wolfssl/wolfcrypt/settings.h: add #define WOLFSSL_NO_PUBLIC_FFDHE and #undef HAVE_PUBLIC_FFDHE to WOLFSSL_LINUXKM setup to avoid .data.rel.ro.local functions in dh.c;

linuxkm/linuxkm_wc_port.h: only use kvrealloc() on kernel >=6.11 -- the version in 5.15-6.10 is incompatible (oldsize arg).  also, restore use of kvmalloc on 4.12+, but with XREALLOC undefined, suitable for cryptonly modules; add #include <linux/sched.h> even on __PIE__ objects to make cond_sched() available;

wolfcrypt/src/asn.c: harmonize gate around definitions of BEGIN_DSA_PRIV and END_DSA_PRIV;

wolfcrypt/src/asn.c: in EccSpecifiedECDomainDecode(), work around "const char[]" types in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type on FIPS <6;

wolfcrypt/src/asn.c, wolfcrypt/src/wc_xmss.c, wolfssl/wolfcrypt/wc_lms.h: add comments to new WOLFSSL_NAMES_STATIC slots explaining where the size comes from.

Author: douzzer

linuxkm/linuxkm_wc_port.h

@@ -80,13 +80,16 @@
     /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901, merged for 4.12.
      * kvrealloc() added in de2860f463, merged for 5.15, backported to 5.10.137.
      * moved to ultimate home (slab.h) in 8587ca6f34, merged for 5.16.
-
+     *
+     * however, until 6.11, it took an extra argument, oldsize, that makes it
+     * incompatible with traditional libc usage patterns, so we don't try to use it.
      */
-    #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) ||    \
-        ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 137)) && \
-         (LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 90)))
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
         #define HAVE_KVMALLOC
     #endif
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+        #define HAVE_KVREALLOC
+    #endif
 
     /* kernel printf doesn't implement fp. */
     #ifndef WOLFSSL_NO_FLOAT_FMT
@@ -306,6 +309,7 @@
 #endif
 
     #include <linux/slab.h>
+    #include <linux/sched.h>
 
 #ifndef __PIE__
     #ifndef SINGLE_THREADED
@@ -637,12 +641,16 @@
         typeof(kzalloc_noprof) *kzalloc_noprof;
         typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof;
         typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof;
-        typeof(kvrealloc_noprof) *kvrealloc_noprof;
+        #ifdef HAVE_KVREALLOC
+            typeof(kvrealloc_noprof) *kvrealloc_noprof;
+        #endif
 #else /* <6.10.0 */
         typeof(kmalloc) *kmalloc;
         typeof(krealloc) *krealloc;
         #ifdef HAVE_KVMALLOC
             typeof(kvmalloc_node) *kvmalloc_node;
+        #endif
+        #ifdef HAVE_KVREALLOC
             typeof(kvrealloc) *kvrealloc;
         #endif
         #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
@@ -879,6 +887,8 @@
     #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO)
     #ifdef HAVE_KVMALLOC
         #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node)
+    #endif
+    #ifdef HAVE_KVREALLOC
         #define kvrealloc (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc)
     #endif
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
@@ -1175,7 +1185,11 @@
     #ifdef HAVE_KVMALLOC
         #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC), NUMA_NO_NODE)
         #define free(ptr) kvfree(ptr)
-        #define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
+        #ifdef HAVE_KVREALLOC
+            #define realloc(ptr, newsize) kvrealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
+        #else
+            #define realloc(ptr, newsize) ((void)(ptr), (void)(newsize), NULL)
+        #endif
     #else
         #define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), (preempt_count() == 0 ? GFP_KERNEL : GFP_ATOMIC))
         #define free(ptr) kfree(ptr)
@@ -1204,7 +1218,9 @@
     #else
         #define XFREE(p, h, t)       ({void* _xp; (void)(h); (void)(t); _xp = (p); if(_xp) free(_xp);})
     #endif
-    #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
+    #if defined(HAVE_KVREALLOC) || !defined(HAVE_KVMALLOC)
+        #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
+    #endif
 #endif
 
     #include <linux/limits.h>

linuxkm/module_hooks.c

@@ -523,6 +523,8 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc;
 #ifdef HAVE_KVMALLOC
     wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node;
+#endif
+#ifdef HAVE_KVREALLOC
     wolfssl_linuxkm_pie_redirect_table.kvrealloc = kvrealloc;
 #endif
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)

wolfcrypt/src/asn.c

@@ -14323,7 +14323,9 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
 typedef struct CertNameData {
     /* Type string of name component. */
 #ifdef WOLFSSL_NAMES_STATIC
-    const char str[20];
+    const char str[20]; /* large enough for largest string in certNameSubject[]
+                         * below
+                         */
     #define EMPTY_STR { 0 }
 #else
     const char* str;
@@ -26192,8 +26194,7 @@ static wcchar END_ENC_PRIV_KEY     = "-----END ENCRYPTED PRIVATE KEY-----";
 static wcchar BEGIN_PKCS7          = "-----BEGIN PKCS7-----";
 static wcchar END_PKCS7            = "-----END PKCS7-----";
 #endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-                                                                !defined(NO_DSA)
+#if defined(HAVE_ECC) || !defined(NO_DSA)
     static wcchar BEGIN_DSA_PRIV   = "-----BEGIN DSA PRIVATE KEY-----";
     static wcchar END_DSA_PRIV     = "-----END DSA PRIVATE KEY-----";
 #endif
@@ -35701,25 +35702,25 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
     #else
     if (ret == 0) {
         /* Base X-ordinate */
-        DataToHexString(base + 1, (word32)curve->size, curve->Gx);
+        DataToHexString(base + 1, (word32)curve->size, (char *)curve->Gx);
         /* Base Y-ordinate */
-        DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy);
+        DataToHexString(base + 1 + curve->size, (word32)curve->size, (char *)curve->Gy);
         /* Prime */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
-                        curve->prime);
+                        (char *)curve->prime);
         /* Parameter A */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length,
-                        curve->Af);
+                        (char *)curve->Af);
         /* Parameter B */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length,
-                        curve->Bf);
+                        (char *)curve->Bf);
         /* Order of curve */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length,
-                        curve->order);
+                        (char *)curve->order);
     }
     #endif /* WOLFSSL_ECC_CURVE_STATIC */
 

wolfcrypt/src/wc_xmss.c

@@ -150,7 +150,9 @@ static WC_INLINE void wc_xmss_state_free(XmssState* state)
 typedef struct wc_XmssString {
     /* Name of algorithm as a string. */
 #ifdef WOLFSSL_NAMES_STATIC
-    const char str[32];
+    const char str[32]; /* large enough for largest string in wc_xmss_alg[] or
+                         * wc_xmssmt_alg[]
+                         */
 #else
     const char* str;
 #endif

wolfssl/wolfcrypt/settings.h

@@ -3699,6 +3699,8 @@ extern void uITRON4_free(void *p) ;
         #define WC_NO_INTERNAL_FUNCTION_POINTERS
         #define WOLFSSL_ECC_CURVE_STATIC
         #define WOLFSSL_NAMES_STATIC
+        #define WOLFSSL_NO_PUBLIC_FFDHE
+        #undef HAVE_PUBLIC_FFDHE
     #endif
 
     #ifndef NO_OLD_WC_NAMES

wolfssl/wolfcrypt/wc_lms.h

@@ -385,7 +385,7 @@ typedef struct wc_LmsParamsMap {
     enum wc_LmsParm id;
     /* String representation of identifier of parameters. */
 #ifdef WOLFSSL_NAMES_STATIC
-    const char str[32];
+    const char str[32]; /* large enough for largest string in wc_lms_map[] */
 #else
     const char* str;
 #endif