mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
more LKM WIP: polish up the struct DRBG refactor ("struct DRBG_internal"), tweaks for buildability on 3.x kernels (now builds on 3.x, 4.x, and 5.x up to 5.8.1), move a slew of #[un]def[ines] from wc_port.h to settings.h where they belong, misc cleanup.
This commit is contained in:
Daniel Pouzzner
committed by
Daniel Pouzzner
Daniel Pouzzner
parent
3c2155f4a9
commit
dd825d90c4
@ -35,11 +35,6 @@
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
#include <wolfssl/internal.h>
|
||||
|
||||
#ifdef HAVE_ERRNO_H
|
||||
#include <errno.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/error-ssl.h>
|
||||
#include <wolfssl/wolfcrypt/coding.h>
|
||||
#ifdef NO_INLINE
|
||||
@ -49,6 +44,10 @@
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ERRNO_H
|
||||
#include <errno.h>
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY)
|
||||
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
|
||||
|
||||
@ -33,9 +33,6 @@
|
||||
#if defined(HAVE_CURVE448) || defined(HAVE_ED448)
|
||||
|
||||
#include <wolfssl/wolfcrypt/fe_448.h>
|
||||
#ifndef WOLFSSL_LINUXKM
|
||||
#include <stdint.h>
|
||||
#endif
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
|
||||
@ -32,9 +32,6 @@
|
||||
#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */
|
||||
|
||||
#include <wolfssl/wolfcrypt/fe_operations.h>
|
||||
#ifndef WOLFSSL_LINUXKM
|
||||
#include <stdint.h>
|
||||
#endif
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
|
||||
@ -233,7 +233,7 @@ void WOLFSSL_TIME(int count)
|
||||
#elif defined(WOLFSSL_XILINX)
|
||||
#include "xil_printf.h"
|
||||
#elif defined(WOLFSSL_LINUXKM)
|
||||
#include <linux/kernel.h>
|
||||
/* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */
|
||||
#else
|
||||
#include <stdio.h> /* for default printf stuff */
|
||||
#endif
|
||||
|
||||
@ -309,6 +309,8 @@ enum {
|
||||
drbgInitV
|
||||
};
|
||||
|
||||
typedef struct DRBG_internal DRBG;
|
||||
|
||||
static int wc_RNG_HealthTestLocal(int reseed);
|
||||
|
||||
/* Hash Derivation Function */
|
||||
@ -434,7 +436,7 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
return Hash_DRBG_Reseed(rng->drbg, seed, seedSz);
|
||||
return Hash_DRBG_Reseed((DRBG *)rng->drbg, seed, seedSz);
|
||||
}
|
||||
|
||||
static WC_INLINE void array_add_one(byte* data, word32 dataSz)
|
||||
@ -791,7 +793,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
rng->status = DRBG_FAILED;
|
||||
}
|
||||
#else
|
||||
rng->drbg = (struct DRBG*)rng->drbg_data;
|
||||
rng->drbg = (struct DRBG*)&rng->drbg_data;
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
|
||||
@ -803,7 +805,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
}
|
||||
|
||||
if (ret == DRBG_SUCCESS)
|
||||
ret = Hash_DRBG_Instantiate(rng->drbg,
|
||||
ret = Hash_DRBG_Instantiate((DRBG *)rng->drbg,
|
||||
seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
|
||||
nonce, nonceSz, rng->heap, devId);
|
||||
|
||||
@ -950,7 +952,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
if (rng->status != DRBG_OK)
|
||||
return RNG_FAILURE_E;
|
||||
|
||||
ret = Hash_DRBG_Generate(rng->drbg, output, sz);
|
||||
ret = Hash_DRBG_Generate((DRBG *)rng->drbg, output, sz);
|
||||
if (ret == DRBG_NEED_RESEED) {
|
||||
if (wc_RNG_HealthTestLocal(1) == 0) {
|
||||
byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
|
||||
@ -963,10 +965,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
|
||||
|
||||
if (ret == DRBG_SUCCESS)
|
||||
ret = Hash_DRBG_Reseed(rng->drbg, newSeed + SEED_BLOCK_SZ,
|
||||
ret = Hash_DRBG_Reseed((DRBG *)rng->drbg, newSeed + SEED_BLOCK_SZ,
|
||||
SEED_SZ);
|
||||
if (ret == DRBG_SUCCESS)
|
||||
ret = Hash_DRBG_Generate(rng->drbg, output, sz);
|
||||
ret = Hash_DRBG_Generate((DRBG *)rng->drbg, output, sz);
|
||||
|
||||
ForceZero(newSeed, sizeof(newSeed));
|
||||
}
|
||||
@ -1016,7 +1018,7 @@ int wc_FreeRng(WC_RNG* rng)
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
if (rng->drbg != NULL) {
|
||||
if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS)
|
||||
if (Hash_DRBG_Uninstantiate((DRBG *)rng->drbg) != DRBG_SUCCESS)
|
||||
ret = RNG_FAILURE_E;
|
||||
|
||||
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
|
||||
|
||||
@ -1052,6 +1052,8 @@ int wolfSSL_CryptHwMutexUnLock(void)
|
||||
|
||||
#elif defined(WOLFSSL_KTHREADS)
|
||||
|
||||
/* Linux kernel mutex routines are voids, alas. */
|
||||
|
||||
int wc_InitMutex(wolfSSL_Mutex* m)
|
||||
{
|
||||
mutex_init(m);
|
||||
@ -2289,15 +2291,20 @@ time_t wiced_pseudo_unix_epoch_time(time_t * timer)
|
||||
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM)
|
||||
|
||||
time_t time(time_t * timer)
|
||||
{
|
||||
time_t ret = ktime_get_real_seconds();
|
||||
time_t ret;
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
|
||||
struct timespec ts;
|
||||
getnstimeofday(&ts);
|
||||
ret = ts.tv_sec * 1000000000LL + ts.tv_nsec;
|
||||
#else
|
||||
ret = ktime_get_real_seconds();
|
||||
#endif
|
||||
if (timer)
|
||||
*timer = ret;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_LINUXKM */
|
||||
|
||||
#endif /* !NO_ASN_TIME */
|
||||
|
||||
@ -39,16 +39,6 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#define ALIGN_TO(x) __declspec(align(x))
|
||||
#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
|
||||
#define ALIGN_TO(x) __attribute__((aligned(x)))
|
||||
#else
|
||||
#define ALIGN_TO(x)
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
@ -87,7 +77,7 @@
|
||||
byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */
|
||||
} blake2s_param;
|
||||
|
||||
ALIGN_TO( 32 ) typedef struct __blake2s_state
|
||||
ALIGN32 typedef struct __blake2s_state
|
||||
{
|
||||
word32 h[8];
|
||||
word32 t[2];
|
||||
@ -112,7 +102,7 @@
|
||||
byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */
|
||||
} blake2b_param;
|
||||
|
||||
ALIGN_TO( 64 ) typedef struct __blake2b_state
|
||||
ALIGN64 typedef struct __blake2b_state
|
||||
{
|
||||
word64 h[8];
|
||||
word64 t[2];
|
||||
|
||||
@ -149,7 +149,7 @@ typedef struct OS_Seed {
|
||||
#define WC_RNG_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
typedef struct DRBG {
|
||||
struct DRBG_internal {
|
||||
word32 reseedCtr;
|
||||
word32 lastBlock;
|
||||
byte V[DRBG_SEED_LEN];
|
||||
@ -162,7 +162,7 @@ typedef struct DRBG {
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
wc_Sha256 sha256;
|
||||
#endif
|
||||
} DRBG;
|
||||
};
|
||||
|
||||
/* RNG context */
|
||||
struct WC_RNG {
|
||||
@ -172,7 +172,7 @@ struct WC_RNG {
|
||||
/* Hash-based Deterministic Random Bit Generator */
|
||||
struct DRBG* drbg;
|
||||
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
byte drbg_data[sizeof(DRBG)];
|
||||
struct DRBG_internal drbg_data;
|
||||
#endif
|
||||
byte status;
|
||||
#endif
|
||||
|
||||
@ -2092,8 +2092,20 @@ extern void uITRON4_free(void *p) ;
|
||||
#define SIZEOF_LONG 8
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#define CHAR_BIT 8
|
||||
#define WOLFSSL_HAVE_MIN
|
||||
#define WOLFSSL_HAVE_MAX
|
||||
|
||||
/* tweak the autotools-detected feature set to accommodate switch from user to kernel space: */
|
||||
#undef HAVE_STRINGS_H
|
||||
#undef HAVE_ERRNO_H
|
||||
#undef WOLFSSL_HAVE_MIN
|
||||
#undef WOLFSSL_HAVE_MAX
|
||||
#define WOLFSSL_DH_CONST 1 /* Linux kernel doesn't have floating point math facilities. */
|
||||
#define WOLFSSL_NO_MALLOC 1
|
||||
#define WOLFSSL_NO_SOCK 1
|
||||
#define WOLFSSL_USER_IO 1
|
||||
#undef HAVE_INTEL_RDSEED /* prevents -Wunused-function on wc_GenerateSeed_IntelRD() */
|
||||
#define USE_WOLF_STRTOK
|
||||
#define NO_CRYPT_BENCHMARK 1
|
||||
#define NO_CRYPT_TEST 1
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
@ -59,24 +59,26 @@
|
||||
/*
|
||||
note, leaving out --enable-pkcs11 in this (depends on -ldl):
|
||||
|
||||
KROOT=/usr/src/linux KARCH=x86 CFLAGS="-I${KROOT}/include -I${KROOT}/arch/${KARCH}/include -I${KROOT}/arch/${KARCH}/include/generated -I${KROOT}/arch/${KARCH}/include/generated/uapi -I${KROOT}/arch/${KARCH}/include/uapi -I${KROOT}/include/uapi -I${KROOT}/tools/include/uapi -I${KROOT}/tools/arch/${KARCH}/include -I${KROOT}/tools/include -I/usr/lib/gcc/${KARCH}_64-pc-linux-gnu/9.3.0/include" ./configure --disable-jobserver --enable-keygen --enable-tls13 --enable-dtls --enable-dtls-mtu --enable-openssh --enable-wpas --enable-wpas-dpp --enable-opensslall --enable-opensslextra --enable-aesccm --enable-aesctr --enable-aesofb --enable-intelasm --enable-sp --enable-sp-asm --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-blake2 --enable-blake2s --enable-camellia --enable-ed448 --enable-hc128 --enable-idea --enable-md2 --enable-rabbit --enable-srp --enable-fpecc --enable-certreq --enable-certgen --enable-certext --enable-certgencache --enable-eccencrypt --enable-mcast --enable-ssh --enable-pkcs7 --enable-pkcallbacks --enable-cryptocb --enable-libwebsockets --enable-linuxkm
|
||||
KROOT=/usr/src/linux KARCH=x86 CFLAGS="-I${KROOT}/include -I${KROOT}/arch/${KARCH}/include -I${KROOT}/arch/${KARCH}/include/generated -I${KROOT}/arch/${KARCH}/include/generated/uapi -I${KROOT}/arch/${KARCH}/include/uapi -I${KROOT}/include/uapi -I${KROOT}/tools/include/uapi -I${KROOT}/tools/arch/${KARCH}/include -I${KROOT}/tools/include -I/usr/lib/gcc/${KARCH}_64-pc-linux-gnu/9.3.0/include" ./configure --disable-jobserver --enable-keygen --enable-tls13 --enable-dtls --enable-dtls-mtu --enable-openssh --enable-wpas --enable-wpas-dpp --enable-opensslall --enable-opensslextra --enable-aesccm --enable-aesctr --enable-aesofb --enable-intelasm --enable-sp --enable-sp-asm --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-blake2 --enable-blake2s --enable-camellia --enable-ed448 --enable-hc128 --enable-idea --enable-md2 --enable-rabbit --enable-srp --enable-fpecc --enable-certreq --enable-certgen --enable-certext --enable-certgencache --enable-eccencrypt --enable-mcast --enable-ssh --enable-pkcs7 --enable-pkcallbacks --enable-cryptocb --enable-libwebsockets --enable-linuxkm --disable-examples
|
||||
|
||||
(run with and without --enable-fpecc, and with and without --enable-intelasm --enable-sp --enable-sp-asm)
|
||||
(for coverage, build with and without --enable-fpecc, and with and without --enable-intelasm --enable-sp --enable-sp-asm)
|
||||
|
||||
probably better if lib objs are compiled -ffreestanding -nostdinc.
|
||||
|
||||
building so far:
|
||||
|
||||
make -j 24 src/crl.o src/internal.o src/keys.o src/ocsp.o src/sniffer.o src/ssl.o src/tls13.o wolfcrypt/src/aes.o wolfcrypt/src/arc4.o wolfcrypt/src/asm.o wolfcrypt/src/asn.o wolfcrypt/src/async.o wolfcrypt/src/blake2b.o wolfcrypt/src/blake2s.o wolfcrypt/src/camellia.o wolfcrypt/src/chacha20_poly1305.o wolfcrypt/src/chacha.o wolfcrypt/src/cmac.o wolfcrypt/src/coding.o wolfcrypt/src/compress.o wolfcrypt/src/cpuid.o wolfcrypt/src/cryptocb.o wolfcrypt/src/curve25519.o wolfcrypt/src/curve448.o wolfcrypt/src/des3.o wolfcrypt/src/dh.o wolfcrypt/src/dsa.o wolfcrypt/src/ecc_fp.o wolfcrypt/src/ecc.o wolfcrypt/src/ed25519.o wolfcrypt/src/ed448.o wolfcrypt/src/error.o wolfcrypt/src/fe_448.o wolfcrypt/src/fe_low_mem.o wolfcrypt/src/fe_operations.o wolfcrypt/src/fips.o wolfcrypt/src/fips_test.o wolfcrypt/src/ge_448.o wolfcrypt/src/ge_low_mem.o wolfcrypt/src/ge_operations.o wolfcrypt/src/hash.o wolfcrypt/src/hc128.o