diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c index 9969a7fc73..27814207e6 100644 --- a/linuxkm/linuxkm_memory.c +++ b/linuxkm/linuxkm_memory.c @@ -865,6 +865,11 @@ int wc_fips_generate_hash( text_p += progress; } + if (ret) { + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + goto out; + } + cur_reloc_index = -1; while (rodata_p < (const byte *)seg_map->fips_rodata_end) { size_t rodata_in_out_len = min(WOLFSSL_SEGMENT_CANONICALIZER_BUFSIZ, @@ -905,6 +910,9 @@ int wc_fips_generate_hash( } XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret) + goto out; } #else /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */ @@ -936,14 +944,14 @@ int wc_fips_generate_hash( WC_SANITIZE_ENABLE(); -#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */ - if (ret) { RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret); ret = BAD_STATE_E; goto out; } +#endif /* ! (WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT) */ + ret = hmac_final(hmac_ctx, hash, digest_size); if (ret) { RELOC_DEBUG_PRINTF("ERROR: hmac_final failed: err %d\n", ret); diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index fa0067acc2..1cbde5a6ee 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -778,12 +778,13 @@ static int wolfssl_init(void) * the true module start address, which is potentially useful to an * attacker. */ - pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x\n", + pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x, canon rodata 0x%x\n", text_hash, (unsigned long long)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), rodata_hash, (unsigned long long)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), (uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? '+' : '-', (uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? (unsigned long long)((uintptr_t)&__wc_rodata_start[0] - (uintptr_t)__wc_text_start) : (unsigned long long)((uintptr_t)__wc_text_start - (uintptr_t)&__wc_rodata_start[0]), - stabilized_text_hash); + stabilized_text_hash, + stabilized_rodata_hash); pr_info("wolfCrypt segments: text=%llx-%llx, rodata=%llx-%llx, " "rwdata=%llx-%llx, bss=%llx-%llx\n", @@ -1847,13 +1848,17 @@ static WC_MAYBE_UNUSED void *my_kallsyms_lookup_name(const char *name) { int ret; kallsyms_lookup_name_kp.addr = NULL; if ((ret = register_kprobe(&kallsyms_lookup_name_kp)) != 0) { +#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG pr_err_once("ERROR: register_kprobe(&kallsyms_lookup_name_kp) failed: %d\n", ret); +#endif return 0; } kallsyms_lookup_name_ptr = (typeof(kallsyms_lookup_name_ptr))kallsyms_lookup_name_kp.addr; unregister_kprobe(&kallsyms_lookup_name_kp); if (! kallsyms_lookup_name_ptr) { +#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG pr_err_once("ERROR: kallsyms_lookup_name_kp.addr is null.\n"); +#endif return 0; } }