wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility.

This commit is contained in:
Daniel Pouzzner
2026-03-20 14:26:14 -05:00
parent b68991195f
commit a98499866d
5 changed files with 15 additions and 10 deletions
-1
View File
@@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY
WOLFSSL_MP_INVMOD_CONSTANT_TIME
WOLFSSL_MULTICIRCULATE_ALTNAMELIST
WOLFSSL_NEW_PRIME_CHECK
WOLFSSL_NONBLOCK_OCSP
WOLFSSL_NOSHA3_384
WOLFSSL_NOT_WINDOWS_API
WOLFSSL_NO_BIO_ADDR_IN
+8 -2
View File
@@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len)
/******************************************************************************/
/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */
volatile sword16 mlkem_opt_blocker = 0;
/* Helper function with volatile variable, to force compiler not to optimize
* code in mlkem_from_msg().
*/
sword16 wc_mlkem_opt_blocker(void);
sword16 wc_mlkem_opt_blocker(void) {
static volatile sword16 static_mlkem_opt_blocker = 0;
return static_mlkem_opt_blocker;
}
/******************************************************************************/
+5 -5
View File
@@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
#endif
/* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */
extern volatile sword16 mlkem_opt_blocker;
extern sword16 wc_mlkem_opt_blocker(void);
#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
defined(WOLFSSL_ARMASM))
@@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
* f is the normalizer = 2^k % m.
* 16-bit value cast to sword32 in use.
*/
#define MLKEM_F ((1ULL << 32) % MLKEM_Q)
#define MLKEM_F (((word64)1 << 32) % MLKEM_Q)
/* Number of bytes in an output block of SHA-3-128 */
#define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8)
@@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b)
/* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2.
*
* Constant time implementation.
* XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed
* with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
* XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be
* ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
*
* FIPS 203, Algorithm 6: ByteDecode_d(B)
*
@@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b)
*/
#define FROM_MSG_BIT(p, msg, i, j) \
((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
mlkem_opt_blocker) & MLKEM_Q_1_HALF)
wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF)
/* Convert message to polynomial.
*
+1 -1
View File
@@ -301,7 +301,7 @@ enum {
WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ,
/* Encoded polynomial size. */
WC_ML_KEM_POLY_SIZE = 384,
WC_ML_KEM_POLY_SIZE = 384
};
+1 -1
View File
@@ -63,7 +63,7 @@ enum {
MLKEM_COMP_4BITS = 4,
MLKEM_COMP_5BITS = 5,
MLKEM_COMP_10BITS = 10,
MLKEM_COMP_11BITS = 11,
MLKEM_COMP_11BITS = 11
};