diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index ac340bda5..0e4fddbfb 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -52,8 +52,23 @@ CONFIG_COMPILER_OPTIMIZATION_DEFAULT CONFIG_COMPILER_OPTIMIZATION_NONE CONFIG_COMPILER_OPTIMIZATION_PERF CONFIG_COMPILER_OPTIMIZATION_SIZE +CONFIG_CRYPTO_AES +CONFIG_CRYPTO_CBC +CONFIG_CRYPTO_CTR +CONFIG_CRYPTO_DH +CONFIG_CRYPTO_ECB +CONFIG_CRYPTO_ECDH +CONFIG_CRYPTO_ECDSA CONFIG_CRYPTO_FIPS +CONFIG_CRYPTO_GCM +CONFIG_CRYPTO_HMAC CONFIG_CRYPTO_MANAGER +CONFIG_CRYPTO_RSA +CONFIG_CRYPTO_SHA1 +CONFIG_CRYPTO_SHA256 +CONFIG_CRYPTO_SHA3 +CONFIG_CRYPTO_SHA512 +CONFIG_CRYPTO_XTS CONFIG_CSPRNG_ENABLED CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ @@ -725,6 +740,7 @@ WOLFSSL_NO_CRL_NEXT_DATE WOLFSSL_NO_DECODE_EXTRA WOLFSSL_NO_DER_TO_PEM WOLFSSL_NO_DH186 +WOLFSSL_NO_DH_GEN_PUB WOLFSSL_NO_DTLS_SIZE_CHECK WOLFSSL_NO_ETM_ALERT WOLFSSL_NO_FENCE diff --git a/configure.ac b/configure.ac index 7fe8748df..07aec5c70 100644 --- a/configure.ac +++ b/configure.ac @@ -9406,9 +9406,10 @@ then do case "$lkcapi_alg" in all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA" - ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes ;; - sysfs-nodes-only) ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND=yes ;; + all-kconfig) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DLINUXKM_LKCAPI_REGISTER_ALL_KCONFIG -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA" + ;; + sysfs-nodes-only) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" ;; 'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;; 'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.]) @@ -9449,7 +9450,6 @@ then 'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;; 'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA" - ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes ;; # disable options '-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;; @@ -9476,17 +9476,6 @@ then *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;; esac done - - if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_DH" = "yes" && - (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 7) - then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_GEN_PUB" - fi - - if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" - fi fi AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]) diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index 9c4b9c622..c90ef7c79 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -19,12 +19,49 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* included by linuxkm/lkcapi_glue.c */ +#ifndef LINUXKM_LKCAPI_REGISTER + #error lkcapi_aes_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. +#endif + +#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_AES))) && \ + !defined(LINUXKM_LKCAPI_REGISTER_AES) + #define LINUXKM_LKCAPI_REGISTER_AES +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESGCM) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESXTS) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \ + defined(LINUXKM_LKCAPI_REGISTER_AESECB) + + #ifdef NO_AES + #error LINUXKM_LKCAPI_REGISTER_AES* requires !defined(NO_AES) + #endif + + #ifndef LINUXKM_LKCAPI_REGISTER_AES + #define LINUXKM_LKCAPI_REGISTER_AES + #endif +#endif #ifdef NO_AES - #error lkcapi_aes_glue.c compiled with NO_AES. + #undef LINUXKM_LKCAPI_REGISTER_AES #endif +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && !defined(CONFIG_CRYPTO_AES) + #undef LINUXKM_LKCAPI_REGISTER_AES +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_AES) && \ + !defined(LINUXKM_LKCAPI_REGISTER_AES) + #error Config conflict: CONFIG_CRYPTO_AES is defined, but LINUXKM_LKCAPI_REGISTER_AES is not. +#endif + +#ifdef LINUXKM_LKCAPI_REGISTER_AES + #include #if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI) @@ -65,15 +102,21 @@ #define WOLFKM_AESECB_DRIVER ("ecb-aes" WOLFKM_AES_DRIVER_SUFFIX) #ifdef HAVE_AES_CBC - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESCBC) #define LINUXKM_LKCAPI_REGISTER_AESCBC #endif #else - #undef LINUXKM_LKCAPI_REGISTER_AESCBC + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC) + #error Config conflict: target kernel has CONFIG_CRYPTO_CBC, but module is missing HAVE_AES_CBC. + #endif + #undef LINUXKM_LKCAPI_REGISTER_AESCBC #endif #ifdef WOLFSSL_AES_CFB - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCFB)) && \ + #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCFB) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESCFB) #define LINUXKM_LKCAPI_REGISTER_AESCFB #endif @@ -81,7 +124,9 @@ #undef LINUXKM_LKCAPI_REGISTER_AESCFB #endif #ifdef HAVE_AESGCM - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESGCM) #define LINUXKM_LKCAPI_REGISTER_AESGCM #endif @@ -90,27 +135,41 @@ #define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM) + #error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing HAVE_AESGCM. + #endif #undef LINUXKM_LKCAPI_REGISTER_AESGCM #undef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 #endif #ifdef WOLFSSL_AES_XTS - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESXTS) #define LINUXKM_LKCAPI_REGISTER_AESXTS #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS) + #error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing WOLFSSL_AES_XTS. + #endif #undef LINUXKM_LKCAPI_REGISTER_AESXTS #endif #ifdef WOLFSSL_AES_COUNTER - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESCTR) #define LINUXKM_LKCAPI_REGISTER_AESCTR #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR) + #error Config conflict: target kernel has CONFIG_CRYPTO_CTR, but module is missing WOLFSSL_AES_COUNTER. + #endif #undef LINUXKM_LKCAPI_REGISTER_AESCTR #endif #ifdef WOLFSSL_AES_OFB - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESOFB)) && \ + #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESOFB) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESOFB) #define LINUXKM_LKCAPI_REGISTER_AESOFB #endif @@ -118,11 +177,16 @@ #undef LINUXKM_LKCAPI_REGISTER_AESOFB #endif #ifdef HAVE_AES_ECB - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB) && \ !defined(LINUXKM_LKCAPI_REGISTER_AESECB) #define LINUXKM_LKCAPI_REGISTER_AESECB #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB) + #error Config conflict: target kernel has CONFIG_CRYPTO_ECB, but module is missing HAVE_AES_ECB. + #endif #undef LINUXKM_LKCAPI_REGISTER_AESECB #endif @@ -4088,3 +4152,5 @@ static int linuxkm_test_aesecb(void) { } #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */ + +#endif /* LINUXKM_LKCAPI_REGISTER_AES */ diff --git a/linuxkm/lkcapi_dh_glue.c b/linuxkm/lkcapi_dh_glue.c index bacbf345b..a4ff71258 100644 --- a/linuxkm/lkcapi_dh_glue.c +++ b/linuxkm/lkcapi_dh_glue.c @@ -20,12 +20,50 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#if defined(LINUXKM_LKCAPI_REGISTER_DH) - #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif +#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DH))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_DH) && \ + !defined(LINUXKM_LKCAPI_REGISTER_DH) + #define LINUXKM_LKCAPI_REGISTER_DH + #define LINUXKM_DH +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_DH) && \ + (!defined(WOLFSSL_DH_EXTRA) || \ + !defined(WOLFSSL_DH_GEN_PUB)) + /* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */ + #undef LINUXKM_LKCAPI_REGISTER_DH + + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DH) + #error Config conflict: missing features force off LINUXKM_LKCAPI_REGISTER_DH. + #endif +#endif /* LINUXKM_LKCAPI_REGISTER_DH */ + +#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \ + defined(CONFIG_CRYPTO_MANAGER) + /* + * note: normal dh not fips_allowed in kernel crypto/testmgr.c, + * and will not pass the tests. + */ + #undef LINUXKM_DH +#endif /* LINUXKM_LKCAPI_REGISTER_DH */ + +#ifdef NO_DH + #undef LINUXKM_LKCAPI_REGISTER_DH +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ + defined(CONFIG_CRYPTO_DH) && \ + !defined(LINUXKM_LKCAPI_REGISTER_DH) + #error Config conflict: target kernel has CONFIG_CRYPTO_DH, but module is missing LINUXKM_LKCAPI_REGISTER_DH. +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_DH) + #include #include #include diff --git a/linuxkm/lkcapi_ecdh_glue.c b/linuxkm/lkcapi_ecdh_glue.c index ecf4fb18a..ab2e082c5 100644 --- a/linuxkm/lkcapi_ecdh_glue.c +++ b/linuxkm/lkcapi_ecdh_glue.c @@ -20,12 +20,40 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#if defined(LINUXKM_LKCAPI_REGISTER_ECDH) - #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif +#ifdef HAVE_ECC + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH) && \ + !defined(LINUXKM_LKCAPI_REGISTER_ECDH) + #define LINUXKM_LKCAPI_REGISTER_ECDH + #endif +#else + #undef LINUXKM_LKCAPI_REGISTER_ECDH +#endif /* HAVE_ECC */ + +#ifdef LINUXKM_LKCAPI_REGISTER_ECDH + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 13, 0) + /* currently incompatible with kernel 5.12 or earlier. */ + #undef LINUXKM_LKCAPI_REGISTER_ECDH + + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH) + #error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDH. + #endif + #endif +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ + defined(CONFIG_CRYPTO_ECDH) && \ + !defined(LINUXKM_LKCAPI_REGISTER_ECDH) + #error Config conflict: target kernel has CONFIG_CRYPTO_ECDH, but module is missing LINUXKM_LKCAPI_REGISTER_ECDH. +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ECDH) + #include #include #include diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c index f7a3c93bd..d3dd7019b 100644 --- a/linuxkm/lkcapi_ecdsa_glue.c +++ b/linuxkm/lkcapi_ecdsa_glue.c @@ -20,12 +20,60 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA) - #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif +#ifdef HAVE_ECC + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA) && \ + !defined(LINUXKM_LKCAPI_REGISTER_ECDSA) + #define LINUXKM_LKCAPI_REGISTER_ECDSA + #endif +#else + #undef LINUXKM_LKCAPI_REGISTER_ECDSA +#endif + +#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA) + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS) + /* only register p192 if specifically enabled, and if not fips. */ + #define LINUXKM_ECC192 + #endif +#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0) + /* + * notes: + * - ecdsa supported with linux 6.12 and earlier for now, only. + * - pkcs1pad rsa supported both before and after linux 6.13, but + * without sign/verify after linux 6.13. + * + * In linux 6.13 the sign/verify callbacks were removed from + * akcipher_alg, and ecdsa changed from a struct akcipher_alg type to + * struct sig_alg type. + * + * pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify + * functionality. + */ + #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA) + #undef LINUXKM_LKCAPI_REGISTER_ECDSA + #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ + + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA) + #error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDSA. + #endif +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ + defined(CONFIG_CRYPTO_ECDSA) && \ + !defined(LINUXKM_LKCAPI_REGISTER_ECDSA) + #error Config conflict: target kernel has CONFIG_CRYPTO_ECDSA, but module is missing LINUXKM_LKCAPI_REGISTER_ECDSA. +#endif + +#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA) + #include #include diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index cb6d63f1b..7750157ad 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -30,11 +30,13 @@ #error LINUXKM_LKCAPI_REGISTER is supported only on Linux kernel versions >= 5.4.0. #endif -/* kernel crypto self-test includes test setups that have different expected - * results FIPS vs non-FIPS. - */ #if defined(CONFIG_CRYPTO_MANAGER) && \ !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + /* kernel crypto self-test includes test setups that have different expected + * results FIPS vs non-FIPS, and the required kernel exported symbol + * "fips_enabled" is only available in CONFIG_CRYPTO_FIPS kernels (otherwise + * it's a macro hardcoding it to literal 0). + */ #if defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS) #error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS. #endif @@ -55,7 +57,7 @@ /* Larger number means higher priority. The highest in-tree priority is * 4001, in the Cavium driver. */ - #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000 + #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY INT_MAX #endif #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS @@ -204,113 +206,12 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm, #endif } -#ifndef NO_AES - #include "lkcapi_aes_glue.c" -#endif - +#include "lkcapi_aes_glue.c" #include "lkcapi_sha_glue.c" - -#ifdef HAVE_ECC - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_ECDSA) - #define LINUXKM_LKCAPI_REGISTER_ECDSA - #endif - - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_ECDH) - #define LINUXKM_LKCAPI_REGISTER_ECDH - #endif -#else - #undef LINUXKM_LKCAPI_REGISTER_ECDSA - #undef LINUXKM_LKCAPI_REGISTER_ECDH -#endif /* HAVE_ECC */ - -#if !defined(NO_RSA) - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_RSA) - #define LINUXKM_LKCAPI_REGISTER_RSA - #endif -#else - #undef LINUXKM_LKCAPI_REGISTER_RSA -#endif /* !NO_RSA */ - -/* - * extra checks on kernel version, and ecc sizes. - */ -#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA) - #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \ - ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS) - /* only register p192 if specifically enabled, and if not fips. */ - #define LINUXKM_ECC192 - #endif -#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ - -#ifdef LINUXKM_LKCAPI_REGISTER_ECDH - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 13, 0) - /* currently incompatible with kernel 5.12 or earlier. */ - #undef LINUXKM_LKCAPI_REGISTER_ECDH - #endif -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0) - /* - * notes: - * - ecdsa supported with linux 6.12 and earlier for now, only. - * - pkcs1pad rsa supported both before and after linux 6.13, but - * without sign/verify after linux 6.13. - * - * In linux 6.13 the sign/verify callbacks were removed from - * akcipher_alg, and ecdsa changed from a struct akcipher_alg type to - * struct sig_alg type. - * - * pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify - * functionality. - */ - #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA) - #undef LINUXKM_LKCAPI_REGISTER_ECDSA - #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ - - #if defined (LINUXKM_LKCAPI_REGISTER_RSA) - #define LINUXKM_AKCIPHER_NO_SIGNVERIFY - #endif /* LINUXKM_LKCAPI_REGISTER_RSA */ -#endif /* linux >= 6.13.0 */ - -#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_DH)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_DH) - #define LINUXKM_LKCAPI_REGISTER_DH - #define LINUXKM_DH -#endif - -#if defined (LINUXKM_LKCAPI_REGISTER_DH) && !defined(WOLFSSL_DH_EXTRA) || \ - !defined(WOLFSSL_DH_GEN_PUB) - /* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */ - #undef LINUXKM_LKCAPI_REGISTER_DH -#endif /* LINUXKM_LKCAPI_REGISTER_DH */ - -#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \ - defined(CONFIG_CRYPTO_MANAGER) - /* - * note: normal dh not fips_allowed in kernel crypto/testmgr.c, - * and will not pass the tests. - */ - #undef LINUXKM_DH -#endif /* LINUXKM_LKCAPI_REGISTER_DH */ - -#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA) - #include "linuxkm/lkcapi_ecdsa_glue.c" -#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ - -#if defined (LINUXKM_LKCAPI_REGISTER_ECDH) - #include "linuxkm/lkcapi_ecdh_glue.c" -#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */ - -#if defined(LINUXKM_LKCAPI_REGISTER_RSA) - #include "linuxkm/lkcapi_rsa_glue.c" -#endif /* LINUXKM_LKCAPI_REGISTER_RSA */ - -#if defined (LINUXKM_LKCAPI_REGISTER_DH) - #include "linuxkm/lkcapi_dh_glue.c" -#endif /* LINUXKM_LKCAPI_REGISTER_DH */ +#include "lkcapi_ecdsa_glue.c" +#include "lkcapi_ecdh_glue.c" +#include "lkcapi_rsa_glue.c" +#include "lkcapi_dh_glue.c" static int linuxkm_lkcapi_register(void); static int linuxkm_lkcapi_unregister(void); diff --git a/linuxkm/lkcapi_rsa_glue.c b/linuxkm/lkcapi_rsa_glue.c index f6cb63247..45efa955d 100644 --- a/linuxkm/lkcapi_rsa_glue.c +++ b/linuxkm/lkcapi_rsa_glue.c @@ -24,9 +24,43 @@ #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif -#if !defined(NO_RSA) && \ - (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ - defined(LINUXKM_LKCAPI_REGISTER_RSA)) +#if !defined(NO_RSA) + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_RSA))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA) && \ + !defined(LINUXKM_LKCAPI_REGISTER_RSA) + #define LINUXKM_LKCAPI_REGISTER_RSA + #endif +#else + #undef LINUXKM_LKCAPI_REGISTER_RSA +#endif /* !NO_RSA */ + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0) + /* + * notes: + * - ecdsa supported with linux 6.12 and earlier for now, only. + * - pkcs1pad rsa supported both before and after linux 6.13, but + * without sign/verify after linux 6.13. + * + * In linux 6.13 the sign/verify callbacks were removed from + * akcipher_alg, and ecdsa changed from a struct akcipher_alg type to + * struct sig_alg type. + * + * pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify + * functionality. + */ + #if defined (LINUXKM_LKCAPI_REGISTER_RSA) + #define LINUXKM_AKCIPHER_NO_SIGNVERIFY + #endif /* LINUXKM_LKCAPI_REGISTER_RSA */ +#endif /* linux >= 6.13.0 */ + +#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ + defined(CONFIG_CRYPTO_RSA) && \ + !defined(LINUXKM_LKCAPI_REGISTER_RSA) + #error Config conflict: target kernel has CONFIG_CRYPTO_RSA, but module is missing LINUXKM_LKCAPI_REGISTER_RSA. +#endif + +#ifdef LINUXKM_LKCAPI_REGISTER_RSA #if defined(WOLFSSL_RSA_VERIFY_ONLY) || \ defined(WOLFSSL_RSA_PUBLIC_ONLY) @@ -1907,6 +1941,4 @@ static int get_hash_enc_len(int hash_oid) return enc_len; } #endif /* !LINUXKM_AKCIPHER_NO_SIGNVERIFY */ -#endif /* !NO_RSA && - * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_RSA) - */ +#endif /* LINUXKM_LKCAPI_REGISTER_RSA */ diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 037b0520a..647fb627c 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -19,7 +19,13 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* included by linuxkm/lkcapi_glue.c */ +#ifndef LINUXKM_LKCAPI_REGISTER + #error lkcapi_sha_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. +#endif + +#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && defined(USE_INTEL_SPEEDUP) + #error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported. +#endif #include #include @@ -47,7 +53,11 @@ #define WOLFKM_STDRNG_NAME "stdrng" #if defined(USE_INTEL_SPEEDUP) - #define WOLFKM_SHA_DRIVER_ISA_EXT "-avx" + #ifndef NO_AVX2_SUPPORT + #define WOLFKM_SHA_DRIVER_ISA_EXT "-avx2" + #else + #define WOLFKM_SHA_DRIVER_ISA_EXT "-avx" + #endif #else #define WOLFKM_SHA_DRIVER_ISA_EXT "" #endif @@ -75,7 +85,13 @@ #define WOLFKM_SHA3_384_HMAC_DRIVER ("hmac-sha3-384" WOLFKM_SHA_DRIVER_SUFFIX) #define WOLFKM_SHA3_512_HMAC_DRIVER ("hmac-sha3-512" WOLFKM_SHA_DRIVER_SUFFIX) -#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg" WOLFKM_SHA_DRIVER_SUFFIX) +/* "nopr" signifies no "prediction resistance". Prediction resistance entails + * implicit reseeding of the DRBG each time its generator method is called, + * which reduces performance and can rapidly lead to temporary entropy + * exhaustion. A caller that really needs PR can pass in seed data in its call + * to our rng_alg.generate() implementation. + */ +#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX) #ifdef LINUXKM_LKCAPI_REGISTER_SHA2 #define LINUXKM_LKCAPI_REGISTER_SHA2_224 @@ -133,88 +149,133 @@ #define LINUXKM_LKCAPI_DONT_REGISTER_SHA3_512_HMAC #endif +#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC) + #error Config conflict: target kernel has CONFIG_CRYPTO_HMAC, but module has NO_HMAC +#endif + #ifndef NO_SHA - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA1) #define LINUXKM_LKCAPI_REGISTER_SHA1 #endif #ifdef NO_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC - #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_SHA1_HMAC) + #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC) && \ + !defined(LINUXKM_LKCAPI_REGISTER_SHA1_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA1, but module has NO_SHA + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA1 #undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #endif #ifdef WOLFSSL_SHA224 - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA2_224) #define LINUXKM_LKCAPI_REGISTER_SHA2_224 #endif #ifdef NO_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC - #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224_HMAC)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC) + #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224_HMAC) && \ + !defined(LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module is missing WOLFSSL_SHA224 + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA2_224 #undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #endif #ifndef NO_SHA256 - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA2_256) #define LINUXKM_LKCAPI_REGISTER_SHA2_256 #endif #ifdef NO_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC - #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256_HMAC)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC) + #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256_HMAC) && \ + !defined(LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module has NO_SHA256 + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA2_256 #undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #endif #ifdef WOLFSSL_SHA384 - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA2_384) #define LINUXKM_LKCAPI_REGISTER_SHA2_384 #endif #ifdef NO_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC - #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384_HMAC)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC) + #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384_HMAC) && \ + !defined(LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA384 + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA2_384 #undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #endif #ifdef WOLFSSL_SHA512 - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512)) && \ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA2_512) #define LINUXKM_LKCAPI_REGISTER_SHA2_512 #endif #ifdef NO_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC - #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512_HMAC)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC) + #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512_HMAC) && \ + !defined(LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA512 + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA2_512 #undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #endif #ifdef WOLFSSL_SHA3 - #ifdef LINUXKM_LKCAPI_REGISTER_ALL + #if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3)) #if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA3_224) #define LINUXKM_LKCAPI_REGISTER_SHA3_224 @@ -237,7 +298,8 @@ #undef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC - #elif defined(LINUXKM_LKCAPI_REGISTER_ALL) + #elif defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3)) #if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224_HMAC) && \ !defined(LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC) #define LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC @@ -256,6 +318,10 @@ #endif #endif #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3) + #error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3 + #endif + #undef LINUXKM_LKCAPI_REGISTER_SHA3_224 #undef LINUXKM_LKCAPI_REGISTER_SHA3_256 #undef LINUXKM_LKCAPI_REGISTER_SHA3_384 @@ -944,7 +1010,9 @@ static int wc_linuxkm_drbg_default_instance_registered = 0; WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void) { int ret; +#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT int cur_refcnt; +#endif if (wc_linuxkm_drbg_loaded) { pr_err("wc_linuxkm_drbg_set_default called with wc_linuxkm_drbg_loaded."); @@ -1093,7 +1161,6 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void) WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) { int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); - int ret; if (! wc_linuxkm_drbg_loaded) { pr_err("wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded"); @@ -1112,7 +1179,7 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) { #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT if (wc_linuxkm_drbg_default_instance_registered) { - ret = crypto_del_default_rng(); + int ret = crypto_del_default_rng(); if (ret) { pr_err("crypto_del_default_rng failed: %d", ret); return ret; diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 402abf660..30d235d8f 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -145,11 +145,6 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void); WOLFSSL_API int wc_InitDhKey(DhKey* key); WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeDhKey(DhKey* key); -#if defined(WOLFSSL_DH_GEN_PUB) -WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz, - byte* pub, word32* pubSz); -#endif /* WOLFSSL_DH_GEN_PUB */ - WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz); WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, @@ -177,6 +172,17 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ, WOLFSSL_API int wc_DhCopyNamedKey(int name, byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz); +#ifndef WOLFSSL_NO_DH_GEN_PUB + #if defined(WOLFSSL_DH_EXTRA) && !defined(WOLFSSL_DH_GEN_PUB) + #define WOLFSSL_DH_GEN_PUB + #endif + #ifdef WOLFSSL_DH_GEN_PUB + WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, + word32 privSz, byte* pub, + word32* pubSz); + #endif /* WOLFSSL_DH_GEN_PUB */ +#endif /* !WOLFSSL_NO_DH_GEN_PUB */ + #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz);