diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 50d4cb7c43..afef161a68 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NEW_PRIME_CHECK -WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API WOLFSSL_NO_BIO_ADDR_IN diff --git a/configure.ac b/configure.ac index 938ceddb4d..2c410c1bb3 100644 --- a/configure.ac +++ b/configure.ac @@ -614,7 +614,7 @@ AS_CASE([$ENABLED_FIPS], ENABLED_FIPS="yes" # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all) ], - [v6],[ + [v6|v6-dev],[ FIPS_VERSION="v6" HAVE_FIPS_VERSION=6 HAVE_FIPS_VERSION_MAJOR=6 @@ -626,7 +626,7 @@ AS_CASE([$ENABLED_FIPS], ], # Should always remain one ahead of the latest so as not to be confused with # the latest - [ready|v6-ready],[ + [ready],[ FIPS_VERSION="ready" HAVE_FIPS_VERSION=7 HAVE_FIPS_VERSION_MAJOR=7 @@ -636,7 +636,7 @@ AS_CASE([$ENABLED_FIPS], DEF_SP_MATH="yes" DEF_FAST_MATH="no" ], - [dev|v6-dev],[ + [dev],[ FIPS_VERSION="dev" HAVE_FIPS_VERSION_MAJOR=7 HAVE_FIPS_VERSION_MINOR=0 @@ -1710,10 +1710,23 @@ AC_ARG_WITH([liboqs], # MLKEM # Used: # - SHA3, Shake128 and Shake256 +# +# Note, setup is later, after FIPS setup. + +if test "$enable_shake128" != "no" && + test "$enable_shake256" != "no" && + test "$enable_sha3" != "no" && + (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7) +then + ENABLED_MLKEM_DEFAULT=yes +else + ENABLED_MLKEM_DEFAULT=no +fi + AC_ARG_ENABLE([mlkem], [AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])], [ ENABLED_MLKEM=$enableval ], - [ ENABLED_MLKEM=yes ] + [ ENABLED_MLKEM=$ENABLED_MLKEM_DEFAULT ] ) # note, inherits default from "mlkem" clause above. AC_ARG_ENABLE([kyber], @@ -1721,178 +1734,18 @@ AC_ARG_ENABLE([kyber], [ ENABLED_MLKEM=$enableval ] ) -# FIPS traditionally does not support SHAKE 128 and SHAKE 256 (v6 does), so disable -# ML-KEM if FIPS is enabled and version is less than 6 -AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],[ - AC_MSG_NOTICE([Disabling MLKEM because FIPS < 6 does not support required SHAKE]) - ENABLED_MLKEM="no" -]) - -ENABLED_WC_MLKEM=no -ENABLED_ML_KEM=unset -ENABLED_MLKEM_MAKE_KEY=no -ENABLED_MLKEM_ENCAPSULATE=no -ENABLED_MLKEM_DECAPSULATE=no -for v in `echo $ENABLED_MLKEM | tr "," " "` -do - case $v in - yes) - ENABLED_MLKEM512=yes - ENABLED_MLKEM768=yes - ENABLED_MLKEM1024=yes - ENABLED_MLKEM_MAKE_KEY=yes - ENABLED_MLKEM_ENCAPSULATE=yes - ENABLED_MLKEM_DECAPSULATE=yes - ;; - all) - ENABLED_MLKEM_MAKE_KEY=yes - ENABLED_MLKEM_ENCAPSULATE=yes - ENABLED_MLKEM_DECAPSULATE=yes - ENABLED_ML_KEM=yes - ENABLED_ORIGINAL=yes - ;; - no) - ;; - small) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL" - ;; - no-large-code) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE" - ;; - cache-a) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A" - ;; - 512) - ENABLED_MLKEM512=yes - ;; - 768) - ENABLED_MLKEM768=yes - ;; - 1024) - ENABLED_MLKEM1024=yes - ;; - make) - ENABLED_MLKEM_MAKE_KEY=yes - ;; - encapsulate|enc) - ENABLED_MLKEM_ENCAPSULATE=yes - ;; - decapsulate|dec) - ENABLED_MLKEM_DECAPSULATE=yes - ;; - original|kyber) - ENABLED_ORIGINAL=yes - ;; - ml-kem) - ENABLED_ML_KEM=yes - ;; - noasm) - AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM" - ;; - *) - AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.]) - break;; - esac -done - -if test "$ENABLED_MLKEM" != "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM" - # Use liboqs if specified. - if test "$ENABLED_LIBOQS" = "no"; then - ENABLED_WC_MLKEM=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM" - fi - - if test "$ENABLED_ORIGINAL" = "yes"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER" - if test "$ENABLED_MLKEM512" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" - fi - if test "$ENABLED_MLKEM768" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" - fi - if test "$ENABLED_MLKEM1024" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" - fi - if test "$ENABLED_ML_KEM" = "unset"; then - ENABLED_ML_KEM=no - fi - fi - if test "$ENABLED_ML_KEM" = "unset"; then - ENABLED_ML_KEM=yes - fi - if test "$ENABLED_ML_KEM" = "yes"; then - if test "$ENABLED_MLKEM512" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" - fi - if test "$ENABLED_MLKEM768" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" - fi - if test "$ENABLED_MLKEM1024" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" - fi - else - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" - fi - if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY" - fi - if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE" - fi - if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE" - fi - - if test "$ENABLED_WC_MLKEM" = "yes" - then - test "$enable_sha3" = "" && enable_sha3=yes - test "$enable_shake128" = "" && enable_shake128=yes - test "$enable_shake256" = "" && enable_shake256=yes - fi -fi - AC_ARG_ENABLE([tls-mlkem-standalone], [AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])], [ ENABLED_MLKEM_STANDALONE=$enableval ], [ ENABLED_MLKEM_STANDALONE=no ] ) -AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])]) -if test "$ENABLED_MLKEM_STANDALONE" != "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE" -fi - AC_ARG_ENABLE([pqc-hybrids], [AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])], [ ENABLED_PQC_HYBRIDS=$enableval ], [ ENABLED_PQC_HYBRIDS=yes ] ) -if test "$ENABLED_PQC_HYBRIDS" = "yes" -then - if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no" - then - ENABLED_PQC_HYBRIDS=no - elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then - AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.]) - ENABLED_PQC_HYBRIDS=no - else - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS" - fi -fi - -if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no" -then - if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no" - then - AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.]) - fi -fi - # Extra PQ/T Hybrid combinations AC_ARG_ENABLE([extra-pqc-hybrids], [AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])], @@ -1900,12 +1753,6 @@ AC_ARG_ENABLE([extra-pqc-hybrids], [ ENABLED_EXTRA_PQC_HYBRIDS=no ] ) -if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes" -then - AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ]) - AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ]) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS" -fi # Dilithium # - SHA3, Shake128 and Shake256 @@ -4688,53 +4535,28 @@ then AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM" fi -# MLKEM requires SHA-3. Force-enable SHA-3 when MLKEM is enabled. -if test "$ENABLED_MLKEM" != "no" +if test "$ENABLED_SHA3" != "no" && + (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6) then - if test "$ENABLED_SHA3" = "no" - then - AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3]) - ENABLED_SHA3=yes - enable_sha3=yes - fi + SHAKE_DEFAULT=yes +else + SHAKE_DEFAULT=no fi # SHAKE128 AC_ARG_ENABLE([shake128], [AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])], [ ENABLED_SHAKE128=$enableval ], - [ ENABLED_SHAKE128=no ] + [ ENABLED_SHAKE128=$SHAKE_DEFAULT ] ) -# MLKEM requires SHAKE128. Force-enable when MLKEM is enabled. -if test "$ENABLED_MLKEM" != "no" -then - if test "$ENABLED_SHAKE128" = "no" - then - AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128]) - ENABLED_SHAKE128=yes - enable_shake128=yes - fi -fi - # SHAKE256 AC_ARG_ENABLE([shake256], [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])], [ ENABLED_SHAKE256=$enableval ], - [ ENABLED_SHAKE256=no ] + [ ENABLED_SHAKE256=$SHAKE_DEFAULT ] ) -# MLKEM requires SHAKE256. Force-enable when MLKEM is enabled. -if test "$ENABLED_MLKEM" != "no" -then - if test "$ENABLED_SHAKE256" = "no" - then - AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256]) - ENABLED_SHAKE256=yes - enable_shake256=yes - fi -fi - # SHA512 AC_ARG_ENABLE([sha512], [AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])], @@ -6593,6 +6415,10 @@ AS_CASE([$FIPS_VERSION], (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")], [enable_shake256="no"; ENABLED_SHAKE256="no"]) + AS_IF([test "$ENABLED_MLKEM" != "no" && + (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_mlkem" != "yes")], + [enable_mlkem="no"; ENABLED_MLKEM="no"]) + AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")], [enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"]) @@ -6922,6 +6748,194 @@ AS_CASE([$SELFTEST_VERSION], AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE" ]) + +# Set ML-KEM flags + +if test "$ENABLED_MLKEM" != "no" +then + if test "$ENABLED_SHA3" = "no" + then + AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3]) + ENABLED_SHA3=yes + enable_sha3=yes + fi + + if test "$ENABLED_SHAKE128" = "no" + then + AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128]) + ENABLED_SHAKE128=yes + enable_shake128=yes + fi + + if test "$ENABLED_SHAKE256" = "no" + then + AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256]) + ENABLED_SHAKE256=yes + enable_shake256=yes + fi +fi + +ENABLED_WC_MLKEM=no +ENABLED_ML_KEM=unset +ENABLED_MLKEM_MAKE_KEY=no +ENABLED_MLKEM_ENCAPSULATE=no +ENABLED_MLKEM_DECAPSULATE=no +for v in `echo $ENABLED_MLKEM | tr "," " "` +do + case $v in + yes) + ENABLED_MLKEM512=yes + ENABLED_MLKEM768=yes + ENABLED_MLKEM1024=yes + ENABLED_MLKEM_MAKE_KEY=yes + ENABLED_MLKEM_ENCAPSULATE=yes + ENABLED_MLKEM_DECAPSULATE=yes + ;; + all) + ENABLED_MLKEM_MAKE_KEY=yes + ENABLED_MLKEM_ENCAPSULATE=yes + ENABLED_MLKEM_DECAPSULATE=yes + ENABLED_ML_KEM=yes + ENABLED_ORIGINAL=yes + ;; + no) + ;; + small) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL" + ;; + no-large-code) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE" + ;; + cache-a) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A" + ;; + 512) + ENABLED_MLKEM512=yes + ;; + 768) + ENABLED_MLKEM768=yes + ;; + 1024) + ENABLED_MLKEM1024=yes + ;; + make) + ENABLED_MLKEM_MAKE_KEY=yes + ;; + encapsulate|enc) + ENABLED_MLKEM_ENCAPSULATE=yes + ;; + decapsulate|dec) + ENABLED_MLKEM_DECAPSULATE=yes + ;; + original|kyber) + ENABLED_ORIGINAL=yes + ;; + ml-kem) + ENABLED_ML_KEM=yes + ;; + noasm) + AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM" + ;; + *) + AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.]) + break;; + esac +done + +if test "$ENABLED_MLKEM" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM" + # Use liboqs if specified. + if test "$ENABLED_LIBOQS" = "no"; then + ENABLED_WC_MLKEM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM" + fi + + if test "$ENABLED_ORIGINAL" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER" + if test "$ENABLED_MLKEM512" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" + fi + if test "$ENABLED_MLKEM768" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" + fi + if test "$ENABLED_MLKEM1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" + fi + if test "$ENABLED_ML_KEM" = "unset"; then + ENABLED_ML_KEM=no + fi + fi + if test "$ENABLED_ML_KEM" = "unset"; then + ENABLED_ML_KEM=yes + fi + if test "$ENABLED_ML_KEM" = "yes"; then + if test "$ENABLED_MLKEM512" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" + fi + if test "$ENABLED_MLKEM768" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" + fi + if test "$ENABLED_MLKEM1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" + fi + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" + fi + if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY" + fi + if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE" + fi + if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE" + fi + + if test "$ENABLED_WC_MLKEM" = "yes" + then + test "$enable_sha3" = "" && enable_sha3=yes + test "$enable_shake128" = "" && enable_shake128=yes + test "$enable_shake256" = "" && enable_shake256=yes + fi +fi + +AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])]) +if test "$ENABLED_MLKEM_STANDALONE" != "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE" +fi + +if test "$ENABLED_PQC_HYBRIDS" = "yes" +then + if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no" + then + ENABLED_PQC_HYBRIDS=no + elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then + AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.]) + ENABLED_PQC_HYBRIDS=no + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS" + fi +fi + +if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no" +then + if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no" + then + AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.]) + fi +fi + +if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes" +then + AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ]) + AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ]) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS" +fi + + AS_IF([test "x$ENABLED_AESXTS" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"]) AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"], diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index 6d0c395d6a..7cd572bb22 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -490,8 +490,8 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) + pr_err("%s: wc_AesSetKey for encryption key (len %u) failed: %d\n", name, key_len, err); return -EINVAL; } @@ -500,9 +500,9 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, AES_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", - name, err); + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) + pr_err("%s: wc_AesSetKey for decryption key (len %u) failed: %d\n", + name, key_len, err); return -EINVAL; } } @@ -515,7 +515,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, err = wc_AesSetKey(ctx->aes_encrypt_C, in_key, key_len, NULL, AES_ENCRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); return -EINVAL; } @@ -532,7 +532,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, AES_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", name, err); return -EINVAL; @@ -666,7 +666,7 @@ static int km_AesCbcDecrypt(struct skcipher_request *req) if (unlikely(err)) { if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey failed: %d\n", + pr_err("%s: wc_AesSetIV failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); err = -EINVAL; goto out; @@ -929,7 +929,7 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key, err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -942,7 +942,7 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key, err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -977,7 +977,7 @@ static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key, err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -990,7 +990,7 @@ static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key, err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -1612,7 +1612,7 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key, AES_ENCRYPTION_AND_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; diff --git a/src/ssl.c b/src/ssl.c index 9bcf821a0d..ed4a278123 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11839,15 +11839,15 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Nginx looks for this error to know to stop parsing certificates. * Same for HAProxy. */ - if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) || - ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) || - ((err & 0xFFFL) == PEM_R_NO_START_LINE )) + if ((err == (unsigned long)((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) || + ((err & 0xFFFFFFL) == (unsigned long)(-WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))) || + ((err & 0xFFFL) == (unsigned long)PEM_R_NO_START_LINE)) return PEM_R_NO_START_LINE; - if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) + if (err == (unsigned long)((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) return SSL_R_HTTP_REQUEST; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) + if (err == (unsigned long)((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) return ASN1_R_HEADER_TOO_LONG; #endif diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 9e5f5b0590..5f7d03acce 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -1822,12 +1822,38 @@ void WOLFSSL_ERROR_MSG(const char* msg) #endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + +#ifndef WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE + #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE 1 +#endif + +#ifdef WOLFSSL_ATOMIC_OPS +static wolfSSL_Atomic_Int wc_debug_trace_error_codes_state = + WOLFSSL_ATOMIC_INITIALIZER(WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE); +#else +static int wc_debug_trace_error_codes_state = + WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE; +#endif + +int wc_debug_trace_error_codes_enabled(void) { + return WOLFSSL_ATOMIC_LOAD(wc_debug_trace_error_codes_state); +} + +int wc_debug_trace_error_codes_set(int state) { + return wolfSSL_Atomic_Int_Exchange(&wc_debug_trace_error_codes_state, + state); +} + +#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES */ + #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES #ifdef WOLFSSL_LINUXKM -void wc_backtrace_render(void) { +int wc_backtrace_render(void) { dump_stack(); + return 0; } #else /* !WOLFSSL_LINUXKM */ @@ -1900,11 +1926,12 @@ static int backtrace_init(struct backtrace_state **backtrace_state) { return 0; } -void wc_backtrace_render(void) { +int wc_backtrace_render(void) { static wolfSSL_Mutex backtrace_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex); static struct backtrace_state *backtrace_state = NULL; int depth = 0; + int ret; #ifndef WOLFSSL_MUTEX_INITIALIZER static wolfSSL_Atomic_Int init_count = 0; @@ -1912,10 +1939,11 @@ void wc_backtrace_render(void) { int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1); if (cur_init_count != 0) { (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1); - return; + return DEADLOCK_AVERTED_E; } - if (wc_InitMutex(&backtrace_mutex) != 0) - return; + ret = wc_InitMutex(&backtrace_mutex); + if (ret != 0) + return ret; /* set init_count to 1, race-free: (-1) - (0-2) = 1 */ (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2); } @@ -1925,13 +1953,14 @@ void wc_backtrace_render(void) { * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op. this * helpfully mutexes the initialization too. */ - if (wc_LockMutex(&backtrace_mutex) != 0) - return; + ret = wc_LockMutex(&backtrace_mutex); + if (ret != 0) + return ret; if (backtrace_state == NULL) { if (backtrace_init(&backtrace_state) < 0) { wc_UnLockMutex(&backtrace_mutex); - return; + return BAD_STATE_E; } } @@ -1943,6 +1972,8 @@ void wc_backtrace_render(void) { (void *)&depth); wc_UnLockMutex(&backtrace_mutex); + + return 0; } #endif /* !WOLFSSL_LINUXKM */ diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c index 99b08fda91..66c86e9f7b 100644 --- a/wolfcrypt/src/wc_mlkem.c +++ b/wolfcrypt/src/wc_mlkem.c @@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len) /******************************************************************************/ -/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */ -volatile sword16 mlkem_opt_blocker = 0; +/* Helper function with volatile variable, to force compiler not to optimize + * code in mlkem_from_msg(). + */ +sword16 wc_mlkem_opt_blocker(void); +sword16 wc_mlkem_opt_blocker(void) { + static volatile sword16 static_mlkem_opt_blocker = 0; + return static_mlkem_opt_blocker; +} /******************************************************************************/ diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c index d336b5ad1f..d13b3603f8 100644 --- a/wolfcrypt/src/wc_mlkem_poly.c +++ b/wolfcrypt/src/wc_mlkem_poly.c @@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p, #endif /* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */ -extern volatile sword16 mlkem_opt_blocker; +extern sword16 wc_mlkem_opt_blocker(void); #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ defined(WOLFSSL_ARMASM)) @@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; * f is the normalizer = 2^k % m. * 16-bit value cast to sword32 in use. */ -#define MLKEM_F ((1ULL << 32) % MLKEM_Q) +#define MLKEM_F (((word64)1 << 32) % MLKEM_Q) /* Number of bytes in an output block of SHA-3-128 */ #define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8) @@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b) /* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2. * * Constant time implementation. - * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed - * with MLKEM_Q_1_HALF and can't optimize to non-constant time code. + * XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be + * ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code. * * FIPS 203, Algorithm 6: ByteDecode_d(B) * @@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b) */ #define FROM_MSG_BIT(p, msg, i, j) \ ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \ - mlkem_opt_blocker) & MLKEM_Q_1_HALF) + wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF) /* Convert message to polynomial. * diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 1dd38c02fc..078c435dab 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1432,6 +1432,11 @@ unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c, return val - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return atomic_swap_int(c, new_i); +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1495,6 +1500,11 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i) return ret - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return atomic_exchange_explicit(c, new_i, memory_order_seq_cst); +} + int wolfSSL_Atomic_Int_CompareExchange( wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1600,6 +1610,11 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i) return __atomic_sub_fetch(c, i, __ATOMIC_RELAXED); } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return __atomic_exchange_n(c, new_i, __ATOMIC_SEQ_CST); +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1692,6 +1707,12 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i) return ret - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + long actual_i = InterlockedExchange(c, (long)new_i); + return (int)actual_i; +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index f879aabc3b..a22310b452 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -344,23 +344,38 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ (defined(BUILDING_WOLFSSL) || \ defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) - WOLFSSL_API extern void wc_backtrace_render(void); + WOLFSSL_API extern int wc_backtrace_render(void); #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label) #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render() #else - #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0 + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE 0 #endif #endif #ifndef WC_ERR_TRACE - #define WC_ERR_TRACE(label) \ - ( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ - "ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ - ) + #if defined(__GNUC__) && !defined(__STRICT_ANSI__) + #define WC_ERR_TRACE(label) \ + ({ if (wc_debug_trace_error_codes_enabled()) { \ + (void)WOLFSSL_DEBUG_PRINTF_FN( \ + WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label); \ + (void)WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE; } \ + (label); \ + }) + #else /* ! __GNUC__ || __STRICT_ANSI__ */ + #define WC_ERR_TRACE(label) \ + ((void)(wc_debug_trace_error_codes_enabled() && \ + WOLFSSL_DEBUG_PRINTF_FN( \ + WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label)), \ + (void)(wc_debug_trace_error_codes_enabled() && \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE), \ + (label) \ + ) + #endif /* ! __GNUC__ || __STRICT_ANSI__ */ #endif #include #else diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index e8cd675489..1c9f5adbba 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -579,6 +579,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY" #endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + WOLFSSL_API int wc_debug_trace_error_codes_enabled(void); + WOLFSSL_API int wc_debug_trace_error_codes_set(int state); +#endif + #ifdef __cplusplus } #endif diff --git a/wolfssl/wolfcrypt/mlkem.h b/wolfssl/wolfcrypt/mlkem.h index d65a01af89..eeb93f8db9 100644 --- a/wolfssl/wolfcrypt/mlkem.h +++ b/wolfssl/wolfcrypt/mlkem.h @@ -301,7 +301,7 @@ enum { WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ, /* Encoded polynomial size. */ - WC_ML_KEM_POLY_SIZE = 384, + WC_ML_KEM_POLY_SIZE = 384 }; diff --git a/wolfssl/wolfcrypt/wc_mlkem.h b/wolfssl/wolfcrypt/wc_mlkem.h index 27f12264c3..e1dccb8c20 100644 --- a/wolfssl/wolfcrypt/wc_mlkem.h +++ b/wolfssl/wolfcrypt/wc_mlkem.h @@ -63,7 +63,7 @@ enum { MLKEM_COMP_4BITS = 4, MLKEM_COMP_5BITS = 5, MLKEM_COMP_10BITS = 10, - MLKEM_COMP_11BITS = 11, + MLKEM_COMP_11BITS = 11 }; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 4f7d373ab9..6c68d15919 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -613,6 +613,8 @@ WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); WOLFSSL_API int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i); WOLFSSL_API int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_Exchange( + wolfSSL_Atomic_Int* c, int new_i); WOLFSSL_API int wolfSSL_Atomic_Int_CompareExchange( wolfSSL_Atomic_Int* c, int *expected_i, int new_i); WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_FetchAdd( @@ -652,6 +654,13 @@ static WC_INLINE int wolfSSL_Atomic_Int_SubFetch(int *c, int i) { return (*c -= i); } + static WC_INLINE int wolfSSL_Atomic_Int_Exchange( + int *c, int new_i) + { + int ret = *c; + *c = new_i; + return ret; + } static WC_INLINE int wolfSSL_Atomic_Int_CompareExchange( int *c, int *expected_i, int new_i) {