Skip to content

Add suppoort for running wolfSSL on CHERIoT #10653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wbeasley-thegoodpenguin wants to merge 2 commits into
base: master
Choose a base branch
from
+300 −1
Open

Add suppoort for running wolfSSL on CHERIoT #10653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
688fc1a
cheri: Fix CHERI tag violation in sp_c32.c
wbeasley-thegoodpenguin May 27, 2026
88fe973
cheri: Add ability to force ASN template setters to use stack over heap
wbeasley-thegoodpenguin Jun 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion wolfcrypt/src/asn.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -520,7 +520,7 @@ static word32 SizeASNLength(word32 length)
#endif

#ifdef WOLFSSL_ASN_TEMPLATE
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_ASN_TEMPLATE_STACK_ALLOC)

@dgarske dgarske Jun 10, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a new build option being introduced.

  1. Make sure its documented at top of asn.c
  2. Please add to .wolfssl_known_macro_extras:
unrecognized macros used:
WOLFSSL_ASN_TEMPLATE_STACK_ALLOC
add well-formed but unknown macros to .wolfssl_known_macro_extras at top of source tree.

@dgarske dgarske Jun 10, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 [Medium] New build macro WOLFSSL_ASN_TEMPLATE_STACK_ALLOC is undocumented and silently raises stack usage

WOLFSSL_ASN_TEMPLATE_STACK_ALLOC is introduced here but appears nowhere else in the tree (no settings.h documentation, configure option, or comment). When it is defined together with WOLFSSL_SMALL_STACK, the entire ASN template macro family falls through to the #else (stack) branch, so ASNGetData/ASNSetData arrays are declared on the stack via Type name[cnt] instead of being heap-allocated. The macro switch is internally consistent (DECL/ALLOC/CALLOC/FREE all flip together, so there is no decl/alloc/free mismatch and no regression when the macro is undefined). However, the option deliberately re-introduces potentially large stack arrays that WOLFSSL_SMALL_STACK exists to avoid - a non-obvious tradeoff that callers must understand.

Fix: Document WOLFSSL_ASN_TEMPLATE_STACK_ALLOC (settings.h comment block and/or configure/README) including its purpose (CHERI: keep stack-derived capabilities off the heap) and the explicit warning that it increases stack consumption despite WOLFSSL_SMALL_STACK being set.

/* Declare the variable that is the dynamic data for decoding BER data.
*
* @param [in] name Variable name to declare.
Expand Down
Loading
Loading