wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9048 from douzzer/20250730-linuxkm-tweaks

Browse Source 
20250730-linuxkm-tweaks
This commit is contained in:
JacobBarthelmeh
2025-07-31 14:36:56 -06:00
committed by GitHub
parent 70af2be5ab 1152d612a6
commit 86adcd6c8e
8 changed files with 308 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/linuxkm.yml vendored
View File

@@ -17,8 +17,8 @@ jobs:
strategy:
matrix:
config: [
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384'
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
]
name: build module
if: github.repository_owner == 'wolfssl'

4
linuxkm/Kbuild
View File

@@ -304,7 +304,7 @@ endif
# auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
# exclude symbols that don't match wc_* or wolf*.
$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_hooks.o
@cp $< $@ || exit $$?
if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then
# use ASCII octal escape to avoid syntax disruption in the awk script.
@@ -312,7 +312,7 @@ $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_
else
ns='WOLFSSL'
fi
$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |
$(READELF) --symbols --wide $(filter %.o,$^) |
$(AWK) '/^ *[0-9]+: / {
if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}
if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {

127
linuxkm/linuxkm_wc_port.h
View File

@@ -135,6 +135,37 @@
#endif
extern void wc_linuxkm_relax_long_loop(void);
enum wc_svr_flags {
WC_SVR_FLAG_INHIBIT = 1,
};
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_X86
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_ARM
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#else
#ifndef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#endif
#endif
#ifdef BUILDING_WOLFSSL
#if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \
@@ -408,33 +439,6 @@
#endif /* !__PIE__ */
#endif /* LINUXKM_LKCAPI_REGISTER */
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_X86
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_ARM
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#else
#ifndef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#endif
#endif
#ifndef WC_CHECK_FOR_INTR_SIGNALS
#define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals()
#endif
@@ -453,15 +457,11 @@
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
defined(CONFIG_X86)
enum wc_svr_flags {
WC_SVR_FLAG_INHIBIT = 1,
};
extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
extern void free_wolfcrypt_linuxkm_fpu_states(void);
extern __must_check int can_save_vector_registers_x86(void);
extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags);
extern void restore_vector_registers_x86(void);
WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
WOLFSSL_API void wc_restore_vector_registers_x86(void);
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#include <asm/i387.h>
@@ -471,14 +471,14 @@
#endif
#ifndef CAN_SAVE_VECTOR_REGISTERS
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
#define CAN_SAVE_VECTOR_REGISTERS() (wc_can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
#else
#define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86()
#define CAN_SAVE_VECTOR_REGISTERS() wc_can_save_vector_registers_x86()
#endif
#endif
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = save_vector_registers_x86(0); \
int _svr_ret = wc_save_vector_registers_x86(0); \
if (_svr_ret != 0) { \
fail_clause \
} \
@@ -489,22 +489,22 @@
#define SAVE_VECTOR_REGISTERS2() ({ \
int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
(_fuzzer_ret == 0) ? \
save_vector_registers_x86(0) : \
wc_save_vector_registers_x86(0) : \
_fuzzer_ret; \
})
#else
#define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86(0)
#define SAVE_VECTOR_REGISTERS2() wc_save_vector_registers_x86(0)
#endif
#endif
#ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
#define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif
#ifndef DISABLE_VECTOR_REGISTERS
#define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
#define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
#endif
#ifndef REENABLE_VECTOR_REGISTERS
#define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86()
#define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
@@ -544,7 +544,7 @@
#endif
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
_Pragma("GCC diagnostic pop");
@@ -765,12 +765,12 @@
#ifdef CONFIG_X86
typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states;
typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86;
typeof(wc_can_save_vector_registers_x86) *wc_can_save_vector_registers_x86;
typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states;
typeof(restore_vector_registers_x86) *restore_vector_registers_x86;
typeof(save_vector_registers_x86) *save_vector_registers_x86;
typeof(wc_restore_vector_registers_x86) *wc_restore_vector_registers_x86;
typeof(wc_save_vector_registers_x86) *wc_save_vector_registers_x86;
#else /* !CONFIG_X86 */
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* arch */
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
@@ -1046,12 +1046,12 @@
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
#define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states)
#define can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(can_save_vector_registers_x86)
#define wc_can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_can_save_vector_registers_x86)
#define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states)
#define restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(restore_vector_registers_x86)
#define save_vector_registers_x86 WC_LKM_INDIRECT_SYM(save_vector_registers_x86)
#define wc_restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_restore_vector_registers_x86)
#define wc_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_save_vector_registers_x86)
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
#define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init)
@@ -1179,6 +1179,25 @@
#endif /* BUILDING_WOLFSSL */
#if !defined(BUILDING_WOLFSSL)
/* some caller code needs these. */
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#if defined(CONFIG_X86)
WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
WOLFSSL_API void wc_restore_vector_registers_x86(void);
#ifndef DISABLE_VECTOR_REGISTERS
#define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
#endif
#ifndef REENABLE_VECTOR_REGISTERS
#define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif
#else /* !CONFIG_X86 */
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* !CONFIG_X86 */
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
#endif /* !BUILDING_WOLFSSL */
/* Copied from wc_port.h: For FIPS keep the function names the same */
#ifdef HAVE_FIPS
#define wc_InitMutex InitMutex
@@ -1232,6 +1251,12 @@
return 0;
}
#else
/* if BUILDING_WOLFSSL, spinlock.h will have already been included
* recursively above, with the bevy of warnings suppressed, and the
* below include will be a redundant no-op.
*/
#include <linux/spinlock.h>
typedef struct wolfSSL_Mutex {
spinlock_t lock;
unsigned long irq_flags;

3
linuxkm/lkcapi_sha_glue.c
View File

@@ -980,6 +980,9 @@ static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx)
if (ctx->rngs[i].lock != 0) {
/* better to leak than to crash. */
pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i);
ctx->rngs = NULL;
ctx->n_rngs = 0;
return;
}
else
wc_FreeRng(&ctx->rngs[i].rng);

6
linuxkm/module_hooks.c
View File

@@ -672,10 +672,10 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states;
wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.wc_can_save_vector_registers_x86 = wc_can_save_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states;
wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.wc_restore_vector_registers_x86 = wc_restore_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.wc_save_vector_registers_x86 = wc_save_vector_registers_x86;
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */

24
linuxkm/x86_vector_register_glue.c
View File

@@ -233,7 +233,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
if (unlikely(wc_linuxkm_fpu_states == NULL)) {
if (! assume_fpu_began) {
/* this was just a quick check for whether we're in a recursive
* save_vector_registers_x86(). we're not.
* wc_save_vector_registers_x86(). we're not.
*/
return NULL;
}
@@ -253,7 +253,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
}
if (! assume_fpu_began) {
/* this was just a quick check for whether we're in a recursive
* save_vector_registers_x86(). we're not.
* wc_save_vector_registers_x86(). we're not.
*
* if we're in a softirq context, we'll always wind up here, because
* processes with entries in wc_linuxkm_fpu_states[] always have
@@ -296,7 +296,7 @@ static inline void wc_linuxkm_fpu_state_release(
__atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
}
WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
WARN_UNUSED_RESULT int wc_can_save_vector_registers_x86(void)
{
struct wc_thread_fpu_count_ent *pstate;
@@ -329,7 +329,7 @@ WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
return 0;
}
WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags)
{
struct wc_thread_fpu_count_ent *pstate;
@@ -338,7 +338,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
* a second look at preempt_count().
*/
if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id());
VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id());
return WC_ACCEL_INHIBIT_E;
}
@@ -362,7 +362,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
== WC_FPU_COUNT_MASK))
{
pr_err("ERROR: save_vector_registers_x86 recursion register overflow for "
pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for "
"pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id());
return BAD_STATE_E;
} else {
@@ -396,7 +396,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
local_bh_disable();
if (preempt_count() == 0) {
VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n",
VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n",
raw_smp_processor_id());
#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
(LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
@@ -459,13 +459,13 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
pstate->fpu_state = 1U;
if (preempt_count() == 0) {
VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n",
VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n",
raw_smp_processor_id());
}
return 0;
} else {
VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id());
VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id());
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
dump_stack();
#endif
@@ -475,19 +475,19 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
__builtin_unreachable();
}
void restore_vector_registers_x86(void)
void wc_restore_vector_registers_x86(void)
{
struct wc_thread_fpu_count_ent *pstate;
if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called from interrupt handler on CPU %d.\n",
VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called from interrupt handler on CPU %d.\n",
raw_smp_processor_id());
return;
}
pstate = wc_linuxkm_fpu_state_assoc(0, 1);
if (unlikely(pstate == NULL)) {
VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called by pid %d on CPU %d "
VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d "
"with no saved state.\n", task_pid_nr(current),
raw_smp_processor_id());
return;

187
wolfcrypt/benchmark/benchmark.c
View File

@@ -2543,6 +2543,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
total = current_time(0) - start;
WC_RELAX_LONG_LOOP();
#if defined(WOLFSSL_ESPIDF) && defined(DEBUG_WOLFSSL_BENCHMARK_TIMING)
ESP_LOGI(TAG, "%s total_cycles = %llu", desc, total_cycles);
#endif
@@ -2773,6 +2775,8 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
total = current_time(0) - start;
WC_RELAX_LONG_LOOP();
#ifdef LINUX_RUSAGE_UTIME
check_for_excessive_stime(algo, strength, desc, desc_extra);
#endif
@@ -5010,7 +5014,13 @@ static void bench_aesecb_internal(int useDeviceID,
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
&times, outer_loop_limit, &pending)) {
#ifdef HAVE_FIPS
#if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0)
ret = wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
if (ret != 0)
goto exit_aes_enc;
#else
wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
#endif
#else
wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain,
benchSz);
@@ -5061,7 +5071,13 @@ exit_aes_enc:
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
&times, outer_loop_limit, &pending)) {
#ifdef HAVE_FIPS
#if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0)
ret = wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
if (ret != 0)
goto exit_aes_dec;
#else
wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
#endif
#else
wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher,
benchSz);
@@ -9814,8 +9830,13 @@ exit_decap:
void bench_mlkem(int type)
{
KyberKey key1;
KyberKey key2;
#ifdef WOLFSSL_SMALL_STACK
KyberKey *key1 = NULL;
KyberKey *key2 = NULL;
#else
KyberKey key1[1];
KyberKey key2[1];
#endif
const char* name = NULL;
int keySize = 0;
@@ -9864,14 +9885,30 @@ void bench_mlkem(int type)
return;
}
bench_mlkem_keygen(type, name, keySize, &key1);
#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
bench_mlkem_encap(type, name, keySize, &key1, &key2);
#ifdef WOLFSSL_SMALL_STACK
key1 = (KyberKey *)XMALLOC(sizeof(*key1), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key1 == NULL)
return;
key2 = (KyberKey *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key2 == NULL) {
XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return;
}
#endif
wc_KyberKey_Free(&key2);
wc_KyberKey_Free(&key1);
bench_mlkem_keygen(type, name, keySize, key1);
#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
bench_mlkem_encap(type, name, keySize, key1, key2);
#endif
wc_KyberKey_Free(key2);
wc_KyberKey_Free(key1);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
#endif
@@ -10079,7 +10116,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
printf("error: wc_InitRng failed: %d\n", ret);
return;
}
@@ -10113,27 +10150,27 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n",
printf("error: wc_LmsKey_GetParameters failed: %d\n",
ret);
goto exit_lms_keygen;
}
ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n",
printf("error: wc_LmsKey_SetWriteCb failed: %d\n",
ret);
goto exit_lms_keygen;
}
ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
goto exit_lms_keygen;
}
ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n",
printf("error: wc_LmsKey_SetContext failed: %d\n",
ret);
goto exit_lms_keygen;
}
@@ -10162,7 +10199,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
printf("error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
}
exit_lms_keygen:
@@ -10296,19 +10333,19 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", ret);
printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret);
goto exit_lms_sign_verify;
}
ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
goto exit_lms_sign_verify;
}
ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret);
printf("error: wc_LmsKey_SetContext failed: %d\n", ret);
goto exit_lms_sign_verify;
}
@@ -10609,7 +10646,7 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
printf("error: wc_InitRng failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
@@ -10617,24 +10654,24 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID);
if (ret != 0) {
fprintf(stderr, "wc_XmssKey_Init failed: %d\n", ret);
printf("wc_XmssKey_Init failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_SetParamStr(&key, params);
if (ret != 0) {
fprintf(stderr, "wc_XmssKey_SetParamStr failed: %d\n", ret);
printf("wc_XmssKey_SetParamStr failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_GetPubLen(&key, &pkSz);
if (ret != 0) {
fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret);
printf("wc_XmssKey_GetPubLen failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
#ifndef WOLFSSL_WC_XMSS
if (pkSz != XMSS_SHA256_PUBLEN) {
fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz,
printf("error: xmss pub len: got %u, expected %d\n", pkSz,
XMSS_SHA256_PUBLEN);
goto exit_xmss_sign_verify;
}
@@ -10642,53 +10679,53 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_XmssKey_GetPrivLen(&key, &skSz);
if (ret != 0 || skSz <= 0) {
fprintf(stderr, "error: wc_XmssKey_GetPrivLen failed\n");
printf("error: wc_XmssKey_GetPrivLen failed\n");
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_GetSigLen(&key, &sigSz);
if (ret != 0 || sigSz <= 0) {
fprintf(stderr, "error: wc_XmssKey_GetSigLen failed\n");
printf("error: wc_XmssKey_GetSigLen failed\n");
goto exit_xmss_sign_verify;
}
/* Allocate secret keys.*/
sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sk == NULL) {
fprintf(stderr, "error: allocate xmss sk failed\n");
printf("error: allocate xmss sk failed\n");
goto exit_xmss_sign_verify;
}
/* Allocate signature array. */
sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL) {
fprintf(stderr, "error: allocate xmss sig failed\n");
printf("error: allocate xmss sig failed\n");
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem);
if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetWriteCb failed: %d\n", ret);
printf("error: wc_XmssKey_SetWriteCb failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem);
if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetReadCb failed: %d\n", ret);
printf("error: wc_XmssKey_SetReadCb failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
ret = wc_XmssKey_SetContext(&key, (void *)sk);
if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret);
printf("error: wc_XmssKey_SetContext failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "params: %s\n", params);
fprintf(stderr, "pkSz: %d\n", pkSz);
fprintf(stderr, "skSz: %d\n", skSz);
fprintf(stderr, "sigSz: %d\n", sigSz);
printf("params: %s\n", params);
printf("pkSz: %d\n", pkSz);
printf("skSz: %d\n", skSz);
printf("sigSz: %d\n", sigSz);
#endif
/* Making the private key is the bottleneck for larger heights. */
@@ -14232,18 +14269,45 @@ static const int sizeof_bench_dilithium_level5_sig =
void bench_dilithiumKeySign(byte level)
{
int ret = 0;
dilithium_key key;
double start;
int i, count;
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte sig[DILITHIUM_MAX_SIG_SIZE];
byte msg[512];
word32 x = 0;
#endif
#define DILITHIUM_BENCH_MSG_SIZE 512
#ifdef WOLFSSL_SMALL_STACK
dilithium_key *key = NULL;
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte *sig = NULL;
byte *msg = NULL;
#endif
#else
dilithium_key key[1];
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte sig[DILITHIUM_MAX_SIG_SIZE];
byte msg[DILITHIUM_BENCH_MSG_SIZE];
#endif
#endif
const char**desc = bench_desc_words[lng_index];
DECLARE_MULTI_VALUE_STATS_VARS()
byte params = 0;
#ifdef WOLFSSL_SMALL_STACK
key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
sig = (byte *)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
msg = (byte *)XMALLOC(DILITHIUM_BENCH_MSG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if ((key == NULL) || (sig == NULL) || (msg == NULL)) {
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
key = NULL;
goto out;
}
#endif /* WOLFSSL_SMALL_STACK */
if (level == 2) {
params = 44;
}
@@ -14256,18 +14320,18 @@ void bench_dilithiumKeySign(byte level)
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
/* make dummy msg */
for (i = 0; i < (int)sizeof(msg); i++) {
for (i = 0; i < DILITHIUM_BENCH_MSG_SIZE; i++) {
msg[i] = (byte)i;
}
#endif
ret = wc_dilithium_init(&key);
ret = wc_dilithium_init(key);
if (ret != 0) {
printf("wc_dilithium_init failed %d\n", ret);
return;
goto out;
}
ret = wc_dilithium_set_level(&key, level);
ret = wc_dilithium_set_level(key, level);
if (ret != 0) {
printf("wc_dilithium_set_level() failed %d\n", ret);
}
@@ -14276,10 +14340,10 @@ void bench_dilithiumKeySign(byte level)
bench_stats_start(&count, &start);
do {
for (i = 0; i < agreeTimes; i++) {
ret = wc_dilithium_make_key(&key, GLOBAL_RNG);
ret = wc_dilithium_make_key(key, GLOBAL_RNG);
if (ret != 0) {
printf("wc_dilithium_import_private_key failed %d\n", ret);
return;
goto out;
}
}
count += i;
@@ -14302,24 +14366,24 @@ void bench_dilithiumKeySign(byte level)
#ifndef WOLFSSL_NO_ML_DSA_44
if (level == 2) {
ret = wc_dilithium_import_private(bench_dilithium_level2_key,
sizeof_bench_dilithium_level2_key, &key);
sizeof_bench_dilithium_level2_key, key);
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
if (level == 3) {
ret = wc_dilithium_import_private(bench_dilithium_level3_key,
sizeof_bench_dilithium_level3_key, &key);
sizeof_bench_dilithium_level3_key, key);
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
if (level == 5) {
ret = wc_dilithium_import_private(bench_dilithium_level5_key,
sizeof_bench_dilithium_level5_key, &key);
sizeof_bench_dilithium_level5_key, key);
}
#endif
if (ret != 0) {
printf("Failed to load private key\n");
return;
goto out;
}
#endif
@@ -14341,7 +14405,7 @@ void bench_dilithiumKeySign(byte level)
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key,
ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key,
GLOBAL_RNG);
if (ret != 0) {
printf("wc_dilithium_sign_msg failed\n");
@@ -14377,7 +14441,7 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level2_sig, x);
#endif
ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey,
sizeof_bench_dilithium_level2_pubkey, &key);
sizeof_bench_dilithium_level2_pubkey, key);
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
@@ -14387,7 +14451,7 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level3_sig, x);
#endif
ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey,
sizeof_bench_dilithium_level3_pubkey, &key);
sizeof_bench_dilithium_level3_pubkey, key);
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
@@ -14397,12 +14461,12 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level5_sig, x);
#endif
ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey,
sizeof_bench_dilithium_level5_pubkey, &key);
sizeof_bench_dilithium_level5_pubkey, key);
}
#endif
if (ret != 0) {
printf("Failed to load public key\n");
return;
goto out;
}
#endif
@@ -14415,8 +14479,8 @@ void bench_dilithiumKeySign(byte level)
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
int verify = 0;
ret = wc_dilithium_verify_msg(sig, x, msg, sizeof(msg),
&verify, &key);
ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE,
&verify, key);
if (ret != 0 || verify != 1) {
printf("wc_dilithium_verify_msg failed %d, verify %d\n",
@@ -14442,7 +14506,22 @@ void bench_dilithiumKeySign(byte level)
}
#endif
wc_dilithium_free(&key);
out:
#ifdef WOLFSSL_SMALL_STACK
if (key)
#endif
{
wc_dilithium_free(key);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
}
#endif /* HAVE_DILITHIUM */

87
wolfcrypt/test/test.c
View File

@@ -18352,7 +18352,8 @@ static wc_test_ret_t random_rng_test(void)
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#ifdef WC_RNG_SEED_CB
#if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
static int seed_cb(OS_Seed* os, byte* output, word32 sz)
{
word32 i;
@@ -18365,16 +18366,73 @@ static int seed_cb(OS_Seed* os, byte* output, word32 sz)
static wc_test_ret_t rng_seed_test(void)
{
#ifndef HAVE_FIPS
/* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and
* SEED_BLOCK_SZ, which depend on which seed back end is configured.
*/
#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED)
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5,
0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35,
0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50,
0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84
};
#else
/* FIPS uses a longer seed, so different check value. */
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7,
0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d,
0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50,
0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35
};
#endif
#elif defined(HAVE_ENTROPY_MEMUSE) && \
(defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND))
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16,
0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e,
0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d,
0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79,
0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13,
0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39,
0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45
};
#endif
#elif defined(HAVE_AMD_RDSEED)
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0,
0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10,
0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f,
0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98
};
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b,
0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f,
0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6,
0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b
};
#endif
#elif defined(HAVE_FIPS)
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
@@ -18382,6 +18440,14 @@ static wc_test_ret_t rng_seed_test(void)
0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
};
#endif
byte output[WC_SHA256_DIGEST_SIZE];
WC_RNG rng;
@@ -18415,7 +18481,7 @@ static wc_test_ret_t rng_seed_test(void)
out:
return ret;
}
#endif
#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
@@ -18526,7 +18592,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
#endif
/* Test the seed callback. */
#ifdef WC_RNG_SEED_CB
#if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
if ((ret = rng_seed_test()) != 0)
return ret;
#endif