From a01d4c2d5fc4514b65be02f0d515fa120f9c26d2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 7 Aug 2025 17:09:10 -0500 Subject: [PATCH 1/2] linuxkm/module_hooks.c: suppress -Wunused-parameter when including crypto/hash.h (for RHEL 9.6). --- linuxkm/module_hooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index c9ceb2bb9..9b28234b8 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -837,6 +837,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { PRAGMA_GCC_DIAG_PUSH PRAGMA_GCC("GCC diagnostic ignored \"-Wnested-externs\"") PRAGMA_GCC("GCC diagnostic ignored \"-Wpointer-arith\"") +PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-parameter\"") #include PRAGMA_GCC_DIAG_POP From a821e4cfa2752b7b63e18ccf823b7864e74a8094 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 7 Aug 2025 21:57:56 -0500 Subject: [PATCH 2/2] wolfcrypt/src/memory.c and wolfssl/wolfcrypt/memory.h: add WOLFSSL_API void wc_ForceZero(). --- .wolfssl_known_macro_extras | 1 + wolfcrypt/src/memory.c | 34 ++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/memory.h | 4 ++++ wolfssl/wolfcrypt/settings.h | 3 ++- 4 files changed, 41 insertions(+), 1 deletion(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index fafab6e0e..228437dfb 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -880,6 +880,7 @@ WOLFSSL_USER_MUTEX WOLFSSL_USER_THREADING WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW WOLFSSL_USE_FLASHMEM +WOLFSSL_USE_FORCE_ZERO WOLFSSL_USE_OPTIONS_H WOLFSSL_VALIDATE_DH_KEYGEN WOLFSSL_WC_LMS_SERIALIZE_STATE diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 5df4d15fc..3f11ebed7 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1660,6 +1660,40 @@ void __attribute__((no_instrument_function)) } #endif +#ifndef WOLFSSL_NO_FORCE_ZERO +/* Exported version of ForceZero() that takes a size_t. */ +void wc_ForceZero(void *mem, size_t len) +{ + byte *zb = (byte *)mem; + unsigned long *zl; + + XFENCE(); + + while ((wc_ptr_t)zb & (wc_ptr_t)(sizeof(unsigned long) - 1U)) { + if (len == 0) + return; + *zb++ = 0; + --len; + } + + zl = (unsigned long *)zb; + + while (len > sizeof(unsigned long)) { + *zl++ = 0; + len -= sizeof(unsigned long); + } + + zb = (byte *)zl; + + while (len) { + *zb++ = 0; + --len; + } + + XFENCE(); +} +#endif + #ifdef WC_DEBUG_CIPHER_LIFECYCLE static const byte wc_debug_cipher_lifecycle_tag_value[] = { 'W', 'o', 'l', 'f' }; diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index fa8e5d02e..6acbc2471 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -342,6 +342,10 @@ WOLFSSL_LOCAL void wc_MemZero_Add(const char* name, const void* addr, WOLFSSL_LOCAL void wc_MemZero_Check(void* addr, size_t len); #endif +#ifndef WOLFSSL_NO_FORCE_ZERO +WOLFSSL_API void wc_ForceZero(void *mem, size_t len); +#endif + #ifdef WC_DEBUG_CIPHER_LIFECYCLE WOLFSSL_LOCAL int wc_debug_CipherLifecycleInit(void **CipherLifecycleTag, void *heap); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 50aa25df4..fd335be54 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4038,7 +4038,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \ !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \ !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \ - && !defined(USE_FAST_MATH) && defined(NO_SHA256) + && !defined(USE_FAST_MATH) && defined(NO_SHA256) && \ + !defined(WOLFSSL_USE_FORCE_ZERO) #undef WOLFSSL_NO_FORCE_ZERO #define WOLFSSL_NO_FORCE_ZERO #endif