bsdkm: initial wolfcrypt FreeBSD kernel module support.

.codespellexcludelines

@@ -16,3 +16,5 @@ rsource "Kconfig.tls-generic"
 \pagenumbering{alph}
     DES3_KEY_SIZE       = 24,  /* 3 des ede               */
 /* functions added to support above needed, removed TOOM and KARATSUBA */
+#include <sys/systm.h>
+ * extern global version from /usr/src/sys/sys/systm.h */

.gitignore

@@ -249,6 +249,12 @@ linuxkm/linuxkm
 linuxkm/src
 linuxkm/patches/src
 *.nds
+bsdkm/export_syms
+bsdkm/i386
+bsdkm/libwolfssl.ko
+bsdkm/machine
+bsdkm/opt_global.h
+bsdkm/x86
 
 # autotools generated
 scripts/unit.test

.wolfssl_known_macro_extras

@@ -35,6 +35,7 @@ BASE64_NO_TABLE
 BLAKE2B_SELFTEST
 BLAKE2S_SELFTEST
 BLOCKING
+BSDKM_EXPORT_SYMS
 BSP_DEFAULT_IO_CHANNEL_DEFINED
 BSP_LED_0
 BSP_LED_1
@@ -305,6 +306,7 @@ INTIMEVER
 IOTSAFE_NO_GETDATA
 IOTSAFE_SIG_8BIT_LENGTH
 KCAPI_USE_XMALLOC
+KERNEL_ROOT
 K_SERIES
 LIBWOLFSSL_VERSION_GIT_BRANCH
 LIBWOLFSSL_VERSION_GIT_HASH

Makefile.am

@@ -179,6 +179,7 @@ include sslSniffer/sslSnifferTest/include.am
 include debian/include.am
 include rpm/include.am
 include linuxkm/include.am
+include bsdkm/include.am
 include zephyr/include.am
 include RTOS/nuttx/include.am
 
@@ -220,7 +221,7 @@ if BUILD_LINUXKM
         CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
         CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \
         ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \
-        ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE ENABLED_LINUXKM_BENCHMARKS
+        ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE ENABLED_KERNEL_BENCHMARKS
 
 module:
 	+$(MAKE) -C linuxkm libwolfssl.ko
@@ -236,6 +237,20 @@ install_module modules_install:
 
 endif
 
+if BUILD_BSDKM
+    SUBDIRS_OPT += bsdkm
+    DIST_SUBDIRS_OPT += bsdkm
+
+.MAKE.EXPORTED = build_triplet host_triplet CC AS LD \
+        KERNEL_ROOT BSDKM_EXPORT_SYMS KERNEL_EXTRA_CFLAGS \
+        EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
+        AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
+        AM_CCASFLAGS CCASFLAGS \
+        src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS
+
+endif
+
+
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh
 endif

bsdkm/Makefile

@@ -0,0 +1,50 @@
+# wolfssl kernel module name and source, and root dir.
+KMOD=libwolfssl
+SRCS=wolfkmod.c
+WOLFSSL_DIR=../
+
+CFLAGS+=-I${WOLFSSL_DIR}
+CFLAGS+=-DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER
+# debug printing
+# CFLAGS+=-DWOLFSSL_BSDKM_VERBOSE_DEBUG
+CFLAGS+=$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS)
+
+# FreeBSD make does not support GNU make's patsubst and related. Filter
+# through sed instead.
+WOLFSSL_OBJS != echo ${src_libwolfssl_la_OBJECTS} | \
+  sed 's|src_libwolfssl_la-||g' | sed 's|\.lo|.o|g' | \
+  sed 's|wolfcrypt/src/|${WOLFSSL_DIR}/wolfcrypt/src/|g'
+
+.if ${ENABLED_CRYPT_TESTS} == "yes"
+    WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/test/test.o
+.else
+    CFLAGS+=-DNO_CRYPT_TEST
+.endif
+
+OBJS += ${WOLFSSL_OBJS}
+
+# Export no public symbols by default.
+.if !defined(BSDKM_EXPORT_SYMS)
+    EXPORT_SYMS=NO
+.else
+    EXPORT_SYMS=${BSDKM_EXPORT_SYMS}
+.endif
+
+# Default to live kernel src tree makefile at
+# /usr/src/sys/conf/kmod.mk
+.if !defined(KERNEL_ROOT)
+    SYSDIR?= /usr/src/sys
+.else
+    SYSDIR?= ${KERNEL_ROOT}
+.endif
+.include "${SYSDIR}/conf/kmod.mk"
+
+# Smooth out a few inconsistencies between FreeBSD default compiler flags
+# in /usr/src/sys/conf/kern.mk, vs wolfssl harden flags in
+# m4/ax_harden_compiler_flags.m4. E.g. some FreeBSD header files shorten
+# 64 to 32 bit, and some wolfcrypt functions cast away const.
+CFLAGS+= -Wno-unused-function
+CFLAGS+= -Wno-cast-qual
+CFLAGS+= -Wno-error=cast-qual
+CFLAGS+= -Wno-shorten-64-to-32
+CFLAGS+= -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""

bsdkm/bsdkm_wc_port.h

@@ -0,0 +1,118 @@
+/* bsdkm_wc_port.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* included by wolfssl/wolfcrypt/wc_port.h */
+
+#ifndef BSDKM_WC_PORT_H
+#define BSDKM_WC_PORT_H
+
+#ifdef WOLFSSL_BSDKM
+
+#include <sys/ctype.h>
+#include <sys/types.h>
+#include <sys/malloc.h>
+#include <sys/systm.h>
+#if !defined(SINGLE_THREADED)
+    #include <sys/mutex.h>
+#endif /* !SINGLE_THREADED */
+#ifndef CHAR_BIT
+    #include <sys/limits.h>
+#endif /* !CHAR_BIT*/
+
+/* needed to prevent wolfcrypt/src/asn.c version shadowing
+ * extern global version from /usr/src/sys/sys/systm.h */
+#define version wc_version
+
+#define wc_km_printf printf
+
+/* str and char utility functions */
+#define XATOI(s) ({                                         \
+      char * endptr = NULL;                                 \
+      long   _xatoi_ret = strtol(s, &endptr, 10);           \
+      if ((s) == endptr || *endptr != '\0') {               \
+        _xatoi_ret = 0;                                     \
+      }                                                     \
+      (int)_xatoi_ret;                                      \
+    })
+
+#if !defined(XMALLOC_OVERRIDE)
+    #error bsdkm requires XMALLOC_OVERRIDE
+#endif /* !XMALLOC_OVERRIDE */
+
+/* use malloc and free from /usr/include/sys/malloc.h */
+extern struct malloc_type M_WOLFSSL[1];
+
+#define XMALLOC(s, h, t) \
+    ({(void)(h); (void)(t); malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO);})
+
+#ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+    #define XFREE(p, h, t) \
+        ({(void)(h); (void)(t); free(p, M_WOLFSSL);})
+#else
+    #define XFREE(p, h, t) \
+        ({void* _xp; (void)(h); (void)(t); _xp = (p); \
+         if(_xp) free(_xp, M_WOLFSSL);})
+#endif
+
+#if !defined(SINGLE_THREADED)
+    #define WC_MUTEX_OPS_INLINE
+
+    typedef struct wolfSSL_Mutex {
+        struct mtx lock;
+    } wolfSSL_Mutex;
+
+    static __always_inline int wc_InitMutex(wolfSSL_Mutex * m)
+    {
+        mtx_init(&m->lock, "wolfssl spinlock", NULL, MTX_SPIN);
+        return 0;
+    }
+
+    static __always_inline int wc_FreeMutex(wolfSSL_Mutex * m)
+    {
+        mtx_destroy(&m->lock);
+        return 0;
+    }
+
+    static __always_inline int wc_LockMutex(wolfSSL_Mutex *m)
+    {
+        mtx_lock_spin(&m->lock);
+        return 0;
+    }
+
+    static __always_inline int wc_UnLockMutex(wolfSSL_Mutex* m)
+    {
+        mtx_unlock_spin(&m->lock);
+        return 0;
+    }
+#endif /* !SINGLE_THREADED */
+
+#if defined(WOLFSSL_HAVE_ATOMIC_H) && !defined(WOLFSSL_NO_ATOMICS)
+    #include <machine/atomic.h>
+    typedef volatile int wolfSSL_Atomic_Int;
+    typedef volatile unsigned int wolfSSL_Atomic_Uint;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x)  (int)atomic_load_acq_int(&(x))
+    #define WOLFSSL_ATOMIC_STORE(x, v)  atomic_store_rel_int(&(x), (v))
+    #define WOLFSSL_ATOMIC_OPS
+#endif /* WOLFSSL_HAVE_ATOMIC_H && !WOLFSSL_NO_ATOMICS */
+
+#endif /* WOLFSSL_BSDKM */
+#endif /* BSDKM_WC_PORT_H */

bsdkm/include.am

@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += m4/ax_bsdkm.m4 \
+	      bsdkm/Makefile \
+	      bsdkm/wolfkmod.c \
+	      bsdkm/bsdkm_wc_port.h