Merge pull request #8702 from douzzer/20250422-linuxkm-tweaks

20250422-linuxkm-tweaks

Author: philljj

.wolfssl_known_macro_extras

@@ -592,7 +592,6 @@ WOLFSSL_ARM_ARCH_NEON_64BIT
 WOLFSSL_ASCON_UNROLL
 WOLFSSL_ASNC_CRYPT
 WOLFSSL_ASN_EXTRA
-WOLFSSL_ASN_INT_LEAD_0_ANY
 WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
 WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
 WOLFSSL_ATECC508

linuxkm/lkcapi_aes_glue.c

@@ -1204,6 +1204,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
             pr_err("%s: scatterwalk_map failed: %ld\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
                    PTR_ERR(assoc));
+            in_map = NULL;
             goto out;
         }
         assoc = in_map;
@@ -1220,6 +1221,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
             pr_err("%s: scatterwalk_map failed: %ld\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
                    PTR_ERR(assoc));
+            out_map = NULL;
             goto out;
         }
         out_text = out_map + req->assoclen;
@@ -2329,6 +2331,7 @@ static int linuxkm_test_aescbc(void)
     if (IS_ERR(tfm)) {
         pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
                WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_cbc_end;
     }
 
@@ -2355,6 +2358,7 @@ static int linuxkm_test_aescbc(void)
     if (IS_ERR(req)) {
         pr_err("error: allocating AES skcipher request %s failed\n",
                WOLFKM_AESCBC_DRIVER);
+        req = NULL;
         goto test_cbc_end;
     }
 
@@ -2538,6 +2542,7 @@ static int linuxkm_test_aescfb(void)
     if (IS_ERR(tfm)) {
         pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
                WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_cfb_end;
     }
 
@@ -2555,6 +2560,7 @@ static int linuxkm_test_aescfb(void)
     if (IS_ERR(req)) {
         pr_err("error: allocating AES skcipher request %s failed\n",
                WOLFKM_AESCFB_DRIVER);
+        req = NULL;
         goto test_cfb_end;
     }
 
@@ -2761,29 +2767,29 @@ static int linuxkm_test_aesgcm(void)
 
     /* now the kernel crypto part */
     assoc2 = malloc(sizeof(assoc));
-    if (IS_ERR(assoc2)) {
+    if (! assoc2) {
         pr_err("error: malloc failed\n");
         goto test_gcm_end;
     }
     memset(assoc2, 0, sizeof(assoc));
     memcpy(assoc2, assoc, sizeof(assoc));
 
     iv = malloc(WC_AES_BLOCK_SIZE);
-    if (IS_ERR(iv)) {
+    if (! iv) {
         pr_err("error: malloc failed\n");
         goto test_gcm_end;
     }
     memset(iv, 0, WC_AES_BLOCK_SIZE);
     memcpy(iv, ivstr, GCM_NONCE_MID_SZ);
 
     enc2 = malloc(decryptLen);
-    if (IS_ERR(enc2)) {
+    if (! enc2) {
         pr_err("error: malloc failed\n");
         goto test_gcm_end;
     }
 
     dec2 = malloc(decryptLen);
-    if (IS_ERR(dec2)) {
+    if (! dec2) {
         pr_err("error: malloc failed\n");
         goto test_gcm_end;
     }
@@ -2796,6 +2802,7 @@ static int linuxkm_test_aesgcm(void)
     if (IS_ERR(tfm)) {
         pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
                WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_gcm_end;
     }
 
@@ -2819,15 +2826,23 @@ static int linuxkm_test_aesgcm(void)
     if (IS_ERR(req)) {
         pr_err("error: allocating AES aead request %s failed: %ld\n",
                WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
+        req = NULL;
         goto test_gcm_end;
     }
 
     src = malloc(sizeof(struct scatterlist) * 2);
+
+    if (! src) {
+        pr_err("error: malloc src failed: %ld\n",
+               PTR_ERR(src));
+        goto test_gcm_end;
+    }
+
     dst = malloc(sizeof(struct scatterlist) * 2);
 
-    if (IS_ERR(src) || IS_ERR(dst)) {
-        pr_err("error: malloc src or dst failed: %ld, %ld\n",
-               PTR_ERR(src), PTR_ERR(dst));
+    if (! dst) {
+        pr_err("error: malloc dst failed: %ld\n",
+               PTR_ERR(dst));
         goto test_gcm_end;
     }
 
@@ -3367,6 +3382,7 @@ static int aes_xts_128_test(void)
         ret = PTR_ERR(tfm);
         pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
                WOLFKM_AESXTS_DRIVER, ret);
+        tfm = NULL;
         goto test_xts_end;
     }
 
@@ -3404,6 +3420,7 @@ static int aes_xts_128_test(void)
         ret = PTR_ERR(req);
         pr_err("error: allocating AES skcipher request %s failed: %d\n",
                WOLFKM_AESXTS_DRIVER, ret);
+        req = NULL;
         goto test_xts_end;
     }
 
@@ -3847,6 +3864,7 @@ static int aes_xts_256_test(void)
         ret = PTR_ERR(tfm);
         pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
                WOLFKM_AESXTS_DRIVER, ret);
+        tfm = NULL;
         goto test_xts_end;
     }
 
