Automatically turn on LMS / XMSS full hash#9946
Automatically turn on LMS / XMSS full hash#9946LinuxJedi wants to merge 1 commit intowolfSSL:masterfrom
Conversation
When WOLFSSL_NO_HASH_RAW is definied due to hardware hash offload, turn on LMS anx XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration.
There was a problem hiding this comment.
Pull request overview
This PR ensures XMSS and LMS automatically switch to “full hash” API usage when WOLFSSL_NO_HASH_RAW is enabled (e.g., due to hardware hash offload), preventing build failures when raw-hash access is unavailable.
Changes:
- Auto-define
WC_XMSS_FULL_HASHwhenWOLFSSL_NO_HASH_RAWis set. - Auto-define
WC_LMS_FULL_HASHwhenWOLFSSL_NO_HASH_RAWis set.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| wolfssl/wolfcrypt/wc_xmss.h | Adds conditional auto-enable of XMSS full-hash mode when raw hash is disabled. |
| wolfssl/wolfcrypt/wc_lms.h | Adds conditional auto-enable of LMS full-hash mode when raw hash is disabled. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| /* When hash struct internals are not accessible (hardware SHA acceleration), | ||
| * fall back to full hash API calls. */ |
There was a problem hiding this comment.
The comment ties WOLFSSL_NO_HASH_RAW specifically to “hash struct internals not accessible (hardware SHA acceleration)”, but the macro name/meaning is about disabling raw-hash access (and may be set for reasons other than HW offload). Consider rewording to reflect the actual condition (raw hash API unavailable) without implying a specific cause.
| /* When hash struct internals are not accessible (hardware SHA acceleration), | |
| * fall back to full hash API calls. */ | |
| /* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), | |
| * fall back to using the full hash API calls. */ |
| /* When hash struct internals are not accessible (hardware SHA acceleration), | ||
| * fall back to full hash API calls. */ | ||
| #if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_LMS_FULL_HASH) | ||
| #define WC_LMS_FULL_HASH | ||
| #endif |
There was a problem hiding this comment.
This conditional “NO_HASH_RAW => FULL_HASH” logic is duplicated in both XMSS and LMS headers. To reduce drift and keep behavior consistent, consider centralizing this mapping in a shared configuration header (or a single common macro) and referencing it from both places.
When WOLFSSL_NO_HASH_RAW is defined due to hardware hash offload, turn on LMS anx XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration.