* implement interception of _get_random_bytes() and get_random_bytes_user() (implicitly intercepts /dev/random and /dev/urandom):
* get_crypto_default_rng()
* get_default_drbg_ctx()
* wc__get_random_bytes()
* wc_get_random_bytes_user()
* wc_extract_crng_user()
* wc_mix_pool_bytes()
* wc_crng_reseed()
* wc_get_random_bytes_by_kprobe()
* wc_get_random_bytes_user_kretprobe_enter()
* wc_get_random_bytes_user_kretprobe_exit()
* add LINUXKM_DRBG_GET_RANDOM_BYTES sections to wc_linuxkm_drbg_startup() and wc_linuxkm_drbg_cleanup()
* add linuxkm/patches/*/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-*.patch, initially for versions:
* 5.10.17
* 5.10.236
* 5.15
* 5.17
* 6.1.73
* 6.12
* 6.15
* remove "*.patch" from .gitignore.
* add linuxkm/patches/regen-patches.sh.
* in wc_linuxkm_drbg_ctx_clear(), check lock count before freeing.
* in get_drbg() and put_drbg(), use migrate_disable(), not DISABLE_VECTOR_REGISTERS().
* in wc_linuxkm_drbg_generate(), explicitly DISABLE_VECTOR_REGISTERS() for the crypto_default_rng.
* in wc_linuxkm_drbg_generate(), add DRBG reinitialization code to handle RNG_FAILURE_E. This handles the situation where a DRBG was instantiated in a vector-ops-allowed context, caching a vectorized SHA256 ethod, but later used in a no-vector-ops-allowed context.
* in wc_linuxkm_drbg_seed(), add DISABLE_VECTOR_REGISTERS() wrapper around wc_RNG_DRBG_Reseed() for crypto_default_rng.
linuxkm/x86_vector_register_glue.c:
* add crash recovery logic to wc_linuxkm_fpu_state_assoc_unlikely()
* in wc_linuxkm_fpu_state_assoc(), when wc_linuxkm_fpu_states is null, don't call wc_linuxkm_fpu_state_assoc_unlikely() if !assume_fpu_began.
* in can_save_vector_registers_x86(), save_vector_registers_x86(), and restore_vector_registers_x86(), check for hard interrupt context first, to return early failure if current->pid is unusable.
* in save_vector_registers_x86(), tweak logic around WC_FPU_INHIBITED_FLAG, adding local_bh_disable()...local_bh_enable() to provide for safe recursion.
wolfcrypt/src/random.c: optimization: in Hash_df(), for WOLFSSL_LINUXKM, don't put digest[WC_SHA256_DIGEST_SIZE] in the heap, keep it on the stack.
wolfssl/wolfcrypt/types.h: add WOLFSSL_NO_ASM no-op definitions for DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS().
configure.ac:
* move --enable-linuxkm and --enable-linuxkm-defaults initial detection early, so that HMAC_COPY_DEFAULT picks it up.
* add ENABLED_ENTROPY_MEMUSE_DEFAULT, and enable it by default when ENABLED_LINUXKM_DEFAULTS.
* update linuxkm-lkcapi-register help message.
linuxkm/linuxkm_wc_port.h:
* add my_kallsyms_lookup_name().
* add preempt_count, _raw_spin_lock_irqsave, _raw_spin_trylock, _raw_spin_unlock_irqrestore, and _cond_resched, to wolfssl_linuxkm_pie_redirect_table, and add spin_unlock_irqrestore() macro to mask native inline.
* move linuxkm mutex wrappers from wolfcrypt/src/wc_port.c to linuxkm_wc_port.h, make them inlines, and add new default spinlock-based implementation, with old method now gated on WOLFSSL_LINUXKM_USE_MUTEXES.
* change malloc() and realloc() wrappers from GFP_KERNEL to GFP_ATOMIC.
linuxkm/lkcapi_glue.c: make misc.h/misc.c inclusion unconditional, and trim now-redundant inclusions out of lkcapi_dh_glue.c and lkcapi_ecdh_glue.c.
Disable the use of MD5 by default. Add the conditional use of MD5 when
--enable-all-crypto is present. Add the use of MD5 when
--enable-opensslextra is present. Add the use of MD5 when
--enable-tlsv10 is present.
ARM32/Thumb2: Generated code now omits the frame pointer attribute on
each function. Remove global use in configure.ac.
RISC-V 64: Omit the frame pointer on the one function that uses the
register 's0'.
- random.c: use getrandom when available and fall back to direct file access
- openssh.yml: run more tests
- openssh.yml: add 10.0p2 and 9.9p2
- configure.ac: detect if `getrandom` is available on the system
- configure.ac: openssh requires WC_RNG_SEED_CB to always use `getrandom` so that the RNG doesn't get killed by SECCOMP
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes);
configure.ac: default smallstackcache on when linuxkm-defaults.
configure.ac: set DEFAULT_ENABLED_ALL_ASM=no if FIPS <v6 and not on amd64 (i.e. if ARM);
tests/api/test_sha256.c: skip test_wc_Sha256_Flags() and test_wc_Sha224_Flags() if armasm and FIPS <v7;
wolfssl/wolfcrypt/settings.h: define WOLFSSL_SP_INT_DIGIT_ALIGN for ARM (needed on BE, and no effect on LE).
configure.ac:
* in FIPS setup, fix sensing of ENABLED_CURVE25519 and ENABLED_CURVE448 to prevent noasm sneaking through, and allow fips=dev to enable them via override;
* enable-all enables ECH only if !FIPS;
* enable-all-crypto enables curve25519/curve448 only if !FIPS;
* QUIC implication of ENABLED_CURVE25519 is inhibited if FIPS;
tests/quic.c: add !HAVE_CURVE25519 paths in test_quic_key_share() to allow FIPS QUIC.
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;
configure.ac: clarify error message for "SP ASM not available for CPU."
adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;
configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
handling for -DWOLFSSL_DH_GEN_PUB, and add support for
--enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
any algs that are disabled in the target kernel, and #errors if any algs or
registrations are disabled or incompatible in libwolfssl but enabled in the
target kernel (note, it does not #error for algorithms we don't currently
shim/implement);
linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
to INT_MAX to make masking impossible;
linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
respective algorithm family files, and in each family file, add
LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
corresponding algorithm is activated in the target kernel.
linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
