mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-26 23:42:22 +01:00
Merge pull request #9151 from douzzer/20250830-linuxkm-fix-get_drbg
20250830-linuxkm-fix-get_drbg
This commit is contained in:
philljj
GitHub
@@ -605,6 +605,7 @@ WC_RSA_NO_FERMAT_CHECK
|
||||
WC_SHA384
|
||||
WC_SHA384_DIGEST_SIZE
|
||||
WC_SHA512
|
||||
WC_SKIP_INCLUDED_C_FILES
|
||||
WC_SSIZE_TYPE
|
||||
WC_STRICT_SIG
|
||||
WC_WANT_FLAG_DONT_USE_AESNI
|
||||
|
||||
@@ -422,6 +422,17 @@
|
||||
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|
||||
#endif
|
||||
|
||||
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here
|
||||
* to assure that calls to get_random_bytes() in random.c are gated out
|
||||
* (they would recurse, potentially infinitely).
|
||||
*/
|
||||
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
|
||||
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
#endif
|
||||
|
||||
#ifndef __PIE__
|
||||
#include <linux/crypto.h>
|
||||
#include <linux/scatterlist.h>
|
||||
|
||||
@@ -19,6 +19,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_aes_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -4312,3 +4315,5 @@ static int linuxkm_test_aesecb(void) {
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_AESECB */
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_AES */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -20,6 +20,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -2966,3 +2969,5 @@ test_kpp_end:
|
||||
}
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -20,6 +20,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -991,3 +994,5 @@ test_ecdh_nist_end:
|
||||
}
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -20,6 +20,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -843,3 +846,5 @@ test_ecdsa_nist_end:
|
||||
}
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
*/
|
||||
|
||||
/* included by linuxkm/module_hooks.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
@@ -981,3 +982,5 @@ static int linuxkm_lkcapi_unregister(void)
|
||||
|
||||
return seen_err;
|
||||
}
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -20,6 +20,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -3250,3 +3253,5 @@ static int get_hash_enc_len(int hash_oid)
|
||||
return enc_len;
|
||||
}
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -19,6 +19,9 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* included by linuxkm/lkcapi_glue.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#ifndef LINUXKM_LKCAPI_REGISTER
|
||||
#error lkcapi_sha_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
|
||||
#endif
|
||||
@@ -374,10 +377,7 @@
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
#endif
|
||||
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
|
||||
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
|
||||
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
|
||||
#endif
|
||||
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
|
||||
#else
|
||||
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
|
||||
#endif
|
||||
@@ -968,7 +968,6 @@ struct wc_linuxkm_drbg_ctx {
|
||||
struct wc_rng_inst {
|
||||
wolfSSL_Atomic_Int lock;
|
||||
WC_RNG rng;
|
||||
int disabled_vec_ops;
|
||||
} *rngs; /* one per CPU ID */
|
||||
};
|
||||
|
||||
@@ -1090,14 +1089,8 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) {
|
||||
|
||||
for (;;) {
|
||||
int expected = 0;
|
||||
if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) {
|
||||
struct wc_rng_inst *drbg = &ctx->rngs[n];
|
||||
if (tfm == crypto_default_rng)
|
||||
drbg->disabled_vec_ops = (DISABLE_VECTOR_REGISTERS() == 0);
|
||||
else
|
||||
drbg->disabled_vec_ops = 0;
|
||||
return drbg;
|
||||
}
|
||||
if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)))
|
||||
return &ctx->rngs[n];
|
||||
++n;
|
||||
if (n >= (int)ctx->n_rngs)
|
||||
n = 0;
|
||||
@@ -1115,11 +1108,8 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in
|
||||
|
||||
for (;;) {
|
||||
int expected = 0;
|
||||
if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) {
|
||||
struct wc_rng_inst *drbg = &ctx->rngs[n];
|
||||
drbg->disabled_vec_ops = 0;
|
||||
return drbg;
|
||||
}
|
||||
if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)))
|
||||
return &ctx->rngs[n];
|
||||
if (can_sleep) {
|
||||
if (signal_pending(current))
|
||||
return NULL;
|
||||
@@ -1137,10 +1127,6 @@ static inline void put_drbg(struct wc_rng_inst *drbg) {
|
||||
(LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
|
||||
int migration_disabled = (drbg->lock == 2);
|
||||
#endif
|
||||
if (drbg->disabled_vec_ops) {
|
||||
REENABLE_VECTOR_REGISTERS();
|
||||
drbg->disabled_vec_ops = 0;
|
||||
}
|
||||
__atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE);
|
||||
#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
|
||||
(LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
|
||||
@@ -1154,6 +1140,7 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm,
|
||||
u8 *dst, unsigned int dlen)
|
||||
{
|
||||
int ret, retried = 0;
|
||||
int need_fpu_restore;
|
||||
struct wc_rng_inst *drbg = get_drbg(tfm);
|
||||
|
||||
if (! drbg) {
|
||||
@@ -1161,6 +1148,11 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm,
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
/* for the default RNG, make sure we don't cache an underlying SHA256
|
||||
* method that uses vector insns (forbidden from irq handlers).
|
||||
*/
|
||||
need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0;
|
||||
|
||||
retry:
|
||||
|
||||
if (slen > 0) {
|
||||
@@ -1194,6 +1186,8 @@ retry:
|
||||
|
||||
out:
|
||||
|
||||
if (need_fpu_restore)
|
||||
REENABLE_VECTOR_REGISTERS();
|
||||
put_drbg(drbg);
|
||||
|
||||
return ret;
|
||||
@@ -2054,3 +2048,5 @@ static int wc_linuxkm_drbg_cleanup(void) {
|
||||
}
|
||||
|
||||
#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG */
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
*/
|
||||
|
||||
/* included by linuxkm/module_hooks.c */
|
||||
#ifndef WC_SKIP_INCLUDED_C_FILES
|
||||
|
||||
#if !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86)
|
||||
#error x86_vector_register_glue.c included in non-vectorized/non-x86 project.
|
||||
@@ -346,6 +347,13 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags)
|
||||
|
||||
/* allow for nested calls */
|
||||
if (pstate && (pstate->fpu_state != 0U)) {
|
||||
if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) {
|
||||
/* don't allow recursive inhibit calls when already inhibited --
|
||||
* it would add no functionality and require keeping a separate
|
||||
* count of inhibit recursions.
|
||||
*/
|
||||
return WC_ACCEL_INHIBIT_E;
|
||||
}
|
||||
if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
|
||||
== WC_FPU_COUNT_MASK))
|
||||
{
|
||||
@@ -353,17 +361,6 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags)
|
||||
"pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id());
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) {
|
||||
if (flags & WC_SVR_FLAG_INHIBIT) {
|
||||
/* allow recursive inhibit calls as long as the whole stack of
|
||||
* them is inhibiting.
|
||||
*/
|
||||
++pstate->fpu_state;
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
return WC_ACCEL_INHIBIT_E;
|
||||
}
|
||||
if (flags & WC_SVR_FLAG_INHIBIT) {
|
||||
++pstate->fpu_state;
|
||||
pstate->fpu_state |= WC_FPU_INHIBITED_FLAG;
|
||||
@@ -535,3 +532,5 @@ void wc_restore_vector_registers_x86(enum wc_svr_flags flags)
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#endif /* !WC_SKIP_INCLUDED_C_FILES */
|
||||
|
||||
@@ -349,11 +349,12 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WC_ERR_TRACE
|
||||
#define WC_ERR_TRACE(label) \
|
||||
( WOLFSSL_DEBUG_PRINTF("ERR TRACE: %s L %d %s (%d)\n", \
|
||||
__FILE__, __LINE__, #label, label), \
|
||||
WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \
|
||||
label \
|
||||
#define WC_ERR_TRACE(label) \
|
||||
( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \
|
||||
"ERR TRACE: %s L %d %s (%d)\n", \
|
||||
__FILE__, __LINE__, #label, label), \
|
||||
WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \
|
||||
label \
|
||||
)
|
||||
#endif
|
||||
#include <wolfssl/debug-trace-error-codes.h>
|
||||
|
||||
Reference in New Issue
Block a user