Skip to content

Commit 6b9949e

Browse files
authored
Merge pull request #10676 from douzzer/20260610-linuxkm-fenrir
20260610-linuxkm-fenrir
2 parents f42a698 + 4d77baf commit 6b9949e

9 files changed

Lines changed: 281 additions & 158 deletions

linuxkm/lkcapi_aes_glue.c

Lines changed: 65 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1129,15 +1129,16 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
11291129
tfm = crypto_aead_reqtfm(req);
11301130
ctx = crypto_aead_ctx(tfm);
11311131

1132+
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1133+
((word64)req->assoclen + (word64)req->cryptlen))
1134+
{
1135+
return -EOVERFLOW;
1136+
}
1137+
11321138
if (decrypt_p) {
11331139
/* Copy out original auth tag from req->src. */
11341140
if (req->cryptlen < tfm->authsize)
11351141
return -EINVAL;
1136-
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1137-
((word64)req->assoclen + (word64)req->cryptlen))
1138-
{
1139-
return -EOVERFLOW;
1140-
}
11411142
scatterwalk_map_and_copy(authTag, req->src,
11421143
req->assoclen + req->cryptlen - tfm->authsize,
11431144
tfm->authsize, 0);
@@ -1355,15 +1356,16 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
13551356
tfm = crypto_aead_reqtfm(req);
13561357
ctx = crypto_aead_ctx(tfm);
13571358

1359+
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1360+
((word64)req->assoclen + (word64)req->cryptlen))
1361+
{
1362+
return -EOVERFLOW;
1363+
}
1364+
13581365
if (decrypt_p) {
13591366
/* Copy out original auth tag from req->src. */
13601367
if (req->cryptlen < tfm->authsize)
13611368
return -EINVAL;
1362-
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1363-
((word64)req->assoclen + (word64)req->cryptlen))
1364-
{
1365-
return -EOVERFLOW;
1366-
}
13671369
scatterwalk_map_and_copy(authTag, req->src,
13681370
req->assoclen + req->cryptlen - tfm->authsize,
13691371
tfm->authsize, 0);
@@ -1378,7 +1380,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
13781380
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
13791381
decrypt_p ? "skcipher_walk_aead_decrypt" : "skcipher_walk_aead_encrypt",
13801382
err);
1381-
return -EINVAL;
1383+
return err;
13821384
}
13831385

13841386
err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
@@ -1513,6 +1515,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
15131515
out:
15141516

15151517
if (sg_buf) {
1518+
ForceZero(sg_buf, req->assoclen + req->cryptlen);
15161519
free(sg_buf);
15171520
}
15181521
else {
@@ -1835,15 +1838,16 @@ static int AesCcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4309_p)
18351838
tfm = crypto_aead_reqtfm(req);
18361839
ctx = crypto_aead_ctx(tfm);
18371840

1841+
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1842+
((word64)req->assoclen + (word64)req->cryptlen))
1843+
{
1844+
return -EOVERFLOW;
1845+
}
1846+
18381847
if (decrypt_p) {
18391848
/* Copy out the original auth tag from req->src. */
18401849
if (req->cryptlen < tfm->authsize)
18411850
return -EINVAL;
1842-
if (((word32)req->assoclen + (word32)req->cryptlen) !=
1843-
((word64)req->assoclen + (word64)req->cryptlen))
1844-
{
1845-
return -EOVERFLOW;
1846-
}
18471851
scatterwalk_map_and_copy(authTag, req->src,
18481852
req->assoclen + req->cryptlen - tfm->authsize,
18491853
tfm->authsize, 0);
@@ -2006,6 +2010,7 @@ static int AesCcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4309_p)
20062010
out:
20072011

20082012
if (sg_buf) {
2013+
ForceZero(sg_buf, req->assoclen + req->cryptlen);
20092014
free(sg_buf);
20102015
}
20112016
else {
@@ -2312,6 +2317,11 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
23122317
err = skcipher_walk_done(&walk, 0);
23132318
} else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
23142319
err = wc_AesXtsEncryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
2320+
if (unlikely(err)) {
2321+
pr_err("%s: wc_AesXtsEncryptFinal failed: %d\n",
2322+
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
2323+
err = -EINVAL;
2324+
}
23152325
}
23162326
}
23172327

@@ -2458,6 +2468,11 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
24582468
err = skcipher_walk_done(&walk, 0);
24592469
} else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
24602470
err = wc_AesXtsDecryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
2471+
if (unlikely(err)) {
2472+
pr_err("%s: wc_AesXtsDecryptFinal failed: %d\n",
2473+
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
2474+
err = -EINVAL;
2475+
}
24612476
}
24622477
}
24632478

@@ -3099,12 +3114,14 @@ static int linuxkm_test_aescbc(void)
30993114
enc2 = malloc(sizeof(p_vector));
31003115
if (!enc2) {
31013116
pr_err("error: malloc failed\n");
3117+
ret = MEMORY_E;
31023118
goto test_cbc_end;
31033119
}
31043120

31053121
dec2 = malloc(sizeof(p_vector));
31063122
if (!dec2) {
31073123
pr_err("error: malloc failed\n");
3124+
ret = MEMORY_E;
31083125
goto test_cbc_end;
31093126
}
31103127

@@ -3140,7 +3157,7 @@ static int linuxkm_test_aescbc(void)
31403157
req = skcipher_request_alloc(tfm, GFP_KERNEL);
31413158
if (! req) {
31423159
ret = -ENOMEM;
3143-
pr_err("error: allocating AES skcipher request %s failed\n",
3160+
pr_err("error: allocating AES skcipher request %s failed.\n",
31443161
WOLFKM_AESCBC_DRIVER);
31453162
goto test_cbc_end;
31463163
}
@@ -3310,12 +3327,14 @@ static int linuxkm_test_aescfb(void)
33103327
enc2 = malloc(sizeof(p_vector));
33113328
if (!enc2) {
33123329
pr_err("error: malloc failed\n");
3330+
ret = MEMORY_E;
33133331
goto test_cfb_end;
33143332
}
33153333

33163334
dec2 = malloc(sizeof(p_vector));
33173335
if (!dec2) {
33183336
pr_err("error: malloc failed\n");
3337+
ret = MEMORY_E;
33193338
goto test_cfb_end;
33203339
}
33213340

@@ -3342,7 +3361,7 @@ static int linuxkm_test_aescfb(void)
33423361
req = skcipher_request_alloc(tfm, GFP_KERNEL);
33433362
if (! req) {
33443363
ret = -ENOMEM;
3345-
pr_err("error: allocating AES skcipher request %s failed\n",
3364+
pr_err("error: allocating AES skcipher request %s failed.\n",
33463365
WOLFKM_AESCFB_DRIVER);
33473366
goto test_cfb_end;
33483367
}
@@ -3552,6 +3571,7 @@ static int linuxkm_test_aesgcm(void)
35523571
assoc2 = malloc(sizeof(assoc));
35533572
if (! assoc2) {
35543573
pr_err("error: malloc failed\n");
3574+
ret = MEMORY_E;
35553575
goto test_gcm_end;
35563576
}
35573577
memset(assoc2, 0, sizeof(assoc));
@@ -3560,6 +3580,7 @@ static int linuxkm_test_aesgcm(void)
35603580
iv = malloc(WC_AES_BLOCK_SIZE);
35613581
if (! iv) {
35623582
pr_err("error: malloc failed\n");
3583+
ret = MEMORY_E;
35633584
goto test_gcm_end;
35643585
}
35653586
memset(iv, 0, WC_AES_BLOCK_SIZE);
@@ -3568,12 +3589,14 @@ static int linuxkm_test_aesgcm(void)
35683589
enc2 = malloc(decryptLen);
35693590
if (! enc2) {
35703591
pr_err("error: malloc failed\n");
3592+
ret = MEMORY_E;
35713593
goto test_gcm_end;
35723594
}
35733595

35743596
dec2 = malloc(decryptLen);
35753597
if (! dec2) {
35763598
pr_err("error: malloc failed\n");
3599+
ret = MEMORY_E;
35773600
goto test_gcm_end;
35783601
}
35793602

@@ -3608,24 +3631,24 @@ static int linuxkm_test_aesgcm(void)
36083631
req = aead_request_alloc(tfm, GFP_KERNEL);
36093632
if (! req) {
36103633
ret = -ENOMEM;
3611-
pr_err("error: allocating AES aead request %s failed: %ld\n",
3612-
WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
3634+
pr_err("error: allocating AES aead request %s failed.\n",
3635+
WOLFKM_AESCBC_DRIVER);
36133636
goto test_gcm_end;
36143637
}
36153638

36163639
src = malloc(sizeof(struct scatterlist) * 2);
36173640

36183641
if (! src) {
3619-
pr_err("error: malloc src failed: %ld\n",
3620-
PTR_ERR(src));
3642+
pr_err("error: malloc src failed.\n");
3643+
ret = MEMORY_E;
36213644
goto test_gcm_end;
36223645
}
36233646

36243647
dst = malloc(sizeof(struct scatterlist) * 2);
36253648

36263649
if (! dst) {
3627-
pr_err("error: malloc dst failed: %ld\n",
3628-
PTR_ERR(dst));
3650+
pr_err("error: malloc dst failed.\n");
3651+
ret = MEMORY_E;
36293652
goto test_gcm_end;
36303653
}
36313654

@@ -4511,11 +4534,27 @@ static int aes_xts_256_test(void)
45114534
goto out;
45124535
}
45134536

4537+
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
4538+
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
4539+
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
4540+
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
4541+
if (ret != 0)
4542+
goto out;
4543+
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
4544+
ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
4545+
goto out;
4546+
}
4547+
#endif
4548+
45144549
/* partial block encryption test */
45154550
XMEMSET(cipher, 0, AES_XTS_256_TEST_BUF_SIZ);
45164551
ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
45174552
if (ret != 0)
45184553
goto out;
4554+
if (XMEMCMP(cp, cipher, sizeof(cp))) {
4555+
ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
4556+
goto out;
4557+
}
45194558

45204559
/* partial block decrypt test */
45214560
XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
@@ -4705,8 +4744,8 @@ static int aes_xts_256_test(void)
47054744
req = skcipher_request_alloc(tfm, GFP_KERNEL);
47064745
if (! req) {
47074746
ret = -ENOMEM;
4708-
pr_err("error: allocating AES skcipher request %s failed: %d\n",
4709-
WOLFKM_AESXTS_DRIVER, ret);
4747+
pr_err("error: allocating AES skcipher request %s failed.\n",
4748+
WOLFKM_AESXTS_DRIVER);
47104749
goto test_xts_end;
47114750
}
47124751

linuxkm/lkcapi_dh_glue.c

Lines changed: 27 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -562,6 +562,9 @@ static int km_dh_set_secret(struct crypto_kpp *tfm, const void *buf,
562562
ctx->has_pub_key = 0;
563563
dh_secret_end:
564564

565+
if (err != 0)
566+
km_dh_reset_ctx(ctx);
567+
565568
#ifdef WOLFKM_DEBUG_DH
566569
pr_info("info: exiting km_dh_set_secret\n");
567570
#endif /* WOLFKM_DEBUG_DH */
@@ -754,6 +757,7 @@ static int km_ffdhe_init(struct crypto_kpp *tfm, int name, word32 nbits)
754757
{
755758
struct km_dh_ctx * ctx = NULL;
756759
int err = 0;
760+
int key_inited = 0;
757761

758762
ctx = kpp_tfm_ctx(tfm);
759763
memset(ctx, 0, sizeof(struct km_dh_ctx));
@@ -770,35 +774,48 @@ static int km_ffdhe_init(struct crypto_kpp *tfm, int name, word32 nbits)
770774

771775
ctx->key = (DhKey *)malloc(sizeof(DhKey));
772776
if (!ctx->key) {
773-
return -ENOMEM;
777+
err = -ENOMEM;
778+
goto out;
774779
}
775780

776781
err = wc_InitDhKey(ctx->key);
777782
if (err < 0) {
778-
free(ctx->key);
779-
ctx->key = NULL;
780-
return -ENOMEM;
783+
err = -ENOMEM;
784+
goto out;
781785
}
782786

787+
key_inited = 1;
788+
783789
if (ctx->name) {
784790
err = wc_DhSetNamedKey(ctx->key, ctx->name);
785791
if (err) {
786792
#ifdef WOLFKM_DEBUG_DH
787793
pr_err("%s: wc_DhSetNamedKey returned: %d\n", WOLFKM_DH_DRIVER,
788794
err);
789795
#endif /* WOLFKM_DEBUG_DH */
790-
wc_FreeDhKey(ctx->key);
791-
free(ctx->key);
792-
ctx->key = NULL;
793-
return -ENOMEM;
796+
err = -ENOMEM;
797+
goto out;
794798
}
795799
}
796800

797801
#ifdef WOLFKM_DEBUG_DH
798802
pr_info("info: exiting km_dh_init: name %d, nbits %d\n",
799803
ctx->name, ctx->nbits);
800804
#endif /* WOLFKM_DEBUG_DH */
801-
return 0;
805+
806+
out:
807+
808+
if (err != 0) {
809+
if (ctx->key) {
810+
if (key_inited)
811+
wc_FreeDhKey(ctx->key);
812+
free(ctx->key);
813+
ctx->key = NULL;
814+
}
815+
wc_FreeRng(&ctx->rng);
816+
}
817+
818+
return err;
802819
}
803820

804821
#ifdef LINUXKM_DH
@@ -2888,7 +2905,7 @@ static int linuxkm_test_kpp_driver(const char * driver,
28882905

28892906
req = kpp_request_alloc(tfm, GFP_KERNEL);
28902907
if (! req) {
2891-
test_rc = -ENOMEM;
2908+
test_rc = MEMORY_E;
28922909
pr_err("error: allocating kpp request %s failed\n",
28932910
driver);
28942911
goto test_kpp_end;

0 commit comments

Comments
 (0)