wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

add linuxkm/wolfcrypt.lds module linker script, explicitly grouping wolfcrypt sections together;

Browse Source 
linuxkm/Kbuild: add linker script flag, containerize several more previously-missed ELF sections, and add a test verifying no sections were missed;

linuxkm/linuxkm_memory.c: remove obsolete lkm_realloc() shim and unneeded my__show_free_areas() wrapper;

linuxkm/linuxkm_wc_port.h: add new mapping from realloc() to native kvrealloc(), and gate out a slew of headers when __PIE__ to avoid polluting wolfCrypt objects with various unneeded header-implemented functions with associated awkward symbols references;

linuxkm/lkcapi_glue.c: harmonize gate for REGISTER_ALG_OPTIONAL();

linuxkm/module_hooks.c: add "ERROR:" prefixes on pr_err()s; add wc_RunAllCast_fips() at shutdown to send confidence verification to the kernel log; remove section bounds checks now that layout is unreliable;

wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM && HAVE_LINUXKM_PIE_SUPPORT, #define WOLFSSL_ECC_CURVE_STATIC and WOLFSSL_NAMES_STATIC;

wolfssl/wolfcrypt/types.h: refactor the typedef for wcchar from a pointer to a char[];

wolfcrypt/src/wc_xmss.c and wolfssl/wolfcrypt/wc_lms.h: add WOLFSSL_NAMES_STATIC code paths for struct wc_XmssString and struct wc_LmsParamsMap;

wolfcrypt/src/asn.c: add WOLFSSL_NAMES_STATIC code paths for struct CertNameData, and add static attribute to a slew of wcchars not used or declared outside asn.c.
This commit is contained in:
Daniel Pouzzner
2025-07-09 16:29:04 -05:00
parent f733ade6a2
commit 7c6afeb106
11 changed files with 267 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
linuxkm/Kbuild
View File

@@ -151,6 +151,8 @@ endif
ifeq "$(ENABLED_LINUXKM_PIE)" "yes" ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
LDFLAGS_libwolfssl.o += -T $(src)/wolfcrypt.lds
rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS) rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS)
ifndef NM ifndef NM
@@ -186,8 +188,39 @@ ifneq "$(quiet)" "silent_"
endif endif
cd "$(obj)" || exit $$? cd "$(obj)" || exit $$?
for file in $(WOLFCRYPT_PIE_FILES); do for file in $(WOLFCRYPT_PIE_FILES); do
$(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$? $(OBJCOPY) --rename-section .text=.text.wolfcrypt \
--rename-section .text.unlikely=.text.wolfcrypt \
--rename-section .rodata=.rodata.wolfcrypt \
--rename-section .rodata.str1.1=.rodata.wolfcrypt \
--rename-section .rodata.str1.8=.rodata.wolfcrypt \
--rename-section .data=.data.wolfcrypt \
--rename-section .data.rel.local=.data.wolfcrypt \
--rename-section .bss=.bss.wolfcrypt "$$file" || exit $$?
done done
{ $(READELF) --syms $(WOLFCRYPT_PIE_FILES) | \
$(AWK) -v obj="$(obj)" ' \
/File:/ { \
if (substr($$2, 1, length(obj)) == obj) { \
curfile = substr($$2, length(obj) + 2); \
} else { \
curfile=$$2; \
} \
next; \
} \
{ \
if (($$4 == "SECTION") && ($$8 !~ "wolfcrypt")) {\
if (! ((curfile ";" $$8) in warned_on)) { \
print curfile ": " $$8 >"/dev/stderr"; \
warned_on[curfile ": " $$8] = 1; \
++warnings; \
}}} \
END { \
if (warnings) { \
exit(1); \
} else { \
exit(0); \
}}'; } || \
{ echo 'Error: section(s) missed by containerization.' >&2; exit 1; }
ifneq "$(quiet)" "silent_" ifneq "$(quiet)" "silent_"
echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt' echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
endif endif

66
linuxkm/linuxkm_memory.c
View File

@@ -21,72 +21,6 @@
/* included by wolfcrypt/src/memory.c */ /* included by wolfcrypt/src/memory.c */
#ifdef HAVE_KVMALLOC
/* adapted from kvrealloc() draft by Changli Gao, 2010-05-13 */
void *lkm_realloc(void *ptr, size_t newsize) {
void *nptr;
size_t oldsize;
if (unlikely(newsize == 0)) {
kvfree(ptr);
return ZERO_SIZE_PTR;
}
if (unlikely(ptr == NULL))
return kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
if (is_vmalloc_addr(ptr)) {
/* no way to discern the size of the old allocation,
* because the kernel doesn't export find_vm_area(). if
* it did, we could then call get_vm_area_size() on the
* returned struct vm_struct.
*/
return NULL;
} else {
#ifndef __PIE__
struct page *page;
page = virt_to_head_page(ptr);
if (PageSlab(page) || PageCompound(page)) {
if (newsize < PAGE_SIZE)
#endif /* ! __PIE__ */
return krealloc(ptr, newsize, GFP_KERNEL);
#ifndef __PIE__
oldsize = ksize(ptr);
} else {
oldsize = page->private;
if (newsize <= oldsize)
return ptr;
}
#endif /* ! __PIE__ */
}
nptr = kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
if (nptr != NULL) {
memcpy(nptr, ptr, oldsize);
kvfree(ptr);
}
return nptr;
}
#endif /* HAVE_KVMALLOC */
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
/* needed in 6.1+ because show_free_areas() static definition in mm.h calls
* __show_free_areas(), which isn't exported (neither was show_free_areas()).
*/
void my__show_free_areas(
unsigned int flags,
nodemask_t *nodemask,
int max_zone_idx)
{
(void)flags;
(void)nodemask;
(void)max_zone_idx;
return;
}
#endif
#if defined(__PIE__) && defined(CONFIG_FORTIFY_SOURCE) #if defined(__PIE__) && defined(CONFIG_FORTIFY_SOURCE)
/* needed because FORTIFY_SOURCE inline implementations call fortify_panic(). */ /* needed because FORTIFY_SOURCE inline implementations call fortify_panic(). */
void __my_fortify_panic(const char *name) { void __my_fortify_panic(const char *name) {

98
linuxkm/linuxkm_wc_port.h
View File

@@ -77,8 +77,14 @@
#define ALIGN16 __attribute__ ( (aligned (32))) #define ALIGN16 __attribute__ ( (aligned (32)))
#endif #endif
/* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */ /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901, merged for 4.12.
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) * kvrealloc() added in de2860f463, merged for 5.15, backported to 5.10.137.
* moved to ultimate home (slab.h) in 8587ca6f34, merged for 5.16.
*/
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) || \
((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 137)) && \
(LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 90)))
#define HAVE_KVMALLOC #define HAVE_KVMALLOC
#endif #endif
@@ -258,36 +264,54 @@
#undef memmove #undef memmove
#define memmove my_memmove #define memmove my_memmove
#endif /* CONFIG_FORTIFY_SOURCE */ #else /* !CONFIG_FORTIFY_SOURCE */
#include <linux/string.h>
#endif /* !CONFIG_FORTIFY_SOURCE */
#ifdef LINUXKM_LKCAPI_REGISTER
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in
* linuxkm/lkcapi_aes_glue.c, we do the same
* thing with "struct km_AesCtx". however, wolfCrypt struct AesXts
* already has two AES expanded keys, the main and tweak, and the tweak
* is always used in the encrypt direction regardless of the main
* direction. to avoid allocating and computing a duplicate second
* tweak encrypt key, we set
* WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
* Aes slot to wolfCrypt's struct AesXts, and activates support for
* AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
*/
#ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#endif
#endif /* LINUXKM_LKCAPI_REGISTER */
#include <linux/init.h> #include <linux/init.h>
#ifndef __PIE__
#include <linux/module.h> #include <linux/module.h>
#include <linux/delay.h> #include <linux/delay.h>
#endif
#ifdef __PIE__ #ifdef __PIE__
/* without this, mm.h brings in static, but not inline, pmd_to_page(), /* linux/slab.h will recursively bring in linux/page-flags.h, polluting the
* with direct references to global vmem variables. * wolfCrypt container objects with static functions const_folio_flags() and
* folio_flags(), unless we kludge it off thusly.
*/ */
#undef USE_SPLIT_PMD_PTLOCKS #define PAGE_FLAGS_H
#define USE_SPLIT_PMD_PTLOCKS 0 #else
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
/* without this, static show_free_areas() mm.h brings in direct
* reference to unexported __show_free_areas().
*/
#define __show_free_areas my__show_free_areas
void my__show_free_areas(
unsigned int flags,
nodemask_t *nodemask,
int max_zone_idx);
#endif
#endif
#include <linux/mm.h> #include <linux/mm.h>
#endif
#include <linux/slab.h>
#ifndef __PIE__
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
#include <linux/kthread.h> #include <linux/kthread.h>
#endif #endif
#include <linux/net.h> #include <linux/net.h>
#include <linux/slab.h>
#ifdef LINUXKM_LKCAPI_REGISTER #ifdef LINUXKM_LKCAPI_REGISTER
#include <linux/crypto.h> #include <linux/crypto.h>
@@ -306,29 +330,13 @@
#include <linux/kprobes.h> #include <linux/kprobes.h>
#endif #endif
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in
* linuxkm/lkcapi_aes_glue.c, we do the same
* thing with "struct km_AesCtx". however, wolfCrypt struct AesXts
* already has two AES expanded keys, the main and tweak, and the tweak
* is always used in the encrypt direction regardless of the main
* direction. to avoid allocating and computing a duplicate second
* tweak encrypt key, we set
* WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
* Aes slot to wolfCrypt's struct AesXts, and activates support for
* AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
*/
#ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#endif
#if defined(_LINUX_REFCOUNT_H) || defined(_LINUX_REFCOUNT_TYPES_H) #if defined(_LINUX_REFCOUNT_H) || defined(_LINUX_REFCOUNT_TYPES_H)
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount.refs))) #define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount.refs)))
#else #else
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount))) #define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount)))
#endif #endif
#endif #endif
#endif /* !__PIE__ */
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \ #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM) defined(WOLFSSL_SP_X86_64_ASM)
@@ -622,17 +630,20 @@
typeof(kzalloc_noprof) *kzalloc_noprof; typeof(kzalloc_noprof) *kzalloc_noprof;
typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof; typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof; typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
typeof(kvrealloc_noprof) *kvrealloc_noprof;
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
typeof(kmalloc_noprof) *kmalloc_noprof; typeof(kmalloc_noprof) *kmalloc_noprof;
typeof(krealloc_noprof) *krealloc_noprof; typeof(krealloc_noprof) *krealloc_noprof;
typeof(kzalloc_noprof) *kzalloc_noprof; typeof(kzalloc_noprof) *kzalloc_noprof;
typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof; typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof;
typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof; typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof;
typeof(kvrealloc_noprof) *kvrealloc_noprof;
#else /* <6.10.0 */ #else /* <6.10.0 */
typeof(kmalloc) *kmalloc; typeof(kmalloc) *kmalloc;
typeof(krealloc) *krealloc; typeof(krealloc) *krealloc;
#ifdef HAVE_KVMALLOC #ifdef HAVE_KVMALLOC
typeof(kvmalloc_node) *kvmalloc_node; typeof(kvmalloc_node) *kvmalloc_node;
typeof(kvrealloc) *kvrealloc;
#endif #endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
typeof(kmalloc_trace) *kmalloc_trace; typeof(kmalloc_trace) *kmalloc_trace;
@@ -646,7 +657,6 @@
#endif #endif
typeof(kfree) *kfree; typeof(kfree) *kfree;
typeof(ksize) *ksize; typeof(ksize) *ksize;
typeof(is_vmalloc_addr) *is_vmalloc_addr;
typeof(get_random_bytes) *get_random_bytes; typeof(get_random_bytes) *get_random_bytes;
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -854,6 +864,7 @@
#define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
#define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof) #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof)
#define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof) #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof)
#define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
/* see include/linux/alloc_tag.h and include/linux/slab.h */ /* see include/linux/alloc_tag.h and include/linux/slab.h */
#define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
@@ -861,12 +872,14 @@
#define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
#define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof) #define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof)
#define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof) #define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof)
#define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
#else /* <6.10.0 */ #else /* <6.10.0 */
#define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc) #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc)
#define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc) #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc)
#define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO) #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO)
#ifdef HAVE_KVMALLOC #ifdef HAVE_KVMALLOC
#define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node) #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node)
#define kvrealloc (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc)
#endif #endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
#define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace) #define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace)
@@ -882,8 +895,6 @@
#endif #endif
#define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize)
#define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr)
#define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes) #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes)
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday) #define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday)
@@ -1162,10 +1173,9 @@
_alloc_sz; \ _alloc_sz; \
}) })
#ifdef HAVE_KVMALLOC #ifdef HAVE_KVMALLOC
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE) #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
#define free(ptr) kvfree(ptr) #define free(ptr) kvfree(ptr)
void *lkm_realloc(void *ptr, size_t newsize); #define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define realloc(ptr, newsize) lkm_realloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize))
#else #else
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC)) #define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define free(ptr) kfree(ptr) #define free(ptr) kfree(ptr)

2
linuxkm/lkcapi_glue.c
View File

@@ -591,7 +591,7 @@ static int linuxkm_lkcapi_register(void)
* on here is for ECDH loading to be optional when fips and fips tests are * on here is for ECDH loading to be optional when fips and fips tests are
* enabled. Failures because of !fips_allowed are skipped over. * enabled. Failures because of !fips_allowed are skipped over.
*/ */
#if defined(CONFIG_CRYPTO_FIPS) && \ #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER) && \ defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#if defined(LINUXKM_ECC192) #if defined(LINUXKM_ECC192)

127
linuxkm/module_hooks.c
View File

@@ -19,14 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
#ifndef WOLFSSL_LICENSE
#define WOLFSSL_LICENSE "GPL v2"
#endif
#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT #define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
#include <wolfssl/wolfcrypt/libwolfssl_sources.h> #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#define WOLFSSL_LICENSE "GPL v2"
#ifdef WOLFCRYPT_ONLY #ifdef WOLFCRYPT_ONLY
#include <wolfssl/version.h> #include <wolfssl/version.h>
#else #else
@@ -65,13 +63,13 @@ static int libwolfssl_cleanup(void) {
#ifdef WOLFCRYPT_ONLY #ifdef WOLFCRYPT_ONLY
ret = wolfCrypt_Cleanup(); ret = wolfCrypt_Cleanup();
if (ret != 0) if (ret != 0)
pr_err("wolfCrypt_Cleanup() failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: wolfCrypt_Cleanup() failed: %s\n", wc_GetErrorString(ret));
else else
pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n");
#else #else
ret = wolfSSL_Cleanup(); ret = wolfSSL_Cleanup();
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
pr_err("wolfSSL_Cleanup() failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: wolfSSL_Cleanup() failed: %s\n", wc_GetErrorString(ret));
else else
pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n");
#endif #endif
@@ -115,7 +113,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void);
static void lkmFipsCb(int ok, int err, const char* hash) static void lkmFipsCb(int ok, int err, const char* hash)
{ {
if ((! ok) || (err != 0)) if ((! ok) || (err != 0))
pr_err("libwolfssl FIPS error: %s\n", wc_GetErrorString(err)); pr_err("ERROR: libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
pr_err("In-core integrity hash check failure.\n" pr_err("In-core integrity hash check failure.\n"
"Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n", "Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
@@ -137,7 +135,7 @@ WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_install_node(struct kobj_attribu
if ((installed_flag == NULL) || (! *installed_flag)) { if ((installed_flag == NULL) || (! *installed_flag)) {
int ret = sysfs_create_file(&THIS_MODULE->mkobj.kobj, &node->attr); int ret = sysfs_create_file(&THIS_MODULE->mkobj.kobj, &node->attr);
if (ret) { if (ret) {
pr_err("sysfs_create_file failed for %s: %d\n", node->attr.name, ret); pr_err("ERROR: sysfs_create_file failed for %s: %d\n", node->attr.name, ret);
return ret; return ret;
} }
if (installed_flag) if (installed_flag)
@@ -182,13 +180,13 @@ static int wolfssl_init(void)
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
#ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG
if (THIS_MODULE->sig_ok == false) { if (THIS_MODULE->sig_ok == false) {
pr_err("wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n"); pr_err("ERROR: wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n");
return -ECANCELED; return -ECANCELED;
} }
#endif #endif
ret = updateFipsHash(); ret = updateFipsHash();
if (ret < 0) { if (ret < 0) {
pr_err("wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret)); pr_err("ERROR: wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret));
return -ECANCELED; return -ECANCELED;
} }
#endif #endif
@@ -226,58 +224,32 @@ static int wolfssl_init(void)
char *pie_rodata_end = (char *)wolfCrypt_PIE_rodata_end; char *pie_rodata_end = (char *)wolfCrypt_PIE_rodata_end;
unsigned int text_hash, rodata_hash; unsigned int text_hash, rodata_hash;
if ((pie_text_start < pie_text_end) &&
(pie_text_start >= (char *)THIS_MODULE_TEXT_BASE) &&
(pie_text_end - (char *)THIS_MODULE_TEXT_BASE <= THIS_MODULE_TEXT_SIZE))
{
text_hash = hash_span(pie_text_start, pie_text_end); text_hash = hash_span(pie_text_start, pie_text_end);
} else {
pr_info("out-of-bounds PIE fenceposts! pie_text_start=%px pie_text_end=%px (span=%lu)"
" core_layout.base=%px text_end=%px\n",
pie_text_start,
pie_text_end,
pie_text_end-pie_text_start,
THIS_MODULE_TEXT_BASE,
(char *)THIS_MODULE_TEXT_BASE + THIS_MODULE_TEXT_SIZE);
text_hash = 0;
}
if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers
(pie_rodata_start >= (char *)THIS_MODULE_RO_BASE) &&
(pie_rodata_end - (char *)THIS_MODULE_RO_BASE <= THIS_MODULE_RO_SIZE))
{
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end); rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
} else {
pr_info("out-of-bounds PIE fenceposts! pie_rodata_start=%px pie_rodata_end=%px (span=%lu)"
" core_layout.base+core_layout.text_size=%px rodata_end=%px\n",
pie_rodata_start,
pie_rodata_end,
pie_rodata_end-pie_rodata_start,
(char *)THIS_MODULE_RO_BASE,
(char *)THIS_MODULE_RO_BASE + THIS_MODULE_RO_SIZE);
rodata_hash = 0;
}
/* note, "%pK" conceals the actual layout information. "%px" exposes /* note, "%pK" conceals the actual layout information. "%px" exposes
* the true module start address, which is potentially useful to an * the true module start address, which is potentially useful to an
* attacker. * attacker.
*/ */
pr_info("wolfCrypt container hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu)\n", pr_info("wolfCrypt section hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu), offset %c0x%lx\n",
text_hash, pie_text_end-pie_text_start, text_hash, pie_text_end-pie_text_start,
rodata_hash, pie_rodata_end-pie_rodata_start); rodata_hash, pie_rodata_end-pie_rodata_start,
pie_text_start < pie_rodata_start ? '+' : '-',
pie_text_start < pie_rodata_start ? pie_rodata_start - pie_text_start : pie_text_start - pie_rodata_start);
} }
#endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */ #endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
ret = wolfCrypt_SetCb_fips(lkmFipsCb); ret = wolfCrypt_SetCb_fips(lkmFipsCb);
if (ret != 0) { if (ret != 0) {
pr_err("wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED; return -ECANCELED;
} }
fipsEntry(); fipsEntry();
ret = wolfCrypt_GetStatus_fips(); ret = wolfCrypt_GetStatus_fips();
if (ret != 0) { if (ret != 0) {
pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret)); pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
const char *newhash = wolfCrypt_GetCoreHash_fips(); const char *newhash = wolfCrypt_GetCoreHash_fips();
pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n", pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
@@ -290,7 +262,7 @@ static int wolfssl_init(void)
#ifdef WC_RNG_SEED_CB #ifdef WC_RNG_SEED_CB
ret = wc_SetSeed_Cb(wc_GenerateSeed); ret = wc_SetSeed_Cb(wc_GenerateSeed);
if (ret < 0) { if (ret < 0) {
pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret); pr_err("ERROR: wc_SetSeed_Cb() failed with return code %d.\n", ret);
(void)libwolfssl_cleanup(); (void)libwolfssl_cleanup();
msleep(10); msleep(10);
return -ECANCELED; return -ECANCELED;
@@ -300,13 +272,13 @@ static int wolfssl_init(void)
#ifdef WOLFCRYPT_ONLY #ifdef WOLFCRYPT_ONLY
ret = wolfCrypt_Init(); ret = wolfCrypt_Init();
if (ret != 0) { if (ret != 0) {
pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED; return -ECANCELED;
} }
#else #else
ret = wolfSSL_Init(); ret = wolfSSL_Init();
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED; return -ECANCELED;
} }
#endif #endif
@@ -314,7 +286,7 @@ static int wolfssl_init(void)
#if defined(HAVE_FIPS) && FIPS_VERSION3_GT(5,2,0) #if defined(HAVE_FIPS) && FIPS_VERSION3_GT(5,2,0)
ret = wc_RunAllCast_fips(); ret = wc_RunAllCast_fips();
if (ret != 0) { if (ret != 0) {
pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret); pr_err("ERROR: wc_RunAllCast_fips() failed with return value %d\n", ret);
return -ECANCELED; return -ECANCELED;
} }
@@ -348,7 +320,7 @@ static int wolfssl_init(void)
#ifndef NO_CRYPT_TEST #ifndef NO_CRYPT_TEST
ret = wolfcrypt_test(NULL); ret = wolfcrypt_test(NULL);
if (ret < 0) { if (ret < 0) {
pr_err("wolfcrypt self-test failed with return code %d.\n", ret); pr_err("ERROR: wolfcrypt self-test failed with return code %d.\n", ret);
(void)libwolfssl_cleanup(); (void)libwolfssl_cleanup();
msleep(10); msleep(10);
return -ECANCELED; return -ECANCELED;
@@ -366,7 +338,7 @@ static int wolfssl_init(void)
ret = linuxkm_lkcapi_sysfs_install(); ret = linuxkm_lkcapi_sysfs_install();
if (ret) { if (ret) {
pr_err("linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret); pr_err("ERROR: linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret);
(void)libwolfssl_cleanup(); (void)libwolfssl_cleanup();
msleep(10); msleep(10);
return -ECANCELED; return -ECANCELED;
@@ -375,7 +347,7 @@ static int wolfssl_init(void)
ret = linuxkm_lkcapi_register(); ret = linuxkm_lkcapi_register();
if (ret) { if (ret) {
pr_err("linuxkm_lkcapi_register() failed with return code %d.\n", ret); pr_err("ERROR: linuxkm_lkcapi_register() failed with return code %d.\n", ret);
linuxkm_lkcapi_unregister(); linuxkm_lkcapi_unregister();
(void)libwolfssl_cleanup(); (void)libwolfssl_cleanup();
msleep(10); msleep(10);
@@ -426,6 +398,8 @@ static void wolfssl_exit(void)
#endif #endif
{ {
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
int ret;
(void)linuxkm_lkcapi_sysfs_deinstall_node(&FIPS_rerun_self_test_attr, &installed_sysfs_FIPS_files); (void)linuxkm_lkcapi_sysfs_deinstall_node(&FIPS_rerun_self_test_attr, &installed_sysfs_FIPS_files);
#endif #endif
@@ -434,6 +408,15 @@ static void wolfssl_exit(void)
(void)linuxkm_lkcapi_sysfs_deinstall(); (void)linuxkm_lkcapi_sysfs_deinstall();
#endif #endif
#ifdef HAVE_FIPS
ret = wc_RunAllCast_fips();
if (ret != 0) {
pr_err("ERROR: wc_RunAllCast_fips() failed at shutdown with return value %d\n", ret);
}
else
pr_info("wolfCrypt FIPS re-self-test succeeded at unload: all algorithms re-verified.");
#endif
(void)libwolfssl_cleanup(); (void)libwolfssl_cleanup();
return; return;
@@ -527,17 +510,20 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof; wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof; wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof; wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof;
wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof; wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof;
wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
#else #else
wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc; wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc;
wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc; wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc;
#ifdef HAVE_KVMALLOC #ifdef HAVE_KVMALLOC
wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node; wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node;
wolfssl_linuxkm_pie_redirect_table.kvrealloc = kvrealloc;
#endif #endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
wolfssl_linuxkm_pie_redirect_table.kmalloc_trace = wolfssl_linuxkm_pie_redirect_table.kmalloc_trace =
@@ -555,7 +541,6 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
#ifdef HAVE_KVMALLOC #ifdef HAVE_KVMALLOC
wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree; wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree;
#endif #endif
wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr;
wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes; wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes;
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -711,7 +696,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot; i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
++i) ++i)
if (*i == 0) { if (*i == 0) {
pr_err("wolfCrypt container redirect table initialization was " pr_err("ERROR: wolfCrypt container redirect table initialization was "
"incomplete [%lu].\n", "incomplete [%lu].\n",
i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table); i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
return -EFAULT; return -EFAULT;
@@ -798,11 +783,11 @@ static int updateFipsHash(void)
word32 base16_out_len = binCoreSz; word32 base16_out_len = binCoreSz;
ret = Base16_Decode((const byte *)coreKey, sizeof coreKey - 1, binCoreKey, &base16_out_len); ret = Base16_Decode((const byte *)coreKey, sizeof coreKey - 1, binCoreKey, &base16_out_len);
if (ret != 0) { if (ret != 0) {
pr_err("Base16_Decode for coreKey: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: Base16_Decode for coreKey: %s\n", wc_GetErrorString(ret));
goto out; goto out;
} }
if (base16_out_len != binCoreSz) { if (base16_out_len != binCoreSz) {
pr_err("unexpected output length %u for coreKey from Base16_Decode.\n",base16_out_len); pr_err("ERROR: unexpected output length %u for coreKey from Base16_Decode.\n",base16_out_len);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -811,14 +796,14 @@ static int updateFipsHash(void)
tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
if (PTR_ERR(tfm) == -ENOMEM) { if (PTR_ERR(tfm) == -ENOMEM) {
pr_err("crypto_alloc_shash failed: out of memory\n"); pr_err("ERROR: crypto_alloc_shash failed: out of memory\n");
ret = MEMORY_E; ret = MEMORY_E;
} else if (PTR_ERR(tfm) == -ENOENT) { } else if (PTR_ERR(tfm) == -ENOENT) {
pr_err("crypto_alloc_shash failed: kernel is missing hmac(sha256) implementation\n"); pr_err("ERROR: crypto_alloc_shash failed: kernel is missing hmac(sha256) implementation\n");
pr_err("check for CONFIG_CRYPTO_SHA256 and CONFIG_CRYPTO_HMAC.\n"); pr_err("ERROR: check for CONFIG_CRYPTO_SHA256 and CONFIG_CRYPTO_HMAC.\n");
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
} else { } else {
pr_err("crypto_alloc_shash failed with ret %ld\n",PTR_ERR(tfm)); pr_err("ERROR: crypto_alloc_shash failed with ret %ld\n",PTR_ERR(tfm));
ret = HASH_TYPE_E; ret = HASH_TYPE_E;
} }
tfm = NULL; tfm = NULL;
@@ -829,7 +814,7 @@ static int updateFipsHash(void)
size_t desc_size = crypto_shash_descsize(tfm) + sizeof *desc; size_t desc_size = crypto_shash_descsize(tfm) + sizeof *desc;
desc = XMALLOC(desc_size, NULL, DYNAMIC_TYPE_TMP_BUFFER); desc = XMALLOC(desc_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (desc == NULL) { if (desc == NULL) {
pr_err("failed allocating desc."); pr_err("ERROR: failed allocating desc.");
ret = MEMORY_E; ret = MEMORY_E;
goto out; goto out;
} }
@@ -838,7 +823,7 @@ static int updateFipsHash(void)
ret = crypto_shash_setkey(tfm, binCoreKey, binCoreSz); ret = crypto_shash_setkey(tfm, binCoreKey, binCoreSz);
if (ret) { if (ret) {
pr_err("crypto_ahash_setkey failed: err %d\n", ret); pr_err("ERROR: crypto_ahash_setkey failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -846,7 +831,7 @@ static int updateFipsHash(void)
desc->tfm = tfm; desc->tfm = tfm;
ret = crypto_shash_init(desc); ret = crypto_shash_init(desc);
if (ret) { if (ret) {
pr_err("crypto_shash_init failed: err %d\n", ret); pr_err("ERROR: crypto_shash_init failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -855,7 +840,7 @@ static int updateFipsHash(void)
ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz); ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz);
if (ret) { if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret); pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -865,7 +850,7 @@ static int updateFipsHash(void)
data_sz = (unsigned long)verifyCore - (unsigned long)start; data_sz = (unsigned long)verifyCore - (unsigned long)start;
ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz); ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz);
if (ret) { if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret); pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -874,7 +859,7 @@ static int updateFipsHash(void)
} }
ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz); ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz);
if (ret) { if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret); pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -883,14 +868,14 @@ static int updateFipsHash(void)
ret = crypto_shash_final(desc, hash); ret = crypto_shash_final(desc, hash);
if (ret) { if (ret) {
pr_err("crypto_shash_final failed: err %d\n", ret); pr_err("ERROR: crypto_shash_final failed: err %d\n", ret);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
ret = GenBase16_Hash(hash, WC_SHA256_DIGEST_SIZE, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1); ret = GenBase16_Hash(hash, WC_SHA256_DIGEST_SIZE, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1);
if (ret != 0) { if (ret != 0) {
pr_err("GenBase16_Hash failed: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: GenBase16_Hash failed: %s\n", wc_GetErrorString(ret));
goto out; goto out;
} }
@@ -898,11 +883,11 @@ static int updateFipsHash(void)
word32 base16_out_len = verifySz; word32 base16_out_len = verifySz;
ret = Base16_Decode((const byte *)verifyCore, sizeof verifyCore - 1, binVerify, &base16_out_len); ret = Base16_Decode((const byte *)verifyCore, sizeof verifyCore - 1, binVerify, &base16_out_len);
if (ret != 0) { if (ret != 0) {
pr_err("Base16_Decode for verifyCore: %s\n", wc_GetErrorString(ret)); pr_err("ERROR: Base16_Decode for verifyCore: %s\n", wc_GetErrorString(ret));
goto out; goto out;
} }
if (base16_out_len != binCoreSz) { if (base16_out_len != binCoreSz) {
pr_err("unexpected output length %u for verifyCore from Base16_Decode.\n",base16_out_len); pr_err("ERROR: unexpected output length %u for verifyCore from Base16_Decode.\n",base16_out_len);
ret = BAD_STATE_E; ret = BAD_STATE_E;
goto out; goto out;
} }
@@ -958,13 +943,13 @@ static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_at
ret = wolfCrypt_IntegrityTest_fips(); ret = wolfCrypt_IntegrityTest_fips();
if (ret != 0) { if (ret != 0) {
pr_err("wolfCrypt_IntegrityTest_fips: error %d", ret); pr_err("ERROR: wolfCrypt_IntegrityTest_fips: error %d", ret);
return -EINVAL; return -EINVAL;
} }
ret = wolfCrypt_GetStatus_fips(); ret = wolfCrypt_GetStatus_fips();
if (ret != 0) { if (ret != 0) {
pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret)); pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E))
return -ELIBBAD; return -ELIBBAD;
else else
@@ -973,7 +958,7 @@ static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_at
ret = wc_RunAllCast_fips(); ret = wc_RunAllCast_fips();
if (ret != 0) { if (ret != 0) {
pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret); pr_err("ERROR: wc_RunAllCast_fips() failed with return value %d\n", ret);
return -EINVAL; return -EINVAL;
} }

19
linuxkm/wolfcrypt.lds Normal file
View File

@@ -0,0 +1,19 @@
SECTIONS {
. = ALIGN(4096);
.text.wolfcrypt : {
*(.text.wolfcrypt)
}
. = ALIGN(4096);
.rodata.wolfcrypt : {
*(.rodata.wolfcrypt)
}
. = ALIGN(4096);
.data.wolfcrypt : {
*(.data.wolfcrypt)
}
. = ALIGN(4096);
.bss.wolfcrypt : {
*(.bss.wolfcrypt)
}
. = ALIGN(4096);
}

157
wolfcrypt/src/asn.c
View File

@@ -14288,8 +14288,15 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
*((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val) *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val)
/* Get the string of a name component from the subject name. */ /* Get the string of a name component from the subject name. */
#define GetCertNameSubjectStr(id) \ #ifdef WOLFSSL_NAMES_STATIC
#define GetCertNameSubjectStr(id) \
((certNameSubject[(id) - 3].strLen) ? \
(certNameSubject[(id) - 3].str) : \
NULL)
#else
#define GetCertNameSubjectStr(id) \
(certNameSubject[(id) - 3].str) (certNameSubject[(id) - 3].str)
#endif
/* Get the string length of a name component from the subject name. */ /* Get the string length of a name component from the subject name. */
#define GetCertNameSubjectStrLen(id) \ #define GetCertNameSubjectStrLen(id) \
(certNameSubject[(id) - 3].strLen) (certNameSubject[(id) - 3].strLen)
@@ -14315,7 +14322,13 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
/* Mapping of certificate name component to useful information. */ /* Mapping of certificate name component to useful information. */
typedef struct CertNameData { typedef struct CertNameData {
/* Type string of name component. */ /* Type string of name component. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[20];
#define EMPTY_STR { 0 }
#else
const char* str; const char* str;
#define EMPTY_STR NULL
#endif
/* Length of type string of name component. */ /* Length of type string of name component. */
byte strLen; byte strLen;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
@@ -14497,7 +14510,7 @@ static const CertNameData certNameSubject[] = {
}, },
/* Title */ /* Title */
{ {
NULL, 0, EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0, 0,
0, 0,
@@ -14514,7 +14527,7 @@ static const CertNameData certNameSubject[] = {
}, },
/* Undefined */ /* Undefined */
{ {
NULL, 0, EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0, 0,
0, 0,
@@ -14531,7 +14544,7 @@ static const CertNameData certNameSubject[] = {
}, },
/* Undefined */ /* Undefined */
{ {
NULL, 0, EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0, 0,
0, 0,
@@ -14565,7 +14578,7 @@ static const CertNameData certNameSubject[] = {
}, },
/* Undefined */ /* Undefined */
{ {
NULL, 0, EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0, 0,
0, 0,
@@ -26135,102 +26148,102 @@ void wc_FreeDer(DerBuffer** pDer)
/* Note: If items added make sure MAX_X509_HEADER_SZ is /* Note: If items added make sure MAX_X509_HEADER_SZ is
updated to reflect maximum length and pem_struct_min_sz updated to reflect maximum length and pem_struct_min_sz
to reflect minimum size */ to reflect minimum size */
wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; static wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
wcchar END_CERT = "-----END CERTIFICATE-----"; static wcchar END_CERT = "-----END CERTIFICATE-----";
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; static wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; static wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
#endif #endif
#if defined(WOLFSSL_ACERT) #if defined(WOLFSSL_ACERT)
wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----"; static wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----"; static wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----";
#endif /* WOLFSSL_ACERT */ #endif /* WOLFSSL_ACERT */
#ifndef NO_DH #ifndef NO_DH
wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; static wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
wcchar END_DH_PARAM = "-----END DH PARAMETERS-----"; static wcchar END_DH_PARAM = "-----END DH PARAMETERS-----";
wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----"; static wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----"; static wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----";
#endif #endif
#ifndef NO_DSA #ifndef NO_DSA
wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; static wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----";
wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----"; static wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----";
#endif #endif
wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; static wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
wcchar END_X509_CRL = "-----END X509 CRL-----"; static wcchar END_X509_CRL = "-----END X509 CRL-----";
wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----"; static wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----";
wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----"; static wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----";
wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; static wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; static wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----"; static wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----";
wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----"; static wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----";
wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; static wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----"; static wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----";
wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; static wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; static wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
#ifdef HAVE_ECC #ifdef HAVE_ECC
wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; static wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----"; static wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----";
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----"; static wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----";
wcchar END_EC_PARAM = "-----END EC PARAMETERS-----"; static wcchar END_EC_PARAM = "-----END EC PARAMETERS-----";
#endif #endif
#endif #endif
#ifdef HAVE_PKCS7 #ifdef HAVE_PKCS7
wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; static wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----";
wcchar END_PKCS7 = "-----END PKCS7-----"; static wcchar END_PKCS7 = "-----END PKCS7-----";
#endif #endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
!defined(NO_DSA) !defined(NO_DSA)
wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; static wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; static wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
#endif #endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
const char BEGIN_PRIV_KEY_PREFIX[] = "-----BEGIN"; wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
const char PRIV_KEY_SUFFIX[] = "PRIVATE KEY-----"; wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
const char END_PRIV_KEY_PREFIX[] = "-----END"; wcchar END_PRIV_KEY_PREFIX = "-----END";
#endif #endif
wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; static wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; static wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
#if defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ED25519) || defined(HAVE_ED448)
wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; static wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; static wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#endif #endif
#if defined(HAVE_FALCON) #if defined(HAVE_FALCON)
wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----"; static wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----"; static wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----"; static wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----";
wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----"; static wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) #if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----"; static wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----"; static wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----"; static wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----"; static wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----"; static wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----"; static wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
#endif #endif
wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"; static wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----"; static wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----"; static wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----"; static wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----"; static wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----"; static wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS) #if defined(HAVE_SPHINCS)
wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; static wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; static wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; static wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; static wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; static wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; static wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; static wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_SPHINCS */ #endif /* HAVE_SPHINCS */
const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----" const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"

4
wolfcrypt/src/wc_xmss.c
View File

@@ -149,7 +149,11 @@ static WC_INLINE void wc_xmss_state_free(XmssState* state)
*/ */
typedef struct wc_XmssString { typedef struct wc_XmssString {
/* Name of algorithm as a string. */ /* Name of algorithm as a string. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[32];
#else
const char* str; const char* str;
#endif
/* OID for algorithm. */ /* OID for algorithm. */
word32 oid; word32 oid;
/* XMSS parameters. */ /* XMSS parameters. */

6
wolfssl/wolfcrypt/settings.h
View File

@@ -3694,8 +3694,11 @@ extern void uITRON4_free(void *p) ;
#ifndef WOLFSSL_SP_DIV_WORD_HALF #ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF #define WOLFSSL_SP_DIV_WORD_HALF
#endif #endif
#ifdef __PIE__
#ifdef HAVE_LINUXKM_PIE_SUPPORT
#define WC_NO_INTERNAL_FUNCTION_POINTERS #define WC_NO_INTERNAL_FUNCTION_POINTERS
#define WOLFSSL_ECC_CURVE_STATIC
#define WOLFSSL_NAMES_STATIC
#endif #endif
#ifndef NO_OLD_WC_NAMES #ifndef NO_OLD_WC_NAMES
@@ -4089,7 +4092,6 @@ extern void uITRON4_free(void *p) ;
#if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__) #if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__)
#define WOLFSSL_ECC_CURVE_STATIC #define WOLFSSL_ECC_CURVE_STATIC
#define WOLFSSL_NAMES_STATIC #define WOLFSSL_NAMES_STATIC
#define WOLFSSL_NO_CONSTCHARCONST
#endif #endif
/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */ /* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */

8
wolfssl/wolfcrypt/types.h
View File

@@ -111,13 +111,7 @@ library files.
typedef byte word24[3]; typedef byte word24[3];
#endif #endif
typedef const char wcchar[];
/* constant pointer to a constant char */
#ifdef WOLFSSL_NO_CONSTCHARCONST
typedef const char* wcchar;
#else
typedef const char* const wcchar;
#endif
#ifndef WC_BITFIELD #ifndef WC_BITFIELD
#ifdef WOLF_C89 #ifdef WOLF_C89

4
wolfssl/wolfcrypt/wc_lms.h
View File

@@ -384,7 +384,11 @@ typedef struct wc_LmsParamsMap {
/* Identifier of parameters. */ /* Identifier of parameters. */
enum wc_LmsParm id; enum wc_LmsParm id;
/* String representation of identifier of parameters. */ /* String representation of identifier of parameters. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[32];
#else
const char* str; const char* str;
#endif
/* LMS parameter set. */ /* LMS parameter set. */
LmsParams params; LmsParams params;
} wc_LmsParamsMap; } wc_LmsParamsMap;