wolfssl/wolfcrypt/dilithium.h: use macros, not inlines, for all legacy (!WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) wrappers;

douzzer · douzzer · commit 41b258edb0e4 · 2026-05-13T19:41:42.000-05:00
tests/api/test_mldsa.c: suppress -Wunreachable-code around wc_mldsa_canonical_api_check() and wc_mldsa_legacy_alias_check(); wolfcrypt/benchmark/benchmark.c, wolfcrypt/src/wc_lms.c, wolfssl/wolfcrypt/wc_lms.h, wrapper/rust/wolfssl-wolfcrypt/src/lms.rs: revert removal of WC_LMS_PARM_NONE in 69027c2 (used by wolfACVP).
diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c
@@ -30455,6 +30455,9 @@ int test_mldsa_x509_pubkey_sigtype(void)
  */
 #if defined(HAVE_DILITHIUM)
 
+PRAGMA_CLANG_DIAG_PUSH
+PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code\"")
+
 #ifdef __GNUC__
     #define WOLFSSL_MLDSA_API_CHECK_INLINE static __inline__ \
         __attribute__((unused, always_inline))
@@ -30714,4 +30717,6 @@ WOLFSSL_MLDSA_API_CHECK_INLINE void wc_mldsa_legacy_alias_check(void)
 }
 #endif /* !WOLFSSL_NO_DILITHIUM_LEGACY_NAMES */
 
+PRAGMA_CLANG_DIAG_POP
+
 #endif /* HAVE_DILITHIUM */
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
@@ -11700,6 +11700,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
         XMEMCPY(key.pub, lms_pub_L4_H5_W8, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
+    case WC_LMS_PARM_NONE:
     case WC_LMS_PARM_L1_H15_W2:
     case WC_LMS_PARM_L1_H15_W4:
     case WC_LMS_PARM_L2_H10_W8:
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
@@ -258,6 +258,9 @@ static const wc_LmsParamsMap wc_lms_map[] = {
       LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
                  WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_NONE     , "LMS_NONE"         ,
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2",
       LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
                  WC_SHA256_DIGEST_SIZE) },
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
@@ -52,11 +52,10 @@
  *      always fires whenever either is defined; the legacy spelling
  *      remains as an alias kept around for unmigrated consumer code.
  *
- *   2. Macro / static-inline aliases for the legacy type and function
- *      names (dilithium_key, wc_dilithium_params, wc_dilithium_*,
- *      wc_Dilithium_*) so application code written against the
- *      pre-standardization API keeps compiling. Suppressed by defining
- *      WOLFSSL_NO_DILITHIUM_LEGACY_NAMES.
+ *   2. Macro aliases for the legacy type and function names (dilithium_key,
+ *      wc_dilithium_params, wc_dilithium_*, wc_Dilithium_*) so application code
+ *      written against the pre-standardization API keeps compiling. Suppressed
+ *      by defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES.
  *
  * New code must include <wolfssl/wolfcrypt/wc_mldsa.h> directly and use
  * the wc_MlDsaKey / wc_MlDsaKey_* / WOLFSSL_MLDSA_* names. */
@@ -381,146 +380,58 @@
 
 /* Legacy default-args / arg-reorder wrappers. The legacy form takes the key
  * pointer last (or near last); the FIPS 204 / ML-KEM convention used by the
- * canonical wc_MlDsaKey_* names puts the key first. The wrappers below are
- * static inline functions (rather than function-like macros) so that
- * (a) `&wc_dilithium_init`-style address-of expressions remain valid in
- * source (they yield the inline wrapper's address - note this is a
- * translation-unit-local symbol, not the previously-exported library
- * symbol) and (b) each wrapper preserves the legacy signature byte-for-byte.
- * Each wrapper is gated to match its canonical target's gating so
- * unused-on-this-build wrappers don't reference undeclared symbols. */
-
-#ifdef __GNUC__
-    /* Suppress -Wunused-function for translation units that don't call every
-     * legacy wrapper. */
-    #define WOLFSSL_DILITHIUM_LEGACY_INLINE static __inline__ \
-        __attribute__((unused, always_inline))
-#else
-    #define WOLFSSL_DILITHIUM_LEGACY_INLINE static WC_INLINE
-#endif
-
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_init(wc_MlDsaKey* key) {
-    return wc_MlDsaKey_Init(key, NULL, INVALID_DEVID);
-}
+ * canonical wc_MlDsaKey_* names puts the key first. */
 
+#define wc_dilithium_init(key) \
+    wc_MlDsaKey_Init(key, NULL, INVALID_DEVID)
 #ifdef WOLFSSL_MLDSA_PUBLIC_KEY
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_import_public(const byte* in, word32 inLen, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_ImportPubRaw(key, in, inLen);
-}
+    #define wc_dilithium_import_public(in, inLen, key) wc_MlDsaKey_ImportPubRaw(key, in, inLen)
 #endif
-
 #ifdef WOLFSSL_MLDSA_PRIVATE_KEY
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_import_private(const byte* priv, word32 privSz, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_ImportPrivRaw(key, priv, privSz);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_import_private_only(const byte* in, word32 inLen, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_ImportPrivRaw(key, in, inLen);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_import_key(const byte* priv, word32 privSz, const byte* pub,
-                            word32 pubSz, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_ImportKey(key, priv, privSz, pub, pubSz);
-}
+    #define wc_dilithium_import_private(priv, privSz, key) \
+        wc_MlDsaKey_ImportPrivRaw(key, priv, privSz)
+    #define wc_dilithium_import_private_only(in, inLen, key) \
+        wc_MlDsaKey_ImportPrivRaw(key, in, inLen)
+    #define wc_dilithium_import_key(priv, privSz, pub, pubSz, key) \
+        wc_MlDsaKey_ImportKey(key, priv, privSz, pub, pubSz)
 #endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
-
 #ifndef WOLFSSL_MLDSA_VERIFY_ONLY
-#ifdef WOLFSSL_MLDSA_NO_CTX
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
-                          word32* sigLen, wc_MlDsaKey* key, WC_RNG* rng) {
-    return wc_MlDsaKey_Sign(key, sig, sigLen, msg, msgLen, rng);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
-                                    word32* sigLen, wc_MlDsaKey* key,
-                                    const byte* seed) {
-    return wc_MlDsaKey_SignWithSeed(key, sig, sigLen, msg, msgLen, seed);
-}
-#endif /* WOLFSSL_MLDSA_NO_CTX */
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
-                              word32 msgLen, byte* sig, word32* sigLen,
-                              wc_MlDsaKey* key, WC_RNG* rng) {
-    return wc_MlDsaKey_SignCtx(key, ctx, ctxLen, sig, sigLen, msg, msgLen, rng);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
-                               const byte* hash, word32 hashLen, byte* sig,
-                               word32* sigLen, wc_MlDsaKey* key, WC_RNG* rng) {
-    return wc_MlDsaKey_SignCtxHash(key, ctx, ctxLen, sig, sigLen, hash,
-                                   hashLen, hashAlg, rng);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
-                                        const byte* msg, word32 msgLen,
-                                        byte* sig, word32* sigLen,
-                                        wc_MlDsaKey* key, const byte* seed) {
-    return wc_MlDsaKey_SignCtxWithSeed(key, ctx, ctxLen, sig, sigLen, msg,
-                                       msgLen, seed);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
-                                         int hashAlg, const byte* hash,
-                                         word32 hashLen, byte* sig,
-                                         word32* sigLen, wc_MlDsaKey* key,
-                                         const byte* seed) {
-    return wc_MlDsaKey_SignCtxHashWithSeed(key, ctx, ctxLen, sig, sigLen,
-                                           hash, hashLen, hashAlg, seed);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_sign_mu_with_seed(const byte* mu, word32 muLen, byte* sig,
-                                   word32* sigLen, wc_MlDsaKey* key,
-                                   const byte* seed) {
-    return wc_MlDsaKey_SignMuWithSeed(key, sig, sigLen, mu, muLen, seed);
-}
+    #ifdef WOLFSSL_MLDSA_NO_CTX
+        #define wc_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng) \
+            wc_MlDsaKey_Sign(key, sig, sigLen, msg, msgLen, rng)
+        #define wc_dilithium_sign_msg_with_seed(msg, msgLen, sig, sigLen, key, seed) \
+            wc_MlDsaKey_SignWithSeed(key, sig, sigLen, msg, msgLen, seed)
+    #endif /* WOLFSSL_MLDSA_NO_CTX */
+    #define wc_dilithium_sign_ctx_msg(ctx, ctxLen, msg, msgLen, sig, sigLen, key, rng) \
+        wc_MlDsaKey_SignCtx(key, ctx, ctxLen, sig, sigLen, msg, msgLen, rng)
