Phase 3: Security and FIPS Compliance Audit + 12-OE source-of-truth enablement

Security and FIPS-compliance audit remediation for the wolfCrypt v7.0.0
post-quantum FIPS 140-3 module, plus the source changes required to build and
validate the module across all 12 Operational Environments (userspace and Linux
kernel module; x86_64/i386/aarch64/armv7; Intel/AMD).

linuxkm (Linux kernel module):
- Generalize the per-CPU vector-register save/restore service from x86 to ARM
  (kernel_neon_begin/end via WC_LINUXKM_FPU_BEGIN/END); broaden arch guards.
- Extend the in-core-integrity relocation canonicalizer to i386
  (R_386_32/R_386_PC32) and ARM (R_ARM_CALL/R_ARM_JUMP24).
- Kbuild arch-conditional crypto -march for wolfcrypt/src/port/arm/*.S; arm32
  EABI integer-divide helpers and PIE container mem* placeholders.

32-bit x86 AES-NI:
- Compile the WOLFSSL_X86_BUILD AES-NI path in aes_asm.S / aes_xts_asm.S; gate
  AES-GCM-AESNI to x86_64 (32-bit uses C GHASH + AES-NI blocks);
  AES_ECB_decrypt_AESNI argument-offset fix.

configure.ac: enable -march=armv8-a+crypto for the arm32 armasm crypto path.
random.c / random.h: RDSEED entropy scale and retry tuning for x86 OE portability.

Author: kaleb-himes

IDE/WIN-SRTP-KDF-140-3/test.vcxproj

@@ -162,7 +162,13 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <!-- FIPS in-core integrity (WIN-SRTP-KDF README): ASLR OFF so every
+           build loads at a fixed base and the in-core hash stays stable.
+           Mirrors the Release|x64 config; FixedBaseAddress (/FIXED) strips
+           the .reloc section so the i386 image is pinned at its preferred
+           ImageBase (0x00400000), matching the proven x86_64 (U4) behavior. -->
       <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <FixedBaseAddress>true</FixedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -177,6 +183,10 @@
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <!-- FIPS in-core integrity (WIN-SRTP-KDF README): ASLR OFF so every
+           build loads at a fixed base and the in-core hash stays stable. -->
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <FixedBaseAddress>true</FixedBaseAddress>
       <SubSystem>Console</SubSystem>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OptimizeReferences>true</OptimizeReferences>

IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj

@@ -314,6 +314,16 @@
     <ClCompile Include="..\..\src\dtls13.c" />
     <ClCompile Include="..\..\src\dtls.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <!-- FIPS v7.0.0 post-quantum module sources (FIPS 203/204/205, SP 800-208).
+         In-boundary placement is by .fipsA$/.fipsB$ section, not project order. -->
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mlkem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mlkem_poly.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_lms.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_lms_impl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_xmss.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_xmss_impl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_slhdsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_last.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />

configure.ac

@@ -3777,13 +3777,22 @@ then
             AC_MSG_NOTICE([32bit ARMv4 found])
             ;;
         *)
-            AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8 -marm"
+            # AArch32 ARMv8 crypto-extension asm (armv8-32-*-asm.S: sha256h,
+            # aese/aesmc, pmull) needs an explicit -march=armv8-a+crypto.  The
+            # ARMv8-A crypto extension is OPTIONAL, so the SHA/AES instructions
+            # are gated by the "+crypto" arch feature -- NOT enabled by -mfpu
+            # alone, and NOT by a bare -march=armv8-a (nor -mcpu=cortex-a53 on
+            # some toolchains).  Cross toolchains whose default -mcpu is ARMv7
+            # (e.g. Xilinx Vitis cortex-a9) otherwise reject them with
+            # "selected processor does not support sha256h.32 in ARM mode".
+            # Mirrors the in-kernel ARM armasm enablement (port/arm/*.S crypto).
+            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv8-a+crypto -mfpu=crypto-neon-fp-armv8 -marm"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=yes
             ENABLED_ARMASM_NEON=yes
             ENABLED_ARM_32=yes
-            AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
+            AC_MSG_NOTICE([32bit ARMv8 found, setting -march=armv8-a+crypto + mfpu=crypto-neon-fp-armv8])
             ;;
         esac
     esac
@@ -6315,13 +6324,7 @@ AS_CASE([$FIPS_VERSION],
             -DWC_RSA_NO_PADDING \
             -DECC_USER_CURVES \
             -DHAVE_ECC384 \
-            -DHAVE_ECC521 \
-            -DWOLFSSL_VALIDATE_FFC_IMPORT \
-            -DHAVE_FFDHE_Q \
-            -DHAVE_FFDHE_3072 \
-            -DHAVE_FFDHE_4096 \
-            -DHAVE_FFDHE_6144 \
-            -DHAVE_FFDHE_8192"
+            -DHAVE_ECC521"
 
         # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
         AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
@@ -6335,6 +6338,20 @@ AS_CASE([$FIPS_VERSION],
                 -DHAVE_ECC256"])
 
         DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
+
+# Classic DH and DSA are OUT OF SCOPE for the FIPS 140-3 v7 PQ module.
+# (FIPS 186-5 retires DSA; v7 boundary keeps only ECDH/ECDSA + PQ KEM/DSA.)
+# Hard-error if explicitly enabled; otherwise force off and add NO_DH/NO_DSA.
+        AS_IF([test "$enable_dh" = "yes"],
+            [AC_MSG_ERROR([--enable-dh is not supported with --enable-fips=$FIPS_VERSION. Classic finite-field DH is out of scope for the FIPS 140-3 v7 PQ module. Use --enable-fips=v6 if you need DH support.])],
+            [test "$ENABLED_DH" != "no"],
+            [ENABLED_DH="no"; enable_dh="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DH"])
+
+        AS_IF([test "$enable_dsa" = "yes"],
+            [AC_MSG_ERROR([--enable-dsa is not supported with --enable-fips=$FIPS_VERSION. DSA is retired by FIPS 186-5 and is out of scope for the FIPS 140-3 v7 PQ module. Use --enable-fips=v6 if you need DSA support.])],
+            [test "$ENABLED_DSA" != "no"],
+            [ENABLED_DSA="no"; enable_dsa="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DSA"])
+
 # optimizations section
 
 # protocol section
@@ -8889,8 +8906,17 @@ then
     fi
     if test "x$ENABLED_DH" = "xno"
     then
-        ENABLED_DH="yes"
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
+        # Classic DH is out of scope for the FIPS 140-3 v7 PQ module.
+        # JNI normally auto-enables DH for legacy TLS suites; with FIPS v7+
+        # we report and skip the auto-enable rather than silently turning DH
+        # back on (which would conflict with the boundary).
+        if test "$FIPS_VERSION" = "v7" || test "$FIPS_VERSION" = "ready" || test "$FIPS_VERSION" = "dev"
+        then
+            AC_MSG_NOTICE([JNI enabled but FIPS is $FIPS_VERSION, NOT turning on DH with this module])
+        else
+            ENABLED_DH="yes"
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
+        fi
     fi
     if test "x$ENABLED_PSK" = "xno"
     then

fips-hash.sh

@@ -13,7 +13,11 @@ then
 fi
 
 OUT=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
-NEWHASH=$(echo "$OUT" | cut -c1-64)
+# FIPS v7.0.0+ uses HMAC-SHA-512 (128 hex chars); older FIPS versions
+# use HMAC-SHA-256 (64 hex chars).  Take the whole captured hash; the
+# static_assert on sizeof(verifyCore) guards against wrong length at
+# compile time after this script runs.
+NEWHASH=$(echo "$OUT" | head -n1 | tr -d '[:space:]')
 if test -n "$NEWHASH"
 then
     cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak

linuxkm/Kbuild

@@ -99,6 +99,18 @@ $(LIBWOLFSSL_NAME)-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/modu
 
 ifeq "$(FIPS_OPTEST)" "1"
     $(LIBWOLFSSL_NAME)-y += linuxkm/optest-140-3/linuxkm_optest_wrapper.o
+    # The optest TEST wrapper (#includes test.c / invalid_tests.c) aggregates
+    # several AES contexts per invalid-input test function.  Under WOLFSSL_AESNI
+    # the Aes struct carries an inline ALIGN16 streamData[5*WC_AES_BLOCK_SIZE]
+    # (wolfssl/wolfcrypt/aes.h) plus use_aesni, so a handful of those functions
+    # (aes_{,mac_,ofb_,cfb_,kw_}invalid_data_tests) exceed the conservative i386
+    # THREAD_SIZE/4 = 2048 frame *warning*.  They build cleanly on x86_64 (whose
+    # THREAD_SIZE/4 = 4096 already accommodates them) and run in a kernel thread
+    # well within THREAD_SIZE.  Relax the cap to 4096 for the wrapper ONLY: it is
+    # test/evidence tooling OUTSIDE the FIPS module boundary, so the FIPS module
+    # objects keep the strict MAX_STACK_FRAME_SIZE.  No effect on x86_64 (its
+    # default is already 4096).
+    $(obj)/linuxkm/optest-140-3/linuxkm_optest_wrapper.o: ccflags-y += -Wframe-larger-than=4096
 endif
 
 WOLFSSL_CFLAGS_NO_VECTOR_INSNS := $(CFLAGS_SIMD_DISABLE) $(CFLAGS_FPU_DISABLE)
@@ -127,6 +139,10 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
           endif
         endif
       endif
+      ifeq ($(KERNEL_ARCH),i386)
+        NO_PIE_FLAG := 1
+        $(info Note: disabling -fPIE on 32-bit x86 -- i386 -fPIE routes every local symbol through the GOT (R_386_GOTOFF), which the wolfCrypt PIE containerization forbids.)
+      endif
     endif
 
     ifdef NO_PIE_FLAG
@@ -217,6 +233,25 @@ $(obj)/wolfcrypt/src/wc_mlkem_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/wc_mldsa_asm.o: asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/wc_mldsa_asm.o: OBJECT_FILES_NON_STANDARD := y
 
+# ARM/ARM64 crypto+NEON asm (wolfcrypt/src/port/arm/*.S) needs the crypto/NEON
+# -march enabled at assembly time.  The wolfSSL ARM asm carries no .arch/.fpu
+# directives, and configure leaves ASFLAGS_*_SIMD_ENABLE empty on ARM: the
+# userspace build inherits +crypto from the toolchain's default -mcpu (e.g.
+# cortex-a72), but the kernel build forces its own baseline -march without it,
+# so the AES/SHA/PMULL instructions are rejected ("selected processor does not
+# support `aesd ...'").  Supply the right -march here per kernel arch.  (The
+# wrong-arch port/arm files are #ifdef'd to empty objects, so the flag is a
+# no-op for them; OBJECT_FILES_NON_STANDARD silences objtool on the hand asm.)
+ifeq ($(CONFIG_ARM64),y)
+    WOLFSSL_ARM_ASM_MARCH := -march=armv8-a+crypto
+else ifeq ($(CONFIG_ARM),y)
+    WOLFSSL_ARM_ASM_MARCH := -march=armv8-a -mfpu=crypto-neon-fp-armv8
+endif
+ifdef WOLFSSL_ARM_ASM_MARCH
+$(obj)/wolfcrypt/src/port/arm/%.o: asflags-y := $(WOLFSSL_ASFLAGS) $(WOLFSSL_ARM_ASM_MARCH)
+$(obj)/wolfcrypt/src/port/arm/%.o: OBJECT_FILES_NON_STANDARD := y
+endif
+
 ifndef READELF
     READELF := readelf
 endif
@@ -325,7 +360,7 @@ RENAME_PIE_TEXT_AND_DATA_SECTIONS := \
 			next;						\
 		    }							\
 		    else if ($$4 == "OBJECT") {				\
-			if (! ($$7 in wolfcrypt_data_sections)) {	\
+			if (! ($$7 in wolfcrypt_data_sections) && ! ($$7 in wolfcrypt_text_sections)) {	\
 			    if ((other_sections[$$7] == ".printk_index") || \
 				(($$8 ~ /^_entry\.[0-9]+$$|^kernel_read_file_str$$/) &&		\
 				 (other_sections[$$7] == ".data.rel.ro.local"))) \

linuxkm/Makefile

@@ -45,7 +45,17 @@ ifndef SRC_TOP
     SRC_TOP=$(shell dirname $(MODULE_TOP))
 endif
 
-WOLFSSL_CFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -Wno-declaration-after-statement -Wno-redundant-decls -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
+# -Wno-nested-externs: the Linux kernel's compile-time-assert machinery
+# (<linux/compiler_types.h> _compiletime_assert, reached via the atomic / per-CPU /
+# printk-once macros used in linuxkm/x86_vector_register_glue.c) expands to an
+# "extern void __compiletime_assert_N(void)" declaration *inside* a function body.
+# That is by-design kernel code, but trips wolfSSL's -Wnested-externs -> with
+# -Werror it breaks the i386 + AES-NI kernel build (the glue is only compiled when
+# WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set, i.e. with a PAA enabled).  Suppress it
+# for the whole linuxkm build, same as the two kernel-incompatible warnings already
+# stripped here.  This only silences a diagnostic -> emitted object code (and the
+# FIPS in-core hash) is byte-identical on every arch.
+WOLFSSL_CFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -Wno-declaration-after-statement -Wno-redundant-decls -Wno-nested-externs -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
 ifdef KERNEL_EXTRA_CFLAGS
     WOLFSSL_CFLAGS += $(KERNEL_EXTRA_CFLAGS)
 endif
@@ -55,7 +65,13 @@ endif
 
 WOLFSSL_ASFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CCASFLAGS) $(CCASFLAGS)
 
-WOLFSSL_OBJ_FILES=$(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/%, $(patsubst src/libwolfssl_la-%, src/%, $(patsubst wolfcrypt/src/src_libwolfssl_la-%, wolfcrypt/src/%, $(src_libwolfssl_la_OBJECTS)))))
+# Strip libtool's per-target object prefix (src_libwolfssl_la-) so Kbuild sees the
+# real source-derived object names.  The innermost patsubst handles the ARM asm
+# under wolfcrypt/src/port/arm/ (armv8-*/armv8-32-*/thumb2-*), which the
+# directory-specific src/ and wolfcrypt/src/ patsubsts below do NOT match --
+# without it, --enable-armasm kernel builds fail with "No rule to make target
+# .../src_libwolfssl_la-armv8-aes-asm.o".
+WOLFSSL_OBJ_FILES=$(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/%, $(patsubst src/libwolfssl_la-%, src/%, $(patsubst wolfcrypt/src/src_libwolfssl_la-%, wolfcrypt/src/%, $(patsubst wolfcrypt/src/port/arm/src_libwolfssl_la-%, wolfcrypt/src/port/arm/%, $(src_libwolfssl_la_OBJECTS))))))
 
 ifeq "$(ENABLED_CRYPT_TESTS)" "yes"
     WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o
@@ -197,7 +213,7 @@ GENERATE_RELOC_TAB := $(AWK) '								\
 		next;									\
 	}										\
 	/^0/ {										\
-		if ($$3 !~ "^(R_X86_.*|R_AARCH64_.*|R_ARM.*)$$") {			\
+		if ($$3 !~ "^(R_X86_.*|R_386_.*|R_AARCH64_.*|R_ARM.*)$$") {		\
 		    print "Unexpected relocation type in " cur_seg ":\n" $$0 >"/dev/stderr";		\
 		    ++bad_relocs;							\
 		}									\
@@ -361,12 +377,12 @@ module-update-fips-hash: $(LIBWOLFSSL_NAME).ko
 	readarray -t verifyCore_attrs < <($(READELF) --wide --symbols "$<" | \
 	    sed -E -n 's/^[[:space:]]*[0-9]+: ([0-9a-fA-F]+)[[:space:]]+([0-9]+)[[:space:]]+OBJECT[[:space:]]+[A-Z]+[[:space:]]+[A-Z]+[[:space:]]+'"$${rodata_segment[0]}"'[[:space:]]+verifyCore$$/\1\n\2/p'); \
 	if [[ $${#verifyCore_attrs[@]} != 2 ]]; then echo '  unexpected verifyCore_attrs.' >&2; exit 1; fi; \
-	if [[ "$${verifyCore_attrs[1]}" != "65" ]]; then echo "	 verifyCore has unexpected length $${verifyCore_attrs[1]}." >&2; exit 1; fi; \
+	if [[ "$${verifyCore_attrs[1]}" != "129" ]]; then echo "	 verifyCore has unexpected length $${verifyCore_attrs[1]}." >&2; exit 1; fi; \
 	verifyCore_offset=$$((0x$${rodata_segment[1]} + 0x$${verifyCore_attrs[0]})); \
-	current_verifyCore=$$(dd bs=1 if="$<" skip=$$verifyCore_offset count=64 status=none); \
+	current_verifyCore=$$(dd bs=1 if="$<" skip=$$verifyCore_offset count=128 status=none); \
 	if [[ ! "$$current_verifyCore" =~ [0-9a-fA-F]{64} ]]; then echo "  verifyCore at offset $$verifyCore_offset has unexpected value." >&2; exit 1; fi; \
 	if [[ '$(FIPS_HASH)' == "$$current_verifyCore" ]]; then echo '	Supplied FIPS_HASH matches existing verifyCore -- no update needed.'; exit 0; fi; \
-	echo -n '$(FIPS_HASH)' | dd bs=1 conv=notrunc of="$<" seek=$$verifyCore_offset count=64 status=none && \
+	echo -n '$(FIPS_HASH)' | dd bs=1 conv=notrunc of="$<" seek=$$verifyCore_offset count=128 status=none && \
 	echo "	FIPS verifyCore updated successfully." && \
             if [[ -f '$(LIBWOLFSSL_NAME).ko.signed' ]]; then $(MAKE) $(QFLAG) --no-print-directory --no-silent -C . '$(LIBWOLFSSL_NAME).ko.signed'; fi
 

linuxkm/linuxkm_memory.c

@@ -52,6 +52,8 @@ static const struct reloc_layout_ent {
     [WC_R_X86_64_64]                  = { "R_X86_64_64",                                                ~0UL, 64, .is_signed = 0, .is_relative = 0 },
     [WC_R_X86_64_PC32]                = { "R_X86_64_PC32",                                              ~0UL, 32, .is_signed = 1, .is_relative = 1 },
     [WC_R_X86_64_PLT32]               = { "R_X86_64_PLT32",                                             ~0UL, 32, .is_signed = 1, .is_relative = 1 },
+    [WC_R_386_32]                     = { "R_386_32",                                                   ~0UL, 32, .is_signed = 0, .is_relative = 0 },
+    [WC_R_386_PC32]                   = { "R_386_PC32",                                                 ~0UL, 32, .is_signed = 1, .is_relative = 1 },
     [WC_R_AARCH64_ABS32]              = { "R_AARCH64_ABS32",                                            ~0UL, 32, .is_signed = 1, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_AARCH64_ABS64]              = { "R_AARCH64_ABS64",                                            ~0UL, 64, .is_signed = 1, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_AARCH64_ADD_ABS_LO12_NC]    = { "R_AARCH64_ADD_ABS_LO12_NC",    0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 },
@@ -64,6 +66,10 @@ static const struct reloc_layout_ent {
     [WC_R_AARCH64_LDST64_ABS_LO12_NC] = { "R_AARCH64_LDST64_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 },
     [WC_R_AARCH64_PREL32]             = { "R_AARCH64_PREL32",                                           ~0UL, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_ARM_ABS32]                  = { "R_ARM_ABS32",                                                ~0UL, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
+    /* ARM-mode BL/B: signed 24-bit word offset in bits [23:0] (cf. AARCH64_CALL26's
+     * 26-bit field).  Emitted by the arm32 ARM-mode (non-Thumb) kernel module build. */
+    [WC_R_ARM_CALL]                   = { "R_ARM_CALL",                   0b00000000111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
+    [WC_R_ARM_JUMP24]                 = { "R_ARM_JUMP24",                 0b00000000111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_ARM_PREL31]                 = { "R_ARM_PREL31",                 0b01111111111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_ARM_REL32]                  = { "R_ARM_REL32",                                                ~0UL, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
     [WC_R_ARM_THM_CALL]               = { "R_ARM_THM_CALL",               0b00000111111111110010111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 },
@@ -363,6 +369,12 @@ ssize_t wc_reloc_normalize_segment(
         case WC_R_X86_64_32:
         case WC_R_X86_64_32S:
         case WC_R_X86_64_64:
+        /* i386 shares the x86_64 normalization: R_386_32 is absolute
+         * (is_relative=0), R_386_PC32 is PC-relative (is_relative=1).  The
+         * math below is driven by layout->is_relative/is_signed and is
+         * width-correct via uintptr_t (32-bit on i386). */
+        case WC_R_386_32:
+        case WC_R_386_PC32:
 
             if (dest_seg != WC_R_SEG_OTHER) {
 #ifdef DEBUG_LINUXKM_PIE_SUPPORT
@@ -410,6 +422,8 @@ ssize_t wc_reloc_normalize_segment(
             break;
 
         case WC_R_ARM_ABS32:
+        case WC_R_ARM_CALL:
+        case WC_R_ARM_JUMP24:
         case WC_R_ARM_PREL31:
         case WC_R_ARM_REL32:
         case WC_R_ARM_THM_CALL:

linuxkm/linuxkm_memory.h

@@ -40,6 +40,12 @@ enum wc_reloc_type {
     WC_R_X86_64_64,
     WC_R_X86_64_PC32,
     WC_R_X86_64_PLT32,
+    /* 32-bit x86 (i386).  With NO_PIE_FLAG the wolfCrypt container emits only
+     * R_386_32 (absolute) and R_386_PC32 (PC-relative); these are semantically
+     * identical to R_X86_64_32 / R_X86_64_PC32 and share their canonicalization
+     * case below. */
+    WC_R_386_32,
+    WC_R_386_PC32,
     WC_R_AARCH64_ABS32,
     WC_R_AARCH64_ABS64,
     WC_R_AARCH64_ADD_ABS_LO12_NC,
@@ -52,6 +58,8 @@ enum wc_reloc_type {
     WC_R_AARCH64_LDST64_ABS_LO12_NC,
     WC_R_AARCH64_PREL32,
     WC_R_ARM_ABS32,
+    WC_R_ARM_CALL,
+    WC_R_ARM_JUMP24,
     WC_R_ARM_PREL31,
     WC_R_ARM_REL32,
     WC_R_ARM_THM_CALL,