mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:40:48 +02:00
linuxkm/linuxkm_memory.c: in wc_fips_generate_hash(), fix handling of failed hmac_update() in text segment loop;
linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT section, render stabilized_rodata_hash; in my_kallsyms_lookup_name(), gate kprobe failure messages behind WOLFSSL_LINUXKM_VERBOSE_DEBUG.
This commit is contained in:
@@ -865,6 +865,11 @@ int wc_fips_generate_hash(
|
||||
text_p += progress;
|
||||
}
|
||||
|
||||
if (ret) {
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
goto out;
|
||||
}
|
||||
|
||||
cur_reloc_index = -1;
|
||||
while (rodata_p < (const byte *)seg_map->fips_rodata_end) {
|
||||
size_t rodata_in_out_len = min(WOLFSSL_SEGMENT_CANONICALIZER_BUFSIZ,
|
||||
@@ -905,6 +910,9 @@ int wc_fips_generate_hash(
|
||||
}
|
||||
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
#else /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
|
||||
@@ -936,14 +944,14 @@ int wc_fips_generate_hash(
|
||||
|
||||
WC_SANITIZE_ENABLE();
|
||||
|
||||
#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
|
||||
|
||||
if (ret) {
|
||||
RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret);
|
||||
ret = BAD_STATE_E;
|
||||
goto out;
|
||||
}
|
||||
|
||||
#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */
|
||||
|
||||
ret = hmac_final(hmac_ctx, hash, digest_size);
|
||||
if (ret) {
|
||||
RELOC_DEBUG_PRINTF("ERROR: hmac_final failed: err %d\n", ret);
|
||||
|
||||
@@ -778,12 +778,13 @@ static int wolfssl_init(void)
|
||||
* the true module start address, which is potentially useful to an
|
||||
* attacker.
|
||||
*/
|
||||
pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x\n",
|
||||
pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x, canon rodata 0x%x\n",
|
||||
text_hash, (unsigned long long)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start),
|
||||
rodata_hash, (unsigned long long)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start),
|
||||
(uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? '+' : '-',
|
||||
(uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? (unsigned long long)((uintptr_t)&__wc_rodata_start[0] - (uintptr_t)__wc_text_start) : (unsigned long long)((uintptr_t)__wc_text_start - (uintptr_t)&__wc_rodata_start[0]),
|
||||
stabilized_text_hash);
|
||||
stabilized_text_hash,
|
||||
stabilized_rodata_hash);
|
||||
|
||||
pr_info("wolfCrypt segments: text=%llx-%llx, rodata=%llx-%llx, "
|
||||
"rwdata=%llx-%llx, bss=%llx-%llx\n",
|
||||
@@ -1847,13 +1848,17 @@ static WC_MAYBE_UNUSED void *my_kallsyms_lookup_name(const char *name) {
|
||||
int ret;
|
||||
kallsyms_lookup_name_kp.addr = NULL;
|
||||
if ((ret = register_kprobe(&kallsyms_lookup_name_kp)) != 0) {
|
||||
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
|
||||
pr_err_once("ERROR: register_kprobe(&kallsyms_lookup_name_kp) failed: %d\n", ret);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
kallsyms_lookup_name_ptr = (typeof(kallsyms_lookup_name_ptr))kallsyms_lookup_name_kp.addr;
|
||||
unregister_kprobe(&kallsyms_lookup_name_kp);
|
||||
if (! kallsyms_lookup_name_ptr) {
|
||||
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
|
||||
pr_err_once("ERROR: kallsyms_lookup_name_kp.addr is null.\n");
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user