gate CRYPTO AFFINITY under WOLFHSM_CFG_CRYPTO_AFFINITY#434
Merged
Conversation
bigbrett
previously approved these changes
Jul 2, 2026
Contributor
|
@AlexLanzano over to you |
AlexLanzano
previously approved these changes
Jul 3, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a compile-time feature flag (WOLFHSM_CFG_CRYPTO_AFFINITY) to explicitly enable/disable per-client crypto affinity, so ports without affinity support can keep the behavior (and API surface) out of the build and avoid accidental usage.
Changes:
- Add
WOLFHSM_CFG_CRYPTO_AFFINITYdocumentation and a config incompatibility check vsWOLFHSM_CFG_NO_CRYPTO. - Gate server devId selection logic and the client affinity setter/getter behind
WOLFHSM_CFG_CRYPTO_AFFINITY. - Update tests, docs, and CI/build matrix to exercise both affinity-enabled and affinity-disabled builds.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfhsm/wh_settings.h | Documents the new feature flag and adds a compile-time incompatibility check. |
| wolfhsm/wh_client.h | Updates API docs to indicate affinity APIs require the new macro. |
| src/wh_client.c | Wraps wh_Client_SetCryptoAffinity / wh_Client_GetCryptoAffinity implementations with the new macro. |
| src/wh_server_crypto.c | Uses per-request affinity only when enabled; otherwise always uses the server’s configured devId. |
| test/wh_test.c | Runs crypto affinity tests only when both callbacks and affinity feature are enabled. |
| test/wh_test_crypto_affinity.c | Compiles the affinity unit test only when the affinity feature is enabled. |
| test/Makefile | Adds CRYPTO_AFFINITY=1 knob to define WOLFHSM_CFG_CRYPTO_AFFINITY. |
| test/wh_test_posix_threadsafe_stress.c | Simplifies counter-phase validation bookkeeping. |
| docs/src/5-Features.md | Documents that crypto affinity is compile-time gated and API is unavailable when disabled. |
| docs/draft/crypto_affinity.md | Adds an explicit “compile-time guard” note describing behavior when disabled. |
| .github/workflows/build-and-test.yml | Adds CI jobs to build/test with crypto affinity enabled (including with DMA). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
AlexLanzano
approved these changes
Jul 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To allow ports that do not support affinity to error out at compile time.
If you think a negative macro is better, I'll do it.