Merge pull request #8727 from douzzer/20250501-linuxkm-ecdsa-workaround

philljj · web-flow · commit 1075ce8cf42d · 2025-05-01T22:44:48.000-05:00
20250501-linuxkm-ecdsa-workaround
diff --git a/linuxkm/lkcapi_dh_glue.c b/linuxkm/lkcapi_dh_glue.c
@@ -2821,23 +2821,23 @@ static int linuxkm_test_kpp_driver(const char * driver,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating kpp algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
-        tfm = NULL;
         if (PTR_ERR(tfm) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        tfm = NULL;
         goto test_kpp_end;
     }
 
     req = kpp_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating kpp request %s failed\n",
                driver);
-        req = NULL;
         if (PTR_ERR(req) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        req = NULL;
         goto test_kpp_end;
     }
 
diff --git a/linuxkm/lkcapi_ecdh_glue.c b/linuxkm/lkcapi_ecdh_glue.c
@@ -804,23 +804,23 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating kpp algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
-        tfm = NULL;
         if (PTR_ERR(tfm) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        tfm = NULL;
         goto test_ecdh_nist_end;
     }
 
     req = kpp_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating kpp request %s failed\n",
                driver);
-        req = NULL;
         if (PTR_ERR(req) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        req = NULL;
         goto test_ecdh_nist_end;
     }
 
diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c
@@ -680,23 +680,23 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
-        tfm = NULL;
         if (PTR_ERR(tfm) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        tfm = NULL;
         goto test_ecdsa_nist_end;
     }
 
     req = akcipher_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating akcipher request %s failed\n",
                driver);
-        req = NULL;
         if (PTR_ERR(req) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        req = NULL;
         goto test_ecdsa_nist_end;
     }
 
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
@@ -238,15 +238,6 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
  * extra checks on kernel version, and ecc sizes.
  */
 #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
-    #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
-        defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
-        /*
-         * note: ecdsa was not recognized as fips_allowed before linux v6.3
-         * in kernel crypto/testmgr.c, and will not pass the tests.
-         */
-        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
-    #endif /* linux < 6.3.0 && CONFIG_CRYPTO_FIPS && CONFIG_CRYPTO_MANAGER */
-
     #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
         ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
         /* only register p192 if specifically enabled, and if not fips. */
@@ -562,6 +553,18 @@ static int linuxkm_lkcapi_register(void)
 #endif
 
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
+
+    #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) &&    \
+        defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
+        defined(CONFIG_CRYPTO_MANAGER) &&                    \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+        /*
+         * ecdsa was not recognized as fips_allowed before linux v6.3
+         * in kernel crypto/testmgr.c.
+         */
+        fips_enabled = 0;
+    #endif
+
     #if defined(LINUXKM_ECC192)
     REGISTER_ALG(ecdsa_nist_p192, akcipher,
                  linuxkm_test_ecdsa_nist_p192);
@@ -577,6 +580,14 @@ static int linuxkm_lkcapi_register(void)
     REGISTER_ALG(ecdsa_nist_p521, akcipher,
                  linuxkm_test_ecdsa_nist_p521);
     #endif /* HAVE_ECC521 */
+
+    #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) &&    \
+        defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
+        defined(CONFIG_CRYPTO_MANAGER) &&                    \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+        fips_enabled = 1;
+    #endif
+
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
 
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDH
diff --git a/linuxkm/lkcapi_rsa_glue.c b/linuxkm/lkcapi_rsa_glue.c
@@ -1653,23 +1653,23 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
-        tfm = NULL;
         if (PTR_ERR(tfm) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        tfm = NULL;
         goto test_pkcs1_end;
     }
 
     req = akcipher_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating akcipher request %s failed\n",
                driver);
-        req = NULL;
         if (PTR_ERR(req) == -ENOMEM)
             test_rc = MEMORY_E;
         else
             test_rc = BAD_FUNC_ARG;
+        req = NULL;
         goto test_pkcs1_end;
     }
 
