20241031-fixes

configure.ac

@@ -10,6 +10,9 @@ AC_PREREQ([2.69])
 AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
+# Inhibit unwanted regeneration of autotools artifacts by Makefile.
+AM_MAINTAINER_MODE([disable])
+
 # The following sets CFLAGS to empty if unset on command line.  We do not
 # want the default "-g -O2" that AC_PROG_CC sets automatically.
 : ${CFLAGS=""}
@@ -8902,6 +8905,8 @@ AC_ARG_ENABLE([dual-alg-certs],
 
 AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
 
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_CRYPTONLY" = "yes" ],[ AC_MSG_ERROR([dual-alg-certs is incompatible with --enable-cryptonly.]) ])
+
 # Adds functionality to support Raw Public Key (RPK) RFC7250
 AC_ARG_ENABLE([rpk],
     [AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
@@ -9725,9 +9730,6 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
     AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
 
-    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_CRYPTONLY" = "no"; then
-        AC_MSG_ERROR([--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.])
-    fi
     if test "$ENABLED_FILESYSTEM" = "yes"; then
         AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
     fi

linuxkm/linuxkm_wc_port.h

@@ -918,6 +918,13 @@
 
     #include <linux/limits.h>
 
+    #ifndef INT32_MAX
+        #define INT32_MAX INT_MAX
+    #endif
+    #ifndef UINT32_MAX
+        #define UINT32_MAX UINT_MAX
+    #endif
+
     /* Linux headers define these using C expressions, but we need
      * them to be evaluable by the preprocessor, for use in sp_int.h.
      */

linuxkm/module_exports.c.template

@@ -215,3 +215,6 @@
 #include <wolfssl/openssl/pem.h>
 #endif
 
+#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
+#include <wolfssl/openssl/fips_rand.h>
+#endif

src/pk.c

@@ -165,7 +165,26 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
         /* Write left over data back to BIO if not a file BIO */
         if ((ret > 0) && ((memSz - ret) > 0) &&
                  (bio->type != WOLFSSL_BIO_FILE)) {
-            int res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
+            int res;
+            if (!alloced) {
+                /* If wolfssl_read_bio() points mem at the buffer internal to
+                 * bio, we need to dup it before calling wolfSSL_BIO_write(),
+                 * because the latter may reallocate the bio, invalidating the
+                 * mem pointer before reading from it.
+                 */
+                char *mem_dup = (char *)XMALLOC((size_t)(memSz - ret),
+                                                NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                if (mem_dup != NULL) {
+                    XMEMCPY(mem_dup, mem + ret, (size_t)(memSz - ret));
+                    res = wolfSSL_BIO_write(bio, mem_dup, memSz - ret);
+                    mem = mem_dup;
+                    alloced = 1;
+                }
+                else
+                    res = MEMORY_E;
+            }
+            else
+                res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
             if (res != memSz - ret) {
                 WOLFSSL_ERROR_MSG("Unable to write back excess data");
                 if (res < 0) {

wolfssl/wolfcrypt/settings.h

@@ -3491,6 +3491,7 @@ extern void uITRON4_free(void *p) ;
     #undef HAVE_STRINGS_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
+    #undef HAVE_ATEXIT
     #undef WOLFSSL_HAVE_MIN
     #undef WOLFSSL_HAVE_MAX
     #define SIZEOF_LONG         8

wolfssl/wolfcrypt/types.h

@@ -1123,7 +1123,7 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_SNIFFER_KEY          = 1006,
         DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE  = 1007,
         DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008,
-        DYNAMIC_TYPE_AES_EAX = 1009,
+        DYNAMIC_TYPE_AES_EAX = 1009
     };
 
     /* max error buffer string size */