Merge pull request #8264 from dgarske/various_20241206

Various cleanups and fixes

.wolfssl_known_macro_extras

@@ -681,6 +681,7 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST
 WOLFSSL_NONBLOCK_OCSP
 WOLFSSL_NOSHA3_384
 WOLFSSL_NOT_WINDOWS_API
+WOLFSSL_NO_AES_CFB_1_8
 WOLFSSL_NO_BIO_ADDR_IN
 WOLFSSL_NO_CLIENT
 WOLFSSL_NO_CLIENT_CERT_ERROR
@@ -722,6 +723,7 @@ WOLFSSL_NRF51_AES
 WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
 WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
 WOLFSSL_OLD_SET_CURVES_LIST
+WOLFSSL_OLD_TIMINGPADVERIFY
 WOLFSSL_OLD_UNSUPPORTED_EXTENSION
 WOLFSSL_OPTIONS_IGNORE_SYS
 WOLFSSL_PASSTHRU_ERR
@@ -813,7 +815,6 @@ WOLFSSL_XILINX_PATCH
 WOLFSSL_XIL_MSG_NO_SLEEP
 WOLFSSL_XMSS_LARGE_SECRET_KEY
 WOLFSSL_ZEPHYR
-WOLFSS_SP_MATH_ALL
 WOLF_ALLOW_BUILTIN
 WOLF_CONF_IO
 WOLF_CONF_KYBER
@@ -826,7 +827,6 @@ WOLF_CRYPTO_CB_ONLY_ECC
 WOLF_CRYPTO_CB_ONLY_RSA
 WOLF_CRYPTO_DEV
 WOLF_NO_TRAILING_ENUM_COMMAS
-WOLSSL_OLD_TIMINGPADVERIFY
 XGETPASSWD
 XMSS_CALL_PRF_KEYGEN
 XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ

IDE/GCC-ARM/Source/benchmark_main.c

@@ -39,16 +39,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_BENCHMARK
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nBenchmark Test\n");
-	benchmark_test(&args);
+    printf("\nBenchmark Test\n");
+    benchmark_test(&args);
     ret = args.return_code;
-	printf("Benchmark Test: Return code %d\n", ret);
+    printf("Benchmark Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }

IDE/GCC-ARM/Source/test_main.c

@@ -40,16 +40,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_TEST
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nCrypt Test\n");
-	wolfcrypt_test(&args);
+    printf("\nCrypt Test\n");
+    wolfcrypt_test(&args);
     ret = args.return_code;
-	printf("Crypt Test: Return code %d\n", ret);
+    printf("Crypt Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }

configure.ac

@@ -1514,6 +1514,7 @@ then
 fi
 
 # XMSS
+ENABLED_WC_XMSS=no
 AC_ARG_ENABLE([xmss],
     [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
     [ ENABLED_XMSS=$enableval ],
@@ -1605,6 +1606,7 @@ then
 fi
 
 # LMS
+ENABLED_WC_LMS=no
 AC_ARG_ENABLE([lms],
     [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
     [ ENABLED_LMS=$enableval ],
@@ -4555,7 +4557,7 @@ fi
 
 if test "$ENABLED_STACKSIZE" = "verbose"
 then
-    if test "$thread_ls_on" != "yes"
+    if test "$thread_ls_on" != "yes" && test "x$ENABLED_SINGLETHREADED" = "xno"
     then
         AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
     fi

src/internal.c

@@ -20198,7 +20198,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 
 
 #ifndef WOLFSSL_AEAD_ONLY
-#ifdef WOLSSL_OLD_TIMINGPADVERIFY
+#ifdef WOLFSSL_OLD_TIMINGPADVERIFY
 #define COMPRESS_LOWER      64
 #define COMPRESS_UPPER      55
 #define COMPRESS_CONSTANT   13
@@ -20604,7 +20604,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     return ret;
 }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
-#endif /* WOLSSL_OLD_TIMINGPADVERIFY */
+#endif /* WOLFSSL_OLD_TIMINGPADVERIFY */
 #endif /* WOLFSSL_AEAD_ONLY */
 
 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)

wolfcrypt/benchmark/benchmark.c

@@ -14703,6 +14703,7 @@ void bench_sphincsKeySign(byte level, byte optim)
 
 #else
 
+    #include <time.h>
     #include <sys/time.h>
 
     double current_time(int reset)

wolfcrypt/src/aes.c

@@ -4704,8 +4704,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
 #endif
 
-        ret = wc_AesSetIV(aes, iv);
-
     #if defined(WOLFSSL_DEVCRYPTO) && \
         (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
         aes->ctx.cfd = -1;
@@ -12059,7 +12057,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
 
     /* consume any unused bytes left in aes->tmp */
     processed = min(aes->left, sz);
-    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed);
+    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
+        processed);
     aes->left -= processed;
     out += processed;
     in += processed;
@@ -12153,7 +12152,7 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 #endif /* HAVE_AES_DECRYPT */
 
-
+#ifndef WOLFSSL_NO_AES_CFB_1_8
 /* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */
 static void shiftLeftArray(byte* ary, byte shift)
 {
@@ -12371,6 +12370,7 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return wc_AesFeedbackCFB8(aes, out, in, sz, AES_DECRYPTION);
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
 #ifdef WOLFSSL_AES_OFB

wolfcrypt/src/evp.c

@@ -157,6 +157,7 @@ static const struct s_ent {
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
     #endif
@@ -176,6 +177,7 @@ static const struct s_ent {
     #ifdef WOLFSSL_AES_256
         static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
@@ -639,7 +641,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    #if !defined(WOLFSSL_NO_AES_CFB_1_8)
         case WC_AES_128_CFB1_TYPE:
         case WC_AES_192_CFB1_TYPE:
         case WC_AES_256_CFB1_TYPE:
@@ -659,7 +661,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             else
                 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
             break;
-    #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
         case WC_AES_128_CFB128_TYPE:
         case WC_AES_192_CFB128_TYPE:
@@ -1942,6 +1944,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     #endif
 #endif /* WOLFSSL_AES_XTS */
 #if defined(WOLFSSL_AES_CFB)
+#ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
         return WC_AES_128_CFB1_TYPE;
@@ -1966,6 +1969,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
         return WC_AES_256_CFB8_TYPE;
     #endif
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
         return WC_AES_128_CFB128_TYPE;
@@ -4966,6 +4970,7 @@ static const struct cipher{
     #endif
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
     #endif
@@ -4985,6 +4990,7 @@ static const struct cipher{
     #ifdef WOLFSSL_AES_256
     {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
@@ -4995,7 +5001,7 @@ static const struct cipher{
     #ifdef WOLFSSL_AES_256
     {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
     #endif
-    #endif
+    #endif /* WOLFSSL_AES_CFB */
 
     #ifdef WOLFSSL_AES_OFB
     #ifdef WOLFSSL_AES_128
@@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void)
     #endif /* HAVE_AES_CBC */
 
     #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
     {
@@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void)
         return EVP_AES_256_CFB8;
     }
     #endif /* WOLFSSL_AES_256 */
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
@@ -7249,6 +7255,7 @@ void wolfSSL_EVP_init(void)
         #endif /* WOLFSSL_AES_256 */
     #endif /* HAVE_AES_ECB */
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
         #ifdef WOLFSSL_AES_128
         if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
@@ -7431,6 +7438,7 @@ void wolfSSL_EVP_init(void)
             }
         }
         #endif /* WOLFSSL_AES_256 */
+        #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
         #ifdef WOLFSSL_AES_128
         if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
@@ -8317,7 +8325,7 @@ void wolfSSL_EVP_init(void)
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
             case WC_AES_128_CFB1_TYPE:
             case WC_AES_192_CFB1_TYPE:
             case WC_AES_256_CFB1_TYPE:
@@ -8340,7 +8348,7 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
             case WC_AES_128_CFB128_TYPE:
             case WC_AES_192_CFB128_TYPE:
             case WC_AES_256_CFB128_TYPE:

wolfcrypt/src/rsa.c

@@ -3110,7 +3110,8 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
 #endif /* WOLFSSL_CRYPTOCELL */
 
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) &&     !defined(NO_RSA_BOUNDS_CHECK)
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \
+    !defined(NO_RSA_BOUNDS_CHECK)
 /* Check that 1 < in < n-1. (Requirement of 800-56B.) */
 int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
     int checkSmallCt)