Minor audit fixup items

Fixup macro guards

Nother RSA fix

Author: kaleb-himes

configure.ac

@@ -7336,6 +7336,10 @@ then
     fi
 
     if test "$ENABLED_ORIGINAL" = "yes"; then
+        # FIPS 203 (ML-KEM) and Kyber use different implicit rejection.
+        # Kyber mode must not be used in FIPS v7+ builds.
+        AS_IF([test "$HAVE_FIPS_VERSION" -ge 7],
+            [AC_MSG_ERROR([Kyber (--enable-mlkem=original) is not compatible with FIPS v7+. Use ML-KEM (FIPS 203) instead.])])
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
         if test "$ENABLED_MLKEM512" = ""; then
             AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"

wolfcrypt/src/rsa.c

@@ -1072,7 +1072,12 @@ static int RsaMGF_SHAKE(enum wc_HashType shakeType, byte* seed, word32 seedSz,
         ret = wc_InitShake128(&shake, heap, INVALID_DEVID);
     else
 #endif
+#ifdef WOLFSSL_SHAKE256
+    if (shakeType == WC_HASH_TYPE_SHAKE256)
         ret = wc_InitShake256(&shake, heap, INVALID_DEVID);
+    else
+#endif
+        ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
 #ifdef WOLFSSL_SHAKE128
@@ -1084,12 +1089,18 @@ static int RsaMGF_SHAKE(enum wc_HashType shakeType, byte* seed, word32 seedSz,
         }
         else
 #endif
-        {
+#ifdef WOLFSSL_SHAKE256
+        if (shakeType == WC_HASH_TYPE_SHAKE256) {
             ret = wc_Shake256_Update(&shake, seed, seedSz);
             if (ret == 0)
                 ret = wc_Shake256_Final(&shake, out, outSz);
             wc_Shake256_Free(&shake);
         }
+        else
+#endif
+        {
+            ret = BAD_FUNC_ARG;
+        }
     }
     return ret;
 }

wolfcrypt/src/sha256.c

@@ -252,6 +252,7 @@ static int InitSha256(wc_Sha256* sha256)
     sha256->digest[7] = 0x5BE0CD19L;
 
     sha256->buffLen = 0;
+    XMEMSET(sha256->buffer, 0, sizeof(sha256->buffer));
     sha256->loLen   = 0;
     sha256->hiLen   = 0;
 #ifdef WOLFSSL_HASH_FLAGS
@@ -2085,6 +2086,7 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
         sha224->digest[7] = 0xbefa4fa4;
 
         sha224->buffLen = 0;
+        XMEMSET(sha224->buffer, 0, sizeof(sha224->buffer));
         sha224->loLen   = 0;
         sha224->hiLen   = 0;
 

wolfcrypt/src/sha3.c

@@ -653,6 +653,7 @@ static int InitSha3(wc_Sha3* sha3)
 
     for (i = 0; i < 25; i++)
         sha3->s[i] = 0;
+    XMEMSET(sha3->t, 0, sizeof(sha3->t));
     sha3->i = 0;
 #ifdef WOLFSSL_HASH_FLAGS
     sha3->flags = 0;

wolfcrypt/src/sha512.c

@@ -331,6 +331,7 @@ static int InitSha512(wc_Sha512* sha512)
     sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
 
     sha512->buffLen = 0;
+    XMEMSET(sha512->buffer, 0, sizeof(sha512->buffer));
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
@@ -386,6 +387,7 @@ static int InitSha512_224(wc_Sha512* sha512)
     sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
 
     sha512->buffLen = 0;
+    XMEMSET(sha512->buffer, 0, sizeof(sha512->buffer));
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
@@ -443,6 +445,7 @@ static int InitSha512_256(wc_Sha512* sha512)
     sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
 
     sha512->buffLen = 0;
+    XMEMSET(sha512->buffer, 0, sizeof(sha512->buffer));
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
@@ -1938,6 +1941,7 @@ static int InitSha384(wc_Sha384* sha384)
     sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
 
     sha384->buffLen = 0;
+    XMEMSET(sha384->buffer, 0, sizeof(sha384->buffer));
     sha384->loLen   = 0;
     sha384->hiLen   = 0;