wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

linuxkm/linuxkm_wc_port.h:

Browse Source 
* add support for DEBUG_LINUXKM_FORTIFY_OVERLAY to allow KASAN analysis of the overlay without actually enabling CONFIG_FORTIFY_SOURCE (which is buggy in combination with KASAN).
* make SAVE_VECTOR_REGISTERS2 definition conditional on !defined(SAVE_VECTOR_REGISTERS2).

wolfssl/wolfcrypt/memory.h: fix the DEBUG_VECTOR_REGISTER_ACCESS definition for SAVE_VECTOR_REGISTERS to properly omit the on-success bookkeeping code even if the supplied fail_clause doesn't return.

wolfcrypt/src/rsa.c: in wc_MakeRsaKey() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/dh.c: in wc_DhGenerateParams() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/{curve25519.c,dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sakke.c,sp_int.c}: when WOLFSSL_LINUXKM, force {SAVE,RESTORE}_VECTOR_REGISTERS() to WC_DO_NOTHING if settings gate out applicable asm.
This commit is contained in:
Daniel Pouzzner
2024-02-09 00:47:23 -06:00
parent 91681f378f
commit 6146485d2a
10 changed files with 103 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
linuxkm/linuxkm_wc_port.h
View File

@@ -120,7 +120,7 @@
#include <linux/kernel.h>
#include <linux/ctype.h>
#ifdef CONFIG_FORTIFY_SOURCE
#if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY)
#ifdef __PIE__
/* the inline definitions in fortify-string.h use non-inline
* fortify_panic().
@@ -345,6 +345,8 @@
fail_clause \
} \
}
#endif
#ifndef SAVE_VECTOR_REGISTERS2
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#define SAVE_VECTOR_REGISTERS2() ({ \
int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
@@ -363,6 +365,8 @@
#include <asm/fpsimd.h>
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
#endif
#ifndef SAVE_VECTOR_REGISTERS2
#define SAVE_VECTOR_REGISTERS2() save_vector_registers_arm()
#endif
#ifndef RESTORE_VECTOR_REGISTERS

8
wolfcrypt/src/curve25519.c
View File

@@ -51,6 +51,14 @@
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
const curve25519_set_type curve25519_sets[] = {
{
CURVE25519_KEYSIZE,

18
wolfcrypt/src/dh.c
View File

@@ -55,6 +55,13 @@
#include <wolfcrypt/src/misc.c>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
/*
Possible DH enable options:
@@ -3003,7 +3010,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
/* loop until p is prime */
if (ret == 0) {
do {
for (;;) {
if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
ret = PRIME_GEN_E;
@@ -3014,7 +3021,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
else
primeCheckCount++;
}
} while (ret == 0 && primeCheck == MP_NO);
if (ret != 0 || primeCheck == MP_YES)
break;
/* linuxkm: release the kernel for a moment before iterating. */
RESTORE_VECTOR_REGISTERS();
SAVE_VECTOR_REGISTERS(ret = _svr_ret; break;);
};
}
/* tmp2 += (2*loop_check_prime)

8
wolfcrypt/src/dsa.c
View File

@@ -42,6 +42,14 @@
#include <wolfcrypt/src/misc.c>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
#ifdef _MSC_VER
/* disable for while(0) cases (MSVC bug) */
#pragma warning(disable:4127)

8
wolfcrypt/src/ecc.c
View File

@@ -213,6 +213,14 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#define GEN_MEM_ERR MP_MEM
#elif defined(USE_FAST_MATH)

8
wolfcrypt/src/eccsi.c
View File

@@ -43,6 +43,14 @@
#include <wolfssl/wolfcrypt/sp.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
/* FIPS build has replaced ecc.h. */
#define wc_ecc_key_get_priv(key) (&((key)->k))

23
wolfcrypt/src/rsa.c
View File

@@ -62,6 +62,14 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#include <wolfssl/wolfcrypt/sp.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
/*
Possible RSA enable options:
* NO_RSA: Overall control of RSA default: on
@@ -712,8 +720,7 @@ int wc_CheckRsaKey(RsaKey* key)
ret = wc_InitRng(rng);
if (ret == 0)
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
if (ret == 0) {
if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY)
@@ -4830,7 +4837,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif
isPrime = 0;
i = 0;
do {
for (;;) {
#ifdef SHOW_GEN
printf(".");
fflush(stdout);
@@ -4853,9 +4860,15 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
i++;
#else
/* Keep the old retry behavior in non-FIPS build. */
(void)i;
#endif
} while (err == MP_OKAY && !isPrime && i < failCount);
if (err != MP_OKAY || isPrime || i >= failCount)
break;
/* linuxkm: release the kernel for a moment before iterating. */
RESTORE_VECTOR_REGISTERS();
SAVE_VECTOR_REGISTERS(err = _svr_ret; break;);
};
}
if (err == MP_OKAY && !isPrime)

8
wolfcrypt/src/sakke.c
View File

@@ -44,6 +44,14 @@
#include <wolfssl/wolfcrypt/sakke.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
/* FIPS build has replaced ecc.h. */
#define wc_ecc_key_get_priv(key) (&((key)->k))

8
wolfcrypt/src/sp_int.c
View File

@@ -115,6 +115,14 @@ This library provides single precision (SP) integer math functions.
#include <wolfssl/wolfcrypt/sp_int.h>
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#endif
/* DECL_SP_INT: Declare one variable of type 'sp_int'. */
#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
!defined(WOLFSSL_SP_NO_MALLOC)

30
wolfssl/wolfcrypt/memory.h
View File

@@ -283,27 +283,29 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
#define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE abort();
#elif defined(DEBUG_VECTOR_REGISTERS_EXIT_ON_FAIL)
#define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE exit(1);
#else
#elif !defined(DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE)
#define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE
#endif
#define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = wc_debug_vector_registers_retval; \
if (_svr_ret != 0) { fail_clause } \
++wc_svr_count; \
if (wc_svr_count > 5) { \
fprintf(stderr, \
("%s @ L%d : incr : " \
"wc_svr_count %d (last op %s L%d)\n"), \
__FILE__, \
__LINE__, \
wc_svr_count, \
wc_svr_last_file, \
wc_svr_last_line); \
DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \
else { \
++wc_svr_count; \
if (wc_svr_count > 5) { \
fprintf(stderr, \
("%s @ L%d : incr : " \
"wc_svr_count %d (last op %s L%d)\n"), \
__FILE__, \
__LINE__, \
wc_svr_count, \
wc_svr_last_file, \
wc_svr_last_line); \
DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \
} \
wc_svr_last_file = __FILE__; \
wc_svr_last_line = __LINE__; \
} \
wc_svr_last_file = __FILE__; \
wc_svr_last_line = __LINE__; \
}
WOLFSSL_API extern THREAD_LS_T int wc_debug_vector_registers_retval;