forked from wolfSSL/wolfssl
Merge pull request #8718 from douzzer/20250428-linuxkm-stdrng
20250428-linuxkm-stdrng
This commit is contained in:
philljj
GitHub
@ -868,6 +868,8 @@ _ABIO64
|
||||
_ARCH_PPC64
|
||||
_COMPILER_VERSION
|
||||
_INTPTR_T_DECLARED
|
||||
_LINUX_REFCOUNT_H
|
||||
_LINUX_REFCOUNT_TYPES_H
|
||||
_LP64
|
||||
_MSC_VER
|
||||
_MSVC_LANG
|
||||
|
||||
26
configure.ac
26
configure.ac
@ -9405,7 +9405,10 @@ then
|
||||
for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
|
||||
do
|
||||
case "$lkcapi_alg" in
|
||||
all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING" ;;
|
||||
all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA"
|
||||
ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes
|
||||
;;
|
||||
sysfs-nodes-only) ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND=yes ;;
|
||||
'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
|
||||
'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
|
||||
@ -9436,12 +9439,18 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;;
|
||||
'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;;
|
||||
'stdrng') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG" ;;
|
||||
'stdrng-default') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT" ;;
|
||||
'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
|
||||
'ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
|
||||
'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;;
|
||||
'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA -DWOLFSSL_DH_GEN_PUB" ;;
|
||||
'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA"
|
||||
ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes
|
||||
;;
|
||||
# disable options
|
||||
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
|
||||
'-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
|
||||
@ -9458,6 +9467,8 @@ then
|
||||
'-hmac(sha1)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC" ;;
|
||||
'-hmac(sha2)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA2_HMAC" ;;
|
||||
'-hmac(sha3)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA3_HMAC" ;;
|
||||
'-stdrng') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG" ;;
|
||||
'-stdrng-default') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT" ;;
|
||||
'-ecdsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
|
||||
'-ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
|
||||
'-rsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;
|
||||
@ -9465,6 +9476,17 @@ then
|
||||
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_DH" = "yes" &&
|
||||
(test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 7)
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_GEN_PUB"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND"
|
||||
fi
|
||||
fi
|
||||
AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER])
|
||||
|
||||
|
||||
@ -294,6 +294,7 @@
|
||||
#include <crypto/scatterwalk.h>
|
||||
#include <crypto/internal/aead.h>
|
||||
#include <crypto/internal/hash.h>
|
||||
#include <crypto/internal/rng.h>
|
||||
#include <crypto/internal/skcipher.h>
|
||||
#include <crypto/internal/akcipher.h>
|
||||
#include <crypto/internal/kpp.h>
|
||||
@ -301,7 +302,7 @@
|
||||
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
|
||||
* loaded simultaneously, and the Linux in-tree implementations have two
|
||||
* AES key structs in each context, one for each direction. in
|
||||
* linuxkm/lkcapi_glue.c (used for CBC, CFB, and GCM), we do the same
|
||||
* linuxkm/lkcapi_aes_glue.c, we do the same
|
||||
* thing with "struct km_AesCtx". however, wolfCrypt struct AesXts
|
||||
* already has two AES expanded keys, the main and tweak, and the tweak
|
||||
* is always used in the encrypt direction regardless of the main
|
||||
@ -314,6 +315,12 @@
|
||||
#ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|
||||
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|
||||
#endif
|
||||
|
||||
#if defined(_LINUX_REFCOUNT_H) || defined(_LINUX_REFCOUNT_TYPES_H)
|
||||
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount.refs)))
|
||||
#else
|
||||
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount)))
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
|
||||
@ -930,7 +937,7 @@
|
||||
#define WC_LINUXKM_ROUND_UP_P_OF_2(x) ( \
|
||||
{ \
|
||||
size_t _alloc_sz = (x); \
|
||||
if (_alloc_sz < 8192) \
|
||||
if ((_alloc_sz < 8192) && (_alloc_sz != 0)) \
|
||||
_alloc_sz = 1UL << \
|
||||
((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz - 1)); \
|
||||
_alloc_sz; \
|
||||
|
||||
@ -2254,7 +2254,7 @@ static int linuxkm_test_aescbc(void)
|
||||
|
||||
aes = (Aes *)malloc(sizeof(*aes));
|
||||
if (aes == NULL)
|
||||
return -ENOMEM;
|
||||
return MEMORY_E;
|
||||
|
||||
XMEMSET(enc, 0, sizeof(enc));
|
||||
XMEMSET(dec, 0, sizeof(enc));
|
||||
@ -2458,12 +2458,12 @@ static int linuxkm_test_aescfb(void)
|
||||
|
||||
aes = (Aes *)malloc(sizeof(*aes));
|
||||
if (aes == NULL)
|
||||
return -ENOMEM;
|
||||
return MEMORY_E;
|
||||
|
||||
ret = aesofb_test();
|
||||
if (ret) {
|
||||
wc_test_render_error_message("aesgcm_test failed: ", ret);
|
||||
ret = -EINVAL;
|
||||
ret = WC_TEST_RET_DEC_EC(ret);
|
||||
goto test_cfb_end;
|
||||
}
|
||||
|
||||
@ -2629,7 +2629,7 @@ static int linuxkm_test_aesgcm(void)
|
||||
return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_NAME, WOLFKM_AESGCM_DRIVER);
|
||||
else {
|
||||
wc_test_render_error_message("aesgcm_test failed: ", ret);
|
||||
return -EINVAL;
|
||||
return WC_TEST_RET_DEC_EC(ret);
|
||||
}
|
||||
#else
|
||||
int ret = 0;
|
||||
@ -2688,7 +2688,7 @@ static int linuxkm_test_aesgcm(void)
|
||||
|
||||
aes = (Aes *)malloc(sizeof(*aes));
|
||||
if (aes == NULL)
|
||||
return -ENOMEM;
|
||||
return MEMORY_E;
|
||||
|
||||
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
|
||||
if (ret) {
|
||||
@ -2927,7 +2927,7 @@ static int linuxkm_test_aesgcm_rfc4106(void)
|
||||
return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_RFC4106_NAME, WOLFKM_AESGCM_RFC4106_DRIVER);
|
||||
else {
|
||||
wc_test_render_error_message("aesgcm_test failed: ", ret);
|
||||
return -EINVAL;
|
||||
return WC_TEST_RET_DEC_EC(ret);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4055,7 +4055,7 @@ static int linuxkm_test_aesctr(void) {
|
||||
return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESCTR_NAME, WOLFKM_AESCTR_DRIVER);
|
||||
else {
|
||||
wc_test_render_error_message("aes_ctr_test failed: ", ret);
|
||||
return -EINVAL;
|
||||
return WC_TEST_RET_DEC_EC(ret);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4069,7 +4069,7 @@ static int linuxkm_test_aesofb(void) {
|
||||
return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESOFB_NAME, WOLFKM_AESOFB_DRIVER);
|
||||
else {
|
||||
wc_test_render_error_message("aesofb_test failed: ", ret);
|
||||
return -EINVAL;
|
||||
return WC_TEST_RET_DEC_EC(ret);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4083,7 +4083,7 @@ static int linuxkm_test_aesecb(void) {
|
||||
return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESECB_NAME, WOLFKM_AESECB_DRIVER);
|
||||
else {
|
||||
wc_test_render_error_message("aes_test failed: ", ret);
|
||||
return -EINVAL;
|
||||
return WC_TEST_RET_DEC_EC(ret);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -2804,7 +2804,7 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
const byte * shared_secret,
|
||||
word32 shared_s_len)
|
||||
{
|
||||
int test_rc = -1;
|
||||
int test_rc = WC_NO_ERR_TRACE(WC_FAILURE);
|
||||
struct crypto_kpp * tfm = NULL;
|
||||
struct kpp_request * req = NULL;
|
||||
struct scatterlist src, dst;
|
||||
@ -2822,6 +2822,10 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
pr_err("error: allocating kpp algorithm %s failed: %ld\n",
|
||||
driver, PTR_ERR(tfm));
|
||||
tfm = NULL;
|
||||
if (PTR_ERR(tfm) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
@ -2830,12 +2834,17 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
pr_err("error: allocating kpp request %s failed\n",
|
||||
driver);
|
||||
req = NULL;
|
||||
if (PTR_ERR(req) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
err = crypto_kpp_set_secret(tfm, a_secret, secret_len);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_set_secret returned: %d\n", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
@ -2843,12 +2852,14 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
dst_len = crypto_kpp_maxsize(tfm);
|
||||
if (dst_len <= 0) {
|
||||
pr_err("error: crypto_kpp_maxsize returned: %d\n", dst_len);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
dst_buf = malloc(dst_len);
|
||||
if (dst_buf == NULL) {
|
||||
pr_err("error: allocating out buf failed");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
@ -2862,17 +2873,20 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
err = crypto_kpp_generate_public_key(req);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_generate_public_key returned: %d", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
if (memcmp(expected_a_pub, sg_virt(req->dst), pub_len)) {
|
||||
pr_err("error: crypto_kpp_generate_public_key: wrong output");
|
||||
test_rc = WC_KEY_MISMATCH_E;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
src_buf = malloc(src_len);
|
||||
if (src_buf == NULL) {
|
||||
pr_err("error: allocating in buf failed");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
@ -2887,11 +2901,13 @@ static int linuxkm_test_kpp_driver(const char * driver,
|
||||
err = crypto_kpp_compute_shared_secret(req);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_compute_shared_secret returned: %d", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
if (memcmp(shared_secret, sg_virt(req->dst), shared_s_len)) {
|
||||
pr_err("error: shared secret does not match");
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_kpp_end;
|
||||
}
|
||||
|
||||
|
||||
@ -787,7 +787,7 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
const byte * shared_secret,
|
||||
word32 shared_s_len)
|
||||
{
|
||||
int test_rc = -1;
|
||||
int test_rc = WC_NO_ERR_TRACE(WC_FAILURE);
|
||||
struct crypto_kpp * tfm = NULL;
|
||||
