wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8980 from douzzer/20250706-linuxkm-fixes

Browse Source 
20250706-linuxkm-fixes
This commit is contained in:
philljj
2025-07-10 10:34:59 -05:00
committed by GitHub
parent ae48ee408e f49e583721
commit ed6d189f1a
12 changed files with 427 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.wolfssl_known_macro_extras
View File

@ -65,6 +65,7 @@ CONFIG_CRYPTO_GCM
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_MANAGER
CONFIG_CRYPTO_RSA
CONFIG_CRYPTO_SELFTESTS_FULL
CONFIG_CRYPTO_SHA1
CONFIG_CRYPTO_SHA256
CONFIG_CRYPTO_SHA3
@ -774,7 +775,6 @@ WOLFSSL_NO_KCAPI_SHA224
WOLFSSL_NO_OCSP_DATE_CHECK
WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
WOLFSSL_NO_OCSP_OPTIONAL_CERTS
WOLFSSL_NO_PUBLIC_FFDHE
WOLFSSL_NO_RSA_KEY_CHECK
WOLFSSL_NO_SERVER_GROUPS_EXT
WOLFSSL_NO_SESSION_STATS

36
linuxkm/Kbuild
View File

@ -151,6 +151,8 @@ endif
ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
LDFLAGS_libwolfssl.o += -T $(src)/wolfcrypt.lds
rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS)
ifndef NM
@ -186,8 +188,40 @@ ifneq "$(quiet)" "silent_"
endif
cd "$(obj)" || exit $$?
for file in $(WOLFCRYPT_PIE_FILES); do
$(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?
$(OBJCOPY) --rename-section .text=.text.wolfcrypt \
--rename-section .text.unlikely=.text.wolfcrypt \
--rename-section .rodata=.rodata.wolfcrypt \
--rename-section .rodata.str1.1=.rodata.wolfcrypt \
--rename-section .rodata.str1.8=.rodata.wolfcrypt \
--rename-section .data=.data.wolfcrypt \
--rename-section .data.rel.local=.data.wolfcrypt \
--rename-section .bss=.bss.wolfcrypt "$$file" || exit $$?
done
[ "$(KERNEL_ARCH_X86)" != "yes" ] || \
{ $(READELF) --syms $(WOLFCRYPT_PIE_FILES) | \
$(AWK) -v obj="$(obj)" ' \
/File:/ { \
if (substr($$2, 1, length(obj)) == obj) { \
curfile = substr($$2, length(obj) + 2); \
} else { \
curfile=$$2; \
} \
next; \
} \
{ \
if (($$4 == "SECTION") && ($$8 !~ "wolfcrypt")) {\
if (! ((curfile ";" $$8) in warned_on)) { \
print curfile ": " $$8 >"/dev/stderr"; \
warned_on[curfile ": " $$8] = 1; \
++warnings; \
}}} \
END { \
if (warnings) { \
exit(1); \
} else { \
exit(0); \
}}'; } || \
{ echo 'Error: section(s) missed by containerization.' >&2; exit 1; }
ifneq "$(quiet)" "silent_"
echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
endif

50
linuxkm/linuxkm_memory.c
View File

@ -21,56 +21,6 @@
/* included by wolfcrypt/src/memory.c */
#ifdef HAVE_KVMALLOC
/* adapted from kvrealloc() draft by Changli Gao, 2010-05-13 */
void *lkm_realloc(void *ptr, size_t newsize) {
void *nptr;
size_t oldsize;
if (unlikely(newsize == 0)) {
kvfree(ptr);
return ZERO_SIZE_PTR;
}
if (unlikely(ptr == NULL))
return kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
if (is_vmalloc_addr(ptr)) {
/* no way to discern the size of the old allocation,
* because the kernel doesn't export find_vm_area(). if
* it did, we could then call get_vm_area_size() on the
* returned struct vm_struct.
*/
return NULL;
} else {
#ifndef __PIE__
struct page *page;
page = virt_to_head_page(ptr);
if (PageSlab(page) || PageCompound(page)) {
if (newsize < PAGE_SIZE)
#endif /* ! __PIE__ */
return krealloc(ptr, newsize, GFP_KERNEL);
#ifndef __PIE__
oldsize = ksize(ptr);
} else {
oldsize = page->private;
if (newsize <= oldsize)
return ptr;
}
#endif /* ! __PIE__ */
}
nptr = kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
if (nptr != NULL) {
memcpy(nptr, ptr, oldsize);
kvfree(ptr);
}
return nptr;
}
#endif /* HAVE_KVMALLOC */
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
/* needed in 6.1+ because show_free_areas() static definition in mm.h calls
* __show_free_areas(), which isn't exported (neither was show_free_areas()).

