wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

linuxkm/: null out pointers with PTR_ERR()-encoded values before jumping to cleanup;

Browse Source 
linuxkm/lkcapi_rsa_glue.c: in km_rsa_init(), implement error-path cleanup;

linuxkm/module_hooks.c: nix CONFIG_MODULE_SIG requirement in WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE builds;

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, define WOLFSSL_ASN_INT_LEAD_0_ANY if LINUXKM_LKCAPI_REGISTER (required for kernel 5.10 crypto manager);

wolfcrypt/src/memory.c: add WC_NO_ERR_TRACE() to mock error returns in SAVE_VECTOR_REGISTERS2_fuzzer().
This commit is contained in:
Daniel Pouzzner
2025-04-22 16:44:07 -05:00
parent 25cd009a42
commit d4fc8c3791
8 changed files with 72 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.wolfssl_known_macro_extras
View File

@ -592,7 +592,6 @@ WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ASCON_UNROLL
WOLFSSL_ASNC_CRYPT
WOLFSSL_ASN_EXTRA
WOLFSSL_ASN_INT_LEAD_0_ANY
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_ATECC508

31
linuxkm/lkcapi_aes_glue.c
View File

@ -1204,6 +1204,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
pr_err("%s: scatterwalk_map failed: %ld\n",
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
PTR_ERR(assoc));
in_map = NULL;
goto out;
}
assoc = in_map;
@ -1220,6 +1221,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
pr_err("%s: scatterwalk_map failed: %ld\n",
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
PTR_ERR(assoc));
out_map = NULL;
goto out;
}
out_text = out_map + req->assoclen;
@ -2329,6 +2331,7 @@ static int linuxkm_test_aescbc(void)
if (IS_ERR(tfm)) {
pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm));
tfm = NULL;
goto test_cbc_end;
}
@ -2355,6 +2358,7 @@ static int linuxkm_test_aescbc(void)
if (IS_ERR(req)) {
pr_err("error: allocating AES skcipher request %s failed\n",
WOLFKM_AESCBC_DRIVER);
req = NULL;
goto test_cbc_end;
}
@ -2538,6 +2542,7 @@ static int linuxkm_test_aescfb(void)
if (IS_ERR(tfm)) {
pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm));
tfm = NULL;
goto test_cfb_end;
}
@ -2555,6 +2560,7 @@ static int linuxkm_test_aescfb(void)
if (IS_ERR(req)) {
pr_err("error: allocating AES skcipher request %s failed\n",
WOLFKM_AESCFB_DRIVER);
req = NULL;
goto test_cfb_end;
}
@ -2763,6 +2769,7 @@ static int linuxkm_test_aesgcm(void)
assoc2 = malloc(sizeof(assoc));
if (IS_ERR(assoc2)) {
pr_err("error: malloc failed\n");
assoc2 = NULL;
goto test_gcm_end;
}
memset(assoc2, 0, sizeof(assoc));
@ -2771,6 +2778,7 @@ static int linuxkm_test_aesgcm(void)
iv = malloc(WC_AES_BLOCK_SIZE);
if (IS_ERR(iv)) {
pr_err("error: malloc failed\n");
iv = NULL;
goto test_gcm_end;
}
memset(iv, 0, WC_AES_BLOCK_SIZE);
@ -2779,12 +2787,14 @@ static int linuxkm_test_aesgcm(void)
enc2 = malloc(decryptLen);
if (IS_ERR(enc2)) {
pr_err("error: malloc failed\n");
enc2 = NULL;
goto test_gcm_end;
}
dec2 = malloc(decryptLen);
if (IS_ERR(dec2)) {
pr_err("error: malloc failed\n");
dec2 = NULL;
goto test_gcm_end;
}
@ -2796,6 +2806,7 @@ static int linuxkm_test_aesgcm(void)
if (IS_ERR(tfm)) {
pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm));
tfm = NULL;
goto test_gcm_end;
}
@ -2819,15 +2830,25 @@ static int linuxkm_test_aesgcm(void)
if (IS_ERR(req)) {
pr_err("error: allocating AES aead request %s failed: %ld\n",
WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
req = NULL;
goto test_gcm_end;
}
src = malloc(sizeof(struct scatterlist) * 2);
if (IS_ERR(src)) {
pr_err("error: malloc src failed: %ld\n",
PTR_ERR(src));
src = NULL;
goto test_gcm_end;
}
dst = malloc(sizeof(struct scatterlist) * 2);
if (IS_ERR(src) || IS_ERR(dst)) {
pr_err("error: malloc src or dst failed: %ld, %ld\n",
PTR_ERR(src), PTR_ERR(dst));
if (IS_ERR(dst)) {
pr_err("error: malloc dst failed: %ld\n",
PTR_ERR(dst));
dst = NULL;
goto test_gcm_end;
}
@ -3367,6 +3388,7 @@ static int aes_xts_128_test(void)
ret = PTR_ERR(tfm);
pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
WOLFKM_AESXTS_DRIVER, ret);
tfm = NULL;
goto test_xts_end;
}
@ -3404,6 +3426,7 @@ static int aes_xts_128_test(void)
ret = PTR_ERR(req);
pr_err("error: allocating AES skcipher request %s failed: %d\n",
WOLFKM_AESXTS_DRIVER, ret);
req = NULL;
goto test_xts_end;
}
@ -3847,6 +3870,7 @@ static int aes_xts_256_test(void)
ret = PTR_ERR(tfm);
pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
WOLFKM_AESXTS_DRIVER, ret);
tfm = NULL;
goto test_xts_end;
}
@ -3883,6 +3907,7 @@ static int aes_xts_256_test(void)
ret = PTR_ERR(req);
pr_err("error: allocating AES skcipher request %s failed: %d\n",
WOLFKM_AESXTS_DRIVER, ret);
req = NULL;
goto test_xts_end;
}

2
linuxkm/lkcapi_ecdh_glue.c
View File

@ -804,6 +804,7 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
if (IS_ERR(tfm)) {
pr_err("error: allocating kpp algorithm %s failed: %ld\n",
driver, PTR_ERR(tfm));
tfm = NULL;
goto test_ecdh_nist_end;
}
@ -811,6 +812,7 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
if (IS_ERR(req)) {
pr_err("error: allocating kpp request %s failed\n",
driver);
req = NULL;
goto test_ecdh_nist_end;
}

2
linuxkm/lkcapi_ecdsa_glue.c
View File

@ -679,6 +679,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
if (IS_ERR(tfm)) {
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
driver, PTR_ERR(tfm));
tfm = NULL;
goto test_ecdsa_nist_end;
}
@ -686,6 +687,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
if (IS_ERR(req)) {
pr_err("error: allocating akcipher request %s failed\n",
driver);
req = NULL;
goto test_ecdsa_nist_end;
}

35
linuxkm/lkcapi_rsa_glue.c
View File

@ -180,25 +180,32 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid)
ctx->key = (RsaKey *)malloc(sizeof(RsaKey));
if (!ctx->key) {
return -ENOMEM;
ret = -ENOMEM;
goto out;
}
ret = wc_InitRng(&ctx->rng);
if (ret) {
pr_err("%s: init rng returned: %d\n", WOLFKM_RSA_DRIVER, ret);
return -ENOMEM;
if (ret == WC_NO_ERR_TRACE(MEMORY_E))
ret = -ENOMEM;
else
ret = -EINVAL;
goto out;
}
ret = wc_InitRsaKey(ctx->key, NULL);
if (ret) {
pr_err("%s: init rsa key returned: %d\n", WOLFKM_RSA_DRIVER, ret);
return -ENOMEM;
ret = -EINVAL;
goto out;
}
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(ctx->key, &ctx->rng);
if (ret) {
return -ENOMEM;
ret = -EINVAL;
goto out;
}
#endif /* WC_RSA_BLINDING */
@ -221,13 +228,25 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid)
default:
pr_err("%s: init: unhandled hash_oid: %d\n", WOLFKM_RSA_DRIVER,
hash_oid);
return -ENOMEM;
ret = -EINVAL;
goto out;
}
#ifdef WOLFKM_DEBUG_RSA
pr_info("info: exiting km_rsa_init: hash_oid %d\n", ctx->hash_oid);
#endif /* WOLFKM_DEBUG_RSA */
return 0;
out:
if (ret != 0) {
if (ctx->key) {
free(ctx->key);
ctx->key = NULL;
}
wc_FreeRng(&ctx->rng);
}
return ret;
}
#if defined(LINUXKM_DIRECT_RSA)
@ -1260,6 +1279,7 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits)
if (IS_ERR(tfm)) {
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
driver, PTR_ERR(tfm));
tfm = NULL;
goto test_rsa_end;
}
@ -1267,6 +1287,7 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits)
if (IS_ERR(req)) {
pr_err("error: allocating akcipher request %s failed\n",
driver);
req = NULL;
goto test_rsa_end;
}
@ -1609,6 +1630,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
if (IS_ERR(tfm)) {
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
driver, PTR_ERR(tfm));
tfm = NULL;
goto test_pkcs1_end;
}
@ -1616,6 +1638,7 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
if (IS_ERR(req)) {
pr_err("error: allocating akcipher request %s failed\n",
driver);
req = NULL;
goto test_pkcs1_end;
}

5
linuxkm/module_hooks.c
View File

@ -110,9 +110,6 @@ static void lkmFipsCb(int ok, int err, const char* hash)
#endif
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
#ifndef CONFIG_MODULE_SIG
#error WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE requires a CONFIG_MODULE_SIG kernel.
#endif
static int updateFipsHash(void);
#endif
@ -137,10 +134,12 @@ static int wolfssl_init(void)
int ret;
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
#ifdef CONFIG_MODULE_SIG
if (THIS_MODULE->sig_ok == false) {
pr_err("wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n");
return -ECANCELED;
}
#endif
ret = updateFipsHash();
if (ret < 0) {
pr_err("wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret));

4
wolfcrypt/src/memory.c
View File

@ -1754,7 +1754,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
}
(void)lrand48_r(&wc_svr_fuzzing_state, &result);
if (result & 1)
return IO_FAILED_E;
return WC_NO_ERR_TRACE(IO_FAILED_E);
else
return 0;
}
@ -1794,7 +1794,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
balance_bit = !balance_bit;
return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
return ((prn & 1) ^ balance_bit) ? WC_NO_ERR_TRACE(IO_FAILED_E) : 0;
}
#endif /* !HAVE_THREAD_LS */

7
wolfssl/wolfcrypt/settings.h
View File

@ -3674,6 +3674,13 @@ extern void uITRON4_free(void *p) ;
#undef WOLFSSL_MIN_AUTH_TAG_SZ
#define WOLFSSL_MIN_AUTH_TAG_SZ 4
#if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY)
/* kernel 5.10 crypto manager tests key(s) that fail unless leading
* bytes are tolerated in GetASN_Integer().
*/
#define WOLFSSL_ASN_INT_LEAD_0_ANY
#endif
#ifdef CONFIG_KASAN
#ifndef WC_SANITIZE_DISABLE
#define WC_SANITIZE_DISABLE() kasan_disable_current()