struct kpp_request * req = NULL;
|
||||
struct scatterlist src, dst;
|
||||
@ -805,6 +805,10 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
pr_err("error: allocating kpp algorithm %s failed: %ld\n",
|
||||
driver, PTR_ERR(tfm));
|
||||
tfm = NULL;
|
||||
if (PTR_ERR(tfm) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
@ -813,12 +817,17 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
pr_err("error: allocating kpp request %s failed\n",
|
||||
driver);
|
||||
req = NULL;
|
||||
if (PTR_ERR(req) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
err = crypto_kpp_set_secret(tfm, secret, secret_len);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_set_secret returned: %d\n", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
@ -826,12 +835,14 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
dst_len = crypto_kpp_maxsize(tfm);
|
||||
if (dst_len <= 0) {
|
||||
pr_err("error: crypto_kpp_maxsize returned: %d\n", dst_len);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
dst_buf = malloc(dst_len);
|
||||
if (dst_buf == NULL) {
|
||||
pr_err("error: allocating out buf failed");
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
@ -845,17 +856,20 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
err = crypto_kpp_generate_public_key(req);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_generate_public_key returned: %d", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
if (memcmp(expected_a_pub, sg_virt(req->dst), pub_len)) {
|
||||
pr_err("error: crypto_kpp_generate_public_key: wrong output");
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
src_buf = malloc(src_len);
|
||||
if (src_buf == NULL) {
|
||||
pr_err("error: allocating in buf failed");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
@ -870,11 +884,13 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
|
||||
err = crypto_kpp_compute_shared_secret(req);
|
||||
if (err) {
|
||||
pr_err("error: crypto_kpp_compute_shared_secret returned: %d", err);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
if (memcmp(shared_secret, sg_virt(req->dst), shared_s_len)) {
|
||||
pr_err("error: shared secret does not match");
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdh_nist_end;
|
||||
}
|
||||
|
||||
|
||||
@ -650,7 +650,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
const byte * sig, word32 sig_len,
|
||||
const byte * hash, word32 hash_len)
|
||||
{
|
||||
int test_rc = -1;
|
||||
int test_rc = WC_NO_ERR_TRACE(WC_FAILURE);
|
||||
int ret = 0;
|
||||
struct crypto_akcipher * tfm = NULL;
|
||||
struct akcipher_request * req = NULL;
|
||||
@ -664,6 +664,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
param_copy = (byte *)malloc(sig_len + hash_len);
|
||||
if (! param_copy) {
|
||||
pr_err("error: allocating param_copy buffer failed.\n");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
memcpy(param_copy, sig, sig_len);
|
||||
@ -680,6 +681,10 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
|
||||
driver, PTR_ERR(tfm));
|
||||
tfm = NULL;
|
||||
if (PTR_ERR(tfm) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
@ -688,6 +693,10 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
pr_err("error: allocating akcipher request %s failed\n",
|
||||
driver);
|
||||
req = NULL;
|
||||
if (PTR_ERR(req) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
@ -695,6 +704,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
ret = crypto_akcipher_set_pub_key(tfm, pub, pub_len);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_set_pub_key returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
@ -703,6 +713,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
if ((int) maxsize <= 0) {
|
||||
pr_err("error: crypto_akcipher_maxsize "
|
||||
"returned %d\n", maxsize);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
}
|
||||
@ -725,6 +736,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
ret = crypto_akcipher_verify(req);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_verify returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
@ -732,6 +744,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
bad_sig = malloc(sig_len);
|
||||
if (bad_sig == NULL) {
|
||||
pr_err("error: alloc sig failed\n");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
@ -749,6 +762,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
|
||||
if (ret != -EBADMSG) {
|
||||
pr_err("error: crypto_akcipher_verify returned %d, expected %d\n",
|
||||
ret, -EBADMSG);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_ecdsa_nist_end;
|
||||
}
|
||||
|
||||
|
||||
@ -80,21 +80,12 @@
|
||||
|
||||
#define WOLFKM_DRIVER_SUFFIX_BASE "-wolfcrypt" WOLFKM_DRIVER_FIPS
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
|
||||
enum linux_errcodes {
|
||||
my_EINVAL = EINVAL,
|
||||
my_ENOMEM = ENOMEM,
|
||||
my_EBADMSG = EBADMSG
|
||||
};
|
||||
|
||||
#undef EINVAL
|
||||
#undef ENOMEM
|
||||
#undef EBADMSG
|
||||
|
||||
#define EINVAL WC_ERR_TRACE(my_EINVAL)
|
||||
#define ENOMEM WC_ERR_TRACE(my_ENOMEM)
|
||||
#define EBADMSG WC_ERR_TRACE(my_EBADMSG)
|
||||
#endif
|
||||
#define WOLFKM_INSTALL_NOTICE(alg) \
|
||||
pr_info("%s self-test OK -- " \
|
||||
"registered for %s with priority %d.\n", \
|
||||
(alg).base.cra_driver_name, \
|
||||
(alg).base.cra_name, \
|
||||
(alg).base.cra_priority); \
|
||||
|
||||
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
|
||||
defined(USE_INTEL_SPEEDUP_FOR_AES)
|
||||
@ -249,10 +240,10 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
|
||||
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
|
||||
defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
|
||||
/**
|
||||
/*
|
||||
* note: ecdsa was not recognized as fips_allowed before linux v6.3
|
||||
* in kernel crypto/testmgr.c, and will not pass the tests.
|
||||
* */
|
||||
*/
|
||||
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
|
||||
#endif /* linux < 6.3.0 && CONFIG_CRYPTO_FIPS && CONFIG_CRYPTO_MANAGER */
|
||||
|
||||
@ -271,7 +262,7 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
|
||||
/**
|
||||
/*
|
||||
* notes:
|
||||
* - ecdsa supported with linux 6.12 and earlier for now, only.
|
||||
* - pkcs1pad rsa supported both before and after linux 6.13, but
|
||||
@ -283,7 +274,7 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
|
||||
*
|
||||
* pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
|
||||
* functionality.
|
||||
* */
|
||||
*/
|
||||
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
|
||||
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
|
||||
@ -307,10 +298,10 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
|
||||
|
||||
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \
|
||||
defined(CONFIG_CRYPTO_MANAGER)
|
||||
/**
|
||||
* note: normal dh not fips_allowed in in kernel crypto/testmgr.c,
|
||||
/*
|
||||
* note: normal dh not fips_allowed in kernel crypto/testmgr.c,
|
||||
* and will not pass the tests.
|
||||
* */
|
||||
*/
|
||||
#undef LINUXKM_DH
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
|
||||
|
||||
@ -330,14 +321,101 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
|
||||
#include "linuxkm/lkcapi_dh_glue.c"
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
|
||||
|
||||
static int linuxkm_lkcapi_register(void);
|
||||
static int linuxkm_lkcapi_unregister(void);
|
||||
|
||||
static ssize_t install_algs_handler(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
const char *buf, size_t count)
|
||||
{
|
||||
int arg;
|
||||
int ret;
|
||||
|
||||
(void)kobj;
|
||||
(void)attr;
|
||||
|
||||
if (kstrtoint(buf, 10, &arg) || arg != 1)
|
||||
return -EINVAL;
|
||||
|
||||
pr_info("wolfCrypt: Installing algorithms");
|
||||
|
||||
ret = linuxkm_lkcapi_register();
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
static ssize_t deinstall_algs_handler(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
const char *buf, size_t count)
|
||||
{
|
||||
int arg;
|
||||
int ret;
|
||||
|
||||
(void)kobj;
|
||||
(void)attr;
|
||||
|
||||
if (kstrtoint(buf, 10, &arg) || arg != 1)
|
||||
return -EINVAL;
|
||||
|
||||
pr_info("wolfCrypt: Deinstalling algorithms");
|
||||
|
||||
ret = linuxkm_lkcapi_unregister();
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
/* create control channels at /sys/module/libwolfssl/{install_algs,deinstall_algs} */
|
||||
|
||||
static struct kobj_attribute install_algs_attr = __ATTR(install_algs, 0220, NULL, install_algs_handler);
|
||||
static struct kobj_attribute deinstall_algs_attr = __ATTR(deinstall_algs, 0220, NULL, deinstall_algs_handler);
|
||||
|
||||
static int installed_sysfs_LKCAPI_files = 0;
|
||||
|
||||
static int linuxkm_lkcapi_sysfs_install(void) {
|
||||
int ret;
|
||||
if (! installed_sysfs_LKCAPI_files) {
|
||||
ret = linuxkm_lkcapi_sysfs_install_node(&install_algs_attr, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = linuxkm_lkcapi_sysfs_install_node(&deinstall_algs_attr, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
installed_sysfs_LKCAPI_files = 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int linuxkm_lkcapi_sysfs_deinstall(void) {
|
||||
if (installed_sysfs_LKCAPI_files) {
|
||||
int ret = linuxkm_lkcapi_sysfs_deinstall_node(&install_algs_attr, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = linuxkm_lkcapi_sysfs_deinstall_node(&deinstall_algs_attr, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
installed_sysfs_LKCAPI_files = 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int linuxkm_lkcapi_registered = 0;
|
||||
static int linuxkm_lkcapi_n_registered = 0;
|
||||
|
||||
static int linuxkm_lkcapi_register(void)
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = -1;
|
||||
int seen_err = 0;
|
||||
#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
|
||||
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
|
||||
int enabled_fips = 0;
|
||||
#endif
|
||||
|
||||
ret = linuxkm_lkcapi_sysfs_install();
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
|
||||
/* temporarily disable warnings around setkey failures, which are expected
|
||||
* from the crypto fuzzer in FIPS configs, and potentially in others.
|
||||
@ -355,196 +433,206 @@ static int linuxkm_lkcapi_register(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#define REGISTER_ALG(alg, installer, tester) do { \
|
||||
if (alg ## _loaded) { \
|
||||
pr_err("ERROR: %s is already registered.\n", \
|
||||
(alg).base.cra_driver_name); \
|
||||
ret = -EEXIST; \
|
||||
goto out; \
|
||||
} \
|
||||
\
|
||||
ret = (installer)(&(alg)); \
|
||||
\
|
||||
#define REGISTER_ALG(alg, alg_class, tester) do { \
|
||||
if (! alg ## _loaded) { \
|
||||
ret = (crypto_register_ ## alg_class)(&(alg)); \
|
||||
if (ret) { \
|
||||
pr_err("ERROR: " #installer " for %s failed " \
|
||||
seen_err = ret; \
|
||||
pr_err("ERROR: crypto_register_" #alg_class " for %s failed "\
|
||||
"with return code %d.\n", \
|
||||
(alg).base.cra_driver_name, ret); \
|
||||
goto out; \
|
||||
} \
|
||||
\
|
||||
alg ## _loaded = 1; \
|
||||
\
|
||||
} else { \
|
||||
ret = (tester()); \
|
||||
\
|
||||
if (ret) { \
|
||||
pr_err("ERROR: self-test for %s failed " \
|
||||
seen_err = -EINVAL; \
|
||||
pr_err("ERROR: wolfCrypt self-test for %s failed " \
|
||||
"with return code %d.\n", \
|
||||
(alg).base.cra_driver_name, ret); \
|
||||
goto out; \
|
||||
} \
|
||||
pr_info("%s self-test OK -- " \
|
||||
"registered for %s with priority %d.\n", \
|
||||
(crypto_unregister_ ## alg_class)(&(alg)); \
|
||||
if (! (alg.base.cra_flags & CRYPTO_ALG_DEAD)) { \
|
||||
pr_err("ERROR: alg %s not _DEAD " \
|
||||
"after crypto_unregister_%s -- " \
|
||||
"marking as loaded despite test failure.", \
|
||||
(alg).base.cra_driver_name, \
|
||||
(alg).base.cra_name, \
|
||||
(alg).base.cra_priority); \
|
||||
#alg_class); \
|
||||
alg ## _loaded = 1; \
|
||||
++linuxkm_lkcapi_n_registered; \
|
||||
} \
|
||||
} else { \
|
||||
alg ## _loaded = 1; \
|
||||
++linuxkm_lkcapi_n_registered; \
|
||||
WOLFKM_INSTALL_NOTICE(alg) \
|
||||
} \
|
||||
} \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
|
||||
REGISTER_ALG(cbcAesAlg, crypto_register_skcipher, linuxkm_test_aescbc);
|
||||
REGISTER_ALG(cbcAesAlg, skcipher, linuxkm_test_aescbc);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
|
||||
REGISTER_ALG(cfbAesAlg, crypto_register_skcipher, linuxkm_test_aescfb);
|
||||
REGISTER_ALG(cfbAesAlg, skcipher, linuxkm_test_aescfb);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
|
||||
REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
|
||||
REGISTER_ALG(gcmAesAead, aead, linuxkm_test_aesgcm);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
|
||||
REGISTER_ALG(gcmAesAead_rfc4106, crypto_register_aead, linuxkm_test_aesgcm_rfc4106);
|
||||
REGISTER_ALG(gcmAesAead_rfc4106, aead, linuxkm_test_aesgcm_rfc4106);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
|
||||
REGISTER_ALG(xtsAesAlg, crypto_register_skcipher, linuxkm_test_aesxts);
|
||||
REGISTER_ALG(xtsAesAlg, skcipher, linuxkm_test_aesxts);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
|
||||
REGISTER_ALG(ctrAesAlg, crypto_register_skcipher, linuxkm_test_aesctr);
|
||||
REGISTER_ALG(ctrAesAlg, skcipher, linuxkm_test_aesctr);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
|
||||
REGISTER_ALG(ofbAesAlg, crypto_register_skcipher, linuxkm_test_aesofb);
|
||||
REGISTER_ALG(ofbAesAlg, skcipher, linuxkm_test_aesofb);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
|
||||
REGISTER_ALG(ecbAesAlg, crypto_register_skcipher, linuxkm_test_aesecb);
|
||||
REGISTER_ALG(ecbAesAlg, skcipher, linuxkm_test_aesecb);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
|
||||
REGISTER_ALG(sha1_alg, crypto_register_shash, linuxkm_test_sha1);
|
||||
REGISTER_ALG(sha1_alg, shash, linuxkm_test_sha1);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224
|
||||
REGISTER_ALG(sha2_224_alg, crypto_register_shash, linuxkm_test_sha2_224);
|
||||
REGISTER_ALG(sha2_224_alg, shash, linuxkm_test_sha2_224);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256
|
||||
REGISTER_ALG(sha2_256_alg, crypto_register_shash, linuxkm_test_sha2_256);
|
||||
REGISTER_ALG(sha2_256_alg, shash, linuxkm_test_sha2_256);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384
|
||||
REGISTER_ALG(sha2_384_alg, crypto_register_shash, linuxkm_test_sha2_384);
|
||||
REGISTER_ALG(sha2_384_alg, shash, linuxkm_test_sha2_384);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512
|
||||
REGISTER_ALG(sha2_512_alg, crypto_register_shash, linuxkm_test_sha2_512);
|
||||
REGISTER_ALG(sha2_512_alg, shash, linuxkm_test_sha2_512);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224
|
||||
REGISTER_ALG(sha3_224_alg, crypto_register_shash, linuxkm_test_sha3_224);
|
||||
REGISTER_ALG(sha3_224_alg, shash, linuxkm_test_sha3_224);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256
|
||||
REGISTER_ALG(sha3_256_alg, crypto_register_shash, linuxkm_test_sha3_256);
|
||||
REGISTER_ALG(sha3_256_alg, shash, linuxkm_test_sha3_256);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384
|
||||
REGISTER_ALG(sha3_384_alg, crypto_register_shash, linuxkm_test_sha3_384);
|
||||
REGISTER_ALG(sha3_384_alg, shash, linuxkm_test_sha3_384);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512
|
||||
REGISTER_ALG(sha3_512_alg, crypto_register_shash, linuxkm_test_sha3_512);
|
||||
REGISTER_ALG(sha3_512_alg, shash, linuxkm_test_sha3_512);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
|
||||
REGISTER_ALG(sha1_hmac_alg, crypto_register_shash, linuxkm_test_sha1_hmac);
|
||||
REGISTER_ALG(sha1_hmac_alg, shash, linuxkm_test_sha1_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
|
||||
REGISTER_ALG(sha2_224_hmac_alg, crypto_register_shash, linuxkm_test_sha2_224_hmac);
|
||||
REGISTER_ALG(sha2_224_hmac_alg, shash, linuxkm_test_sha2_224_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
|
||||
REGISTER_ALG(sha2_256_hmac_alg, crypto_register_shash, linuxkm_test_sha2_256_hmac);
|
||||
REGISTER_ALG(sha2_256_hmac_alg, shash, linuxkm_test_sha2_256_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
|
||||
REGISTER_ALG(sha2_384_hmac_alg, crypto_register_shash, linuxkm_test_sha2_384_hmac);
|
||||
REGISTER_ALG(sha2_384_hmac_alg, shash, linuxkm_test_sha2_384_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
|
||||
REGISTER_ALG(sha2_512_hmac_alg, crypto_register_shash, linuxkm_test_sha2_512_hmac);
|
||||
REGISTER_ALG(sha2_512_hmac_alg, shash, linuxkm_test_sha2_512_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC
|
||||
REGISTER_ALG(sha3_224_hmac_alg, crypto_register_shash, linuxkm_test_sha3_224_hmac);
|
||||
REGISTER_ALG(sha3_224_hmac_alg, shash, linuxkm_test_sha3_224_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC
|
||||
REGISTER_ALG(sha3_256_hmac_alg, crypto_register_shash, linuxkm_test_sha3_256_hmac);
|
||||
REGISTER_ALG(sha3_256_hmac_alg, shash, linuxkm_test_sha3_256_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC
|
||||
REGISTER_ALG(sha3_384_hmac_alg, crypto_register_shash, linuxkm_test_sha3_384_hmac);
|
||||
REGISTER_ALG(sha3_384_hmac_alg, shash, linuxkm_test_sha3_384_hmac);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC
|
||||
REGISTER_ALG(sha3_512_hmac_alg, crypto_register_shash, linuxkm_test_sha3_512_hmac);
|
||||
REGISTER_ALG(sha3_512_hmac_alg, shash, linuxkm_test_sha3_512_hmac);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
/* special installation handler for wc_linuxkm_drbg, to conditionally
|
||||
* install it as the system-wide default rng.
|
||||
*/
|
||||
if (! wc_linuxkm_drbg_loaded) {
|
||||
ret = wc_linuxkm_drbg_startup();
|
||||
if (ret == 0)
|
||||
++linuxkm_lkcapi_n_registered;
|
||||
else
|
||||
seen_err = ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
|
||||
#if defined(LINUXKM_ECC192)
|
||||
REGISTER_ALG(ecdsa_nist_p192, crypto_register_akcipher,
|
||||
REGISTER_ALG(ecdsa_nist_p192, akcipher,
|
||||
linuxkm_test_ecdsa_nist_p192);
|
||||
#endif /* LINUXKM_ECC192 */
|
||||
|
||||
REGISTER_ALG(ecdsa_nist_p256, crypto_register_akcipher,
|
||||
REGISTER_ALG(ecdsa_nist_p256, akcipher,
|
||||
linuxkm_test_ecdsa_nist_p256);
|
||||
|
||||
REGISTER_ALG(ecdsa_nist_p384, crypto_register_akcipher,
|
||||
REGISTER_ALG(ecdsa_nist_p384, akcipher,
|
||||
linuxkm_test_ecdsa_nist_p384);
|
||||
|
||||
#if defined(HAVE_ECC521)
|
||||
REGISTER_ALG(ecdsa_nist_p521, crypto_register_akcipher,
|
||||
REGISTER_ALG(ecdsa_nist_p521, akcipher,
|
||||
linuxkm_test_ecdsa_nist_p521);
|
||||
#endif /* HAVE_ECC521 */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_ECDH
|
||||
#if defined(LINUXKM_ECC192)
|
||||
REGISTER_ALG(ecdh_nist_p192, crypto_register_kpp,
|
||||
REGISTER_ALG(ecdh_nist_p192, kpp,
|
||||
linuxkm_test_ecdh_nist_p192);
|
||||
#endif /* LINUXKM_ECC192 */
|
||||
|
||||
REGISTER_ALG(ecdh_nist_p256, crypto_register_kpp,
|
||||
REGISTER_ALG(ecdh_nist_p256, kpp,
|
||||
linuxkm_test_ecdh_nist_p256);
|
||||
|
||||
REGISTER_ALG(ecdh_nist_p384, crypto_register_kpp,
|
||||
REGISTER_ALG(ecdh_nist_p384, kpp,
|
||||
linuxkm_test_ecdh_nist_p384);
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_RSA
|
||||
#if defined(LINUXKM_DIRECT_RSA)
|
||||
REGISTER_ALG(direct_rsa, crypto_register_akcipher, linuxkm_test_rsa);
|
||||
REGISTER_ALG(direct_rsa, akcipher, linuxkm_test_rsa);
|
||||
#endif /* LINUXKM_DIRECT_RSA */
|
||||
#ifndef NO_SHA256
|
||||
REGISTER_ALG(pkcs1_sha256, crypto_register_akcipher,
|
||||
REGISTER_ALG(pkcs1_sha256, akcipher,
|
||||
linuxkm_test_pkcs1_sha256);
|
||||
#endif /* !NO_SHA256 */
|
||||
#ifdef WOLFSSL_SHA512
|
||||
REGISTER_ALG(pkcs1_sha512, crypto_register_akcipher,
|
||||
REGISTER_ALG(pkcs1_sha512, akcipher,
|
||||
linuxkm_test_pkcs1_sha512);
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_DH
|
||||
#ifdef LINUXKM_DH
|
||||
REGISTER_ALG(dh, crypto_register_kpp, linuxkm_test_dh);
|
||||
REGISTER_ALG(dh, kpp, linuxkm_test_dh);
|
||||
#endif /* LINUXKM_DH */
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
REGISTER_ALG(ffdhe2048, crypto_register_kpp, linuxkm_test_ffdhe2048);
|
||||
REGISTER_ALG(ffdhe2048, kpp, linuxkm_test_ffdhe2048);
|
||||
#endif /* HAVE_FFDHE_2048 */
|
||||
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
REGISTER_ALG(ffdhe3072, crypto_register_kpp, linuxkm_test_ffdhe3072);
|
||||
REGISTER_ALG(ffdhe3072, kpp, linuxkm_test_ffdhe3072);
|
||||
#endif /* HAVE_FFDHE_3072 */
|
||||
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
REGISTER_ALG(ffdhe4096, crypto_register_kpp, linuxkm_test_ffdhe4096);
|
||||
REGISTER_ALG(ffdhe4096, kpp, linuxkm_test_ffdhe4096);
|
||||
#endif /* HAVE_FFDHE_4096 */
|
||||
|
||||
#ifdef HAVE_FFDHE_6144
|
||||
REGISTER_ALG(ffdhe6144, crypto_register_kpp, linuxkm_test_ffdhe6144);
|
||||
REGISTER_ALG(ffdhe6144, kpp, linuxkm_test_ffdhe6144);
|
||||
#endif /* HAVE_FFDHE_6144 */
|
||||
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
REGISTER_ALG(ffdhe8192, crypto_register_kpp, linuxkm_test_ffdhe8192);
|
||||
REGISTER_ALG(ffdhe8192, kpp, linuxkm_test_ffdhe8192);
|
||||
#endif /* HAVE_FFDHE_8192 */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
|
||||
|
||||
#undef REGISTER_ALG
|
||||
|
||||
out:
|
||||
|
||||
#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
|
||||
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
|
||||
if (enabled_fips)
|
||||
@ -554,155 +642,232 @@ static int linuxkm_lkcapi_register(void)
|
||||
disable_setkey_warnings = 0;
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
pr_info("wolfCrypt: %d algorithm%s registered.", linuxkm_lkcapi_n_registered,
|
||||
linuxkm_lkcapi_n_registered == 1 ? "" : "s");
|
||||
|
||||
if (ret == -1) {
|
||||
/* no installations occurred */
|
||||
if (linuxkm_lkcapi_registered)
|
||||
return -EEXIST;
|
||||
else {
|
||||
linuxkm_lkcapi_registered = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* flag that linuxkm_lkcapi_register has been called, even if an error
|
||||
* occurred.
|
||||
*/
|
||||
linuxkm_lkcapi_registered = 1;
|
||||
return seen_err;
|
||||
}
|
||||
}
|
||||
|
||||
static void linuxkm_lkcapi_unregister(void)
|
||||
static int linuxkm_lkcapi_unregister(void)
|
||||
{
|
||||
#define UNREGISTER_ALG(alg, uninstaller) do { \
|
||||
int seen_err = 0;
|
||||
int n_deregistered = 0;
|
||||
|
||||
if (linuxkm_lkcapi_n_registered == 0)
|
||||
return -ENOENT;
|
||||
|
||||
#define UNREGISTER_ALG(alg, alg_class) \
|
||||
do { \
|
||||
if (alg ## _loaded) { \
|
||||
(uninstaller)(&(alg)); \
|
||||
if (alg.base.cra_flags & CRYPTO_ALG_DEAD) { \
|
||||
pr_err("alg %s already CRYPTO_ALG_DEAD.", \
|
||||
alg.base.cra_driver_name); \
|
||||
alg ## _loaded = 0; \
|
||||
++n_deregistered; \
|
||||
} \
|
||||
else { \
|
||||
int cur_refcnt = \
|
||||
WC_LKM_REFCOUNT_TO_INT(alg.base.cra_refcnt); \
|
||||
if (cur_refcnt == 1) { \
|
||||
(crypto_unregister_ ## alg_class)(&(alg)); \
|
||||
if (! (alg.base.cra_flags & CRYPTO_ALG_DEAD)) { \
|
||||
pr_err("ERROR: alg %s not _DEAD after " \
|
||||
"crypto_unregister_%s -- " \
|
||||
"leaving marked as loaded.", \
|
||||
(alg).base.cra_driver_name, \
|
||||
#alg_class); \
|
||||
seen_err = -EBUSY; \
|
||||
} else { \
|
||||
alg ## _loaded = 0; \
|
||||
++n_deregistered; \
|
||||
} \
|
||||
} \
|
||||
else { \
|
||||
pr_err("alg %s cannot be uninstalled (refcnt = %d)", \
|
||||
alg.base.cra_driver_name, cur_refcnt); \
|
||||
if (cur_refcnt > 0) { seen_err = -EBUSY; } \
|
||||
} \
|
||||
} \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
|
||||
UNREGISTER_ALG(cbcAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(cbcAesAlg, skcipher);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
|
||||
UNREGISTER_ALG(cfbAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(cfbAesAlg, skcipher);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
|
||||
UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
|
||||
UNREGISTER_ALG(gcmAesAead, aead);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
|
||||
UNREGISTER_ALG(gcmAesAead_rfc4106, crypto_unregister_aead);
|
||||
UNREGISTER_ALG(gcmAesAead_rfc4106, aead);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
|
||||
UNREGISTER_ALG(xtsAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(xtsAesAlg, skcipher);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
|
||||
UNREGISTER_ALG(ctrAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(ctrAesAlg, skcipher);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
|
||||
UNREGISTER_ALG(ofbAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(ofbAesAlg, skcipher);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
|
||||
UNREGISTER_ALG(ecbAesAlg, crypto_unregister_skcipher);
|
||||
UNREGISTER_ALG(ecbAesAlg, skcipher);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
|
||||
UNREGISTER_ALG(sha1_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha1_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224
|
||||
UNREGISTER_ALG(sha2_224_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_224_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256
|
||||
UNREGISTER_ALG(sha2_256_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_256_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384
|
||||
UNREGISTER_ALG(sha2_384_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_384_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512
|
||||
UNREGISTER_ALG(sha2_512_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_512_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224
|
||||
UNREGISTER_ALG(sha3_224_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_224_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256
|
||||
UNREGISTER_ALG(sha3_256_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_256_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384
|
||||
UNREGISTER_ALG(sha3_384_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_384_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512
|
||||
UNREGISTER_ALG(sha3_512_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_512_alg, shash);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
|
||||
UNREGISTER_ALG(sha1_hmac_alg, crypto_unregister_shash);
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
|
||||
UNREGISTER_ALG(sha1_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
|
||||
UNREGISTER_ALG(sha2_224_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_224_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
|
||||
UNREGISTER_ALG(sha2_256_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_256_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
|
||||
UNREGISTER_ALG(sha2_384_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_384_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
|
||||
UNREGISTER_ALG(sha2_512_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha2_512_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC
|
||||
UNREGISTER_ALG(sha3_224_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_224_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC
|
||||
UNREGISTER_ALG(sha3_256_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_256_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC
|
||||
UNREGISTER_ALG(sha3_384_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_384_hmac_alg, shash);
|
||||
#endif
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC
|
||||
UNREGISTER_ALG(sha3_512_hmac_alg, crypto_unregister_shash);
|
||||
UNREGISTER_ALG(sha3_512_hmac_alg, shash);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
/* special deinstallation handler for wc_linuxkm_drbg, to deinstall it as
|
||||
* the system-wide default rng.
|
||||
*/
|
||||
if (wc_linuxkm_drbg_loaded) {
|
||||
int ret = wc_linuxkm_drbg_cleanup();
|
||||
if (ret == 0)
|
||||
++n_deregistered;
|
||||
else
|
||||
seen_err = ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
|
||||
#if defined(LINUXKM_ECC192)
|
||||
UNREGISTER_ALG(ecdsa_nist_p192, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(ecdsa_nist_p192, akcipher);
|
||||
#endif /* LINUXKM_ECC192 */
|
||||
UNREGISTER_ALG(ecdsa_nist_p256, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(ecdsa_nist_p384, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(ecdsa_nist_p256, akcipher);
|
||||
UNREGISTER_ALG(ecdsa_nist_p384, akcipher);
|
||||
#if defined(HAVE_ECC521)
|
||||
UNREGISTER_ALG(ecdsa_nist_p521, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(ecdsa_nist_p521, akcipher);
|
||||
#endif /* HAVE_ECC521 */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_ECDH
|
||||
#if defined(LINUXKM_ECC192)
|
||||
UNREGISTER_ALG(ecdh_nist_p192, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ecdh_nist_p192, kpp);
|
||||
#endif /* LINUXKM_ECC192 */
|
||||
UNREGISTER_ALG(ecdh_nist_p256, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ecdh_nist_p384, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ecdh_nist_p256, kpp);
|
||||
UNREGISTER_ALG(ecdh_nist_p384, kpp);
|
||||
/* no ecdh p521 in kernel. */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_RSA
|
||||
#if defined(LINUXKM_DIRECT_RSA)
|
||||
UNREGISTER_ALG(direct_rsa, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(direct_rsa, akcipher);
|
||||
#endif /* LINUXKM_DIRECT_RSA */
|
||||
#ifndef NO_SHA256
|
||||
UNREGISTER_ALG(pkcs1_sha256, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(pkcs1_sha256, akcipher);
|
||||
#endif /* !NO_SHA256 */
|
||||
#ifdef WOLFSSL_SHA512
|
||||
UNREGISTER_ALG(pkcs1_sha512, crypto_unregister_akcipher);
|
||||
UNREGISTER_ALG(pkcs1_sha512, akcipher);
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_DH
|
||||
#ifdef LINUXKM_DH
|
||||
UNREGISTER_ALG(dh, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(dh, kpp);
|
||||
#endif /* LINUXKM_DH */
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
UNREGISTER_ALG(ffdhe2048, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ffdhe2048, kpp);
|
||||
#endif /* HAVE_FFDHE_2048 */
|
||||
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
UNREGISTER_ALG(ffdhe3072, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ffdhe3072, kpp);
|
||||
#endif /* HAVE_FFDHE_3072 */
|
||||
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
UNREGISTER_ALG(ffdhe4096, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ffdhe4096, kpp);
|
||||
#endif /* HAVE_FFDHE_4096 */
|
||||
|
||||
#ifdef HAVE_FFDHE_6144
|
||||
UNREGISTER_ALG(ffdhe6144, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ffdhe6144, kpp);
|
||||
#endif /* HAVE_FFDHE_6144 */
|
||||
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
UNREGISTER_ALG(ffdhe8192, crypto_unregister_kpp);
|
||||
UNREGISTER_ALG(ffdhe8192, kpp);
|
||||
#endif /* HAVE_FFDHE_8192 */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
|
||||
|
||||
#undef UNREGISTER_ALG
|
||||
|
||||
linuxkm_lkcapi_n_registered -= n_deregistered;
|
||||
pr_info("wolfCrypt: %d algorithm%s deregistered, %d remain%s registered.",
|
||||
n_deregistered, n_deregistered == 1 ? "" : "s",
|
||||
linuxkm_lkcapi_n_registered, linuxkm_lkcapi_n_registered == 1 ? "s" : "");
|
||||
|
||||
if (linuxkm_lkcapi_n_registered > 0)
|
||||
return -EBUSY;
|
||||
|
||||
linuxkm_lkcapi_registered = 0;
|
||||
|
||||
return seen_err;
|
||||
}
|
||||
|
||||
@ -1411,7 +1411,7 @@ test_rsa_end:
|
||||
static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
int hash_oid, word32 hash_len)
|
||||
{
|
||||
int test_rc = -1;
|
||||
int test_rc = WC_NO_ERR_TRACE(WC_FAILURE);
|
||||
int ret = 0;
|
||||
struct crypto_akcipher * tfm = NULL;
|
||||
struct akcipher_request * req = NULL;
|
||||
@ -1450,6 +1450,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
hash = malloc(WC_SHA512_DIGEST_SIZE);
|
||||
if (! hash) {
|
||||
pr_err("error: allocating hash buffer failed.\n");
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1458,12 +1459,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
hash, hash_len);
|
||||
if (ret) {
|
||||
pr_err("error: wc_Hash returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
key = (RsaKey*)malloc(sizeof(RsaKey));
|
||||
if (key == NULL) {
|
||||
pr_err("error: allocating key(%zu) failed\n", sizeof(RsaKey));
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1480,6 +1483,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = wc_InitRsaKey(key, NULL);
|
||||
if (ret) {
|
||||
pr_err("error: init rsa key returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
init_key = 1;
|
||||
@ -1488,6 +1492,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = wc_RsaSetRNG(key, &rng);
|
||||
if (ret) {
|
||||
pr_err("error: rsa set rng returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
#endif /* WC_RSA_BLINDING */
|
||||
@ -1495,18 +1500,21 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
|
||||
if (ret) {
|
||||
pr_err("error: make rsa key returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
key_len = wc_RsaEncryptSize(key);
|
||||
if (key_len <= 0) {
|
||||
pr_err("error: rsa encrypt size returned: %d\n", key_len);
|
||||
test_rc = key_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
sig = (byte*)malloc(key_len);
|
||||
if (sig == NULL) {
|
||||
pr_err("error: allocating sig(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(sig, 0, key_len);
|
||||
@ -1514,6 +1522,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
km_sig = (byte*)malloc(key_len);
|
||||
if (km_sig == NULL) {
|
||||
pr_err("error: allocating km_sig(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(km_sig, 0, key_len);
|
||||
@ -1521,6 +1530,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
enc = (byte*)malloc(key_len);
|
||||
if (enc == NULL) {
|
||||
pr_err("error: allocating enc(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(enc, 0, key_len);
|
||||
@ -1528,6 +1538,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
dec = (byte*)malloc(key_len + 1);
|
||||
if (dec == NULL) {
|
||||
pr_err("error: allocating dec(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(dec, 0, key_len + 1);
|
||||
@ -1535,6 +1546,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
enc2 = (byte*)malloc(key_len);
|
||||
if (enc2 == NULL) {
|
||||
pr_err("error: allocating enc2(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(enc2, 0, key_len);
|
||||
@ -1542,6 +1554,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
dec2 = (byte*)malloc(key_len + 1);
|
||||
if (dec2 == NULL) {
|
||||
pr_err("error: allocating dec2(%d) failed\n", key_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
memset(dec2, 0, key_len + 1);
|
||||
@ -1552,12 +1565,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
priv_len = wc_RsaKeyToDer(key, NULL, 0);
|
||||
if (priv_len <= 0) {
|
||||
pr_err("error: rsa priv to der returned: %d\n", priv_len);
|
||||
test_rc = priv_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
priv = (byte*)malloc(priv_len);
|
||||
if (priv == NULL) {
|
||||
pr_err("error: allocating priv(%d) failed\n", priv_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1566,6 +1581,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
priv_len = wc_RsaKeyToDer(key, priv, priv_len);
|
||||
if (priv_len <= 0) {
|
||||
pr_err("error: rsa priv to der returned: %d\n", priv_len);
|
||||
test_rc = priv_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1573,12 +1589,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
pub_len = wc_RsaKeyToPublicDer(key, NULL, 0);
|
||||
if (pub_len <= 0) {
|
||||
pr_err("error: rsa pub to der returned: %d\n", pub_len);
|
||||
test_rc = pub_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
pub = (byte*)malloc(pub_len);
|
||||
if (pub == NULL) {
|
||||
pr_err("error: allocating pub(%d) failed\n", pub_len);
|
||||
test_rc = MEMORY_E;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1587,6 +1605,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
pub_len = wc_RsaKeyToPublicDer(key, pub, pub_len);
|
||||
if (pub_len <= 0) {
|
||||
pr_err("error: rsa pub to der returned: %d\n", pub_len);
|
||||
test_rc = pub_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1598,12 +1617,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
enc_len = wc_EncodeSignature(enc, hash, hash_len, hash_oid);
|
||||
if (enc_len <= 0) {
|
||||
pr_err("error: wc_EncodeSignature returned: %d\n", enc_len);
|
||||
test_rc = enc_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
sig_len = wc_RsaSSL_Sign(enc, enc_len, sig, key_len, key, &rng);
|
||||
if (sig_len <= 0) {
|
||||
pr_err("error: wc_RsaSSL_Sign returned: %d\n", sig_len);
|
||||
test_rc = sig_len;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1612,6 +1633,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
if (ret <= 0 || ret != (int) enc_len) {
|
||||
pr_err("error: wc_RsaSSL_Verify returned %d, expected %d\n" , ret,
|
||||
enc_len);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1619,6 +1641,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
n_diff = memcmp(dec, enc, enc_len);
|
||||
if (n_diff) {
|
||||
pr_err("error: decrypt doesn't match plain: %d\n", n_diff);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1631,6 +1654,10 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
|
||||
driver, PTR_ERR(tfm));
|
||||
tfm = NULL;
|
||||
if (PTR_ERR(tfm) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1639,6 +1666,10 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
pr_err("error: allocating akcipher request %s failed\n",
|
||||
driver);
|
||||
req = NULL;
|
||||
if (PTR_ERR(req) == -ENOMEM)
|
||||
test_rc = MEMORY_E;
|
||||
else
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1649,6 +1680,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_set_priv_key(tfm, priv, priv_len);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_set_priv_key returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1657,6 +1689,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
if (maxsize != key_len) {
|
||||
pr_err("error: crypto_akcipher_maxsize "
|
||||
"returned %d, expected %d\n", maxsize, key_len);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
}
|
||||
@ -1670,6 +1703,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_sign(req);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_sign returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1677,6 +1711,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_set_pub_key(tfm, pub + 24, pub_len - 24);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_set_pub_key returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1685,17 +1720,19 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
if (maxsize != key_len) {
|
||||
pr_err("error: crypto_akcipher_maxsize "
|
||||
"returned %d, expected %d\n", maxsize, key_len);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
/*
|
||||
* Set sig as src, and null as dst.
|
||||
* src_tab is:
|
||||
* src_tab[0]: signature
|
||||
* src_tab[1]: message (digest)
|
||||
*
|
||||
* src_len is sig size plus digest size. */
|
||||
* src_len is sig size plus digest size.
|
||||
*/
|
||||
sg_init_table(src_tab, 2);
|
||||
sg_set_buf(&src_tab[0], km_sig, key_len);
|
||||
sg_set_buf(&src_tab[1], hash, hash_len);
|
||||
@ -1706,6 +1743,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_verify(req);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_verify returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1713,12 +1751,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = wc_RsaSSL_Verify(km_sig, key_len, dec, key_len, key);
|
||||
if (ret <= 0) {
|
||||
pr_err("error: wc_RsaSSL_Verify returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
n_diff = memcmp(km_sig, sig, sig_len);
|
||||
if (n_diff) {
|
||||
pr_err("error: km-sig doesn't match sig: %d\n", n_diff);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1726,13 +1766,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
n_diff = memcmp(dec, enc, enc_len);
|
||||
if (n_diff) {
|
||||
pr_err("error: decrypt doesn't match plain: %d\n", n_diff);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
#endif /* !LINUXKM_AKCIPHER_NO_SIGNVERIFY */
|
||||
|
||||
/**
|
||||
/*
|
||||
* pkcs1 encrypt and ecrypt test
|
||||
* */
|
||||
*/
|
||||
memset(enc, 0, key_len);
|
||||
memset(enc2, 0, key_len);
|
||||
memset(dec, 0, key_len);
|
||||
@ -1750,12 +1791,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_set_pub_key(tfm, pub + 24, pub_len - 24);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_set_pub_key returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
ret = crypto_akcipher_encrypt(req);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_encrypt returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1764,6 +1807,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
|
||||
if (unlikely(ret != (int) key_len)) {
|
||||
pr_err("error: wc_RsaPublicEncrypt returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1778,12 +1822,14 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
ret = crypto_akcipher_set_priv_key(tfm, priv, priv_len);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_set_priv_key returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
ret = crypto_akcipher_decrypt(req);
|
||||
if (ret) {
|
||||
pr_err("error: crypto_akcipher_decrypt returned: %d\n", ret);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
@ -1791,18 +1837,21 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
|
||||
sizeof(p_vector), key);
|
||||
if (ret != (int) sizeof(p_vector)) {
|
||||
pr_err("error: wc_RsaPrivateDecrypt returned: %d\n", ret);
|
||||
test_rc = ret;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
n_diff = memcmp(dec, dec2, sizeof(p_vector));
|
||||
if (n_diff) {
|
||||
pr_err("error: decrypt don't match: %d\n", n_diff);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
n_diff = memcmp(dec, p_vector, sizeof(p_vector));
|
||||
if (n_diff) {
|
||||
pr_err("error: decrypt doesn't match plaintext: %d\n", n_diff);
|
||||
test_rc = BAD_FUNC_ARG;
|
||||
goto test_pkcs1_end;
|
||||
}
|
||||
|
||||
|
||||
@ -33,6 +33,7 @@
|
||||
#define WOLFKM_SHA3_256_NAME "sha3-256"
|
||||
#define WOLFKM_SHA3_384_NAME "sha3-384"
|
||||
#define WOLFKM_SHA3_512_NAME "sha3-512"
|
||||
|
||||
#define WOLFKM_SHA1_HMAC_NAME "hmac(sha1)"
|
||||
#define WOLFKM_SHA2_224_HMAC_NAME "hmac(sha224)"
|
||||
#define WOLFKM_SHA2_256_HMAC_NAME "hmac(sha256)"
|
||||
@ -43,6 +44,8 @@
|
||||
#define WOLFKM_SHA3_384_HMAC_NAME "hmac(sha3-384)"
|
||||
#define WOLFKM_SHA3_512_HMAC_NAME "hmac(sha3-512)"
|
||||
|
||||
#define WOLFKM_STDRNG_NAME "stdrng"
|
||||
|
||||
#if defined(USE_INTEL_SPEEDUP)
|
||||
#define WOLFKM_SHA_DRIVER_ISA_EXT "-avx"
|
||||
#else
|
||||
@ -72,6 +75,8 @@
|
||||
#define WOLFKM_SHA3_384_HMAC_DRIVER ("hmac-sha3-384" WOLFKM_SHA_DRIVER_SUFFIX)
|
||||
#define WOLFKM_SHA3_512_HMAC_DRIVER ("hmac-sha3-512" WOLFKM_SHA_DRIVER_SUFFIX)
|
||||
|
||||
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg" WOLFKM_SHA_DRIVER_SUFFIX)
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2
|
||||
#define LINUXKM_LKCAPI_REGISTER_SHA2_224
|
||||
#define LINUXKM_LKCAPI_REGISTER_SHA2_256
|
||||
@ -274,6 +279,19 @@
|
||||
#error LINUXKM_LKCAPI_REGISTER for HMACs is supported only on Linux kernel versions >= 5.6.0.
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)) && \
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
#endif
|
||||
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
#endif
|
||||
#else
|
||||
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
#endif
|
||||
|
||||
struct km_sha_state {
|
||||
union {
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
|
||||
@ -417,7 +435,7 @@ static int linuxkm_test_ ## name(void) { \
|
||||
else { \
|
||||
wc_test_render_error_message("linuxkm_test_" #name " failed: ", \
|
||||
ret); \
|
||||
return -EINVAL; \
|
||||
return WC_TEST_RET_DEC_EC(ret); \
|
||||
} \
|
||||
} \
|
||||
\
|
||||
@ -519,7 +537,7 @@ static int linuxkm_test_ ## name(void) { \
|
||||
else { \
|
||||
wc_test_render_error_message("linuxkm_test_" #name " failed: ", \
|
||||
ret); \
|
||||
return -EINVAL; \
|
||||
return WC_TEST_RET_DEC_EC(ret); \
|
||||
} \
|
||||
} \
|
||||
\
|
||||
@ -602,9 +620,10 @@ WC_MAYBE_UNUSED static int linuxkm_hmac_setkey_common(struct crypto_shash *tfm,
|
||||
struct km_sha_hmac_pstate *p_ctx = (struct km_sha_hmac_pstate *)crypto_shash_ctx(tfm);
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
#if defined(HAVE_FIPS) && (FIPS_VERSION3_LT(6, 0, 0) || defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) || (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)))
|
||||
ret = wc_HmacSetKey(&p_ctx->wc_hmac, type, key, length);
|
||||
#else
|
||||
/* kernel 5.10.x crypto manager expects FIPS-undersized keys to succeed. */
|
||||
ret = wc_HmacSetKey_ex(&p_ctx->wc_hmac, type, key, length, 1 /* allowFlag */);
|
||||
#endif
|
||||
|
||||
@ -750,7 +769,7 @@ static int linuxkm_test_ ## name(void) { \
|
||||
else { \
|
||||
wc_test_render_error_message("linuxkm_test_" #name " failed: ", \
|
||||
ret); \
|
||||
return -EINVAL; \
|
||||
return WC_TEST_RET_DEC_EC(ret); \
|
||||
} \
|
||||
} \
|
||||
\
|
||||
@ -811,3 +830,315 @@ struct wc_swallow_the_semicolon
|
||||
WC_SHA3_512_BLOCK_SIZE, WOLFKM_SHA3_512_HMAC_NAME,
|
||||
WOLFKM_SHA3_512_HMAC_DRIVER, hmac_sha3_test_once);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
struct wc_linuxkm_drbg_ctx {
|
||||
wolfSSL_Mutex lock;
|
||||
WC_RNG rng;
|
||||
};
|
||||
|
||||
static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm)
|
||||
{
|
||||
struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_tfm_ctx(tfm);
|
||||
int ret;
|
||||
|
||||
ret = wc_InitMutex(&ctx->lock);
|
||||
if (ret != 0)
|
||||
return -EINVAL;
|
||||
|
||||
/* Note the new DRBG instance is seeded, and later reseeded, from system
|
||||
* get_random_bytes() via wc_GenerateSeed().
|
||||
*/
|
||||
ret = wc_InitRng(&ctx->rng);
|
||||
if (ret != 0) {
|
||||
(void)wc_FreeMutex(&ctx->lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void wc_linuxkm_drbg_exit_tfm(struct crypto_tfm *tfm)
|
||||
{
|
||||
struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_tfm_ctx(tfm);
|
||||
|
||||
wc_FreeRng(&ctx->rng);
|
||||
|
||||
(void)wc_FreeMutex(&ctx->lock);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm,
|
||||
const u8 *src, unsigned int slen,
|
||||
u8 *dst, unsigned int dlen)
|
||||
{
|
||||
struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm);
|
||||
int ret;
|
||||
|
||||
wc_LockMutex(&ctx->lock);
|
||||
|
||||
if (slen > 0) {
|
||||
ret = wc_RNG_DRBG_Reseed(&ctx->rng, src, slen);
|
||||
if (ret != 0) {
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ret = wc_RNG_GenerateBlock(&ctx->rng, dst, dlen);
|
||||
if (ret != 0)
|
||||
ret = -EINVAL;
|
||||
|
||||
out:
|
||||
|
||||
wc_UnLockMutex(&ctx->lock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
|
||||
const u8 *seed, unsigned int slen)
|
||||
{
|
||||
struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm);
|
||||
int ret;
|
||||
|
||||
if (slen == 0)
|
||||
return 0;
|
||||
|
||||
wc_LockMutex(&ctx->lock);
|
||||
|
||||
ret = wc_RNG_DRBG_Reseed(&ctx->rng, seed, slen);
|
||||
if (ret != 0) {
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
out:
|
||||
|
||||
wc_UnLockMutex(&ctx->lock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct rng_alg wc_linuxkm_drbg = {
|
||||
.generate = wc_linuxkm_drbg_generate,
|
||||
.seed = wc_linuxkm_drbg_seed,
|
||||
.seedsize = 0,
|
||||
.base = {
|
||||
.cra_name = WOLFKM_STDRNG_NAME,
|
||||
.cra_driver_name = WOLFKM_STDRNG_DRIVER,
|
||||
.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
|
||||
.cra_ctxsize = sizeof(struct wc_linuxkm_drbg_ctx),
|
||||
.cra_init = wc_linuxkm_drbg_init_tfm,
|
||||
.cra_exit = wc_linuxkm_drbg_exit_tfm,
|
||||
.cra_module = THIS_MODULE
|
||||
}
|
||||
};
|
||||
static int wc_linuxkm_drbg_loaded = 0;
|
||||
static int wc_linuxkm_drbg_default_instance_registered = 0;
|
||||
|
||||
WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void)
|
||||
{
|
||||
int ret;
|
||||
int cur_refcnt;
|
||||
|
||||
if (wc_linuxkm_drbg_loaded) {
|
||||
pr_err("wc_linuxkm_drbg_set_default called with wc_linuxkm_drbg_loaded.");
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
ret = random_test();
|
||||
if (ret) {
|
||||
pr_err("ERROR: self-test for %s failed "
|
||||
"with return code %d.\n",
|
||||
wc_linuxkm_drbg.base.cra_driver_name, ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
ret = crypto_register_rng(&wc_linuxkm_drbg);
|
||||
if (ret != 0) {
|
||||
pr_err("crypto_register_rng: %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
{
|
||||
struct crypto_rng *tfm = crypto_alloc_rng(wc_linuxkm_drbg.base.cra_name, 0, 0);
|
||||
if (IS_ERR(tfm)) {
|
||||
pr_err("error: allocating rng algorithm %s failed: %ld\n",
|
||||
wc_linuxkm_drbg.base.cra_name, PTR_ERR(tfm));
|
||||
ret = PTR_ERR(tfm);
|
||||
tfm = NULL;
|
||||
}
|
||||
else
|
||||
ret = 0;
|
||||
#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
|
||||
if (! ret) {
|
||||
const char *actual_driver_name = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
|
||||
if (strcmp(actual_driver_name, wc_linuxkm_drbg.base.cra_driver_name)) {
|
||||
pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
|
||||
wc_linuxkm_drbg.base.cra_name,
|
||||
actual_driver_name,
|
||||
wc_linuxkm_drbg.base.cra_driver_name);
|
||||
ret = -ENOENT;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (! ret) {
|
||||
u8 buf1[16], buf2[17];
|
||||
int i, j;
|
||||
|
||||
memset(buf1, 0, sizeof buf1);
|
||||
memset(buf2, 0, sizeof buf2);
|
||||
|
||||
ret = crypto_rng_generate(tfm, NULL, 0, buf1, (unsigned int)sizeof buf1);
|
||||
if (! ret)
|
||||
ret = crypto_rng_generate(tfm, buf1, (unsigned int)sizeof buf1, buf2, (unsigned int)sizeof buf2);
|
||||
if (! ret) {
|
||||
if (memcmp(buf1, buf2, sizeof buf1) == 0)
|
||||
ret = -EBADMSG;
|
||||
}
|
||||
|
||||
if (! ret) {
|
||||
/*
|
||||
* Given a correctly functioning PRNG (perfectly rectangular
|
||||
* PDF), There's a 94% chance that 17 random bytes will all be
|
||||
* nonzero, or a 6% chance that at least one of them will be
|
||||
* zero. Iterate up to 20 times to push that 6% chance to 1.5
|
||||
* E-24, an effective certainty on a functioning PRNG. With the
|
||||
* contributions from iterations on shorter blocks, the overall
|
||||
* expectation of failure is 2.13 E-24.
|
||||
*/
|
||||
for (i = 1; i <= (int)sizeof buf2; ++i) {
|
||||
for (j = 0; j < 20; ++j) {
|
||||
memset(buf2, 0, (size_t)i);
|
||||
ret = crypto_rng_generate(tfm, NULL, 0, buf2, (unsigned int)i);
|
||||
if (ret)
|
||||
break;
|
||||
ret = -EBADMSG;
|
||||
if (! memchr(buf2, 0, (size_t)i)) {
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ret)
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret)
|
||||
pr_err("wc_linuxkm_drbg_startup: PRNG quality test failed, block length %d, iters %d, ret %d",
|
||||
i, j, ret);
|
||||
}
|
||||
}
|
||||
|
||||
if (tfm)
|
||||
crypto_free_rng(tfm);
|
||||
|
||||
if (ret) {
|
||||
crypto_unregister_rng(&wc_linuxkm_drbg);
|
||||
return ret;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
wc_linuxkm_drbg_loaded = 1;
|
||||
|
||||
WOLFKM_INSTALL_NOTICE(wc_linuxkm_drbg);
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
ret = crypto_del_default_rng();
|
||||
if (ret) {
|
||||
pr_err("crypto_del_default_rng returned %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = crypto_get_default_rng();
|
||||
if (ret) {
|
||||
pr_err("crypto_get_default_rng returned %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
|
||||
if (cur_refcnt < 2) {
|
||||
pr_err("wc_linuxkm_drbg refcnt = %d after crypto_get_default_rng()", cur_refcnt);
|
||||
crypto_put_default_rng();
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (! crypto_default_rng) {
|
||||
pr_err("crypto_default_rng is null");
|
||||
crypto_put_default_rng();
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (strcmp(crypto_tfm_alg_driver_name(&crypto_default_rng->base), wc_linuxkm_drbg.base.cra_driver_name) == 0) {
|
||||
crypto_put_default_rng();
|
||||
wc_linuxkm_drbg_default_instance_registered = 1;
|
||||
pr_info("%s registered as systemwide default stdrng.", wc_linuxkm_drbg.base.cra_driver_name);
|
||||
pr_info("to unload module, first echo 1 > /sys/module/libwolfssl/deinstall_algs");
|
||||
}
|
||||
else {
|
||||
pr_err("%s NOT registered as systemwide default stdrng -- found \"%s\".", wc_linuxkm_drbg.base.cra_driver_name, crypto_tfm_alg_driver_name(&crypto_default_rng->base));
|
||||
crypto_put_default_rng();
|
||||
return -EINVAL;
|
||||
}
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) {
|
||||
int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
|
||||
int ret;
|
||||
|
||||
if (! wc_linuxkm_drbg_loaded) {
|
||||
pr_err("wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (cur_refcnt - wc_linuxkm_drbg_default_instance_registered != 1) {
|
||||
pr_err("wc_linuxkm_drbg_cleanup called with refcnt = %d, with wc_linuxkm_drbg %sset as default rng",
|
||||
cur_refcnt, wc_linuxkm_drbg_default_instance_registered ? "" : "not ");
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
/* The below is racey, but the kernel doesn't provide any other way. It's
|
||||
* written to be retryable.
