From 1ad8b2897aaa28257a7a4e0acfca134b50a30a3d Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 13:58:09 -0600 Subject: [PATCH 01/11] Force zero with bufferSize instead of length. add void prototype to definitions --- src/internal.c | 2 +- wolfcrypt/src/memory.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index b817bbfa8..f534d06d5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11004,7 +11004,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) } ForceZero(ssl->buffers.inputBuffer.buffer, - ssl->buffers.inputBuffer.length); + ssl->buffers.inputBuffer.bufferSize); XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 3bd5fc185..c2f8b2630 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -212,7 +212,7 @@ static wolfSSL_Mutex zeroMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(zeroMutex); /* Initialize the table of addresses and the mutex. */ -void wc_MemZero_Init() +void wc_MemZero_Init(void) { /* Clear the table to more easily see what is valid. */ XMEMSET(memZero, 0, sizeof(memZero)); @@ -226,7 +226,7 @@ void wc_MemZero_Init() /* Free the mutex and check we have not any uncheck addresses. */ -void wc_MemZero_Free() +void wc_MemZero_Free(void) { /* Free mutex. */ #ifndef WOLFSSL_MUTEX_INITIALIZER From 11942e774cc58b982eef252c499b8cae2d1b327b Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 15:04:10 -0600 Subject: [PATCH 02/11] do not abort MEM_ZERO check if TEST_ALWAYS_RUN_TO_END is defined --- wolfcrypt/src/memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index c2f8b2630..ae57c5f67 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -302,7 +302,9 @@ void wc_MemZero_Check(void* addr, size_t len) fprintf(stderr, "\n[MEM_ZERO] %s:%p + %ld is not zero\n", memZero[i].name, memZero[i].addr, j); fprintf(stderr, "[MEM_ZERO] Checking %p:%ld\n", addr, len); + #ifndef TEST_ALWAYS_RUN_TO_END abort(); + #endif } } /* Update next index to write to. */ From 8b1422a8695cdfcbed59e5c38945a30a21c5de0c Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 15:10:51 -0600 Subject: [PATCH 03/11] add configuration for WOLFSSL_MEM_CHECK_ZERO --- .github/workflows/os-check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index bce6b7088..94d38f3cf 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -59,6 +59,7 @@ jobs: '--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--disable-sys-ca-certs', '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ', + '--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"', ] name: make check if: github.repository_owner == 'wolfssl' From f7c7ac275a6364a8598f192a4b52a02aca4e3ec4 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 28 Aug 2025 11:02:45 -0500 Subject: [PATCH 04/11] linuxkm/linuxkm_wc_port.h and linuxkm/x86_vector_register_glue.c: refactor wc_save_vector_registers_x86() and wc_restore_vector_registers_x86() to allow recursive WC_SVR_FLAG_INHIBIT while already in a vector save context; linuxkm/lkcapi_sha_glue.c: in get_drbg() and put_drbg(), DISABLE_VECTOR_REGISTERS()...REENABLE_VECTOR_REGISTERS() if tfm == crypto_default_rng. --- .wolfssl_known_macro_extras | 1 - linuxkm/linuxkm_wc_port.h | 10 ++++---- linuxkm/lkcapi_sha_glue.c | 30 +++++++++++++---------- linuxkm/x86_vector_register_glue.c | 38 +++++++++++++++++++++--------- 4 files changed, 50 insertions(+), 29 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 6a8f6ab7c..2c68d0b00 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -661,7 +661,6 @@ WOLFSSL_CAAM_BLACK_KEY_SM WOLFSSL_CAAM_NO_BLACK_KEY WOLFSSL_CALLBACKS WOLFSSL_CHECK_DESKEY -WOLFSSL_CHECK_MEM_ZERO WOLFSSL_CHIBIOS WOLFSSL_CLANG_TIDY WOLFSSL_CLIENT_EXAMPLE diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 197b9176a..14f8ae693 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -469,7 +469,7 @@ extern void free_wolfcrypt_linuxkm_fpu_states(void); WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); - WOLFSSL_API void wc_restore_vector_registers_x86(void); + WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags); #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #include @@ -505,14 +505,14 @@ #endif #endif #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_NONE) #endif #ifndef DISABLE_VECTOR_REGISTERS #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) @@ -1217,12 +1217,12 @@ #if defined(CONFIG_X86) WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); - WOLFSSL_API void wc_restore_vector_registers_x86(void); + WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags); #ifndef DISABLE_VECTOR_REGISTERS #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #else /* !CONFIG_X86 */ #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 0e73dd981..584ebc3f3 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -968,6 +968,7 @@ struct wc_linuxkm_drbg_ctx { struct wc_rng_inst { wolfSSL_Atomic_Int lock; WC_RNG rng; + int disabled_vec_ops; } *rngs; /* one per CPU ID */ }; @@ -1089,8 +1090,14 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { + struct wc_rng_inst *drbg = &ctx->rngs[n]; + if (tfm == crypto_default_rng) + drbg->disabled_vec_ops = (DISABLE_VECTOR_REGISTERS() == 0); + else + drbg->disabled_vec_ops = 0; + return drbg; + } ++n; if (n >= (int)ctx->n_rngs) n = 0; @@ -1108,8 +1115,11 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { + struct wc_rng_inst *drbg = &ctx->rngs[n]; + drbg->disabled_vec_ops = 0; + return drbg; + } if (can_sleep) { if (signal_pending(current)) return NULL; @@ -1127,6 +1137,10 @@ static inline void put_drbg(struct wc_rng_inst *drbg) { (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) int migration_disabled = (drbg->lock == 2); #endif + if (drbg->disabled_vec_ops) { + REENABLE_VECTOR_REGISTERS(); + drbg->disabled_vec_ops = 0; + } __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE); #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) @@ -1140,7 +1154,6 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, u8 *dst, unsigned int dlen) { int ret, retried = 0; - int need_fpu_restore; struct wc_rng_inst *drbg = get_drbg(tfm); if (! drbg) { @@ -1148,11 +1161,6 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, return -EFAULT; } - /* for the default RNG, make sure we don't cache an underlying SHA256 - * method that uses vector insns (forbidden from irq handlers). - */ - need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0; - retry: if (slen > 0) { @@ -1186,8 +1194,6 @@ retry: out: - if (need_fpu_restore) - REENABLE_VECTOR_REGISTERS(); put_drbg(drbg); return ret; diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index 159162cd1..5ec17acfd 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -346,7 +346,14 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) /* allow for nested calls */ if (pstate && (pstate->fpu_state != 0U)) { - if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) { + if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) + == WC_FPU_COUNT_MASK)) + { + pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for " + "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); + return BAD_STATE_E; + } + if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) { if (flags & WC_SVR_FLAG_INHIBIT) { /* allow recursive inhibit calls as long as the whole stack of * them is inhibiting. @@ -357,15 +364,12 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) else return WC_ACCEL_INHIBIT_E; } - if (unlikely(flags & WC_SVR_FLAG_INHIBIT)) - return BAD_STATE_E; - if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) - == WC_FPU_COUNT_MASK)) - { - pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for " - "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); - return BAD_STATE_E; - } else { + if (flags & WC_SVR_FLAG_INHIBIT) { + ++pstate->fpu_state; + pstate->fpu_state |= WC_FPU_INHIBITED_FLAG; + return 0; + } + else { ++pstate->fpu_state; return 0; } @@ -475,7 +479,7 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) __builtin_unreachable(); } -void wc_restore_vector_registers_x86(void) +void wc_restore_vector_registers_x86(enum wc_svr_flags flags) { struct wc_thread_fpu_count_ent *pstate; @@ -494,6 +498,14 @@ void wc_restore_vector_registers_x86(void) } if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) { + if (flags & WC_SVR_FLAG_INHIBIT) { + if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) + pstate->fpu_state &= ~WC_FPU_INHIBITED_FLAG; + else + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d " + "with _INHIBIT flag but saved state isn't _INHIBITED_.\n", task_pid_nr(current), + raw_smp_processor_id()); + } return; } @@ -505,6 +517,10 @@ void wc_restore_vector_registers_x86(void) #endif local_bh_enable(); } else if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) { + if (unlikely(! (flags & WC_SVR_FLAG_INHIBIT))) + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d " + "without _INHIBIT flag but saved state is _INHIBITED_.