Merge pull request #8943 from douzzer/20250617-linuxkm-get_random_bytes

20250617-linuxkm-get_random_bytes

Author: philljj

.gitignore

@@ -3,7 +3,6 @@ ctaocrypt/src/src/
 *.lo
 *.la
 *.o
-*.patch
 *.deps
 *.d
 *.libs
@@ -246,6 +245,9 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+linuxkm/linuxkm
+linuxkm/src
+linuxkm/patches/src
 *.nds
 
 # autotools generated

.wolfssl_known_macro_extras

@@ -112,6 +112,7 @@ CONFIG_IDF_TARGET_ESP32S3
 CONFIG_IDF_TARGET_ESP8266
 CONFIG_IDF_TARGET_ESP8684
 CONFIG_KASAN
+CONFIG_KPROBES
 CONFIG_MAIN_TASK_STACK_SIZE
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 CONFIG_MBEDTLS_PSA_CRYPTO_C
@@ -294,7 +295,6 @@ LIBWOLFSSL_VERSION_GIT_ORIGIN
 LIBWOLFSSL_VERSION_GIT_SHORT_HASH
 LIBWOLFSSL_VERSION_GIT_TAG
 LINUXKM_DONT_FORCE_FIPS_ENABLED
-LINUXKM_FPU_STATES_FOLLOW_THREADS
 LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
 LINUX_CYCLE_COUNT
 LINUX_RUSAGE_UTIME
@@ -369,6 +369,7 @@ NO_HANDSHAKE_DONE_CB
 NO_IMX6_CAAM_AES
 NO_IMX6_CAAM_HASH
 NO_KEEP_PEER_CERT
+NO_LINUXKM_DRBG_GET_RANDOM_BYTES
 NO_OLD_NAMES
 NO_OLD_POLY1305
 NO_OLD_TIMEVAL_NAME
@@ -539,6 +540,7 @@ USE_ALT_MPRIME
 USE_ANY_ADDR
 USE_CERT_BUFFERS_25519
 USE_CERT_BUFFERS_3072
+USE_CONTESTMUTEX
 USE_ECDSA_KEYSZ_HASH_ALGO
 USE_FULL_ASSERT
 USE_HAL_DRIVER
@@ -652,7 +654,6 @@ WOLFSSL_CHECK_MEM_ZERO
 WOLFSSL_CHIBIOS
 WOLFSSL_CLANG_TIDY
 WOLFSSL_CLIENT_EXAMPLE
-WOLFSSL_COMMERCIAL_LICENSE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
 WOLFSSL_CUSTOM_CONFIG
@@ -718,6 +719,9 @@ WOLFSSL_KYBER_NO_DECAPSULATE
 WOLFSSL_KYBER_NO_ENCAPSULATE
 WOLFSSL_KYBER_NO_MAKE_KEY
 WOLFSSL_LIB
+WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES
+WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE
+WOLFSSL_LINUXKM_USE_MUTEXES
 WOLFSSL_LMS_CACHE_BITS
 WOLFSSL_LMS_FULL_HASH
 WOLFSSL_LMS_LARGE_CACHES
@@ -780,6 +784,7 @@ WOLFSSL_NO_SPHINCS
 WOLFSSL_NO_STRICT_CIPHER_SUITE
 WOLFSSL_NO_TICKET_EXPIRE
 WOLFSSL_NO_TRUSTED_CERTS_VERIFY
+WOLFSSL_NO_WORD64_OPS
 WOLFSSL_NO_XOR_OPS
 WOLFSSL_NRF51_AES
 WOLFSSL_OLDTLS_AEAD_CIPHERSUITES

configure.ac

@@ -119,6 +119,22 @@ then
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
 fi
 
+
+# Linux Kernel Module options (more options later)
+
+AC_ARG_ENABLE([linuxkm],
+    [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
+    [ENABLED_LINUXKM=$enableval],
+    [ENABLED_LINUXKM=no]
+    )
+
+AC_ARG_ENABLE([linuxkm-defaults],
+    [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
+    [ENABLED_LINUXKM_DEFAULTS=$enableval],
+    [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
+    )
+
+
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h])
 AC_CHECK_LIB([network],[socket])
 AC_C_BIGENDIAN
@@ -307,19 +323,10 @@ AC_ARG_ENABLE([hmac],
     [ ENABLED_HMAC=yes ]
     )
 
-# enable HMAC hash copying automatically for x86_64 and aarch64 (except Linux kernel module)
-HMAC_COPY_DEFAULT=no
-if test "$ENABLED_LINUXKM_DEFAULTS" = "no"
-then
-    if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
-    then
-        HMAC_COPY_DEFAULT=yes
-    fi
-fi
 AC_ARG_ENABLE([hmac-copy],
     [AS_HELP_STRING([--enable-hmac-copy],[Enables digest copying implementation for HMAC (default: disabled)])],
     [ ENABLED_HMAC_COPY=$enableval ],
-    [ ENABLED_HMAC_COPY=$HMAC_COPY_DEFAULT ]
+    [ ENABLED_HMAC_COPY=no ]
     )
 if test "$ENABLED_HMAC_COPY" = "yes"
 then
@@ -658,18 +665,7 @@ AC_ARG_ENABLE([benchmark],
     )
 
 
-# Linux Kernel Module
-AC_ARG_ENABLE([linuxkm],
-    [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
-    [ENABLED_LINUXKM=$enableval],
-    [ENABLED_LINUXKM=no]
-    )
-
-AC_ARG_ENABLE([linuxkm-defaults],
-    [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
-    [ENABLED_LINUXKM_DEFAULTS=$enableval],
-    [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
-    )
+# Remainder of Linux kernel module options, continued from earlier:
 
 AC_ARG_ENABLE([linuxkm-pie],
     [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
@@ -5649,10 +5645,18 @@ AC_ARG_ENABLE([pwdbased],
 
 # MemUse Entropy
 # wolfEntropy Software Jitter SP800-90B certifiable entropy source
+
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+then
+    ENABLED_ENTROPY_MEMUSE_DEFAULT=yes
+else
+    ENABLED_ENTROPY_MEMUSE_DEFAULT=no
+fi
+
 AC_ARG_ENABLE([wolfEntropy],
     [AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ],
-    [ ENABLED_ENTROPY_MEMUSE=no ]
+    [ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
     )
 AC_ARG_ENABLE([entropy-memuse],
     [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
@@ -9538,7 +9542,11 @@ if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
 fi
 
 AC_ARG_ENABLE([linuxkm-lkcapi-register],
-    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.  Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
+    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.
+    Possible values are "none" or a comma-separated combination of "all", "all-kconfig", "sysfs-nodes-only", "cbc(aes)", "cfb(aes)",
+    "gcm(aes)", "rfc4106(gcm(aes))", "xts(aes)", "ctr(aes)", "ofb(aes)", "ecb(aes)", "sha1", "sha2", "sha3", "hmac(sha1)", "hmac(sha2)",
+    "hmac(sha3)", "stdrng", "stdrng-default", "ecdsa", "ecdh", "rsa", "dh", and negations of the foregoing algorithms by prefixing "-".
+    (default: none)])],
     [ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
     [ENABLED_LINUXKM_LKCAPI_REGISTER=no]
     )