Skip to content

Automatically turn on LMS / XMSS full hash #9946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
LinuxJedi wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Automatically turn on LMS / XMSS full hash #9946

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions wolfssl/wolfcrypt/wc_lms.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,12 @@
#include <wolfssl/wolfcrypt/lms.h>
#include <wolfssl/wolfcrypt/sha256.h>

/* When hash struct internals are not accessible (hardware SHA acceleration),
* fall back to full hash API calls. */
#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_LMS_FULL_HASH)
#define WC_LMS_FULL_HASH
#endif
Comment on lines +98 to +102
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This conditional “NO_HASH_RAW => FULL_HASH” logic is duplicated in both XMSS and LMS headers. To reduce drift and keep behavior consistent, consider centralizing this mapping in a shared configuration header (or a single common macro) and referencing it from both places.

Copilot uses AI. Check for mistakes.

#ifdef WOLFSSL_LMS_MAX_LEVELS
/* Maximum number of levels of trees supported by implementation. */
#define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS
Expand Down
6 changes: 6 additions & 0 deletions wolfssl/wolfcrypt/wc_xmss.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@
#include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/sha3.h>

/* When hash struct internals are not accessible (hardware SHA acceleration),
* fall back to full hash API calls. */
Comment on lines +37 to +38
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment ties WOLFSSL_NO_HASH_RAW specifically to “hash struct internals not accessible (hardware SHA acceleration)”, but the macro name/meaning is about disabling raw-hash access (and may be set for reasons other than HW offload). Consider rewording to reflect the actual condition (raw hash API unavailable) without implying a specific cause.

Suggested change
/* When hash struct internals are not accessible (hardware SHA acceleration),
* fall back to full hash API calls. */
/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW),
* fall back to using the full hash API calls. */

Copilot uses AI. Check for mistakes.
#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH)
#define WC_XMSS_FULL_HASH
#endif

#if !defined(WOLFSSL_WC_XMSS)
#error "This code is incompatible with external implementation of XMSS."
#endif
Expand Down