Merge pull request #8983 from philljj/linuxkm_make_rsa_again

Linuxkm make rsa again
2025-07-31 11:17:29 +02:00 · 2025-07-10 09:29:29 -05:00
parent 783ab14afb e73fa74f14
commit ae48ee408e
4 changed files with 41 additions and 20 deletions
--- a/linuxkm/lkcapi_dh_glue.c
+++ b/linuxkm/lkcapi_dh_glue.c
@ -443,14 +443,10 @@ static int km_dh_reset_ctx(struct km_dh_ctx * ctx)
        }
    }

+reset_ctx_end:
    /* clear old priv and public key arrays. */
    km_dh_clear_keys(ctx);

-reset_ctx_end:
-    if (err) {
-        km_dh_clear_keys(ctx);
-    }
-
    return err;
 }

@ -885,7 +881,6 @@ static int km_dh_gen_pub(struct kpp_request *req)
    #ifdef WOLFKM_DEBUG_DH
    pr_info("info: exiting km_dh_gen_pub: %d", ctx->pub_len);
    #endif /* WOLFKM_DEBUG_DH */
-
    return err;
 }

--- a/linuxkm/lkcapi_ecdh_glue.c
+++ b/linuxkm/lkcapi_ecdh_glue.c
@ -534,7 +534,6 @@ ecdh_gen_pub_end:
    #ifdef WOLFKM_DEBUG_ECDH
    pr_info("info: exiting km_ecdh_gen_pub: %d", err);
    #endif /* WOLFKM_DEBUG_ECDH */
-
    return err;
 }

@ -717,7 +716,6 @@ static int linuxkm_test_ecdh_nist_p192(void)
                                       b_pub, expected_a_pub, sizeof(b_pub),
                                       secret, sizeof(secret),
                                       shared_secret, sizeof(shared_secret));
-
    return rc;
 }
 #endif /* LINUXKM_ECC192 */
@ -777,7 +775,6 @@ static int linuxkm_test_ecdh_nist_p256(void)
                                       b_pub, expected_a_pub, sizeof(b_pub),
                                       secret, sizeof(secret),
                                       shared_secret, sizeof(shared_secret));
-
    return rc;
 }

@ -849,7 +846,6 @@ static int linuxkm_test_ecdh_nist_p384(void)
                                       b_pub, expected_a_pub, sizeof(b_pub),
                                       secret, sizeof(secret),
                                       shared_secret, sizeof(shared_secret));
-
    return rc;
 }

@ -991,7 +987,6 @@ test_ecdh_nist_end:
    #ifdef WOLFKM_DEBUG_ECDH
    pr_info("info: %s: self test returned: %d\n", driver, test_rc);
    #endif /* WOLFKM_DEBUG_ECDH */
-
    return test_rc;
 }

--- a/linuxkm/lkcapi_ecdsa_glue.c
+++ b/linuxkm/lkcapi_ecdsa_glue.c
@ -496,7 +496,6 @@ static int linuxkm_test_ecdsa_nist_p192(void)
                                        p192_pub, pub_len,
                                        sig, sig_len,
                                        hash, hash_len);
-
    return rc;
 }
 #endif /* LINUXKM_ECC192 */
@ -840,7 +839,6 @@ test_ecdsa_nist_end:
    #ifdef WOLFKM_DEBUG_ECDSA
    pr_info("info: %s: self test returned: %d\n", driver, test_rc);
    #endif /* WOLFKM_DEBUG_ECDSA */
-
    return test_rc;
 }

--- a/linuxkm/lkcapi_rsa_glue.c
+++ b/linuxkm/lkcapi_rsa_glue.c
@ -719,6 +719,7 @@ static int km_direct_rsa_enc(struct akcipher_request *req)
 rsa_enc_out:
    if (enc != NULL) { free(enc); enc = NULL; }
    if (dec != NULL) { free(dec); dec = NULL; }
+
    #ifdef WOLFKM_DEBUG_RSA
    pr_info("info: exiting km_direct_rsa_enc\n");
    #endif /* WOLFKM_DEBUG_RSA */
@ -937,9 +938,7 @@ static int km_rsa_set_pub(struct crypto_akcipher *tfm, const void *key,
 static unsigned int km_rsa_max_size(struct crypto_akcipher *tfm)
 {
    struct km_rsa_ctx * ctx = NULL;
-
    ctx = akcipher_tfm_ctx(tfm);
-
    return (unsigned int) ctx->key_len;
 }

@ -1134,7 +1133,6 @@ pkcs1pad_sign_out:
    pr_info("info: exiting km_pkcs1pad_sign msg_len %d, enc_msg_len %d,"
            " sig_len %d, err %d", req->src_len, enc_len, sig_len, err);
    #endif /* WOLFKM_DEBUG_RSA */
-
    return err;
 }

@ -1379,7 +1377,6 @@ pkcs1_sign_out:
    pr_info("info: exiting km_pkcs1_sign msg_len %d, enc_msg_len %d,"
            " sig_len %d, err %d", slen, enc_msg_len, sig_len, err);
    #endif /* WOLFKM_DEBUG_RSA */
-
    return err;
 }

@ -2075,7 +2072,19 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits)
    }
    #endif /* WC_RSA_BLINDING */

-    ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+    for (;;) {
+    #endif
+        ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+        /* Retry if not prime. */
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) {
+            continue;
+        }
+        break;
+    }
+    #endif
+
    if (ret) {
        pr_err("error: make rsa key returned: %d\n", ret);
        goto test_rsa_end;
@ -2431,7 +2440,19 @@ static int linuxkm_test_pkcs1pad_driver(const char * driver, int nbits,
    }
    #endif /* WC_RSA_BLINDING */

-    ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+    for (;;) {
+    #endif
+        ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+        /* Retry if not prime. */
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) {
+            continue;
+        }
+        break;
+    }
+    #endif
+
    if (ret) {
        pr_err("error: make rsa key returned: %d\n", ret);
        test_rc = ret;
@ -2929,7 +2950,19 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
    }
    #endif /* WC_RSA_BLINDING */

-    ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+    for (;;) {
+    #endif
+        ret = wc_MakeRsaKey(key, nbits, WC_RSA_EXPONENT, &rng);
+    #ifdef HAVE_FIPS
+        /* Retry if not prime. */
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) {
+            continue;
+        }
+        break;
+    }
+    #endif
+
    if (ret) {
        pr_err("error: make rsa key returned: %d\n", ret);
        test_rc = ret;