config refactor#766
Draft
bigbrett wants to merge 10 commits into
Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Refactors wolfCrypt/wolfSSL configuration into composable include/user_settings/* fragments and simplifies Make-side -D flag emission for hash-based signature parameterization.
Changes:
- Splits the monolithic
include/user_settings.hinto ordered “fragment” headers (cascade/base/sign/hash/features/finalize) and turnsuser_settings.hinto a dispatcher. - Moves SIGN/HASH algorithm-specific configuration into dedicated
sign_*.handhash_*.hfragments with central dispatch headers. - Updates
options.mkso LMS/XMSS Make variables carry only user-provided parameter values, with wolfCrypt-side defines derived in headers.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| options.mk | Drops wolfCrypt-side LMS/XMSS defines from Make flags; keeps only user parameter -Ds. |
| include/user_settings.h | Replaced large inline configuration with ordered includes of fragment headers. |
| include/user_settings/base.h | New: baseline wolfCrypt settings shared by all builds. |
| include/user_settings/cascade.h | New: feature implication cascades + WOLFBOOT_NEEDS_* markers. |
| include/user_settings/sign_dispatch.h | New: includes per-signature fragments based on SIGN flags. |
| include/user_settings/sign_rsa.h | New: RSA verification configuration (and NO_RSA fallback). |
| include/user_settings/sign_ecc.h | New: ECC verification configuration and carve-outs. |
| include/user_settings/sign_ed25519.h | New: ED25519 verification configuration and carve-outs. |
| include/user_settings/sign_ed448.h | New: ED448 verification configuration and carve-outs. |
| include/user_settings/sign_ml_dsa.h | New: ML-DSA (Dilithium) verification configuration and carve-outs. |
| include/user_settings/sign_lms.h | New: LMS verification config; maps Make parameters to wolfCrypt defines. |
| include/user_settings/sign_xmss.h | New: XMSS verification config; maps Make parameters to wolfCrypt defines. |
| include/user_settings/hash_dispatch.h | New: includes hash fragments based on WOLFBOOT_HASH_*. |
| include/user_settings/hash_sha384.h | New: SHA-384 hash selection fragment (+ optional NO_SHA256). |
| include/user_settings/hash_sha3.h | New: SHA3-384 hash selection fragment (+ optional NO_SHA256). |
| include/user_settings/encrypt.h | New: EXT_ENCRYPTED / SECURE_PKCS11 wolfCrypt configuration. |
| include/user_settings/trustzone.h | New: TrustZone secure-mode wolfCrypt configuration. |
| include/user_settings/tpm.h | New: wolfTPM-related config for WOLFBOOT_TPM builds. |
| include/user_settings/wolfhsm.h | New: crypto-callback/key-gen config for wolfHSM client/server builds. |
| include/user_settings/cert_chain.h | New: cert-chain verify mode config for wolfHSM server. |
| include/user_settings/renesas.h | New: Renesas HW crypto offload settings. |
| include/user_settings/platform.h | New: platform-specific SP-math word-size and minor platform knobs. |
| include/user_settings/test_bench.h | New: test/benchmark-specific configuration and RNG selection. |
| include/user_settings/finalize.h | New: reconciles WOLFBOOT_NEEDS_* into NO_* / WC_NO_* and global disables. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
de02995 to
721b1ad
Compare
Master (PR wolfSSL#773) consolidated WOLFSSL_NXP_LPC55S69_WITH_HWACCEL and WOLFSSL_NXP_LPC55S69_NO_HWACCEL into a single WOLFSSL_NXP_LPC55S6X hwaccel flag, switched the test/bench HASHDRBG and HW-feature gates to TARGET_lpc55s69 (covers both hwaccel and non-hwaccel builds), and dropped the NO_WOLFSSL_SHA256_INTERLEAVE workaround. Propagate those changes into the new include/user_settings/ fragments so the old macro names (which no longer exist in arch.mk/test-app/hal) don't leave the test/bench and NEEDS_HASHDRBG paths permanently disabled on lpc55s69.
Post-rebase fixup after pulling in upstream commits cab04ad (wolfssl submodule update with file-level ML-DSA rename) and 6e60abd (continue the ML-DSA renaming). - sign_ml_dsa.h: switch the legacy HAVE_DILITHIUM / WOLFSSL_WC_DILITHIUM / WOLFSSL_DILITHIUM_* spellings to the canonical WOLFSSL_HAVE_MLDSA / WOLFSSL_MLDSA_* names. The shim in wolfcrypt/src/wc_mldsa.c still accepts the legacy names, but matching the canonical names keeps the fragment readable against the new submodule. - sign_dispatch.h: drop the "/ Dilithium" half of the algorithm header comment. - sign_rsa.h: gate WC_RSA_BLINDING by WOLFCRYPT_SECURE_MODE, WOLFBOOT_TPM_PARMENC, WOLFCRYPT_TEST, WOLFCRYPT_BENCHMARK, or WOLFBOOT_ENABLE_WOLFHSM_SERVER, mirroring upstream commit cab04ad. Blinding requires the wolfCrypt RNG, which settings.h disables in verify-only builds. - sign_lms.h / sign_xmss.h: drop the no-longer-referenced WOLFSSL_WC_LMS / WOLFSSL_WC_XMSS gates (only the _SMALL variants remain in the submodule), matching upstream's options.mk trim in cab04ad. Built clean against sim, sim-ml-dsa, sim-lms, sim-xmss, and sim-rsapss2048 configs.
…cert chains Post-rebase fixup translating upstream's user_settings.h changes since b983fa7 into the fragment architecture: - sign_rsa.h: wrap the WC_RSA_BLINDING condition in #ifndef WC_NO_RNG, mirroring upstream 9786f56 (STM32N6 port). Covers NS-side test-apps that force WC_NO_RNG from CFLAGS (TEST_APP_NO_RNG=1) while inheriting WOLFCRYPT_SECURE_MODE. finalize.h's own WC_NO_RNG cannot coexist with the inner conditions since each declares WOLFBOOT_NEEDS_RNG. - finalize.h: define WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS alongside the central WC_NO_RNG, mirroring upstream b9bd6da's two per-section definitions (wolfssl rejects WC_NO_RNG with default blinding macros). - wolfhsm.h: adopt the WOLFCRYPT_TZ_WOLFHSM TrustZone engine (upstream b9bd6da): extend the crypto-cb gate, add secure-side SHA384/SHA512 and keycache sizing for wolfHSM server builds, and the AES/HKDF/GCM positive set for the TZ engine (all skipped under UNIT_TEST). - cascade.h: declare NEEDS_AES / NEEDS_HMAC for WOLFCRYPT_TZ_WOLFHSM && !UNIT_TEST -- the fragment equivalent of upstream's #undef NO_AES / #undef NO_HMAC re-enables. - cert_chain.h: drop WOLFSSL_PEM_TO_DER (upstream 9b8629e) and the NEEDS_PEM opt-in; chains are DER-only so finalize.h's WOLFSSL_NO_PEM now applies, matching upstream's effective macro state. - docs/wolfssl-config.md: refresh the affected tables and fragment sections. Verified against upstream/master's monolithic user_settings.h with a gcc -dM -E macro diff: identical effective config for the TZ-wolfHSM secure/NS-app/unit-test flag sets and plain ECC256/RSA2048/ED25519 builds; cert-chain server differs only by the pre-existing deliberate NEEDS_ASN_TIME/PKCS8/CHECK_PRIVATE_KEY divergences. Built clean against sim, sim-rsapss2048, sim-lms, sim-xmss, sim-ml-dsa, and stm32h5-tz-wolfhsm; unit-test suite passes (85/85). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VRYWs5z7ZgeEQsQTx9c7do
4be5504 to
9641492
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
super secret plz dont look just yet
Background / Motivation
Problem. The current wolfBoot wolfCrypt configuration is split between two tightly coupled files that have grown into a tangle:
options.mk(1481 lines) — translates high-level Make variables (SIGN,HASH,WOLFTPM,WOLFHSM_CLIENT,WOLFCRYPT_TZ_*,ENCRYPT*, etc.) intoWOLFCRYPT_OBJS(linker input) and-DxxxCFLAGS (preprocessor input).include/user_settings.h(781 lines) — consumes those-Dxxxflags and configures wolfCrypt features.This led to tightly coupled, hard-to-reason-about logic built around deeply nested, negated
#ifdefchains. Adding or modifying a feature required:Negative wolfCrypt flags (
NO_*,WC_NO_*) made this worse: they don’t compose safely, so enabling a feature often meant editing multiple disable sites or introducing#undefs, increasing risk and maintenance cost.Additionally, important configuration behavior lived in
options.mk, meaning non-Make builds (IDE, CMake) could not reliably reproduce the same configuration without duplicating logic.Summary
This PR replaces the monolithic configuration with a modular, fragment-based system and introduces a
WOLFBOOT_NEEDS_*marker model to decouple feature intent from final wolfCrypt configuration.Key Changes
Shim-based entrypoint
include/user_settings.hnow only orchestrates includes in a fixed order.Fragmented configuration
#defineonly) and independent.Cascade layer (
cascade.h)options.mkinto the preprocessor.WOLFBOOT_NEEDS_*markers from high-level flags.Central reconciliation (
finalize.h)NEEDS marker model
Benefits
Eliminates negated
#ifdefchainsDecouples features
Single source of truth for disables
NO_*/WC_NO_*decisions live infinalize.h.Improved build portability
WOLFBOOT_*flags.Simpler reasoning
finalize.hSafer extensibility
No User-Facing Changes
.configinputs andWOLFBOOT_*flags are unchanged.Developer Impact
New features follow a consistent pattern:
WOLFBOOT_NEEDS_*markers incascade.hfinalize.hwhen introducing a new negative-polarity featureResulting flow:
Scope