@@ -3883,6 +3901,7 @@ static int aes_xts_256_test(void)
         ret = PTR_ERR(req);
         pr_err("error: allocating AES skcipher request %s failed: %d\n",
                WOLFKM_AESXTS_DRIVER, ret);
+        req = NULL;
         goto test_xts_end;
     }
 

linuxkm/lkcapi_ecdh_glue.c

@@ -804,13 +804,15 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating kpp algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_ecdh_nist_end;
     }
 
     req = kpp_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating kpp request %s failed\n",
                driver);
+        req = NULL;
         goto test_ecdh_nist_end;
     }
 

linuxkm/lkcapi_ecdsa_glue.c

@@ -679,13 +679,15 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_ecdsa_nist_end;
     }
 
     req = akcipher_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating akcipher request %s failed\n",
                driver);
+        req = NULL;
         goto test_ecdsa_nist_end;
     }
 

linuxkm/lkcapi_rsa_glue.c

@@ -180,25 +180,32 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid)
 
     ctx->key = (RsaKey *)malloc(sizeof(RsaKey));
     if (!ctx->key) {
-        return -ENOMEM;
+        ret = -ENOMEM;
+        goto out;
     }
 
     ret = wc_InitRng(&ctx->rng);
     if (ret) {
         pr_err("%s: init rng returned: %d\n", WOLFKM_RSA_DRIVER, ret);
-        return -ENOMEM;
+        if (ret == WC_NO_ERR_TRACE(MEMORY_E))
+            ret = -ENOMEM;
+        else
+            ret = -EINVAL;
+        goto out;
     }
 
     ret = wc_InitRsaKey(ctx->key, NULL);
     if (ret) {
         pr_err("%s: init rsa key returned: %d\n", WOLFKM_RSA_DRIVER, ret);
-        return -ENOMEM;
+        ret = -EINVAL;
+        goto out;
     }
 
     #ifdef WC_RSA_BLINDING
     ret = wc_RsaSetRNG(ctx->key, &ctx->rng);
     if (ret) {
-        return -ENOMEM;
+        ret = -EINVAL;
+        goto out;
     }
     #endif /* WC_RSA_BLINDING */
 
@@ -221,13 +228,25 @@ static int km_rsa_init(struct crypto_akcipher *tfm, int hash_oid)
     default:
         pr_err("%s: init: unhandled hash_oid: %d\n", WOLFKM_RSA_DRIVER,
                hash_oid);
-        return -ENOMEM;
+        ret = -EINVAL;
+        goto out;
     }
 
     #ifdef WOLFKM_DEBUG_RSA
     pr_info("info: exiting km_rsa_init: hash_oid %d\n", ctx->hash_oid);
     #endif /* WOLFKM_DEBUG_RSA */
-    return 0;
+
+out:
+
+    if (ret != 0) {
+        if (ctx->key) {
+            free(ctx->key);
+            ctx->key = NULL;
+        }
+        wc_FreeRng(&ctx->rng);
+    }
+
+    return ret;
 }
 
 #if defined(LINUXKM_DIRECT_RSA)
@@ -1260,13 +1279,15 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits)
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_rsa_end;
     }
 
     req = akcipher_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating akcipher request %s failed\n",
                driver);
+        req = NULL;
         goto test_rsa_end;
     }
 
@@ -1609,13 +1630,15 @@ static int linuxkm_test_pkcs1_driver(const char * driver, int nbits,
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
                driver, PTR_ERR(tfm));
+        tfm = NULL;
         goto test_pkcs1_end;
     }
 
     req = akcipher_request_alloc(tfm, GFP_KERNEL);
     if (IS_ERR(req)) {
         pr_err("error: allocating akcipher request %s failed\n",
                driver);
+        req = NULL;
         goto test_pkcs1_end;
     }
 

linuxkm/module_hooks.c

@@ -110,9 +110,6 @@ static void lkmFipsCb(int ok, int err, const char* hash)
 #endif
 
 #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
-#ifndef CONFIG_MODULE_SIG
-#error WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE requires a CONFIG_MODULE_SIG kernel.
-#endif
 static int updateFipsHash(void);
 #endif
 
@@ -137,10 +134,12 @@ static int wolfssl_init(void)
     int ret;
 
 #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
+#ifdef CONFIG_MODULE_SIG
     if (THIS_MODULE->sig_ok == false) {
         pr_err("wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n");
         return -ECANCELED;
     }
+#endif
     ret = updateFipsHash();
     if (ret < 0) {
         pr_err("wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret));

wolfcrypt/src/memory.c

@@ -1754,7 +1754,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
     }
     (void)lrand48_r(&wc_svr_fuzzing_state, &result);
     if (result & 1)
-        return IO_FAILED_E;
+        return WC_NO_ERR_TRACE(IO_FAILED_E);
     else
         return 0;
 }
@@ -1794,7 +1794,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
 
     balance_bit = !balance_bit;
 
-    return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
+    return ((prn & 1) ^ balance_bit) ? WC_NO_ERR_TRACE(IO_FAILED_E) : 0;
 }
 
 #endif /* !HAVE_THREAD_LS */

wolfssl/wolfcrypt/settings.h

@@ -3674,6 +3674,13 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_MIN_AUTH_TAG_SZ
     #define WOLFSSL_MIN_AUTH_TAG_SZ 4
 
+    #if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY)
+        /* kernel 5.10 crypto manager tests key(s) that fail unless leading
+         * bytes are tolerated in GetASN_Integer().
+         */
+        #define WOLFSSL_ASN_INT_LEAD_0_ANY
+    #endif
+
     #ifdef CONFIG_KASAN
         #ifndef WC_SANITIZE_DISABLE
             #define WC_SANITIZE_DISABLE() kasan_disable_current()