When scatterwalk_map fails in either the stream or non-stream path, the
code jumped to cleanup without setting err, causing the function to
return 0 (success) despite the failure. This could cause the kernel
crypto layer to treat uninitialized data as valid ciphertext/plaintext.
- Capture the error code (PTR_ERR) into err before goto out
- Fix PTR_ERR arguments that incorrectly used assoc instead of
in_map/out_map (assoc was NULL or pointed to the wrong mapping)
- Make in_map/out_map NULL assignments unconditional (previously
gated behind < 6.15, but the cleanup at out: checks these
pointers on all kernel versions)
- Remove bogus scatterwalk_unmap of a failed walk in the stream
path on >= 6.15
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).
rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.
rename lkm_printf() to wc_km_printf().
replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H
remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;
configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
handling for -DWOLFSSL_DH_GEN_PUB, and add support for
--enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
any algs that are disabled in the target kernel, and #errors if any algs or
registrations are disabled or incompatible in libwolfssl but enabled in the
target kernel (note, it does not #error for algorithms we don't currently
shim/implement);
linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
to INT_MAX to make masking impossible;
linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
respective algorithm family files, and in each family file, add
LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
corresponding algorithm is activated in the target kernel.
linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
in lkcapi_sha_glue.c:
in linuxkm_hmac_setkey_common(), ignore keylength even in FIPS modules (use
wc_HmacSetKey_ex(..., 1)) on kernel < 6.0 to work around crypto manager bug;
in wc_linuxkm_drbg_startup(), add rng workout routine using handle from
crypto_alloc_rng();
in lkcapi_*_glue.c: fix test routines to return valid wolfCrypt error codes
consistently;
in module_hooks.c, implement
* linuxkm_lkcapi_sysfs_install_node(),
* linuxkm_lkcapi_sysfs_deinstall_node(),
* FIPS_rerun_self_test_handler()
and add corresponding setup/teardown in wolfssl_init() and wolfssl_exit();
in lkcapi_glue.c:
refactor linuxkm_lkcapi_sysfs_install and linuxkm_lkcapi_sysfs_deinstall to
use the new helpers;
harden the REGISTER_ALG() and UNREGISTER_ALG() macros and the
linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() functions, and add
informational messages about number of algs registered/deregistered;
in x86_vector_register_glue.c: fix gate for irq_fpu_usable() workaround to
reflect backporting of fix in >=5.10.180 in 5.10-LTS and >=5.15.39 in 5.15-LTS
linuxkm/lkcapi_glue.c: move WOLFSSL_DEBUG_TRACE_ERROR_CODES coverage for
EINVAL/ENOMEM/EBADMSG to module_hooks.c.