mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 01:00:51 +02:00
Merge pull request #10036 from douzzer/20260319-trace-errocde-runtime-control-and-various-fixes
20260319-trace-errcode-runtime-control-and-various-fixes
This commit is contained in:
@@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY
|
||||
WOLFSSL_MP_INVMOD_CONSTANT_TIME
|
||||
WOLFSSL_MULTICIRCULATE_ALTNAMELIST
|
||||
WOLFSSL_NEW_PRIME_CHECK
|
||||
WOLFSSL_NONBLOCK_OCSP
|
||||
WOLFSSL_NOSHA3_384
|
||||
WOLFSSL_NOT_WINDOWS_API
|
||||
WOLFSSL_NO_BIO_ADDR_IN
|
||||
|
||||
+216
-202
@@ -614,7 +614,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
ENABLED_FIPS="yes"
|
||||
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
|
||||
],
|
||||
[v6],[
|
||||
[v6|v6-dev],[
|
||||
FIPS_VERSION="v6"
|
||||
HAVE_FIPS_VERSION=6
|
||||
HAVE_FIPS_VERSION_MAJOR=6
|
||||
@@ -626,7 +626,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
],
|
||||
# Should always remain one ahead of the latest so as not to be confused with
|
||||
# the latest
|
||||
[ready|v6-ready],[
|
||||
[ready],[
|
||||
FIPS_VERSION="ready"
|
||||
HAVE_FIPS_VERSION=7
|
||||
HAVE_FIPS_VERSION_MAJOR=7
|
||||
@@ -636,7 +636,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
DEF_SP_MATH="yes"
|
||||
DEF_FAST_MATH="no"
|
||||
],
|
||||
[dev|v6-dev],[
|
||||
[dev],[
|
||||
FIPS_VERSION="dev"
|
||||
HAVE_FIPS_VERSION_MAJOR=7
|
||||
HAVE_FIPS_VERSION_MINOR=0
|
||||
@@ -1710,10 +1710,23 @@ AC_ARG_WITH([liboqs],
|
||||
# MLKEM
|
||||
# Used:
|
||||
# - SHA3, Shake128 and Shake256
|
||||
#
|
||||
# Note, setup is later, after FIPS setup.
|
||||
|
||||
if test "$enable_shake128" != "no" &&
|
||||
test "$enable_shake256" != "no" &&
|
||||
test "$enable_sha3" != "no" &&
|
||||
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7)
|
||||
then
|
||||
ENABLED_MLKEM_DEFAULT=yes
|
||||
else
|
||||
ENABLED_MLKEM_DEFAULT=no
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([mlkem],
|
||||
[AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])],
|
||||
[ ENABLED_MLKEM=$enableval ],
|
||||
[ ENABLED_MLKEM=yes ]
|
||||
[ ENABLED_MLKEM=$ENABLED_MLKEM_DEFAULT ]
|
||||
)
|
||||
# note, inherits default from "mlkem" clause above.
|
||||
AC_ARG_ENABLE([kyber],
|
||||
@@ -1721,178 +1734,18 @@ AC_ARG_ENABLE([kyber],
|
||||
[ ENABLED_MLKEM=$enableval ]
|
||||
)
|
||||
|
||||
# FIPS traditionally does not support SHAKE 128 and SHAKE 256 (v6 does), so disable
|
||||
# ML-KEM if FIPS is enabled and version is less than 6
|
||||
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],[
|
||||
AC_MSG_NOTICE([Disabling MLKEM because FIPS < 6 does not support required SHAKE])
|
||||
ENABLED_MLKEM="no"
|
||||
])
|
||||
|
||||
ENABLED_WC_MLKEM=no
|
||||
ENABLED_ML_KEM=unset
|
||||
ENABLED_MLKEM_MAKE_KEY=no
|
||||
ENABLED_MLKEM_ENCAPSULATE=no
|
||||
ENABLED_MLKEM_DECAPSULATE=no
|
||||
for v in `echo $ENABLED_MLKEM | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
yes)
|
||||
ENABLED_MLKEM512=yes
|
||||
ENABLED_MLKEM768=yes
|
||||
ENABLED_MLKEM1024=yes
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
all)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
ENABLED_ML_KEM=yes
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
no)
|
||||
;;
|
||||
small)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
|
||||
;;
|
||||
no-large-code)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
|
||||
;;
|
||||
cache-a)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
|
||||
;;
|
||||
512)
|
||||
ENABLED_MLKEM512=yes
|
||||
;;
|
||||
768)
|
||||
ENABLED_MLKEM768=yes
|
||||
;;
|
||||
1024)
|
||||
ENABLED_MLKEM1024=yes
|
||||
;;
|
||||
make)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
;;
|
||||
encapsulate|enc)
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
;;
|
||||
decapsulate|dec)
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
original|kyber)
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
ml-kem)
|
||||
ENABLED_ML_KEM=yes
|
||||
;;
|
||||
noasm)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
|
||||
break;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
|
||||
# Use liboqs if specified.
|
||||
if test "$ENABLED_LIBOQS" = "no"; then
|
||||
ENABLED_WC_MLKEM=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ORIGINAL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=no
|
||||
fi
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=yes
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "yes"; then
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
|
||||
fi
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_WC_MLKEM" = "yes"
|
||||
then
|
||||
test "$enable_sha3" = "" && enable_sha3=yes
|
||||
test "$enable_shake128" = "" && enable_shake128=yes
|
||||
test "$enable_shake256" = "" && enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([tls-mlkem-standalone],
|
||||
[AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])],
|
||||
[ ENABLED_MLKEM_STANDALONE=$enableval ],
|
||||
[ ENABLED_MLKEM_STANDALONE=no ]
|
||||
)
|
||||
|
||||
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
|
||||
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([pqc-hybrids],
|
||||
[AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])],
|
||||
[ ENABLED_PQC_HYBRIDS=$enableval ],
|
||||
[ ENABLED_PQC_HYBRIDS=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
|
||||
then
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
|
||||
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
|
||||
fi
|
||||
fi
|
||||
|
||||
# Extra PQ/T Hybrid combinations
|
||||
AC_ARG_ENABLE([extra-pqc-hybrids],
|
||||
[AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])],
|
||||
@@ -1900,12 +1753,6 @@ AC_ARG_ENABLE([extra-pqc-hybrids],
|
||||
[ ENABLED_EXTRA_PQC_HYBRIDS=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
|
||||
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
|
||||
fi
|
||||
|
||||
# Dilithium
|
||||
# - SHA3, Shake128 and Shake256
|
||||
@@ -4688,53 +4535,28 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM"
|
||||
fi
|
||||
|
||||
# MLKEM requires SHA-3. Force-enable SHA-3 when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
if test "$ENABLED_SHA3" != "no" &&
|
||||
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6)
|
||||
then
|
||||
if test "$ENABLED_SHA3" = "no"
|
||||
then
|
||||
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
|
||||
ENABLED_SHA3=yes
|
||||
enable_sha3=yes
|
||||
fi
|
||||
SHAKE_DEFAULT=yes
|
||||
else
|
||||
SHAKE_DEFAULT=no
|
||||
fi
|
||||
|
||||
# SHAKE128
|
||||
AC_ARG_ENABLE([shake128],
|
||||
[AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])],
|
||||
[ ENABLED_SHAKE128=$enableval ],
|
||||
[ ENABLED_SHAKE128=no ]
|
||||
[ ENABLED_SHAKE128=$SHAKE_DEFAULT ]
|
||||
)
|
||||
|
||||
# MLKEM requires SHAKE128. Force-enable when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHAKE128" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
||||
ENABLED_SHAKE128=yes
|
||||
enable_shake128=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# SHAKE256
|
||||
AC_ARG_ENABLE([shake256],
|
||||
[AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
|
||||
[ ENABLED_SHAKE256=$enableval ],
|
||||
[ ENABLED_SHAKE256=no ]
|
||||
[ ENABLED_SHAKE256=$SHAKE_DEFAULT ]
|
||||
)
|
||||
|
||||
# MLKEM requires SHAKE256. Force-enable when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHAKE256" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
||||
ENABLED_SHAKE256=yes
|
||||
enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# SHA512
|
||||
AC_ARG_ENABLE([sha512],
|
||||
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
|
||||
@@ -6593,6 +6415,10 @@ AS_CASE([$FIPS_VERSION],
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")],
|
||||
[enable_shake256="no"; ENABLED_SHAKE256="no"])
|
||||
|
||||
AS_IF([test "$ENABLED_MLKEM" != "no" &&
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_mlkem" != "yes")],
|
||||
[enable_mlkem="no"; ENABLED_MLKEM="no"])
|
||||
|
||||
AS_IF([test "$ENABLED_MD5" != "no" &&
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")],
|
||||
[enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"])
|
||||
@@ -6922,6 +6748,194 @@ AS_CASE([$SELFTEST_VERSION],
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
|
||||
])
|
||||
|
||||
|
||||
# Set ML-KEM flags
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHA3" = "no"
|
||||
then
|
||||
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
|
||||
ENABLED_SHA3=yes
|
||||
enable_sha3=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHAKE128" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
||||
ENABLED_SHAKE128=yes
|
||||
enable_shake128=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHAKE256" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
||||
ENABLED_SHAKE256=yes
|
||||
enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
ENABLED_WC_MLKEM=no
|
||||
ENABLED_ML_KEM=unset
|
||||
ENABLED_MLKEM_MAKE_KEY=no
|
||||
ENABLED_MLKEM_ENCAPSULATE=no
|
||||
ENABLED_MLKEM_DECAPSULATE=no
|
||||
for v in `echo $ENABLED_MLKEM | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
yes)
|
||||
ENABLED_MLKEM512=yes
|
||||
ENABLED_MLKEM768=yes
|
||||
ENABLED_MLKEM1024=yes
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
all)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
ENABLED_ML_KEM=yes
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
no)
|
||||
;;
|
||||
small)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
|
||||
;;
|
||||
no-large-code)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
|
||||
;;
|
||||
cache-a)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
|
||||
;;
|
||||
512)
|
||||
ENABLED_MLKEM512=yes
|
||||
;;
|
||||
768)
|
||||
ENABLED_MLKEM768=yes
|
||||
;;
|
||||
1024)
|
||||
ENABLED_MLKEM1024=yes
|
||||
;;
|
||||
make)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
;;
|
||||
encapsulate|enc)
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
;;
|
||||
decapsulate|dec)
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
original|kyber)
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
ml-kem)
|
||||
ENABLED_ML_KEM=yes
|
||||
;;
|
||||
noasm)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
|
||||
break;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
|
||||
# Use liboqs if specified.
|
||||
if test "$ENABLED_LIBOQS" = "no"; then
|
||||
ENABLED_WC_MLKEM=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ORIGINAL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=no
|
||||
fi
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=yes
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "yes"; then
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
|
||||
fi
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_WC_MLKEM" = "yes"
|
||||
then
|
||||
test "$enable_sha3" = "" && enable_sha3=yes
|
||||
test "$enable_shake128" = "" && enable_shake128=yes
|
||||
test "$enable_shake256" = "" && enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
|
||||
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
|
||||
then
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
|
||||
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
|
||||
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
|
||||
fi
|
||||
|
||||
|
||||
AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
|
||||
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
|
||||
|
||||
+13
-13
@@ -490,8 +490,8 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
|
||||
err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesSetKey for encryption key (len %u) failed: %d\n", name, key_len, err);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@@ -500,9 +500,9 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
|
||||
AES_DECRYPTION);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
|
||||
name, err);
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesSetKey for decryption key (len %u) failed: %d\n",
|
||||
name, key_len, err);
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
@@ -515,7 +515,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
|
||||
err = wc_AesSetKey(ctx->aes_encrypt_C, in_key, key_len, NULL, AES_ENCRYPTION);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
|
||||
return -EINVAL;
|
||||
}
|
||||
@@ -532,7 +532,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
|
||||
AES_DECRYPTION);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
|
||||
name, err);
|
||||
return -EINVAL;
|
||||
@@ -666,7 +666,7 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
pr_err("%s: wc_AesSetKey failed: %d\n",
|
||||
pr_err("%s: wc_AesSetIV failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
|
||||
err = -EINVAL;
|
||||
goto out;
|
||||
@@ -929,7 +929,7 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
|
||||
err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesGcmSetKey failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
|
||||
return -EINVAL;
|
||||
@@ -942,7 +942,7 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
|
||||
err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesGcmSetKey failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
|
||||
return -EINVAL;
|
||||
@@ -977,7 +977,7 @@ static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key,
|
||||
err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesGcmSetKey failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
|
||||
return -EINVAL;
|
||||
@@ -990,7 +990,7 @@ static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key,
|
||||
err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesGcmSetKey failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
|
||||
return -EINVAL;
|
||||
@@ -1612,7 +1612,7 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
|
||||
AES_ENCRYPTION_AND_DECRYPTION);
|
||||
|
||||
if (unlikely(err)) {
|
||||
if (! disable_setkey_warnings)
|
||||
if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32)))
|
||||
pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n",
|
||||
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
|
||||
return -EINVAL;
|
||||
|
||||
@@ -11839,15 +11839,15 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
/* Nginx looks for this error to know to stop parsing certificates.
|
||||
* Same for HAProxy. */
|
||||
if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) ||
|
||||
((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) ||
|
||||
((err & 0xFFFL) == PEM_R_NO_START_LINE ))
|
||||
if ((err == (unsigned long)((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) ||
|
||||
((err & 0xFFFFFFL) == (unsigned long)(-WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))) ||
|
||||
((err & 0xFFFL) == (unsigned long)PEM_R_NO_START_LINE))
|
||||
return PEM_R_NO_START_LINE;
|
||||
if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
|
||||
if (err == (unsigned long)((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
|
||||
return SSL_R_HTTP_REQUEST;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
|
||||
if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG))
|
||||
if (err == (unsigned long)((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG))
|
||||
return ASN1_R_HEADER_TOO_LONG;
|
||||
#endif
|
||||
|
||||
|
||||
+39
-8
@@ -1822,12 +1822,38 @@ void WOLFSSL_ERROR_MSG(const char* msg)
|
||||
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
|
||||
|
||||
#ifndef WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE
|
||||
#define WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE 1
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATOMIC_OPS
|
||||
static wolfSSL_Atomic_Int wc_debug_trace_error_codes_state =
|
||||
WOLFSSL_ATOMIC_INITIALIZER(WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE);
|
||||
#else
|
||||
static int wc_debug_trace_error_codes_state =
|
||||
WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE;
|
||||
#endif
|
||||
|
||||
int wc_debug_trace_error_codes_enabled(void) {
|
||||
return WOLFSSL_ATOMIC_LOAD(wc_debug_trace_error_codes_state);
|
||||
}
|
||||
|
||||
int wc_debug_trace_error_codes_set(int state) {
|
||||
return wolfSSL_Atomic_Int_Exchange(&wc_debug_trace_error_codes_state,
|
||||
state);
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES */
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
|
||||
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
|
||||
void wc_backtrace_render(void) {
|
||||
int wc_backtrace_render(void) {
|
||||
dump_stack();
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else /* !WOLFSSL_LINUXKM */
|
||||
@@ -1900,11 +1926,12 @@ static int backtrace_init(struct backtrace_state **backtrace_state) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
void wc_backtrace_render(void) {
|
||||
int wc_backtrace_render(void) {
|
||||
static wolfSSL_Mutex backtrace_mutex
|
||||
WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex);
|
||||
static struct backtrace_state *backtrace_state = NULL;
|
||||
int depth = 0;
|
||||
int ret;
|
||||
|
||||
#ifndef WOLFSSL_MUTEX_INITIALIZER
|
||||
static wolfSSL_Atomic_Int init_count = 0;
|
||||
@@ -1912,10 +1939,11 @@ void wc_backtrace_render(void) {
|
||||
int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1);
|
||||
if (cur_init_count != 0) {
|
||||
(void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1);
|
||||
return;
|
||||
return DEADLOCK_AVERTED_E;
|
||||
}
|
||||
if (wc_InitMutex(&backtrace_mutex) != 0)
|
||||
return;
|
||||
ret = wc_InitMutex(&backtrace_mutex);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
/* set init_count to 1, race-free: (-1) - (0-2) = 1 */
|
||||
(void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2);
|
||||
}
|
||||
@@ -1925,13 +1953,14 @@ void wc_backtrace_render(void) {
|
||||
* BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op. this
|
||||
* helpfully mutexes the initialization too.