|
||||
*/
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
if (wc_linuxkm_drbg_default_instance_registered) {
|
||||
ret = crypto_del_default_rng();
|
||||
if (ret) {
|
||||
pr_err("crypto_del_default_rng failed: %d", ret);
|
||||
return ret;
|
||||
}
|
||||
cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
|
||||
if (cur_refcnt != 1) {
|
||||
pr_err("wc_linuxkm_drbg refcnt = %d after crypto_del_default_rng()", cur_refcnt);
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */
|
||||
|
||||
crypto_unregister_rng(&wc_linuxkm_drbg);
|
||||
|
||||
if (! (wc_linuxkm_drbg.base.cra_flags & CRYPTO_ALG_DEAD)) {
|
||||
pr_err("wc_linuxkm_drbg_cleanup: after crypto_unregister_rng, wc_linuxkm_drbg isn't dead.");
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
wc_linuxkm_drbg_default_instance_registered = 0;
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */
|
||||
|
||||
wc_linuxkm_drbg_loaded = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG */
|
||||
|
||||
@ -45,6 +45,22 @@
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
|
||||
enum linux_errcodes {
|
||||
my_EINVAL = EINVAL,
|
||||
my_ENOMEM = ENOMEM,
|
||||
my_EBADMSG = EBADMSG
|
||||
};
|
||||
|
||||
#undef EINVAL
|
||||
#undef ENOMEM
|
||||
#undef EBADMSG
|
||||
|
||||
#define EINVAL WC_ERR_TRACE(my_EINVAL)
|
||||
#define ENOMEM WC_ERR_TRACE(my_ENOMEM)
|
||||
#define EBADMSG WC_ERR_TRACE(my_EBADMSG)
|
||||
#endif
|
||||
|
||||
static int libwolfssl_cleanup(void) {
|
||||
int ret;
|
||||
#ifdef WOLFCRYPT_ONLY
|
||||
@ -117,6 +133,37 @@ static int updateFipsHash(void);
|
||||
extern int wolfcrypt_benchmark_main(int argc, char** argv);
|
||||
#endif /* WOLFSSL_LINUXKM_BENCHMARKS */
|
||||
|
||||
WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_install_node(struct kobj_attribute *node, int *installed_flag)
|
||||
{
|
||||
if ((installed_flag == NULL) || (! *installed_flag)) {
|
||||
int ret = sysfs_create_file(&THIS_MODULE->mkobj.kobj, &node->attr);
|
||||
if (ret) {
|
||||
pr_err("sysfs_create_file failed for %s: %d\n", node->attr.name, ret);
|
||||
return ret;
|
||||
}
|
||||
if (installed_flag)
|
||||
*installed_flag = 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_deinstall_node(struct kobj_attribute *node, int *installed_flag)
|
||||
{
|
||||
if ((installed_flag == NULL) || *installed_flag) {
|
||||
sysfs_remove_file(&THIS_MODULE->mkobj.kobj, &node->attr);
|
||||
if (installed_flag)
|
||||
*installed_flag = 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
const char *buf, size_t count);
|
||||
static struct kobj_attribute FIPS_rerun_self_test_attr = __ATTR(FIPS_rerun_self_test, 0220, NULL, FIPS_rerun_self_test_handler);
|
||||
static int installed_sysfs_FIPS_files = 0;
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER
|
||||
#include "linuxkm/lkcapi_glue.c"
|
||||
#endif
|
||||
@ -316,6 +363,16 @@ static int wolfssl_init(void)
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND
|
||||
ret = linuxkm_lkcapi_sysfs_install();
|
||||
|
||||
if (ret) {
|
||||
pr_err("linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret);
|
||||
(void)libwolfssl_cleanup();
|
||||
msleep(10);
|
||||
return -ECANCELED;
|
||||
}
|
||||
#else /* !LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND */
|
||||
ret = linuxkm_lkcapi_register();
|
||||
|
||||
if (ret) {
|
||||
@ -325,6 +382,11 @@ static int wolfssl_init(void)
|
||||
msleep(10);
|
||||
return -ECANCELED;
|
||||
}
|
||||
#endif /* !LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND */
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER */
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
(void)linuxkm_lkcapi_sysfs_install_node(&FIPS_rerun_self_test_attr, &installed_sysfs_FIPS_files);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_LINUXKM_BENCHMARKS
|
||||
@ -364,8 +426,13 @@ static void __exit wolfssl_exit(void)
|
||||
static void wolfssl_exit(void)
|
||||
#endif
|
||||
{
|
||||
#ifdef HAVE_FIPS
|
||||
(void)linuxkm_lkcapi_sysfs_deinstall_node(&FIPS_rerun_self_test_attr, &installed_sysfs_FIPS_files);
|
||||
#endif
|
||||
|
||||
#ifdef LINUXKM_LKCAPI_REGISTER
|
||||
linuxkm_lkcapi_unregister();
|
||||
(void)linuxkm_lkcapi_unregister();
|
||||
(void)linuxkm_lkcapi_sysfs_deinstall();
|
||||
#endif
|
||||
|
||||
(void)libwolfssl_cleanup();
|
||||
@ -840,3 +907,47 @@ static int updateFipsHash(void)
|
||||
}
|
||||
|
||||
#endif /* WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE */
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
|
||||
static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
const char *buf, size_t count)
|
||||
{
|
||||
int arg;
|
||||
int ret;
|
||||
|
||||
(void)kobj;
|
||||
(void)attr;
|
||||
|
||||
if (kstrtoint(buf, 10, &arg) || arg != 1)
|
||||
return -EINVAL;
|
||||
|
||||
pr_info("wolfCrypt: rerunning FIPS self-test on command.");
|
||||
|
||||
ret = wolfCrypt_IntegrityTest_fips();
|
||||
if (ret != 0) {
|
||||
pr_err("wolfCrypt_IntegrityTest_fips: error %d", ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
ret = wolfCrypt_GetStatus_fips();
|
||||
if (ret != 0) {
|
||||
pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
|
||||
if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E))
|
||||
return -ELIBBAD;
|
||||
else
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
ret = wc_RunAllCast_fips();
|
||||
if (ret != 0) {
|
||||
pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
pr_info("wolfCrypt FIPS re-self-test succeeded: all algorithms verified and available.");
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
@ -420,15 +420,33 @@ WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
|
||||
}
|
||||
}
|
||||
|
||||
if (irq_fpu_usable())
|
||||
#if defined(TIF_NEED_FPU_LOAD) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 180)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0))) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 39)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)))
|
||||
/* Work around a kernel bug -- see linux commit 59f5ede3bc0f0.
|
||||
* irq_fpu_usable() on these older kernels can incorrectly return true,
|
||||
* leading to an impermissible recursive kernel_fpu_begin() that
|
||||
* corrupts the register state. What we really want here is
|
||||
* this_cpu_read(in_kernel_fpu), but in_kernel_fpu is an unexported
|
||||
* static array.
|
||||
*/
|
||||
if (irq_fpu_usable() && !test_thread_flag(TIF_NEED_FPU_LOAD))
|
||||
return 1;
|
||||
else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0))
|
||||
return 0;
|
||||
#ifdef TIF_NEED_FPU_LOAD
|
||||
else if (test_thread_flag(TIF_NEED_FPU_LOAD))
|
||||
return 1;
|
||||
#endif
|
||||
else
|
||||
return 0;
|
||||
#else
|
||||
if (irq_fpu_usable())
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
WARN_UNUSED_RESULT int save_vector_registers_x86(void)
|
||||
@ -463,15 +481,29 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
|
||||
}
|
||||
|
||||
if (irq_fpu_usable()
|
||||
#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) && defined(TIF_NEED_FPU_LOAD)
|
||||
/* work around a kernel bug -- see linux commit 59f5ede3bc0f0.
|
||||
* what we really want here is this_cpu_read(in_kernel_fpu), but
|
||||
* in_kernel_fpu is an unexported static array.
|
||||
#if defined(TIF_NEED_FPU_LOAD) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 180)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0))) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 39)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)))
|
||||
/* Work around a kernel bug -- see linux commit 59f5ede3bc0f0.
|
||||
* irq_fpu_usable() on these older kernels can incorrectly return true,
|
||||
* leading to an impermissible recursive kernel_fpu_begin() that
|
||||
* corrupts the register state. What we really want here is
|
||||
* this_cpu_read(in_kernel_fpu), but in_kernel_fpu is an unexported
|
||||
* static array.
|
||||
*/
|
||||
&& !test_thread_flag(TIF_NEED_FPU_LOAD)
|
||||
#endif
|
||||
)
|
||||
{
|
||||
/* note there is a bug in kernel <5.17.0 and <5.10.180 -- see linux
|
||||
* commit 59f5ede3bc0f0 -- such that irq_fpu_usable() can incorrectly
|
||||
* return true, leading to an impermissible recursive kernel_fpu_begin()
|
||||
* that corrupts the register state.
|
||||
*/
|
||||
|
||||
#ifdef WOLFSSL_COMMERCIAL_LICENSE
|
||||
struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate);
|
||||
fpregs_lock();
|
||||
@ -511,18 +543,14 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
|
||||
wc_linuxkm_fpu_state_release(pstate);
|
||||
#endif
|
||||
return BAD_STATE_E;
|
||||
#ifdef TIF_NEED_FPU_LOAD
|
||||
} else if (!test_thread_flag(TIF_NEED_FPU_LOAD)) {
|
||||
static int warned_fpu_forbidden = 0;
|
||||
if (! warned_fpu_forbidden)
|
||||
pr_err("save_vector_registers_x86 called with !irq_fpu_usable from"
|
||||
" thread without previous FPU save.\n");
|
||||
#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
|
||||
wc_linuxkm_fpu_state_release(pstate);
|
||||
#endif
|
||||
return BAD_STATE_E;
|
||||
#endif
|
||||
} else {
|
||||
}
|
||||
#if defined(TIF_NEED_FPU_LOAD) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 180)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0))) && \
|
||||
! ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 39)) && \
|
||||
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)))
|
||||
else if (test_thread_flag(TIF_NEED_FPU_LOAD)) {
|
||||
/* assume already safely in_kernel_fpu from caller, but recursively
|
||||
* preempt_disable() to be extra-safe.
|
||||
*/
|
||||
@ -548,6 +576,19 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
|
||||
pstate->fpu_state =
|
||||
WC_FPU_SAVED_MASK + 1U;
|
||||
}
|
||||
#endif /* TIF_NEED_FPU_LOAD && <5.17.0 && !5.10.180+ */
|
||||
else {
|
||||
static int warned_fpu_forbidden = 0;
|
||||
if (! warned_fpu_forbidden) {
|
||||
pr_err("save_vector_registers_x86 called with !irq_fpu_usable from"
|
||||
" thread without previous FPU save.\n");
|
||||
warned_fpu_forbidden = 1;
|
||||
}
|
||||
#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
|
||||
wc_linuxkm_fpu_state_release(pstate);
|
||||
#endif
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -3676,7 +3676,7 @@ extern void uITRON4_free(void *p) ;
|
||||
|
||||
#if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY)
|
||||
/* kernel 5.10 crypto manager tests key(s) that fail unless leading
|
||||
* bytes are tolerated in GetASN_Integer().
|
||||
* zero bytes are tolerated in GetASN_Integer().
|
||||
*/
|
||||
#define WOLFSSL_ASN_INT_LEAD_0_ANY
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user