Commit Graph

42 Commits

Author SHA1 Message Date
philljj 3fa342a76c Merge pull request #10812 from douzzer/20260629-linuxkm-fixes
20260629-linuxkm-fixes
2026-06-30 13:36:04 -05:00
Daniel Pouzzner 6560777d05 linuxkm/linuxkm_wc_port.h: fix F-6395 "WC_LINUXKM_ROUND_UP_P_OF_2(1) invokes undefined behavior via __builtin_clzl(0)".
linuxkm/lkcapi_rsa_glue.c: fix F-6120 "RSA PKCS#1 verify paths omit the digest-encode bounds check present in the sign paths (potential heap overflow with sub-default RSA key sizes)".
2026-06-29 19:09:20 -05:00
Daniel Pouzzner 262b0ed3b8 tweaks for linuxkm targeting clang-built kernels:
linuxkm/: when logging PTR_ERR(), cast it to int, and use "%d" as the format.  Globally, `#define PTR_ERR(x) ((int)PTR_ERR(x))` in linuxkm_wc_port.h to fix clang warnings on kernel headers.

linuxkm/lkcapi_aes_glue.c: add casts in linuxkm_test_aesgcm() to mollify clang.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c:
* add __clang__ compat code to allow including clang stdatomic.h while masking out kernel-incompatible __CLANG_STDINT_H.
* add clang-specific suppressions for kernel headers (-Wshorten-64-to-32, -Wframe-address).

linuxkm/lkcapi_sha_glue.c:
* in wc__get_random_bytes(), add bounds-checking for len.
* in wc_extract_crng_user(), fix type conflicts.

wolfssl/wolfcrypt/wc_port.h and wolfssl/wolfcrypt/types.h:
* move the old-FIPS compatibility mapping from INLINE to WC_INLINE from types.h to wc_port.h.
* activate stdatomic.h for clang kernel module builds.

linuxkm/Kbuild:
* add clang-specific flags.
* add gcc gate around gcc-specific flags.
* allow override value for MAX_STACK_FRAME_SIZE.

wolfcrypt/src/asn.c: add casts in GetFormattedTime_ex() to mollify clang build of linuxkm.
2026-06-27 14:48:17 -05:00
Daniel Pouzzner 5aad1447b6 fix F-1236: Copy-Paste Error in #endif Comment: AESCBC Instead of AESCFB Info Assigned
fix F-3291: Copy-paste error in linuxkm_test_aesgcm error message uses WOLFKM_AESCBC_DRIVER
fix F-1431: AES-GCM RFC4106 SetKey Uses memcpy Instead of XMEMCPY for Nonce Copy

(note, for F-1431, changed all relevant memset() and memcpy() calls in linuxkm/ to XMEMSET() and XMEMCPY() respectively.)
2026-06-15 12:28:23 -05:00
Daniel Pouzzner 1b22e4b502 fix F-4409: Integer Overflow in PKCS1 Sign Length Check Allows Heap Buffer Overflow 2026-06-12 18:14:55 -05:00
Daniel Pouzzner c071c29eca fixes for Skoll-flagged linuxkm/ flubs in #10658:
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes;

in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM;

in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
2026-06-12 18:14:53 -05:00
Daniel Pouzzner 85091c7d06 fix F-676: Missing ForceZero on RSA Decrypted Plaintext Buffer
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
2026-06-12 18:14:50 -05:00
Daniel Pouzzner 21a57cf003 Fixes for Fenrir items:
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure
F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard
F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
2026-06-12 18:14:50 -05:00
Daniel Pouzzner f48efe5bfc fix F-705: Missing wc_RsaSetRNG in sig_alg km_pkcs1_set_pub After Key Re-Init 2026-06-12 18:14:49 -05:00
Daniel Pouzzner e98a03b80e fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len 2026-06-10 17:28:06 -05:00
Daniel Pouzzner da1b7fe236 fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification 2026-06-10 17:28:05 -05:00
Daniel Pouzzner ad98438baa fixes for
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 19a9670aaa fix F-1234: IS_ERR Used on NULL-Returning Kernel Crypto Request Allocation Functions. 2026-06-10 17:28:05 -05:00
Daniel Pouzzner 3121c55e4e linuxkm on x86: global refactor across PK implementations of sp-asm vector register preservation, including removal of all residual can't-fail vector paths in PK algs.
wolfcrypt/src/sp_x86_64.c:

* fix ASSERT_SAVED_VECTOR_REGISTERS() in C wrappers: add where missing for implementations that use AVX2, and remove frivolous checks for ones that don't.

* refactor vector save-restore with a single locally tracked save in sp_RsaPublic_#(), sp_RsaPrivate_#(), sp_ecc_mulmod_add_#(), sp_ecc_mulmod_base_add_#(), sp_ecc_make_key_#(), and sp_#_calc_s_#().

* fix feature test in sp_ModExp_Fp_star_1024(), sp_Pairing_1024(), and sp_Pairing_gen_precomp_1024(), to properly gate on IS_INTEL_AVX2(cpuid_flags) and SAVE_VECTOR_REGISTERS2() == 0.

wolfcrypt/src/{dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sp_int.c}:

* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS());

* add explicit WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() to the lengthy loops in wc_DhGenerateParams(), wc_MakeDsaParameters(), ecc_sign_hash_sw(), and wc_MakeRsaKey().

wolfssl/wolfcrypt/{error-crypt.h,logging.h,memory.h}:

* make wc_backtrace_render() and wc_backtrace_set_fp() available whenever defined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES);

* add support for DEBUG_VECTOR_REGISTERS_BACKTRACE_ON_FAIL, activating backtraces on vector register errors.

* also improve the debugging format from the DEBUG_VECTOR_REGISTER_ACCESS variants of SAVE_VECTOR_REGISTERS() and friends.

linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa}_glue.c: harmonize PK driver names with AES, SHA, and DRBG, notably adding AVX2 annotation when enabled.

wolfcrypt/src/{sp_x86_64_asm.S,sp_x86_64_asm.asm}: synchronize with wolfssl/scripts#581 (removes SSE2 implementations of sp_#_get_from_table_#(), which no longer have users).
2026-05-30 15:11:15 -05:00
Daniel Pouzzner 559b207506 linuxkm/lkcapi_*.c and linuxkm/module_hooks.c: add missing linefeed characters in format args to pr_*(), for proper line flushing. 2026-04-28 17:38:22 -05:00
Daniel Pouzzner 52d5d0a940 linuxkm/, wolfcrypt/src/dh.c, wolfcrypt/test/test.c, wolfcrypt/test/test.h, wolfssl/wolfcrypt/wc_port.h:
fixes and workarounds for clang-tidy complaints:
  * clang-diagnostic-unknown-warning-option
  * bugprone-sizeof-expression
  * clang-diagnostic-error "address argument to atomic operation must be a pointer to a trivially-copyable type"
  * bugprone-macro-parentheses
  * clang-diagnostic-unused-but-set-variable
  * readability-redundant-declaration
2026-03-26 15:41:47 -05:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Daniel Pouzzner b2199e9862 linuxkm/{lkcapi_dh_glue.c,lkcapi_ecdh_glue.c,lkcapi_rsa_glue.c}: use LKCAPI_INITRNG() rather than wc_InitRng(), and remove calls to LKCAPI_INITRNG_FOR_SELFTEST(). also, in km_rsa_ctx_init_rng(), recognize WC_DRBG_BANKREF as a usable RNG status. 2026-01-07 22:54:07 -06:00
Sameeh Jubran d27c04bbca linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops
RHEL9 kernels (9.6+) disable RSA signing and decryption in the kernel
crypto API for security reasons (CVE-2023-6240). The kernel forcibly
overwrites akcipher sign/decrypt callbacks to return -ENOSYS, regardless
of what the driver provides.

Commit 3709c35c in the RHEL kernel:
"crypto: akcipher - Disable signing and decryption"

This affects our self-tests which call crypto_akcipher_sign() and
crypto_akcipher_decrypt(). On RHEL9, these operations return -ENOSYS
even though our driver correctly implements them.

Add compile-time checks for RHEL_RELEASE_CODE >= 9.6 to detect this
scenario and skip the affected self-tests gracefully. The tests pass
since the algorithms are registered correctly; the kernel simply
refuses to execute sign/decrypt operations as a matter of policy.

Note: encrypt and verify operations are unaffected and continue to be
tested normally.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-01-05 19:42:29 +02:00
Daniel Pouzzner b087533fdf linuxkm/lkcapi_sha_glue.c:
* add drbg_init_from() and fork_default_rng(), and
* use the latter to define LKCAPI_INITRNG_FOR_SELFTEST() opportunistically (with fallback to plain wc_InitRng());

linuxkm/lkcapi_rsa_glue.c:
* add km_rsa_ctx_init_rng(),
* remove wc_InitRng() from km_rsa_ctx_init(),
* remove the WC_RSA_BLINDING gates around calls to wc_RsaSetRNG(), and
* call km_rsa_ctx_init_rng() before each call that needs an initialized RNG;

