20251011-more-fips-optest-tweaks

[douzzer]

linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: finish implementation of FIPS_OPTEST glue code, including /sys/module/libwolfssl/FIPS_optest_run_code (FIPS_optest_trig_handler(), plus my_kallsyms_lookup_name() helper).

wolfcrypt/test/test.c: fix error-path uninitialized access defect in ecc_test_buffers().

tested with wolfssl-multi-test.sh with overrides and script hacks to test the new stuff. used crypto-only-intelasm-fips-dev-linuxkm-next-insmod as the base scenario for the tests.

[douzzer]

see related https://github.com/wolfSSL/fips/pull/359

not important to merge together, though FIPS_OPTEST=1 won't work until they're both merged.

[lealem47]

Seeing this build failure after the latest changes ./configure --enable-linuxkm --with-linux-source=/home/lealem/Projects/WOLFGUARD/linux-6.1.27 --enable-cryptonly --enable-linuxkm --enable-fips=v5 CFLAGS="-DHAVE_FORCE_FIPS_FAILURE -DDEBUG_LINUXKM_PIE_SUPPORT -DDEBUG_FIPS_VERBOSE"

  CC [M]  /home/lealem/Projects/OPTEST/XXX-fips-test/linuxkm/wolfcrypt/src/hmac.o
In file included from /home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/memory.h:37,
                 from /home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/../../linuxkm/linuxkm_wc_port.h:1458,
                 from /home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/wc_port.h:62,
                 from /home/lealem/Projects/OPTEST/XXX-fips-test/linuxkm/wolfcrypt/src/hmac.c:27:
/home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/types.h:468:12: error: unknown type name ‘WC_INLINE’
  468 |     static WC_INLINE WARN_UNUSED_RESULT int WC_WUR_INT(int x) { return x; }
      |            ^~~~~~~~~
/home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/types.h:468:40: error: expected ‘;’ before ‘int’
  468 |     static WC_INLINE WARN_UNUSED_RESULT int WC_WUR_INT(int x) { return x; }
      |                                        ^~~~
      |                                        ;
/home/lealem/Projects/OPTEST/XXX-fips-test/wolfssl/wolfcrypt/types.h:468:45: error: no previous prototype for ‘WC_WUR_INT’ [-Werror=missing-prototypes]
  468 |     static WC_INLINE WARN_UNUSED_RESULT int WC_WUR_INT(int x) { return x; }
      |                                             ^~~~~~~~~~

[douzzer]

Seeing this build failure after the latest changes ./configure --enable-linuxkm --with-linux-source=/home/lealem/Projects/WOLFGUARD/linux-6.1.27 --enable-cryptonly --enable-linuxkm --enable-fips=v5 CFLAGS="-DHAVE_FORCE_FIPS_FAILURE -DDEBUG_LINUXKM_PIE_SUPPORT -DDEBUG_FIPS_VERBOSE"

bug was in master, fixed by #9307

[douzzer]

retest this please

[lealem47]

The lab's log parser requires the error code to be the second argument like this ./optest 0 -204. Patch below

diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index d8d22ffa4..b8c4170fc 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -1646,7 +1646,7 @@ static ssize_t FIPS_optest_trig_handler(struct kobject *kobj, struct kobj_attrib
 {
     int ret;
     int argc;
-    const char *argv[2];
+    const char *argv[3];
     char code_buf[5];
     size_t corrected_count;
     int i;
@@ -1672,8 +1672,9 @@ static ssize_t FIPS_optest_trig_handler(struct kobject *kobj, struct kobj_attrib
         return -EINVAL;
 
     argv[0] = "./optest";
-    argv[1] = code_buf;
-    argc = 2;
+    argv[1] = "0";
+    argv[2] = code_buf;
+    argc = 3;
 
     printf("OK, testing code %s\n", buf);
 

[douzzer]

retest this please

FAIL scripts/openssl.test (exit status: 1)

[douzzer]

retest this please