diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 242c00a4c..3e728fa5f 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -592,7 +592,6 @@ WOLFSSL_ARM_ARCH_NEON_64BIT WOLFSSL_ASCON_UNROLL WOLFSSL_ASNC_CRYPT WOLFSSL_ASN_EXTRA -WOLFSSL_ASN_INT_LEAD_0_ANY WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32 WOLFSSL_ASN_TEMPLATE_TYPE_CHECK WOLFSSL_ATECC508 diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index d4b13fd47..682557653 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -1204,6 +1204,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p) pr_err("%s: scatterwalk_map failed: %ld\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), PTR_ERR(assoc)); + in_map = NULL; goto out; } assoc = in_map; @@ -1220,6 +1221,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p) pr_err("%s: scatterwalk_map failed: %ld\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), PTR_ERR(assoc)); + out_map = NULL; goto out; } out_text = out_map + req->assoclen; @@ -2329,6 +2331,7 @@ static int linuxkm_test_aescbc(void) if (IS_ERR(tfm)) { pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n", WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm)); + tfm = NULL; goto test_cbc_end; } @@ -2355,6 +2358,7 @@ static int linuxkm_test_aescbc(void) if (IS_ERR(req)) { pr_err("error: allocating AES skcipher request %s failed\n", WOLFKM_AESCBC_DRIVER); + req = NULL; goto test_cbc_end; } @@ -2538,6 +2542,7 @@ static int linuxkm_test_aescfb(void) if (IS_ERR(tfm)) { pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n", WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm)); + tfm = NULL; goto test_cfb_end; } @@ -2555,6 +2560,7 @@ static int linuxkm_test_aescfb(void) if (IS_ERR(req)) { pr_err("error: allocating AES skcipher request %s failed\n", WOLFKM_AESCFB_DRIVER); + req = NULL; goto test_cfb_end; } @@ -2763,6 +2769,7 @@ static int linuxkm_test_aesgcm(void) assoc2 = malloc(sizeof(assoc)); if (IS_ERR(assoc2)) { pr_err("error: malloc failed\n"); + assoc2 = NULL; goto test_gcm_end; } memset(assoc2, 0, sizeof(assoc)); @@ -2771,6 +2778,7 @@ static int linuxkm_test_aesgcm(void) iv = malloc(WC_AES_BLOCK_SIZE); if (IS_ERR(iv)) { pr_err("error: malloc failed\n"); + iv = NULL; goto test_gcm_end; } memset(iv, 0, WC_AES_BLOCK_SIZE); @@ -2779,12 +2787,14 @@ static int linuxkm_test_aesgcm(void) enc2 = malloc(decryptLen); if (IS_ERR(enc2)) { pr_err("error: malloc failed\n"); + enc2 = NULL; goto test_gcm_end; } dec2 = malloc(decryptLen); if (IS_ERR(dec2)) { pr_err("error: malloc failed\n"); + dec2 = NULL; goto test_gcm_end; } @@ -2796,6 +2806,7 @@ static int linuxkm_test_aesgcm(void) if (IS_ERR(tfm)) { pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n", WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm)); + tfm = NULL; goto test_gcm_end; } @@ -2819,15 +2830,25 @@ static int linuxkm_test_aesgcm(void) if (IS_ERR(req)) { pr_err("error: allocating AES aead request %s failed: %ld\n", WOLFKM_AESCBC_DRIVER, PTR_ERR(req)); + req = NULL; goto test_gcm_end; } src = malloc(sizeof(struct scatterlist) * 2); + + if (IS_ERR(src)) { + pr_err("error: malloc src failed: %ld\n", + PTR_ERR(src)); + src = NULL; + goto test_gcm_end; + } + dst = malloc(sizeof(struct scatterlist) * 2); - if (IS_ERR(src) || IS_ERR(dst)) { - pr_err("error: malloc src or dst failed: %ld, %ld\n", - PTR_ERR(src), PTR_ERR(dst)); + if (IS_ERR(dst)) { + pr_err("error: malloc dst failed: %ld\n", + PTR_ERR(dst)); + dst = NULL; goto test_gcm_end; } @@ -3367,6 +3388,7 @@ static int aes_xts_128_test(void) ret = PTR_ERR(tfm); pr_err("error: allocating AES skcipher algorithm %s failed: %d\n", WOLFKM_AESXTS_DRIVER, ret); + tfm = NULL; goto test_xts_end; } @@ -3404,6 +3426,7 @@ static int aes_xts_128_test(void) ret = PTR_ERR(req); pr_err("error: allocating AES skcipher request %s failed: %d\n", WOLFKM_AESXTS_DRIVER, ret); + req = NULL; goto test_xts_end; } @@ -3847,6 +3870,7 @@ static int aes_xts_256_test(void) ret = PTR_ERR(tfm); pr_err("error: allocating AES skcipher algorithm %s failed: %d\n", WOLFKM_AESXTS_DRIVER, ret); + tfm = NULL; goto test_xts_end; } @@ -3883,6 +3907,7 @@ static int aes_xts_256_test(void) ret = PTR_ERR(req); pr_err("error: allocating AES skcipher request %s failed: %d\n", WOLFKM_AESXTS_DRIVER, ret); + req = NULL; goto test_xts_end; } diff --git a/linuxkm/lkcapi_ecdh_glue.c b/linuxkm/lkcapi_ecdh_glue.c index 5ba471249..26ea5b290 100644 --- a/linuxkm/lkcapi_ecdh_glue.c +++ b/linuxkm/lkcapi_ecdh_glue.c @@ -804,6 +804,7 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver, if (IS_ERR(tfm)) { pr_err("error: allocating kpp algorithm %s failed: %ld\n", driver, PTR_ERR(tfm)); + tfm = NULL; goto test_ecdh_nist_end; } @@ -811,6 +812,7 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver, if (IS_ERR(req)) { pr_err("error: allocating kpp request %s failed\n", driver); + req = NULL; goto