20260528-pk-vector-regs#10563
Open
douzzer wants to merge 2 commits into
Open
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10563
Scan targets checked: none
Failed targets: linuxkm-bugs, linuxkm-src, wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
|
…ector register preservation, including removal of all residual can't-fail vector paths in PK algs.
wolfcrypt/src/sp_x86_64.c:
* fix ASSERT_SAVED_VECTOR_REGISTERS() in C wrappers: add where missing for implementations that use AVX2, and remove frivolous checks for ones that don't.
* refactor vector save-restore with a single locally tracked save in sp_RsaPublic_#(), sp_RsaPrivate_#(), sp_ecc_mulmod_add_#(), sp_ecc_mulmod_base_add_#(), sp_ecc_make_key_#(), and sp_#_calc_s_#().
* fix feature test in sp_ModExp_Fp_star_1024(), sp_Pairing_1024(), and sp_Pairing_gen_precomp_1024(), to properly gate on IS_INTEL_AVX2(cpuid_flags) and SAVE_VECTOR_REGISTERS2() == 0.
wolfcrypt/src/{dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sp_int.c}:
* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS());
* add explicit WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() to the lengthy loops in wc_DhGenerateParams(), wc_MakeDsaParameters(), ecc_sign_hash_sw(), and wc_MakeRsaKey().
wolfssl/wolfcrypt/{error-crypt.h,logging.h,memory.h}:
* make wc_backtrace_render() and wc_backtrace_set_fp() available whenever defined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES);
* add support for DEBUG_VECTOR_REGISTERS_BACKTRACE_ON_FAIL, activating backtraces on vector register errors.
* also improve the debugging format from the DEBUG_VECTOR_REGISTER_ACCESS variants of SAVE_VECTOR_REGISTERS() and friends.
linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa}_glue.c: harmonize PK driver names with AES, SHA, and DRBG, notably adding AVX2 annotation when enabled.
wolfcrypt/src/{sp_x86_64_asm.S,sp_x86_64_asm.asm}: synchronize with wolfSSL/scripts#581 (removes SSE2 implementations of sp_#_get_from_table_#(), which no longer have users).
wolfssl/wolfcrypt/settings.h: add WC_NO_GLOBAL_OBJECT_POINTERS implicitly in WC_SYM_RELOC_TABLES section of WOLFSSL_LINUXKM setup.
wolfssl/wolfcrypt/wolfmath.h, wolfcrypt/src/wolfmath.c, wolfcrypt/src/sp_int.c, wolfcrypt/src/sakke.c: when WC_NO_GLOBAL_OBJECT_POINTERS, use static local wc_off_on_addr rather than global in wolfmath.c.
wolfcrypt/src/sakke.c:
* in wc_DeriveSakkeSSV(), initialize a[] with explicit XMEMSET() rather than " = {0}", to avoid unmaskable implicit memset() emitted by compiler.
* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS()).
linuxkm/module_exports.c.template: add includes for eccsi.h and sakke.h.
configure.ac:
* tweak enable-all-crypto setup to make enable_eccsi unconditional alongside enable_fpecc;
* move enable_sakke to be conditional only on !FIPS.
* notably this activates ECCSI and SAKKE on kernel all-crypto builds.
wolfcrypt/test/test.c: WC_*_VAR*() refactors for eccsi_test() and sakke_test().
douzzer
force-pushed
the
20260528-pk-vector-regs
branch
from
da108c0 to
3a4c2cd
Compare
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10563
Scan targets checked: none
Failed targets: linuxkm-bugs, linuxkm-src, wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
Contributor
Author
|
retest this please |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
linuxkm on x86: global refactor across PK implementations of sp-asm vector register preservation, including removal of all residual can't-fail vector paths in PK algs.
wolfcrypt/src/sp_x86_64.c:fix
ASSERT_SAVED_VECTOR_REGISTERS()in C wrappers: add where missing for implementations that use AVX2, and remove frivolous checks for ones that don't.refactor vector save-restore with a single locally tracked save in
sp_RsaPublic_#(),sp_RsaPrivate_#(),sp_ecc_mulmod_add_#(),sp_ecc_mulmod_base_add_#(),sp_ecc_make_key_#(), andsp_#_calc_s_#().fix feature test in
sp_ModExp_Fp_star_1024(),sp_Pairing_1024(), andsp_Pairing_gen_precomp_1024(), to properly gate onIS_INTEL_AVX2(cpuid_flags)andSAVE_VECTOR_REGISTERS2() == 0.wolfcrypt/src/{dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sp_int.c}:remove all vector register provisions
(SAVE_VECTOR_REGISTERS(),RESTORE_VECTOR_REGISTERS(),ASSERT_SAVED_VECTOR_REGISTERS());add explicit
WC_CHECK_FOR_INTR_SIGNALS()andWC_RELAX_LONG_LOOP()to the lengthy loops inwc_DhGenerateParams(),wc_MakeDsaParameters(),ecc_sign_hash_sw(), andwc_MakeRsaKey().wolfssl/wolfcrypt/{error-crypt.h,logging.h,memory.h}:make
wc_backtrace_render()andwc_backtrace_set_fp()available wheneverdefined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES);add support for
DEBUG_VECTOR_REGISTERS_BACKTRACE_ON_FAIL, activating backtraces on vector register errors.also improve the debugging format from the
DEBUG_VECTOR_REGISTER_ACCESSvariants ofSAVE_VECTOR_REGISTERS()and friends.linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa}_glue.c: harmonize PK driver names with AES, SHA, and DRBG, notably adding AVX2 annotation when enabled.wolfcrypt/src/sp_x86_64_asm.asm: synchronized with generator script output (sp_x86_64_asm.Swas already synchronized by #10241).activate ECCSI and SAKKE in linuxkm:
wolfssl/wolfcrypt/settings.h: addWC_NO_GLOBAL_OBJECT_POINTERSimplicitly inWC_SYM_RELOC_TABLESsection ofWOLFSSL_LINUXKMsetup.wolfssl/wolfcrypt/wolfmath.h,wolfcrypt/src/wolfmath.c,wolfcrypt/src/sp_int.c,wolfcrypt/src/sakke.c: whenWC_NO_GLOBAL_OBJECT_POINTERS, usestaticlocalwc_off_on_addrrather than global inwolfmath.c.wolfcrypt/src/sakke.c:wc_DeriveSakkeSSV(), initializea[]with explicitXMEMSET()rather than= {0}, to avoid unmaskable implicitmemset()emitted by compiler.(SAVE_VECTOR_REGISTERS(),RESTORE_VECTOR_REGISTERS(),ASSERT_SAVED_VECTOR_REGISTERS()).linuxkm/module_exports.c.template: add includes foreccsi.handsakke.h.configure.ac:tweak
enable-all-cryptosetup to makeenable_eccsiunconditional alongsideenable_fpecc;move
enable_sakketo be conditional only on !FIPS.notably this activates ECCSI and SAKKE on kernel all-crypto builds.
wolfcrypt/test/test.c:WC_*_VAR*()refactors foreccsi_test()andsakke_test().tested alongside companion wolfssl/scripts#581 PR using