204
linuxkm/linuxkm_wc_port.h
View File

@ -77,10 +77,34 @@
#define ALIGN16 __attribute__ ( (aligned (32)))
#endif
/* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */
/* kvmalloc()/kvfree() and friends added in linux commit a7c3e901, merged for 4.12.
* kvrealloc() added in de2860f463, merged for 5.15, backported to 5.10.137.
* moved to ultimate home (slab.h) in 8587ca6f34, merged for 5.16.
*
* however, until 6.11, it took an extra argument, oldsize, that makes it
* incompatible with traditional libc usage patterns, so we don't try to use it.
*/
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
#define HAVE_KVMALLOC
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
#define HAVE_KVREALLOC
#endif
#ifdef WOLFCRYPT_ONLY
#ifdef HAVE_KVMALLOC
#define USE_KVMALLOC
#endif
#ifdef HAVE_KVREALLOC
#define USE_KVREALLOC
#endif
#else
/* functioning realloc() is needed for the TLS stack. */
#if defined(HAVE_KVMALLOC) && defined(HAVE_KVREALLOC)
#define USE_KVMALLOC
#define USE_KVREALLOC
#endif
#endif
/* kernel printf doesn't implement fp. */
#ifndef WOLFSSL_NO_FLOAT_FMT
@ -258,7 +282,20 @@
#undef memmove
#define memmove my_memmove
#endif /* CONFIG_FORTIFY_SOURCE */
#else /* !CONFIG_FORTIFY_SOURCE */
#include <linux/string.h>
#endif /* !CONFIG_FORTIFY_SOURCE */
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)) && \
defined(CONFIG_X86)
/* linux/slab.h will recursively bring in linux/page-flags.h, polluting the
* wolfCrypt container objects with static functions const_folio_flags() and
* folio_flags(), unless we kludge it off thusly.
*/
#define PAGE_FLAGS_H
#endif
#include <linux/init.h>
#include <linux/module.h>
@ -282,30 +319,22 @@
int max_zone_idx);
#endif
#endif
#if !defined(__PIE__) || (LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0))
#include <linux/mm.h>
#endif
#ifndef SINGLE_THREADED
#include <linux/kthread.h>
#endif
#ifndef __PIE__
#include <linux/net.h>
#endif
#include <linux/slab.h>
#include <linux/sched.h>
#include <linux/random.h>
#ifdef LINUXKM_LKCAPI_REGISTER
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <crypto/scatterwalk.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/hash.h>
#include <crypto/internal/rng.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/akcipher.h>
#include <crypto/internal/kpp.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
#include <crypto/internal/sig.h>
#endif /* linux ver >= 6.13 */
#ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES
#include <linux/kprobes.h>
#endif
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in
@ -323,12 +352,30 @@
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#endif
#if defined(_LINUX_REFCOUNT_H) || defined(_LINUX_REFCOUNT_TYPES_H)
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount.refs)))
#else
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount)))
#endif
#endif
#ifndef __PIE__
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <crypto/scatterwalk.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/hash.h>
#include <crypto/internal/rng.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/akcipher.h>
#include <crypto/internal/kpp.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
#include <crypto/internal/sig.h>
#endif /* linux ver >= 6.13 */
#ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES
#include <linux/kprobes.h>
#endif
#if defined(_LINUX_REFCOUNT_H) || defined(_LINUX_REFCOUNT_TYPES_H)
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount.refs)))
#else
#define WC_LKM_REFCOUNT_TO_INT(refcount) (atomic_read(&(refcount)))
#endif
#endif /* !__PIE__ */
#endif /* LINUXKM_LKCAPI_REGISTER */
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
@ -475,21 +522,49 @@
extern int wolfCrypt_FIPS_first(void);
extern int wolfCrypt_FIPS_last(void);
#if FIPS_VERSION3_GE(6,0,0)
#ifndef NO_AES
extern int wolfCrypt_FIPS_AES_sanity(void);
#if defined(WOLFSSL_CMAC) && defined(WOLFSSL_AES_DIRECT)
extern int wolfCrypt_FIPS_CMAC_sanity(void);
#endif
#endif
#ifndef NO_DH
extern int wolfCrypt_FIPS_DH_sanity(void);
#endif
#ifdef HAVE_ECC
extern int wolfCrypt_FIPS_ECC_sanity(void);
#endif
#ifdef HAVE_ED25519
extern int wolfCrypt_FIPS_ED25519_sanity(void);
#endif
#ifdef HAVE_ED448
extern int wolfCrypt_FIPS_ED448_sanity(void);
#endif
extern int wolfCrypt_FIPS_HMAC_sanity(void);
#ifndef NO_KDF
extern int wolfCrypt_FIPS_KDF_sanity(void);
#endif
#ifdef HAVE_PBKDF2
extern int wolfCrypt_FIPS_PBKDF_sanity(void);
#endif
#ifdef HAVE_HASHDRBG
extern int wolfCrypt_FIPS_DRBG_sanity(void);
#endif
#ifndef NO_RSA
extern int wolfCrypt_FIPS_RSA_sanity(void);
#endif
#ifndef NO_SHA
extern int wolfCrypt_FIPS_SHA_sanity(void);
#endif
#ifndef NO_SHA256
extern int wolfCrypt_FIPS_SHA256_sanity(void);
#endif
#ifdef WOLFSSL_SHA512
extern int wolfCrypt_FIPS_SHA512_sanity(void);
#endif
#ifdef WOLFSSL_SHA3
extern int wolfCrypt_FIPS_SHA3_sanity(void);
#endif
extern int wolfCrypt_FIPS_FT_sanity(void);
extern int wc_RunAllCast_fips(void);
#endif
@ -594,17 +669,24 @@
typeof(kzalloc_noprof) *kzalloc_noprof;
typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
typeof(kvrealloc_noprof) *kvrealloc_noprof;
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
typeof(kmalloc_noprof) *kmalloc_noprof;
typeof(krealloc_noprof) *krealloc_noprof;
typeof(kzalloc_noprof) *kzalloc_noprof;
typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof;
typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof;
#ifdef HAVE_KVREALLOC
typeof(kvrealloc_noprof) *kvrealloc_noprof;
#endif
#else /* <6.10.0 */
typeof(kmalloc) *kmalloc;
typeof(krealloc) *krealloc;
#ifdef HAVE_KVMALLOC
typeof(kvmalloc_node) *kvmalloc_node;
typeof(kvmalloc_node) *kvmalloc_node;
#endif
#ifdef HAVE_KVREALLOC
typeof(kvrealloc) *kvrealloc;
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
typeof(kmalloc_trace) *kmalloc_trace;
@ -618,7 +700,6 @@
#endif
typeof(kfree) *kfree;
typeof(ksize) *ksize;
typeof(is_vmalloc_addr) *is_vmalloc_addr;
typeof(get_random_bytes) *get_random_bytes;
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@ -660,21 +741,49 @@
typeof(wolfCrypt_FIPS_first) *wolfCrypt_FIPS_first;
typeof(wolfCrypt_FIPS_last) *wolfCrypt_FIPS_last;
#if FIPS_VERSION3_GE(6,0,0)
#ifndef NO_AES
typeof(wolfCrypt_FIPS_AES_sanity) *wolfCrypt_FIPS_AES_sanity;
#if defined(WOLFSSL_CMAC) && defined(WOLFSSL_AES_DIRECT)
typeof(wolfCrypt_FIPS_CMAC_sanity) *wolfCrypt_FIPS_CMAC_sanity;
#endif
#endif
#ifndef NO_DH
typeof(wolfCrypt_FIPS_DH_sanity) *wolfCrypt_FIPS_DH_sanity;
#endif
#ifdef HAVE_ECC
typeof(wolfCrypt_FIPS_ECC_sanity) *wolfCrypt_FIPS_ECC_sanity;
#endif
#ifdef HAVE_ED25519
typeof(wolfCrypt_FIPS_ED25519_sanity) *wolfCrypt_FIPS_ED25519_sanity;
#endif
#ifdef HAVE_ED448
typeof(wolfCrypt_FIPS_ED448_sanity) *wolfCrypt_FIPS_ED448_sanity;
#endif
typeof(wolfCrypt_FIPS_HMAC_sanity) *wolfCrypt_FIPS_HMAC_sanity;
#ifndef NO_KDF
typeof(wolfCrypt_FIPS_KDF_sanity) *wolfCrypt_FIPS_KDF_sanity;
#endif
#ifdef HAVE_PBKDF2
typeof(wolfCrypt_FIPS_PBKDF_sanity) *wolfCrypt_FIPS_PBKDF_sanity;
#endif
#ifdef HAVE_HASHDRBG
typeof(wolfCrypt_FIPS_DRBG_sanity) *wolfCrypt_FIPS_DRBG_sanity;
#endif
#ifndef NO_RSA
typeof(wolfCrypt_FIPS_RSA_sanity) *wolfCrypt_FIPS_RSA_sanity;
#endif
#ifndef NO_SHA
typeof(wolfCrypt_FIPS_SHA_sanity) *wolfCrypt_FIPS_SHA_sanity;
#endif
#ifndef NO_SHA256
typeof(wolfCrypt_FIPS_SHA256_sanity) *wolfCrypt_FIPS_SHA256_sanity;
#endif
#ifdef WOLFSSL_SHA512
typeof(wolfCrypt_FIPS_SHA512_sanity) *wolfCrypt_FIPS_SHA512_sanity;
#endif
#ifdef WOLFSSL_SHA3
typeof(wolfCrypt_FIPS_SHA3_sanity) *wolfCrypt_FIPS_SHA3_sanity;
#endif
typeof(wolfCrypt_FIPS_FT_sanity) *wolfCrypt_FIPS_FT_sanity;
typeof(wc_RunAllCast_fips) *wc_RunAllCast_fips;
#endif
@ -798,6 +907,7 @@
#define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
#define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof)
#define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof)
#define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
/* see include/linux/alloc_tag.h and include/linux/slab.h */
#define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
@ -805,6 +915,7 @@
#define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
#define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof)
#define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof)
#define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
#else /* <6.10.0 */
#define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc)
#define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc)
@ -812,6 +923,9 @@
#ifdef HAVE_KVMALLOC
#define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node)
#endif
#ifdef HAVE_KVREALLOC
#define kvrealloc (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc)
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
#define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace)
#else
@ -826,8 +940,6 @@
#endif
#define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize)
#define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr)
#define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes)
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday)
@ -1094,6 +1206,13 @@
*/
#define _MM_MALLOC_H_INCLUDED
#ifndef BUILDING_WOLFSSL
#include <linux/slab.h>
#if defined(USE_KVMALLOC) && (LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0))
#include <linux/mm.h>
#endif
#endif
/* fun fact: since linux commit 59bb47985c, kmalloc with power-of-2 size is
* aligned to the size.
*/
@ -1105,11 +1224,14 @@
((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz - 1)); \
_alloc_sz; \
})
#ifdef HAVE_KVMALLOC
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
#ifdef USE_KVMALLOC
#define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
#define free(ptr) kvfree(ptr)
void *lkm_realloc(void *ptr, size_t newsize);
#define realloc(ptr, newsize) lkm_realloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize))
#ifdef USE_KVREALLOC
#define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#else
#define realloc(ptr, newsize) ((void)(ptr), (void)(newsize), NULL)
#endif
#else
#define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
#define free(ptr) kfree(ptr)
@ -1132,13 +1254,17 @@
#endif
#define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); wolfSSL_Realloc(p, n);})
#else
#define XMALLOC(s, h, t) ({(void)(h); (void)(t); malloc(s);})
#ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
#define XFREE(p, h, t) ({(void)(h); (void)(t); free(p);})
#else
#define XFREE(p, h, t) ({void* _xp; (void)(h); (void)(t); _xp = (p); if(_xp) free(_xp);})
#endif
#define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
#if !defined(XMALLOC_USER) && !defined(XMALLOC_OVERRIDE)
#define XMALLOC(s, h, t) ({(void)(h); (void)(t); malloc(s);})
#ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
#define XFREE(p, h, t) ({(void)(h); (void)(t); free(p);})
#else
#define XFREE(p, h, t) ({void* _xp; (void)(h); (void)(t); _xp = (p); if(_xp) free(_xp);})
#endif
#if defined(USE_KVREALLOC) || !defined(USE_KVMALLOC)
#define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
#endif
#endif /* !XMALLOC_USER && !XMALLOC_OVERRIDE */
#endif
#include <linux/limits.h>

11
linuxkm/lkcapi_glue.c
View File

@ -64,7 +64,8 @@
#define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 100000
#endif
#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
static int disable_setkey_warnings = 0;
#else
#define disable_setkey_warnings 0
@ -321,7 +322,8 @@ static int linuxkm_lkcapi_register(void)
if (ret)
return ret;
#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
/* temporarily disable warnings around setkey failures, which are expected
* from the crypto fuzzer in FIPS configs, and potentially in others.
* unexpected setkey failures are fatal errors returned by the fuzzer.
@ -591,7 +593,7 @@ static int linuxkm_lkcapi_register(void)
* on here is for ECDH loading to be optional when fips and fips tests are
* enabled. Failures because of !fips_allowed are skipped over.
*/
#if defined(CONFIG_CRYPTO_FIPS) && \
#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#if defined(LINUXKM_ECC192)
@ -692,7 +694,8 @@ static int linuxkm_lkcapi_register(void)
#undef REGISTER_ALG
#undef REGISTER_ALG_OPTIONAL
#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
disable_setkey_warnings = 0;
#endif

161
linuxkm/module_hooks.c
View File

@ -19,14 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_LICENSE
#define WOLFSSL_LICENSE "GPL v2"
#endif
#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#define WOLFSSL_LICENSE "GPL v2"
#ifdef WOLFCRYPT_ONLY
#include <wolfssl/version.h>
#else
@ -65,13 +63,13 @@ static int libwolfssl_cleanup(void) {
#ifdef WOLFCRYPT_ONLY
ret = wolfCrypt_Cleanup();
if (ret != 0)
pr_err("wolfCrypt_Cleanup() failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: wolfCrypt_Cleanup() failed: %s\n", wc_GetErrorString(ret));
else
pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n");
#else
ret = wolfSSL_Cleanup();
if (ret != WOLFSSL_SUCCESS)
pr_err("wolfSSL_Cleanup() failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: wolfSSL_Cleanup() failed: %s\n", wc_GetErrorString(ret));
else
pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n");
#endif
@ -115,7 +113,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void);
static void lkmFipsCb(int ok, int err, const char* hash)
{
if ((! ok) || (err != 0))
pr_err("libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
pr_err("ERROR: libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
pr_err("In-core integrity hash check failure.\n"
"Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
@ -137,7 +135,7 @@ WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_install_node(struct kobj_attribu
if ((installed_flag == NULL) || (! *installed_flag)) {
int ret = sysfs_create_file(&THIS_MODULE->mkobj.kobj, &node->attr);
if (ret) {
pr_err("sysfs_create_file failed for %s: %d\n", node->attr.name, ret);
pr_err("ERROR: sysfs_create_file failed for %s: %d\n", node->attr.name, ret);
return ret;
}
if (installed_flag)
@ -182,13 +180,13 @@ static int wolfssl_init(void)
#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
#ifdef CONFIG_MODULE_SIG
if (THIS_MODULE->sig_ok == false) {
pr_err("wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n");
pr_err("ERROR: wolfSSL module load aborted -- bad or missing module signature with FIPS dynamic hash.\n");
return -ECANCELED;
}
#endif
ret = updateFipsHash();
if (ret < 0) {
pr_err("wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret));
pr_err("ERROR: wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret));
return -ECANCELED;
}
#endif
@ -226,58 +224,32 @@ static int wolfssl_init(void)
char *pie_rodata_end = (char *)wolfCrypt_PIE_rodata_end;
unsigned int text_hash, rodata_hash;
if ((pie_text_start < pie_text_end) &&
(pie_text_start >= (char *)THIS_MODULE_TEXT_BASE) &&
(pie_text_end - (char *)THIS_MODULE_TEXT_BASE <= THIS_MODULE_TEXT_SIZE))
{
text_hash = hash_span(pie_text_start, pie_text_end);
} else {
pr_info("out-of-bounds PIE fenceposts! pie_text_start=%px pie_text_end=%px (span=%lu)"
" core_layout.base=%px text_end=%px\n",
pie_text_start,
pie_text_end,
pie_text_end-pie_text_start,
THIS_MODULE_TEXT_BASE,
(char *)THIS_MODULE_TEXT_BASE + THIS_MODULE_TEXT_SIZE);
text_hash = 0;
}
if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers
(pie_rodata_start >= (char *)THIS_MODULE_RO_BASE) &&
(pie_rodata_end - (char *)THIS_MODULE_RO_BASE <= THIS_MODULE_RO_SIZE))
{
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
} else {
pr_info("out-of-bounds PIE fenceposts! pie_rodata_start=%px pie_rodata_end=%px (span=%lu)"
" core_layout.base+core_layout.text_size=%px rodata_end=%px\n",
pie_rodata_start,
pie_rodata_end,
pie_rodata_end-pie_rodata_start,
(char *)THIS_MODULE_RO_BASE,
(char *)THIS_MODULE_RO_BASE + THIS_MODULE_RO_SIZE);
rodata_hash = 0;
}
text_hash = hash_span(pie_text_start, pie_text_end);
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
/* note, "%pK" conceals the actual layout information. "%px" exposes
* the true module start address, which is potentially useful to an
* attacker.
*/
pr_info("wolfCrypt container hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu)\n",
pr_info("wolfCrypt section hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu), offset %c0x%lx\n",
text_hash, pie_text_end-pie_text_start,
rodata_hash, pie_rodata_end-pie_rodata_start);
rodata_hash, pie_rodata_end-pie_rodata_start,
pie_text_start < pie_rodata_start ? '+' : '-',
pie_text_start < pie_rodata_start ? pie_rodata_start - pie_text_start : pie_text_start - pie_rodata_start);
}
#endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */
#ifdef HAVE_FIPS
ret = wolfCrypt_SetCb_fips(lkmFipsCb);
if (ret != 0) {
pr_err("wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED;
}
fipsEntry();
ret = wolfCrypt_GetStatus_fips();
if (ret != 0) {
pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
const char *newhash = wolfCrypt_GetCoreHash_fips();
pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
@ -290,7 +262,7 @@ static int wolfssl_init(void)
#ifdef WC_RNG_SEED_CB
ret = wc_SetSeed_Cb(wc_GenerateSeed);
if (ret < 0) {
pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret);
pr_err("ERROR: wc_SetSeed_Cb() failed with return code %d.\n", ret);
(void)libwolfssl_cleanup();
msleep(10);
return -ECANCELED;
@ -300,13 +272,13 @@ static int wolfssl_init(void)
#ifdef WOLFCRYPT_ONLY
ret = wolfCrypt_Init();
if (ret != 0) {
pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED;
}
#else
ret = wolfSSL_Init();
if (ret != WOLFSSL_SUCCESS) {
pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret));
return -ECANCELED;
}
#endif
@ -314,7 +286,7 @@ static int wolfssl_init(void)
#if defined(HAVE_FIPS) && FIPS_VERSION3_GT(5,2,0)
ret = wc_RunAllCast_fips();
if (ret != 0) {
pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret);
pr_err("ERROR: wc_RunAllCast_fips() failed with return value %d\n", ret);
return -ECANCELED;
}
@ -348,7 +320,7 @@ static int wolfssl_init(void)
#ifndef NO_CRYPT_TEST
ret = wolfcrypt_test(NULL);
if (ret < 0) {
pr_err("wolfcrypt self-test failed with return code %d.\n", ret);
pr_err("ERROR: wolfcrypt self-test failed with return code %d.\n", ret);
(void)libwolfssl_cleanup();
msleep(10);
return -ECANCELED;
@ -366,7 +338,7 @@ static int wolfssl_init(void)
ret = linuxkm_lkcapi_sysfs_install();
if (ret) {
pr_err("linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret);
pr_err("ERROR: linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret);
(void)libwolfssl_cleanup();
msleep(10);
return -ECANCELED;
@ -375,7 +347,7 @@ static int wolfssl_init(void)
ret = linuxkm_lkcapi_register();
if (ret) {
pr_err("linuxkm_lkcapi_register() failed with return code %d.\n", ret);
pr_err("ERROR: linuxkm_lkcapi_register() failed with return code %d.\n", ret);
linuxkm_lkcapi_unregister();
(void)libwolfssl_cleanup();
msleep(10);
@ -426,6 +398,8 @@ static void wolfssl_exit(void)
#endif
{
#ifdef HAVE_FIPS
int ret;
(void)linuxkm_lkcapi_sysfs_deinstall_node(&FIPS_rerun_self_test_attr, &installed_sysfs_FIPS_files);
#endif
@ -434,6 +408,15 @@ static void wolfssl_exit(void)
(void)linuxkm_lkcapi_sysfs_deinstall();
#endif
#ifdef HAVE_FIPS
ret = wc_RunAllCast_fips();
if (ret != 0) {
pr_err("ERROR: wc_RunAllCast_fips() failed at shutdown with return value %d\n", ret);
}
else
pr_info("wolfCrypt FIPS re-self-test succeeded at unload: all algorithms re-verified.");
#endif
(void)libwolfssl_cleanup();
return;
@ -527,17 +510,22 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof;
wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof;
wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
#else
wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc;
wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc;
#ifdef HAVE_KVMALLOC
wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node;
#endif
#ifdef HAVE_KVREALLOC
wolfssl_linuxkm_pie_redirect_table.kvrealloc = kvrealloc;
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
wolfssl_linuxkm_pie_redirect_table.kmalloc_trace =
@ -555,7 +543,6 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
#ifdef HAVE_KVMALLOC
wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree;
#endif
wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr;
wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes;
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@ -598,36 +585,64 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_last =
wolfCrypt_FIPS_last;
#if FIPS_VERSION3_GE(6,0,0)
#ifndef NO_AES
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_AES_sanity =
wolfCrypt_FIPS_AES_sanity;
#if defined(WOLFSSL_CMAC) && defined(WOLFSSL_AES_DIRECT)
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_CMAC_sanity =
wolfCrypt_FIPS_CMAC_sanity;
#endif
#endif
#ifndef NO_DH
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DH_sanity =
wolfCrypt_FIPS_DH_sanity;
#endif
#ifdef HAVE_ECC
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ECC_sanity =
wolfCrypt_FIPS_ECC_sanity;
#endif
#ifdef HAVE_ED25519
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED25519_sanity =
wolfCrypt_FIPS_ED25519_sanity;
#endif
#ifdef HAVE_ED448
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED448_sanity =
wolfCrypt_FIPS_ED448_sanity;
#endif
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_HMAC_sanity =
wolfCrypt_FIPS_HMAC_sanity;
#ifndef NO_KDF
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_KDF_sanity =
wolfCrypt_FIPS_KDF_sanity;
#endif
#ifdef HAVE_PBKDF2
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_PBKDF_sanity =
wolfCrypt_FIPS_PBKDF_sanity;
#endif
#ifdef HAVE_HASHDRBG
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DRBG_sanity =
wolfCrypt_FIPS_DRBG_sanity;
#endif
#ifndef NO_RSA
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_RSA_sanity =
wolfCrypt_FIPS_RSA_sanity;
#endif
#ifndef NO_SHA
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA_sanity =
wolfCrypt_FIPS_SHA_sanity;
#endif
#ifndef NO_SHA256
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA256_sanity =
wolfCrypt_FIPS_SHA256_sanity;
#endif
#ifdef WOLFSSL_SHA512
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA512_sanity =
wolfCrypt_FIPS_SHA512_sanity;
#endif
#ifdef WOLFSSL_SHA3
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA3_sanity =
wolfCrypt_FIPS_SHA3_sanity;
#endif
wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_FT_sanity =
wolfCrypt_FIPS_FT_sanity;
wolfssl_linuxkm_pie_redirect_table.wc_RunAllCast_fips =
@ -683,7 +698,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
++i)
if (*i == 0) {
pr_err("wolfCrypt container redirect table initialization was "
pr_err("ERROR: wolfCrypt container redirect table initialization was "
"incomplete [%lu].\n",
i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
return -EFAULT;
@ -770,11 +785,11 @@ static int updateFipsHash(void)
word32 base16_out_len = binCoreSz;
ret = Base16_Decode((const byte *)coreKey, sizeof coreKey - 1, binCoreKey, &base16_out_len);
if (ret != 0) {
pr_err("Base16_Decode for coreKey: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: Base16_Decode for coreKey: %s\n", wc_GetErrorString(ret));
goto out;
}
if (base16_out_len != binCoreSz) {
pr_err("unexpected output length %u for coreKey from Base16_Decode.\n",base16_out_len);
pr_err("ERROR: unexpected output length %u for coreKey from Base16_Decode.\n",base16_out_len);
ret = BAD_STATE_E;
goto out;
}
@ -783,14 +798,14 @@ static int updateFipsHash(void)
tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
if (IS_ERR(tfm)) {
if (PTR_ERR(tfm) == -ENOMEM) {
pr_err("crypto_alloc_shash failed: out of memory\n");
pr_err("ERROR: crypto_alloc_shash failed: out of memory\n");
ret = MEMORY_E;
} else if (PTR_ERR(tfm) == -ENOENT) {
pr_err("crypto_alloc_shash failed: kernel is missing hmac(sha256) implementation\n");
pr_err("check for CONFIG_CRYPTO_SHA256 and CONFIG_CRYPTO_HMAC.\n");
pr_err("ERROR: crypto_alloc_shash failed: kernel is missing hmac(sha256) implementation\n");
pr_err("ERROR: check for CONFIG_CRYPTO_SHA256 and CONFIG_CRYPTO_HMAC.\n");
ret = NOT_COMPILED_IN;
} else {
pr_err("crypto_alloc_shash failed with ret %ld\n",PTR_ERR(tfm));
pr_err("ERROR: crypto_alloc_shash failed with ret %ld\n",PTR_ERR(tfm));
ret = HASH_TYPE_E;
}
tfm = NULL;
@ -801,7 +816,7 @@ static int updateFipsHash(void)
size_t desc_size = crypto_shash_descsize(tfm) + sizeof *desc;
desc = XMALLOC(desc_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (desc == NULL) {
pr_err("failed allocating desc.");
pr_err("ERROR: failed allocating desc.");
ret = MEMORY_E;
goto out;
}
@ -810,7 +825,7 @@ static int updateFipsHash(void)
ret = crypto_shash_setkey(tfm, binCoreKey, binCoreSz);
if (ret) {
pr_err("crypto_ahash_setkey failed: err %d\n", ret);
pr_err("ERROR: crypto_ahash_setkey failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
@ -818,7 +833,7 @@ static int updateFipsHash(void)
desc->tfm = tfm;
ret = crypto_shash_init(desc);
if (ret) {
pr_err("crypto_shash_init failed: err %d\n", ret);
pr_err("ERROR: crypto_shash_init failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
@ -827,7 +842,7 @@ static int updateFipsHash(void)
ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz);
if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret);
pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
@ -837,7 +852,7 @@ static int updateFipsHash(void)
data_sz = (unsigned long)verifyCore - (unsigned long)start;
ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz);
if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret);
pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
@ -846,7 +861,7 @@ static int updateFipsHash(void)
}
ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz);
if (ret) {
pr_err("crypto_shash_update failed: err %d\n", ret);
pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
@ -855,14 +870,14 @@ static int updateFipsHash(void)
ret = crypto_shash_final(desc, hash);
if (ret) {
pr_err("crypto_shash_final failed: err %d\n", ret);
pr_err("ERROR: crypto_shash_final failed: err %d\n", ret);
ret = BAD_STATE_E;
goto out;
}
ret = GenBase16_Hash(hash, WC_SHA256_DIGEST_SIZE, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1);
if (ret != 0) {
pr_err("GenBase16_Hash failed: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: GenBase16_Hash failed: %s\n", wc_GetErrorString(ret));
goto out;
}
@ -870,11 +885,11 @@ static int updateFipsHash(void)
word32 base16_out_len = verifySz;
ret = Base16_Decode((const byte *)verifyCore, sizeof verifyCore - 1, binVerify, &base16_out_len);
if (ret != 0) {
pr_err("Base16_Decode for verifyCore: %s\n", wc_GetErrorString(ret));
pr_err("ERROR: Base16_Decode for verifyCore: %s\n", wc_GetErrorString(ret));
goto out;
}
if (base16_out_len != binCoreSz) {
pr_err("unexpected output length %u for verifyCore from Base16_Decode.\n",base16_out_len);
pr_err("ERROR: unexpected output length %u for verifyCore from Base16_Decode.\n",base16_out_len);
ret = BAD_STATE_E;
goto out;
}
@ -930,13 +945,13 @@ static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_at
ret = wolfCrypt_IntegrityTest_fips();
if (ret != 0) {
pr_err("wolfCrypt_IntegrityTest_fips: error %d", ret);
pr_err("ERROR: wolfCrypt_IntegrityTest_fips: error %d", ret);
return -EINVAL;
}
ret = wolfCrypt_GetStatus_fips();
if (ret != 0) {
pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E))
return -ELIBBAD;
else
@ -945,7 +960,7 @@ static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_at
ret = wc_RunAllCast_fips();
if (ret != 0) {
pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret);
pr_err("ERROR: wc_RunAllCast_fips() failed with return value %d\n", ret);
return -EINVAL;
}

