ToTraditionalInline_ex2 original ASN code:
- Now return 0 when no OCTECT_STRING data found.
- Change callers to accept 0 as a valid returnb value.
SizeASN_Items:
- Change encoded size to word32 as won't be negative.
- Change callers to supply a pointer to a word32 instead of integer.
Fix casting due to change of parameter type.
ASN_LEN_ENC_LEN: Function to calculate the length of the encoded ASN.1
length.
GetLength_ex:
- Change minLen to word32
- Change length to word32 and change negative check appropriately for
different type.
GetASNHeader_ex:
- If not checking lengths in GetLength_ex, check it here.
DecodeObjectId:
- Ensure no overflow in calculation.
_RsaPrivateKeyDecode (original)
- Clear RSA integers on failure (will be done in free anyway).
wc_CreatePKCS8Key (original):
- safe check of overflow.
DecryptContent (templare):
- Parse will fail if OID not recognized, and recognized OIDs are 9/10
bytes long - but check idx is 9/10 anyway so we know we can read 2 end
bytes of data.
wc_RsaPublicKeyDecode_ex (original):
- Fix calculation of seqEndIdx and use it to bound modulus and
exponent.
DecodePolicyOID
- enusre inSz is not too long.
- Ensure no overflow in calculation.
SetOidValue (orginal):
- Safe check of inSz and oidSz.
SetAltNames (original):
- Improve length checks
FlattenAltNames:
- Check for overflow.
- Better length check.
ParseCRL_CertList (original):
- overflow check
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.
linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.
linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).