\n", task_pid_nr(current), + raw_smp_processor_id()); pstate->fpu_state = 0U; wc_linuxkm_fpu_state_release(pstate); local_bh_enable(); From 44c403f4c7672bbd5f6cfed88f4cd71d4d1db163 Mon Sep 17 00:00:00 2001 From: effbiae Date: Fri, 29 Aug 2025 12:32:26 +1000 Subject: [PATCH 05/11] replace (f)printf with WOLFSSL_DEBUG_PRINTF --- wolfcrypt/src/logging.c | 35 +++++++++++---------------------- wolfssl/wolfcrypt/error-crypt.h | 20 +++++-------------- wolfssl/wolfcrypt/logging.h | 12 ++++------- 3 files changed, 20 insertions(+), 47 deletions(-) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index a9f18b5e5..68729fe6d 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -253,7 +253,8 @@ void WOLFSSL_START(int funcNum) if (funcNum < WC_FUNC_COUNT) { double now = current_time(0) * 1000.0; #ifdef WOLFSSL_FUNC_TIME_LOG - fprintf(stderr, "%17.3f: START - %s\n", now, wc_func_name[funcNum]); + WOLFSSL_DEBUG_PRINTF("%17.3f: START - %s\n", + now, wc_func_name[funcNum]); #endif wc_func_start[funcNum] = now; } @@ -265,7 +266,8 @@ void WOLFSSL_END(int funcNum) double now = current_time(0) * 1000.0; wc_func_time[funcNum] += now - wc_func_start[funcNum]; #ifdef WOLFSSL_FUNC_TIME_LOG - fprintf(stderr, "%17.3f: END - %s\n", now, wc_func_name[funcNum]); + WOLFSSL_DEBUG_PRINTF("%17.3f: END - %s\n", + now, wc_func_name[funcNum]); #endif } } @@ -278,11 +280,11 @@ void WOLFSSL_TIME(int count) for (i = 0; i < WC_FUNC_COUNT; i++) { if (wc_func_time[i] > 0) { avg = wc_func_time[i] / count; - fprintf(stderr, "%8.3f ms: %s\n", avg, wc_func_name[i]); + WOLFSSL_DEBUG_PRINTF("%8.3f ms: %s\n", avg, wc_func_name[i]); total += avg; } } - fprintf(stderr, "%8.3f ms\n", total); + WOLFSSL_DEBUG_PRINTF("%8.3f ms\n", total); } #endif @@ -1850,36 +1852,21 @@ static int backtrace_callback(void *data, uintptr_t pc, const char *filename, *(int *)data = 1; return 0; } -#ifdef NO_STDIO_FILESYSTEM - printf(" #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, - function, filename, lineno); -#else - fprintf(stderr, " #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, - function, filename, lineno); -#endif + WOLFSSL_DEBUG_PRINTF(" #%d %p in %s %s:%d\n", (*(int *)data)++, + (void *)pc, function, filename, lineno); return 0; } static void backtrace_error(void *data, const char *msg, int errnum) { (void)data; -#ifdef NO_STDIO_FILESYSTEM - printf("ERR TRACE: error %d while backtracing: %s", errnum, msg); -#else - fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg); -#endif + WOLFSSL_DEBUG_PRINTF("ERR TRACE: error %d while backtracing: %s", + errnum, msg); } static void backtrace_creation_error(void *data, const char *msg, int errnum) { (void)data; -#ifdef NO_STDIO_FILESYSTEM - printf("ERR TRACE: internal error %d " + WOLFSSL_DEBUG_PRINTF("ERR TRACE: internal error %d " "while initializing backtrace facility: %s", errnum, msg); - printf("ERR TRACE: internal error " - "while initializing backtrace facility"); -#else - fprintf(stderr, "ERR TRACE: internal error %d " - "while initializing backtrace facility: %s", errnum, msg); -#endif } static int backtrace_init(struct backtrace_state **backtrace_state) { diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 74e441c6a..dad2f64ff 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -349,22 +349,12 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif #endif #ifndef WC_ERR_TRACE - #ifdef NO_STDIO_FILESYSTEM - #define WC_ERR_TRACE(label) \ - ( printf("ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ + #define WC_ERR_TRACE(label) \ + ( WOLFSSL_DEBUG_PRINTF("ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ ) - #else - #define WC_ERR_TRACE(label) \ - ( fprintf(stderr, \ - "ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ - ) - #endif #endif #include #else diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index f7eec130d..fe5adad66 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -550,6 +550,8 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_DEBUG_PRINTF_FN printk #elif defined(WOLFSSL_RENESAS_RA6M4) #define WOLFSSL_DEBUG_PRINTF_FN myprintf +#elif defined(NO_STDIO_FILESYSTEM) + #define WOLFSSL_DEBUG_PRINTF_FN printf #else #define WOLFSSL_DEBUG_PRINTF_FN fprintf #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS stderr, @@ -561,14 +563,8 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) #if defined(WOLF_NO_VARIADIC_MACROS) - #if defined(WOLFSSL_ESPIDF) - /* ESP-IDF supports variadic. Do not use WOLF_NO_VARIADIC_MACROS. - * This is only for WOLF_NO_VARIADIC_MACROS