diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index af5a97f080..246ded2a45 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -637,7 +637,6 @@ WC_RSA_NONBLOCK WC_RSA_NONBLOCK_TIME WC_RSA_NO_FERMAT_CHECK WC_RWLOCK_OPS_INLINE -WC_SHA3_HARDEN WC_SHA384 WC_SHA384_DIGEST_SIZE WC_SHA512 diff --git a/configure.ac b/configure.ac index e248005e0b..e2e333d57b 100644 --- a/configure.ac +++ b/configure.ac @@ -1383,13 +1383,13 @@ then esac fi -# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM. Disable +# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable # implicit activation, and error on explicit activation. -if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be") +if test "$enable_riscv_asm" = "yes" then if test "$enable_aesgcm_stream" = "yes" then - AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.]) + AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.]) fi enable_aesgcm_stream=no fi @@ -10689,11 +10689,9 @@ then if test "$ENABLED_AESGCM" = "no" then AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.]) - elif test "$ENABLED_RISCV_ASM" = "yes" || \ - (test "$ENABLED_ARMASM" = "yes" && \ - test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be") + elif test "$ENABLED_RISCV_ASM" = "yes" then - AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.]) + AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.]) else AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 00e7e45d3e..ebe0d64bc5 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -545,9 +545,10 @@ * to assure that calls to get_random_bytes() in random.c are gated out * (they would recurse, potentially infinitely). */ - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ - !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \ - !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \ + #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \ + !defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \ !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT #endif diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 1bdc56a8ac..bf2a16c929 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -30,6 +30,22 @@ #error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported. #endif +#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES + #undef LINUXKM_DRBG_GET_RANDOM_BYTES +/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */ +#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ + (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \ + defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES)) + #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES + #define LINUXKM_DRBG_GET_RANDOM_BYTES + #endif +#else + #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES + #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured. + #undef LINUXKM_DRBG_GET_RANDOM_BYTES + #endif +#endif + #include #include @@ -94,7 +110,14 @@ * exhaustion. A caller that really needs PR can pass in seed data in its call * to our rng_alg.generate() implementation. */ -#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX) +#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES + #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \ + WOLFKM_DRIVER_SUFFIX_BASE \ + "-with-global-replace") +#else + #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \ + WOLFKM_DRIVER_SUFFIX_BASE) +#endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL #define LINUXKM_LKCAPI_REGISTER_SHA1 @@ -388,7 +411,7 @@ #else #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \ !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) - #error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3 + #error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG #endif #undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG #endif @@ -1257,20 +1280,6 @@ static struct rng_alg wc_linuxkm_drbg = { }; static int wc_linuxkm_drbg_loaded = 0; -#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES - #undef LINUXKM_DRBG_GET_RANDOM_BYTES -#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ - (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES)) - #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES - #define LINUXKM_DRBG_GET_RANDOM_BYTES - #endif -#else - #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES - #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured. - #undef LINUXKM_DRBG_GET_RANDOM_BYTES - #endif -#endif - #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES #ifndef WOLFSSL_SMALL_STACK_CACHE diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 3807566bdd..7217c7f871 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4341,7 +4341,6 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { - int ret; if ((aes == NULL) || (userKey == NULL)) { return BAD_FUNC_ARG; } @@ -4367,7 +4366,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) { #ifdef WOLF_CRYPTO_CB_AES_SETKEY - ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen); + int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen); if (ret == 0) { /* Callback succeeded - SE owns the key */ aes->keylen = (int)keylen;