diff --git a/src/ssl.c b/src/ssl.c index 0003cace3..0b76a6a83 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -35,11 +35,6 @@ defined(OPENSSL_EXTRA_X509_SMALL) #include - -#ifdef HAVE_ERRNO_H - #include -#endif - #include #include #ifdef NO_INLINE @@ -49,6 +44,10 @@ #include #endif +#ifdef HAVE_ERRNO_H + #include +#endif + #if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY) #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c index cd93bcb83..1a4ce2fba 100644 --- a/wolfcrypt/src/fe_448.c +++ b/wolfcrypt/src/fe_448.c @@ -33,9 +33,6 @@ #if defined(HAVE_CURVE448) || defined(HAVE_ED448) #include -#ifndef WOLFSSL_LINUXKM -#include -#endif #ifdef NO_INLINE #include diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 2da2a9e5e..64d3cec5b 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -32,9 +32,6 @@ #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */ #include -#ifndef WOLFSSL_LINUXKM -#include -#endif #ifdef NO_INLINE #include diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 8b53f77da..bf2ae5085 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -233,7 +233,7 @@ void WOLFSSL_TIME(int count) #elif defined(WOLFSSL_XILINX) #include "xil_printf.h" #elif defined(WOLFSSL_LINUXKM) - #include + /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */ #else #include /* for default printf stuff */ #endif diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 9639efcde..a90b47c67 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -309,6 +309,8 @@ enum { drbgInitV }; +typedef struct DRBG_internal DRBG; + static int wc_RNG_HealthTestLocal(int reseed); /* Hash Derivation Function */ @@ -434,7 +436,7 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz) return BAD_FUNC_ARG; } - return Hash_DRBG_Reseed(rng->drbg, seed, seedSz); + return Hash_DRBG_Reseed((DRBG *)rng->drbg, seed, seedSz); } static WC_INLINE void array_add_one(byte* data, word32 dataSz) @@ -791,7 +793,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, rng->status = DRBG_FAILED; } #else - rng->drbg = (struct DRBG*)rng->drbg_data; + rng->drbg = (struct DRBG*)&rng->drbg_data; #endif if (ret == 0) { ret = wc_GenerateSeed(&rng->seed, seed, seedSz); @@ -803,7 +805,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, } if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Instantiate(rng->drbg, + ret = Hash_DRBG_Instantiate((DRBG *)rng->drbg, seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ, nonce, nonceSz, rng->heap, devId); @@ -950,7 +952,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) if (rng->status != DRBG_OK) return RNG_FAILURE_E; - ret = Hash_DRBG_Generate(rng->drbg, output, sz); + ret = Hash_DRBG_Generate((DRBG *)rng->drbg, output, sz); if (ret == DRBG_NEED_RESEED) { if (wc_RNG_HealthTestLocal(1) == 0) { byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; @@ -963,10 +965,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Reseed(rng->drbg, newSeed + SEED_BLOCK_SZ, + ret = Hash_DRBG_Reseed((DRBG *)rng->drbg, newSeed + SEED_BLOCK_SZ, SEED_SZ); if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Generate(rng->drbg, output, sz); + ret = Hash_DRBG_Generate((DRBG *)rng->drbg, output, sz); ForceZero(newSeed, sizeof(newSeed)); } @@ -1016,7 +1018,7 @@ int wc_FreeRng(WC_RNG* rng) #ifdef HAVE_HASHDRBG if (rng->drbg != NULL) { - if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS) + if (Hash_DRBG_Uninstantiate((DRBG *)rng->drbg) != DRBG_SUCCESS) ret = RNG_FAILURE_E; #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 0b3e5573b..a868cb844 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1052,6 +1052,8 @@ int wolfSSL_CryptHwMutexUnLock(void) #elif defined(WOLFSSL_KTHREADS) + /* Linux kernel mutex routines are voids, alas. */ + int wc_InitMutex(wolfSSL_Mutex* m) { mutex_init(m); @@ -2289,15 +2291,20 @@ time_t wiced_pseudo_unix_epoch_time(time_t * timer) #if defined(WOLFSSL_LINUXKM) - time_t time(time_t * timer) { - time_t ret = ktime_get_real_seconds(); + time_t ret; +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + struct timespec ts; + getnstimeofday(&ts); + ret = ts.tv_sec * 1000000000LL + ts.tv_nsec; +#else + ret = ktime_get_real_seconds(); +#endif if (timer) *timer = ret; return ret; } - #endif /* WOLFSSL_LINUXKM */ #endif /* !NO_ASN_TIME */ diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h index ec921ceb4..ac093d646 100644 --- a/wolfssl/wolfcrypt/blake2-int.h +++ b/wolfssl/wolfcrypt/blake2-int.h @@ -39,16 +39,6 @@ #include - -#if defined(_MSC_VER) - #define ALIGN_TO(x) __declspec(align(x)) -#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define ALIGN_TO(x) __attribute__((aligned(x))) -#else - #define ALIGN_TO(x) -#endif - - #if defined(__cplusplus) extern "C" { #endif @@ -87,7 +77,7 @@ byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */ } blake2s_param; - ALIGN_TO( 32 ) typedef struct __blake2s_state + ALIGN32 typedef struct __blake2s_state { word32 h[8]; word32 t[2]; @@ -112,7 +102,7 @@ byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */ } blake2b_param; - ALIGN_TO( 64 ) typedef struct __blake2b_state + ALIGN64 typedef struct __blake2b_state { word64 h[8]; word64 t[2]; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index d2665dda8..642db2b39 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -149,7 +149,7 @@ typedef struct OS_Seed { #define WC_RNG_TYPE_DEFINED #endif -typedef struct DRBG { +struct DRBG_internal { word32 reseedCtr; word32 lastBlock; byte V[DRBG_SEED_LEN]; @@ -162,7 +162,7 @@ typedef struct DRBG { #ifdef WOLFSSL_SMALL_STACK_CACHE wc_Sha256 sha256; #endif -} DRBG; +}; /* RNG context */ struct WC_RNG { @@ -172,7 +172,7 @@ struct WC_RNG { /* Hash-based Deterministic Random Bit Generator */ struct DRBG* drbg; #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) - byte drbg_data[sizeof(DRBG)]; + struct DRBG_internal drbg_data; #endif byte status; #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c373b89ec..f3826e30e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2092,8 +2092,20 @@ extern void uITRON4_free(void *p) ; #define SIZEOF_LONG 8 #define SIZEOF_LONG_LONG 8 #define CHAR_BIT 8 - #define WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MAX + + /* tweak the autotools-detected feature set to accommodate switch from user to kernel space: */ + #undef HAVE_STRINGS_H + #undef HAVE_ERRNO_H + #undef WOLFSSL_HAVE_MIN + #undef WOLFSSL_HAVE_MAX + #define WOLFSSL_DH_CONST 1 /* Linux kernel doesn't have floating point math facilities. */ + #define WOLFSSL_NO_MALLOC 1 + #define WOLFSSL_NO_SOCK 1 + #define WOLFSSL_USER_IO 1 + #undef HAVE_INTEL_RDSEED /* prevents -Wunused-function on wc_GenerateSeed_IntelRD() */ + #define USE_WOLF_STRTOK + #define NO_CRYPT_BENCHMARK 1 + #define NO_CRYPT_TEST 1 #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index af7a12c18..8fc514b18 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -59,24 +59,26 @@ /* note, leaving out --enable-pkcs11 in this (depends on -ldl): -KROOT=/usr/src/linux KARCH=x86 CFLAGS="-I${KROOT}/include -I${KROOT}/arch/${KARCH}/include -I${KROOT}/arch/${KARCH}/include/generated -I${KROOT}/arch/${KARCH}/include/generated/uapi -I${KROOT}/arch/${KARCH}/include/uapi -I${KROOT}/include/uapi -I${KROOT}/tools/include/uapi -I${KROOT}/tools/arch/${KARCH}/include -I${KROOT}/tools/include -I/usr/lib/gcc/${KARCH}_64-pc-linux-gnu/9.3.0/include" ./configure --disable-jobserver --enable-keygen --enable-tls13 --enable-dtls --enable-dtls-mtu --enable-openssh --enable-wpas --enable-wpas-dpp --enable-opensslall --enable-opensslextra --enable-aesccm --enable-aesctr --enable-aesofb --enable-intelasm --enable-sp --enable-sp-asm --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-blake2 --enable-blake2s --enable-camellia --enable-ed448 --enable-hc128 --enable-idea --enable-md2 --enable-rabbit --enable-srp --enable-fpecc --enable-certreq --enable-certgen --enable-certext --enable-certgencache --enable-eccencrypt --enable-mcast --enable-ssh --enable-pkcs7 --enable-pkcallbacks --enable-cryptocb --enable-libwebsockets --enable-linuxkm +KROOT=/usr/src/linux KARCH=x86 CFLAGS="-I${KROOT}/include -I${KROOT}/arch/${KARCH}/include -I${KROOT}/arch/${KARCH}/include/generated -I${KROOT}/arch/${KARCH}/include/generated/uapi -I${KROOT}/arch/${KARCH}/include/uapi -I${KROOT}/include/uapi -I${KROOT}/tools/include/uapi -I${KROOT}/tools/arch/${KARCH}/include -I${KROOT}/tools/include -I/usr/lib/gcc/${KARCH}_64-pc-linux-gnu/9.3.0/include" ./configure --disable-jobserver --enable-keygen --enable-tls13 --enable-dtls --enable-dtls-mtu --enable-openssh --enable-wpas --enable-wpas-dpp --enable-opensslall --enable-opensslextra --enable-aesccm --enable-aesctr --enable-aesofb --enable-intelasm --enable-sp --enable-sp-asm --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-blake2 --enable-blake2s --enable-camellia --enable-ed448 --enable-hc128 --enable-idea --enable-md2 --enable-rabbit --enable-srp --enable-fpecc --enable-certreq --enable-certgen --enable-certext --enable-certgencache --enable-eccencrypt --enable-mcast --enable-ssh --enable-pkcs7 --enable-pkcallbacks --enable-cryptocb --enable-libwebsockets --enable-linuxkm --disable-examples -(run with and without --enable-fpecc, and with and without --enable-intelasm --enable-sp --enable-sp-asm) +(for coverage, build with and without --enable-fpecc, and with and without --enable-intelasm --enable-sp --enable-sp-asm) probably better if lib objs are compiled -ffreestanding -nostdinc. building so far: -make -j 24 src/crl.o src/internal.o src/keys.o src/ocsp.o src/sniffer.o src/ssl.o src/tls13.o wolfcrypt/src/aes.o wolfcrypt/src/arc4.o wolfcrypt/src/asm.o wolfcrypt/src/asn.o wolfcrypt/src/async.o wolfcrypt/src/blake2b.o wolfcrypt/src/blake2s.o wolfcrypt/src/camellia.o wolfcrypt/src/chacha20_poly1305.o wolfcrypt/src/chacha.o wolfcrypt/src/cmac.o wolfcrypt/src/coding.o wolfcrypt/src/compress.o wolfcrypt/src/cpuid.o wolfcrypt/src/cryptocb.o wolfcrypt/src/curve25519.o wolfcrypt/src/curve448.o wolfcrypt/src/des3.o wolfcrypt/src/dh.o wolfcrypt/src/dsa.o wolfcrypt/src/ecc_fp.o wolfcrypt/src/ecc.o wolfcrypt/src/ed25519.o wolfcrypt/src/ed448.o wolfcrypt/src/error.o wolfcrypt/src/fe_448.o wolfcrypt/src/fe_low_mem.o wolfcrypt/src/fe_operations.o wolfcrypt/src/fips.o wolfcrypt/src/fips_test.o wolfcrypt/src/ge_448.o wolfcrypt/src/ge_low_mem.o wolfcrypt/src/ge_operations.o wolfcrypt/src/hash.o wolfcrypt/src/hc128.o wolfcrypt/src/hmac.o wolfcrypt/src/idea.o wolfcrypt/src/integer.o wolfcrypt/src/logging.o wolfcrypt/src/md2.o wolfcrypt/src/md4.o wolfcrypt/src/md5.o wolfcrypt/src/memory.o wolfcrypt/src/pkcs12.o wolfcrypt/src/pkcs7.o wolfcrypt/src/poly1305.o wolfcrypt/src/pwdbased.o wolfcrypt/src/rabbit.o wolfcrypt/src/random.o wolfcrypt/src/ripemd.o wolfcrypt/src/rsa.o wolfcrypt/src/selftest.o wolfcrypt/src/sha256.o wolfcrypt/src/sha3.o wolfcrypt/src/sha512.o wolfcrypt/src/sha.o wolfcrypt/src/signature.o wolfcrypt/src/sp_arm32.o wolfcrypt/src/sp_arm64.o wolfcrypt/src/sp_armthumb.o wolfcrypt/src/sp_c32.o wolfcrypt/src/sp_c64.o wolfcrypt/src/sp_cortexm.o wolfcrypt/src/sp_dsp32.o wolfcrypt/src/sp_int.o wolfcrypt/src/sp_x86_64.o wolfcrypt/src/srp.o wolfcrypt/src/tfm.o wolfcrypt/src/wc_dsp.o wolfcrypt/src/wc_encrypt.o wolfcrypt/src/wc_port.o wolfcrypt/src/wolfcrypt_first.o wolfcrypt/src/wolfcrypt_last.o wolfcrypt/src/wolfevent.o wolfcrypt/src/wolfmath.o +make -j src/libwolfssl.la + +still to do: actual kernel module construction per https://www.kernel.org/doc/Documentation/kbuild/modules.txt */ -#ifdef HAVE_CONFIG_H -#ifndef PACKAGE_NAME -#error wc_port.h included before config.h + #ifdef HAVE_CONFIG_H + #ifndef PACKAGE_NAME + #error wc_port.h included before config.h + #endif + /* config.h is autogenerated without gating, and is subject to repeat inclusions, so gate it out here to keep autodetection masking intact: */ + #undef HAVE_CONFIG_H #endif - /* config.h is autogenerated without gating to exclude multiple inclusions, so gate it out here to keep autodetection masking intact: */ -#undef HAVE_CONFIG_H -#endif #define __KERNEL__ @@ -107,30 +109,20 @@ make -j 24 src/crl.o src/internal.o src/keys.o src/ocsp.o src/sniffer.o src/ssl. */ #undef current - /* prevent mm_malloc.h from being included, since it unconditionally includes stdlib.h, which is kernel-incompatible: */ + /* prevent gcc's mm_malloc.h from being included, since it unconditionally includes stdlib.h, which is kernel-incompatible: */ #define _MM_MALLOC_H_INCLUDED /* min() and max() in linux/kernel.h over-aggressively type-check, producing myriad spurious -Werrors throughout the codebase. */ #undef min - #undef WOLFSSL_HAVE_MIN #undef max - #undef WOLFSSL_HAVE_MAX - #define key_update wc_key_update /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) and linux/key.h (extern int()) */ + /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) and linux/key.h (extern int()). */ + #define key_update wc_key_update #define printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args) #define XSNPRINTF snprintf /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ + /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */ #define XATOI(s) ({ long _xatoi_res = 0; int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); if (_xatoi_ret != 0) { _xatoi_res = 0; } (int)_xatoi_res; }) - - /* tweak the autotools-detected feature set to accomodate switch from user to kernel space: */ - #undef HAVE_STRINGS_H - #undef HAVE_ERRNO_H - #define WOLFSSL_DH_CONST 1 /* Linux kernel doesn't have floating point math facilities. */ - #define WOLFSSL_NO_MALLOC 1 - #define WOLFSSL_NO_SOCK 1 - #define WOLFSSL_USER_IO 1 -// #define CTYPE_USER 1 - #undef HAVE_INTEL_RDSEED /* prevents -Wunused-function on wc_GenerateSeed_IntelRD() */ #endif /* THREADING/MUTEX SECTION */