wolfcrypt/src/hmac.o wolfcrypt/src/idea.o wolfcrypt/src/integer.o wolfcrypt/src/logging.o wolfcrypt/src/md2.o wolfcrypt/src/md4.o wolfcrypt/src/md5.o wolfcrypt/src/memory.o wolfcrypt/src/pkcs12.o wolfcrypt/src/pkcs7.o wolfcrypt/src/poly1305.o wolfcrypt/src/pwdbased.o wolfcrypt/src/rabbit.o wolfcrypt/src/random.o wolfcrypt/src/ripemd.o wolfcrypt/src/rsa.o wolfcrypt/src/selftest.o wolfcrypt/src/sha256.o wolfcrypt/src/sha3.o wolfcrypt/src/sha512.o wolfcrypt/src/sha.o wolfcrypt/src/signature.o wolfcrypt/src/sp_arm32.o wolfcrypt/src/sp_arm64.o wolfcrypt/src/sp_armthumb.o wolfcrypt/src/sp_c32.o wolfcrypt/src/sp_c64.o wolfcrypt/src/sp_cortexm.o wolfcrypt/src/sp_dsp32.o wolfcrypt/src/sp_int.o wolfcrypt/src/sp_x86_64.o wolfcrypt/src/srp.o wolfcrypt/src/tfm.o wolfcrypt/src/wc_dsp.o wolfcrypt/src/wc_encrypt.o wolfcrypt/src/wc_port.o wolfcrypt/src/wolfcrypt_first.o wolfcrypt/src/wolfcrypt_last.o wolfcrypt/src/wolfevent.o wolfcrypt/src/wolfmath.o
|
||||
make -j src/libwolfssl.la
|
||||
|
||||
still to do: actual kernel module construction per https://www.kernel.org/doc/Documentation/kbuild/modules.txt
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#ifndef PACKAGE_NAME
|
||||
#error wc_port.h included before config.h
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#ifndef PACKAGE_NAME
|
||||
#error wc_port.h included before config.h
|
||||
#endif
|
||||
/* config.h is autogenerated without gating, and is subject to repeat inclusions, so gate it out here to keep autodetection masking intact: */
|
||||
#undef HAVE_CONFIG_H
|
||||
#endif
|
||||
/* config.h is autogenerated without gating to exclude multiple inclusions, so gate it out here to keep autodetection masking intact: */
|
||||
#undef HAVE_CONFIG_H
|
||||
#endif
|
||||
|
||||
#define __KERNEL__
|
||||
|
||||
@ -107,30 +109,20 @@ make -j 24 src/crl.o src/internal.o src/keys.o src/ocsp.o src/sniffer.o src/ssl.
|
||||
*/
|
||||
#undef current
|
||||
|
||||
/* prevent mm_malloc.h from being included, since it unconditionally includes stdlib.h, which is kernel-incompatible: */
|
||||
/* prevent gcc's mm_malloc.h from being included, since it unconditionally includes stdlib.h, which is kernel-incompatible: */
|
||||
#define _MM_MALLOC_H_INCLUDED
|
||||
|
||||
/* min() and max() in linux/kernel.h over-aggressively type-check, producing myriad spurious -Werrors throughout the codebase. */
|
||||
#undef min
|
||||
#undef WOLFSSL_HAVE_MIN
|
||||
#undef max
|
||||
#undef WOLFSSL_HAVE_MAX
|
||||
|
||||
#define key_update wc_key_update /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) and linux/key.h (extern int()) */
|
||||
/* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) and linux/key.h (extern int()). */
|
||||
#define key_update wc_key_update
|
||||
|
||||
#define printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
|
||||
#define XSNPRINTF snprintf /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */
|
||||
/* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */
|
||||
#define XATOI(s) ({ long _xatoi_res = 0; int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); if (_xatoi_ret != 0) { _xatoi_res = 0; } (int)_xatoi_res; })
|
||||
|
||||
/* tweak the autotools-detected feature set to accomodate switch from user to kernel space: */
|
||||
#undef HAVE_STRINGS_H
|
||||
#undef HAVE_ERRNO_H
|
||||
#define WOLFSSL_DH_CONST 1 /* Linux kernel doesn't have floating point math facilities. */
|
||||
#define WOLFSSL_NO_MALLOC 1
|
||||
#define WOLFSSL_NO_SOCK 1
|
||||
#define WOLFSSL_USER_IO 1
|
||||
// #define CTYPE_USER 1
|
||||
#undef HAVE_INTEL_RDSEED /* prevents -Wunused-function on wc_GenerateSeed_IntelRD() */
|
||||
#endif
|
||||
|
||||
/* THREADING/MUTEX SECTION */
|
||||
|
||||
Reference in New Issue
Block a user