wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 05:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8614 from douzzer/20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb

Browse Source 
20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb
This commit is contained in:
Sean Parkinson
2025-04-03 10:45:04 +10:00
committed by GitHub
parent 2210ec8839 13c73a9691
commit c29fba5b7e
15 changed files with 1840 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/intelasm-c-fallback.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
matrix: matrix:
config: [ config: [
# Add new configs here # Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"' '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
] ]
name: make check name: make check
if: github.repository_owner == 'wolfssl' if: github.repository_owner == 'wolfssl'

1
.wolfssl_known_macro_extras
View File

@@ -548,6 +548,7 @@ WC_SHA384_DIGEST_SIZE
WC_SHA512 WC_SHA512
WC_SSIZE_TYPE WC_SSIZE_TYPE
WC_STRICT_SIG WC_STRICT_SIG
WC_WANT_FLAG_DONT_USE_AESNI
WC_XMSS_FULL_HASH WC_XMSS_FULL_HASH
WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
WOLFSENTRY_H WOLFSENTRY_H

3
Makefile.am
View File

@@ -213,7 +213,8 @@ if BUILD_LINUXKM
EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \ EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \ AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
AM_CCASFLAGS CCASFLAGS \ AM_CCASFLAGS CCASFLAGS \
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_PIE ENABLED_ASM \ src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_LKCAPI_REGISTER \
ENABLED_LINUXKM_PIE ENABLED_ASM \
CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \ CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \ CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \
ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \ ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \

54
configure.ac
View File

@@ -498,7 +498,8 @@ AS_CASE([$ENABLED_FIPS],
[v5-dev],[ [v5-dev],[
FIPS_VERSION="v5-dev" FIPS_VERSION="v5-dev"
HAVE_FIPS_VERSION_MAJOR=5 HAVE_FIPS_VERSION_MAJOR=5
HAVE_FIPS_VERSION_MINOR=3 HAVE_FIPS_VERSION_MINOR=2
HAVE_FIPS_VERSION_PATCH=1
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all) # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
], ],
@@ -678,7 +679,7 @@ AC_SUBST([ENABLED_LINUXKM_BENCHMARKS])
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC"
if test "$ENABLED_LINUXKM_PIE" = "yes"; then if test "$ENABLED_LINUXKM_PIE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
fi fi
@@ -1243,7 +1244,6 @@ then
test "$enable_aesgcm" = "" && enable_aesgcm=yes test "$enable_aesgcm" = "" && enable_aesgcm=yes
test "$enable_aesccm" = "" && enable_aesccm=yes test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aeseax" = "" && enable_aeseax=yes
test "$enable_aesofb" = "" && enable_aesofb=yes test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
@@ -1318,6 +1318,8 @@ then
test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
test "$enable_aessiv" = "" && enable_aessiv=yes
test "$enable_aeseax" = "" && enable_aeseax=yes
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then then
@@ -1331,7 +1333,6 @@ then
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesxts" = "" && enable_aesxts=yes test "$enable_aesxts" = "" && enable_aesxts=yes
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
test "$enable_aessiv" = "" && enable_aessiv=yes
test "$enable_shake128" = "" && enable_shake128=yes test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes test "$enable_shake256" = "" && enable_shake256=yes
test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes
@@ -3507,6 +3508,13 @@ AC_ARG_ENABLE([aesni],
[ ENABLED_AESNI=no ] [ ENABLED_AESNI=no ]
) )
# INTEL AES-NI with AVX
AC_ARG_ENABLE([aesni-with-avx],
[AS_HELP_STRING([--enable-aesni-with-avx],[Enable AES-NI with additional AVX acceleration for AES (default: disabled)])],
[ ENABLED_AESNI_WITH_AVX=$enableval ],
[ ENABLED_AESNI_WITH_AVX=no ]
)
# INTEL ASM # INTEL ASM
AC_ARG_ENABLE([intelasm], AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])], [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
@@ -3522,6 +3530,17 @@ then
ENABLED_AESNI=yes ENABLED_AESNI=yes
fi fi
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
ENABLED_AESNI_WITH_AVX=yes
elif test "$ENABLED_AESNI_WITH_AVX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP_FOR_AES"
ENABLED_AESNI=yes
fi
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes" if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
@@ -3547,12 +3566,6 @@ then
AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"]) AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"])
fi fi
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64" if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
then then
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD"
@@ -9320,7 +9333,7 @@ if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
then then
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER" AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_FIPS" = "no"; then if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
ENABLED_AESGCM_STREAM=yes ENABLED_AESGCM_STREAM=yes
fi fi
@@ -9338,15 +9351,31 @@ then
'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.]) 'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.]) 'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
'rfc4106(gcm(aes))') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106" ;;
'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.]) 'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.]) test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
'ctr(aes)') test "$ENABLED_AESCTR" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CTR implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCTR" ;;
'ofb(aes)') test "$ENABLED_AESOFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-OFB implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESOFB" ;;
'ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESECB -DHAVE_AES_ECB" ;;
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
'-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
'-gcm(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM" ;;
'-rfc4106(gcm(aes))')
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106" ;;
'-xts(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESXTS" ;;
'-ctr(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCTR" ;;
'-ofb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESOFB" ;;
'-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;; *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
esac esac
done done
fi fi
AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER])
# Library Suffix # Library Suffix
LIBSUFFIX="" LIBSUFFIX=""
@@ -10821,6 +10850,7 @@ echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4" echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES" echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI" echo " * AES-NI: $ENABLED_AESNI"
echo " * AVX for AES: $ENABLED_AESNI_WITH_AVX"
echo " * AES-CBC: $ENABLED_AESCBC" echo " * AES-CBC: $ENABLED_AESCBC"
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS" echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
echo " * AES-GCM: $ENABLED_AESGCM" echo " * AES-GCM: $ENABLED_AESGCM"

2
linuxkm/Makefile
View File

@@ -43,6 +43,8 @@ WOLFSSL_OBJ_FILES=$(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/
ifeq "$(ENABLED_CRYPT_TESTS)" "yes" ifeq "$(ENABLED_CRYPT_TESTS)" "yes"
WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o
else ifneq "$(ENABLED_LINUXKM_LKCAPI_REGISTER)" "none"
WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o
else else
WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST
endif endif

1754
linuxkm/lkcapi_glue.c
View File

File diff suppressed because it is too large Load Diff

2
linuxkm/module_hooks.c
View File

@@ -45,7 +45,7 @@
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h> #include <wolfssl/wolfcrypt/fips_test.h>
#endif #endif
#ifndef NO_CRYPT_TEST #if !defined(NO_CRYPT_TEST) || defined(LINUXKM_LKCAPI_REGISTER)
#include <wolfcrypt/test/test.h> #include <wolfcrypt/test/test.h>
#endif #endif
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>

16
src/include.am
View File

@@ -72,10 +72,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM if BUILD_X86_ASM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
else else
if BUILD_AESGCM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
if BUILD_AESXTS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
endif endif
endif endif
endif
if BUILD_DES3 if BUILD_DES3
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/des3.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/des3.c
@@ -194,10 +198,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM if BUILD_X86_ASM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
else else
if BUILD_AESGCM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
if BUILD_AESXTS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
endif endif
endif endif
endif
if BUILD_RISCV_ASM if BUILD_RISCV_ASM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -397,10 +405,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM if BUILD_X86_ASM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
else else
if BUILD_AESGCM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
if BUILD_AESXTS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
endif endif
endif endif
endif
if BUILD_SHA if BUILD_SHA
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
@@ -1100,11 +1112,15 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
if BUILD_X86_ASM if BUILD_X86_ASM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
else else
if BUILD_AESGCM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
endif
if BUILD_AESXTS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
endif endif
endif endif
endif endif
endif
if BUILD_CAMELLIA if BUILD_CAMELLIA
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/camellia.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/camellia.c

