Skip to content

20250731-enable-all-crypto-PQC #9052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

douzzer
Copy link
Contributor

@douzzer douzzer commented Jul 31, 2025

configure.ac: add native PQC implementations to --enable-all-crypto (and by extension, --enable-all).

tested with wolfssl-multi-test.sh ... check-source-text check-configure and a couple direct builds with and without linuxkm.

note, Dilithium gated behind $ENABLED_EXPERIMENTAL until name conversion to ML-DSA.

Comment on lines +1360 to +1361
test "$enable_lms" = "" && enable_lms='yes,sha256-192'
test "$enable_xmss" = "" && enable_xmss=yes
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verify only?

configure.ac Outdated
Comment on lines 1363 to 1366
if test "$ENABLED_EXPERIMENTAL" = "yes"
then
test "$enable_dilithium" = "" && enable_dilithium=yes
fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think nothing should be experimental after not being experimental? Customers will think its weird.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per SPH, the alternative was leaving it out of all-crypto entirely for now, but I'm game for just enabling it here without the experimental gate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, when you do ./configure --enable-dilithium it works. So, should not need an experimental gate.

@douzzer
Copy link
Contributor Author

douzzer commented Jul 31, 2025

This PR has uncovered some substantive stuff -- mainly the RISC-V build failure, but there's also some -Wconversion stuff in ML-KEM. No time today to look into it further, but it's good to make it visible.

SparkiDev
SparkiDev previously approved these changes Jul 31, 2025
douzzer added 2 commits August 4, 2025 17:23
…for ENABLED_EXPERIMENTAL;

wolfssl/wolfcrypt/sha512.h: add a prototype for wc_Sha512HashBlock() (only implemented in wolfcrypt/src/port/riscv/riscv-64-sha512.c);

wolfcrypt/src/asn.c, wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c: add casts (and fix a few type clashes) to suppress for -Wconversions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants