Merge pull request #7481 from douzzer/20240424-sha-C-dynamic-fallback

20240424-sha-C-dynamic-fallback

Author: SparkiDev

configure.ac

@@ -2993,7 +2993,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
         if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
         then
-                AM_CFLAGS="$AM_CFLAGS -DWC_AES_C_DYNAMIC_FALLBACK"
+                AM_CFLAGS="$AM_CFLAGS -DWC_C_DYNAMIC_FALLBACK"
         fi
         if test "$CC" != "icc"
         then
@@ -3852,6 +3852,17 @@ then
         ENABLED_CURVE25519=yes
     fi
 
+    if test "$ENABLED_CURVE25519" = "noasm"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
+    fi
+
+    if test "$ENABLED_CURVE25519" = "yes" && test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        ENABLED_CURVE25519=noasm
+        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
+    fi
+
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
     AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519"
     ENABLED_FEMATH=yes
@@ -5008,7 +5019,7 @@ AS_CASE([$FIPS_VERSION],
 
         AS_IF([test "x$ENABLED_ED25519" != "xyes"],
             [ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
-        AS_IF([test "x$ENABLED_CURVE25519" != "xyes"],
+        AS_IF([test "$ENABLED_CURVE25519" = "no"],
             [ENABLED_CURVE25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"])
 
         AS_IF([test "x$ENABLED_ED448" != "xyes"],
@@ -6047,7 +6058,7 @@ then
     ENABLED_ENCRYPT_THEN_MAC=yes
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
     # Check the ECC supported curves prereq
-    AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
+    AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
           [ENABLED_SUPPORTED_CURVES=yes
            AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
 fi
@@ -6880,7 +6891,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
 
         # Check the ECC supported curves prereq
-        AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes"],
+        AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no"],
               [ENABLED_SUPPORTED_CURVES=yes
                AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
     fi
@@ -9337,7 +9348,8 @@ AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENA
 AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVE25519],[test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVE25519_INTELASM],[test "$ENABLED_CURVE25519" != "noasm" && test "$ENABLED_INTELASM" = "yes"])
 AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"])

linuxkm/linuxkm_memory.c

@@ -116,13 +116,18 @@ static union wc_linuxkm_fpu_savebuf {
 WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void)
 {
     if (wc_linuxkm_fpu_states != NULL) {
+#ifdef HAVE_FIPS
+        /* see note below in wc_linuxkm_fpu_state_assoc_unlikely(). */
+        return 0;
+#else
         static int warned_for_repeat_alloc = 0;
         if (! warned_for_repeat_alloc) {
             pr_err("attempt at repeat allocation"
                    " in allocate_wolfcrypt_linuxkm_fpu_states\n");
             warned_for_repeat_alloc = 1;
         }
         return BAD_STATE_E;
+#endif
     }
 
 #ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
@@ -225,12 +230,23 @@ static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p)
         static int _warned_on_null = 0;
         if (wc_linuxkm_fpu_states == NULL)
         {
-            if (_warned_on_null == 0) {
-                pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
-                       " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
-                _warned_on_null = 1;
+#ifdef HAVE_FIPS
+            /* FIPS needs to use SHA256 for the core verify HMAC, before
+             * reaching the regular wolfCrypt_Init() logic.  to break the
+             * dependency loop on intelasm builds, we allocate here.
+             * this is not thread-safe and doesn't need to be.
+             */
+            int ret = allocate_wolfcrypt_linuxkm_fpu_states();
+            if (ret != 0)
+#endif
+            {
+                if (_warned_on_null == 0) {
+                    pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
+                           " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
+                    _warned_on_null = 1;
+                }
+                return NULL;
             }
-            return NULL;
         }
     }
 
@@ -282,12 +298,23 @@ static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc_unlikely(int c
         static int _warned_on_null = 0;
         if (wc_linuxkm_fpu_states == NULL)
         {
-            if (_warned_on_null == 0) {
-                pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
-                       " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
-                _warned_on_null = 1;
+#ifdef HAVE_FIPS
+            /* FIPS needs to use SHA256 for the core verify HMAC, before
+             * reaching the regular wolfCrypt_Init() logic.  to break the
+             * dependency loop on intelasm builds, we allocate here.
+             * this is not thread-safe and doesn't need to be.
+             */
+            int ret = allocate_wolfcrypt_linuxkm_fpu_states();
+            if (ret != 0)
+#endif
+            {
+                if (_warned_on_null == 0) {
+                    pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
+                           " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
+                    _warned_on_null = 1;
+                }
+                return NULL;
             }
-            return NULL;
         }
     }
 
@@ -419,6 +446,17 @@ static inline void wc_linuxkm_fpu_state_release(
     __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
 }
 
+WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
+{
+    if (irq_fpu_usable())
+        return 1;
+    else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0))
+        return 0;
+    else if (test_thread_flag(TIF_NEED_FPU_LOAD))
+        return 1;
+    return 0;
+}
+
 WARN_UNUSED_RESULT int save_vector_registers_x86(void)
 {
 #ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS

linuxkm/linuxkm_wc_port.h

@@ -338,6 +338,13 @@
         #else
             #include <asm/simd.h>
         #endif
+        #ifndef CAN_SAVE_VECTOR_REGISTERS
+            #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+                #define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
+            #else
+                #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86()
+            #endif
+        #endif
         #ifndef SAVE_VECTOR_REGISTERS
             #define SAVE_VECTOR_REGISTERS(fail_clause) {    \
                 int _svr_ret = save_vector_registers_x86(); \
@@ -369,6 +376,9 @@
         #ifndef SAVE_VECTOR_REGISTERS2
             #define SAVE_VECTOR_REGISTERS2() save_vector_registers_arm()
         #endif
+        #ifndef CAN_SAVE_VECTOR_REGISTERS
+            #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_arm()
+        #endif
         #ifndef RESTORE_VECTOR_REGISTERS
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
         #endif
@@ -758,6 +768,7 @@
 
     extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
     extern void free_wolfcrypt_linuxkm_fpu_states(void);
+    extern __must_check int can_save_vector_registers_x86(void);
     extern __must_check int save_vector_registers_x86(void);
     extern void restore_vector_registers_x86(void);
 

linuxkm/lkcapi_glue.c

@@ -1818,7 +1818,7 @@ static int aes_xts_128_test(void)
         goto out;
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -1843,7 +1843,7 @@ static int aes_xts_128_test(void)
         goto out;
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -1865,7 +1865,7 @@ static int aes_xts_128_test(void)
         goto out;
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
@@ -1891,7 +1891,7 @@ static int aes_xts_128_test(void)
         goto out;
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
@@ -1914,7 +1914,7 @@ static int aes_xts_128_test(void)
         goto out;
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));

src/include.am

@@ -995,7 +995,7 @@ if BUILD_FEMATH
 if BUILD_CURVE25519_SMALL
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_low_mem.c
 else
-if BUILD_INTELASM
+if BUILD_CURVE25519_INTELASM
 if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
 endif !BUILD_X86_ASM
@@ -1025,7 +1025,7 @@ endif !BUILD_FIPS_V6
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c
 endif !BUILD_ARMASM
-endif !BUILD_INTELASM
+endif !BUILD_CURVE25519_INTELASM
 endif !BUILD_CURVE25519_SMALL
 endif BUILD_FEMATH
 
@@ -1035,7 +1035,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_low_mem.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c
 if !BUILD_FEMATH
-if BUILD_INTELASM
+if BUILD_CURVE25519_INTELASM
 if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
 endif !BUILD_X86_ASM
@@ -1061,7 +1061,7 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c
 endif !BUILD_ARMASM
 endif !BUILD_FIPS_V6
-endif !BUILD_INTELASM
+endif !BUILD_CURVE25519_INTELASM
 endif !BUILD_FEMATH
 endif !BUILD_ED25519_SMALL
 endif BUILD_GEMATH

tests/api.c

@@ -63548,7 +63548,8 @@ static int test_wolfSSL_dtls_AEAD_limit(void)
 #endif
 
 #if defined(WOLFSSL_DTLS) && \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
+    !defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
 static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
 {
     int fd, ret;

wolfcrypt/src/aes.c

@@ -1930,7 +1930,7 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
     word32 t0, t1, t2, t3;
     const word32* rk;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     rk = aes->key_C_fallback;
 #else
     rk = aes->key;
@@ -2945,7 +2945,7 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
     word32 t0, t1, t2, t3;
     const word32* rk;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     rk = aes->key_C_fallback;
 #else
     rk = aes->key;
@@ -4085,7 +4085,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
  */
 static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     word32* rk = aes->key_C_fallback;
 #else
     word32* rk = aes->key;
@@ -4246,7 +4246,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     if (dir == AES_DECRYPTION) {
         unsigned int j;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
         rk = aes->key_C_fallback;
 #else
         rk = aes->key;
@@ -4455,11 +4455,11 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         if (ret != 0)
             return ret;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
 #ifdef NEED_AES_TABLES
         AesSetKey_C(aes, userKey, keylen, dir);
 #endif /* NEED_AES_TABLES */
-#endif /* WC_AES_C_DYNAMIC_FALLBACK */
+#endif /* WC_C_DYNAMIC_FALLBACK */
 
     #ifdef WOLFSSL_AESNI
         aes->use_aesni = 0;
@@ -4488,13 +4488,13 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
                 if (ret == 0)
                     aes->use_aesni = 1;
                 else {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
                     ret = 0;
 #endif
                 }
                 return ret;
             } else {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
                 return 0;
 #else
                 return ret;
@@ -4680,7 +4680,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
 #ifdef WOLFSSL_AESNI
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
 
 #define VECTOR_REGISTERS_PUSH { \
         int orig_use_aesni = aes->use_aesni;                         \
@@ -12369,7 +12369,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
 
 #ifdef WOLFSSL_AESNI
     if (ret == 0) {
-        /* With WC_AES_C_DYNAMIC_FALLBACK, the main and tweak keys could have
+        /* With WC_C_DYNAMIC_FALLBACK, the main and tweak keys could have
          * conflicting _aesni status, but the AES-XTS asm implementations need
          * them to all be AESNI.  If any aren't, disable AESNI on all.
          */
@@ -12382,7 +12382,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
               (dir == AES_ENCRYPTION_AND_DECRYPTION))
              && (aes->aes_decrypt.use_aesni != aes->tweak.use_aesni)))
         {
-        #ifdef WC_AES_C_DYNAMIC_FALLBACK
+        #ifdef WC_C_DYNAMIC_FALLBACK
             aes->aes.use_aesni = 0;
             aes->aes_decrypt.use_aesni = 0;
             aes->tweak.use_aesni = 0;
@@ -12392,7 +12392,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
         }
     #else /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */
         if (aes->aes.use_aesni != aes->tweak.use_aesni) {
-        #ifdef WC_AES_C_DYNAMIC_FALLBACK
+        #ifdef WC_C_DYNAMIC_FALLBACK
             aes->aes.use_aesni = 0;
             aes->tweak.use_aesni = 0;
         #else