From c353052e54c2101d3d0629a62602f62af270ea6d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 30 Jul 2025 22:15:05 -0500 Subject: [PATCH 1/3] linuxkm/linuxkm_wc_port.h: * move enum wc_svr_flags out of BUILDING_WOLFSSL guard; * add DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS() definitions for !BUILDING_WOLFSSL; * add #include to !WOLFSSL_LINUXKM_USE_MUTEXES implementation to fix compilation (and add usability) to caller code; linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_ctx_clear(), fix error-path deallocation of locked object; wolfcrypt/benchmark/benchmark.c: * in FIPS v6+ builds, and FIPS linuxkm v5+, check retval from wc_AesEncryptDirect() and wc_AesDecryptDirect(); * add WC_RELAX_LONG_LOOP() in bench_stats_sym_finish() and bench_stats_asym_finish_ex(); wolfcrypt/test/test.c: fix rng_seed_test() with correct test vectors for the relevant combinations of features, and gate the test out if there are user override defines for ENTROPY_SCALE_FACTOR or SEED_BLOCK_SZ. --- linuxkm/linuxkm_wc_port.h | 36 ++++++++++++-- linuxkm/lkcapi_sha_glue.c | 3 ++ wolfcrypt/benchmark/benchmark.c | 16 ++++++ wolfcrypt/test/test.c | 87 +++++++++++++++++++++++++++++---- 4 files changed, 128 insertions(+), 14 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 78dbdb84d..f70b63103 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -135,6 +135,10 @@ #endif extern void wc_linuxkm_relax_long_loop(void); + enum wc_svr_flags { + WC_SVR_FLAG_INHIBIT = 1, + }; + #ifdef BUILDING_WOLFSSL #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \ @@ -453,10 +457,6 @@ #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \ defined(CONFIG_X86) - enum wc_svr_flags { - WC_SVR_FLAG_INHIBIT = 1, - }; - extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); extern void free_wolfcrypt_linuxkm_fpu_states(void); extern __must_check int can_save_vector_registers_x86(void); @@ -1179,6 +1179,28 @@ #endif /* BUILDING_WOLFSSL */ + #if !defined(BUILDING_WOLFSSL) + /* some caller code needs these. */ + #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) + #ifdef CONFIG_X86 + extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags); + #ifndef DISABLE_VECTOR_REGISTERS + #define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) + #endif + #ifndef REENABLE_VECTOR_REGISTERS + #define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86() + #endif + #endif /* CONFIG_X86 */ + #else /* !WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ + #ifndef DISABLE_VECTOR_REGISTERS + #define DISABLE_VECTOR_REGISTERS() NOT_COMPILED_IN + #endif + #ifndef REENABLE_VECTOR_REGISTERS + #define REENABLE_VECTOR_REGISTERS() WC_DO_NOTHING + #endif + #endif + #endif /* !BUILDING_WOLFSSL */ + /* Copied from wc_port.h: For FIPS keep the function names the same */ #ifdef HAVE_FIPS #define wc_InitMutex InitMutex @@ -1232,6 +1254,12 @@ return 0; } #else + /* if BUILDING_WOLFSSL, spinlock.h will have already been included + * recursively above, with the bevy of warnings suppressed, and the + * below include will be a redundant no-op. + */ + #include + typedef struct wolfSSL_Mutex { spinlock_t lock; unsigned long irq_flags; diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index f2c754861..0ba8a6c1e 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -980,6 +980,9 @@ static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx) if (ctx->rngs[i].lock != 0) { /* better to leak than to crash. */ pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i); + ctx->rngs = NULL; + ctx->n_rngs = 0; + return; } else wc_FreeRng(&ctx->rngs[i].rng); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index d248acbf9..4bc47bb24 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -2543,6 +2543,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, total = current_time(0) - start; + WC_RELAX_LONG_LOOP(); + #if defined(WOLFSSL_ESPIDF) && defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) ESP_LOGI(TAG, "%s total_cycles = %llu", desc, total_cycles); #endif @@ -2773,6 +2775,8 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength, total = current_time(0) - start; + WC_RELAX_LONG_LOOP(); + #ifdef LINUX_RUSAGE_UTIME check_for_excessive_stime(algo, strength, desc, desc_extra); #endif @@ -5010,7 +5014,13 @@ static void bench_aesecb_internal(int useDeviceID, if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, outer_loop_limit, &pending)) { #ifdef HAVE_FIPS + #if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0) + ret = wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain); + if (ret != 0) + goto exit_aes_enc; + #else wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain); + #endif #else wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain, benchSz); @@ -5061,7 +5071,13 @@ exit_aes_enc: if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, outer_loop_limit, &pending)) { #ifdef HAVE_FIPS + #if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0) + ret = wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher); + if (ret != 0) + goto exit_aes_dec; + #else wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher); + #endif #else wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher, benchSz); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b86ac6f56..9b162b417 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18352,7 +18352,8 @@ static wc_test_ret_t random_rng_test(void) #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) -#ifdef WC_RNG_SEED_CB +#if defined(WC_RNG_SEED_CB) && \ + !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ)) static int seed_cb(OS_Seed* os, byte* output, word32 sz) { word32 i; @@ -18365,16 +18366,73 @@ static int seed_cb(OS_Seed* os, byte* output, word32 sz) static wc_test_ret_t rng_seed_test(void) { -#ifndef HAVE_FIPS + /* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and + * SEED_BLOCK_SZ, which depend on which seed back end is configured. + */ +#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED) + #ifdef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const byte check[] = { - 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f, - 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06, - 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22, - 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba + 0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5, + 0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35, + 0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50, + 0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84 }; -#else - /* FIPS uses a longer seed, so different check value. */ + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7, + 0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d, + 0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50, + 0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35 + }; + #endif +#elif defined(HAVE_ENTROPY_MEMUSE) && \ + (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) + #ifdef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16, + 0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e, + 0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d, + 0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6 + }; + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79, + 0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13, + 0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39, + 0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45 + }; + #endif +#elif defined(HAVE_AMD_RDSEED) + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0, + 0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10, + 0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f, + 0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98 + }; +#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) + #ifdef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48, + 0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39, + 0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08, + 0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea + }; + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b, + 0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f, + 0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6, + 0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b + }; + #endif +#elif defined(HAVE_FIPS) WOLFSSL_SMALL_STACK_STATIC const byte check[] = { 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24, @@ -18382,6 +18440,14 @@ static wc_test_ret_t rng_seed_test(void) 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20, 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0 }; +#else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f, + 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06, + 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22, + 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba + }; #endif byte output[WC_SHA256_DIGEST_SIZE]; WC_RNG rng; @@ -18415,7 +18481,7 @@ static wc_test_ret_t rng_seed_test(void) out: return ret; } -#endif +#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) @@ -18526,7 +18592,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) #endif /* Test the seed callback. */ -#ifdef WC_RNG_SEED_CB +#if defined(WC_RNG_SEED_CB) && \ + !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ)) if ((ret = rng_seed_test()) != 0) return ret; #endif From bbd606538aefc762fe76930ebfe6cf38e3d48df7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 31 Jul 2025 10:37:39 -0500 Subject: [PATCH 2/3] linuxkm/linuxkm_wc_port.h, linuxkm/x86_vector_register_glue.c, linuxkm/Kbuild: * rename can_save_vector_registers_x86(), save_vector_registers_x86(), and restore_vector_registers_x86(), with wc_ prefix, and properly export them; * move setup for WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS outside BUILDING_WOLFSSL gate; * fix !BUILDING_WOLFSSL bindings for DISABLE_VECTOR_REGISTERS() to properly fall through to no-ops in !WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS configs, and properly #error if WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS but !CONFIG_X86; .github/workflows/linuxkm.yml: --enable-linuxkm-benchmarks for additional coverage. --- .github/workflows/linuxkm.yml | 4 +- linuxkm/Kbuild | 4 +- linuxkm/linuxkm_wc_port.h | 117 ++++++++++++++--------------- linuxkm/module_hooks.c | 6 +- linuxkm/x86_vector_register_glue.c | 24 +++--- 5 files changed, 76 insertions(+), 79 deletions(-) diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml index 931e2d4c7..334fd7a1a 100644 --- a/.github/workflows/linuxkm.yml +++ b/.github/workflows/linuxkm.yml @@ -17,8 +17,8 @@ jobs: strategy: matrix: config: [ - 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384', - 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384' + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384', + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384' ] name: build module if: github.repository_owner == 'wolfssl' diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 93c332fe9..9a94b471e 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -304,7 +304,7 @@ endif # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. # exclude symbols that don't match wc_* or wolf*. -$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) +$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_hooks.o @cp $< $@ || exit $$? if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then # use ASCII octal escape to avoid syntax disruption in the awk script. @@ -312,7 +312,7 @@ $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_ else ns='WOLFSSL' fi - $(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | + $(READELF) --symbols --wide $(filter %.o,$^) | $(AWK) '/^ *[0-9]+: / { if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index f70b63103..dcc445883 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -139,6 +139,33 @@ WC_SVR_FLAG_INHIBIT = 1, }; + #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \ + defined(WOLFSSL_SP_X86_64_ASM) + #ifndef CONFIG_X86 + #error X86 SIMD extensions requested, but CONFIG_X86 is not set. + #endif + #define WOLFSSL_LINUXKM_SIMD + #define WOLFSSL_LINUXKM_SIMD_X86 + #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS + #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS + #endif + #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ + defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\ + defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) + #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64) + #error ARM SIMD extensions requested, but CONFIG_ARM* is not set. + #endif + #define WOLFSSL_LINUXKM_SIMD + #define WOLFSSL_LINUXKM_SIMD_ARM + #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS + #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS + #endif + #else + #ifndef WOLFSSL_NO_ASM + #define WOLFSSL_NO_ASM + #endif + #endif + #ifdef BUILDING_WOLFSSL #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \ @@ -412,33 +439,6 @@ #endif /* !__PIE__ */ #endif /* LINUXKM_LKCAPI_REGISTER */ - #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \ - defined(WOLFSSL_SP_X86_64_ASM) - #ifndef CONFIG_X86 - #error X86 SIMD extensions requested, but CONFIG_X86 is not set. - #endif - #define WOLFSSL_LINUXKM_SIMD - #define WOLFSSL_LINUXKM_SIMD_X86 - #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #endif - #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ - defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\ - defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) - #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64) - #error ARM SIMD extensions requested, but CONFIG_ARM* is not set. - #endif - #define WOLFSSL_LINUXKM_SIMD - #define WOLFSSL_LINUXKM_SIMD_ARM - #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #endif - #else - #ifndef WOLFSSL_NO_ASM - #define WOLFSSL_NO_ASM - #endif - #endif - #ifndef WC_CHECK_FOR_INTR_SIGNALS #define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals() #endif @@ -459,9 +459,9 @@ extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); extern void free_wolfcrypt_linuxkm_fpu_states(void); - extern __must_check int can_save_vector_registers_x86(void); - extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags); - extern void restore_vector_registers_x86(void); + WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); + WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); + WOLFSSL_API void wc_restore_vector_registers_x86(void); #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #include @@ -471,14 +471,14 @@ #endif #ifndef CAN_SAVE_VECTOR_REGISTERS #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING - #define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0)) + #define CAN_SAVE_VECTOR_REGISTERS() (wc_can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0)) #else - #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86() + #define CAN_SAVE_VECTOR_REGISTERS() wc_can_save_vector_registers_x86() #endif #endif #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(fail_clause) { \ - int _svr_ret = save_vector_registers_x86(0); \ + int _svr_ret = wc_save_vector_registers_x86(0); \ if (_svr_ret != 0) { \ fail_clause \ } \ @@ -489,22 +489,22 @@ #define SAVE_VECTOR_REGISTERS2() ({ \ int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \ (_fuzzer_ret == 0) ? \ - save_vector_registers_x86(0) : \ + wc_save_vector_registers_x86(0) : \ _fuzzer_ret; \ }) #else - #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86(0) + #define SAVE_VECTOR_REGISTERS2() wc_save_vector_registers_x86(0) #endif #endif #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86() + #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() #endif #ifndef DISABLE_VECTOR_REGISTERS - #define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) + #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() #endif #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) @@ -544,7 +544,7 @@ #endif #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) - #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ _Pragma("GCC diagnostic pop"); @@ -765,12 +765,12 @@ #ifdef CONFIG_X86 typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states; - typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86; + typeof(wc_can_save_vector_registers_x86) *wc_can_save_vector_registers_x86; typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states; - typeof(restore_vector_registers_x86) *restore_vector_registers_x86; - typeof(save_vector_registers_x86) *save_vector_registers_x86; + typeof(wc_restore_vector_registers_x86) *wc_restore_vector_registers_x86; + typeof(wc_save_vector_registers_x86) *wc_save_vector_registers_x86; #else /* !CONFIG_X86 */ - #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. #endif /* arch */ #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ @@ -1046,12 +1046,12 @@ #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) #define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states) - #define can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(can_save_vector_registers_x86) + #define wc_can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_can_save_vector_registers_x86) #define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states) - #define restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(restore_vector_registers_x86) - #define save_vector_registers_x86 WC_LKM_INDIRECT_SYM(save_vector_registers_x86) + #define wc_restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_restore_vector_registers_x86) + #define wc_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_save_vector_registers_x86) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) - #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init) @@ -1182,23 +1182,20 @@ #if !defined(BUILDING_WOLFSSL) /* some caller code needs these. */ #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) - #ifdef CONFIG_X86 - extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags); + #if defined(CONFIG_X86) + WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); + WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); + WOLFSSL_API void wc_restore_vector_registers_x86(void); #ifndef DISABLE_VECTOR_REGISTERS - #define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) + #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() #endif - #endif /* CONFIG_X86 */ - #else /* !WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ - #ifndef DISABLE_VECTOR_REGISTERS - #define DISABLE_VECTOR_REGISTERS() NOT_COMPILED_IN - #endif - #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() WC_DO_NOTHING - #endif - #endif + #else /* !CONFIG_X86 */ + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. + #endif /* !CONFIG_X86 */ + #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #endif /* !BUILDING_WOLFSSL */ /* Copied from wc_port.h: For FIPS keep the function names the same */ diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index e0674868a..c9ceb2bb9 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -672,10 +672,10 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states; - wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86; + wolfssl_linuxkm_pie_redirect_table.wc_can_save_vector_registers_x86 = wc_can_save_vector_registers_x86; wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states; - wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86; - wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86; + wolfssl_linuxkm_pie_redirect_table.wc_restore_vector_registers_x86 = wc_restore_vector_registers_x86; + wolfssl_linuxkm_pie_redirect_table.wc_save_vector_registers_x86 = wc_save_vector_registers_x86; #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index 68a0e230d..159162cd1 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -233,7 +233,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc( if (unlikely(wc_linuxkm_fpu_states == NULL)) { if (! assume_fpu_began) { /* this was just a quick check for whether we're in a recursive - * save_vector_registers_x86(). we're not. + * wc_save_vector_registers_x86(). we're not. */ return NULL; } @@ -253,7 +253,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc( } if (! assume_fpu_began) { /* this was just a quick check for whether we're in a recursive - * save_vector_registers_x86(). we're not. + * wc_save_vector_registers_x86(). we're not. * * if we're in a softirq context, we'll always wind up here, because * processes with entries in wc_linuxkm_fpu_states[] always have @@ -296,7 +296,7 @@ static inline void wc_linuxkm_fpu_state_release( __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE); } -WARN_UNUSED_RESULT int can_save_vector_registers_x86(void) +WARN_UNUSED_RESULT int wc_can_save_vector_registers_x86(void) { struct wc_thread_fpu_count_ent *pstate; @@ -329,7 +329,7 @@ WARN_UNUSED_RESULT int can_save_vector_registers_x86(void) return 0; } -WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) +WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) { struct wc_thread_fpu_count_ent *pstate; @@ -338,7 +338,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) * a second look at preempt_count(). */ if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) { - VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id()); + VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id()); return WC_ACCEL_INHIBIT_E; } @@ -362,7 +362,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) == WC_FPU_COUNT_MASK)) { - pr_err("ERROR: save_vector_registers_x86 recursion register overflow for " + pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for " "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); return BAD_STATE_E; } else { @@ -396,7 +396,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) local_bh_disable(); if (preempt_count() == 0) { - VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n", + VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n", raw_smp_processor_id()); #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) @@ -459,13 +459,13 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) pstate->fpu_state = 1U; if (preempt_count() == 0) { - VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n", + VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n", raw_smp_processor_id()); } return 0; } else { - VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id()); + VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id()); #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG dump_stack(); #endif @@ -475,19 +475,19 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) __builtin_unreachable(); } -void restore_vector_registers_x86(void) +void wc_restore_vector_registers_x86(void) { struct wc_thread_fpu_count_ent *pstate; if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) { - VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called from interrupt handler on CPU %d.\n", + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called from interrupt handler on CPU %d.\n", raw_smp_processor_id()); return; } pstate = wc_linuxkm_fpu_state_assoc(0, 1); if (unlikely(pstate == NULL)) { - VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called by pid %d on CPU %d " + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d " "with no saved state.\n", task_pid_nr(current), raw_smp_processor_id()); return; From 1152d612a689fe66f37b9b1266f86dde5e8fb0e2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 31 Jul 2025 11:30:42 -0500 Subject: [PATCH 3/3] wolfcrypt/benchmark/benchmark.c: smallstack refactors for bench_mlkem() and bench_dilithiumKeySign(), and globally replace stray uses of fprintf(stderr, ...) with printf(...) for portability. --- wolfcrypt/benchmark/benchmark.c | 171 ++++++++++++++++++++++---------- 1 file changed, 117 insertions(+), 54 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 4bc47bb24..373816ffb 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -9830,8 +9830,13 @@ exit_decap: void bench_mlkem(int type) { - KyberKey key1; - KyberKey key2; +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key1 = NULL; + KyberKey *key2 = NULL; +#else + KyberKey key1[1]; + KyberKey key2[1]; +#endif const char* name = NULL; int keySize = 0; @@ -9880,14 +9885,30 @@ void bench_mlkem(int type) return; } - bench_mlkem_keygen(type, name, keySize, &key1); -#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) - bench_mlkem_encap(type, name, keySize, &key1, &key2); +#ifdef WOLFSSL_SMALL_STACK + key1 = (KyberKey *)XMALLOC(sizeof(*key1), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key1 == NULL) + return; + key2 = (KyberKey *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key2 == NULL) { + XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return; + } #endif - wc_KyberKey_Free(&key2); - wc_KyberKey_Free(&key1); + bench_mlkem_keygen(type, name, keySize, key1); +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + bench_mlkem_encap(type, name, keySize, key1, key2); +#endif + + wc_KyberKey_Free(key2); + wc_KyberKey_Free(key1); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif } #endif @@ -10095,7 +10116,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) ret = wc_InitRng(&rng); #endif if (ret != 0) { - fprintf(stderr, "error: wc_InitRng failed: %d\n", ret); + printf("error: wc_InitRng failed: %d\n", ret); return; } @@ -10129,27 +10150,27 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz); if (ret) { - fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n", + printf("error: wc_LmsKey_GetParameters failed: %d\n", ret); goto exit_lms_keygen; } ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", + printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret); goto exit_lms_keygen; } ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret); + printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret); goto exit_lms_keygen; } ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", + printf("error: wc_LmsKey_SetContext failed: %d\n", ret); goto exit_lms_keygen; } @@ -10178,7 +10199,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen); if (ret) { - fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret); + printf("error: wc_LmsKey_ExportPubRaw failed: %d\n", ret); } exit_lms_keygen: @@ -10312,19 +10333,19 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", ret); + printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret); goto exit_lms_sign_verify; } ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret); + printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret); goto exit_lms_sign_verify; } ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); if (ret) { - fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret); + printf("error: wc_LmsKey_SetContext failed: %d\n", ret); goto exit_lms_sign_verify; } @@ -10625,7 +10646,7 @@ static void bench_xmss_sign_verify(const char * params) ret = wc_InitRng(&rng); #endif if (ret != 0) { - fprintf(stderr, "error: wc_InitRng failed: %d\n", ret); + printf("error: wc_InitRng failed: %d\n", ret); goto exit_xmss_sign_verify; } @@ -10633,24 +10654,24 @@ static void bench_xmss_sign_verify(const char * params) ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID); if (ret != 0) { - fprintf(stderr, "wc_XmssKey_Init failed: %d\n", ret); + printf("wc_XmssKey_Init failed: %d\n", ret); goto exit_xmss_sign_verify; } ret = wc_XmssKey_SetParamStr(&key, params); if (ret != 0) { - fprintf(stderr, "wc_XmssKey_SetParamStr failed: %d\n", ret); + printf("wc_XmssKey_SetParamStr failed: %d\n", ret); goto exit_xmss_sign_verify; } ret = wc_XmssKey_GetPubLen(&key, &pkSz); if (ret != 0) { - fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret); + printf("wc_XmssKey_GetPubLen failed: %d\n", ret); goto exit_xmss_sign_verify; } #ifndef WOLFSSL_WC_XMSS if (pkSz != XMSS_SHA256_PUBLEN) { - fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz, + printf("error: xmss pub len: got %u, expected %d\n", pkSz, XMSS_SHA256_PUBLEN); goto exit_xmss_sign_verify; } @@ -10658,53 +10679,53 @@ static void bench_xmss_sign_verify(const char * params) ret = wc_XmssKey_GetPrivLen(&key, &skSz); if (ret != 0 || skSz <= 0) { - fprintf(stderr, "error: wc_XmssKey_GetPrivLen failed\n"); + printf("error: wc_XmssKey_GetPrivLen failed\n"); goto exit_xmss_sign_verify; } ret = wc_XmssKey_GetSigLen(&key, &sigSz); if (ret != 0 || sigSz <= 0) { - fprintf(stderr, "error: wc_XmssKey_GetSigLen failed\n"); + printf("error: wc_XmssKey_GetSigLen failed\n"); goto exit_xmss_sign_verify; } /* Allocate secret keys.*/ sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sk == NULL) { - fprintf(stderr, "error: allocate xmss sk failed\n"); + printf("error: allocate xmss sk failed\n"); goto exit_xmss_sign_verify; } /* Allocate signature array. */ sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { - fprintf(stderr, "error: allocate xmss sig failed\n"); + printf("error: allocate xmss sig failed\n"); goto exit_xmss_sign_verify; } ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem); if (ret != 0) { - fprintf(stderr, "error: wc_XmssKey_SetWriteCb failed: %d\n", ret); + printf("error: wc_XmssKey_SetWriteCb failed: %d\n", ret); goto exit_xmss_sign_verify; } ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem); if (ret != 0) { - fprintf(stderr, "error: wc_XmssKey_SetReadCb failed: %d\n", ret); + printf("error: wc_XmssKey_SetReadCb failed: %d\n", ret); goto exit_xmss_sign_verify; } ret = wc_XmssKey_SetContext(&key, (void *)sk); if (ret != 0) { - fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret); + printf("error: wc_XmssKey_SetContext failed: %d\n", ret); goto exit_xmss_sign_verify; } #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) - fprintf(stderr, "params: %s\n", params); - fprintf(stderr, "pkSz: %d\n", pkSz); - fprintf(stderr, "skSz: %d\n", skSz); - fprintf(stderr, "sigSz: %d\n", sigSz); + printf("params: %s\n", params); + printf("pkSz: %d\n", pkSz); + printf("skSz: %d\n", skSz); + printf("sigSz: %d\n", sigSz); #endif /* Making the private key is the bottleneck for larger heights. */ @@ -14248,18 +14269,45 @@ static const int sizeof_bench_dilithium_level5_sig = void bench_dilithiumKeySign(byte level) { int ret = 0; - dilithium_key key; double start; int i, count; #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) - byte sig[DILITHIUM_MAX_SIG_SIZE]; - byte msg[512]; word32 x = 0; #endif + +#define DILITHIUM_BENCH_MSG_SIZE 512 +#ifdef WOLFSSL_SMALL_STACK + dilithium_key *key = NULL; + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + byte *sig = NULL; + byte *msg = NULL; + #endif +#else + dilithium_key key[1]; + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + byte sig[DILITHIUM_MAX_SIG_SIZE]; + byte msg[DILITHIUM_BENCH_MSG_SIZE]; + #endif +#endif + const char**desc = bench_desc_words[lng_index]; DECLARE_MULTI_VALUE_STATS_VARS() byte params = 0; +#ifdef WOLFSSL_SMALL_STACK + key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + sig = (byte *)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + msg = (byte *)XMALLOC(DILITHIUM_BENCH_MSG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if ((key == NULL) || (sig == NULL) || (msg == NULL)) { + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + key = NULL; + goto out; + } +#endif /* WOLFSSL_SMALL_STACK */ + if (level == 2) { params = 44; } @@ -14272,18 +14320,18 @@ void bench_dilithiumKeySign(byte level) #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) /* make dummy msg */ - for (i = 0; i < (int)sizeof(msg); i++) { + for (i = 0; i < DILITHIUM_BENCH_MSG_SIZE; i++) { msg[i] = (byte)i; } #endif - ret = wc_dilithium_init(&key); + ret = wc_dilithium_init(key); if (ret != 0) { printf("wc_dilithium_init failed %d\n", ret); - return; + goto out; } - ret = wc_dilithium_set_level(&key, level); + ret = wc_dilithium_set_level(key, level); if (ret != 0) { printf("wc_dilithium_set_level() failed %d\n", ret); } @@ -14292,10 +14340,10 @@ void bench_dilithiumKeySign(byte level) bench_stats_start(&count, &start); do { for (i = 0; i < agreeTimes; i++) { - ret = wc_dilithium_make_key(&key, GLOBAL_RNG); + ret = wc_dilithium_make_key(key, GLOBAL_RNG); if (ret != 0) { printf("wc_dilithium_import_private_key failed %d\n", ret); - return; + goto out; } } count += i; @@ -14318,24 +14366,24 @@ void bench_dilithiumKeySign(byte level) #ifndef WOLFSSL_NO_ML_DSA_44 if (level == 2) { ret = wc_dilithium_import_private(bench_dilithium_level2_key, - sizeof_bench_dilithium_level2_key, &key); + sizeof_bench_dilithium_level2_key, key); } #endif #ifndef WOLFSSL_NO_ML_DSA_65 if (level == 3) { ret = wc_dilithium_import_private(bench_dilithium_level3_key, - sizeof_bench_dilithium_level3_key, &key); + sizeof_bench_dilithium_level3_key, key); } #endif #ifndef WOLFSSL_NO_ML_DSA_87 if (level == 5) { ret = wc_dilithium_import_private(bench_dilithium_level5_key, - sizeof_bench_dilithium_level5_key, &key); + sizeof_bench_dilithium_level5_key, key); } #endif if (ret != 0) { printf("Failed to load private key\n"); - return; + goto out; } #endif @@ -14357,7 +14405,7 @@ void bench_dilithiumKeySign(byte level) do { for (i = 0; i < agreeTimes; i++) { if (ret == 0) { - ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, + ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, GLOBAL_RNG); if (ret != 0) { printf("wc_dilithium_sign_msg failed\n"); @@ -14393,7 +14441,7 @@ void bench_dilithiumKeySign(byte level) XMEMCPY(sig, bench_dilithium_level2_sig, x); #endif ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey, - sizeof_bench_dilithium_level2_pubkey, &key); + sizeof_bench_dilithium_level2_pubkey, key); } #endif #ifndef WOLFSSL_NO_ML_DSA_65 @@ -14403,7 +14451,7 @@ void bench_dilithiumKeySign(byte level) XMEMCPY(sig, bench_dilithium_level3_sig, x); #endif ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey, - sizeof_bench_dilithium_level3_pubkey, &key); + sizeof_bench_dilithium_level3_pubkey, key); } #endif #ifndef WOLFSSL_NO_ML_DSA_87 @@ -14413,12 +14461,12 @@ void bench_dilithiumKeySign(byte level) XMEMCPY(sig, bench_dilithium_level5_sig, x); #endif ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey, - sizeof_bench_dilithium_level5_pubkey, &key); + sizeof_bench_dilithium_level5_pubkey, key); } #endif if (ret != 0) { printf("Failed to load public key\n"); - return; + goto out; } #endif @@ -14431,8 +14479,8 @@ void bench_dilithiumKeySign(byte level) for (i = 0; i < agreeTimes; i++) { if (ret == 0) { int verify = 0; - ret = wc_dilithium_verify_msg(sig, x, msg, sizeof(msg), - &verify, &key); + ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE, + &verify, key); if (ret != 0 || verify != 1) { printf("wc_dilithium_verify_msg failed %d, verify %d\n", @@ -14458,7 +14506,22 @@ void bench_dilithiumKeySign(byte level) } #endif - wc_dilithium_free(&key); +out: + +#ifdef WOLFSSL_SMALL_STACK + if (key) +#endif + { + wc_dilithium_free(key); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif +#endif } #endif /* HAVE_DILITHIUM */