fipsmodule/ml-kem: Import mlkem-native v1.1.0 (#3090)

This PR updates mlkem-native to mlkem-native-v1.1.0. See the [Release
Notes](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.1.0).

At the core, it just reruns importer.sh, but the following changes to
the importer itself were required:

- importer.sh had previously sed-modified the AVX2 backend header to
disable native AVX2 (de)compression routines based on intrinsics. For
mlkem-native-v1.1, these routines have been rewritten and proved correct
in assembly, and are therefore included in the import. AWS-LC can now
consume the AVX2 backend header as-is.

- importer.sh simplifies the BCM file to drop RV64 related files.
mlkem-native now includes a RV64 backend, but it is not relevant for
AWS-LC and therefore excluded from the import. This only affects the BCM
file, not the file importer itself -- the latter already selects AArch64
and x86_64 native backends specifically.

- The mlkem-native configuration now includes a option
MLK_CONFIG_MULTILEVEL_BUILD indicating a multi-level build. This option
only informs the namespacing in the mlkem_native.h header and is
therefore irrelevant for AWS-LC, but we add it to AWS-LC's custom config
nontheless for future robustness.

- mlkem-native's `mlk_randombytes` RNG backend now uses an `int` return
value instead of a `void` return value. Return value `0` indicates
success, while a non-zero return value indicates failure. The
indirection to `RAND_bytes` is adjusted accordingly.

- A size-macro MLK_ASM_FN_SIZE was added to the backend assembly. As
with other assembly macros, this is re-mapped to an s2n-bignum assembly
directive at the time of import, here S2N_BN_SIZE_DIRECTIVE.

The importer previously replaced common.h with the generic
_internal_s2n_bignum.h header. However, that header does not define
S2N_BN_SIZE_DIRECTIVE. The macro is only available in the
architecture-specific headers _internal_s2n_bignum_arm.h and
_internal_s2n_bignum_x86_att.h, which are also the headers used by
s2n-bignum's own assembly files. The importer is adjusted accordingly.

The code under import is subject to the usual assurances of
mlkem-native, that is:

- Memory-safety and Type-Safety of all imported C code, establishd via
CBMC.
- Functional correctness, memory-safety and secret-independent timing,
established via HOL Light + s2n-bignum.

Some notes on the actual source changes, without claims of completeness:

- SLOTHY has been re-run on the AArch64 assembly using a model for
Neoverse N1, which seems to hit a better average performance on Graviton
cores than the previous optimization using the Cortex-A55 SLOTHY model.
This explains the large code-churn on the assembly side.

- Some of the pre-existing AArch64 assembly has changed to relax
alignment constraints: When used with MMU enabled, normal RAM accesses
need not be aligned. However, when used in pre-MMU context, all memory
accesses are treated as device memory accesses, and are hence subject to
alignment checks. The AArch64 assembly is adjusted to not conduct
unaligned accesses.

- The constant table for the AVX2 backend has been reduced in size,
instead embedding relevant constants in the assembly. The remaining
table and its offsets is now auto-generated.

- Assembly files now have the `.section .note.GNU-stack,"",@progbits`
directive, preventing and executable stack.

----

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>

Author: hanno-becker

crypto/fipsmodule/CMakeLists.txt

@@ -381,6 +381,14 @@ if((ARCH STREQUAL "x86_64") AND UNIX AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)
     ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/polyvec_basemul_acc_montgomery_cached_asm_k3.S
     ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/polyvec_basemul_acc_montgomery_cached_asm_k4.S
     ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/rej_uniform_asm.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_compress_d10.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_compress_d11.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_compress_d4.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_compress_d5.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_decompress_d10.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_decompress_d11.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_decompress_d4.S
+    ${MLKEM_NATIVE_DIR}/mlkem/native/x86_64/src/poly_decompress_d5.S
   )
 
   list(APPEND BCM_ASM_SOURCES ${MLKEM_NATIVE_X86_64_ASM_SOURCES})

crypto/fipsmodule/ml_kem/META.yml

@@ -1,5 +1,5 @@
 name: mlkem-native
 source: pq-code-package/mlkem-native.git
-branch: main
-commit: 8c5355ff10f3459ba605b5becc008075caefc786
-imported-at: 2025-09-04T19:00:35+0100
+branch: v1.1.0
+commit: d2cae2be522a67bfae26100fdb520576f1b2ef90
+imported-at: 2026-03-16T04:29:39+0000

crypto/fipsmodule/ml_kem/importer.sh

@@ -102,9 +102,9 @@ cp $TMP/.clang-format $SRC
 # The static simplification is not necessary, but improves readability
 # by removing directives related to the FIPS-202 backend and the x86_64
 # arithmetic backend that are not yet imported.
-# Moreover, exclude POLY_COMPRESS/DECOMPRESS functions from the x86 backend.
 unifdef -DMLK_CONFIG_FIPS202_CUSTOM_HEADER                             \
         -UMLK_CONFIG_USE_NATIVE_BACKEND_FIPS202                        \
+        -UMLK_SYS_RISCV64                                              \
         $TMP/mlkem/mlkem_native.c                                      \
         > $SRC/mlkem_native_bcm.c
 
@@ -114,17 +114,6 @@ else
   SED_I=(-i)
 fi
 
-# Exclude POLY_COMPRESS/DECOMPRESS functions from the x86 backend for now.
-sed "${SED_I[@]}" '/compress_avx2.c/d' $SRC/mlkem_native_bcm.c
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_COMPRESS_D4/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_COMPRESS_D5/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_COMPRESS_D10/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_COMPRESS_D11/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_DECOMPRESS_D4/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_DECOMPRESS_D5/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_DECOMPRESS_D10/d' $SRC/native/x86_64/meta.h
-sed "${SED_I[@]}" '/MLK_USE_NATIVE_POLY_DECOMPRESS_D11/d' $SRC/native/x86_64/meta.h
-
 # Copy mlkem-native header
 # This is only needed for access to the various macros defining key sizes.
 # The function declarations itself are all visible in ml_kem.c by virtue
@@ -151,12 +140,14 @@ for file in $SRC/native/aarch64/src/*.S $SRC/native/x86_64/src/*.S; do
   mv "$tmp_file" "$file"
 
   # Replace common.h include and assembly macros
-  sed "${SED_I[@]}" 's/#include "\.\.\/\.\.\/\.\.\/common\.h"/#include "_internal_s2n_bignum.h"/' "$file"
+  s2n_header=$(if [[ "$file" == *"aarch64"* ]]; then echo "_internal_s2n_bignum_arm.h"; else echo "_internal_s2n_bignum_x86_att.h"; fi)
+  sed "${SED_I[@]}" "s/#include \"\.\.\/\.\.\/\.\.\/common\.h\"/#include \"$s2n_header\"/" "$file"
 
   func_name=$(grep -o '\.global MLK_ASM_NAMESPACE(\([^)]*\))' "$file" | sed 's/\.global MLK_ASM_NAMESPACE(\([^)]*\))/\1/')
   if [ -n "$func_name" ]; then
     sed "${SED_I[@]}" "s/\.global MLK_ASM_NAMESPACE($func_name)/        S2N_BN_SYM_VISIBILITY_DIRECTIVE(mlkem_$func_name)\n        S2N_BN_SYM_PRIVACY_DIRECTIVE(mlkem_$func_name)/" "$file"
     sed "${SED_I[@]}" "s/MLK_ASM_FN_SYMBOL($func_name)/S2N_BN_SYMBOL(mlkem_$func_name):/" "$file"
+    sed "${SED_I[@]}" "s/MLK_ASM_FN_SIZE($func_name)/S2N_BN_SIZE_DIRECTIVE(mlkem_$func_name)/" "$file"
   fi
 done
 

crypto/fipsmodule/ml_kem/mlkem/.clang-format

@@ -17,7 +17,8 @@ IncludeBlocks: Preserve
 # as "attributes" so they don't get increasingly indented line after line
 BreakBeforeBraces: Allman
 InsertBraces: true
-WhitespaceSensitiveMacros: ['__contract__', '__loop__' ]
+IndentExternBlock: NoIndent
+WhitespaceSensitiveMacros: ['__contract__', '__loop__', 'MLK_RV64V_ABS_BOUNDS16' ]
 Macros:
  # Make this artifically long to avoid function bodies after short contracts
  - __contract__(x)={ void a; void b; void c; void d; void e; void f; } void abcdefghijklmnopqrstuvw()

crypto/fipsmodule/ml_kem/mlkem/cbmc.h

@@ -8,14 +8,14 @@
 /***************************************************
  * Basic replacements for __CPROVER_XXX contracts
  ***************************************************/
-
 #ifndef CBMC
 
 #define __contract__(x)
 #define __loop__(x)
 
 #else /* !CBMC */
 
+
 #define __contract__(x) x
 #define __loop__(x) x
 
@@ -49,7 +49,6 @@
  */
 #define object_whole(...) __CPROVER_object_whole(__VA_ARGS__)
 #define memory_slice(...) __CPROVER_object_upto(__VA_ARGS__)
-#define same_object(...) __CPROVER_same_object(__VA_ARGS__)
 
 /*
  * Pointer-related predicates
@@ -59,6 +58,17 @@
 #define readable(...) __CPROVER_r_ok(__VA_ARGS__)
 #define writeable(...) __CPROVER_w_ok(__VA_ARGS__)
 
+/* Maximum supported buffer size
+ *
+ * Larger buffers may be supported, but due to internal modeling constraints
+ * in CBMC, the proofs of memory- and type-safety won't be able to run.
+ *
+ * If you find yourself in need for a buffer size larger than this,
+ * please contact the maintainers, so we can prioritize work to relax
+ * this somewhat artificial bound.
+ */
+#define MLK_MAX_BUFFER_SIZE (SIZE_MAX >> 12)
+
 /*
  * History variables
  * https://diffblue.github.io/cbmc/contracts-history-variables.html
@@ -83,7 +93,7 @@
     ((qvar_lb) <= (qvar) && (qvar) < (qvar_ub)) ==> (predicate)   \
   }
 
-#define EXISTS(qvar, qvar_lb, qvar_ub, predicate)         \
+#define exists(qvar, qvar_lb, qvar_ub, predicate)               \
   __CPROVER_exists                                              \
   {                                                             \
     unsigned qvar;                                              \
@@ -118,12 +128,12 @@
   {                                                                    \
     unsigned qvar;                                                     \
     ((qvar_lb) <= (qvar) && (qvar) < (qvar_ub)) ==>                    \
-        (((int)(value_lb) <= ((array_var)[(qvar)])) &&		       \
-         (((array_var)[(qvar)]) < (int)(value_ub)))		       \
+        (((int)(value_lb) <= ((array_var)[(qvar)])) &&                 \
+         (((array_var)[(qvar)]) < (int)(value_ub)))                    \
   }
 
-#define array_bound(array_var, qvar_lb, qvar_ub, value_lb, value_ub) \
-  array_bound_core(CBMC_CONCAT(_cbmc_idx, __LINE__), (qvar_lb),      \
+#define array_bound(array_var, qvar_lb, qvar_ub, value_lb, value_ub)    \
+  array_bound_core(CBMC_CONCAT(_cbmc_idx, __COUNTER__), (qvar_lb),      \
       (qvar_ub), (array_var), (value_lb), (value_ub))
 
 #define array_unchanged_core(qvar, qvar_lb, qvar_ub, array_var)        \
@@ -135,9 +145,9 @@
   }
 
 #define array_unchanged(array_var, N) \
-    array_unchanged_core(CBMC_CONCAT(_cbmc_idx, __LINE__), 0, (N), (array_var))
+    array_unchanged_core(CBMC_CONCAT(_cbmc_idx, __COUNTER__), 0, (N), (array_var))
 
-#define array_unchanged_u64_core(qvar, qvar_lb, qvar_ub, array_var)        \
+#define array_unchanged_u64_core(qvar, qvar_lb, qvar_ub, array_var)    \
   __CPROVER_forall                                                     \
   {                                                                    \
     unsigned qvar;                                                     \
@@ -146,7 +156,7 @@
   }
 
 #define array_unchanged_u64(array_var, N) \
-    array_unchanged_u64_core(CBMC_CONCAT(_cbmc_idx, __LINE__), 0, (N), (array_var))
+    array_unchanged_u64_core(CBMC_CONCAT(_cbmc_idx, __COUNTER__), 0, (N), (array_var))
 /* clang-format on */
 
 /* Wrapper around array_bound operating on absolute values.

crypto/fipsmodule/ml_kem/mlkem/common.h

@@ -5,10 +5,16 @@
 #ifndef MLK_COMMON_H
 #define MLK_COMMON_H
 
+#ifndef __ASSEMBLER__
+#include <stdint.h>
+#endif
+
+#define MLK_BUILD_INTERNAL
+
 #if defined(MLK_CONFIG_FILE)
 #include MLK_CONFIG_FILE
 #else
-#include "config.h"
+#include "mlkem_native_config.h"
 #endif
 
 #include "params.h"
@@ -28,15 +34,11 @@
 #define MLK_EXTERNAL_API MLK_CONFIG_EXTERNAL_API_QUALIFIER
 #endif
 
-#if defined(MLK_CONFIG_MULTILEVEL_NO_SHARED) || \
-    defined(MLK_CONFIG_MULTILEVEL_WITH_SHARED)
-#define MLK_MULTILEVEL_BUILD
-#endif
-
 #define MLK_CONCAT_(x1, x2) x1##x2
 #define MLK_CONCAT(x1, x2) MLK_CONCAT_(x1, x2)
 
-#if defined(MLK_MULTILEVEL_BUILD)
+#if (defined(MLK_CONFIG_MULTILEVEL_WITH_SHARED) || \
+     defined(MLK_CONFIG_MULTILEVEL_NO_SHARED))
 #define MLK_ADD_PARAM_SET(s) MLK_CONCAT(s, MLK_CONFIG_PARAMETER_SET)
 #else
 #define MLK_ADD_PARAM_SET(s) s
@@ -49,7 +51,7 @@
 /* Functions are prefixed by MLK_CONFIG_NAMESPACE_PREFIX.
  *
  * If multiple parameter sets are used, functions depending on the parameter
- * set are additionally prefixed with 512/768/1024. See config.h.
+ * set are additionally prefixed with 512/768/1024. See mlkem_native_config.h.
  *
  * Example: If MLK_CONFIG_NAMESPACE_PREFIX is mlkem, then
  * MLK_NAMESPACE_K(enc) becomes mlkem512_enc/mlkem768_enc/mlkem1024_enc.
@@ -73,8 +75,24 @@
  */
 #if defined(MLK_SYS_X86_64)
 #define MLK_ASM_FN_SYMBOL(sym) MLK_ASM_NAMESPACE(sym) : MLK_CET_ENDBR
-#else
+#elif defined(MLK_SYS_ARMV81M_MVE)
+/* clang-format off */
+#define MLK_ASM_FN_SYMBOL(sym) \
+  .type MLK_ASM_NAMESPACE(sym), %function; \
+  MLK_ASM_NAMESPACE(sym) :
+/* clang-format on */
+#else /* !MLK_SYS_X86_64 && MLK_SYS_ARMV81M_MVE */
 #define MLK_ASM_FN_SYMBOL(sym) MLK_ASM_NAMESPACE(sym) :
+#endif /* !MLK_SYS_X86_64 && !MLK_SYS_ARMV81M_MVE */
+
+/*
+ * Output the size of an assembly function.
+ */
+#if defined(__ELF__)
+#define MLK_ASM_FN_SIZE(sym) \
+  .size MLK_ASM_NAMESPACE(sym), .- MLK_ASM_NAMESPACE(sym)
+#else
+#define MLK_ASM_FN_SIZE(sym)
 #endif
 
 /* We aim to simplify the user's life by supporting builds where
@@ -99,6 +117,10 @@
 #error Bad configuration: MLK_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, but MLK_CONFIG_FIPS202_BACKEND_FILE is not.
 #endif
 
+#if defined(MLK_CONFIG_NO_RANDOMIZED_API) && defined(MLK_CONFIG_KEYGEN_PCT)
+#error Bad configuration: MLK_CONFIG_NO_RANDOMIZED_API is incompatible with MLK_CONFIG_KEYGEN_PCT as the current PCT implementation requires crypto_kem_enc()
+#endif
+
 #if defined(MLK_CONFIG_USE_NATIVE_BACKEND_ARITH)
 #include MLK_CONFIG_ARITH_BACKEND_FILE
 /* Include to enforce consistency of API and implementation,
@@ -146,22 +168,107 @@
 #include <string.h>
 #define mlk_memset memset
 #endif
-#endif /* !__ASSEMBLER__ */
 
-/* Just in case we want to include mlkem_native.h, set the configuration
- * for that header in accordance with the configuration used here. */
-
-/* Double-check that this is not conflicting with pre-existing definitions. */
-#if defined(MLK_CONFIG_API_PARAMETER_SET) ||    \
-    defined(MLK_CONFIG_API_NAMESPACE_PREFIX) || \
-    defined(MLK_CONFIG_API_NO_SUPERCOP) ||      \
-    defined(MLK_CONFIG_API_CONSTANTS_ONLY)
-#error Pre-existing MLK_CONFIG_API_XXX configuration is neither useful nor allowed during an mlkem-native build
-#endif /* MLK_CONFIG_API_PARAMETER_SET || MLK_CONFIG_API_NAMESPACE_PREFIX || \
-          MLK_CONFIG_API_NO_SUPERCOP || MLK_CONFIG_API_CONSTANTS_ONLY */
-
-#define MLK_CONFIG_API_PARAMETER_SET MLK_CONFIG_PARAMETER_SET
-#define MLK_CONFIG_API_NAMESPACE_PREFIX \
-  MLK_ADD_PARAM_SET(MLK_CONFIG_NAMESPACE_PREFIX)
+
+/* Allocation macros for large local structures
+ *
+ * MLK_ALLOC(v, T, N) declares T *v and attempts to point it to an T[N]
+ * MLK_FREE(v, T, N) zeroizes and frees the allocation
+ *
+ * Default implementation uses stack allocation.
+ * Can be overridden by setting the config option MLK_CONFIG_CUSTOM_ALLOC_FREE
+ * and defining MLK_CUSTOM_ALLOC and MLK_CUSTOM_FREE.
+ */
+#if defined(MLK_CONFIG_CUSTOM_ALLOC_FREE) != \
+    (defined(MLK_CUSTOM_ALLOC) && defined(MLK_CUSTOM_FREE))
+#error Bad configuration: MLK_CONFIG_CUSTOM_ALLOC_FREE must be set together with MLK_CUSTOM_ALLOC and MLK_CUSTOM_FREE
+#endif
+
+/*
+ * If the integration wants to provide a context parameter for use in
+ * platform-specific hooks, then it should define this parameter.
+ *
+ * The MLK_CONTEXT_PARAMETERS_n macros are intended to be used with macros
+ * defining the function names and expand to either pass or discard the context
+ * argument as required by the current build.  If there is no context parameter
+ * requested then these are removed from the prototypes and from all calls.
+ */
+#ifdef MLK_CONFIG_CONTEXT_PARAMETER
+#define MLK_CONTEXT_PARAMETERS_0(context) (context)
+#define MLK_CONTEXT_PARAMETERS_1(arg0, context) (arg0, context)
+#define MLK_CONTEXT_PARAMETERS_2(arg0, arg1, context) (arg0, arg1, context)
+#define MLK_CONTEXT_PARAMETERS_3(arg0, arg1, arg2, context) \
+  (arg0, arg1, arg2, context)
+#define MLK_CONTEXT_PARAMETERS_4(arg0, arg1, arg2, arg3, context) \
