20260615-linuxkm-fixes

linuxkm/linuxkm_memory.c

@@ -122,8 +122,11 @@ static inline long find_reloc_tab_offset(
  * build and target host, but if we were, these macros would byte swap.
  * Currently, we detect and fail early on endianness conflicts.
  */
-#define wc_get_unaligned(v) ({ typeof(*(v)) _v_aligned; XMEMCPY((void *)&_v_aligned, (void *)(v), sizeof _v_aligned); _v_aligned; })
-#define wc_put_unaligned(v, v_out) do { typeof(v) _v = (v); XMEMCPY((void *)(v_out), (void *)&_v, sizeof(typeof(*(v_out)))); } while (0)
+#define wc_get_unaligned(v) (((const struct __attribute__((packed)) { typeof(*(v)) x; } *)(v))->x)
+#define wc_put_unaligned(v, v_out) do {                                                     \
+    struct __attribute__((packed)) { typeof(*(v_out)) x; } *_pptr = (typeof(_pptr))(v_out); \
+    _pptr->x = (v);                                                                         \
+} while (0)
 
 ssize_t wc_reloc_normalize_segment(
     const byte *seg_in,

linuxkm/linuxkm_wc_port.h

@@ -779,6 +779,25 @@
 
     _Pragma("GCC diagnostic pop");
 
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0) && !defined(NO_AES)
+        /* with CONFIG_FORTIFY_SOURCE we've seen false positive
+         * maybe-uninitialized on counter in AES_GCM_encrypt_C().  This is easy
+         * to mitigate with a grafted-on attribute.
+         */
+        #if FIPS_VERSION3_LT(6,0,0)
+            struct Aes;
+            WOLFSSL_LOCAL void __attribute__((nonnull(1))) GHASH(struct Aes *aes, const unsigned char* a,
+                                            unsigned int aSz, const unsigned char* c,
+                                            unsigned int cSz, unsigned char* s, unsigned int sSz);
+        #else
+            struct Gcm;
+            WOLFSSL_LOCAL void __attribute__((nonnull(1))) GHASH(struct Gcm *gcm, const unsigned char* a,
+                                            unsigned int aSz, const unsigned char* c,
+                                            unsigned int cSz, unsigned char* s, unsigned int sSz);
+        #endif
+        _Pragma("GCC diagnostic ignored \"-Wnonnull-compare\"");
+    #endif
+
     /* avoid -Wpointer-arith, encountered when -DCONFIG_FORTIFY_SOURCE */
     #undef __is_constexpr
     #define __is_constexpr(x) __builtin_constant_p(x)

linuxkm/lkcapi_sha_glue.c

@@ -1231,15 +1231,11 @@ static int wc_linuxkm_drbg_generate(struct wc_rng_bank *ctx,
             continue;
 
         if (unlikely(ret == WC_NO_ERR_TRACE(RNG_FAILURE_E))) {
-            if (slen > 0) {
-                ret = -EINVAL;
+            if (slen > 0)
                 break;
-            }
 
-            if (retried) {
-                ret = -EINVAL;
+            if (retried)
                 break;
-            }
             retried = 1;
 
             ret = wc_rng_bank_inst_reinit(ctx,
@@ -1248,20 +1244,21 @@ static int wc_linuxkm_drbg_generate(struct wc_rng_bank *ctx,
                                           WC_RNG_BANK_FLAG_CAN_WAIT);
 
             if (ret == 0) {
-                pr_warn("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E from wc_RNG_GenerateBlock().\n", raw_smp_processor_id());
+                pr_warn_ratelimited("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E from wc_RNG_GenerateBlock().\n", raw_smp_processor_id());
                 continue;
             }
             else {
-                pr_warn_once("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.\n", raw_smp_processor_id(), ret);
-                ret = -EINVAL;
+                pr_err_ratelimited("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.\n", raw_smp_processor_id(), ret);
                 break;
             }
         }
-        else {
-            pr_warn_once("ERROR: wc_linuxkm_drbg_generate() wc_RNG_GenerateBlock returned %d.\n",ret);
-            ret = -EINVAL;
+        else
             break;
-        }
+    }
+
+    if (ret != 0) {
+        pr_err_ratelimited("ERROR: wc_linuxkm_drbg_generate() failing on wolfCrypt code %d.\n",ret);
+        ret = -EINVAL;
     }
 
 out:

wolfcrypt/src/aes.c

@@ -8194,10 +8194,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 blocks, partial;
     byte* h;
 
-    if (gcm == NULL) {
-        return;
-    }
-
     h = gcm->H;
     XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
@@ -8510,10 +8506,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
-    if (gcm == NULL) {
-        return;
-    }
-
     XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
@@ -9002,10 +8994,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
-    if (gcm == NULL) {
-        return;
-    }
-
     XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
@@ -9158,10 +9146,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 blocks, partial;
     word64 bigH[2];
 
-    if (gcm == NULL) {
-        return;
-    }
-
     XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
         ByteReverseWords64(bigH, bigH, WC_AES_BLOCK_SIZE);
@@ -9475,10 +9459,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 blocks, partial;
     word32 bigH[4];
 
-    if (gcm == NULL) {
-        return;
-    }
-
     XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
         ByteReverseWords(bigH, bigH, WC_AES_BLOCK_SIZE);

wolfssl/wolfcrypt/aes.h

@@ -70,8 +70,9 @@ WOLFSSL_LOCAL void GenerateM0(Gcm* gcm);
     !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
 WOLFSSL_LOCAL void GMULT(byte* X, byte* Y);
 #endif
-WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
-                         word32 cSz, byte* s, word32 sSz);
+WOLFSSL_LOCAL void WC_ARG_NOT_NULL(1) GHASH(Gcm* gcm, const byte* a,
+                                            word32 aSz, const byte* c,
+                                            word32 cSz, byte* s, word32 sSz);
 #endif
 
 #ifndef NO_AES