add more macro guards around authentication feature, use XSTRLEN for portability, zero out sensitive data before function return

JacobBarthelmeh · JacobBarthelmeh · commit a6b484bf19ed · 2026-04-13T16:30:10.000-06:00
diff --git a/src/wh_auth.c b/src/wh_auth.c
@@ -39,6 +39,8 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
+
 #include <stdint.h>
 #include <stddef.h>
 #include <string.h>
@@ -449,3 +451,5 @@ int wh_Auth_Unlock(whAuthContext* auth)
     return wh_Lock_Release(&auth->lock);
 }
 #endif /* WOLFHSM_CFG_THREADSAFE */
+
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
diff --git a/src/wh_auth_base.c b/src/wh_auth_base.c
@@ -23,6 +23,8 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
+
 #include <stdint.h>
 #include <stddef.h>
 #include <string.h>
@@ -111,14 +113,16 @@ static whAuthBase_User* wh_Auth_BaseCheckPin(const char* username,
                                              const void* auth_data,
                                              uint16_t    auth_data_len)
 {
-    whAuthBase_User* found_user;
+    whAuthBase_User* found_user = NULL;
+    whAuthBase_User* ret        = NULL;
     unsigned char    authCheck[WH_AUTH_BASE_MAX_CREDENTIALS_LEN];
     uint16_t         authCheck_len;
     int              rc;
 
     /* Process auth_data: hash if crypto enabled, copy if disabled */
     rc = wh_Auth_BaseHashPin(auth_data, auth_data_len, authCheck);
     if (rc != WH_ERROR_OK) {
+        wh_Utils_ForceZero(authCheck, sizeof(authCheck));
         return NULL;
     }
 #ifndef WOLFHSM_CFG_NO_CRYPTO
@@ -132,9 +136,11 @@ static whAuthBase_User* wh_Auth_BaseCheckPin(const char* username,
         found_user->credentials_len == authCheck_len &&
         wh_Utils_ConstantCompare(found_user->credentials, authCheck,
         authCheck_len) == 0) {
-        return found_user;
+        ret = found_user;
     }
-    return NULL;
+
+    wh_Utils_ForceZero(authCheck, sizeof(authCheck));
+    return ret;
 }
 
 #if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
@@ -553,3 +559,5 @@ int wh_Auth_BaseUserSetCredentials(void* context, uint16_t user_id,
     (void)auth_context;
     return rc;
 }
+
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
diff --git a/src/wh_client_auth.c b/src/wh_client_auth.c
@@ -25,7 +25,8 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
-#ifdef WOLFHSM_CFG_ENABLE_CLIENT
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT) && \
+    defined(WOLFHSM_CFG_ENABLE_AUTHENTICATION)
 
 /* System libraries */
 #include <string.h> /* For memcpy, strncpy */
@@ -43,16 +44,16 @@
 #include "wolfhsm/wh_utils.h"
 
 /* Does not find the user name in the list, only verifies that the user name is
- * not too long and not null. */
+ * not NULL, not empty, and not too long. */
 static int _UserNameIsValid(const char* username)
 {
     size_t len;
 
-    if (username == NULL) {
+    if (username == NULL || username[0] == '\0') {
         return 0;
     }
 
-    len = strnlen(username, WH_MESSAGE_AUTH_MAX_USERNAME_LEN);
+    len = XSTRLEN(username);
     return (len < WH_MESSAGE_AUTH_MAX_USERNAME_LEN);
 }
 
@@ -726,4 +727,4 @@ int wh_Client_AuthUserSetCredentials(
     return rc;
 }
 
-#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
+#endif /* WOLFHSM_CFG_ENABLE_CLIENT && WOLFHSM_CFG_ENABLE_AUTHENTICATION */
diff --git a/src/wh_message_auth.c b/src/wh_message_auth.c
@@ -25,6 +25,8 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
+
 #include <stdint.h>
 #include <stddef.h>
 #include <string.h>
@@ -368,3 +370,5 @@ int wh_MessageAuth_TranslateUserSetCredentialsRequest(
 
     return 0;
 }
+
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
diff --git a/src/wh_server.c b/src/wh_server.c
@@ -85,7 +85,9 @@ int wh_Server_Init(whServerContext* server, whServerConfig* config)
 
     memset(server, 0, sizeof(*server));
     server->nvm = config->nvm;
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
     server->auth = config->auth;
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
 
 #ifndef WOLFHSM_CFG_NO_CRYPTO
     server->crypto = config->crypto;
diff --git a/src/wh_server_auth.c b/src/wh_server_auth.c
@@ -25,7 +25,8 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
-#ifdef WOLFHSM_CFG_ENABLE_SERVER
+#if defined(WOLFHSM_CFG_ENABLE_SERVER) && \
+    defined(WOLFHSM_CFG_ENABLE_AUTHENTICATION)
 
 /* System libraries */
 #include <stdint.h>
@@ -285,4 +286,4 @@ int wh_Server_HandleAuthRequest(whServerContext* server, uint16_t magic,
     return rc;
 }
 
-#endif /* WOLFHSM_CFG_ENABLE_SERVER */
+#endif /* WOLFHSM_CFG_ENABLE_SERVER && WOLFHSM_CFG_ENABLE_AUTHENTICATION */
diff --git a/src/wh_utils.c b/src/wh_utils.c
@@ -95,7 +95,13 @@ int wh_Utils_memeqzero(uint8_t* buffer, uint32_t size)
  * Uses volatile to prevent the compiler from optimizing away the writes. */
 void wh_Utils_ForceZero(void* mem, uint32_t size)
 {
-    volatile uint8_t* p = (volatile uint8_t*)mem;
+    volatile uint8_t* p;
+
+    if (mem == NULL || size == 0) {
+        return;
+    }
+
+    p = (volatile uint8_t*)mem;
     while (size > 0) {
         *p = 0;
         p++;
diff --git a/test/wh_test_clientserver.c b/test/wh_test_clientserver.c
@@ -1740,8 +1740,10 @@ static int wh_ClientServer_PosixMemMapThreadTest(whTestNvmBackendType nvmType)
         .crypto = crypto,
 #endif
     }};
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
     s_conf->auth = NULL; /* For non authenticated tests set auth context to NULL
                           * which avoids authentication checks. */
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
 
     WH_TEST_RETURN_ON_FAIL(wh_Nvm_Init(nvm, n_conf));
 
diff --git a/wolfhsm/wh_server.h b/wolfhsm/wh_server.h
@@ -40,7 +40,9 @@ typedef struct whServerContext_t whServerContext;
 #include "wolfhsm/wh_comm.h"
 #include "wolfhsm/wh_keycache.h"
 #include "wolfhsm/wh_nvm.h"
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
 #include "wolfhsm/wh_auth.h"
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
 #include "wolfhsm/wh_message_customcb.h"
 #include "wolfhsm/wh_log.h"
 #ifdef WOLFHSM_CFG_DMA
@@ -139,7 +141,9 @@ typedef struct {
 typedef struct whServerConfig_t {
     whCommServerConfig* comm_config;
     whNvmContext*       nvm;
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
     whAuthContext*      auth;
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
 
 #ifndef WOLFHSM_CFG_NO_CRYPTO
     whServerCryptoContext* crypto;
@@ -162,7 +166,9 @@ typedef struct whServerConfig_t {
 /* Context structure to maintain the state of an HSM server */
 struct whServerContext_t {
     whNvmContext* nvm;
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
     whAuthContext* auth;
+#endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
     whCommServer  comm[1];
 #ifndef WOLFHSM_CFG_NO_CRYPTO
     whServerCryptoContext* crypto;
