20240208-test-config-and-linuxkm-tweaks#7234
Merged
SparkiDev merged 3 commits intowolfSSL:masterfrom Feb 12, 2024
Merged
Conversation
* add srtp to enable-all * add srtp-kdf to enable-all-crypto * fix typo in enable-all[-crypto] where ENABLED_FIPS was used when FIPS_VERSION was needed. * in enable-all[-crypto], conditionalize aesxts on !FIPS || FIPS_VERSION == dev. * move AES-XTS CFLAG setup after FIPS settings, to allow non-dev FIPS to force it off, and add clause to FIPS v5 setup to do that. * in FIPS v5 setup, add AES-XTS to the list of modes that forces -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB. wolfcrypt/src/kdf.c: fix several benign -Wconversions. wolfcrypt/test/test.c: add aes_cfb_test() and aes_xts_test() as top-level tests with separate "pass" messages, for transparency that those modes have indeed been tested in builds that activate them.
* add support for DEBUG_LINUXKM_FORTIFY_OVERLAY to allow KASAN analysis of the overlay without actually enabling CONFIG_FORTIFY_SOURCE (which is buggy in combination with KASAN).
* make SAVE_VECTOR_REGISTERS2 definition conditional on !defined(SAVE_VECTOR_REGISTERS2).
wolfssl/wolfcrypt/memory.h: fix the DEBUG_VECTOR_REGISTER_ACCESS definition for SAVE_VECTOR_REGISTERS to properly omit the on-success bookkeeping code even if the supplied fail_clause doesn't return.
wolfcrypt/src/rsa.c: in wc_MakeRsaKey() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.
wolfcrypt/src/dh.c: in wc_DhGenerateParams() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.
wolfcrypt/src/{curve25519.c,dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sakke.c,sp_int.c}: when WOLFSSL_LINUXKM, force {SAVE,RESTORE}_VECTOR_REGISTERS() to WC_DO_NOTHING if settings gate out applicable asm.
Contributor
Author
|
retest this please |
…LLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI. configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM. linuxkm/lkcapi_glue.c: * remove all special-casing for AES-GCM with AESNI. * add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro. wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS. wolfcrypt/src/memory.c: * define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS. * add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer(). wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
Contributor
Author
|
retest this please |
SparkiDev
requested changes
Feb 11, 2024
SparkiDev
approved these changes
Feb 12, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
configure.ac:ENABLED_FIPSwas used whenFIPS_VERSIONwas needed.-DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB.wolfcrypt/src/kdf.c: fix several benign-Wconversions.wolfcrypt/test/test.c: addaes_cfb_test()andaes_xts_test()as top-level tests with separate "pass" messages, for transparency that those modes have indeed been tested in builds that activate them.linuxkm/linuxkm_wc_port.h:DEBUG_LINUXKM_FORTIFY_OVERLAYto allow KASAN analysis of the overlay without actually enablingCONFIG_FORTIFY_SOURCE(which is buggy in combination with KASAN).SAVE_VECTOR_REGISTERS2definition conditional on!defined(SAVE_VECTOR_REGISTERS2).wolfssl/wolfcrypt/memory.h: fix theDEBUG_VECTOR_REGISTER_ACCESSdefinition forSAVE_VECTOR_REGISTERSto properly omit the on-success bookkeeping code even if the supplied fail_clause doesn't return.wolfcrypt/src/rsa.c: inwc_MakeRsaKey()primality loop, invokeRESTORE_VECTOR_REGISTERS()SAVE_VECTOR_REGISTERS()to prevent lengthy kernel lockups.wolfcrypt/src/dh.c: inwc_DhGenerateParams()primality loop, invokeRESTORE_VECTOR_REGISTERS()SAVE_VECTOR_REGISTERS()to prevent lengthy kernel lockups.wolfcrypt/src/{curve25519.c,dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sakke.c,sp_int.c}: whenWOLFSSL_LINUXKM, force{SAVE,RESTORE}_VECTOR_REGISTERS()toWC_DO_NOTHINGif settings gate out applicable asm.