From 049c4a8910fd8bb8ee817b4870f2f66e5e5c7516 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Wed, 16 Apr 2025 15:51:47 -0500
Subject: [PATCH] wolfssl/wolfcrypt/settings.h: map
 WC_SANITIZE_{DISABLE,ENABLE}() to kasan_{disable,enable}_current();

wolfssl/wolfcrypt/types.h: fallthrough map WC_SANITIZE_{DISABLE,ENABLE}() to WC_DO_NOTHING;

linuxkm/module_hooks.c: add WC_SANITIZE_DISABLE...WC_SANITIZE_ENABLE wrapper around critical span in updateFipsHash().
---
 .wolfssl_known_macro_extras  | 2 +-
 linuxkm/module_hooks.c       | 4 ++++
 wolfssl/wolfcrypt/settings.h | 9 +++++++++
 wolfssl/wolfcrypt/types.h    | 7 +++++++
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index adb7cb60f..0b7fddee7 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -94,6 +94,7 @@ CONFIG_IDF_TARGET_ESP32S2
 CONFIG_IDF_TARGET_ESP32S3
 CONFIG_IDF_TARGET_ESP8266
 CONFIG_IDF_TARGET_ESP8684
+CONFIG_KASAN
 CONFIG_MAIN_TASK_STACK_SIZE
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 CONFIG_MBEDTLS_PSA_CRYPTO_C
@@ -803,7 +804,6 @@ WOLFSSL_SILABS_TRNG
 WOLFSSL_SM4_EBC
 WOLFSSL_SNIFFER_NO_RECOVERY
 WOLFSSL_SP_ARM32_UDIV
-WOLFSSL_SP_DH
 WOLFSSL_SP_FAST_NCT_EXPTMOD
 WOLFSSL_SP_INT_SQR_VOLATILE
 WOLFSSL_STACK_CHECK
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index cb1f7aaa8..25024eb3d 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -755,6 +755,8 @@ static int updateFipsHash(void)
         goto out;
     }
 
+    WC_SANITIZE_DISABLE();
+
     ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz);
     if (ret) {
         pr_err("crypto_shash_update failed: err %d\n", ret);
@@ -781,6 +783,8 @@ static int updateFipsHash(void)
         goto out;
     }
 
+    WC_SANITIZE_ENABLE();
+
     ret = crypto_shash_final(desc, hash);
     if (ret) {
         pr_err("crypto_shash_final failed: err %d\n", ret);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 962d82e69..9fa7a3372 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -3673,6 +3673,15 @@ extern void uITRON4_free(void *p) ;
     #endif
     #undef WOLFSSL_MIN_AUTH_TAG_SZ
     #define WOLFSSL_MIN_AUTH_TAG_SZ 4
+
+    #ifdef CONFIG_KASAN
+        #ifndef WC_SANITIZE_DISABLE
+            #define WC_SANITIZE_DISABLE() kasan_disable_current()
+        #endif
+        #ifndef WC_SANITIZE_ENABLE
+            #define WC_SANITIZE_ENABLE() kasan_enable_current()
+        #endif
+    #endif
 #endif
 
 
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index a3e6af7aa..167945f51 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1886,6 +1886,13 @@ typedef struct w64wrapper {
         #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
     #endif
 
+    #ifndef WC_SANITIZE_DISABLE
+        #define WC_SANITIZE_DISABLE() WC_DO_NOTHING
+    #endif
+    #ifndef WC_SANITIZE_ENABLE
+        #define WC_SANITIZE_ENABLE() WC_DO_NOTHING
+    #endif
+
     #if FIPS_VERSION_GE(5,1)
         #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y))
         #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL)