wolfSSL · jackctj117 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025
diff --git a/.github/workflows/clang-format-check.yml b/.github/workflows/clang-format-check.yml
@@ -57,14 +57,10 @@ jobs:
           echo ""
           echo "Please run the following command locally on your feature branch and commit the changes:"
           echo "  git-clang-format-15 $BASE_REF"
-          exit 0
-          # TEMPORARY DISABLE DUE TO BUGS
-          #exit 1
+          exit 1
         else
           echo "❌ git-clang-format-15 failed with exit code $status"
           echo "Output (if any):"
           cat "$DIFF_FILE"
-          exit 0
-          # TEMPORARY DISABLE DUE TO BUGS
-          #exit 1
+          exit 1
         fi
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
@@ -31,14 +31,12 @@
 #include <stddef.h> /* For NULL */
 #include <string.h> /* For memset, memcpy */
 
-
 /* Common WolfHSM types and defines shared with the server */
 #include "wolfhsm/wh_common.h"
 #include "wolfhsm/wh_error.h"
 #include "wolfhsm/wh_crypto.h"
 #include "wolfhsm/wh_utils.h"
 
-
 /* Components */
 #include "wolfhsm/wh_comm.h"
 
@@ -136,7 +134,8 @@ static int      _getCryptoResponse(uint8_t* respBuf, uint16_t type,
 /* Helper function to prepare a crypto request buffer with generic header */
 static uint8_t* _createCryptoRequest(uint8_t* reqBuf, uint16_t type)
 {
-    return _createCryptoRequestWithSubtype(reqBuf, type, WH_MESSAGE_CRYPTO_ALGO_SUBTYPE_NONE);
+    return _createCryptoRequestWithSubtype(reqBuf, type,
+                                           WH_MESSAGE_CRYPTO_ALGO_SUBTYPE_NONE);
 }
 
 /* Helper function to prepare a crypto request buffer with generic header and
@@ -2970,13 +2969,13 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx,
                                            wc_Sha256*       sha256,
                                            uint32_t         isLastBlock)
 {
-    uint16_t                        group   = WH_MESSAGE_GROUP_CRYPTO;
-    uint16_t                        action  = WH_MESSAGE_ACTION_NONE;
-    int                             ret     = 0;
-    uint16_t                        dataSz  = 0;
-    whMessageCrypto_Sha256Request*  req     = NULL;
-    whMessageCrypto_Sha2Response*   res     = NULL;
-    uint8_t*                        dataPtr = NULL;
+    uint16_t                       group   = WH_MESSAGE_GROUP_CRYPTO;
+    uint16_t                       action  = WH_MESSAGE_ACTION_NONE;
+    int                            ret     = 0;
+    uint16_t                       dataSz  = 0;
+    whMessageCrypto_Sha256Request* req     = NULL;
+    whMessageCrypto_Sha2Response*  res     = NULL;
+    uint8_t*                       dataPtr = NULL;
 
     /* Get data buffer */
     dataPtr = wh_CommClient_GetDataPtr(ctx->comm);
@@ -3001,7 +3000,7 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx,
         req->isLastBlock = 0;
     }
     memcpy(req->inBlock, sha256->buffer,
-            (isLastBlock) ? sha256->buffLen : WC_SHA256_BLOCK_SIZE);
+           (isLastBlock) ? sha256->buffLen : WC_SHA256_BLOCK_SIZE);
 
     /* Send the hash state - this will be 0 on the first block on a properly
      * initialized sha256 struct */
@@ -3119,13 +3118,13 @@ int wh_Client_Sha256(whClientContext* ctx, wc_Sha256* sha256, const uint8_t* in,
 int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in,
                         uint32_t inLen, uint8_t* out)
 {
-    int                                ret     = WH_ERROR_OK;
-    wc_Sha256*                         sha256  = sha;
-    uint16_t                           respSz  = 0;
-    uint16_t                           group   = WH_MESSAGE_GROUP_CRYPTO_DMA;
-    uint8_t*                           dataPtr = NULL;
-    whMessageCrypto_Sha2DmaRequest*    req     = NULL;
-    whMessageCrypto_Sha2DmaResponse*   resp    = NULL;
+    int                              ret     = WH_ERROR_OK;
+    wc_Sha256*                       sha256  = sha;
+    uint16_t                         respSz  = 0;
+    uint16_t                         group   = WH_MESSAGE_GROUP_CRYPTO_DMA;
+    uint8_t*                         dataPtr = NULL;
+    whMessageCrypto_Sha2DmaRequest*  req     = NULL;
+    whMessageCrypto_Sha2DmaResponse* resp    = NULL;
     uintptr_t inAddr = 0; /* The req->input.addr is reused elsewhere, this
                              local variable is to keep track of the resulting
                              DMA translation to pass back to the callback on
@@ -3145,10 +3144,10 @@ int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in,
 
     /* map addresses and setup default request structure */
     if (in != NULL || out != NULL) {
-        req->finalize    = 0;
-        req->state.sz    = sizeof(*sha256);
-        req->input.sz    = inLen;
-        req->output.sz   = WC_SHA256_DIGEST_SIZE; /* not needed, but YOLO */
+        req->finalize  = 0;
+        req->state.sz  = sizeof(*sha256);
+        req->input.sz  = inLen;
+        req->output.sz = WC_SHA256_DIGEST_SIZE; /* not needed, but YOLO */
 
         /* Perform address translations */
         ret = wh_Client_DmaProcessClientAddress(

diff --git a/src/wh_comm.c b/src/wh_comm.c
@@ -24,7 +24,7 @@
 /* Pick up compile-time configuration */
 #include "wolfhsm/wh_settings.h"
 
-#include <stdint.h>  /* For sized ints */
+#include <stdint.h> /* For sized ints */
 #include <stddef.h>
 #include <string.h>
 
@@ -33,7 +33,6 @@
 
 #include "wolfhsm/wh_comm.h"
 
-
 /** Conditional byteswap functions */
 
 uint8_t wh_Translate8(uint16_t magic, uint8_t val)

diff --git a/src/wh_crypto.c b/src/wh_crypto.c
@@ -30,7 +30,7 @@
 
 /* System libraries */
 #include <stdint.h>
-#include <stddef.h>  /* For NULL */
+#include <stddef.h> /* For NULL */
 
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/wolfcrypt/types.h"

diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c
@@ -42,7 +42,6 @@
 #include "wolfssl/ssl.h"
 #include "wolfssl/wolfcrypt/asn.h"
 
-
 static int _verifyChainAgainstCmStore(whServerContext*      server,
                                       WOLFSSL_CERT_MANAGER* cm,
                                       const uint8_t* chain, uint32_t chain_len,

diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c
@@ -211,9 +211,10 @@ static int whTest_CryptoRsa(whClientContext* ctx, int devId, WC_RNG* rng)
         memset(cipherText, 0, sizeof(cipherText));
         memset(finalText, 0, sizeof(finalText));
         ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID);
-        if (ret!= 0) {
+        if (ret != 0) {
             WH_ERROR_PRINT("Failed to wc_InitRsaKey_ex %d\n", ret);
-        } else {
+        }
+        else {
             ret = wh_Client_RsaMakeExportKey(ctx, RSA_KEY_BITS, RSA_EXPONENT,
                     rsa);
             if (ret != 0) {