Merge remote-tracking branch 'upstream/master' into zd20936

Author: kareem-wolfssl

.github/workflows/os-check.yml

@@ -65,6 +65,7 @@ jobs:
            --enable-cert-setup-cb --enable-sessioncerts',
           '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info',
           'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY',
+          '--enable-all --enable-certgencache',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

.wolfssl_known_macro_extras

@@ -663,6 +663,7 @@ WOLFSSL_ALLOW_TLS_SHA1
 WOLFSSL_ALTERNATIVE_DOWNGRADE
 WOLFSSL_ALT_NAMES_NO_REV
 WOLFSSL_ARM_ARCH_NEON_64BIT
+WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP
 WOLFSSL_ASCON_UNROLL
 WOLFSSL_ASNC_CRYPT
 WOLFSSL_ASN_EXTRA

CMakeLists.txt

@@ -2693,6 +2693,18 @@ if(WOLFSSL_EXAMPLES)
         tests/api/test_ossl_mac.c
         tests/api/test_ossl_rsa.c
         tests/api/test_ossl_sk.c
+        tests/api/test_ossl_x509.c
+        tests/api/test_ossl_x509_ext.c
+        tests/api/test_ossl_x509_name.c
+        tests/api/test_ossl_x509_pk.c
+        tests/api/test_ossl_x509_vp.c
+        tests/api/test_ossl_x509_io.c
+        tests/api/test_ossl_x509_crypto.c
+        tests/api/test_ossl_x509_acert.c
+        tests/api/test_ossl_x509_info.c
+        tests/api/test_ossl_x509_str.c
+        tests/api/test_ossl_x509_lu.c
+        tests/api/test_ossl_pem.c
         tests/api/test_tls13.c
         tests/srp.c
         tests/suites.c

IDE/Renesas/e2studio/RA6M4/include.am

@@ -17,3 +17,7 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem

linuxkm/Makefile

@@ -104,21 +104,41 @@ ifndef MAKE_TMPDIR
 endif
 
 GENERATE_SECTION_MAP := $(AWK) 'BEGIN { printf("") >ENVIRON["SECTION_MAP"]; }		\
+	/^Section Headers:/ {								\
+	    in_sections = 1;								\
+	    in_symbols = 0;								\
+	    next;									\
+	}										\
+	/^Symbol table / {								\
+	    if (! in_sections) {							\
+		print "symbol table appeared before section headers." >"/dev/stderr";	\
+		exit(1);								\
+	    }										\
+	    in_sections = 0;								\
+	    in_symbols = 1;								\
+	    next;									\
+	}										\
 	{										\
-	    if ($$7 !~ "^[0-9]+$$")							\
-		next;									\
-	    if ($$4 == "SECTION") {							\
-		sections[$$7] = $$8;							\
-		next;									\
+	    if (in_sections) {								\
+		if (match($$0,								\
+			  "^[[:space:]]*\\[[[:space:]]*([0-9]+)[[:space:]]*\\][[:space:]]+([^[:space:]]+)[[:space:]]",\
+			  section_line_a)) {						\
+		    sections[section_line_a[1]] = section_line_a[2];			\
+		    next;								\
+		}									\
 	    }										\
-	    if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) {		\
-		if (($$8 == "$$d") || ($$8 == "$$t"))					\
+	    if (in_symbols) {								\
+		if ($$7 !~ "^[0-9]+$$")							\
 		    next;								\
-		if ($$7 in sections) {							\
-		    if (sections[$$7] ~ "_wolfcrypt$$")					\
-			print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"];		\
-		} else									\
-		    print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\
+		if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) {	\
+		    if (($$8 == "$$d") || ($$8 == "$$t"))				\
+			next;								\
+		    if ($$7 in sections) {						\
+			if (sections[$$7] ~ "_wolfcrypt$$")				\
+			    print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"];	\
+		    } else								\
+			print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\
+		}									\
 	    }										\
 	}'
 
@@ -272,7 +292,7 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 	@SECTION_MAP=$$(mktemp)
 	@trap 'rm "$$SECTION_MAP"' EXIT
 	@export SECTION_MAP
-	@$(READELF) --wide --symbols "$@" | $(GENERATE_SECTION_MAP)
+	@$(READELF) --wide --sections --symbols "$@" | $(GENERATE_SECTION_MAP)
 	@$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| '$(MODULE_TOP)/linuxkm/wc_linuxkm_pie_reloc_tab.c'
 	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
 	@$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| "$$RELOC_TMP"

linuxkm/include.am

@@ -24,6 +24,7 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/patches/5.10.236/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v236.patch \
 	      linuxkm/patches/5.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v15.patch \
 	      linuxkm/patches/5.17/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17.patch \
+	      linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch \
 	      linuxkm/patches/6.1.73/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch \
 	      linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch \
 	      linuxkm/patches/6.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch

linuxkm/lkcapi_sha_glue.c

@@ -1073,17 +1073,17 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) {
         return NULL;
     }
 
-    #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
-        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
     if (tfm == crypto_default_rng) {
+        #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
         migrate_disable(); /* this actually makes irq_count() nonzero, so that
                             * DISABLE_VECTOR_REGISTERS() is superfluous, but
                             * don't depend on that.
                             */
+        #endif
+        local_bh_disable();
         new_lock_value = 2;
     }
     else
-    #endif
     {
         new_lock_value = 1;
     }
@@ -1104,7 +1104,9 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) {
 }
 
 /* get_drbg_n() is used by bulk seed, mix-in, and reseed operations.  It expects
- * the caller to be able to wait until the requested DRBG is available.
+ * the caller to be able to wait until the requested DRBG is available.  If the
+ * caller can't sleep and the requested DRBG is busy, it returns immediately --
+ * this avoids priority inversions and deadlocks.
  */
 static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, int n) {
     int can_sleep = (preempt_count() == 0);
@@ -1119,23 +1121,22 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in
             cond_resched();
         }
         else
-            cpu_relax();
+            return NULL;
     }
 
     __builtin_unreachable();
 }
 
 static inline void put_drbg(struct wc_rng_inst *drbg) {
-    #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
-        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
     int migration_disabled = (drbg->lock == 2);
-    #endif
     __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE);
-    #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
-        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-    if (migration_disabled)
+
+    if (migration_disabled) {
+        local_bh_enable();
+        #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
         migrate_enable();
-    #endif
+        #endif
+    }
 }
 
 static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm,