1. Removed unimplemented genPlatformKey API

2. Applied several cleanups and minor bugfixes thx to static analysis

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
+.scannerwork
 DerivedData
 Lilu.kext
 xcuserdata

Changelog.md

@@ -3,6 +3,7 @@ Lilu Changelog
 
 #### v1.3.0
 - Fixed a rare kernel panic on user patch failure
+- Removed unimplemented `genPlatformKey` API
 
 #### v1.2.9
 - Added `kern_atomic.hpp` header to support atomic types with old Clang

Lilu/Headers/kern_crypto.hpp

@@ -51,23 +51,7 @@ namespace Crypto {
 		while (len--)
 			*vptr++ = '\0';
 	}
-
-	/**
-	 *  Generates a platform specific encryption key to be used for later encryption/decryption.
-	 *  Use very cautiously, this generates a key that should be reproducible on the same hardware.
-	 *  This means that the key is NOT meant protect the data from decryption on the same machine,
-	 *  but it only tries to circumvent cases when some blobs containing sensitive information
-	 *  (e.g. nvram dumps) were accidentally shared.
-	 *
-	 *  This is currently UNIMPLEMENTED
-	 *
-	 *  @param seed  prefixed data blob used for key generation
-	 *  @param size  seed size
-	 *
-	 *  @return generated key of at least BlockSize bits long (must be freeded by Buffer::deleter) or nullptr
-	 */
-	EXPORT uint8_t *genPlatformKey(const uint8_t *seed=nullptr, uint32_t size=0);
-
+
 	/**
 	 *  Generates cryptographically secure encryption key (from /dev/random)
 	 *
@@ -78,7 +62,7 @@ namespace Crypto {
 	/**
 	 *  Encrypts data of specified size and stores in Encrypted format
 	 *
-	 *  @param key  encryption key returned by genUniqueKey, genPlatformKey (default if null)
+	 *  @param key  encryption key returned by genUniqueKey
 	 *  @param src  source data
 	 *  @param size data size, encrypted size is returned on success
 	 *
@@ -89,7 +73,7 @@ namespace Crypto {
 	/**
 	 *  Decrypts data of specified size stored in Encrypted format
 	 *
-	 *  @param key  encryption key returned by genUniqueKey, genPlatformKey (default if null)
+	 *  @param key  encryption key returned by genUniqueKey
 	 *  @param src  source data
 	 *  @param size data size, decrypted size is returned on success
 	 *

Lilu/Headers/kern_iokit.hpp

@@ -18,7 +18,7 @@
 namespace WIOKit {
 
 	/**
-	 *  AppleHDAEngine::getLocation teaches us to use while(1) when talking to IOReg
+	 *  AppleHDAEngine::getLocation teaches us to use loop infinitely when talking to IOReg
 	 *  This feels mad and insane, since it may prevent the system from booting.
 	 *  Although this had never happened, we will use a far bigger fail-safe stop value.
 	 */

Lilu/Headers/kern_patcher.hpp

@@ -291,7 +291,7 @@ class KernelPatcher {
 	 *
 	 *  @param patch              patch to apply
 	 *  @param startingAddress    start with this address (or kext/kernel lowest address)
-	 *  @param maxSize            maximum size to look for (or kext/kernel max size)
+	 *  @param maxSize            maximum size to lookup (or kext/kernel max size)
 	 */
 	EXPORT void applyLookupPatch(const LookupPatch *patch, uint8_t *startingAddress, size_t maxSize);
 #endif /* LILU_KEXTPATCH_SUPPORT */

Lilu/Headers/kern_user.hpp

@@ -483,12 +483,10 @@ class UserPatcher {
 	 *  @param action     passed action, we only need KAUTH_FILEOP_EXEC
 	 *  @param arg0       pointer to vnode (vnode *) for executable
 	 *  @param arg1       pointer to path (char *) to executable
-	 *  @param arg2       unused
-	 *  @param arg3       unsed
 	 *
 	 *  @return 0 to allow further execution
 	 */
-	static int execListener(kauth_cred_t credential, void *idata, kauth_action_t action, uintptr_t arg0, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3);
+	static int execListener(kauth_cred_t /* credential */, void *idata, kauth_action_t action, uintptr_t /* arg0 */, uintptr_t arg1, uintptr_t, uintptr_t);
 
 	/**
 	 *  Unrestricted vm_protect, that takes care of Mojave codesign limitations for everyone's good.

Lilu/Headers/kern_util.hpp

@@ -672,7 +672,7 @@ class ThreadLocal {
  *  Use this deleter when storing scalar types
  */
 template <typename T>
-static void emptyDeleter(T) {}
+static void emptyDeleter(T) { /* no dynamic alloc */ }
 
 template <typename T, typename Y, void (*deleterT)(T)=emptyDeleter<T>, void (*deleterY)(Y)=emptyDeleter<Y>>
 struct ppair {
@@ -761,13 +761,13 @@ class evector {
 	 *
 	 *  @return elements ptr or null
 	 */
-	template <size_t Mul = 1>
+	template <size_t MUL = 1>
 	T *reserve(size_t num) {
 		if (rsvd < num) {
-			T *nPtr = static_cast<T *>(kern_os_realloc(ptr, Mul * num * sizeof(T)));
+			T *nPtr = static_cast<T *>(kern_os_realloc(ptr, MUL * num * sizeof(T)));
 			if (nPtr) {
 				ptr = nPtr;
-				rsvd = Mul * num;
+				rsvd = MUL * num;
 			} else {
 				return nullptr;
 			}
@@ -804,9 +804,9 @@ class evector {
 	 *
 	 *  @return true on success
 	 */
-	template <size_t Mul = 1>
+	template <size_t MUL = 1>
 	bool push_back(T &element) {
-		if (reserve<Mul>(cnt+1)) {
+		if (reserve<MUL>(cnt+1)) {
 			ptr[cnt] = element;
 			cnt++;
 			return true;
@@ -823,9 +823,9 @@ class evector {
 	 *
 	 *  @return true on success
 	 */
-	template <size_t Mul = 1>
+	template <size_t MUL = 1>
 	bool push_back(T &&element) {
-		if (reserve<Mul>(cnt+1)) {
+		if (reserve<MUL>(cnt+1)) {
 			ptr[cnt] = element;
 			cnt++;
 			return true;
@@ -891,9 +891,9 @@ inline constexpr char getBuildMonth() {
 			return "11"[i];
 		case ' ceD':
 			return "12"[i];
+		default:
+			return '0';
 	}
-
-	return '0';
 }
 
 template <size_t i>

Lilu/PrivateHeaders/kern_config.hpp

@@ -86,7 +86,7 @@ class Configuration {
 	 *
 	 *  @return 0 on success
 	 */
-	static int policyCredCheckLabelUpdateExecve(kauth_cred_t old, vnode_t vp, ...);
+	static int policyCredCheckLabelUpdateExecve(kauth_cred_t, vnode_t, ...);
 
 	/**
 	 *  TrustedBSD policy called before remounting
@@ -95,7 +95,7 @@ class Configuration {
 	 *  @param mp       mount point
 	 *  @param mlabel    mount point label
 	 */
-	static int policyCheckRemount(kauth_cred_t cred, mount *mp, label *mlabel);
+	static int policyCheckRemount(kauth_cred_t, mount *, label *);
 
 	/**
 	 *  TrustedBSD policy options

Lilu/PrivateHeaders/kern_patcher.hpp

@@ -42,8 +42,7 @@ namespace Patch {
 
 	template <typename T>
 	static void writeType(mach_vm_address_t addr, T value) {
-		// Completely forbidden to IOLog with disabled interrupts as of High Sierra
-		// DBGLOG("private @ writing to %X value of %lu which is %X", static_cast<uint32_t>(addr), sizeof(T), (unsigned int)value);
+		// It is completely forbidden to IOLog with disabled interrupts as of High Sierra, yet DBGLOG may bypass it if needed.
 		*reinterpret_cast<T *>(addr) = value;
 	}
 
@@ -66,11 +65,11 @@ namespace Patch {
 	};
 
 	union All {
-		All(P<Variant::U8> &&v) : u8(v) {}
-		All(P<Variant::U16> &&v) : u16(v) {}
-		All(P<Variant::U32> &&v) : u32(v) {}
-		All(P<Variant::U64> &&v) : u64(v) {}
-		All(P<Variant::U128> &&v) : u128(v) {}
+		explicit All(P<Variant::U8> &&v) : u8(v) {}
+		explicit All(P<Variant::U16> &&v) : u16(v) {}
+		explicit All(P<Variant::U32> &&v) : u32(v) {}
+		explicit All(P<Variant::U64> &&v) : u64(v) {}
+		explicit All(P<Variant::U128> &&v) : u128(v) {}
 
 		P<Variant::U8> u8;
 		P<Variant::U16> u16;

Lilu/Sources/kern_api.cpp

@@ -119,7 +119,7 @@ LiluAPI::Error LiluAPI::onPatcherLoad(t_patcherLoaded callback, void *user) {
 
 	if (!patcherLoadedCallbacks.push_back<2>(pcall)) {
 		SYSLOG("api", "failed to store stored_pair<t_patcherLoaded>");
-		pcall->deleter(pcall);
+		stored_pair<t_patcherLoaded>::deleter(pcall);
 		return Error::MemoryError;
 	}
 
@@ -141,7 +141,7 @@ LiluAPI::Error LiluAPI::onKextLoad(KernelPatcher::KextInfo *infos, size_t num, t
 
 		if (!kextLoadedCallbacks.push_back<4>(pcall)) {
 			SYSLOG("api", "failed to store stored_pair<t_kextLoaded>");
-			pcall->deleter(pcall);
+			stored_pair<t_kextLoaded>::deleter(pcall);
 			return Error::MemoryError;
 		}
 	}
@@ -160,7 +160,7 @@ LiluAPI::Error LiluAPI::onKextLoad(KernelPatcher::KextInfo *infos, size_t num, t
 
 		if (!storedKexts.push_back<4>(pkext)) {
 			SYSLOG("api", "failed to store stored_pair<KextInfo>");
-			pkext->deleter(pkext);
+			stored_pair<KernelPatcher::KextInfo *, size_t>::deleter(pkext);
 			return Error::MemoryError;
 		}
 	}
@@ -169,10 +169,7 @@ LiluAPI::Error LiluAPI::onKextLoad(KernelPatcher::KextInfo *infos, size_t num, t
 }
 
 LiluAPI::Error LiluAPI::onProcLoad(UserPatcher::ProcInfo *infos, size_t num, UserPatcher::t_BinaryLoaded callback, void *user, UserPatcher::BinaryModInfo *mods, size_t modnum) {
-	// It seems to partially work
-	// Offer no support for user patcher before 10.9
-	//if (getKernelVersion() <= KernelVersion::MountainLion)
-	//	return Error::IncompatibleOS;
+	// We do not officially support user patcher prior to 10.9, yet it seems to partially work
 
 	// Store the callbacks
 	if (callback) {
@@ -188,7 +185,7 @@ LiluAPI::Error LiluAPI::onProcLoad(UserPatcher::ProcInfo *infos, size_t num, Use
 
 		if (!binaryLoadedCallbacks.push_back<2>(pcall)) {
 			SYSLOG("api", "failed to store stored_pair<t_binaryLoaded>");
-			pcall->deleter(pcall);
+			stored_pair<UserPatcher::t_BinaryLoaded>::deleter(pcall);
 			return Error::MemoryError;
 		}
 	}
@@ -226,7 +223,7 @@ LiluAPI::Error LiluAPI::onEntitlementRequest(t_entitlementRequested callback, vo
 
 	if (!entitlementRequestedCallbacks.push_back<2>(ecall)) {
 		SYSLOG("api", "failed to store stored_pair<t_entitlementRequested>");
-		ecall->deleter(ecall);
+		stored_pair<t_entitlementRequested>::deleter(ecall);
 		return Error::MemoryError;
 	}
 

Lilu/Sources/kern_compression.cpp

@@ -345,13 +345,10 @@ uint8_t *Compression::compress(uint32_t compression, uint32_t &dstlen, const uin
 	auto compressedBuf = buffer ? buffer : Buffer::create<uint8_t>(dstlen);
 	if (compressedBuf) {
 		uint8_t *endptr = nullptr;
-		switch (compression) {
-			case ModeLZSS:
-				endptr = compress_lzss(compressedBuf, dstlen, src, srclen);
-				break;
-			default:
-				SYSLOG("comp", "unsupported compression format %X", compression);
-		}
+		if (compression == ModeLZSS)
+			endptr = compress_lzss(compressedBuf, dstlen, src, srclen);
+		else
+			SYSLOG("comp", "unsupported compression format %X", compression);
 
 		if (endptr) {
 			dstlen = static_cast<uint32_t>(endptr-compressedBuf);

Lilu/Sources/kern_cpu.cpp

@@ -11,7 +11,7 @@
 #include <i386/proc_reg.h>
 
 extern "C" {
-	#include <Library/osfmk/i386/pmCPU.h>
+#include <Library/osfmk/i386/pmCPU.h>
 }
 
 static CPUInfo::CpuVendor currentVendor = CPUInfo::CpuVendor::Unknown;

Lilu/Sources/kern_crypto.cpp

@@ -15,12 +15,6 @@ static_assert(Crypto::BlockSize == AES_BLOCK_SIZE, "Invalid block size!");
 static_assert(Crypto::BlockSize <= SHA256_BLOCK_SIZE ||
 			  Crypto::MinDigestSize > SHA256_BLOCK_SIZE, "Hash function does not provide enough data");
 
-uint8_t *Crypto::genPlatformKey(const uint8_t *seed, uint32_t size) {
-	SYSLOG("crypto", "genPlatformKey is currently unimplemented");
-
-	return nullptr;
-}
-
 uint8_t *Crypto::genUniqueKey(uint32_t size) {
 	if (size < BlockSize) {
 		SYSLOG("crypto", "invalid key size %u", size);
@@ -44,9 +38,8 @@ uint8_t *Crypto::encrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 		return nullptr;
 	}
 
-	uint8_t *pkey = nullptr;
-	if (!key && !(pkey = genPlatformKey())) {
-		SYSLOG("crypto", "encrypt unable to obtain platform key");
+	if (!key) {
+		SYSLOG("crypto", "encrypt unable to obtain encryption key");
 		return nullptr;
 	}
 
@@ -72,7 +65,7 @@ uint8_t *Crypto::encrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 			read_random(enc->iv, BlockSize);
 
 			aes_encrypt_ctx ctx;
-			auto ret = aes_encrypt_key(key ? key : pkey, BlockSize, &ctx);
+			auto ret = aes_encrypt_key(key, BlockSize, &ctx);
 			if (ret == aes_good) {
 				ret = aes_encrypt_cbc(dataBuf, enc->iv, encSize / BlockSize, enc->buf, &ctx);
 				if (ret == aes_good)
@@ -98,12 +91,7 @@ uint8_t *Crypto::encrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 	} else {
 		SYSLOG("crypto", "encrypt failed to allocate src buffer of %u bytes", encSize);
 	}
-
-	if (pkey) {
-		zeroMemory(BlockSize, pkey);
-		Buffer::deleter(pkey);
-	}
-
+
 	return encBuf;
 }
 
@@ -113,9 +101,8 @@ uint8_t *Crypto::decrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 		return nullptr;
 	}
 
-	uint8_t *pkey = nullptr;
-	if (!key && !(pkey = genPlatformKey())) {
-		SYSLOG("crypto", "decrypt unable to obtain platform key");
+	if (!key) {
+		SYSLOG("crypto", "decrypt unable to obtain decryption key");
 		return nullptr;
 	}
 
@@ -124,7 +111,7 @@ uint8_t *Crypto::decrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 	auto decBuf = Buffer::create<uint8_t>(size);
 	if (decBuf) {
 		aes_decrypt_ctx ctx;
-		auto ret = aes_decrypt_key(key ? key : pkey, BlockSize, &ctx);
+		auto ret = aes_decrypt_key(key, BlockSize, &ctx);
 		if (ret == aes_good) {
 			auto enc = reinterpret_cast<const Encrypted *>(src);
 			ret = aes_decrypt_cbc(enc->buf, enc->iv, size / BlockSize, decBuf, &ctx);
@@ -153,12 +140,7 @@ uint8_t *Crypto::decrypt(const uint8_t *key, const uint8_t *src, uint32_t &size)
 			decBuf = nullptr;
 		}
 	}
-
-	if (pkey) {
-		zeroMemory(BlockSize, pkey);
-		Buffer::deleter(pkey);
-	}
-
+
 	return decBuf;
 }
 

Lilu/Sources/kern_devinfo.cpp

@@ -272,10 +272,8 @@ void DeviceInfo::grabDevicesFromPciRoot(IORegistryEntry *pciRoot) {
 
 					pciiterator->release();
 
-					if (v.video) {
-						if (!videoExternal.push_back(v))
-							SYSLOG("dev", "failed to push video gpu");
-					}
+					if (v.video && !videoExternal.push_back(v))
+						SYSLOG("dev", "failed to push video gpu");
 				}
 			}
 		}

Lilu/Sources/kern_efi.cpp

@@ -88,7 +88,7 @@ void EfiRuntimeServices::activate() {
 }
 
 EfiRuntimeServices *EfiRuntimeServices::get(bool lock) {
-	//FIXME: To be completely honest we should lock gAppleEFIRuntimeLock here, but it is not public :/
+	//TODO: To be completely honest we should lock gAppleEFIRuntimeLock here, but it is not public :/
 	// The current approach is that EfiRuntimeServices are only allowed to be used before AppleEFIRuntime is loaded.
 	if (instance && lock)
 		IOLockLock(instance->accessLock);