Skip to content

Update wolfHSM pointer, fix minor issues#729

Merged
danielinux merged 1 commit intowolfSSL:masterfrom
padelsbach:update-wolfhsm-submodule
Mar 23, 2026
Merged

Update wolfHSM pointer, fix minor issues#729
danielinux merged 1 commit intowolfSSL:masterfrom
padelsbach:update-wolfhsm-submodule

Conversation

@padelsbach
Copy link
Contributor

@padelsbach padelsbach commented Mar 19, 2026
edited
Loading

  • Move wolfHSM submodule like to latest
  • Use host-appropriate SP math
  • Remove use of deleted whServerCryptoContext.devId in hal/sim.c
  • Remove duplicate definition of SP_WORD_SIZE in include/user_settings.h

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #729

Scan targets checked: wolfboot-bugs, wolfboot-src
Findings: 1

Low (1)

Crypto context devId changed from INVALID_DEVID to zero

File: hal/sim.c:173
Function: (file-scope initialization)
Category: HAL implementation flaws

The whServerCryptoContext crypto initialization was changed from explicitly setting .devId = INVALID_DEVID to zero-initialization ({0}). In wolfSSL, INVALID_DEVID is typically defined as -2, so devId will now be 0 instead of -2. A devId of 0 is a valid device identifier, which could cause the HSM server's crypto operations to be routed to an unintended crypto device rather than signaling "no device". This may be intentional if the updated wolfHSM submodule (also changed in this PR) now handles devId initialization internally, but if not, it could alter crypto operation routing in the simulator.

/* Before */
whServerCryptoContext crypto[1] = {{
    .devId = INVALID_DEVID,
}};

/* After */
whServerCryptoContext crypto[1] = {0};

Recommendation: Verify that the updated wolfHSM library (commit 18c46af) initializes devId to INVALID_DEVID internally during server setup, or that a devId of 0 is now the intended sentinel value. If neither is the case, restore the explicit .devId = INVALID_DEVID initialization to ensure crypto operations are not misrouted.

This review was generated automatically by Fenrir. Findings are non-blocking.

@padelsbach
Copy link
Contributor Author

padelsbach commented Mar 19, 2026

Crypto context devId changed from INVALID_DEVID to zero

This field is no longer present in wolfHSM/wolfhsm/wh_server.h

@padelsbach padelsbach mentioned this pull request Mar 19, 2026
Merged
@padelsbach padelsbach force-pushed the update-wolfhsm-submodule branch 19 times, most recently from 15f754f to 6f580e8 Compare March 21, 2026 01:12
danielinux
danielinux reviewed Mar 21, 2026
View reviewed changes
@padelsbach padelsbach force-pushed the update-wolfhsm-submodule branch 2 times, most recently from 7e44671 to 11b4d49 Compare March 23, 2026 04:43
@padelsbach padelsbach force-pushed the update-wolfhsm-submodule branch from 11b4d49 to e2f79c9 Compare March 23, 2026 16:35
@padelsbach padelsbach marked this pull request as ready for review March 23, 2026 17:26
@danielinux danielinux merged commit 3d2a555 into wolfSSL:master Mar 23, 2026
369 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Frauschi Frauschi Frauschi left review comments

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@danielinux danielinux danielinux approved these changes

Assignees

@padelsbach padelsbach

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@padelsbach @danielinux @Frauschi @wolfSSL-Fenrir-bot