From 7a55bc00c873841adfced20961fc62fa7eefb5cd Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 24 Jan 2025 14:29:05 -0600 Subject: [PATCH] linuxkm/module_hooks.c: in wolfssl_init(), #ifdef HAVE_FIPS, wc_RunAllCast_fips(); wolfcrypt/src/aes.c: add missing parens in GHASH_ONE_BLOCK_SW() to mollify clang-tidy; wolfssl/wolfcrypt/fips_test.h: add FIPS_CAST_AES_ECB; wolfssl/wolfcrypt/settings.h: #ifdef WOLFSSL_LINUXKM, #undef HAVE_LIMITS_H. --- linuxkm/module_hooks.c | 57 ++++++++++++++++++++--------------- wolfcrypt/src/aes.c | 2 +- wolfssl/wolfcrypt/fips_test.h | 4 ++- wolfssl/wolfcrypt/settings.h | 3 ++ 4 files changed, 39 insertions(+), 27 deletions(-) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 55455f2410..1899b9cfd6 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -244,6 +244,38 @@ static int wolfssl_init(void) } return -ECANCELED; } +#endif /* HAVE_FIPS */ + +#ifdef WC_RNG_SEED_CB + ret = wc_SetSeed_Cb(wc_GenerateSeed); + if (ret < 0) { + pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret); + (void)libwolfssl_cleanup(); + msleep(10); + return -ECANCELED; + } +#endif + +#ifdef WOLFCRYPT_ONLY + ret = wolfCrypt_Init(); + if (ret != 0) { + pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret)); + return -ECANCELED; + } +#else + ret = wolfSSL_Init(); + if (ret != WOLFSSL_SUCCESS) { + pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret)); + return -ECANCELED; + } +#endif + +#ifdef HAVE_FIPS + ret = wc_RunAllCast_fips(); + if (ret != 0) { + pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret); + return -ECANCELED; + } pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup " "self-test succeeded.\n", @@ -270,33 +302,8 @@ static int wolfssl_init(void) "" #endif ); - #endif /* HAVE_FIPS */ -#ifdef WC_RNG_SEED_CB - ret = wc_SetSeed_Cb(wc_GenerateSeed); - if (ret < 0) { - pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret); - (void)libwolfssl_cleanup(); - msleep(10); - return -ECANCELED; - } -#endif - -#ifdef WOLFCRYPT_ONLY - ret = wolfCrypt_Init(); - if (ret != 0) { - pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; - } -#else - ret = wolfSSL_Init(); - if (ret != WOLFSSL_SUCCESS) { - pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; - } -#endif - #ifndef NO_CRYPT_TEST ret = wolfcrypt_test(NULL); if (ret < 0) { diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8286e0d4e1..ec600cacc9 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -6886,7 +6886,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, #define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ - GMULT(AES_TAG(aes), aes->gcm.H); \ + GMULT(AES_TAG(aes), (aes)->gcm.H); \ } \ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index 36d7a652ec..16f170b5e9 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -72,7 +72,9 @@ enum FipsCastId { FIPS_CAST_ED25519 = 16, FIPS_CAST_ED448 = 17, FIPS_CAST_PBKDF2 = 18, - FIPS_CAST_COUNT = 19 + /* v7.0.0 + */ + FIPS_CAST_AES_ECB = 19, + FIPS_CAST_COUNT = 20 }; enum FipsCastStateId { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 97bf9a557f..7eeb63851d 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3599,7 +3599,10 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_TEST_SUBROUTINE static #endif #undef HAVE_PTHREAD + /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */ #undef HAVE_STRINGS_H + /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */ + #undef HAVE_LIMITS_H #undef HAVE_ERRNO_H #undef HAVE_THREAD_LS #undef HAVE_ATEXIT