Merge pull request wolfSSL#10324 from douzzer/20260426-fixes

20260426-fixes

Author: dgarske

.wolfssl_known_macro_extras

@@ -670,6 +670,7 @@ WC_RSA_NONBLOCK_TIME
 WC_RSA_NO_FERMAT_CHECK
 WC_RWLOCK_OPS_INLINE
 WC_SKIP_INCLUDED_C_FILES
+WC_SLHDSA_VERBOSE_DEBUG
 WC_SSIZE_TYPE
 WC_STRICT_SIG
 WC_USE_PIE_FENCEPOSTS_FOR_FIPS
@@ -1018,9 +1019,11 @@ __ATOMIC_CONSUME
 __ATOMIC_RELAXED
 __AVR_ARCH__
 __AVR__
+__AVX512F__
 __BCPLUSPLUS__
 __BIG_ENDIAN__
 __BORLANDC__
+__BSD_VISIBLE
 __CCRX__
 __CC_ARM
 __COMPILER_VER__

wolfcrypt/benchmark/benchmark.c

@@ -3339,6 +3339,12 @@ static void bench_stats_ops_finish(const char* algo, int strength,
 
     (void)ret;
 
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+    RESTORE_VECTOR_REGISTERS();
+#elif defined(WOLFSSL_LINUXKM)
+    kernel_fpu_end();
+#endif
+
     bench_stats_prepare();
     TEST_SLEEP();
 } /* bench_stats_ops_finish */

wolfcrypt/src/random.c

@@ -1058,8 +1058,16 @@ static int Hash512_df(DRBG_SHA512_internal* drbg, byte* out, word32 outSz,
     byte* digest = drbg->digest_scratch;
 #elif defined(WOLFSSL_SMALL_STACK)
     byte* digest;
+#else
+#if defined(__GNUC__) && !defined(__clang__) && defined(__AVX512F__)
+    /* Use a jumbo alignment to work around a gcc compiler/optimizer bug that
+     * assumes AVX512 alignment in an object sized correctly for AVX512 passed
+     * to builtin memcpy(), which promptly crashes if not thus aligned.
+     */
+    byte digest[WC_SHA512_DIGEST_SIZE] WOLFSSL_ALIGN(WC_SHA512_DIGEST_SIZE);
 #else
     byte digest[WC_SHA512_DIGEST_SIZE];
+#endif
 #endif
 
     if (drbg == NULL) {
@@ -1135,6 +1143,12 @@ static int Hash512_df(DRBG_SHA512_internal* drbg, byte* out, word32 outSz,
     XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
 #endif
 
+#ifdef WC_VERBOSE_RNG
+    if (ret != 0)
+        WOLFSSL_DEBUG_PRINTF("ERROR: %s failed with err = %d", __FUNCTION__,
+                             ret);
+#endif
+
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }
 

wolfcrypt/src/wc_lms.c

@@ -521,7 +521,6 @@ static const wc_LmsParamsMap wc_lms_map[] = {
 #endif
 #endif /* !WOLFSSL_NO_LMS_SHAKE256_256 */
 
-#ifdef WOLFSSL_LMS_SHAKE256
     /* SHAKE256/192 L1 H5 */
     { WC_LMS_PARM_SHAKE192_L1_H5_W1 , "LMS/HSS_SHAKE256/192_L1_H5_W1",
       LMS_PARAMS(1,  5, 1, 2, LMS_SHAKE_M24_H5 , LMOTS_SHAKE_N24_W1,
@@ -595,7 +594,6 @@ static const wc_LmsParamsMap wc_lms_map[] = {
       LMS_PARAMS(1, 25, 8, 4, LMS_SHAKE_M24_H25, LMOTS_SHAKE_N24_W8,
                  WC_SHA256_192_DIGEST_SIZE) },
 #endif
-#endif /* WOLFSSL_LMS_SHAKE256 (M24 entries) */
 #endif /* WOLFSSL_LMS_SHAKE256 */
 };
 /* Number of parameter sets supported. */

wolfcrypt/src/wc_port.c

@@ -23,6 +23,9 @@
     !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_ZEPHYR) && \
     !defined(_GNU_SOURCE)
     #define _GNU_SOURCE 1
+#elif defined(__FreeBSD__)
+    /* for __FreeBSD_version */
+    #include <sys/param.h>
 #endif
 
 /*
@@ -5210,7 +5213,9 @@ int wc_socket_cloexec(int domain, int type, int protocol)
 int wc_accept_cloexec(int sockfd, void* addr, void* addrlen)
 {
     int fd;
-#if defined(__linux__) || defined(__ANDROID__)
+#if (defined(__USE_GNU) && (defined(__linux__) || defined(__ANDROID__))) || \
+    (defined(__FreeBSD__) && defined(__BSD_VISIBLE) && __BSD_VISIBLE && \
+     (__FreeBSD_version >= 1000000))
     fd = accept4(sockfd, (struct sockaddr*)addr, (socklen_t*)addrlen,
                  SOCK_CLOEXEC);
     if (fd >= 0)