+    #define wc_dilithium_sign_ctx_hash(ctx, ctxLen, hashAlg, hash, hashLen, sig, sigLen, key, rng) \
+        wc_MlDsaKey_SignCtxHash(key, ctx, ctxLen, sig, sigLen, hash, hashLen, hashAlg, rng)
+    #define wc_dilithium_sign_ctx_msg_with_seed(ctx, ctxLen, msg, msgLen, sig, sigLen, key, seed) \
+        wc_MlDsaKey_SignCtxWithSeed(key, ctx, ctxLen, sig, sigLen, msg, msgLen, seed)
+    #define wc_dilithium_sign_ctx_hash_with_seed(ctx, ctxLen, hashAlg, hash, hashLen, sig, sigLen, key, seed) \
+        wc_MlDsaKey_SignCtxHashWithSeed(key, ctx, ctxLen, sig, sigLen, hash, hashLen, hashAlg, seed)
+    #define wc_dilithium_sign_mu_with_seed(mu, muLen, sig, sigLen, key, seed) \
+        wc_MlDsaKey_SignMuWithSeed(key, sig, sigLen, mu, muLen, seed)
 #endif /* !WOLFSSL_MLDSA_VERIFY_ONLY */
-
 #ifdef WOLFSSL_MLDSA_NO_CTX
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                            word32 msgLen, int* res, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_Verify(key, sig, sigLen, msg, msgLen, res);
-}
+    #define wc_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key) \
+        wc_MlDsaKey_Verify(key, sig, sigLen, msg, msgLen, res)
 #endif /* WOLFSSL_MLDSA_NO_CTX */
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
-                                byte ctxLen, const byte* msg, word32 msgLen,
-                                int* res, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_VerifyCtx(key, sig, sigLen, ctx, ctxLen, msg, msgLen,
-                                 res);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, const byte* ctx,
-                                 byte ctxLen, int hashAlg, const byte* hash,
-                                 word32 hashLen, int* res, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_VerifyCtxHash(key, sig, sigLen, ctx, ctxLen, hash,
-                                     hashLen, hashAlg, res);
-}
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_dilithium_verify_mu(const byte* sig, word32 sigLen, const byte* mu,
-                           word32 muLen, int* res, wc_MlDsaKey* key) {
-    return wc_MlDsaKey_VerifyMu(key, sig, sigLen, mu, muLen, res);
-}
-
+#define wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, ctxLen, msg, msgLen, res, key) \
+    wc_MlDsaKey_VerifyCtx(key, sig, sigLen, ctx, ctxLen, msg, msgLen, res)
+#define wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, ctxLen, hashAlg, hash, hashLen, res, key) \
+    wc_MlDsaKey_VerifyCtxHash(key, sig, sigLen, ctx, ctxLen, hash, hashLen, hashAlg, res)
+#define wc_dilithium_verify_mu(sig, sigLen, mu, muLen, res, key) \
+    wc_MlDsaKey_VerifyMu(key, sig, sigLen, mu, muLen, res)
 #ifndef WOLFSSL_MLDSA_NO_ASN1
-#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                  wc_MlDsaKey* key, word32 inSz) {
-    return wc_MlDsaKey_PrivateKeyDecode(key, input, inSz, inOutIdx);
-}
-#endif
-#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
-WOLFSSL_DILITHIUM_LEGACY_INLINE
-int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
-                                 wc_MlDsaKey* key, word32 inSz) {
-    return wc_MlDsaKey_PublicKeyDecode(key, input, inSz, inOutIdx);
-}
-#endif
+    #ifdef WOLFSSL_MLDSA_PRIVATE_KEY
+        #define wc_Dilithium_PrivateKeyDecode(input, inOutIdx, key, inSz) \
+            wc_MlDsaKey_PrivateKeyDecode(key, input, inSz, inOutIdx)
+    #endif
+    #ifdef WOLFSSL_MLDSA_PUBLIC_KEY
+        #define wc_Dilithium_PublicKeyDecode(input, inOutIdx, key, inSz) \
+            wc_MlDsaKey_PublicKeyDecode(key, input, inSz, inOutIdx)
+    #endif
 #endif /* !WOLFSSL_MLDSA_NO_ASN1 */
 
 /* Internal-helper aliases. These cover symbols that are *not* part of the
diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h
@@ -159,6 +159,7 @@ enum wc_LmsRc {
  * will be large. */
 enum wc_LmsParm {
 #ifndef WOLFSSL_NO_LMS_SHA256_256
+    WC_LMS_PARM_NONE = 0,
     WC_LMS_PARM_L1_H5_W1 = 1,
     WC_LMS_PARM_L1_H5_W2 = 2,
     WC_LMS_PARM_L1_H5_W4 = 3,
diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs b/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs
@@ -108,6 +108,7 @@ pub struct Lms {
 
 #[cfg(lms_sha256_256)]
 impl Lms {
+    pub const PARM_NONE: u32 = sys::wc_LmsParm_WC_LMS_PARM_NONE;
     pub const PARM_L1_H5_W1: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W1;
     pub const PARM_L1_H5_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W2;
     pub const PARM_L1_H5_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W4;
