LMS verify-only support: fix clang warning, rename define.

configure.ac

@@ -1158,7 +1158,7 @@ do
     ;;
   verify-only)
     LMS_VERIFY_ONLY=yes
-    AM_CFLAGS="$AM_CFLAGS -DLMS_VERIFY_ONLY"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
     ;;
   wolfssl)
     ENABLED_WC_LMS=yes

wolfcrypt/benchmark/benchmark.c

@@ -157,7 +157,7 @@
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
     #include <wolfssl/wolfcrypt/lms.h>
 #ifdef HAVE_LIBLMS
     #include <wolfssl/wolfcrypt/ext_lms.h>
@@ -870,7 +870,7 @@ static const bench_alg bench_other_opt[] = {
 
 #endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */
 
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
 typedef struct bench_pq_hash_sig_alg {
     /* Command line option string. */
     const char* str;
@@ -883,7 +883,7 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
     { "-lms_hss", BENCH_LMS_HSS},
     { NULL, 0}
 };
-#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
 /* The post-quantum-specific mapping of command line option to bit values and
@@ -2832,11 +2832,11 @@ static void* benchmarks_do(void* args)
     }
 #endif
 
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
     if (bench_all || (bench_pq_hash_sig_algs & BENCH_LMS_HSS)) {
         bench_lms();
     }
-#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #ifdef HAVE_ECC
     if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) ||
@@ -7664,7 +7664,7 @@ void bench_kyber(int type)
 }
 #endif
 
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
 /* WC_LMS_PARM_L2_H10_W2
  * signature length: 9300 */
 static const byte lms_priv_L2_H10_W2[64] =
@@ -8031,7 +8031,7 @@ void bench_lms(void)
     return;
 }
 
-#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #ifdef HAVE_ECC
 
@@ -10368,10 +10368,10 @@ static void Usage(void)
         print_alg(bench_pq_asym_opt2[i].str, &line);
 #endif /* HAVE_LIBOQS && HAVE_SPHINCS */
 #endif /* HAVE_PQC */
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
     for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++)
         print_alg(bench_pq_hash_sig_opt[i].str, &line);
-#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
     printf("\n");
 #endif /* !WOLFSSL_BENCHMARK_ALL */
     e++;
@@ -10634,7 +10634,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
                 }
             }
 
-        #if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+        #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
             /* post-quantum stateful hash-based signatures */
             for (i=0; !optMatched && bench_pq_hash_sig_opt[i].str != NULL; i++) {
                 if (string_matches(argv[1], bench_pq_hash_sig_opt[i].str)) {
@@ -10643,7 +10643,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
                     optMatched = 1;
                 }
             }
-        #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+        #endif
 #endif
             if (!optMatched) {
                 printf("Option not recognized: %s\n", argv[1]);

wolfcrypt/src/ext_lms.c

@@ -37,7 +37,7 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
 /* If built against hss_lib_thread.a, the hash-sigs lib will spawn
  * worker threads to parallelize cpu intensive tasks. This will mainly
  * speedup key generation and signing, and to a lesser extent
@@ -102,7 +102,8 @@ static bool LmsWritePrivKey(unsigned char *private_key,
     }
 
     /* Use write callback that saves private key to non-volatile storage. */
-    ret = key->write_private_key(private_key, len_private_key, key->context);
+    ret = key->write_private_key(private_key, (word32)len_private_key,
+                                 key->context);
 
     if (ret != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
         WOLFSSL_MSG("error: LmsKey write_private_key failed");
@@ -141,7 +142,8 @@ static bool LmsReadPrivKey(unsigned char *private_key,
     }
 
     /* Use read callback that reads private key from non-volatile storage. */
-    ret = key->read_private_key(private_key, len_private_key, key->context);
+    ret = key->read_private_key(private_key, (word32)len_private_key,
+                                key->context);
 
     if (ret != WC_LMS_RC_READ_TO_MEMORY) {
         WOLFSSL_MSG("error: LmsKey read_private_key failed");
@@ -152,7 +154,7 @@ static bool LmsReadPrivKey(unsigned char *private_key,
 
     return true;
 }
-#endif /* ifndef LMS_VERIFY_ONLY */
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
 
 const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm)
 {
@@ -244,7 +246,7 @@ int wc_LmsKey_Init(LmsKey * key, void * heap, int devId)
 
     ForceZero(key, sizeof(LmsKey));
 
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
     hss_init_extra_info(&key->info);
     /* Set the max number of worker threads that hash-sigs can spawn. */
     hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS);
@@ -253,7 +255,7 @@ int wc_LmsKey_Init(LmsKey * key, void * heap, int devId)
     key->write_private_key = NULL;
     key->read_private_key = NULL;
     key->context = NULL;
-#endif /* ifndef LMS_VERIFY_ONLY */
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
     key->state = WC_LMS_STATE_INITED;
 
     return 0;
@@ -483,12 +485,12 @@ void wc_LmsKey_Free(LmsKey* key)
         return;
     }
 
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
     if (key->working_key != NULL) {
         hss_free_working_key(key->working_key);
         key->working_key = NULL;
     }
-#endif /* ifndef LMS_VERIFY_ONLY */
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
 
     ForceZero(key, sizeof(LmsKey));
 
@@ -497,7 +499,7 @@ void wc_LmsKey_Free(LmsKey* key)
     return;
 }
 
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
 /* Set the write private key callback to the LMS key structure.
  *
  * The callback must be able to write/update the private key to
@@ -807,7 +809,7 @@ int wc_LmsKey_SigsLeft(LmsKey * key)
     return 1;
 }
 
-#endif /* ifndef LMS_VERIFY_ONLY*/
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/
 
 /* Given a levels, height, winternitz parameter set, determine
  * the public key length */
@@ -950,7 +952,7 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
         return BAD_FUNC_ARG;
     }
 
-#ifdef LMS_VERIFY_ONLY
+#ifdef WOLFSSL_LMS_VERIFY_ONLY
     result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig,
                                     sigSz, NULL);
 #else

wolfcrypt/test/test.c

@@ -575,10 +575,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  kyber_test(void);
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
-    #if !defined(LMS_VERIFY_ONLY)
+    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test(void);
     #endif
-    #if defined(LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
+    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
     #endif
 #endif
@@ -1612,14 +1612,14 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #if defined(WOLFSSL_HAVE_LMS)
-    #if !defined(LMS_VERIFY_ONLY)
+    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
     if ( (ret = lms_test()) != 0)
         TEST_FAIL("LMS      test failed!\n", ret);
     else
         TEST_PASS("LMS      test passed!\n");
     #endif
 
-    #if defined(LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
+    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
     if ( (ret = lms_test_verify_only()) != 0)
         TEST_FAIL("LMS      test failed!\n", ret);
     else
@@ -34955,7 +34955,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
 #endif /* WOLFSSL_HAVE_KYBER */
 
 
-#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
 static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
 {
    /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
@@ -35090,9 +35090,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     return ret;
 }
 
-#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
-#if defined(WOLFSSL_HAVE_LMS) && defined(LMS_VERIFY_ONLY) && \
+#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && \
     !defined(WOLFSSL_SMALL_STACK)
 
 /* A simple LMS verify only test.
@@ -35365,7 +35365,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     return ret;
 }
 
-#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(LMS_VERIFY_ONLY) &&
+#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) &&
         *    !defined(WOLFSSL_SMALL_STACK) */
 
 static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --

wolfssl/wolfcrypt/ext_lms.h

@@ -51,13 +51,13 @@ struct LmsKey {
     param_set_t          lm_type[MAX_HSS_LEVELS];     /* Height parm per level. */
     param_set_t          lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz parm per level. */
     unsigned char        pub[HSS_MAX_PUBLIC_KEY_LEN];
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
     hss_working_key *    working_key;
     write_private_key_cb write_private_key; /* Callback to write/update key. */
     read_private_key_cb  read_private_key;  /* Callback to read key. */
     void *               context;           /* Context arg passed to callbacks. */
     hss_extra_info       info;
-#endif /* ifndef LMS_VERIFY_ONLY */
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
     enum wc_LmsState     state;
 };
 

wolfssl/wolfcrypt/lms.h

@@ -111,7 +111,7 @@ WOLFSSL_API int  wc_LmsKey_SetParameters(LmsKey * key, int levels,
     int height, int winternitz);
 WOLFSSL_API int  wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
     int * height, int * winternitz);
-#ifndef LMS_VERIFY_ONLY
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
 WOLFSSL_API int  wc_LmsKey_SetWriteCb(LmsKey * key,
     write_private_key_cb write_cb);
 WOLFSSL_API int  wc_LmsKey_SetReadCb(LmsKey * key,
@@ -123,7 +123,7 @@ WOLFSSL_API int  wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len);
 WOLFSSL_API int  wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz,
     const byte * msg, int msgSz);
 WOLFSSL_API int  wc_LmsKey_SigsLeft(LmsKey * key);
-#endif /* ifndef LMS_VERIFY_ONLY */
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
 WOLFSSL_API void wc_LmsKey_Free(LmsKey * key);
 WOLFSSL_API int  wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len);
 WOLFSSL_API int  wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);