19
linuxkm/wolfcrypt.lds Normal file
View File

@ -0,0 +1,19 @@
SECTIONS {
. = ALIGN(4096);
.text.wolfcrypt : {
*(.text.wolfcrypt)
}
. = ALIGN(4096);
.rodata.wolfcrypt : {
*(.rodata.wolfcrypt)
}
. = ALIGN(4096);
.data.wolfcrypt : {
*(.data.wolfcrypt)
}
. = ALIGN(4096);
.bss.wolfcrypt : {
*(.bss.wolfcrypt)
}
. = ALIGN(4096);
}

176
wolfcrypt/src/asn.c
View File

@ -14288,8 +14288,15 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
*((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val)
/* Get the string of a name component from the subject name. */
#define GetCertNameSubjectStr(id) \
(certNameSubject[(id) - 3].str)
#ifdef WOLFSSL_NAMES_STATIC
#define GetCertNameSubjectStr(id) \
((certNameSubject[(id) - 3].strLen) ? \
(certNameSubject[(id) - 3].str) : \
NULL)
#else
#define GetCertNameSubjectStr(id) \
(certNameSubject[(id) - 3].str)
#endif
/* Get the string length of a name component from the subject name. */
#define GetCertNameSubjectStrLen(id) \
(certNameSubject[(id) - 3].strLen)
@ -14315,7 +14322,15 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
/* Mapping of certificate name component to useful information. */
typedef struct CertNameData {
/* Type string of name component. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[20]; /* large enough for largest string in certNameSubject[]
* below
*/
#define EMPTY_STR { 0 }
#else
const char* str;
#define EMPTY_STR NULL
#endif
/* Length of type string of name component. */
byte strLen;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
@ -14497,7 +14512,7 @@ static const CertNameData certNameSubject[] = {
},
/* Title */
{
NULL, 0,
EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0,
0,
@ -14514,7 +14529,7 @@ static const CertNameData certNameSubject[] = {
},
/* Undefined */
{
NULL, 0,
EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0,
0,
@ -14531,7 +14546,7 @@ static const CertNameData certNameSubject[] = {
},
/* Undefined */
{
NULL, 0,
EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0,
0,
@ -14565,7 +14580,7 @@ static const CertNameData certNameSubject[] = {
},
/* Undefined */
{
NULL, 0,
EMPTY_STR, 0,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
0,
0,
@ -26135,102 +26150,101 @@ void wc_FreeDer(DerBuffer** pDer)
/* Note: If items added make sure MAX_X509_HEADER_SZ is
updated to reflect maximum length and pem_struct_min_sz
to reflect minimum size */
wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
wcchar END_CERT = "-----END CERTIFICATE-----";
static wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
static wcchar END_CERT = "-----END CERTIFICATE-----";
#ifdef WOLFSSL_CERT_REQ
wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
static wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
static wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
#endif
#if defined(WOLFSSL_ACERT)
wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----";
static wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
static wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----";
#endif /* WOLFSSL_ACERT */
#ifndef NO_DH
wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
wcchar END_DH_PARAM = "-----END DH PARAMETERS-----";
wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----";
static wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
static wcchar END_DH_PARAM = "-----END DH PARAMETERS-----";
static wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
static wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----";
#endif
#ifndef NO_DSA
wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----";
wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----";
static wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----";
static wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----";
#endif
wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
wcchar END_X509_CRL = "-----END X509 CRL-----";
wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----";
wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----";
wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----";
wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----";
wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----";
wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
static wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
static wcchar END_X509_CRL = "-----END X509 CRL-----";
static wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----";
static wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----";
static wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
static wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
static wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----";
static wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----";
static wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
static wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----";
static wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
static wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
#ifdef HAVE_ECC
wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----";
static wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
static wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----";
#ifdef OPENSSL_EXTRA
wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----";
wcchar END_EC_PARAM = "-----END EC PARAMETERS-----";
static wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----";
static wcchar END_EC_PARAM = "-----END EC PARAMETERS-----";
#endif
#endif
#ifdef HAVE_PKCS7
wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----";
wcchar END_PKCS7 = "-----END PKCS7-----";
static wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----";
static wcchar END_PKCS7 = "-----END PKCS7-----";
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
!defined(NO_DSA)
wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
#if defined(HAVE_ECC) || !defined(NO_DSA)
static wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
static wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
#endif
#ifdef OPENSSL_EXTRA
const char BEGIN_PRIV_KEY_PREFIX[] = "-----BEGIN";
const char PRIV_KEY_SUFFIX[] = "PRIVATE KEY-----";
const char END_PRIV_KEY_PREFIX[] = "-----END";
wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
wcchar END_PRIV_KEY_PREFIX = "-----END";
#endif
wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
static wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
static wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
#if defined(HAVE_ED25519) || defined(HAVE_ED448)
wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
static wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
static wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#endif
#if defined(HAVE_FALCON)
wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----";
wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
static wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
static wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
static wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----";
static wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
static wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
static wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
static wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
static wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
static wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
static wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
#endif
wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
static wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
static wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
static wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
static wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
static wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
static wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
static wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
static wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
static wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
static wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
static wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
static wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
static wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_SPHINCS */
const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"
@ -35688,25 +35702,25 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
#else
if (ret == 0) {
/* Base X-ordinate */
DataToHexString(base + 1, (word32)curve->size, curve->Gx);
DataToHexString(base + 1, (word32)curve->size, (char *)curve->Gx);
/* Base Y-ordinate */
DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy);
DataToHexString(base + 1 + curve->size, (word32)curve->size, (char *)curve->Gy);
/* Prime */
DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
curve->prime);
(char *)curve->prime);
/* Parameter A */
DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data,
dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length,
curve->Af);
(char *)curve->Af);
/* Parameter B */
DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data,
dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length,
curve->Bf);
(char *)curve->Bf);
/* Order of curve */
DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data,
dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length,
curve->order);
(char *)curve->order);
}
#endif /* WOLFSSL_ECC_CURVE_STATIC */

6
wolfcrypt/src/wc_xmss.c
View File

@ -149,7 +149,13 @@ static WC_INLINE void wc_xmss_state_free(XmssState* state)
*/
typedef struct wc_XmssString {
/* Name of algorithm as a string. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[32]; /* large enough for largest string in wc_xmss_alg[] or
* wc_xmssmt_alg[]
*/
#else
const char* str;
#endif
/* OID for algorithm. */
word32 oid;
/* XMSS parameters. */

8
wolfssl/wolfcrypt/settings.h
View File

@ -3694,8 +3694,13 @@ extern void uITRON4_free(void *p) ;
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifdef __PIE__
#ifdef HAVE_LINUXKM_PIE_SUPPORT
#define WC_NO_INTERNAL_FUNCTION_POINTERS
#define WOLFSSL_ECC_CURVE_STATIC
#define WOLFSSL_NAMES_STATIC
#define WOLFSSL_NO_PUBLIC_FFDHE
#undef HAVE_PUBLIC_FFDHE
#endif
#ifndef NO_OLD_WC_NAMES
@ -4089,7 +4094,6 @@ extern void uITRON4_free(void *p) ;
#if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__)
#define WOLFSSL_ECC_CURVE_STATIC
#define WOLFSSL_NAMES_STATIC
#define WOLFSSL_NO_CONSTCHARCONST
#endif
/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */

8
wolfssl/wolfcrypt/types.h
View File

@ -111,13 +111,7 @@ library files.
typedef byte word24[3];
#endif
/* constant pointer to a constant char */
#ifdef WOLFSSL_NO_CONSTCHARCONST
typedef const char* wcchar;
#else
typedef const char* const wcchar;
#endif
typedef const char wcchar[];
#ifndef WC_BITFIELD
#ifdef WOLF_C89

4
wolfssl/wolfcrypt/wc_lms.h
View File

@ -384,7 +384,11 @@ typedef struct wc_LmsParamsMap {
/* Identifier of parameters. */
enum wc_LmsParm id;
/* String representation of identifier of parameters. */
#ifdef WOLFSSL_NAMES_STATIC
const char str[32]; /* large enough for largest string in wc_lms_map[] */
#else
const char* str;
#endif
/* LMS parameter set. */
LmsParams params;
} wc_LmsParamsMap;