58
wolfcrypt/src/aes.c
View File

@@ -4575,12 +4575,53 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
#endif /* WC_C_DYNAMIC_FALLBACK */ #endif /* WC_C_DYNAMIC_FALLBACK */
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
aes->use_aesni = 0;
/* The dynamics for determining whether AES-NI will be used are tricky.
*
* First, we check for CPU support and cache the result -- if AES-NI is
* missing, we always shortcut to the AesSetKey_C() path.
*
* Second, if the CPU supports AES-NI, we confirm on a per-call basis
* that it's safe to use in the caller context, using
* SAVE_VECTOR_REGISTERS2(). This is an always-true no-op in user-space
* builds, but has substantive logic behind it in kernel module builds.
*
* The outcome when SAVE_VECTOR_REGISTERS2() fails depends on
* WC_C_DYNAMIC_FALLBACK -- if that's defined, we return immediately with
* success but with AES-NI disabled (the earlier AesSetKey_C() allows
* future encrypt/decrypt calls to succeed), otherwise we fail.
*
* Upon successful return, aes->use_aesni will have a zero value if
* AES-NI is disabled, and a nonzero value if it's enabled.
*
* An additional, optional semantic is available via
* WC_FLAG_DONT_USE_AESNI, and is used in some kernel module builds to
* let the caller inhibit AES-NI. When this macro is defined,
* wc_AesInit() before wc_AesSetKey() is imperative, to avoid a read of
* uninitialized data in aes->use_aesni. That's why support for
* WC_FLAG_DONT_USE_AESNI must remain optional -- wc_AesInit() was only
* added in release 3.11.0, so legacy applications inevitably call
* wc_AesSetKey() on uninitialized Aes contexts. This must continue to
* function correctly with default build settings.
*/
if (checkedAESNI == 0) { if (checkedAESNI == 0) {
haveAESNI = Check_CPU_support_AES(); haveAESNI = Check_CPU_support_AES();
checkedAESNI = 1; checkedAESNI = 1;
} }
if (haveAESNI) { if (haveAESNI
#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK)
&& (aes->use_aesni != WC_FLAG_DONT_USE_AESNI)
#endif
)
{
#if defined(WC_FLAG_DONT_USE_AESNI)
if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) {
aes->use_aesni = 0;
return 0;
}
#endif
aes->use_aesni = 0;
#ifdef WOLFSSL_LINUXKM #ifdef WOLFSSL_LINUXKM
/* runtime alignment check */ /* runtime alignment check */
if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) { if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) {
@@ -4614,6 +4655,15 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
#endif #endif
} }
} }
else {
aes->use_aesni = 0;
#ifdef WC_C_DYNAMIC_FALLBACK
/* If WC_C_DYNAMIC_FALLBACK, we already called AesSetKey_C()
* above.
*/
return 0;
#endif
}
#endif /* WOLFSSL_AESNI */ #endif /* WOLFSSL_AESNI */
#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
@@ -12993,6 +13043,10 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
#if defined(USE_INTEL_SPEEDUP_FOR_AES) && !defined(USE_INTEL_SPEEDUP)
#define USE_INTEL_SPEEDUP
#endif
#if defined(USE_INTEL_SPEEDUP) #if defined(USE_INTEL_SPEEDUP)
#define HAVE_INTEL_AVX1 #define HAVE_INTEL_AVX1
#define HAVE_INTEL_AVX2 #define HAVE_INTEL_AVX2

2
wolfcrypt/src/aes_xts_asm.S
View File

@@ -41,7 +41,7 @@
#ifndef HAVE_INTEL_AVX1 #ifndef HAVE_INTEL_AVX1
#define HAVE_INTEL_AVX1 #define HAVE_INTEL_AVX1
#endif /* HAVE_INTEL_AVX1 */ #endif /* HAVE_INTEL_AVX1 */
#ifndef NO_AVX2_SUPPORT #if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2)
#define HAVE_INTEL_AVX2 #define HAVE_INTEL_AVX2
#endif /* NO_AVX2_SUPPORT */ #endif /* NO_AVX2_SUPPORT */

12
wolfcrypt/test/test.c
View File

@@ -41,7 +41,7 @@
#define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
#endif #endif
#ifndef NO_CRYPT_TEST #if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS)
#include <wolfssl/version.h> #include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
@@ -832,7 +832,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
/* Not all unexpected conditions are actually errors .*/ /* Not all unexpected conditions are actually errors .*/
#define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0) #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
static void render_error_message(const char* msg, wc_test_ret_t es) void wc_test_render_error_message(const char* msg, wc_test_ret_t es)
{ {
(void)msg; (void)msg;
(void)es; (void)es;
@@ -917,7 +917,7 @@ static THREAD_RETURN err_sys(const char* msg, int es)
static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es) static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
#endif #endif
{ {
render_error_message(msg, es); wc_test_render_error_message(msg, es);
print_fiducials(); print_fiducials();
#ifdef WOLFSSL_LINUXKM #ifdef WOLFSSL_LINUXKM
EXIT_TEST(es); EXIT_TEST(es);
@@ -1433,7 +1433,7 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
#endif #endif
#ifdef TEST_ALWAYS_RUN_TO_END #ifdef TEST_ALWAYS_RUN_TO_END
#define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0) #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); wc_test_render_error_message(msg, retval); } while (0)
#elif !defined(TEST_FAIL) #elif !defined(TEST_FAIL)
#define TEST_FAIL(msg, retval) return err_sys(msg, retval) #define TEST_FAIL(msg, retval) return err_sys(msg, retval)
#endif #endif
@@ -60779,8 +60779,8 @@ static void print_fiducials(void) {
fiducial1, fiducial2, fiducial3, fiducial4); fiducial1, fiducial2, fiducial3, fiducial4);
} }
#else #else /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */
#ifndef NO_MAIN_DRIVER #ifndef NO_MAIN_DRIVER
int main(void) { return 0; } int main(void) { return 0; }
#endif #endif
#endif /* NO_CRYPT_TEST */ #endif /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */

289
wolfcrypt/test/test.h
View File

@@ -45,6 +45,8 @@ THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args);
wc_test_ret_t wolfcrypt_test(void* args); wc_test_ret_t wolfcrypt_test(void* args);
#endif #endif
void wc_test_render_error_message(const char* msg, wc_test_ret_t es);
#ifndef NO_MAIN_DRIVER #ifndef NO_MAIN_DRIVER
wc_test_ret_t wolfcrypt_test_main(int argc, char** argv); wc_test_ret_t wolfcrypt_test_main(int argc, char** argv);
#endif #endif
@@ -100,6 +102,293 @@ wc_static_assert(-(long)MIN_CODE_E < 0x7ffL);
#endif /* !WC_TEST_RET_HAVE_CUSTOM_MACROS */ #endif /* !WC_TEST_RET_HAVE_CUSTOM_MACROS */
#ifdef WC_TEST_EXPORT_SUBTESTS
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void);
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void);
#endif
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void);
#ifdef WOLFSSL_SM3
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void);
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
defined(WOLFSSL_AFALG_XILINX_RSA)
/* hkdf_test has issue with extern WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
static wc_test_ret_t hkdf_test(void);
#else
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void);
#endif
#endif /* HAVE_HKDF && ! NO_HMAC */
#ifdef WOLFSSL_HAVE_PRF
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
#ifdef WOLFSSL_BASE16
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void);
#endif /* WOLFSSL_BASE16 */
#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
#endif /* WOLFSSL_HAVE_PRF */
#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
#ifdef WOLFSSL_TLS13
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
#endif
#ifdef WC_SRTP_KDF
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void);
#ifdef WC_RC2
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void);
#if defined(WOLFSSL_AES_CFB)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void);
#endif
#ifdef WOLFSSL_AES_XTS
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void);
#ifdef HAVE_ASCON
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void);
#endif
#if defined(WOLFSSL_SIPHASH)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void);
#ifdef WOLFSSL_SM4
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void);
#endif
#ifdef WC_RSA_NO_PADDING
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void);
#ifndef WC_NO_RNG
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void);
#endif /* WC_NO_RNG */
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void);
#if defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_PKCS12) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
!defined(NO_CERTS) && !defined(NO_DES3)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void);
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#ifdef HAVE_ECC
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
(defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
/* skip for ATECC508/608A, cannot import private key buffers */
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
#endif
#endif
#ifdef HAVE_CURVE25519
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void);
#endif
#ifdef HAVE_ED25519
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void);
#endif
#ifdef HAVE_CURVE448
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void);
#endif
#ifdef HAVE_ED448
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void);
#endif
#ifdef WOLFSSL_HAVE_MLKEM
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
#endif
#ifdef HAVE_DILITHIUM
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void);
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void);
#endif
#if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void);
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK)
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
#endif
#endif
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
#endif
#endif
#ifdef WOLFCRYPT_HAVE_ECCSI
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void);
#endif
#ifdef WOLFCRYPT_HAVE_SAKKE
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void);
#endif
#ifdef HAVE_BLAKE2
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void);
#endif
#ifdef HAVE_BLAKE2S
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void);
#endif
#ifdef HAVE_LIBZ
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
#endif
#ifdef HAVE_PKCS7
#ifndef NO_PKCS7_ENCRYPTED_DATA
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
word32 keySz);
#endif
#endif
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
#endif
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void);
#endif
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
#if defined(WOLFSSL_PUBLIC_MP) && \
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(USE_FAST_MATH))
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
#endif
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
#endif
#if defined(ASN_BER_TO_DER) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
#endif
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
#endif
#if defined(__INCLUDE_NUTTX_CONFIG_H)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
#else
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
#endif
#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
#endif
#ifdef WOLFSSL_CAAM_BLOB
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
#endif
#ifdef HAVE_ARIA
#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
extern WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
#endif
#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
#endif
#ifdef WOLFSSL_CERT_PIV
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
#endif
#ifdef WOLFSSL_AES_SIV
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
#endif
#if defined(WOLFSSL_AES_EAX) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
#endif /* WOLFSSL_AES_EAX */
#endif /* WC_TEST_EXPORT_SUBTESTS */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

8
wolfssl/wolfcrypt/aes.h
View File

@@ -303,6 +303,14 @@ struct Aes {
#endif #endif
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
byte use_aesni; byte use_aesni;
#if defined(WOLFSSL_LINUXKM) || defined(WC_WANT_FLAG_DONT_USE_AESNI)
/* Note, we can't support WC_FLAG_DONT_USE_AESNI by default because we
* need to support legacy applications that call wc_AesSetKey() on
* uninited struct Aes. For details see the software implementation of
* wc_AesSetKeyLocal() (aes.c).
*/
#define WC_FLAG_DONT_USE_AESNI 2
#endif
#endif /* WOLFSSL_AESNI */ #endif /* WOLFSSL_AESNI */
#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)

7
wolfssl/wolfcrypt/settings.h
View File

@@ -3607,8 +3607,15 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK
#endif #endif
#ifndef WOLFSSL_TEST_SUBROUTINE #ifndef WOLFSSL_TEST_SUBROUTINE
#ifdef LINUXKM_LKCAPI_REGISTER
#define WOLFSSL_TEST_SUBROUTINE
#else
#define WOLFSSL_TEST_SUBROUTINE static #define WOLFSSL_TEST_SUBROUTINE static
#endif #endif
#endif
#ifdef LINUXKM_LKCAPI_REGISTER
#define WC_TEST_EXPORT_SUBTESTS
#endif
#undef HAVE_PTHREAD #undef HAVE_PTHREAD
/* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */ /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */
#undef HAVE_STRINGS_H #undef HAVE_STRINGS_H

4
wolfssl/wolfcrypt/sp_int.h
View File

@@ -210,8 +210,10 @@ extern "C" {
#elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64) #elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64)
#if SP_ULONG_BITS == 64 || SP_ULLONG_BITS == 64 #if SP_ULONG_BITS == 64 || SP_ULLONG_BITS == 64
#define SP_WORD_SIZE 64 #define SP_WORD_SIZE 64
#ifndef HAVE_INTEL_AVX1
#define HAVE_INTEL_AVX1 #define HAVE_INTEL_AVX1
#ifndef NO_AVX2_SUPPORT #endif
#if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2)
#define HAVE_INTEL_AVX2 #define HAVE_INTEL_AVX2
#endif #endif
#elif SP_ULONG_BITS == 32 #elif SP_ULONG_BITS == 32