add .github/workflows/symbol-prefixes.yml.

configure.ac:
* add ML-KEM, ML-DSA, XMSS, and LMS to --enable-all-crypto when !ENABLED_FIPS.
* swap order of --enable-kyber and --enable-mlkem handler code to put mlkem first.
* add --enable-mldsa hander code.
* remove setup code that was adding -DWOLFSSL_NO_TLS12 and -DNO_OLD_TLS to
  AM_CFLAGS when ENABLED_CRYPTONLY -- NO_OLD_TLS is already defined earlier for
  when ENABLED_CRYPTONLY, and WOLFSSL_NO_TLS12 breaks wc_PRF_TLS(), which is
  inside-the-FIPS-boundary crypto.

linuxkm/linuxkm_wc_port.h:
* adopt the WC_SANITIZE_DISABLE and WC_SANITIZE_ENABLE setup code from
  settings.h (where it didn't belong).
* fix FIPS remapping of wc_InitMutex&friends to InitMutex&friends -- inhibit
  when WOLFSSL_API_PREFIX_MAP.

wolfcrypt/src/ge_operations.c: add _wc_curve25519_dummy() to fix visibility of
curve25519().

wolfcrypt/src/poly1305.c: fix visibility of several unprefixed helper routines.

wolfcrypt/test/test.c: fix gating on tls12_kdf_test() and prf_test() (both
  require !WOLFSSL_NO_TLS12).

wolfssl/internal.h, wolfssl/wolfio.h: add several WOLFSSL_API_PREFIX_MAPs.

wolfssl/wolfcrypt/ge_operations.h: fix visibility of several internal asm
  functions.

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, add gates to avoid redef
  warnings for various settings, and remove the setup for
  WC_SANITIZE_{DISABLE,ENABLE} (moved to linuxkm_wc_port.h as noted above).

wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API_PREFIX_MAPs for InitMutex() and
  friends.

Author: douzzer

.github/workflows/symbol-prefixes.yml

@@ -0,0 +1,64 @@
+name: WOLFSSL_API_PREFIX_MAP
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_and_analyze:
+    strategy:
+      matrix:
+        config: [
+          '--enable-all CFLAGS=-DWOLFSSL_API_PREFIX_MAP'
+        ]
+    name: make and analyze
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
+        run: |
+          ./autogen.sh || $(exit 2)
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          # ignore properly prefixed symbols, and symbols associated with asm implementations (all internal) regardless of prefix:
+          readelf --symbols --wide src/.libs/libwolfssl.so | \
+          awk ' \
+          BEGIN { \
+              unprefixed_public_symbols = 0; \
+          } \
+          { \
+              if (($7 == "UND") || \
+                  ($8 ~ /^(wc_|wolf|WOLF|__pfx|fe_|sp_[a-zA-Z090-0_]*[0-9])/) || \
+                  ($8 ~ /(_avx[12]|_AVX[12]|_sse[12]|_SSE[12]|_aesni|_AESNI|_bmi2|_x64$)/)) \
+              { \
+                  next; \
+              } \
+          } \
+          { \
+              if (($4 == "FUNC") && ($5 == "GLOBAL") && ($6 == "DEFAULT")) { \
+                  ++unprefixed_public_symbols; \
+                  print; \
+              } \
+          } \
+          END { \
+              if (unprefixed_public_symbols) { \
+                  print unprefixed_public_symbols " unprefixed public symbols found." >"/dev/stderr";
+                  exit(1); \
+              } else { \
+                  print "no unprefixed public symbols found."
+                  exit(0); \
+              } \
+          }' || $(exit 5)

configure.ac

@@ -1385,6 +1385,10 @@ then
         test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
         test "$enable_aessiv" = "" && enable_aessiv=yes
         test "$enable_aeseax" = "" && enable_aeseax=yes
+        test "$enable_mlkem" = "" && test "$enable_kyber" = "" && enable_mlkem=yes
+        test "$enable_mldsa" = "" && test "$enable_dilithium" = "" && enable_mldsa=yes
+        test "$enable_xmss" = "" && enable_xmss=yes
+        test "$enable_lms" = "" && enable_lms=yes
 
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
@@ -1503,14 +1507,14 @@ AC_ARG_WITH([liboqs],
 # MLKEM
 # Used:
 #  - SHA3, Shake128 and Shake256
-AC_ARG_ENABLE([kyber],
-    [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
+AC_ARG_ENABLE([mlkem],
+    [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
     [ ENABLED_MLKEM=$enableval ],
     [ ENABLED_MLKEM=no ]
     )
-# note, inherits default from "kyber" clause above.
-AC_ARG_ENABLE([mlkem],
-    [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
+# note, inherits default from "mlkem" clause above.
+AC_ARG_ENABLE([kyber],
+    [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
     [ ENABLED_MLKEM=$enableval ]
     )
 
@@ -1639,11 +1643,16 @@ fi
 
 # Dilithium
 #  - SHA3, Shake128, Shake256 and AES-CTR
-AC_ARG_ENABLE([dilithium],
-    [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (default: disabled)])],
+AC_ARG_ENABLE([mldsa],
+    [AS_HELP_STRING([--enable-mldsa],[Enable MLDSA (default: disabled)])],
     [ ENABLED_DILITHIUM=$enableval ],
     [ ENABLED_DILITHIUM=no ]
     )
+# note, inherits default from "mldsa" clause above.
+AC_ARG_ENABLE([dilithium],
+    [AS_HELP_STRING([--enable-dilithium],[Enable Dilithium/MLDSA (default: disabled)])],
+    [ ENABLED_DILITHIUM=$enableval ]
+    )
 
 ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM
 ENABLED_DILITHIUM_MAKE_KEY=no
@@ -4924,15 +4933,6 @@ AC_ARG_ENABLE([tlsv12],
     [ ENABLED_TLSV12=yes ]
     )
 
-if test "$ENABLED_CRYPTONLY" = "yes"
-then
-    ENABLED_TLSV12=no
-fi
-if test "$ENABLED_TLSV12" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS"
-fi
-
 # STACK SIZE info for testwolfcrypt and examples
 AC_ARG_ENABLE([stacksize],
     [AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],

linuxkm/linuxkm_wc_port.h

@@ -228,6 +228,15 @@
 
     #include <linux/kconfig.h>
 
+    #ifdef CONFIG_KASAN
+        #ifndef WC_SANITIZE_DISABLE
+            #define WC_SANITIZE_DISABLE() kasan_disable_current()
+        #endif
+        #ifndef WC_SANITIZE_ENABLE
+            #define WC_SANITIZE_ENABLE() kasan_enable_current()
+        #endif
+    #endif
+
     #if defined(CONFIG_FORTIFY_SOURCE) && \
         !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \
         (defined(HAVE_LINUXKM_PIE_SUPPORT) || \
@@ -1286,12 +1295,13 @@
         #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
     #endif /* !BUILDING_WOLFSSL */
 
-    /* Copied from wc_port.h: For FIPS keep the function names the same */
-    #ifdef HAVE_FIPS
-    #define wc_InitMutex   InitMutex
-    #define wc_FreeMutex   FreeMutex
-    #define wc_LockMutex   LockMutex
-    #define wc_UnLockMutex UnLockMutex
+    /* Copied from wc_port.h */
+    #if defined(HAVE_FIPS) && !defined(WOLFSSL_API_PREFIX_MAP)
+        /* For FIPS keep the function names the same */
+        #define wc_InitMutex   InitMutex
+        #define wc_FreeMutex   FreeMutex
+        #define wc_LockMutex   LockMutex
+        #define wc_UnLockMutex UnLockMutex
     #endif /* HAVE_FIPS */
 
