Cannot build wolfssl with liboqs integration

[notyan]

Version

wolfssl-5.7.2

Description

Description

trying yo install and build wolfSSL with liboqs following the https://github.com/wolfSSL/wolfssl/blob/master/INSTALL point 15 on debian 11 Following all the step provided by the documentation, but the wolfssl build have this problem

Here the instalation of liboqs output

$ sudo make install
[  2%] Built target sphincs_sha2_192f_simple_avx2
[  3%] Built target common
[  3%] Built target xkcp_low_keccakp_1600times4_avx2
[  3%] Built target xkcp_low_keccakp_1600_avx2
[  4%] Built target xkcp_low_keccakp_1600times4_serial
[  4%] Built target xkcp_low_keccakp_1600_plain64
[  6%] Built target bike_l5
[  8%] Built target bike_l3
[  9%] Built target bike_l1
[  9%] Built target kem_bike
[ 10%] Built target frodokem_avx2
[ 11%] Built target frodokem
[ 13%] Built target ntruprime_sntrup761_avx2
[ 15%] Built target ntruprime_sntrup761_clean
[ 18%] Built target classic_mceliece_8192128f_avx
[ 19%] Built target classic_mceliece_8192128f_vec
[ 21%] Built target classic_mceliece_6960119f_vec
[ 23%] Built target classic_mceliece_8192128_avx
[ 25%] Built target classic_mceliece_6960119_avx
[ 28%] Built target classic_mceliece_348864_avx
[ 29%] Built target classic_mceliece_8192128_vec
[ 31%] Built target classic_mceliece_460896f_vec
[ 33%] Built target classic_mceliece_6688128_avx
[ 34%] Built target classic_mceliece_348864f_vec
[ 37%] Built target classic_mceliece_348864f_avx
[ 38%] Built target classic_mceliece_348864_vec
[ 39%] Built target classic_mceliece_6688128_vec
[ 41%] Built target classic_mceliece_460896_vec
[ 44%] Built target classic_mceliece_6688128f_avx
[ 46%] Built target classic_mceliece_460896_avx
[ 48%] Built target classic_mceliece_6960119f_avx
[ 50%] Built target classic_mceliece_460896f_avx
[ 51%] Built target classic_mceliece_6688128f_vec
[ 53%] Built target classic_mceliece_6960119_vec
[ 54%] Built target hqc_128_clean
[ 55%] Built target hqc_192_avx2
[ 56%] Built target hqc_128_avx2
[ 57%] Built target hqc_256_avx2
[ 58%] Built target hqc_192_clean
[ 58%] Built target hqc_256_clean
[ 59%] Built target kyber_512_ref
[ 60%] Built target kyber_512_avx2
[ 61%] Built target kyber_768_avx2
[ 62%] Built target kyber_1024_ref
[ 63%] Built target kyber_1024_avx2
[ 64%] Built target kyber_768_ref
[ 65%] Built target dilithium_2_ref
[ 66%] Built target dilithium_5_ref
[ 67%] Built target dilithium_3_ref
[ 68%] Built target dilithium_3_avx2
[ 69%] Built target dilithium_5_avx2
[ 70%] Built target dilithium_2_avx2
[ 71%] Built target falcon_1024_clean
[ 72%] Built target falcon_1024_avx2
[ 73%] Built target falcon_512_avx2
[ 73%] Built target falcon_512_clean
[ 74%] Built target sphincs_shake_128f_simple_clean
[ 75%] Built target sphincs_shake_256s_simple_clean
[ 76%] Built target sphincs_shake_256s_simple_avx2
[ 77%] Built target sphincs_sha2_256s_simple_clean
[ 78%] Built target sphincs_sha2_128f_simple_avx2
[ 79%] Built target sphincs_sha2_256f_simple_avx2
[ 80%] Built target sphincs_sha2_256f_simple_clean
[ 81%] Built target sphincs_sha2_128s_simple_avx2
[ 82%] Built target sphincs_shake_256f_simple_avx2
[ 83%] Built target sphincs_sha2_128f_simple_clean
[ 84%] Built target sphincs_sha2_128s_simple_clean
[ 85%] Built target sphincs_sha2_192s_simple_avx2
[ 86%] Built target sphincs_shake_128f_simple_avx2
[ 87%] Built target sphincs_shake_256f_simple_clean
[ 88%] Built target sphincs_shake_128s_simple_clean
[ 90%] Built target sphincs_sha2_256s_simple_avx2
[ 91%] Built target sphincs_sha2_192f_simple_clean
[ 92%] Built target sphincs_shake_128s_simple_avx2
[ 93%] Built target sphincs_sha2_192s_simple_clean
[ 94%] Built target sphincs_shake_192f_simple_clean
[ 95%] Built target sphincs_shake_192f_simple_avx2
[ 96%] Built target sphincs_shake_192s_simple_clean
[ 97%] Built target sphincs_shake_192s_simple_avx2
[ 97%] Built target oqs
[ 97%] Built target speed_sig
[ 97%] Built target test_aes
[ 98%] Built target speed_common
[ 98%] Built target test_hash
[ 98%] Built target example_sig
[ 98%] Built target test_sha3
[ 98%] Built target example_kem
[ 98%] Built target dump_alg_info
[ 99%] Built target test_kem_mem
[100%] Built target kat_kem
[100%] Built target test_kem
[100%] Built target speed_kem
[100%] Built target kat_sig
[100%] Built target test_sig
[100%] Built target test_sig_mem
Install the project...
-- Install configuration: ""
-- Up-to-date: /usr/local/lib/cmake/liboqs/liboqsConfig.cmake
-- Installing: /usr/local/lib/cmake/liboqs/liboqsConfigVersion.cmake
-- Installing: /usr/local/lib/pkgconfig/liboqs.pc
-- Installing: /usr/local/lib/liboqs.a
-- Up-to-date: /usr/local/lib/cmake/liboqs/liboqsTargets.cmake
-- Installing: /usr/local/lib/cmake/liboqs/liboqsTargets-noconfig.cmake
-- Installing: /usr/local/include/oqs/oqs.h
-- Installing: /usr/local/include/oqs/common.h
-- Installing: /usr/local/include/oqs/rand.h
-- Installing: /usr/local/include/oqs/aes.h
-- Installing: /usr/local/include/oqs/sha2.h
-- Installing: /usr/local/include/oqs/sha3.h
-- Installing: /usr/local/include/oqs/sha3x4.h
-- Installing: /usr/local/include/oqs/kem.h
-- Installing: /usr/local/include/oqs/sig.h
-- Up-to-date: /usr/local/include/oqs/kem_bike.h
-- Up-to-date: /usr/local/include/oqs/kem_frodokem.h
-- Up-to-date: /usr/local/include/oqs/kem_ntruprime.h
-- Installing: /usr/local/include/oqs/kem_classic_mceliece.h
-- Installing: /usr/local/include/oqs/kem_hqc.h
-- Installing: /usr/local/include/oqs/kem_kyber.h
-- Installing: /usr/local/include/oqs/sig_dilithium.h
-- Installing: /usr/local/include/oqs/sig_falcon.h
-- Installing: /usr/local/include/oqs/sig_sphincs.h
-- Installing: /usr/local/include/oqs/oqsconfig.h

