mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-30 19:22:16 +01:00
wolfcrypt/src/aes.c: fix WOLFSSL_AESGCM_STREAM && WC_AES_C_DYNAMIC_FALLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM. linuxkm/lkcapi_glue.c: * remove all special-casing for AES-GCM with AESNI. * add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro. wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS. wolfcrypt/src/memory.c: * define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS. * add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer(). wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
This commit is contained in:
Daniel Pouzzner
@@ -8962,10 +8962,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
|
||||
#if defined(WC_AES_C_DYNAMIC_FALLBACK) && defined(WOLFSSL_AESNI)
|
||||
#error "AES-GCM streaming with AESNI is incompatible with WC_AES_C_DYNAMIC_FALLBACK."
|
||||
#endif
|
||||
|
||||
/* Initialize the AES GCM cipher with an IV. C implementation.
|
||||
*
|
||||
* @param [in, out] aes AES object.
|
||||
@@ -8977,10 +8973,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz
|
||||
ALIGN32 byte counter[AES_BLOCK_SIZE];
|
||||
int ret;
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
aes->use_aesni = 0;
|
||||
#endif
|
||||
|
||||
if (ivSz == GCM_NONCE_MID_SZ) {
|
||||
/* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
|
||||
XMEMCPY(counter, iv, ivSz);
|
||||
@@ -9207,6 +9199,7 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
|
||||
ASSERT_SAVED_VECTOR_REGISTERS();
|
||||
|
||||
/* Reset state fields. */
|
||||
aes->over = 0;
|
||||
aes->aSz = 0;
|
||||
aes->cSz = 0;
|
||||
/* Set tag to all zeros as initial value. */
|
||||
@@ -9234,8 +9227,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
|
||||
aes->gcm.H, AES_COUNTER(aes), AES_INITCTR(aes));
|
||||
}
|
||||
|
||||
aes->use_aesni = 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -9861,11 +9852,12 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
|
||||
|
||||
if (iv != NULL) {
|
||||
/* Initialize with the IV. */
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = AesGcmInit_aesni(aes, iv, ivSz);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -9873,8 +9865,6 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
|
||||
ret = AesGcmInit_C(aes, iv, ivSz);
|
||||
}
|
||||
|
||||
VECTOR_REGISTERS_POP;
|
||||
|
||||
if (ret == 0)
|
||||
aes->nonceSet = 1;
|
||||
}
|
||||
@@ -9988,11 +9978,12 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
|
||||
if (ret == 0) {
|
||||
/* Encrypt with AAD and/or plaintext. */
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -10005,8 +9996,6 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
GHASH_UPDATE(aes, authIn, authInSz, out, sz);
|
||||
}
|
||||
}
|
||||
|
||||
VECTOR_REGISTERS_POP;
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -10043,17 +10032,17 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
|
||||
|
||||
if (ret == 0) {
|
||||
/* Calculate authentication tag. */
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = AesGcmEncryptFinal_aesni(aes, authTag, authTagSz);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
ret = AesGcmFinal_C(aes, authTag, authTagSz);
|
||||
}
|
||||
VECTOR_REGISTERS_POP;
|
||||
}
|
||||
|
||||
if ((ret == 0) && aes->ctrSet) {
|
||||
@@ -10126,10 +10115,11 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
|
||||
if (ret == 0) {
|
||||
/* Decrypt with AAD and/or cipher text. */
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -10140,7 +10130,6 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
/* Decrypt the cipher text. */
|
||||
ret = AesGcmCryptUpdate_C(aes, out, in, sz);
|
||||
}
|
||||
VECTOR_REGISTERS_POP;
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -10177,10 +10166,11 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
|
||||
|
||||
if (ret == 0) {
|
||||
/* Calculate authentication tag and compare with one passed in.. */
|
||||
VECTOR_REGISTERS_PUSH;
|
||||
#ifdef WOLFSSL_AESNI
|
||||
if (aes->use_aesni) {
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz);
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -10195,7 +10185,6 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
|
||||
}
|
||||
}
|
||||
}
|
||||
VECTOR_REGISTERS_POP;
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -11104,6 +11093,11 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
|
||||
aes->heap = heap;
|
||||
aes->rounds = 0;
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
/* clear here for the benefit of wc_AesGcmInit(). */
|
||||
aes->use_aesni = 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
aes->devId = devId;
|
||||
aes->devCtx = NULL;
|
||||
|
||||
@@ -1508,16 +1508,21 @@ THREAD_LS_T const char *wc_svr_last_file = NULL;
|
||||
THREAD_LS_T int wc_svr_last_line = -1;
|
||||
THREAD_LS_T int wc_debug_vector_registers_retval =
|
||||
WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL;
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
|
||||
|
||||
#ifdef HAVE_THREAD_LS
|
||||
|
||||
WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
|
||||
static THREAD_LS_T struct drand48_data wc_svr_fuzzing_state;
|
||||
static THREAD_LS_T int wc_svr_fuzzing_seeded = 0;
|
||||
long result;
|
||||
|
||||
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
|
||||
if (wc_debug_vector_registers_retval)
|
||||
return wc_debug_vector_registers_retval;
|
||||
#endif
|
||||
|
||||
if (wc_svr_fuzzing_seeded == 0) {
|
||||
long seed = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
|
||||
@@ -1534,30 +1539,33 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
|
||||
#else /* !HAVE_THREAD_LS */
|
||||
|
||||
#elif defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
|
||||
|
||||
/* DEBUG_VECTOR_REGISTER_ACCESS is undefined but fuzzing requested --
|
||||
* fuzz vector register access without the detailed debugging.
|
||||
* this is useful for testing in the kernel module build, where glibc and
|
||||
* thread-local storage are unavailable.
|
||||
/* alternate implementation useful for testing in the kernel module build, where
|
||||
* glibc and thread-local storage are unavailable.
|
||||
*
|
||||
* note this is not a well-behaved PRNG, but is adequate for fuzzing purposes.
|
||||
* the prn sequence is incompressible according to ent and xz, and does not
|
||||
* cycle within 10M iterations with various seeds including zero, but the Chi
|
||||
* square distribution is poor, and the unconditioned lsb bit balance is ~54%
|
||||
* regardless of seed.
|
||||
*
|
||||
* deterministic only if access is single-threaded, but never degenerate.
|
||||
*/
|
||||
|
||||
WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
|
||||
static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
|
||||
static int balance_bit = 0;
|
||||
/* access to prn is racey, but it doesn't matter. */
|
||||
unsigned long new_prn = prn ^ 0xba86943da66ee701ul; /* note this magic
|
||||
* random number is
|
||||
* bit-balanced.
|
||||
*/
|
||||
|
||||
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
|
||||
if (wc_debug_vector_registers_retval)
|
||||
return wc_debug_vector_registers_retval;
|
||||
#endif
|
||||
|
||||
/* barrel-roll using the bottom 6 bits. */
|
||||
if (new_prn & 0x3f)
|
||||
new_prn = (new_prn << (new_prn & 0x3f)) |
|
||||
@@ -1569,9 +1577,9 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
|
||||
return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
|
||||
}
|
||||
|
||||
#endif /* DEBUG_VECTOR_REGISTER_ACCESS ||
|
||||
* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
|
||||
*/
|
||||
#endif /* !HAVE_THREAD_LS */
|
||||
|
||||
#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
|
||||
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#include "../../linuxkm/linuxkm_memory.c"
|
||||
|
||||
Reference in New Issue
Block a user