mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:40:49 +02:00
wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility.
This commit is contained in:
@@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY
|
||||
WOLFSSL_MP_INVMOD_CONSTANT_TIME
|
||||
WOLFSSL_MULTICIRCULATE_ALTNAMELIST
|
||||
WOLFSSL_NEW_PRIME_CHECK
|
||||
WOLFSSL_NONBLOCK_OCSP
|
||||
WOLFSSL_NOSHA3_384
|
||||
WOLFSSL_NOT_WINDOWS_API
|
||||
WOLFSSL_NO_BIO_ADDR_IN
|
||||
|
||||
@@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len)
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */
|
||||
volatile sword16 mlkem_opt_blocker = 0;
|
||||
/* Helper function with volatile variable, to force compiler not to optimize
|
||||
* code in mlkem_from_msg().
|
||||
*/
|
||||
sword16 wc_mlkem_opt_blocker(void);
|
||||
sword16 wc_mlkem_opt_blocker(void) {
|
||||
static volatile sword16 static_mlkem_opt_blocker = 0;
|
||||
return static_mlkem_opt_blocker;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
@@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
|
||||
#endif
|
||||
|
||||
/* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */
|
||||
extern volatile sword16 mlkem_opt_blocker;
|
||||
extern sword16 wc_mlkem_opt_blocker(void);
|
||||
|
||||
#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
|
||||
defined(WOLFSSL_ARMASM))
|
||||
@@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
|
||||
* f is the normalizer = 2^k % m.
|
||||
* 16-bit value cast to sword32 in use.
|
||||
*/
|
||||
#define MLKEM_F ((1ULL << 32) % MLKEM_Q)
|
||||
#define MLKEM_F (((word64)1 << 32) % MLKEM_Q)
|
||||
|
||||
/* Number of bytes in an output block of SHA-3-128 */
|
||||
#define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8)
|
||||
@@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b)
|
||||
/* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2.
|
||||
*
|
||||
* Constant time implementation.
|
||||
* XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed
|
||||
* with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
|
||||
* XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be
|
||||
* ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
|
||||
*
|
||||
* FIPS 203, Algorithm 6: ByteDecode_d(B)
|
||||
*
|
||||
@@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b)
|
||||
*/
|
||||
#define FROM_MSG_BIT(p, msg, i, j) \
|
||||
((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
|
||||
mlkem_opt_blocker) & MLKEM_Q_1_HALF)
|
||||
wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF)
|
||||
|
||||
/* Convert message to polynomial.
|
||||
*
|
||||
|
||||
@@ -301,7 +301,7 @@ enum {
|
||||
WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ,
|
||||
|
||||
/* Encoded polynomial size. */
|
||||
WC_ML_KEM_POLY_SIZE = 384,
|
||||
WC_ML_KEM_POLY_SIZE = 384
|
||||
};
|
||||
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ enum {
|
||||
MLKEM_COMP_4BITS = 4,
|
||||
MLKEM_COMP_5BITS = 5,
|
||||
MLKEM_COMP_10BITS = 10,
|
||||
MLKEM_COMP_11BITS = 11,
|
||||
MLKEM_COMP_11BITS = 11
|
||||
};
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user