Commit Graph

475 Commits

Author SHA1 Message Date
Daniel Pouzzner 296bfc8a83 wolfcrypt/src/random.c:
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
2026-06-18 11:53:44 -05:00
Daniel Pouzzner 5aad1447b6 fix F-1236: Copy-Paste Error in #endif Comment: AESCBC Instead of AESCFB Info Assigned
fix F-3291: Copy-paste error in linuxkm_test_aesgcm error message uses WOLFKM_AESCBC_DRIVER
fix F-1431: AES-GCM RFC4106 SetKey Uses memcpy Instead of XMEMCPY for Nonce Copy

(note, for F-1431, changed all relevant memset() and memcpy() calls in linuxkm/ to XMEMSET() and XMEMCPY() respectively.)
2026-06-15 12:28:23 -05:00
Daniel Pouzzner 3c9996efe0 fix F-5958: wc_linuxkm_drbg_generate returns untranslated wolfCrypt RNG_FAILURE_E on the slen>0 reseed-failure path 2026-06-15 12:28:23 -05:00
Daniel Pouzzner bd804c632c fix F-5957: atomic_t fallback of wc_lkm_refcount_to_int reads address of pointer parameter instead of the refcount 2026-06-15 12:28:23 -05:00
Daniel Pouzzner ea5e86d967 fix F-5956: Heap buffer overflow in DH/FFDHE shared-secret computation when peer public key is shorter than the modulus 2026-06-15 12:28:23 -05:00
Daniel Pouzzner 70e7bf5eab linuxkm/linuxkm_wc_port.h: fix entropy source setup for FIPS: use in-boundary wc_GenerateSeed() unless FIPS < 5.2.4 or explicit WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER / WC_LINUXKM_RDSEED_IN_GLUE_LAYER. 2026-06-13 10:48:02 -05:00
Daniel Pouzzner 4d77baff3b linuxkm/module_hooks.c: fix flub in IntelRDseed64_r() ForceZero() call;
linuxkm/lkcapi_aes_glue.c: fix typo in linuxkm_test_aesgcm() error message.
2026-06-12 19:24:32 -05:00
Daniel Pouzzner 1b22e4b502 fix F-4409: Integer Overflow in PKCS1 Sign Length Check Allows Heap Buffer Overflow 2026-06-12 18:14:55 -05:00
Daniel Pouzzner 8624bca5b5 fix F-3294: IntelRDseed64_r Stack Buffer Containing Entropy Cleared with Plain Assignment Instead of wc_ForceZero 2026-06-12 18:14:54 -05:00
Daniel Pouzzner 476cfd6c64 fix for F-3946: Missing ForceZero on Heap-Allocated HMAC State Buffer in km_hmac_init Error Path 2026-06-12 18:14:54 -05:00
Daniel Pouzzner d3279a825a fixes for
F-1433: AES CBC/CFB Self-Test Functions Silently Continue After enc2/dec2 Allocation Failure
F-1434: linuxkm_test_aesgcm Silently Returns Success on Kernel Crypto Allocation Failure
2026-06-12 18:14:54 -05:00
Daniel Pouzzner 503084629f fix F-1430: AES-GCM Non-Stream Path Returns -EINVAL Instead of Propagating skcipher_walk Error 2026-06-12 18:14:54 -05:00
Daniel Pouzzner ab69af541f fixes for
F-1428: Missing ForceZero on sg_buf Containing Decrypted Plaintext in AES-GCM Non-Stream Path
F-3293: AES-CCM Non-Contiguous SG Path Missing ForceZero on sg_buf Containing Decrypted Plaintext
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c071c29eca fixes for Skoll-flagged linuxkm/ flubs in #10658:
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes;

in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM;

in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c84c44f62f fix F-1238: Integer Overflow in ECDSA Verify Allocation of sig_len + hash_len 2026-06-12 18:14:53 -05:00
Daniel Pouzzner 0272f0a506 fix F-709: AES-XTS Stream Finalize Returns Untranslated wolfCrypt Error Code to Kernel LKCAPI 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 8110d567c8 fix F-708: DH km_dh_set_secret Missing Private Key Cleanup on Error Path 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 591f52fb9b fix F-681: DH/FFDHE Init Error Paths Leak RNG Resource 2026-06-12 18:14:52 -05:00
Daniel Pouzzner ec4146a8e3 fix F-680: ECDH Init Error Paths Leak RNG Resource 2026-06-12 18:14:51 -05:00
Daniel Pouzzner cac0f231db fix F-679: HMAC Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 3057314f65 fix F-678: SHA3 Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 38c2477cbb fix F-677: SHA3 Init Memory Leak on wc_InitSha3 Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 85091c7d06 fix F-676: Missing ForceZero on RSA Decrypted Plaintext Buffer
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
2026-06-12 18:14:50 -05:00
Daniel Pouzzner 1df8d453c9 fix F-3948: Missing KAT mismatch check in aes_xts_256_test partial block encrypt path 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 21a57cf003 Fixes for Fenrir items:
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure
F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard
F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
2026-06-12 18:14:50 -05:00
Daniel Pouzzner b3cb06e98a fix F-1426: PTR_ERR on malloc Results Always Yields 0 in AES-GCM Self-Test Error Messages 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 8c1013ad52 fix F-1425: PTR_ERR on malloc Result Always Yields 0 in Error Message 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 682a09d5a7 fix F-1424: Sysfs Node Resource Leak When Second Install Fails 2026-06-12 18:14:49 -05:00
Daniel Pouzzner f48efe5bfc fix F-705: Missing wc_RsaSetRNG in sig_alg km_pkcs1_set_pub After Key Re-Init 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 9c1d9c164b fix F-673: Wrong sizeof Type in Allocation Failure Error Message 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 1c9abac6f5 fix F-672: Copy-Paste Duplicate: pkcs1_sha384 Unregistered Twice in Both RSA Paths 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 546ac0ac36 linuxkm/lkcapi_aes_glue.c: clean up pr_err()s on allocation failures. 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 0097739dd8 fixes for F-3325:
wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS:

tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2;

wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating;

linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c.

wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c.

linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c.
2026-06-11 15:38:28 -05:00
Daniel Pouzzner 0f3d3bedb0 fix F-5334: AEAD decrypt accepts ciphertext shorter than authentication tag before unsigned length subtraction 2026-06-10 17:28:06 -05:00
Daniel Pouzzner e98a03b80e fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 1e888383bb fix F-3025: Missing buffer-length validation in km_ecdh_decode_secret enables out-of-bounds read 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 9b723b9e11 fix F-3024: Missing buffer-length validation in km_dh_decode_secret enables out-of-bounds read 2026-06-10 17:28:05 -05:00
Daniel Pouzzner b4139b1a90 fix F-706: AES-CTR and AES-OFB Encrypt Leak Aes Context Containing Key Schedule on skcipher_walk_done Error 2026-06-10 17:28:05 -05:00
Daniel Pouzzner afc2137351 fix F-682: Incorrect tolower/toupper Macros Produce Wrong Results for Non-Alpha Characters 2026-06-10 17:28:05 -05:00
Daniel Pouzzner c9cc79f9ae cleanup inspired by false positive F-675: AES-CTR and AES-OFB Modes Bypass WC_C_DYNAMIC_FALLBACK Selection Logic 2026-06-10 17:28:05 -05:00
Daniel Pouzzner da1b7fe236 fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification 2026-06-10 17:28:05 -05:00
Daniel Pouzzner ad98438baa fixes for
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 67c1d65ef7 fixes for
F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 05fc258ca2 fix F-1423: AES-XTS Encrypt/Decrypt Missing skcipher_walk Cleanup on 6 Early-Return Error Paths 2026-06-10 17:28:05 -05:00
Daniel Pouzzner 19a9670aaa fix F-1234: IS_ERR Used on NULL-Returning Kernel Crypto Request Allocation Functions. 2026-06-10 17:28:05 -05:00
Daniel Pouzzner a7b0b3ebc2 linuxkm/module_hooks.c: tweak wc_linuxkm_malloc_usable_size() and my_kallsyms_lookup_name(), moving wc_linuxkm_can_block() to where it's really needed in my_kallsyms_lookup_name(). 2026-06-04 14:18:34 -05:00
philljj 1f0f29cf30 Merge pull request #10590 from douzzer/20260603-linuxkm-fixes
20260603-linuxkm-fixes
2026-06-04 11:14:35 -05:00
Daniel Pouzzner 396e83a48b linuxkm/linuxkm_wc_port.h:
* add WOLFSSL_API attribute to wc_linuxkm_sig_ignore_begin(), wc_linuxkm_sig_ignore_end(), wc_linuxkm_check_for_intr_signals(), and wc_linuxkm_relax_long_loop().
* fix WC_CONTAINERIZE_THIS macro wrappers for wc_linuxkm_sig_ignore_begin() and wc_linuxkm_sig_ignore_end() (stray semicolons).

linuxkm/linuxkm_wc_port.h, linuxkm/lkcapi_sha_glue.c, linuxkm/module_hooks.c: add wc_linuxkm_can_block(), and refactor ad hoc `preempt_count() != 0` checks for sleep safety as calls to wc_linuxkm_can_block().

linuxkm/module_hooks.c: fix wc_linuxkm_malloc_usable_size() implementation for kvmalloc() compatibility.
2026-06-03 18:18:31 -05:00
Daniel Pouzzner df9f3e4cf9 Merge pull request #10377 from jackctj117/DTLS13-Kernel
docs(linuxkm): document DTLS 1.3 configure flags
2026-06-03 17:58:25 -05:00
Daniel Pouzzner 3a4c2cded0 activate ECCSI and SAKKE in linuxkm:
wolfssl/wolfcrypt/settings.h: add WC_NO_GLOBAL_OBJECT_POINTERS implicitly in WC_SYM_RELOC_TABLES section of WOLFSSL_LINUXKM setup.

wolfssl/wolfcrypt/wolfmath.h, wolfcrypt/src/wolfmath.c, wolfcrypt/src/sp_int.c, wolfcrypt/src/sakke.c: when WC_NO_GLOBAL_OBJECT_POINTERS, use static local wc_off_on_addr rather than global in wolfmath.c.

wolfcrypt/src/sakke.c:
* in wc_DeriveSakkeSSV(), initialize a[] with explicit XMEMSET() rather than " = {0}", to avoid unmaskable implicit memset() emitted by compiler.
* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS()).

linuxkm/module_exports.c.template: add includes for eccsi.h and sakke.h.

configure.ac:

* tweak enable-all-crypto setup to make enable_eccsi unconditional alongside enable_fpecc;

* move enable_sakke to be conditional only on !FIPS.

* notably this activates ECCSI and SAKKE on kernel all-crypto builds.

wolfcrypt/test/test.c: WC_*_VAR*() refactors for eccsi_test() and sakke_test().
2026-05-30 15:11:36 -05:00