(HAVE_AESGCM) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) && \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
(! (defined(WOLFSSL_AESNI) && defined(WC_AES_C_DYNAMIC_FALLBACK)))
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
#error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream). #error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream).
@ -790,7 +782,6 @@ static int gcmAesAead_loaded = 0;
#endif /* HAVE_AESGCM && #endif /* HAVE_AESGCM &&
* (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) && * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
* (! (WOLFSSL_AESNI && WC_AES_C_DYNAMIC_FALLBACK))
*/ */
#if defined(WOLFSSL_AES_XTS) && \ #if defined(WOLFSSL_AES_XTS) && \
@ -1009,8 +1000,6 @@ static int linuxkm_test_aescbc(void)
u8 * enc2 = NULL; u8 * enc2 = NULL;
u8 * dec2 = NULL; u8 * dec2 = NULL;
const char *driver_name;
XMEMSET(enc, 0, sizeof(enc)); XMEMSET(enc, 0, sizeof(enc));
XMEMSET(dec, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(enc));
@ -1086,13 +1075,18 @@ static int linuxkm_test_aescbc(void)
goto test_cbc_end; goto test_cbc_end;
} }
driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
if (strcmp(driver_name, WOLFKM_AESCBC_DRIVER)) { {
pr_err("error: unexpected implementation for %s: %s (expected %s)\n", const char *driver_name =
WOLFKM_AESCBC_NAME, driver_name, WOLFKM_AESCBC_DRIVER); crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
ret = -ENOENT; if (strcmp(driver_name, WOLFKM_AESCBC_DRIVER)) {
goto test_cbc_end; pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
WOLFKM_AESCBC_NAME, driver_name, WOLFKM_AESCBC_DRIVER);
ret = -ENOENT;
goto test_cbc_end;
}
} }
#endif
ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2); ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
if (ret) { if (ret) {
@ -1199,7 +1193,6 @@ static int linuxkm_test_aescfb(void)
byte dec[sizeof(p_vector)]; byte dec[sizeof(p_vector)];
u8 * enc2 = NULL; u8 * enc2 = NULL;
u8 * dec2 = NULL; u8 * dec2 = NULL;
const char *driver_name;
XMEMSET(enc, 0, sizeof(enc)); XMEMSET(enc, 0, sizeof(enc));
XMEMSET(dec, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(enc));
@ -1276,13 +1269,18 @@ static int linuxkm_test_aescfb(void)
goto test_cfb_end; goto test_cfb_end;
} }
driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) { {
pr_err("error: unexpected implementation for %s: %s (expected %s)\n", const char *driver_name =
WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER); crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
ret = -ENOENT; if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) {
goto test_cfb_end; pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER);
ret = -ENOENT;
goto test_cfb_end;
}
} }
#endif
ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2); ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
if (ret) { if (ret) {
@ -1352,8 +1350,7 @@ test_cfb_end:
#if defined(HAVE_AESGCM) && \ #if defined(HAVE_AESGCM) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) && \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
(! (defined(WOLFSSL_AESNI) && defined(WC_AES_C_DYNAMIC_FALLBACK)))
static int linuxkm_test_aesgcm(void) static int linuxkm_test_aesgcm(void)
{ {
@ -1404,7 +1401,6 @@ static int linuxkm_test_aesgcm(void)
u8 * iv = NULL; u8 * iv = NULL;
size_t encryptLen = sizeof(p_vector); size_t encryptLen = sizeof(p_vector);
size_t decryptLen = sizeof(p_vector) + sizeof(authTag); size_t decryptLen = sizeof(p_vector) + sizeof(authTag);
const char *driver_name;
/* Init stack variables. */ /* Init stack variables. */
XMEMSET(enc, 0, sizeof(p_vector)); XMEMSET(enc, 0, sizeof(p_vector));
@ -1525,13 +1521,17 @@ static int linuxkm_test_aesgcm(void)
goto test_gcm_end; goto test_gcm_end;
} }
driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)); #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) { {
pr_err("error: unexpected implementation for %s: %s (expected %s)\n", const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER); if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) {
ret = -ENOENT; pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
goto test_gcm_end; WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER);
ret = -ENOENT;
goto test_gcm_end;
}
} }
#endif
ret = crypto_aead_setkey(tfm, key32, AES_BLOCK_SIZE * 2); ret = crypto_aead_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
if (ret) { if (ret) {
@ -1628,7 +1628,6 @@ test_gcm_end:
#endif /* HAVE_AESGCM && #endif /* HAVE_AESGCM &&
* (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) && * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
* (! (WOLFSSL_AESNI && WC_AES_C_DYNAMIC_FALLBACK))
*/ */
#if defined(WOLFSSL_AES_XTS) && \ #if defined(WOLFSSL_AES_XTS) && \
@ -1654,7 +1653,6 @@ static int aes_xts_128_test(void)
struct crypto_skcipher *tfm = NULL; struct crypto_skcipher *tfm = NULL;
struct skcipher_request *req = NULL; struct skcipher_request *req = NULL;
u8 iv[AES_BLOCK_SIZE]; u8 iv[AES_BLOCK_SIZE];
const char *driver_name;
/* 128 key tests */ /* 128 key tests */
static const unsigned char k1[] = { static const unsigned char k1[] = {
@ -2024,13 +2022,18 @@ static int aes_xts_128_test(void)
goto test_xts_end; goto test_xts_end;
} }
driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) { {
pr_err("error: unexpected implementation for %s: %s (expected %s)\n", const char *driver_name =
WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER); crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
ret = -ENOENT; if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
goto test_xts_end; pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
ret = -ENOENT;
goto test_xts_end;
}
} }
#endif
ret = crypto_skcipher_ivsize(tfm); ret = crypto_skcipher_ivsize(tfm);
if (ret != sizeof(iv)) { if (ret != sizeof(iv)) {
@ -2194,7 +2197,6 @@ static int aes_xts_256_test(void)
struct crypto_skcipher *tfm = NULL; struct crypto_skcipher *tfm = NULL;
struct skcipher_request *req = NULL; struct skcipher_request *req = NULL;
u8 iv[AES_BLOCK_SIZE]; u8 iv[AES_BLOCK_SIZE];
const char *driver_name;
/* 256 key tests */ /* 256 key tests */
static const unsigned char k1[] = { static const unsigned char k1[] = {
@ -2404,13 +2406,17 @@ static int aes_xts_256_test(void)
goto test_xts_end; goto test_xts_end;
} }
driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) { {
pr_err("error: unexpected implementation for %s: %s (expected %s)\n", const char *driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER); if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
ret = -ENOENT; pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
goto test_xts_end; WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
ret = -ENOENT;
goto test_xts_end;
}
} }
#endif
ret = crypto_skcipher_ivsize(tfm); ret = crypto_skcipher_ivsize(tfm);
if (ret != sizeof(iv)) { if (ret != sizeof(iv)) {
@ -2640,8 +2646,7 @@ static int linuxkm_lkcapi_register(void)
#if defined(HAVE_AESGCM) && \ #if defined(HAVE_AESGCM) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) && \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
(! (defined(WOLFSSL_AESNI) && defined(WC_AES_C_DYNAMIC_FALLBACK)))
REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm); REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
#endif #endif
@ -2681,8 +2686,7 @@ static void linuxkm_lkcapi_unregister(void)
#endif #endif
#if defined(HAVE_AESGCM) && \ #if defined(HAVE_AESGCM) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) && \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
(! (defined(WOLFSSL_AESNI) && defined(WC_AES_C_DYNAMIC_FALLBACK)))
UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead); UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
#endif #endif

38
wolfcrypt/src/aes.c
View File

@ -8962,10 +8962,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESGCM_STREAM #ifdef WOLFSSL_AESGCM_STREAM
#if defined(WC_AES_C_DYNAMIC_FALLBACK) && defined(WOLFSSL_AESNI)
#error "AES-GCM streaming with AESNI is incompatible with WC_AES_C_DYNAMIC_FALLBACK."
#endif
/* Initialize the AES GCM cipher with an IV. C implementation. /* Initialize the AES GCM cipher with an IV. C implementation.
* *
* @param [in, out] aes AES object. * @param [in, out] aes AES object.
@ -8977,10 +8973,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz
ALIGN32 byte counter[AES_BLOCK_SIZE]; ALIGN32 byte counter[AES_BLOCK_SIZE];
int ret; int ret;
#ifdef WOLFSSL_AESNI
aes->use_aesni = 0;
#endif
if (ivSz == GCM_NONCE_MID_SZ) { if (ivSz == GCM_NONCE_MID_SZ) {
/* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
XMEMCPY(counter, iv, ivSz); XMEMCPY(counter, iv, ivSz);
@ -9207,6 +9199,7 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
ASSERT_SAVED_VECTOR_REGISTERS(); ASSERT_SAVED_VECTOR_REGISTERS();
/* Reset state fields. */ /* Reset state fields. */
aes->over = 0;
aes->aSz = 0; aes->aSz = 0;
aes->cSz = 0; aes->cSz = 0;
/* Set tag to all zeros as initial value. */ /* Set tag to all zeros as initial value. */
@ -9234,8 +9227,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
aes->gcm.H, AES_COUNTER(aes), AES_INITCTR(aes)); aes->gcm.H, AES_COUNTER(aes), AES_INITCTR(aes));
} }
aes->use_aesni = 1;
return 0; return 0;
} }
@ -9861,11 +9852,12 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
if (iv != NULL) { if (iv != NULL) {
/* Initialize with the IV. */ /* Initialize with the IV. */
VECTOR_REGISTERS_PUSH;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (aes->use_aesni) { if (aes->use_aesni) {
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = AesGcmInit_aesni(aes, iv, ivSz); ret = AesGcmInit_aesni(aes, iv, ivSz);
RESTORE_VECTOR_REGISTERS();
} }
else else
#endif #endif
@ -9873,8 +9865,6 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
ret = AesGcmInit_C(aes, iv, ivSz); ret = AesGcmInit_C(aes, iv, ivSz);
} }
VECTOR_REGISTERS_POP;
if (ret == 0) if (ret == 0)
aes->nonceSet = 1; aes->nonceSet = 1;
} }
@ -9988,11 +9978,12 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
if (ret == 0) { if (ret == 0) {
/* Encrypt with AAD and/or plaintext. */ /* Encrypt with AAD and/or plaintext. */
VECTOR_REGISTERS_PUSH;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (aes->use_aesni) { if (aes->use_aesni) {
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz); ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
RESTORE_VECTOR_REGISTERS();
} }
else else
#endif #endif
@ -10005,8 +9996,6 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
GHASH_UPDATE(aes, authIn, authInSz, out, sz); GHASH_UPDATE(aes, authIn, authInSz, out, sz);
} }
} }
VECTOR_REGISTERS_POP;
} }
return ret; return ret;
@ -10043,17 +10032,17 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
if (ret == 0) { if (ret == 0) {
/* Calculate authentication tag. */ /* Calculate authentication tag. */
VECTOR_REGISTERS_PUSH;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (aes->use_aesni) { if (aes->use_aesni) {
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = AesGcmEncryptFinal_aesni(aes, authTag, authTagSz); ret = AesGcmEncryptFinal_aesni(aes, authTag, authTagSz);
RESTORE_VECTOR_REGISTERS();
} }
else else
#endif #endif
{ {
ret = AesGcmFinal_C(aes, authTag, authTagSz); ret = AesGcmFinal_C(aes, authTag, authTagSz);
} }
VECTOR_REGISTERS_POP;
} }
if ((ret == 0) && aes->ctrSet) { if ((ret == 0) && aes->ctrSet) {
@ -10126,10 +10115,11 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
if (ret == 0) { if (ret == 0) {
/* Decrypt with AAD and/or cipher text. */ /* Decrypt with AAD and/or cipher text. */
VECTOR_REGISTERS_PUSH;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (aes->use_aesni) { if (aes->use_aesni) {
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz); ret = AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
RESTORE_VECTOR_REGISTERS();
} }
else else
#endif #endif
@ -10140,7 +10130,6 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
/* Decrypt the cipher text. */ /* Decrypt the cipher text. */
ret = AesGcmCryptUpdate_C(aes, out, in, sz); ret = AesGcmCryptUpdate_C(aes, out, in, sz);
} }
VECTOR_REGISTERS_POP;
} }
return ret; return ret;
@ -10177,10 +10166,11 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
if (ret == 0) { if (ret == 0) {
/* Calculate authentication tag and compare with one passed in.. */ /* Calculate authentication tag and compare with one passed in.. */
VECTOR_REGISTERS_PUSH;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (aes->use_aesni) { if (aes->use_aesni) {
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz); ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz);
RESTORE_VECTOR_REGISTERS();
} }
else else
#endif #endif
@ -10195,7 +10185,6 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
} }
} }
} }
VECTOR_REGISTERS_POP;
} }
return ret; return ret;
@ -11104,6 +11093,11 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
aes->heap = heap; aes->heap = heap;
aes->rounds = 0; aes->rounds = 0;
#ifdef WOLFSSL_AESNI
/* clear here for the benefit of wc_AesGcmInit(). */
aes->use_aesni = 0;
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
aes->devId = devId; aes->devId = devId;
aes->devCtx = NULL; aes->devCtx = NULL;

30
wolfcrypt/src/memory.c
View File

@ -1508,16 +1508,21 @@ THREAD_LS_T const char *wc_svr_last_file = NULL;
THREAD_LS_T int wc_svr_last_line = -1; THREAD_LS_T int wc_svr_last_line = -1;
THREAD_LS_T int wc_debug_vector_registers_retval = THREAD_LS_T int wc_debug_vector_registers_retval =
WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL; WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL;
#endif
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#ifdef HAVE_THREAD_LS
WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
static THREAD_LS_T struct drand48_data wc_svr_fuzzing_state; static THREAD_LS_T struct drand48_data wc_svr_fuzzing_state;
static THREAD_LS_T int wc_svr_fuzzing_seeded = 0; static THREAD_LS_T int wc_svr_fuzzing_seeded = 0;
long result; long result;
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
if (wc_debug_vector_registers_retval) if (wc_debug_vector_registers_retval)
return wc_debug_vector_registers_retval; return wc_debug_vector_registers_retval;
#endif
if (wc_svr_fuzzing_seeded == 0) { if (wc_svr_fuzzing_seeded == 0) {
long seed = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED; long seed = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
@ -1534,30 +1539,33 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
return 0; return 0;
} }
#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */ #else /* !HAVE_THREAD_LS */
#elif defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING) /* alternate implementation useful for testing in the kernel module build, where
* glibc and thread-local storage are unavailable.
/* DEBUG_VECTOR_REGISTER_ACCESS is undefined but fuzzing requested --
* fuzz vector register access without the detailed debugging.
* this is useful for testing in the kernel module build, where glibc and
* thread-local storage are unavailable.
* *
* note this is not a well-behaved PRNG, but is adequate for fuzzing purposes. * note this is not a well-behaved PRNG, but is adequate for fuzzing purposes.
* the prn sequence is incompressible according to ent and xz, and does not * the prn sequence is incompressible according to ent and xz, and does not
* cycle within 10M iterations with various seeds including zero, but the Chi * cycle within 10M iterations with various seeds including zero, but the Chi
* square distribution is poor, and the unconditioned lsb bit balance is ~54% * square distribution is poor, and the unconditioned lsb bit balance is ~54%
* regardless of seed. * regardless of seed.
*
* deterministic only if access is single-threaded, but never degenerate.
*/ */
WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED; static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
static int balance_bit = 0; static int balance_bit = 0;
/* access to prn is racey, but it doesn't matter. */
unsigned long new_prn = prn ^ 0xba86943da66ee701ul; /* note this magic unsigned long new_prn = prn ^ 0xba86943da66ee701ul; /* note this magic
* random number is * random number is
* bit-balanced. * bit-balanced.
*/ */
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
if (wc_debug_vector_registers_retval)
return wc_debug_vector_registers_retval;
#endif
/* barrel-roll using the bottom 6 bits. */ /* barrel-roll using the bottom 6 bits. */
if (new_prn & 0x3f) if (new_prn & 0x3f)
new_prn = (new_prn << (new_prn & 0x3f)) | new_prn = (new_prn << (new_prn & 0x3f)) |
@ -1569,9 +1577,9 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0; return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
} }
#endif /* DEBUG_VECTOR_REGISTER_ACCESS || #endif /* !HAVE_THREAD_LS */
* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
*/ #endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
#ifdef WOLFSSL_LINUXKM #ifdef WOLFSSL_LINUXKM
#include "../../linuxkm/linuxkm_memory.c" #include "../../linuxkm/linuxkm_memory.c"

9
wolfcrypt/test/test.c
View File

@ -12097,10 +12097,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif #endif
wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
wc_AesFree(dec);
#endif
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
@ -12140,11 +12136,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
ERROR_OUT(WC_TEST_RET_ENC_NC, out); ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif #endif
wc_AesFree(enc);
#ifdef HAVE_AES_DECRYPT
wc_AesFree(dec);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);

5
wolfssl/wolfcrypt/memory.h
View File

@ -434,6 +434,11 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
wc_svr_last_file = __FILE__; \ wc_svr_last_file = __FILE__; \
wc_svr_last_line = __LINE__; \ wc_svr_last_line = __LINE__; \
} while(0) } while(0)
#else /* !DEBUG_VECTOR_REGISTER_ACCESS */
#if !defined(SAVE_VECTOR_REGISTERS2) && defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
#define SAVE_VECTOR_REGISTERS2(...) SAVE_VECTOR_REGISTERS2_fuzzer()
#endif
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus