Merge pull request wolfSSL#9740 from douzzer/20260204-linuxkm-with-global-replace-etc

20260204-linuxkm-with-global-replace-etc

Author: dgarske

.wolfssl_known_macro_extras

@@ -637,7 +637,6 @@ WC_RSA_NONBLOCK
 WC_RSA_NONBLOCK_TIME
 WC_RSA_NO_FERMAT_CHECK
 WC_RWLOCK_OPS_INLINE
-WC_SHA3_HARDEN
 WC_SHA384
 WC_SHA384_DIGEST_SIZE
 WC_SHA512

configure.ac

@@ -1383,13 +1383,13 @@ then
     esac
 fi
 
-# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.  Disable
+# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.  Disable
 # implicit activation, and error on explicit activation.
-if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
+if test "$enable_riscv_asm" = "yes"
 then
     if test "$enable_aesgcm_stream" = "yes"
     then
-        AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
+        AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
     fi
     enable_aesgcm_stream=no
 fi
@@ -10689,11 +10689,9 @@ then
     if test "$ENABLED_AESGCM" = "no"
     then
         AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
-    elif test "$ENABLED_RISCV_ASM" = "yes" || \
-         (test "$ENABLED_ARMASM" = "yes" && \
-          test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
+    elif test "$ENABLED_RISCV_ASM" = "yes"
     then
-        AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
+        AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
     else
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"

linuxkm/linuxkm_wc_port.h

@@ -545,9 +545,10 @@
          * to assure that calls to get_random_bytes() in random.c are gated out
          * (they would recurse, potentially infinitely).
          */
-        #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
-             !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
-             !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
+        #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
+            !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
+            !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
+            !defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
             !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
             #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
         #endif

linuxkm/lkcapi_sha_glue.c

@@ -30,6 +30,22 @@
     #error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported.
 #endif
 
+#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
+    #undef LINUXKM_DRBG_GET_RANDOM_BYTES
+/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
+#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
+    (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \
+     defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
+    #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
+        #define LINUXKM_DRBG_GET_RANDOM_BYTES
+    #endif
+#else
+    #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
+        #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
+        #undef LINUXKM_DRBG_GET_RANDOM_BYTES
+    #endif
+#endif
+
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 
@@ -94,7 +110,14 @@
  * exhaustion.  A caller that really needs PR can pass in seed data in its call
  * to our rng_alg.generate() implementation.
  */
-#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX)
+#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
+    #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
+                                  WOLFKM_DRIVER_SUFFIX_BASE \
+                                  "-with-global-replace")
+#else
+    #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
+                                  WOLFKM_DRIVER_SUFFIX_BASE)
+#endif
 
 #ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL
     #define LINUXKM_LKCAPI_REGISTER_SHA1
@@ -388,7 +411,7 @@
 #else
     #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \
         !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)
-        #error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
+        #error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG
     #endif
     #undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
 #endif
@@ -1257,20 +1280,6 @@ static struct rng_alg wc_linuxkm_drbg = {
 };
 static int wc_linuxkm_drbg_loaded = 0;
 
-#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
-    #undef LINUXKM_DRBG_GET_RANDOM_BYTES
-#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
-    (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
-    #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
-        #define LINUXKM_DRBG_GET_RANDOM_BYTES
-    #endif
-#else
-    #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
-        #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
-        #undef LINUXKM_DRBG_GET_RANDOM_BYTES
-    #endif
-#endif
-
 #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
 
 #ifndef WOLFSSL_SMALL_STACK_CACHE

wolfcrypt/src/aes.c

@@ -4341,7 +4341,6 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             const byte* iv, int dir)
     {
-        int ret;
         if ((aes == NULL) || (userKey == NULL)) {
             return BAD_FUNC_ARG;
         }
@@ -4367,7 +4366,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID) {
         #ifdef WOLF_CRYPTO_CB_AES_SETKEY
-            ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
+            int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
             if (ret == 0) {
                 /* Callback succeeded - SE owns the key */
                 aes->keylen = (int)keylen;