Commit Graph

19 Commits

Author SHA1 Message Date
Daniel Pouzzner 21f7fd8901 linuxkm/include.am: add WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch. 2026-02-28 12:29:21 -06:00
Daniel Pouzzner f376ae210e Implement Linux kernel module offline integrity hash calculation:
Add:

* linuxkm/linuxkm-fips-hash.c
* linuxkm/linuxkm-fips-hash-wrapper.sh
* linuxkm/linuxkm_memory.h

Move from linuxkm/module_hooks.c to linuxkm/linuxkm_memory.c:
* reloc_layouts[]
* find_reloc_tab_offset()
* the body of wc_linuxkm_normalize_relocations() as wc_reloc_normalize_text()
* most of updateFipsHash() as wc_fips_generate_hash()

Move from linuxkm/linuxkm_wc_port.h to linuxkm/linuxkm_memory.h:
* struct wc_linuxkm_pie_reloc_tab_ent
* enum wc_reloc_dest_segment
* enum wc_reloc_type

linuxkm/Makefile:
* Update GENERATE_RELOC_TAB recipe to populate new fields in struct wc_reloc_table_ent.
* Add targets:
  * libwolfssl-user-build/src/.libs/libwolfssl.so
  * linuxkm-fips-hash
  * module-with-matching-fips-hash
  * module-with-matching-fips-hash-no-sign
* Add support for alternate target module name, via LIBWOLFSSL_NAME make variable.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:
* Fixes to make linuxkm-pie work with CONFIG_KASAN.
* Implement WC_LINUXKM_STACK_DEBUG:
  * wc_linuxkm_stack_bottom()
  * wc_linuxkm_stack_top()
  * wc_linuxkm_stack_current()
  * wc_linuxkm_stack_left()
  * wc_linuxkm_stack_hwm_prepare()
  * wc_linuxkm_stack_hwm_measure_rel()
  * wc_linuxkm_stack_hwm_measure_total()

wolfssl/wolfcrypt/settings.h:
* When WOLFSSL_KERNEL_MODE, make sure WOLFSSL_GENERAL_ALIGNMENT is at least SIZEOF_LONG.
* When WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE, make sure WOLFSSL_BASE16 is defined.

configure.ac and wolfcrypt/benchmark/benchmark.c: Disable scrypt when KERNEL_MODE_DEFAULTS, due to excessive memory requirements.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner ba53051457 add linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch 2026-01-20 15:07:44 -06:00
jordan 9736427e7a linuxkm: add a readme. 2025-12-12 17:07:07 -06:00
Daniel Pouzzner 650990e1e2 add linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch 2025-12-10 11:51:29 -06:00
Daniel Pouzzner 04834680d5 linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use "undefine CONFIG_OBJTOOL" to inhibit false-positive "unannotated intra-function call" due to inline retpolines;
linuxkm/Makefile, linuxkm/include.am, linuxkm/module_hooks.c: remove linuxkm/pie_first.c, linuxkm/pie_last.c, and references to them (replaced by fenceposts in linuxkm/wolfcrypt.lds).
2025-09-10 15:08:41 -05:00
Daniel Pouzzner c8a9e9ea12 linuxkm/include.am: add linuxkm/wolfcrypt.lds to EXTRA_DIST. 2025-07-17 08:40:55 -05:00
Daniel Pouzzner 1e3966f06d linuxkm/include.am: add kernel patches to EXTRA_DIST. 2025-07-11 10:42:43 -05:00
jordan f6f3b0a1ee linuxkm: register dh and ffdhe. 2025-04-25 21:21:26 -05:00
Daniel Pouzzner f7407e4065 20250411-linuxkm-SHA checkpoint 2025-04-18 11:57:29 -05:00
jordan ff93e6d5d4 linuxkm: register rsa. 2025-04-16 09:50:06 -05:00
jordan 4ef7ef02d6 linuxkm ecdh: small cleanup. 2025-04-11 16:20:16 -04:00
jordan d62c65231b linuxkm: register ecdsa. 2025-04-04 11:54:03 -04:00
Daniel Pouzzner 611a1642a1 linuxkm/include.am: add linuxkm/x86_vector_register_glue.c to EXTRA_DIST. 2024-05-09 02:03:16 -05:00
Daniel Pouzzner b1e5d0f9bb linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.

linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.

configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).

linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.

linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.

linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.

linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.

wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
Daniel Pouzzner ff4c6e5d7b linuxkm: relocate WOLFSSL_LINUXKM code in wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/memory.c to linuxkm/{linuxkm_wc_port.h,linuxkm_memory.c}, and gate SIMD in IRQ handlers on -DLINUXKM_SIMD_IRQ in prep for Linux 5.16;
linuxkm: when -DWOLFCRYPT_ONLY, don't include ssl.h in module_exports.c.template and module_hooks.c, and fix gating to work right with that;

wolfssl/wolfcrypt/types.h: add support for a WOLFSSL_XFREE_NO_NULLNESS_CHECK gate (used in cppcheck analysis).
2022-01-07 22:39:38 -06:00
Daniel Pouzzner 3226e69649 --enable-linuxkm-pie (FIPS Linux kernel module) (#4276)
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
Daniel Pouzzner e881d92366 add linuxkm/module_exports.c.template to linuxkm/include.am $EXTRA_DIST. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 195b5d2d2c lkm: add linuxkm/include.am, and include it in Makefile.am. 2020-09-23 18:32:15 -05:00