linuxkm/linuxkm_wc_port.h: strcpy() takes 2 args.
wolfcrypt/src/aes.c: add VECTOR_REGISTERS_PUSH2() and use it to free tmp in smallstack path if the push fails.
* when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.
* when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
strncpy(), and strncat(), to clang builtins, to get proper __msan
interception.
* genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
wc_linuxkm_stack_hwm_measure_rel().
linuxkm/: when logging PTR_ERR(), cast it to int, and use "%d" as the format. Globally, `#define PTR_ERR(x) ((int)PTR_ERR(x))` in linuxkm_wc_port.h to fix clang warnings on kernel headers.
linuxkm/lkcapi_aes_glue.c: add casts in linuxkm_test_aesgcm() to mollify clang.
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c:
* add __clang__ compat code to allow including clang stdatomic.h while masking out kernel-incompatible __CLANG_STDINT_H.
* add clang-specific suppressions for kernel headers (-Wshorten-64-to-32, -Wframe-address).
linuxkm/lkcapi_sha_glue.c:
* in wc__get_random_bytes(), add bounds-checking for len.
* in wc_extract_crng_user(), fix type conflicts.
wolfssl/wolfcrypt/wc_port.h and wolfssl/wolfcrypt/types.h:
* move the old-FIPS compatibility mapping from INLINE to WC_INLINE from types.h to wc_port.h.
* activate stdatomic.h for clang kernel module builds.
linuxkm/Kbuild:
* add clang-specific flags.
* add gcc gate around gcc-specific flags.
* allow override value for MAX_STACK_FRAME_SIZE.
wolfcrypt/src/asn.c: add casts in GetFormattedTime_ex() to mollify clang build of linuxkm.
linuxkm/linuxkm_memory.c: use packed-struct intermediates rather than memcpy()s for wc_get_unaligned() and wc_put_unaligned().
linuxkm/linuxkm_wc_port.h: on old FIPS, retrofit nonnull attribute to GHASH() arg 1, so that it unconditionally writes out the hash.
wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: in GHASH(), add nonnull attribute to arg 1, and remove runtime nullness check for arg 1 in the implementations.
Support AES-XTS AVX512/VAES
Support AES-GCM AVX512/VAES
Support AES-ECB/CBC/CTR AVX512/VAES/AVX1/AES-NI.
Remove code from aes_asm.S/aes_asm.asm
Add CPU defines for AVX512 and VAES
Updated ASM files with new defines for AVX512.
Added support for printing out the new CPU Id flags in benchmark.
Added new files to Windows projects.
aes.c: Supports ECB/CBC/CTR in assembly. Supports calling AVX512/VAES assembly.
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
fix F-3291: Copy-paste error in linuxkm_test_aesgcm error message uses WOLFKM_AESCBC_DRIVER
fix F-1431: AES-GCM RFC4106 SetKey Uses memcpy Instead of XMEMCPY for Nonce Copy
(note, for F-1431, changed all relevant memset() and memcpy() calls in linuxkm/ to XMEMSET() and XMEMCPY() respectively.)
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes;
in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM;
in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS:
tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2;
wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating;
linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c.
wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c.
linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c.