Merge pull request #9740 from douzzer/20260204-linuxkm-with-global-replace-etc

20260204-linuxkm-with-global-replace-etc
This commit is contained in:
David Garske
2026-02-04 19:07:06 -08:00
committed by GitHub
5 changed files with 35 additions and 29 deletions
-1
View File
@@ -637,7 +637,6 @@ WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
WC_RWLOCK_OPS_INLINE
WC_SHA3_HARDEN
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
+5 -7
View File
@@ -1383,13 +1383,13 @@ then
esac
fi
# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM. Disable
# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable
# implicit activation, and error on explicit activation.
if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
if test "$enable_riscv_asm" = "yes"
then
if test "$enable_aesgcm_stream" = "yes"
then
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
fi
enable_aesgcm_stream=no
fi
@@ -10689,11 +10689,9 @@ then
if test "$ENABLED_AESGCM" = "no"
then
AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
elif test "$ENABLED_RISCV_ASM" = "yes" || \
(test "$ENABLED_ARMASM" = "yes" && \
test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
elif test "$ENABLED_RISCV_ASM" = "yes"
then
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
+4 -3
View File
@@ -545,9 +545,10 @@
* to assure that calls to get_random_bytes() in random.c are gated out
* (they would recurse, potentially infinitely).
*/
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
#if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
!defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
#endif
+25 -16
View File
@@ -30,6 +30,22 @@
#error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported.
#endif
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \
defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
#define LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#else
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#endif
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/hmac.h>
@@ -94,7 +110,14 @@
* exhaustion. A caller that really needs PR can pass in seed data in its call
* to our rng_alg.generate() implementation.
*/
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX)
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
WOLFKM_DRIVER_SUFFIX_BASE \
"-with-global-replace")
#else
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
WOLFKM_DRIVER_SUFFIX_BASE)
#endif
#ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL
#define LINUXKM_LKCAPI_REGISTER_SHA1
@@ -388,7 +411,7 @@
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
#error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG
#endif
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
#endif
@@ -1257,20 +1280,6 @@ static struct rng_alg wc_linuxkm_drbg = {
};
static int wc_linuxkm_drbg_loaded = 0;
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
#define LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#else
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#endif
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#ifndef WOLFSSL_SMALL_STACK_CACHE
+1 -2
View File
@@ -4341,7 +4341,6 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
const byte* iv, int dir)
{
int ret;
if ((aes == NULL) || (userKey == NULL)) {
return BAD_FUNC_ARG;
}
@@ -4367,7 +4366,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
#ifdef WOLF_CRYPTO_CB
if (aes->devId != INVALID_DEVID) {
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;