1 Topic by grant.stein (edited by grant.stein 2025-04-17 10:12:36)

  • Registered: 2025-04-17
  • Posts: 1

Topic: 5.7.6 build issue with AES settings

I am upgrading our wolfssl version from 5.6.4 to 5.7.6 and am encountering a build issue with woflcrypt/aes.c. We haven't modified our application or user_settings, just updated the wolfssl version.

This is the compilation error:

wolfssl/wolfcrypt/src/aes.c:243:35: error: 'wc_AesDecrypt' defined but not used [-Werror=unused-function]
  243 |     static WARN_UNUSED_RESULT int wc_AesDecrypt(
      |

These are our user_settings pertaining to AES. We only use the CCM AES functions in our application

/*---------- WOLF_CONF_AESGCM -----------*/
#define WOLF_CONF_AESGCM      0

/*---------- WOLF_CONF_AESCBC -----------*/
#define WOLF_CONF_AESCBC      0
...
/* AES */
#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
    #define HAVE_AESGCM
    /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
    /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
    #define GCM_SMALL
    // #define HAVE_AES_DECRYPT
#endif

#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
    #define HAVE_AES_CBC
    // #define HAVE_AES_DECRYPT
#endif

/* Other possible AES modes */
//#define WOLFSSL_AES_COUNTER
#define HAVE_AESCCM
// #define NO_AES_DECRYPT
//#define WOLFSSL_AES_XTS
//#define WOLFSSL_AES_DIRECT
//#define HAVE_AES_ECB
//#define HAVE_AES_KEYWRAP
//#define AES_MAX_KEY_SIZE 256

It appears this stems from how the wc_AesDecrypt function is brought in in aes.c

#ifdef HAVE_AES_DECRYPT
    #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
    static WARN_UNUSED_RESULT int wc_AesDecrypt(
        Aes* aes, const byte* inBlock, byte* outBlock)
    {

If you have AESCCM enabled then this is brought in automatically. Given we don't use this function and want to avoid the compilation error, is there a combination of user settings that can accomplish this?

Thank you.

Share

  • Registered: 2021-08-12
  • Posts: 131

Re: 5.7.6 build issue with AES settings

Thank you so much for finding this!! I really appreciate it.  We'll look into fixing this.  Feels like it should be a simple fix.

Warm regards, Anthony

Share

  • Registered: 2021-07-06
  • Posts: 169

Re: 5.7.6 build issue with AES settings

Hi Grant,

Thanks for the report.  Please try the patch below and let me know if it helps, my colleague has reproduced your issue on his STM32 and has confirmed that this patch fixes the issue for him:

From 645da3317636d2bf4d1b35059f6cb6fc35c60812 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Thu, 17 Apr 2025 14:33:44 -0700
Subject: [PATCH] Fix unused function warning for wc_AesDecrypt when building
 with STM32. This function is not needed for AES-CCM, as the AES-CCM decrypt
 function only calls wc_AesEncrypt.

---
 wolfcrypt/src/aes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 86e7be9dc9..6e7f104dd4 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -233,7 +233,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */
 
 #ifdef HAVE_AES_DECRYPT
-    #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
+    #if defined(WOLFSSL_AES_DIRECT)
     static WARN_UNUSED_RESULT int wc_AesDecrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
@@ -340,7 +340,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 
         return ret;
     }
-    #endif /* WOLFSSL_AES_DIRECT || HAVE_AESCCM */
+    #endif /* WOLFSSL_AES_DIRECT */
 #endif /* HAVE_AES_DECRYPT */
 
 #elif defined(HAVE_COLDFIRE_SEC)

Thanks,
Kareem

Share

  • Registered: 2015-10-07
  • Posts: 439

Re: 5.7.6 build issue with AES settings

FYI: PR is here: https://github.com/wolfSSL/wolfssl/pull/8693

Share