From da94ea626512e9f4f06483c3d7905eafc2a5b22c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Fri, 13 Mar 2026 17:18:10 +0100 Subject: [PATCH] Move PQC algos out of experimental in CMake This has already been done long time in autoconf. User now does not have to enable experimental features to use PQC. --- .github/workflows/cmake.yml | 2 +- CMakeLists.txt | 121 +++++++++++++----------------------- 2 files changed, 45 insertions(+), 78 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 9639a7a6e9..092c8f7d65 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -69,7 +69,7 @@ jobs: -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \ -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \ -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \ - -DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \ + -DWOLFSSL_MLKEM:BOOL=yes -DWOLFSSL_LMS:BOOL=yes -DWOLFSSL_LMSSHA256192:BOOL=yes \ -DWOLFSSL_X963KDF:BOOL=yes -DWOLFSSL_DILITHIUM:BOOL=yes -DWOLFSSL_PKCS11:BOOL=yes \ -DWOLFSSL_ECCSI:BOOL=yes -DWOLFSSL_SAKKE:BOOL=yes -DWOLFSSL_SIPHASH:BOOL=yes \ -DWOLFSSL_WC_RSA_DIRECT:BOOL=yes -DWOLFSSL_PUBLIC_MP:BOOL=yes \ diff --git a/CMakeLists.txt b/CMakeLists.txt index e5852a39d9..3f2f992313 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -612,11 +612,39 @@ add_option(WOLFSSL_MLKEM "Enable the wolfSSL PQ ML-KEM library (default: disabled)" "no" "yes;no") +if (WOLFSSL_MLKEM) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_MLKEM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256") + + set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT) + set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) +endif() + # Dilithium add_option(WOLFSSL_DILITHIUM "Enable the wolfSSL PQ Dilithium (ML-DSA) implementation (default: disabled)" "no" "yes;no") +if (WOLFSSL_DILITHIUM) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_DILITHIUM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256") + + set_wolfssl_definitions("HAVE_DILITHIUM" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_DILITHIUM" RESULT) + set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) +endif() + # LMS add_option(WOLFSSL_LMS "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)" @@ -626,6 +654,22 @@ add_option(WOLFSSL_LMSSHA256192 "Enable the LMS SHA_256_192 truncated variant (default: disabled)" "no" "yes;no") +if (WOLFSSL_LMS) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS") + + set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) + + if (WOLFSSL_LMSSHA256192) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_LMS_SHA256_256") + + set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192" RESULT) + set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT) + endif() +endif() + # Experimental features add_option(WOLFSSL_EXPERIMENTAL "Enable experimental features (default: disabled)" @@ -666,77 +710,6 @@ if (WOLFSSL_EXPERIMENTAL) message(STATUS "Looking for WOLFSSL_OQS - not found") endif() - # Checking for experimental feature: WOLFSSL_MLKEM - message(STATUS "Looking for WOLFSSL_MLKEM") - if (WOLFSSL_MLKEM) - set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) - - message(STATUS "Automatically set related requirements for ML-KEM:") - add_definitions("-DWOLFSSL_HAVE_MLKEM") - add_definitions("-DWOLFSSL_WC_MLKEM") - add_definitions("-DWOLFSSL_SHA3") - add_definitions("-DWOLFSSL_SHAKE128") - add_definitions("-DWOLFSSL_SHAKE256") - - set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT) - set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) - message(STATUS "Looking for WOLFSSL_MLKEM - found") - else() - message(STATUS "Looking for WOLFSSL_MLKEM - not found") - endif() - - # Checking for experimental feature: WOLFSSL_LMS - message(STATUS "Looking for WOLFSSL_LMS") - if (WOLFSSL_LMS) - set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 2) - - message(STATUS "Automatically set related requirements for LMS") - add_definitions("-DWOLFSSL_HAVE_LMS") - add_definitions("-DWOLFSSL_WC_LMS") - set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) - message(STATUS "Looking for WOLFSSL_LMS - found") - # Checking for experimental feature: WOLFSSL_LMSSHA256192 - if (WOLFSSL_LMSSHA256192) - message(STATUS "Automatically set related requirements for LMS SHA256-192") - add_definitions("-DWOLFSSL_LMS_SHA256_192") - add_definitions("-DWOLFSSL_NO_LMS_SHA256_256") - set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192" RESULT) - set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT) - message(STATUS "Looking for WOLFSSL_LMSSHA256192 - found") - else() - message(STATUS "Looking for WOLFSSL_LMSSHA256192 - not found") - endif() - else() - message(STATUS "Looking for WOLFSSL_LMS - not found") - endif() - - # Checking for experimental feature: Dilithium - message(STATUS "Looking for WOLFSSL_DILITHIUM") - if (WOLFSSL_DILITHIUM) - set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) - - message(STATUS "Automatically set related requirements for Dilithium:") - add_definitions("-DHAVE_DILITHIUM") - add_definitions("-DWOLFSSL_WC_DILITHIUM") - add_definitions("-DWOLFSSL_SHA3") - add_definitions("-DWOLFSSL_SHAKE128") - add_definitions("-DWOLFSSL_SHAKE256") - - message(STATUS "Automatically set related requirements for Dilithium:") - set_wolfssl_definitions("HAVE_DILITHIUM" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_DILITHIUM" RESULT) - set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) - message(STATUS "Looking for WOLFSSL_DILITHIUM - found") - else() - message(STATUS "Looking for WOLFSSL_DILITHIUM - not found") - endif() - # Other experimental feature detection can be added here... # Were any experimental features found? Display a message. @@ -759,12 +732,6 @@ else() if (WOLFSSL_OQS) message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.") endif() - if(WOLFSSL_MLKEM) - message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.") - endif() - if(WOLFSSL_DILITHIUM) - message(FATAL_ERROR "Error: WOLFSSL_DILITHIUM requires WOLFSSL_EXPERIMENTAL at this time.") - endif() endif() # LMS