testing: */ - #define WOLFSSL_DEBUG_PRINTF(a) \ - WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS a) - #else - /* no variadic not defined for this platform */ - #endif + #define WOLFSSL_DEBUG_PRINTF(a) \ + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS a) #else #define WOLFSSL_DEBUG_PRINTF(...) \ WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__) From a0c8efdffecac230bcfbd2d12ee1d882f1d7c4b7 Mon Sep 17 00:00:00 2001 From: mgrojo Date: Sun, 10 Aug 2025 20:17:13 +0200 Subject: [PATCH 06/11] Ada: fix wrapping of `wolfSSL_ERR_error_string_n` Use unchecked conversion instead of type conversion to mimic C style conversion from int to unsigned long, avoiding the Ada overflow check that is raised when a negative value is converted to an unsigned type. --- wrapper/Ada/wolfssl.adb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb index 9bdd07afd..2f7caba0b 100644 --- a/wrapper/Ada/wolfssl.adb +++ b/wrapper/Ada/wolfssl.adb @@ -19,6 +19,7 @@ -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- +with Ada.Unchecked_Conversion; pragma Warnings (Off, "* is an internal GNAT unit"); with GNAT.Sockets.Thin_Common; pragma Warnings (On, "* is an internal GNAT unit"); @@ -798,10 +799,15 @@ package body WolfSSL is S : String (1 .. Error_Message_Index'Last); B : Byte_Array (1 .. size_t (Error_Message_Index'Last)); C : Natural; + -- Use unchecked conversion instead of type conversion to mimic C style + -- conversion from int to unsigned long, avoiding the Ada overflow check. + function To_Unsigned_Long is new Ada.Unchecked_Conversion + (Source => long, + Target => unsigned_long); begin - WolfSSL_Error_String (Error => unsigned_long (Code), + WolfSSL_Error_String (Error => To_Unsigned_Long (long (Code)), Data => B, - Size => unsigned_long (B'Last)); + Size => To_Unsigned_Long (long (B'Last))); Interfaces.C.To_Ada (Item => B, Target => S, Count => C, From cdbad34284a34cd5828e3bdf38ae57bd8184a46f Mon Sep 17 00:00:00 2001 From: mgrojo Date: Sun, 10 Aug 2025 20:37:43 +0200 Subject: [PATCH 07/11] Ada: include use of `WolfSSL.Get_Error` in the example --- wrapper/Ada/tls_server.adb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb index 9cd30b9d3..64e4f988d 100644 --- a/wrapper/Ada/tls_server.adb +++ b/wrapper/Ada/tls_server.adb @@ -346,6 +346,14 @@ package body Tls_Server with SPARK_Mode is WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); if not WolfSSL.Is_Valid (Ssl) then Put_Line ("ERROR: failed to create WOLFSSL object."); + declare + Error_Message : constant WolfSSL.Error_Message := + WolfSSL.Error (WolfSSL.Get_Error (Ssl, Result)); + begin + if Result = Success then + Put_Line (Error_Message.Text (1 .. Error_Message.Last)); + end if; + end; SPARK_Sockets.Close_Socket (L); if not DTLS then From 8ed1ce6a8b00fe53f515e76c23d584c751c59322 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 29 Aug 2025 14:42:48 -0500 Subject: [PATCH 08/11] wolfcrypt/src/wc_mlkem_asm.S: in _mlkem_decompress_5_avx2, use movzwq, not movzxw, for portability. --- wolfcrypt/src/wc_mlkem_asm.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S index bb36fe928..752542aaf 100644 --- a/wolfcrypt/src/wc_mlkem_asm.S +++ b/wolfcrypt/src/wc_mlkem_asm.S @@ -15780,7 +15780,7 @@ _mlkem_decompress_5_avx2: vpmulhrsw %ymm1, %ymm0, %ymm0 vmovdqu %ymm0, 448(%rdi) vmovq 150(%rsi), %xmm0 - movzxw 158(%rsi), %rdx + movzwq 158(%rsi), %rdx vpinsrq $0x01, %rdx, %xmm0, %xmm0 vinserti128 $0x01, %xmm0, %ymm0, %ymm0 vpshufb %ymm2, %ymm0, %ymm0 From 7df8ee4081f6fbe8aa738e92a7fe126b0515d425 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 30 Aug 2025 12:08:57 -0500 Subject: [PATCH 09/11] linuxkm/linuxkm_wc_port.h: add default setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT, to make visibility in random.c; linuxkm/lkcapi_sha_glue.c: revert f7c7ac275a (get_drbg() DISABLE_VECTOR_REGISTERS() for crypto_default_rng) -- compiler/inlining bug makes it break on at least one target, so caller needs to retain responsibility; linuxkm/x86_vector_register_glue.c: in wc_save_vector_registers_x86(), always return WC_ACCEL_INHIBIT_E if already fpu_state & WC_FPU_INHIBITED_FLAG, for safe+correct dynamics on recursive calls. --- linuxkm/linuxkm_wc_port.h | 11 ++++++++++ linuxkm/lkcapi_sha_glue.c | 35 +++++++++++------------------- linuxkm/x86_vector_register_glue.c | 18 ++++++--------- 3 files changed, 31 insertions(+), 33 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 14f8ae693..ff20e326d 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -422,6 +422,17 @@ #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #endif + /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here + * to assure that calls to get_random_bytes() in random.c are gated out + * (they would recurse, potentially infinitely). + */ + #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \ + !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) + #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT + #endif + #ifndef __PIE__ #include #include diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 584ebc3f3..e30ffc1b7 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -374,10 +374,7 @@ !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG) #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG #endif - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) - #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT - #endif + /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */ #else #undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG #endif @@ -968,7 +965,6 @@ struct wc_linuxkm_drbg_ctx { struct wc_rng_inst { wolfSSL_Atomic_Int lock; WC_RNG rng; - int disabled_vec_ops; } *rngs; /* one per CPU ID */ }; @@ -1090,14 +1086,8 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { - struct wc_rng_inst *drbg = &ctx->rngs[n]; - if (tfm == crypto_default_rng) - drbg->disabled_vec_ops = (DISABLE_VECTOR_REGISTERS() == 0); - else - drbg->disabled_vec_ops = 0; - return drbg; - } + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) + return &ctx->rngs[n]; ++n; if (n >= (int)ctx->n_rngs) n = 0; @@ -1115,11 +1105,8 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { - struct wc_rng_inst *drbg = &ctx->rngs[n]; - drbg->disabled_vec_ops = 0; - return drbg; - } + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) + return &ctx->rngs[n]; if (can_sleep) { if (signal_pending(current)) return NULL; @@ -1137,10 +1124,6 @@ static inline void put_drbg(struct wc_rng_inst *drbg) { (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) int migration_disabled = (drbg->lock == 2); #endif - if (drbg->disabled_vec_ops) { - REENABLE_VECTOR_REGISTERS(); - drbg->disabled_vec_ops = 0; - } __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE); #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) @@ -1154,6 +1137,7 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, u8 *dst, unsigned int dlen) { int ret, retried = 0; + int need_fpu_restore; struct wc_rng_inst *drbg = get_drbg(tfm); if (! drbg) { @@ -1161,6 +1145,11 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, return -EFAULT; } + /* for the default RNG, make sure we don't cache an underlying SHA256 + * method that uses vector insns (forbidden from irq handlers). + */ + need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0; + retry: if (slen > 0) { @@ -1194,6 +1183,8 @@ retry: out: + if (need_fpu_restore) + REENABLE_VECTOR_REGISTERS(); put_drbg(drbg); return ret; diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index 5ec17acfd..401309bbe 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -346,6 +346,13 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) /* allow for nested calls */ if (pstate && (pstate->fpu_state != 0U)) { + if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) { + /* don't allow recursive inhibit calls when already inhibited -- + * it would add no functionality and require keeping a separate + * count of inhibit recursions. + */ + return WC_ACCEL_INHIBIT_E; + } if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) == WC_FPU_COUNT_MASK)) { @@ -353,17 +360,6 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); return BAD_STATE_E; } - if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) { - if (flags & WC_SVR_FLAG_INHIBIT) { - /* allow recursive inhibit calls as long as the whole stack of - * them is inhibiting. - */ - ++pstate->fpu_state; - return 0; - } - else - return WC_ACCEL_INHIBIT_E; - } if (flags & WC_SVR_FLAG_INHIBIT) { ++pstate->fpu_state; pstate->fpu_state |= WC_FPU_INHIBITED_FLAG; From f8e4feb6331950d7c4707df3fc97e7759789d408 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 30 Aug 2025 12:54:22 -0500 Subject: [PATCH 10/11] wolfssl/wolfcrypt/error-crypt.h: in WC_ERR_TRACE() definition, use WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS, not WOLFSSL_DEBUG_PRINTF(, for compatibility with WOLF_NO_VARIADIC_MACROS. --- wolfssl/wolfcrypt/error-crypt.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index dad2f64ff..4a5df0561 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -349,11 +349,12 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif #endif #ifndef WC_ERR_TRACE - #define WC_ERR_TRACE(label) \ - ( WOLFSSL_DEBUG_PRINTF("ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ + #define WC_ERR_TRACE(label) \ + ( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ ) #endif #include From aa96c352d48e631eca500d4566d01c142e7afd62 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 30 Aug 2025 14:15:55 -0500 Subject: [PATCH 11/11] add !WC_SKIP_INCLUDED_C_FILES gates in indirectly compiled files in linuxkm/, to avoid false positive unknownMacro reports from cppcheck-force-source. --- .wolfssl_known_macro_extras | 1 + linuxkm/lkcapi_aes_glue.c | 5 +++++ linuxkm/lkcapi_dh_glue.c | 5 +++++ linuxkm/lkcapi_ecdh_glue.c | 5 +++++ linuxkm/lkcapi_ecdsa_glue.c | 5 +++++ linuxkm/lkcapi_glue.c | 3 +++ linuxkm/lkcapi_rsa_glue.c | 5 +++++ linuxkm/lkcapi_sha_glue.c | 5 +++++ linuxkm/x86_vector_register_glue.c | 3 +++ 9 files changed, 37 insertions(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 2c68d0b00..a7995c151 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -605,6 +605,7 @@ WC_RSA_NO_FERMAT_CHECK WC_SHA384 WC_SHA384_DIGEST_SIZE WC_SHA512 +WC_SKIP_INCLUDED_C_FILES WC_SSIZE_TYPE WC_STRICT_SIG WC_WANT_FLAG_DONT_USE_AESNI diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index cb5e0ea52..398f428d0 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -19,6 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_aes_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -4312,3 +4315,5 @@ static int linuxkm_test_aesecb(void) { #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */ #endif /* LINUXKM_LKCAPI_REGISTER_AES */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_dh_glue.c b/linuxkm/lkcapi_dh_glue.c index d8db8db12..69cfffe5a 100644 --- a/linuxkm/lkcapi_dh_glue.c +++ b/linuxkm/lkcapi_dh_glue.c @@ -20,6 +20,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -2966,3 +2969,5 @@ test_kpp_end: } #endif /* LINUXKM_LKCAPI_REGISTER_DH */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_ecdh_glue.c b/linuxkm/lkcapi_ecdh_glue.c index 96d5ce8db..86231183d 100644 --- a/linuxkm/lkcapi_ecdh_glue.c +++ b/linuxkm/lkcapi_ecdh_glue.c @@ -20,6 +20,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -991,3 +994,5 @@ test_ecdh_nist_end: } #endif /* LINUXKM_LKCAPI_REGISTER_ECDH */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c index f7e3cf67a..92d38dfd2 100644 --- a/linuxkm/lkcapi_ecdsa_glue.c +++ b/linuxkm/lkcapi_ecdsa_glue.c @@ -20,6 +20,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -843,3 +846,5 @@ test_ecdsa_nist_end: } #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index b62b82a83..db34d95aa 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -21,6 +21,7 @@ */ /* included by linuxkm/module_hooks.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. @@ -981,3 +982,5 @@ static int linuxkm_lkcapi_unregister(void) return seen_err; } + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_rsa_glue.c b/linuxkm/lkcapi_rsa_glue.c index 218d9eb37..0902af41f 100644 --- a/linuxkm/lkcapi_rsa_glue.c +++ b/linuxkm/lkcapi_rsa_glue.c @@ -20,6 +20,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -3250,3 +3253,5 @@ static int get_hash_enc_len(int hash_oid) return enc_len; } #endif /* LINUXKM_LKCAPI_REGISTER_RSA */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index e30ffc1b7..196ade40f 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -19,6 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/lkcapi_glue.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_sha_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -2045,3 +2048,5 @@ static int wc_linuxkm_drbg_cleanup(void) { } #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG */ + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index 401309bbe..f40357d70 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -21,6 +21,7 @@ */ /* included by linuxkm/module_hooks.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES #if !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86) #error x86_vector_register_glue.c included in non-vectorized/non-x86 project. @@ -531,3 +532,5 @@ void wc_restore_vector_registers_x86(enum wc_svr_flags flags) return; } + +#endif /* !WC_SKIP_INCLUDED_C_FILES */