From a98499866da80609b17149843083c1929961960a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 20 Mar 2026 14:26:14 -0500 Subject: [PATCH] wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility. --- .wolfssl_known_macro_extras | 1 - wolfcrypt/src/wc_mlkem.c | 10 ++++++++-- wolfcrypt/src/wc_mlkem_poly.c | 10 +++++----- wolfssl/wolfcrypt/mlkem.h | 2 +- wolfssl/wolfcrypt/wc_mlkem.h | 2 +- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 50d4cb7c43..afef161a68 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NEW_PRIME_CHECK -WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API WOLFSSL_NO_BIO_ADDR_IN diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c index 99b08fda91..66c86e9f7b 100644 --- a/wolfcrypt/src/wc_mlkem.c +++ b/wolfcrypt/src/wc_mlkem.c @@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len) /******************************************************************************/ -/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */ -volatile sword16 mlkem_opt_blocker = 0; +/* Helper function with volatile variable, to force compiler not to optimize + * code in mlkem_from_msg(). + */ +sword16 wc_mlkem_opt_blocker(void); +sword16 wc_mlkem_opt_blocker(void) { + static volatile sword16 static_mlkem_opt_blocker = 0; + return static_mlkem_opt_blocker; +} /******************************************************************************/ diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c index d336b5ad1f..d13b3603f8 100644 --- a/wolfcrypt/src/wc_mlkem_poly.c +++ b/wolfcrypt/src/wc_mlkem_poly.c @@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p, #endif /* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */ -extern volatile sword16 mlkem_opt_blocker; +extern sword16 wc_mlkem_opt_blocker(void); #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ defined(WOLFSSL_ARMASM)) @@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; * f is the normalizer = 2^k % m. * 16-bit value cast to sword32 in use. */ -#define MLKEM_F ((1ULL << 32) % MLKEM_Q) +#define MLKEM_F (((word64)1 << 32) % MLKEM_Q) /* Number of bytes in an output block of SHA-3-128 */ #define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8) @@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b) /* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2. * * Constant time implementation. - * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed - * with MLKEM_Q_1_HALF and can't optimize to non-constant time code. + * XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be + * ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code. * * FIPS 203, Algorithm 6: ByteDecode_d(B) * @@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b) */ #define FROM_MSG_BIT(p, msg, i, j) \ ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \ - mlkem_opt_blocker) & MLKEM_Q_1_HALF) + wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF) /* Convert message to polynomial. * diff --git a/wolfssl/wolfcrypt/mlkem.h b/wolfssl/wolfcrypt/mlkem.h index d65a01af89..eeb93f8db9 100644 --- a/wolfssl/wolfcrypt/mlkem.h +++ b/wolfssl/wolfcrypt/mlkem.h @@ -301,7 +301,7 @@ enum { WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ, /* Encoded polynomial size. */ - WC_ML_KEM_POLY_SIZE = 384, + WC_ML_KEM_POLY_SIZE = 384 }; diff --git a/wolfssl/wolfcrypt/wc_mlkem.h b/wolfssl/wolfcrypt/wc_mlkem.h index 27f12264c3..e1dccb8c20 100644 --- a/wolfssl/wolfcrypt/wc_mlkem.h +++ b/wolfssl/wolfcrypt/wc_mlkem.h @@ -63,7 +63,7 @@ enum { MLKEM_COMP_4BITS = 4, MLKEM_COMP_5BITS = 5, MLKEM_COMP_10BITS = 10, - MLKEM_COMP_11BITS = 11, + MLKEM_COMP_11BITS = 11 };