Skip to content

20250731-enable-all-crypto-PQC #9052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

20250731-enable-all-crypto-PQC #9052

wants to merge 2 commits into from

Conversation

@douzzer
Copy link
Contributor

@douzzer douzzer commented Jul 31, 2025

configure.ac: add native PQC implementations to --enable-all-crypto (and by extension, --enable-all).

tested with wolfssl-multi-test.sh ... check-source-text check-configure and a couple direct builds with and without linuxkm.

note, Dilithium gated behind $ENABLED_EXPERIMENTAL until name conversion to ML-DSA.

anhu
anhu reviewed Jul 31, 2025
View reviewed changes
configure.ac
Comment on lines +1360 to +1361
test "$enable_lms" = "" && enable_lms='yes,sha256-192'
test "$enable_xmss" = "" && enable_xmss=yes
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verify only?

anhu
anhu reviewed Jul 31, 2025
View reviewed changes
configure.ac Outdated
Comment on lines 1363 to 1366
if test "$ENABLED_EXPERIMENTAL" = "yes"
then
test "$enable_dilithium" = "" && enable_dilithium=yes
fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think nothing should be experimental after not being experimental? Customers will think its weird.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per SPH, the alternative was leaving it out of all-crypto entirely for now, but I'm game for just enabling it here without the experimental gate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, when you do ./configure --enable-dilithium it works. So, should not need an experimental gate.

@douzzer
Copy link
Contributor Author

douzzer commented Jul 31, 2025

This PR has uncovered some substantive stuff -- mainly the RISC-V build failure, but there's also some -Wconversion stuff in ML-KEM. No time today to look into it further, but it's good to make it visible.

SparkiDev
SparkiDev previously approved these changes Jul 31, 2025
View reviewed changes
douzzer added 2 commits August 4, 2025 17:23
@douzzer
configure.ac: add native PQC implementations to --enable-all-crypto (…
397afa9 
…and by extension, --enable-all).
@douzzer
configure.ac: for enable-all-crypto, enable_dilithium without regard …
80200c3 
…for ENABLED_EXPERIMENTAL;

wolfssl/wolfcrypt/sha512.h: add a prototype for wc_Sha512HashBlock() (only implemented in wolfcrypt/src/port/riscv/riscv-64-sha512.c);

wolfcrypt/src/asn.c, wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c: add casts (and fix a few type clashes) to suppress for -Wconversions.
@douzzer douzzer force-pushed the 20250731-enable-all-crypto-PQC branch from 67ee52e to 80200c3 Compare August 4, 2025 22:31
@dgarske dgarske removed the request for review from wolfSSL-Bot August 29, 2025 18:59
@dgarske dgarske assigned douzzer and unassigned douzzer Aug 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anhu anhu anhu left review comments

@SparkiDev SparkiDev SparkiDev left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@douzzer douzzer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@douzzer @anhu @SparkiDev @wolfSSL-Bot