diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c index 32aa241404..0b0861d1b0 100644 --- a/linuxkm/linuxkm_memory.c +++ b/linuxkm/linuxkm_memory.c @@ -122,8 +122,11 @@ static inline long find_reloc_tab_offset( * build and target host, but if we were, these macros would byte swap. * Currently, we detect and fail early on endianness conflicts. */ -#define wc_get_unaligned(v) ({ typeof(*(v)) _v_aligned; XMEMCPY((void *)&_v_aligned, (void *)(v), sizeof _v_aligned); _v_aligned; }) -#define wc_put_unaligned(v, v_out) do { typeof(v) _v = (v); XMEMCPY((void *)(v_out), (void *)&_v, sizeof(typeof(*(v_out)))); } while (0) +#define wc_get_unaligned(v) (((const struct __attribute__((packed)) { typeof(*(v)) x; } *)(v))->x) +#define wc_put_unaligned(v, v_out) do { \ + struct __attribute__((packed)) { typeof(*(v_out)) x; } *_pptr = (typeof(_pptr))(v_out); \ + _pptr->x = (v); \ +} while (0) ssize_t wc_reloc_normalize_segment( const byte *seg_in, diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 4e4bd2cd95..8c5fe90fd4 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -779,6 +779,25 @@ _Pragma("GCC diagnostic pop"); + #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0) && !defined(NO_AES) + /* with CONFIG_FORTIFY_SOURCE we've seen false positive + * maybe-uninitialized on counter in AES_GCM_encrypt_C(). This is easy + * to mitigate with a grafted-on attribute. + */ + #if FIPS_VERSION3_LT(6,0,0) + struct Aes; + WOLFSSL_LOCAL void __attribute__((nonnull(1))) GHASH(struct Aes *aes, const unsigned char* a, + unsigned int aSz, const unsigned char* c, + unsigned int cSz, unsigned char* s, unsigned int sSz); + #else + struct Gcm; + WOLFSSL_LOCAL void __attribute__((nonnull(1))) GHASH(struct Gcm *gcm, const unsigned char* a, + unsigned int aSz, const unsigned char* c, + unsigned int cSz, unsigned char* s, unsigned int sSz); + #endif + _Pragma("GCC diagnostic ignored \"-Wnonnull-compare\""); + #endif + /* avoid -Wpointer-arith, encountered when -DCONFIG_FORTIFY_SOURCE */ #undef __is_constexpr #define __is_constexpr(x) __builtin_constant_p(x) diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 2711f81f1e..68a61d9068 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -1231,15 +1231,11 @@ static int wc_linuxkm_drbg_generate(struct wc_rng_bank *ctx, continue; if (unlikely(ret == WC_NO_ERR_TRACE(RNG_FAILURE_E))) { - if (slen > 0) { - ret = -EINVAL; + if (slen > 0) break; - } - if (retried) { - ret = -EINVAL; + if (retried) break; - } retried = 1; ret = wc_rng_bank_inst_reinit(ctx, @@ -1248,20 +1244,21 @@ static int wc_linuxkm_drbg_generate(struct wc_rng_bank *ctx, WC_RNG_BANK_FLAG_CAN_WAIT); if (ret == 0) { - pr_warn("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E from wc_RNG_GenerateBlock().\n", raw_smp_processor_id()); + pr_warn_ratelimited("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E from wc_RNG_GenerateBlock().\n", raw_smp_processor_id()); continue; } else { - pr_warn_once("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.\n", raw_smp_processor_id(), ret); - ret = -EINVAL; + pr_err_ratelimited("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.\n", raw_smp_processor_id(), ret); break; } } - else { - pr_warn_once("ERROR: wc_linuxkm_drbg_generate() wc_RNG_GenerateBlock returned %d.\n",ret); - ret = -EINVAL; + else break; - } + } + + if (ret != 0) { + pr_err_ratelimited("ERROR: wc_linuxkm_drbg_generate() failing on wolfCrypt code %d.\n",ret); + ret = -EINVAL; } out: diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8223bcc8fb..1bb2ad077d 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -8194,10 +8194,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 blocks, partial; byte* h; - if (gcm == NULL) { - return; - } - h = gcm->H; XMEMSET(x, 0, WC_AES_BLOCK_SIZE); @@ -8510,10 +8506,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, byte scratch[WC_AES_BLOCK_SIZE]; word32 blocks, partial; - if (gcm == NULL) { - return; - } - XMEMSET(x, 0, WC_AES_BLOCK_SIZE); /* Hash in A, the Additional Authentication Data */ @@ -9002,10 +8994,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, byte scratch[WC_AES_BLOCK_SIZE]; word32 blocks, partial; - if (gcm == NULL) { - return; - } - XMEMSET(x, 0, WC_AES_BLOCK_SIZE); /* Hash in A, the Additional Authentication Data */ @@ -9158,10 +9146,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 blocks, partial; word64 bigH[2]; - if (gcm == NULL) { - return; - } - XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(bigH, bigH, WC_AES_BLOCK_SIZE); @@ -9475,10 +9459,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 blocks, partial; word32 bigH[4]; - if (gcm == NULL) { - return; - } - XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords(bigH, bigH, WC_AES_BLOCK_SIZE); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index e3d7637470..2271636f94 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -70,8 +70,9 @@ WOLFSSL_LOCAL void GenerateM0(Gcm* gcm); !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) WOLFSSL_LOCAL void GMULT(byte* X, byte* Y); #endif -WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, - word32 cSz, byte* s, word32 sSz); +WOLFSSL_LOCAL void WC_ARG_NOT_NULL(1) GHASH(Gcm* gcm, const byte* a, + word32 aSz, const byte* c, + word32 cSz, byte* s, word32 sSz); #endif #ifndef NO_AES