Here the configure i set and no error on running configure script

$ ./configure --with-liboqs --enable-experimental  
Configuration summary for wolfssl version 5.7.2

   * Installation prefix:        /usr/local
   * System type:                pc-linux-gnu
   * Host CPU:                   x86_64
   * C Compiler:                 gcc
   * C Flags:                       -Werror -Wno-pragmas -Wall -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
   * C++ Compiler:
   * C++ Flags:
   * CPP Flags:
   * CCAS Flags:
   * LD Flags:
   * LIB Flags:                   -pie -z relro -z now -Werror
   * Library Suffix:
   * Debug enabled:              no
   * Coverage enabled:
   * Warnings as failure:        yes
   * make -j:                    3
   * VCS checkout:               yes

   Features
   * Experimental settings:      Allowed
   * FIPS:                       no
   * Single threaded:            no
   * Filesystem:                 yes
   * OpenSSH Build:              no
   * OpenSSL Extra API:          no
   * OpenSSL Coexist:            no
   * Old Names:                  yes
   * Max Strength Build:         no
   * Distro Build:               no
   * Reproducible Build:         no
   * Side-channel Hardening:     yes
   * Single Precision Math:      no
   * SP implementation:          all
   * Fast Math:                  no
   * Heap Math:                  no
   * Assembly Allowed:           yes
   * sniffer:                    no
   * snifftest:                  no
   * ARC4:                       no
   * AES:                        yes
   * AES-NI:                     no
   * AES-CBC:                    yes
   * AES-CBC length checks:      no
   * AES-GCM:                    yes
   * AES-GCM streaming:          no
   * AES-CCM:                    no
   * AES-CTR:                    no
   * AES-CFB:                    no
   * AES-OFB:                    no
   * AES-XTS:                    no
   * AES-XTS streaming:          no
   * AES-SIV:                    no
   * AES-EAX:                    no
   * AES Bitspliced:             no
   * AES Key Wrap:               no
   * ARIA:                       no
   * DES3:                       no
   * DES3 TLS Suites:            no
   * Camellia:                   no
   * CUDA:                       no
   * SM4-ECB:                    no
   * SM4-CBC:                    no
   * SM4-CTR:                    no
   * SM4-GCM:                    no
   * SM4-CCM:                    no
   * NULL Cipher:                no
   * MD2:                        no
   * MD4:                        no
   * MD5:                        yes
   * RIPEMD:                     no
   * SHA:                        yes
   * SHA-224:                    yes
   * SHA-384:                    yes
   * SHA-512:                    yes
   * SHA3:                       yes
   * SHAKE128:                   no
   * SHAKE256:                   no
   * SM3:                        no
   * BLAKE2:                     no
   * BLAKE2S:                    no
   * SipHash:                    no
   * CMAC:                       no
   * keygen:                     no
   * certgen:                    no
   * certreq:                    no
   * certext:                    no
   * certgencache:               no
   * CHACHA:                     yes
   * XCHACHA:                    no
   * Hash DRBG:                  yes
   * MmemUse Entropy:
   * (AKA: wolfEntropy):         no
   * PWDBASED:                   yes
   * Encrypted keys:             no
   * scrypt:                     no
   * wolfCrypt Only:             no
   * HKDF:                       yes
   * HPKE:                       no
   * X9.63 KDF:                  no
   * SRTP-KDF:                   no
   * PSK:                        no
   * Poly1305:                   yes
   * LEANPSK:                    no
   * LEANTLS:                    no
   * RSA:                        yes
   * RSA-PSS:                    yes
   * DSA:                        no
   * DH:                         yes
   * DH Default Parameters:      yes
   * ECC:                        yes
   * ECC Custom Curves:          no
   * ECC Minimum Bits:           224
   * FPECC:                      no
   * ECC_ENCRYPT:                no
   * Brainpool:                  no
   * SM2:                        no
   * CURVE25519:                 no
   * ED25519:                    no
   * ED25519 streaming:          no
   * CURVE448:                   no
   * ED448:                      no
   * ED448 streaming:            no
   * LMS:                        no
   * LMS wolfSSL impl:
   * XMSS:                       no
   * XMSS wolfSSL impl:
   * KYBER:                      no
   * KYBER wolfSSL impl:         no
   * DILITHIUM:                  no
   * ECCSI                       no
   * SAKKE                       no
   * ASN:                        yes
   * Anonymous cipher:           no
   * CODING:                     yes
   * MEMORY:                     yes
   * I/O POOL:                   no
   * wolfSentry:                 no
   * LIGHTY:                     no
   * WPA Supplicant:             no
   * HAPROXY:                    no
   * STUNNEL:                    no
   * tcpdump:                    no
   * libssh2:                    no
   * ntp:                        no
   * rsyslog:                    no
   * Apache httpd:               no
   * NGINX:                      no
   * OpenResty:                  no
   * ASIO:                       no
   * LIBWEBSOCKETS:              no
   * Qt:                         no
   * Qt Unit Testing:            no
   * SIGNAL:                     no
   * chrony:                     no
   * strongSwan:                 no
   * OpenLDAP:                   no
   * hitch:                      no
   * memcached:                  no
   * ERROR_STRINGS:              yes
   * DTLS:                       no
   * DTLS v1.3:                  no
   * SCTP:                       no
   * SRTP:                       no
   * Indefinite Length:          no
   * Multicast:                  no
   * SSL v3.0 (Old):             no
   * TLS v1.0 (Old):             no
   * TLS v1.1 (Old):             no
   * TLS v1.2:                   yes
   * TLS v1.3:                   yes
   * RPK:                        no
   * Post-handshake Auth:        no
   * Early Data:                 no
   * QUIC:                       no
   * Send State in HRR Cookie:   undefined
   * OCSP:                       no
   * OCSP Stapling:              no
   * OCSP Stapling v2:           no
   * CRL:                        no
   * CRL-MONITOR:                no
   * Persistent session cache:   no
   * Persistent cert    cache:   no
   * Atomic User Record Layer:   no
   * Public Key Callbacks:       no
   * libxmss:                    no
   * liblms:                     no
   * liboqs:                     yes
   * Whitewood netRandom:        no
   * Server Name Indication:     yes
   * ALPN:                       no
   * Maximum Fragment Length:    no
   * Trusted CA Indication:      no
   * Truncated HMAC:             no
   * Supported Elliptic Curves:  yes
   * FFDHE only in client:       no
   * Session Ticket:             no
   * Extended Master Secret:     yes
   * Renegotiation Indication:   no
   * Secure Renegotiation:       no
   * Fallback SCSV:              no
   * Keying Material Exporter:   no
   * All TLS Extensions:         no
   * S/MIME:                     no
   * PKCS#7:                     no
   * PKCS#8:                     yes
   * PKCS#11:                    no
   * PKCS#12:                    yes
   * wolfSSH:                    no
   * wolfEngine:                 no
   * wolfTPM:                    no
   * wolfCLU:                    no
   * wolfSCEP:                   no
   * Secure Remote Password:     no
   * Small Stack:                no
   * Linux Kernel Module:        no
   * valgrind unit tests:        no
   * LIBZ:                       no
   * Examples:                   yes
   * Crypt tests:                yes
   * Stack sizes in tests:       no
   * Heap stats in tests:        no
   * Asynchronous Crypto:        no
   * Asynchronous Crypto (sim):  no
   * Cavium Nitrox:              no
   * Cavium Octeon (Sync):       no
   * Intel Quick Assist:         no
   * ARM ASM:                    no
   * ARM ASM SHA512/SHA3 Crypto  no
   * ARM ASM SM3/SM4 Crypto      no
   * RISC-V ASM                  no
   * Write duplicate:            no
   * Xilinx Hardware Acc.:       no
   * Inline Code:                yes
   * Linux AF_ALG:               no
   * Linux KCAPI:                no
   * Linux devcrypto:            no
   * PK callbacks:               no
   * Crypto callbacks:           no
   * i.MX CAAM:                  no
   * IoT-Safe:                   no
   * IoT-Safe HWRNG:             no
   * NXP SE050:                  no
   * Maxim Integrated MAXQ10XX:  no
   * PSA:                        no
   * System CA certs:            yes
   * Dual alg cert support:      no
   * ERR Queues per Thread:      yes
   * rwlock:                     no
   * keylog export:              no
   * AutoSAR :                   no

---
./configure flags: '--with-liboqs' '--enable-experimental'

And this is the error i get when i try to build wolfssl

$ ~/wolfssl (master)> make all
make -j3  all-recursive
make[1]: Entering directory '/home/royan/wolfssl'
make[2]: Entering directory '/home/royan/wolfssl'
make[2]: warning: -j3 forced in submake: resetting jobserver mode.
  CC       wolfcrypt/src/port/liboqs/src_libwolfssl_la-liboqs.lo
  CC       tests/unit_test-api.o
  CC       tests/unit_test-suites.o
In file included from tests/api.c:303:
./wolfssl/wolfcrypt/dilithium.h:486:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_public_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_falcon_512_length_public_key’?
  486 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key
      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/dilithium.h:486:39: note: in definition of macro ‘DILITHIUM_LEVEL5_PUB_KEY_SIZE’
  486 | #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key
      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/dilithium.h:546:12: note: in expansion of macro ‘DILITHIUM_MAX_PUB_KEY_SIZE’
  546 |     byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/dilithium.h:484:39: error: ‘OQS_SIG_ml_dsa_87_ipd_length_secret_key’ undeclared here (not in a function); did you mean ‘OQS_SIG_dilithium_5_length_secret_key’?
  484 | #define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_ml_dsa_87_ipd_length_secret_key
      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/dilithium.h:484:39: note: in definition of macro ‘DILITHIUM_LEVEL5_KEY_SIZE’
  484 | #define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_ml_dsa_87_ipd_length_secret_key
      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./wolfssl/wolfcrypt/dilithium.h:547:12: note: in expansion of macro ‘DILITHIUM_MAX_KEY_SIZE’
  547 |     byte k[DILITHIUM_MAX_KEY_SIZE];
      |            ^~~~~~~~~~~~~~~~~~~~~~
  CC       tests/unit_test-hash.o
  CC       tests/unit_test-w64wrapper.o
  CC       tests/unit_test-srp.o
  CC       tests/unit_test-quic.o
  CC       examples/client/tests_unit_test-client.o
  CC       examples/server/tests_unit_test-server.o
make[2]: *** [Makefile:8224: tests/unit_test-api.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/home/royan/wolfssl'
make[1]: *** [Makefile:8578: all-recursive] Error 1
make[1]: Leaving directory '/home/royan/wolfssl'
make: *** [Makefile:5159: all] Error 2

[iyanmv]

Those instructions seem a bit outdated. Try to build the latest liboqs instead of version 0.8.0. In particular, repeat the steps to compile liboqs but replace the command git checkout 0.8.0 with git checkout 0.10.1. I can confirm that wolfssl 5.7.2 works with that version of liboqs (although I'm using the shared library, not the static one).

[kareem-wolfssl]

Hi @notyan ,

As iyanmv said, please retry your build with the latest liboqs version. I will update our INSTALL instructions for liboqs.