test_ecdh_nist_end; } diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c index 5f87866b1..eb0988051 100644 --- a/linuxkm/lkcapi_ecdsa_glue.c +++ b/linuxkm/lkcapi_ecdsa_glue.c @@ -679,6 +679,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver, if (IS_ERR(tfm)) { pr_err("error: allocating akcipher algorithm %s failed: %ld\n", driver, PTR_ERR(tfm)); + tfm = NULL; goto test_ecdsa_nist_end; } @@ -686,6 +687,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver, if (IS_ERR(req)) { pr_err("error: allocating akcipher request %s failed\n", driver); + req = NULL; goto test_ecdsa_nist_end; } diff --git a/linuxkm/lkcapi_rsa_glue.c b/linuxkm/lkcapi_rsa_glue.c index 9394ede13..e48a51fc9 100644 --- a/linuxkm/lkcapi_rsa_glue.c +++ b/linuxkm/lkcapi_rsa_glue.c @@ -180,25 +180,32 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid) ctx->key = (RsaKey *)malloc(sizeof(RsaKey)); if (!ctx->key) { - return -ENOMEM; + ret = -ENOMEM; + goto out; } ret = wc_InitRng(&ctx->rng); if (ret) { pr_err("%s: init rng returned: %d\n", WOLFKM_RSA_DRIVER, ret); - return -ENOMEM; + if (ret == WC_NO_ERR_TRACE(MEMORY_E)) + ret = -ENOMEM; + else + ret = -EINVAL; + goto out; } ret = wc_InitRsaKey(ctx->key, NULL); if (ret) { pr_err("%s: init rsa key returned: %d\n", WOLFKM_RSA_DRIVER, ret); - return -ENOMEM; + ret = -EINVAL; + goto out; } #ifdef WC_RSA_BLINDING ret = wc_RsaSetRNG(ctx->key, &ctx->rng); if (ret) { - return -ENOMEM; + ret = -EINVAL; + goto out; } #endif /* WC_RSA_BLINDING */ @@ -221,13 +228,25 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid) default: pr_err("%s: init: unhandled hash_oid: %d\n", WOLFKM_RSA_DRIVER, hash_oid); - return -ENOMEM; + ret = -EINVAL; + goto out; } #ifdef WOLFKM_DEBUG_RSA pr_info("info: exiting km_rsa_init: hash_oid %d\n", ctx->hash_oid); #endif /* WOLFKM_DEBUG_RSA */ - return 0; + +out: + + if (ret != 0) { + if (ctx->key) { + free(ctx->key); + ctx->key = NULL; + } + wc_FreeRng(&ctx->rng); + } + + return ret; } #if defined(LINUXKM_DIRECT_RSA) @@ -1260,6 +1279,7 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits) if (IS_ERR(tfm)) { pr_err("error: allocating akcipher algorithm %s failed: %ld\n", driver, PTR_ERR(tfm)); + tfm = NULL; goto test_rsa_end; } @@ -1267,6 +1287,7 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits) if (IS_ERR(req)) { pr_err("error: allocating akcipher request %s failed\n", driver); + req = NULL; goto test_rsa_end; } @@ -1609,6 +1630,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits, if (IS_ERR(tfm)) { pr_err("error: allocating akcipher algorithm %s failed: %ld\n", driver, PTR_ERR(tfm)); + tfm = NULL; goto test_pkcs1_end; } @@ -1616,6 +1638,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits, if (IS_ERR(req)) { pr_err("error: allocating akcipher request %s failed\n", driver); + req = NULL; goto test_pkcs1_end; } diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 956ed2a7d..5b8ffdad6 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -110,9 +110,6 @@ static void lkmFipsCb(int ok, int err, const char* hash) #endif #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE -#ifndef CONFIG_MODULE_SIG -#error WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE requires a CONFIG_MODULE_SIG kernel. -#endif static int updateFipsHash(void); #endif @@ -137,10 +134,12 @@ static int wolfssl_init(void) int ret; #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE +#ifdef CONFIG_MODULE_SIG if (THIS_MODULE->sig_ok == false) { pr_err("wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n"); return -ECANCELED; } +#endif ret = updateFipsHash(); if (ret < 0) { pr_err("wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret)); diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index c24d841f8..928dd7bd3 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1754,7 +1754,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { } (void)lrand48_r(&wc_svr_fuzzing_state, &result); if (result & 1) - return IO_FAILED_E; + return WC_NO_ERR_TRACE(IO_FAILED_E); else return 0; } @@ -1794,7 +1794,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { balance_bit = !balance_bit; - return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0; + return ((prn & 1) ^ balance_bit) ? WC_NO_ERR_TRACE(IO_FAILED_E) : 0; } #endif /* !HAVE_THREAD_LS */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9fa7a3372..9f4cd66a7 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3674,6 +3674,13 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_MIN_AUTH_TAG_SZ #define WOLFSSL_MIN_AUTH_TAG_SZ 4 + #if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY) + /* kernel 5.10 crypto manager tests key(s) that fail unless leading + * bytes are tolerated in GetASN_Integer(). + */ + #define WOLFSSL_ASN_INT_LEAD_0_ANY + #endif + #ifdef CONFIG_KASAN #ifndef WC_SANITIZE_DISABLE #define WC_SANITIZE_DISABLE() kasan_disable_current()