     #ifdef WOLFSSL_LINUXKM_USE_MUTEXES

wolfcrypt/src/ge_operations.c

@@ -9817,4 +9817,17 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h)
 }
 
 #endif /* !ED25519_SMALL */
+
+/* if HAVE_ED25519 but not HAVE_CURVE25519, and an asm implementation is built,
+ * then curve25519() won't get its WOLFSSL_LOCAL attribute unless we dummy-call
+ * it here.
+ */
+#if defined(WOLFSSL_API_PREFIX_MAP) && !defined(HAVE_CURVE25519) && \
+    !defined(FREESCALE_LTC_ECC)
+WOLFSSL_LOCAL void _wc_curve25519_dummy(void);
+WOLFSSL_LOCAL void _wc_curve25519_dummy(void) {
+    (void)curve25519((byte *)0, (byte *)0, (const byte *)0);
+}
+#endif
+
 #endif /* HAVE_ED25519 */

wolfcrypt/src/poly1305.c

@@ -139,29 +139,29 @@ static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
  * ctx  Poly1305 context.
  * m    One block of message data.
  */
-extern void poly1305_block_avx(Poly1305* ctx, const unsigned char *m);
+WOLFSSL_LOCAL void poly1305_block_avx(Poly1305* ctx, const unsigned char *m);
 /* Process multiple blocks (n * 16 bytes) of data.
  *
  * ctx    Poly1305 context.
  * m      Blocks of message data.
  * bytes  The number of bytes to process.
  */
-extern void poly1305_blocks_avx(Poly1305* ctx, const unsigned char* m,
+WOLFSSL_LOCAL void poly1305_blocks_avx(Poly1305* ctx, const unsigned char* m,
                                 size_t bytes);
 /* Set the key to use when processing data.
  * Initialize the context.
  *
  * ctx  Poly1305 context.
  * key  The key data (16 bytes).
  */
-extern void poly1305_setkey_avx(Poly1305* ctx, const byte* key);
+WOLFSSL_LOCAL void poly1305_setkey_avx(Poly1305* ctx, const byte* key);
 /* Calculate the final result - authentication data.
  * Zeros out the private data in the context.
  *
  * ctx  Poly1305 context.
  * mac  Buffer to hold 16 bytes.
  */
-extern void poly1305_final_avx(Poly1305* ctx, byte* mac);
+WOLFSSL_LOCAL void poly1305_final_avx(Poly1305* ctx, byte* mac);
 #endif
 
 #ifdef HAVE_INTEL_AVX2
@@ -171,29 +171,29 @@ extern void poly1305_final_avx(Poly1305* ctx, byte* mac);
  * m      Blocks of message data.
  * bytes  The number of bytes to process.
  */
-extern void poly1305_blocks_avx2(Poly1305* ctx, const unsigned char* m,
+WOLFSSL_LOCAL void poly1305_blocks_avx2(Poly1305* ctx, const unsigned char* m,
                                  size_t bytes);
 /* Calculate R^1, R^2, R^3 and R^4 and store them in the context.
  *
  * ctx    Poly1305 context.
  */
-extern void poly1305_calc_powers_avx2(Poly1305* ctx);
+WOLFSSL_LOCAL void poly1305_calc_powers_avx2(Poly1305* ctx);
 /* Set the key to use when processing data.
  * Initialize the context.
  * Calls AVX set key function as final function calls AVX code.
  *
  * ctx  Poly1305 context.
  * key  The key data (16 bytes).
  */
-extern void poly1305_setkey_avx2(Poly1305* ctx, const byte* key);
+WOLFSSL_LOCAL void poly1305_setkey_avx2(Poly1305* ctx, const byte* key);
 /* Calculate the final result - authentication data.
  * Zeros out the private data in the context.
  * Calls AVX final function to quickly process last blocks.
  *
  * ctx  Poly1305 context.
  * mac  Buffer to hold 16 bytes - authentication data.
  */
-extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
+WOLFSSL_LOCAL void poly1305_final_avx2(Poly1305* ctx, byte* mac);
 #endif
 
 #ifdef __cplusplus

wolfcrypt/test/test.c

@@ -608,14 +608,12 @@ static                  wc_test_ret_t  hkdf_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hkdf_test(void);
 #endif
 #endif /* HAVE_HKDF && ! NO_HMAC */
-#ifdef WOLFSSL_HAVE_PRF
-#if defined(HAVE_HKDF) && !defined(NO_HMAC)
-#ifdef WOLFSSL_BASE16
+#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls12_kdf_test(void);
-#endif /* WOLFSSL_BASE16 */
-#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
-#endif /* WOLFSSL_HAVE_PRF */
-#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+#endif
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  prf_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sshkdf_test(void);
@@ -1921,27 +1919,26 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     PRIVATE_KEY_LOCK();
 #endif /* WOLFSSL_WOLFSSH */
 
-#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
     PRIVATE_KEY_UNLOCK();
     if ( (ret = prf_test()) != 0)
         TEST_FAIL("PRF         test failed!\n", ret);
     else
         TEST_PASS("PRF         test passed!\n");
     PRIVATE_KEY_LOCK();
-#endif
+#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */
 
-#ifdef WOLFSSL_HAVE_PRF
-#if defined (HAVE_HKDF) && !defined(NO_HMAC)
-#ifdef WOLFSSL_BASE16
+#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
     PRIVATE_KEY_UNLOCK();
     if ( (ret = tls12_kdf_test()) != 0)
         TEST_FAIL("TLSv1.2 KDF test failed!\n", ret);
     else
         TEST_PASS("TLSv1.2 KDF test passed!\n");
     PRIVATE_KEY_LOCK();
-#endif /* WOLFSSL_BASE16 */
-#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
-#endif /* WOLFSSL_HAVE_PRF */
+#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */
+       /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */
 
 #ifdef WOLFSSL_TLS13
     PRIVATE_KEY_UNLOCK();
@@ -28154,7 +28151,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
 
 #endif /* WOLFSSL_WOLFSSH */
 
-#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
 #define DIGL 12
 #define SECL 48
 #define LBSL 63
@@ -28203,11 +28201,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
 
     return 0;
 }
-#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
+#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */
 
-#ifdef WOLFSSL_HAVE_PRF
-#if defined(HAVE_HKDF) && !defined(NO_HMAC)
-#ifdef WOLFSSL_BASE16
+#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
+    defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
 {
     const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089"
@@ -28252,16 +28249,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
         if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) {
             printf("    wc_PRF_TLSv12: Private key locked.\n");
         }
-        return WC_TEST_RET_ENC_NC;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     if (XMEMCMP(result, ms, msSz) != 0)
         return WC_TEST_RET_ENC_NC;
     return 0;
 }
-#endif /* WOLFSSL_BASE16 */
-#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
-#endif /* WOLFSSL_HAVE_PRF */
+#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */
+       /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */
 
 #ifdef WOLFSSL_TLS13
 

wolfssl/internal.h

@@ -7000,6 +7000,12 @@ WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
 #endif
 
 #ifdef WOLFSSL_DTLS13
+    #ifdef WOLFSSL_API_PREFIX_MAP
+        #define Dtls13GetEpoch wolfSSL_Dtls13GetEpoch
+        #define Dtls13CheckEpoch wolfSSL_Dtls13CheckEpoch
+        #define Dtls13WriteAckMessage wolfSSL_Dtls13WriteAckMessage
+        #define Dtls13RtxAddAck wolfSSL_Dtls13RtxAddAck
+    #endif
 
 WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl,
     w64wrapper epochNumber);
@@ -7096,6 +7102,9 @@ typedef struct CRYPTO_EX_cb_ctx {
 } CRYPTO_EX_cb_ctx;
 
 WOLFSSL_TEST_VIS extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
+#ifdef WOLFSSL_API_PREFIX_MAP
+    #define crypto_ex_cb_free wolfSSL_crypto_ex_cb_free
+#endif
 WOLFSSL_TEST_VIS void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
 WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj,
         CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data);

wolfssl/wolfcrypt/ge_operations.h

@@ -114,14 +114,14 @@ typedef struct {
 } ge_cached;
 
 #ifdef CURVED25519_ASM
-void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
-void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
-void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p);
+WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
+WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
+WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p);
 #define ge_p3_dbl(r, p)     ge_p2_dbl((ge_p1p1 *)(r), (ge_p2 *)(p))
-void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
-void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
-void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
-void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
+WOLFSSL_LOCAL void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
+WOLFSSL_LOCAL void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
+WOLFSSL_LOCAL void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
+WOLFSSL_LOCAL void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 #endif
 #endif /* !ED25519_SMALL */