Intel QuickAssist: multi-device utilization + software-fallback / Cavium fixes

Makefile.am

@@ -25,6 +25,18 @@ ignore_files =
 SUBDIRS_OPT =
 DIST_SUBDIRS_OPT =
 
+# Serialize the build when Intel QuickAssist is enabled. Concurrent QAT user
+# processes (the parallel test binaries that `make -j check` launches) exhaust
+# the device's crypto instances and usdm contiguous memory, so the test phase
+# must run serially. With the non-recursive build this disables -j for the
+# whole invocation, which also matches the QAT driver's build guidance.
+if BUILD_INTEL_QA
+.NOTPARALLEL:
+endif
+if BUILD_INTEL_QA_SYNC
+.NOTPARALLEL:
+endif
+
 # allow supplementary or override flags to be passed at make time:
 AM_CPPFLAGS += $(EXTRA_CPPFLAGS)
 AM_CFLAGS += $(EXTRA_CFLAGS)

src/tls.c

@@ -11020,11 +11020,10 @@ int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     if (ret == 0) {
-        /* Check if the provided kse already contains ECC data and the
-        * last error was WC_PENDING_E. In this case, we already tried to
-        * process ECC kse data. Hence, we have to restore it. */
-        if (keyShareEntry->key != NULL && keyShareEntry->keyLen > 0 &&
-            keyShareEntry->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        /* Restore ECC state from a prior suspended pass. Not gated on
+         * lastRet == WC_PENDING_E: the async layer clears lastRet to 0 on
+         * completion, which would skip the restore and regenerate the key. */
+        if (keyShareEntry->key != NULL && keyShareEntry->keyLen > 0) {
             ecc_kse->key = keyShareEntry->key;
             ecc_kse->keyLen = keyShareEntry->keyLen;
             ecc_kse->pubKey = keyShareEntry->pubKey;
@@ -11143,6 +11142,7 @@ int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
         else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             keyShareEntry->lastRet = WC_PENDING_E;
             keyShareEntry->key = ecc_kse->key;
+            keyShareEntry->keyLen = ecc_kse->keyLen;
             keyShareEntry->pubKey = ecc_kse->pubKey;
             keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen;
             ecc_kse->key = NULL;
@@ -11964,6 +11964,18 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         if (extension != NULL && extension->resp == 1) {
             serverKSE = (KeyShareEntry*)extension->data;
             if (serverKSE != NULL) {
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE)
+                /* Re-drive server hybrid encapsulation on resume. GenKey
+                 * routes a hybrid group to the client generator, and the
+                 * lastRet == 0 path treats the share as done after only the
+                 * ECDH part completed, dropping the KEM ciphertext. ke holds
+                 * the client share until the handler completes and clears it. */
+                if (serverKSE->ke != NULL &&
+                        WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(serverKSE->group)) {
+                    return TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl,
+                            serverKSE, serverKSE->ke, serverKSE->keLen);
+                }
+#endif
                 /* in async case make sure key generation is finalized */
                 if (serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE);

wolfcrypt/src/async.c

@@ -686,6 +686,9 @@ int wolfAsync_EventQueuePoll(WOLF_EVENT_QUEUE* queue, void* context_filter,
                         if (ret != 0) {
                             break;
                         }
+                        /* buffer flushed: restart indexing to avoid writing
+                         * past multi_req.req[CAVIUM_MAX_POLL] */
+                        req_count = 0;
                     }
             #else
                 #if defined(HAVE_INTEL_QA)