Skip to content

20260630-various-fixes#10829

Merged
dgarske merged 4 commits into
wolfSSL:masterfrom
douzzer:20260630-various-fixes
Jul 1, 2026
Merged

20260630-various-fixes#10829
dgarske merged 4 commits into
wolfSSL:masterfrom
douzzer:20260630-various-fixes

Conversation

@douzzer

@douzzer douzzer commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

linuxkm/linuxkm_wc_port.h:

  • when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.

  • when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
    strncpy(), and strncat(), to clang builtins, to get proper __msan
    interception.

  • genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
    and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
    wc_linuxkm_stack_hwm_measure_rel().

wolfcrypt/src/port/kcapi/kcapi_aes.c: add backward-compat code paths for authTagSz validation on old FIPS.

wolfcrypt/src/aes.c:

  • add WC_MAYBE_UNUSED attribute to AesEcbEncryptBlocks(), AesEcbDecryptBlocks(),
    AesCbcEncryptBlocks(), AesCbcDecryptBlocks(), and AesCtrEncryptBlocks(), to
    fix -Wunused-functions in default build with --enable-aesni under clang.

  • in AesCfbDecrypt_C(), add smallstack implementation for fast inner loop on
    intelasm/armasm.

detected and tested with

wolfssl-multi-test.sh ...
check-source-text
linuxkm-noasm-fips-v5-gcc-latest-insmod-kmemleak
clang-aesni
quantum-safe-wolfssl-cross-aarch64-armasm-smallstack-unittest
quantum-safe-wolfssl-all-crypto-only-intelasm-sp-asm-sp-linuxkm-mainline-clang-tidy
linuxkm-6.15-all-cryptonly-quantum-safe-intelasm-LKCAPI-insmod-crypto-fuzzer-kmemleak
linuxkm-6.15-all-cryptonly-quantum-safe-intelasm-LKCAPI-insmod-crypto-fuzzer-ksan
fips-140-3-dev-kcapi

douzzer added 3 commits July 1, 2026 12:35
* when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.

* when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
  strncpy(), and strncat(), to clang builtins, to get proper __msan
  interception.

* genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
  and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
  wc_linuxkm_stack_hwm_measure_rel().
…ptBlocks(),

  AesCbcEncryptBlocks(), AesCbcDecryptBlocks(), and AesCtrEncryptBlocks(), to
  fix -Wunused-functions in default build with --enable-aesni under clang.

* in AesCfbDecrypt_C(), add smallstack implementation for fast inner loop on
  intelasm/armasm.

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10829

Scan targets checked: linuxkm-bugs, linuxkm-src, wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src

Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread linuxkm/linuxkm_wc_port.h Outdated
Comment thread linuxkm/linuxkm_wc_port.h Outdated
Comment thread wolfcrypt/src/aes.c
linuxkm/linuxkm_wc_port.h: strcpy() takes 2 args.

wolfcrypt/src/aes.c: add VECTOR_REGISTERS_PUSH2() and use it to free tmp in smallstack path if the push fails.
@dgarske dgarske merged commit c9e4b13 into wolfSSL:master Jul 1, 2026
304 of 305 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants