wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility.

Author: douzzer

.wolfssl_known_macro_extras

@@ -800,7 +800,6 @@ WOLFSSL_MP_COND_COPY
 WOLFSSL_MP_INVMOD_CONSTANT_TIME
 WOLFSSL_MULTICIRCULATE_ALTNAMELIST
 WOLFSSL_NEW_PRIME_CHECK
-WOLFSSL_NONBLOCK_OCSP
 WOLFSSL_NOSHA3_384
 WOLFSSL_NOT_WINDOWS_API
 WOLFSSL_NO_BIO_ADDR_IN

wolfcrypt/src/wc_mlkem.c

@@ -157,8 +157,14 @@ void print_data(const char* name, const byte* d, int len)
 
 /******************************************************************************/
 
-/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */
-volatile sword16 mlkem_opt_blocker = 0;
+/* Helper function with volatile variable, to force compiler not to optimize
+ * code in mlkem_from_msg().
+ */
+sword16 wc_mlkem_opt_blocker(void);
+sword16 wc_mlkem_opt_blocker(void) {
+    static volatile sword16 static_mlkem_opt_blocker = 0;
+    return static_mlkem_opt_blocker;
+}
 
 /******************************************************************************/
 

wolfcrypt/src/wc_mlkem_poly.c

@@ -99,7 +99,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
 #endif
 
 /* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */
-extern volatile sword16 mlkem_opt_blocker;
+extern sword16 wc_mlkem_opt_blocker(void);
 
 #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
     defined(WOLFSSL_ARMASM))
@@ -126,7 +126,7 @@ static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
  * f is the normalizer = 2^k % m.
  * 16-bit value cast to sword32 in use.
  */
-#define MLKEM_F          ((1ULL << 32) % MLKEM_Q)
+#define MLKEM_F          (((word64)1 << 32) % MLKEM_Q)
 
 /* Number of bytes in an output block of SHA-3-128 */
 #define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
@@ -5758,8 +5758,8 @@ void mlkem_decompress_5(sword16* p, const byte* b)
 /* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2.
  *
  * Constant time implementation.
- * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed
- * with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
+ * XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be
+ * ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
  *
  * FIPS 203, Algorithm 6: ByteDecode_d(B)
  *
@@ -5770,7 +5770,7 @@ void mlkem_decompress_5(sword16* p, const byte* b)
  */
 #define FROM_MSG_BIT(p, msg, i, j) \
     ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
-                          mlkem_opt_blocker) & MLKEM_Q_1_HALF)
+                          wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF)
 
 /* Convert message to polynomial.
  *

wolfssl/wolfcrypt/mlkem.h

@@ -301,7 +301,7 @@ enum {
     WC_ML_KEM_ENC_RAND_SZ       = WC_ML_KEM_SYM_SZ,
 
     /* Encoded polynomial size. */
-    WC_ML_KEM_POLY_SIZE         = 384,
+    WC_ML_KEM_POLY_SIZE         = 384
 };
 
 

wolfssl/wolfcrypt/wc_mlkem.h

@@ -63,7 +63,7 @@ enum {
     MLKEM_COMP_4BITS    =  4,
     MLKEM_COMP_5BITS    =  5,
     MLKEM_COMP_10BITS   = 10,
-    MLKEM_COMP_11BITS   = 11,
+    MLKEM_COMP_11BITS   = 11
 };