+  (arg0, arg1, arg2, arg3, context)
+#else /* MLK_CONFIG_CONTEXT_PARAMETER */
+#define MLK_CONTEXT_PARAMETERS_0(context) ()
+#define MLK_CONTEXT_PARAMETERS_1(arg0, context) (arg0)
+#define MLK_CONTEXT_PARAMETERS_2(arg0, arg1, context) (arg0, arg1)
+#define MLK_CONTEXT_PARAMETERS_3(arg0, arg1, arg2, context) (arg0, arg1, arg2)
+#define MLK_CONTEXT_PARAMETERS_4(arg0, arg1, arg2, arg3, context) \
+  (arg0, arg1, arg2, arg3)
+#endif /* !MLK_CONFIG_CONTEXT_PARAMETER */
+
+#if defined(MLK_CONFIG_CONTEXT_PARAMETER_TYPE) != \
+    defined(MLK_CONFIG_CONTEXT_PARAMETER)
+#error MLK_CONFIG_CONTEXT_PARAMETER_TYPE must be defined if and only if MLK_CONFIG_CONTEXT_PARAMETER is defined
+#endif
+
+#if !defined(MLK_CONFIG_CUSTOM_ALLOC_FREE)
+/* Default: stack allocation */
+
+#define MLK_ALLOC(v, T, N, context) \
+  MLK_ALIGN T mlk_alloc_##v[N];     \
+  T *v = mlk_alloc_##v
+
+/* TODO: This leads to a circular dependency between common and verify.h
+ * It just works out before we're at the end of the file, but it's still
+ * prone to issues in the future. */
+#include "verify.h"
+#define MLK_FREE(v, T, N, context)                     \
+  do                                                   \
+  {                                                    \
+    mlk_zeroize(mlk_alloc_##v, sizeof(mlk_alloc_##v)); \
+    (v) = NULL;                                        \
+  } while (0)
+
+#else /* !MLK_CONFIG_CUSTOM_ALLOC_FREE */
+
+/* Custom allocation */
+
+/*
+ * The indirection here is necessary to use MLK_CONTEXT_PARAMETERS_3 here.
+ */
+#define MLK_APPLY(f, args) f args
+
+#define MLK_ALLOC(v, T, N, context) \
+  MLK_APPLY(MLK_CUSTOM_ALLOC, MLK_CONTEXT_PARAMETERS_3(v, T, N, context))
+
+#define MLK_FREE(v, T, N, context)                                            \
+  do                                                                          \
+  {                                                                           \
+    if (v != NULL)                                                            \
+    {                                                                         \
+      mlk_zeroize(v, sizeof(T) * (N));                                        \
+      MLK_APPLY(MLK_CUSTOM_FREE, MLK_CONTEXT_PARAMETERS_3(v, T, N, context)); \
+      v = NULL;                                                               \
+    }                                                                         \
+  } while (0)
+
+#endif /* MLK_CONFIG_CUSTOM_ALLOC_FREE */
+
+/****************************** Error codes ***********************************/
+
+/* Generic failure condition */
+#define MLK_ERR_FAIL -1
+/* An allocation failed. This can only happen if MLK_CONFIG_CUSTOM_ALLOC_FREE
+ * is defined and the provided MLK_CUSTOM_ALLOC can fail. */
+#define MLK_ERR_OUT_OF_MEMORY -2
+/* An rng failure occured. Might be due to insufficient entropy or
+ * system misconfiguration. */
+#define MLK_ERR_RNG_FAIL -3
+
+#endif /* !__ASSEMBLER__ */
 
 #endif /* !MLK_COMMON_H */