|
||||
*/
|
||||
if (wc_LockMutex(&backtrace_mutex) != 0)
|
||||
return;
|
||||
ret = wc_LockMutex(&backtrace_mutex);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (backtrace_state == NULL) {
|
||||
if (backtrace_init(&backtrace_state) < 0) {
|
||||
wc_UnLockMutex(&backtrace_mutex);
|
||||
return;
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1943,6 +1972,8 @@ void wc_backtrace_render(void) {
|
||||
(void *)&depth);
|
||||
|
||||
wc_UnLockMutex(&backtrace_mutex);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !WOLFSSL_LINUXKM */
|
||||
|
||||
|
||||
@@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len)
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */
|
||||
volatile sword16 mlkem_opt_blocker = 0;
|
||||
/* Helper function with volatile variable, to force compiler not to optimize
|
||||
* code in mlkem_from_msg().
|
||||
*/
|
||||
sword16 wc_mlkem_opt_blocker(void);
|
||||
sword16 wc_mlkem_opt_blocker(void) {
|
||||
static volatile sword16 static_mlkem_opt_blocker = 0;
|
||||
return static_mlkem_opt_blocker;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
@@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
|
||||
#endif
|
||||
|
||||
/* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */
|
||||
extern volatile sword16 mlkem_opt_blocker;
|
||||
extern sword16 wc_mlkem_opt_blocker(void);
|
||||
|
||||
#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM))
|
||||
@@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
|
||||
* f is the normalizer = 2^k % m.
|
||||
* 16-bit value cast to sword32 in use.
|
||||
*/
|
||||
#define MLKEM_F ((1ULL << 32) % MLKEM_Q)
|
||||
#define MLKEM_F (((word64)1 << 32) % MLKEM_Q)
|
||||
|
||||
/* Number of bytes in an output block of SHA-3-128 */
|
||||
#define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8)
|
||||
@@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b)
|
||||
/* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2.
|
||||
*
|
||||
* Constant time implementation.
|
||||
* XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed
|
||||
* with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
|
||||
* XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be
|
||||
* ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
|
||||
*
|
||||
* FIPS 203, Algorithm 6: ByteDecode_d(B)
|
||||
*
|
||||
@@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b)
|
||||
*/
|
||||
#define FROM_MSG_BIT(p, msg, i, j) \
|
||||
((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
|
||||
mlkem_opt_blocker) & MLKEM_Q_1_HALF)
|
||||
wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF)
|
||||
|
||||
/* Convert message to polynomial.
|
||||
*
|
||||
|
||||
@@ -1432,6 +1432,11 @@ unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
|
||||
return val - i;
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i)
|
||||
{
|
||||
return atomic_swap_int(c, new_i);
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i,
|
||||
int new_i)
|
||||
{
|
||||
@@ -1495,6 +1500,11 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
|
||||
return ret - i;
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i)
|
||||
{
|
||||
return atomic_exchange_explicit(c, new_i, memory_order_seq_cst);
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_CompareExchange(
|
||||
wolfSSL_Atomic_Int* c, int *expected_i, int new_i)
|
||||
{
|
||||
@@ -1600,6 +1610,11 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
|
||||
return __atomic_sub_fetch(c, i, __ATOMIC_RELAXED);
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i)
|
||||
{
|
||||
return __atomic_exchange_n(c, new_i, __ATOMIC_SEQ_CST);
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i,
|
||||
int new_i)
|
||||
{
|
||||
@@ -1692,6 +1707,12 @@ int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
|
||||
return ret - i;
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i)
|
||||
{
|
||||
long actual_i = InterlockedExchange(c, (long)new_i);
|
||||
return (int)actual_i;
|
||||
}
|
||||
|
||||
int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i,
|
||||
int new_i)
|
||||
{
|
||||
|
||||
@@ -344,23 +344,38 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
|
||||
#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
|
||||
(defined(BUILDING_WOLFSSL) || \
|
||||
defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
|
||||
WOLFSSL_API extern void wc_backtrace_render(void);
|
||||
WOLFSSL_API extern int wc_backtrace_render(void);
|
||||
#define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
|
||||
#ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE
|
||||
#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
|
||||
#define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render()
|
||||
#else
|
||||
#define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0
|
||||
#define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE 0
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WC_ERR_TRACE
|
||||
#define WC_ERR_TRACE(label) \
|
||||
( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \
|
||||
"ERR TRACE: %s L %d %s (%d)\n", \
|
||||
__FILE__, __LINE__, #label, label), \
|
||||
WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \
|
||||
label \
|
||||
)
|
||||
#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
|
||||
#define WC_ERR_TRACE(label) \
|
||||
({ if (wc_debug_trace_error_codes_enabled()) { \
|
||||
(void)WOLFSSL_DEBUG_PRINTF_FN( \
|
||||
WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \
|
||||
"ERR TRACE: %s L %d %s (%d)\n", \
|
||||
__FILE__, __LINE__, #label, label); \
|
||||
(void)WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE; } \
|
||||
(label); \
|
||||
})
|
||||
#else /* ! __GNUC__ || __STRICT_ANSI__ */
|
||||
#define WC_ERR_TRACE(label) \
|
||||
((void)(wc_debug_trace_error_codes_enabled() && \
|
||||
WOLFSSL_DEBUG_PRINTF_FN( \
|
||||
WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \
|
||||
"ERR TRACE: %s L %d %s (%d)\n", \
|
||||
__FILE__, __LINE__, #label, label)), \
|
||||
(void)(wc_debug_trace_error_codes_enabled() && \
|
||||
WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE), \
|
||||
(label) \
|
||||
)
|
||||
#endif /* ! __GNUC__ || __STRICT_ANSI__ */
|
||||
#endif
|
||||
#include <wolfssl/debug-trace-error-codes.h>
|
||||
#else
|
||||
|
||||
@@ -579,6 +579,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
|
||||
#error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY"
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
|
||||
WOLFSSL_API int wc_debug_trace_error_codes_enabled(void);
|
||||
WOLFSSL_API int wc_debug_trace_error_codes_set(int state);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -301,7 +301,7 @@ enum {
|
||||
WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ,
|
||||
|
||||
/* Encoded polynomial size. */
|
||||
WC_ML_KEM_POLY_SIZE = 384,
|
||||
WC_ML_KEM_POLY_SIZE = 384
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ enum {
|
||||
MLKEM_COMP_4BITS = 4,
|
||||
MLKEM_COMP_5BITS = 5,
|
||||
MLKEM_COMP_10BITS = 10,
|
||||
MLKEM_COMP_11BITS = 11,
|
||||
MLKEM_COMP_11BITS = 11
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -613,6 +613,8 @@
|
||||
WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
|
||||
WOLFSSL_API int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i);
|
||||
WOLFSSL_API int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i);
|
||||
WOLFSSL_API int wolfSSL_Atomic_Int_Exchange(
|
||||
wolfSSL_Atomic_Int* c, int new_i);
|
||||
WOLFSSL_API int wolfSSL_Atomic_Int_CompareExchange(
|
||||
wolfSSL_Atomic_Int* c, int *expected_i, int new_i);
|
||||
WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_FetchAdd(
|
||||
@@ -652,6 +654,13 @@
|
||||
static WC_INLINE int wolfSSL_Atomic_Int_SubFetch(int *c, int i) {
|
||||
return (*c -= i);
|
||||
}
|
||||
static WC_INLINE int wolfSSL_Atomic_Int_Exchange(
|
||||
int *c, int new_i)
|
||||
{
|
||||
int ret = *c;
|
||||
*c = new_i;
|
||||
return ret;
|
||||
}
|
||||
static WC_INLINE int wolfSSL_Atomic_Int_CompareExchange(
|
||||
int *c, int *expected_i, int new_i)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user