WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8582 from douzzer/20250321-Wdeclaration-after-statements-and-Kyber-fixes 

20250321-Wdeclaration-after-statements-and-Kyber-fixes
pull/8588/head
David Garske 2025-03-21 16:40:38 -07:00 committed by GitHub
parent 9a3ea6fd73 e3fe575720
commit defcaa192f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 92 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/pq-all.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'

29
configure.ac
View File

@ -1416,14 +1416,14 @@ AC_ARG_WITH([liboqs],
# Used:
# - SHA3, Shake128 and Shake256
AC_ARG_ENABLE([kyber],
[AS_HELP_STRING([--enable-kyber],[Enable MLKEM (default: disabled)])],
[AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
[ ENABLED_MLKEM=$enableval ],
[ ENABLED_MLKEM=no ]
)
# note, inherits default from "kyber" clause above.
AC_ARG_ENABLE([mlkem],
[AS_HELP_STRING([--enable-kyber],[Enable MLKEM (default: disabled)])],
[ ENABLED_MLKEM=$enableval ],
[ ENABLED_MLKEM=no ]
[AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
[ ENABLED_MLKEM=$enableval ]
)
ENABLED_WC_MLKEM=no
@ -1434,13 +1434,18 @@ ENABLED_MLKEM_DECAPSULATE=no
for v in `echo $ENABLED_MLKEM | tr "," " "`
do
case $v in
yes)
yes|all)
ENABLED_MLKEM512=yes
ENABLED_MLKEM768=yes
ENABLED_MLKEM1024=yes
ENABLED_MLKEM_MAKE_KEY=yes
ENABLED_MLKEM_ENCAPSULATE=yes
ENABLED_MLKEM_DECAPSULATE=yes
if test "$v" = "all"
then
ENABLED_ML_KEM=yes
ENABLED_ORIGINAL=yes
fi
;;
no)
;;
@ -1468,11 +1473,6 @@ do
decapsulate|dec)
ENABLED_MLKEM_DECAPSULATE=yes
;;
all)
ENABLED_MLKEM_MAKE_KEY=yes
ENABLED_MLKEM_ENCAPSULATE=yes
ENABLED_MLKEM_DECAPSULATE=yes
;;
original|kyber)
ENABLED_ORIGINAL=yes
;;
@ -5673,7 +5673,8 @@ AS_CASE([$FIPS_VERSION],
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
-DNO_BIG_INT \
-DWC_RNG_SEED_CB"
-DWC_RNG_SEED_CB \
-DNO_PBKDF2"
# optimizations section
@ -5700,9 +5701,9 @@ AS_CASE([$FIPS_VERSION],
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_hkdf" != "yes")],
[enable_hkdf="no"; ENABLED_HKDF="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_HKDF"])
AS_IF([test "$ENABLED_PWDBASED" != "yes" &&
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_pwdbased" != "no")],
[enable_pwdbased="yes"; ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2"])
AS_IF([test "$ENABLED_PWDBASED" != "no" &&
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_pwdbased" != "yes")],
[enable_pwdbased="no"; ENABLED_PWDBASED="no"])
AS_IF([test "$ENABLED_SRTP" != "no" &&
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp" != "yes")],

3
src/tls.c
View File

@ -10894,10 +10894,11 @@ int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions)
int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
TLSX** extensions)
{
(void) extensions;
int ret;
int i, j;
(void) extensions;
/* Validating the input. */
if (length == 0)
return BUFFER_ERROR;

14
tests/api.c
View File

@ -29768,14 +29768,16 @@ static int msgSrvCb(SSL_CTX *ctx, SSL *ssl)
#endif
#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
WOLFSSL_X509* peer = NULL;
{
WOLFSSL_X509* peer = NULL;
ExpectNotNull(peer= wolfSSL_get_peer_certificate(ssl));
ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
ExpectNotNull(peer= wolfSSL_get_peer_certificate(ssl));
ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
fprintf(stderr, "Peer Certificate = :\n");
X509_print(bio,peer);
X509_free(peer);
fprintf(stderr, "Peer Certificate = :\n");
X509_print(bio,peer);
X509_free(peer);
}
ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl));
if (sk == NULL) {

6
tests/api/test_evp.c
View File

@ -74,9 +74,9 @@ int test_wolfSSL_EVP_CIPHER_type_string(void)
EXPECT_DECLS;
#ifdef OPENSSL_EXTRA
const char* cipherStr;
/* Test with valid cipher types */
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_AES_128_CBC_TYPE);
ExpectNotNull(cipherStr);
@ -94,7 +94,7 @@ int test_wolfSSL_EVP_CIPHER_type_string(void)
cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_NULL_CIPHER_TYPE);
ExpectNotNull(cipherStr);
ExpectStrEQ(cipherStr, "NULL");
/* Test with invalid cipher type */
cipherStr = wolfSSL_EVP_CIPHER_type_string(0xFFFF);
ExpectNull(cipherStr);

6
wolfcrypt/benchmark/benchmark.c
View File

@ -9675,8 +9675,10 @@ static void bench_mlkem_keygen(int type, const char* name, int keySize,
#ifdef MLKEM_NONDETERMINISTIC
ret = wc_KyberKey_MakeKey(key, &gRng);
#else
unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ] = {0,};
ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
{
unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ] = {0,};
ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
}
#endif
if (ret != 0)
goto exit;

8
wolfcrypt/src/asn.c
View File

@ -21236,11 +21236,12 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
* like a traditional signature in the certificate. */
static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
{
(void)cert;
int ret = 0;
word32 idx = 0;
int len = 0;
(void)cert;
WOLFSSL_ENTER("DecodeAltSigVal");
if (ret == 0) {
@ -32238,15 +32239,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
falcon_key* falconKey = NULL;
dilithium_key* dilithiumKey = NULL;
sphincs_key* sphincsKey = NULL;
WOLFSSL_ENTER("wc_MakeSigWithBitStr");
int ret = 0;
int headerSz;
void* heap = NULL;
CertSignCtx certSignCtx_lcl;
CertSignCtx* certSignCtx = &certSignCtx_lcl;
WOLFSSL_ENTER("wc_MakeSigWithBitStr");
if ((sig == NULL) || (sigSz <= 0)) {
return BAD_FUNC_ARG;
}

89
wolfcrypt/src/wc_mlkem.c
View File

@ -672,10 +672,8 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
sword16 y[3 * MLKEM_MAX_K * MLKEM_N];
#endif
#endif
#ifdef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
sword16* u;
sword16* v;
#endif
/* Establish parameters based on key type. */
switch (key->type) {
@ -741,21 +739,15 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
}
#endif
if (ret == 0) {
#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
if (ret == 0) {
/* Assign allocated dynamic memory to pointers.
* y (b) | a (m) | mu (p) | e1 (p) | e2 (v) | u (v) | v (p) */
a = y + MLKEM_N * k;
mu = a + MLKEM_N * k * k;
e1 = mu + MLKEM_N;
e2 = e1 + MLKEM_N * k;
#else
/* Assign allocated dynamic memory to pointers.
* y (v) | a (v) | u (v) */
a = y + MLKEM_N * k;
#endif
#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
/* Convert msg to a polynomial.
* Step 20: mu <- Decompress_1(ByteDecode_1(m)) */
mlkem_from_msg(mu, m);
@ -767,7 +759,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
*/
ret = mlkem_get_noise(&key->prf, k, y, e1, e2, r);
}
#ifdef WOLFSSL_MLKEM_CACHE_A
#ifdef WOLFSSL_MLKEM_CACHE_A
if ((ret == 0) && ((key->flags & MLKEM_FLAG_A_SET) != 0)) {
unsigned int i;
/* Transpose matrix.
@ -782,16 +774,13 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
}
}
else
#endif
#endif /* WOLFSSL_MLKEM_CACHE_A */
if (ret == 0) {
/* Generate the transposed matrix.
* Step 4-8: generate matrix A_hat */
ret = mlkem_gen_matrix(&key->prf, a, k, key->pubSeed, 1);
}
if (ret == 0) {
sword16* u;
sword16* v;
/* Assign remaining allocated dynamic memory to pointers.
* y (v) | a (m) | mu (p) | e1 (p) | r2 (v) | u (v) | v (p)*/
u = e2 + MLKEM_N;
@ -799,8 +788,14 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
/* Perform encapsulation maths.
* Steps 18-19, 21: calculate u and v */
mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k);
#else
ret = mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k);
}
#else /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
if (ret == 0) {
/* Assign allocated dynamic memory to pointers.
* y (v) | a (v) | u (v) */
a = y + MLKEM_N * k;
/* Initialize the PRF for use in the noise generation. */
mlkem_prf_init(&key->prf);
/* Generate noise using PRF.
@ -819,41 +814,39 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m,
key->pubSeed, r);
}
#endif /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
if (ret == 0) {
#endif
{
byte* c1 = c;
byte* c2 = c + compVecSz;
#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
if (k == WC_ML_KEM_512_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_10(c1, u, k);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_4(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
if (k == WC_ML_KEM_768_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_10(c1, u, k);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_4(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
if (k == WC_ML_KEM_1024_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_11(c1, u);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_5(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
byte* c1 = c;
byte* c2 = c + compVecSz;
#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
if (k == WC_ML_KEM_512_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_10(c1, u, k);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_4(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
if (k == WC_ML_KEM_768_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_10(c1, u, k);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_4(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
if (k == WC_ML_KEM_1024_K) {
/* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
mlkem_vec_compress_11(c1, u);
/* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
mlkem_compress_5(c2, v);
/* Step 24: return c <- (c_1||c_2) */
}
#endif
}
#ifndef WOLFSSL_NO_MALLOC

17
wolfcrypt/src/wc_mlkem_poly.c
View File

@ -1345,8 +1345,10 @@ void mlkem_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k)
* @param [in] e2 Error polynomial.
* @param [in] m Message polynomial.
* @param [in] k Number of polynomials in vector.
* @return 0 on success.
*
*/
void mlkem_encapsulate(const sword16* t, sword16* u , sword16* v,
int mlkem_encapsulate(const sword16* t, sword16* u , sword16* v,
const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
const sword16* m, int k)
{
@ -1416,6 +1418,8 @@ void mlkem_encapsulate(const sword16* t, sword16* u , sword16* v,
/* Add errors and message to v and reduce.
* Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) */
mlkem_add3_reduce(v, e2, m);
return 0;
}
#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
@ -1660,8 +1664,9 @@ int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf,
* @param [in] e2 Error polynomial.
* @param [in] m Message polynomial.
* @param [in] k Number of polynomials in vector.
* @return 0 on success.
*/
static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
static int mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
const sword16* m, int k)
{
@ -1696,6 +1701,8 @@ static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
sword16 t = v[i] + e2[i] + m[i];
v[i] = MLKEM_BARRETT_RED(t);
}
return 0;
}
/* Encapsulate message.
@ -1709,8 +1716,9 @@ static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
* @param [in] e2 Error polynomial.
* @param [in] m Message polynomial.
* @param [in] k Number of polynomials in vector.
* @return 0 on success.
*/
void mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v,
int mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v,
const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
const sword16* m, int k)
{
@ -1718,11 +1726,12 @@ void mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v,
if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
mlkem_encapsulate_avx2(pub, u, v, a, y, e1, e2, m, k);
RESTORE_VECTOR_REGISTERS();
return 0;
}
else
#endif
{
mlkem_encapsulate_c(pub, u, v, a, y, e1, e2, m, k);
return mlkem_encapsulate_c(pub, u, v, a, y, e1, e2, m, k);
}
}

2
wolfssl/wolfcrypt/wc_mlkem.h
View File

@ -163,7 +163,7 @@ int mlkem_keygen_seeds(sword16* priv, sword16* pub, MLKEM_PRF_T* prf,
#endif
#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
WOLFSSL_LOCAL
void mlkem_encapsulate(const sword16* pub, sword16* bp, sword16* v,
int mlkem_encapsulate(const sword16* pub, sword16* bp, sword16* v,
const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
const sword16* m, int kp);
#else