20260610-linuxkm-fenrir#10676
Conversation
…-Test Error Messages
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
…or Code to Kernel LKCAPI
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes; in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM; in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
…ating skcipher_walk Error
… in km_hmac_init Error Path
…ith Plain Assignment Instead of wc_ForceZero
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10676
Scan targets checked: linuxkm-bugs, linuxkm-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
| WC_SANITIZE_ENABLE(); | ||
| buf = 0; | ||
| } | ||
| wc_ForceZero(&buf, 0, sizeof buf); |
There was a problem hiding this comment.
🔴 [High] wc_ForceZero called with 3 arguments instead of 2 · API contract violations
wc_ForceZero is prototyped as void wc_ForceZero(void *mem, size_t len) (2 params), but it is called as wc_ForceZero(&buf, 0, sizeof buf) with 3 arguments, which fails to compile when WC_LINUXKM_RDSEED_IN_GLUE_LAYER is defined (the guarding config).
Fix: Drop the spurious 0 argument: call wc_ForceZero(&buf, sizeof buf).
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Multi-Scan Review
Modes: review + review-securityOverall recommendation: REQUEST_CHANGES
Findings: 4 total — 4 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [High] [review+review-security] wc_ForceZero() called with 3 arguments (compile error / broken entropy zeroization fix) —
linuxkm/module_hooks.c:475 - [Low] [review] Trailing comma instead of period in error message —
linuxkm/lkcapi_aes_glue.c:3643 - [Low] [review-security] km_direct_rsa_dec no longer reports required dst_len on -EINVAL path —
linuxkm/lkcapi_rsa_glue.c:799 - [Info] [review-security] x86_vector_register_glue.c allocation-failure log size argument changed —
linuxkm/x86_vector_register_glue.c:72
Review generated by Skoll
| WC_SANITIZE_ENABLE(); | ||
| buf = 0; | ||
| } | ||
| wc_ForceZero(&buf, 0, sizeof buf); |
There was a problem hiding this comment.
🔴 [High] wc_ForceZero() called with 3 arguments (compile error / broken entropy zeroization fix) · Logic
Both the review and review-security modes independently flag this. The newly added stack-entropy scrub call invokes wc_ForceZero(&buf, 0, sizeof buf) with THREE arguments, but wc_ForceZero is declared as void wc_ForceZero(void *mem, size_t len) (wolfssl/wolfcrypt/memory.h:335; defined wolfcrypt/src/memory.c:1681) and takes only TWO. The stray middle 0 looks like a memset(&buf, 0, sizeof buf) signature carried over by mistake. This is a C constraint violation that GCC reports as error: too many arguments to function 'wc_ForceZero', and under the kernel build's -Werror it fails to compile. The same file already shows the correct 2-argument form at line 523: wc_ForceZero(&rndTmp, sizeof(rndTmp));. The function IntelRDseed64_r is compiled only under WC_LINUXKM_RDSEED_IN_GLUE_LAYER (guard at module_hooks.c:413-528) with HAVE_INTEL_RDSEED/HAVE_AMD_RDSEED (e.g. FIPS v5 RDSEED-in-glue builds), which is why the PR's tested configs (which took the WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER branch at line 405) did not surface the break. Net effect: (1) the module will not build in the affected RDSEED-glue configs, and (2) the F-3294 entropy-zeroization hardening it implements is malformed. No 3-argument wc_ForceZero/ForceZero macro exists anywhere in the tree.
Fix: Drop the stray 0 argument so the call matches the 2-arg prototype: wc_ForceZero(&buf, sizeof buf);. Ideally add a CI config that defines WC_LINUXKM_RDSEED_IN_GLUE_LAYER (HAVE_INTEL_RDSEED / HAVE_AMD_RDSEED) so this path is compiled.
There was a problem hiding this comment.
Caught locally too. Fixed, to commit&push in a minute.
| pr_err("error: malloc src failed: %ld\n", | ||
| PTR_ERR(src)); | ||
| pr_err("error: malloc src failed,\n"); | ||
| ret = MEMORY_E; |
There was a problem hiding this comment.
🔵 [Low] Trailing comma instead of period in error message · style
The reworked malloc-failure message reads pr_err("error: malloc src failed,\n"); with a trailing comma, whereas the sibling messages in the same function use a period (e.g. "error: malloc dst failed.\n"). Purely cosmetic; the removal of the bogus PTR_ERR(src) (which is meaningless for a NULL malloc return) and the added ret = MEMORY_E; are correct.
Fix: Change the trailing comma to a period for consistency: pr_err("error: malloc src failed.\n");. Not blocking.
There was a problem hiding this comment.
Fixed. Typo obviously.
| @@ -793,11 +797,12 @@ static int km_direct_rsa_dec(struct akcipher_request *req) | |||
| } | |||
|
|
|||
| if (req->dst_len != (unsigned int)ctx->key_len) { | |||
There was a problem hiding this comment.
🔵 [Low] km_direct_rsa_dec no longer reports required dst_len on -EINVAL path · Logic
The diff moved req->dst_len = ctx->key_len; inside the -EOVERFLOW branch. BEFORE, req->dst_len was set to ctx->key_len for both the -EOVERFLOW (dst_len too small) and -EINVAL (dst_len == 0 or dst_len > key_len) branches. AFTER, on the -EINVAL branch req->dst_len is left unchanged. This is a behavioral change but is benign and arguably more correct: the kernel akcipher convention only requires the driver to report the needed size on -EOVERFLOW so the caller can retry; -EINVAL is a hard error. No out-of-bounds or security impact -- flagged only as a behavior-delta note.
Fix: No change required if intentional. If callers were relying on the previous behavior of always receiving key_len in req->dst_len, restore the unconditional assignment; otherwise document the deliberate change.
There was a problem hiding this comment.
This was indeed intentional for API compliance.
| @@ -72,7 +72,7 @@ WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void) | |||
| if (! wc_linuxkm_fpu_states) { | |||
There was a problem hiding this comment.
⚪ [Info] x86_vector_register_glue.c allocation-failure log size argument changed · Logic
The error message argument was changed from nr_cpu_ids * sizeof(struct fpu_state *) to nr_cpu_ids * sizeof(wc_linuxkm_fpu_states[0]), making the logged byte count track the actual element type of the allocation. This is a purely cosmetic logging accuracy improvement with no functional or security impact; noted for completeness.
Fix: No action needed; the change is correct.
linuxkm/lkcapi_aes_glue.c: fix typo in linuxkm_test_aesgcm() error message.
4 participants
Fixes for numerous "low" Fenrir issues in linuxkm/. See commit messages for the details.
tested with