tests/unit.c: at end of unit_test(), when WOLFSSL_TRACK_MEMORY, explicitly wolfSSL_Cleanup() then check and error if wc_MemStats_Ptr->currentBytes > 0.
* use a bss segment allocation for noise, to avoid a heap allocation (access is already mutex-protected), and
* in the loop, WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP().
Fix multiple build and runtime issues when building wolfSSL LinuxKM FIPS
on NVIDIA Tegra (ARM64) kernels under Yocto.
- Disable ARM64 LSE atomics for out-of-tree modules to avoid jump_table
asm constraints
- Handle PREEMPT_RT mutex and spinlock differences correctly
- Avoid alt_cb_patch_nops / queued_spin_lock_slowpath on Tegra
- Remove conflicting compiler auto-var-init flags for PIE objects
- Align PIE symbol redirection with RT and Tegra kernels
This restores successful LinuxKM FIPS builds on Tegra-based Yocto systems.
Signed-off-by: Sameeh Jubran <sameeh.j@gmail.com>
OpenSSL compatability layer expects aes->reg to be unmodified by AES-GCM
decrypt call. ARM32/Thumb2 assembly implementation modifies buffer.
Keep a copy and restore aes->reg after call.
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.
Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
Ensure dsa->g is initialized with other mp_ints so that it can be
cleared at the end regardless of failures.
Don't clear tmp or tmp2 if allocation or initialization failed as you
will access uninitialized data.
When compiling for PIC, 30 and 31 are not always available.
Alternative implementation added not using them that puts registers on
the stack.
Small code size version implemented as well.
Implementations of AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-XTS with base
instructions and NEON but not using crypto instructions.
Benchmark of AES-ECB added.
Updated AES tests.
The key size can be larger than the maximum digest size supported by the
sign and verify APIs.
Calculate a reasonable digest size for the key size and bound it on the
maximum digest size.
globally replace defined(__PIE__) with defined(WC_CONTAINERIZE_THIS) to decouple containerization from -fPIE;
configure.ac:
* add --enable-kernel-reloc-tables as an alias for --enable-linuxkm-pie;
* always activate ENABLED_ENTROPY_MEMUSE_DEFAULT when KERNEL_MODE_DEFAULTS and not RDSEED/RDRAND, regardless of FIPS presence/version;
linuxkm/Kbuild:
* add -DWC_CONTAINERIZE_THIS to PIE_FLAGS;
* add support for NO_PIE_FLAG, which inhibits -fPIE on ENABLED_LINUXKM_PIE builds, and adds -DWC_NO_PIE_FLAG to PIE_FLAGS;
linuxkm/linuxkm_wc_port.h: add setup for WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER;
linuxkm/module_hooks.c: add wc_linuxkm_GenerateSeed_wolfEntropy().