linuxkm/lkcapi_dh_glue.c and linuxkm/lkcapi_ecdh_glue.c: in km_ffdhe_init() and km_ecdh_init(), if linuxkm_lkcapi_registering_now, use LKCAPI_INITRNG_FOR_SELFTEST() to initialize ctx->rng;

linuxkm/lkcapi_glue.c: add notes that lkcapi_sha_glue inclusion and registrations must precede PK, and move declaration of linuxkm_lkcapi_registering_now to precede lkcapi glue inclusions.
2025-12-22 22:58:29 -06:00
Daniel Pouzzner 15fcf7095f linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa,aes}_glue.c: when LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG, don't "#error Config conflict" if explicit LINUXKM_LKCAPI_DONT_REGISTER_foo is defined for the missing algorithm. 2025-12-17 11:01:10 -06:00
Daniel Pouzzner aa96c352d4 add !WC_SKIP_INCLUDED_C_FILES gates in indirectly compiled files in linuxkm/, to avoid false positive unknownMacro reports from cppcheck-force-source. 2025-08-30 14:15:55 -05:00
Daniel Pouzzner 01313cc0c8 linuxkm/x86_vector_register_glue.c:
* refactor the save_vector_registers_x86() algorithm to depend directly on preempt_count(), and use local_bh_enable() and preempt_disable() directly, to mitigate glitchiness around irq_fpu_usable() and crypto_simd_usable();

* eliminate the WC_FPU_ALREADY_FLAG kludge.

* improve the error and warning messages, and add some additional checks and messages for unexpected states; add VRG_PR_ERR_X and VRG_PR_WARN_X for pr_*_once() semantics on regular builds, but unlimited messages when WOLFSSL_LINUXKM_VERBOSE_DEBUG.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:

* move the spinlock-based implementation of wc_LockMutex() from linuxkm_wc_port.h to module_hooks.c, due to numerous stuboorn direct external symbol references;

* extensively refactor the kernel header #include strategy, keeping many more superfluous headers out of __PIE__ objects, and fixing unavoidable static header functions with grafted __always_inline attributes;

* add version exceptions for RHEL 9.5.

linuxkm/Kbuild:

* on x86 with CONFIG_MITIGATION_{RETPOLINE,RETHUNK}, use inline rethunks rather than none;

* refactor check for "Error: section(s) missed by containerization." using `readelf --sections --syms`, for 100% coverage, more informative error output, and suppression of false positives on printk-related cruft;

configure.ac and linuxkm/lkcapi_sha_glue.c: use LINUXKM_LKCAPI_[DONT_]REGISTER_{SHA,HMAC}_ALL to represent --enable-linuxkm-lkcapi-register=[-]all-{sha,hmac}, which allows alg families (notably SHA1) to be masked out piecemeal;

linuxkm/lkcapi_rsa_glue.c: in linuxkm_test_pkcs1pad_driver(), mitigate unused args when LINUXKM_AKCIPHER_NO_SIGNVERIFY.
2025-07-16 13:09:03 -05:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
jordan e73fa74f14 linuxkm: misc cleanup. 2025-07-09 21:43:02 -05:00
jordan 0aacffd6a2 linuxkm rsa: retry wc_MakeRsaKey if not prime. 2025-07-09 20:55:50 -05:00
Daniel Pouzzner 6275f1f7e6 linuxkm/lkcapi_rsa_glue.c: update version threshold for the v6.16 change in crypto_sig_*size() semantics, now backported to 6.15.3. 2025-07-02 14:25:05 -05:00
jordan 1e0e4932ca linuxkm rsa: fix km_pkcs1_key_size callback. 2025-06-24 14:41:57 -05:00
jordan 0b64a5549c linuxkm rsa: fix ret value usage for crypto_sig_sign. 2025-05-29 16:22:40 -05:00
jordan da9410565d linuxkm rsa: km_pkcs1_sign should return sig_len on success. 2025-05-23 22:29:16 -05:00
jordan 402ebec3b7 linuxkm rsa: comments, cleanup work buffer useage. 2025-05-22 11:07:36 -05:00
jordan 54104887ca linuxkm rsa: clean up duplicate code. 2025-05-21 16:59:02 -05:00
jordan 8fef82cc59 linuxkm rsa: linux 6.13 support. 2025-05-21 16:07:46 -05:00
Daniel Pouzzner 629d812eb3 Merge pull request #8730 from philljj/linuxkm_pkcs1pad_more
linuxkm rsa: add more pkcs1pad sha variants
2025-05-05 16:59:29 -05:00
jordan a341333589 linuxkm rsa: additional pkcs1 sha variants. 2025-05-05 13:50:12 -05:00
Daniel Pouzzner b9b66042d7 wolfssl/wolfcrypt/dh.h: gate in wc_DhGeneratePublic() with WOLFSSL_DH_EXTRA,
adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;

configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
  handling for -DWOLFSSL_DH_GEN_PUB, and add support for
  --enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
  any algs that are disabled in the target kernel, and #errors if any algs or
  registrations are disabled or incompatible in libwolfssl but enabled in the
  target kernel (note, it does not #error for algorithms we don't currently
  shim/implement);

linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
  to INT_MAX to make masking impossible;

linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
  respective algorithm family files, and in each family file, add
  LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
  corresponding algorithm is activated in the target kernel.

linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
  wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
  when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
2025-05-05 13:17:06 -05:00
Daniel Pouzzner a18a8ced23 linuxkm/lkcapi_*_glue.c: in test harnesses, fix several out-of-order NULLing of PTR_ERR-type pointers in error paths. 2025-05-01 16:55:30 -05:00
Daniel Pouzzner 1b59bc25d1 linuxkm:
in lkcapi_sha_glue.c:

    in linuxkm_hmac_setkey_common(), ignore keylength even in FIPS modules (use
    wc_HmacSetKey_ex(..., 1)) on kernel < 6.0 to work around crypto manager bug;

    in wc_linuxkm_drbg_startup(), add rng workout routine using handle from
    crypto_alloc_rng();

  in lkcapi_*_glue.c: fix test routines to return valid wolfCrypt error codes
  consistently;

  in module_hooks.c, implement
    * linuxkm_lkcapi_sysfs_install_node(),
    * linuxkm_lkcapi_sysfs_deinstall_node(),
    * FIPS_rerun_self_test_handler()
  and add corresponding setup/teardown in wolfssl_init() and wolfssl_exit();

  in lkcapi_glue.c:

    refactor linuxkm_lkcapi_sysfs_install and linuxkm_lkcapi_sysfs_deinstall to
    use the new helpers;

    harden the REGISTER_ALG() and UNREGISTER_ALG() macros and the
    linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() functions, and add
    informational messages about number of algs registered/deregistered;

  in x86_vector_register_glue.c: fix gate for irq_fpu_usable() workaround to
  reflect backporting of fix in >=5.10.180 in 5.10-LTS and >=5.15.39 in 5.15-LTS
  linuxkm/lkcapi_glue.c: move WOLFSSL_DEBUG_TRACE_ERROR_CODES coverage for
  EINVAL/ENOMEM/EBADMSG to module_hooks.c.
2025-05-01 00:08:32 -05:00
Daniel Pouzzner d4fc8c3791 linuxkm/: null out pointers with PTR_ERR()-encoded values before jumping to cleanup;
linuxkm/lkcapi_rsa_glue.c: in km_rsa_init(), implement error-path cleanup;

linuxkm/module_hooks.c: nix CONFIG_MODULE_SIG requirement in WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE builds;

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, define WOLFSSL_ASN_INT_LEAD_0_ANY if LINUXKM_LKCAPI_REGISTER (required for kernel 5.10 crypto manager);

wolfcrypt/src/memory.c: add WC_NO_ERR_TRACE() to mock error returns in SAVE_VECTOR_REGISTERS2_fuzzer().
2025-04-22 16:44:07 -05:00
Daniel Pouzzner fe244fb41b linuxkm: clean up LKCAPI glue:
typography fixes;

static attr on const byte arrays;

refactor km_ecdsa_verify() to use a single heap allocation;

fix linuxkm_test_ecdsa_nist_driver() to copy sig and hash to a heap allocation before passing to sg_set_buf() (avoids unmapping of rodata);

in linuxkm_test_pkcs1_driver() move hash from stack to heap;

add LINUX_VERSION_CODE >= 5.4 assertion in linuxkm/lkcapi_glue.c;

streamline macro logic in linuxkm/lkcapi_sha_glue.c.
2025-04-18 18:21:57 -05:00
Daniel Pouzzner 44adc4a71d linuxkm/lkcapi_rsa_glue.c: gate LINUXKM_DIRECT_RSA directly on WC_RSA_NO_PADDING;
configure.ac: always pass -DWC_RSA_NO_PADDING for --enable-linuxkm-lkcapi-register=rsa or =all.
2025-04-17 10:38:45 -05:00
jordan ff93e6d5d4 linuxkm: register rsa. 2025-04-16 09:50:06 -05:00