mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 09:30:51 +02:00
Address tinytls13 review: ML-DSA-44, canonical ML-DSA/ML-KEM macros, optimizer-measured static-mem bucket guidance, footprint hygiene
This commit is contained in:
@@ -816,7 +816,6 @@ WOLFSSL_MANUALLY_SELECT_DEVICE_CONFIG
|
||||
WOLFSSL_MDK5
|
||||
WOLFSSL_MEM_FAIL_COUNT
|
||||
WOLFSSL_MICROCHIP_AESGCM
|
||||
WOLFSSL_MLKEM_DYNAMIC_KEYS
|
||||
WOLFSSL_MLKEM_INVNTT_UNROLL
|
||||
WOLFSSL_MLKEM_NO_MALLOC
|
||||
WOLFSSL_MLKEM_NTT_UNROLL
|
||||
@@ -948,6 +947,7 @@ WOLFSSL_TICKET_ENC_CBC_HMAC
|
||||
WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
|
||||
WOLFSSL_TICKET_ENC_HMAC_SHA384
|
||||
WOLFSSL_TICKET_ENC_HMAC_SHA512
|
||||
WOLFSSL_TINY_TLS13_NO_DEFAULT_CURVE
|
||||
WOLFSSL_TI_CURRTIME
|
||||
WOLFSSL_TLS13_DRAFT
|
||||
WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIK4zCCAVmgAwIBAgIURMREBesDbhFE7MTpbJAhFuwlmNgwCwYJYIZIAWUDBAMR
|
||||
MFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
|
||||
bWFuMRAwDgYDVQQKDAd3b2xmU1NMMRUwEwYDVQQDDAxUZXN0IG1sZHNhNDQwHhcN
|
||||
MjYwNjI0MTkyODM5WhcNMzYwNjIxMTkyODM5WjAUMRIwEAYDVQQDDAlsb2NhbGhv
|
||||
c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223It
|
||||
zpTqK/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo0Iw
|
||||
QDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwHwYDVR0jBBgwFoAUswU7
|
||||
xg6AYh+iTpNtmT4TaDnG/DIwCwYJYIZIAWUDBAMRA4IJdQBp2TdyejDOdGyPgB2n
|
||||
c4X+/TQ1EhPeHNs4dZ3gxtmRmYtilgonNPtuEm31DNp0RrcB4BXK6PKhJP27fTAR
|
||||
wuwtfdoU7SnC8tsGr1eX3IKGq3+GCMzunJJgMN0zz6mDi25K3c025AxWFxdHOhhQ
|
||||
QguUxoZ/GWJsH/e2LJL5qTyeJvHNi/30cNjImsZXFeatQlv87/f1vcwCK4T5/ajd
|
||||
GWn4g1ktgRxzvtozBhg7Hw0CbOj0jXFIA+3k/GDCw9RxckBJ8Yn/ddMZNbljduZk
|
||||
zLykzjZsrX9badyy8pFgJaGsptgo/SOcxBhHIpjjGu9rTmi1QxAl1yliNoJXBxJR
|
||||
RmZijJ619Vmq6w00PSJnM4hP8O7DN8WZ/dZ9f78/WJsNXsv6s036QFwcpj5wo7ex
|
||||
OB6ZJSEXkIM9w4mPNpPUyAXfl9GauLGiXANFyqPmm/31CV5nL5INAON5Ft2vbOG8
|
||||
RGQySPVV4Cb9WuTtn0iMYgwqdYMxZJbgFUD4RvXiAl5fsLE8N7AHf7Cuua/k+mgZ
|
||||
PfH04f2Harzt100Y5J365x5b2ia7QpqRgYeubbCuW8Zd8nVT7+Imo3mgVwNWM9c8
|
||||
nskP0uHq51y5qrY3s0DSb8FKcZnZD7zQ70l8EVnlTD2G3QeiE8Id0XqubtrEO+DT
|
||||
vyZuMwU4x5NQKGyPUL6tHeUkt7hEWom9sCvIFkeOa4OadGuktxOdDc3f3w2VgG5/
|
||||
4nzlP/Y0PSziTw5RuV/G+f4V3VpWlSPCn2CfoTxjoVak/abCiWrijZ8lR3c4ERAl
|
||||
AevDEIxpvq5jIlv506vXw2CZeq6195KtsPGhrNkaax7ThZJQPFH/NR5Tu0Y2EBJG
|
||||
0lth79qhKKgQDmhf5VNkomblrqW2R6Dm8CvYRuHwmGSk+FfH4ULavv/fuVXaW+h4
|
||||
MYjTV8wq4Jdl9qi9G+rfncUzZc2L8/zKisGjuzK0AoWVhs5UgS+/3xjCbsuWkYHG
|
||||
siJ2kuZvl7KWR7Oc5OWfaRvAokNtglYWCtUzpD86V08X4l3U77Xi5UFJMjGcVVW6
|
||||
2F/WRyhq653vxvclDtkVyBaYDCcnHND7jGpqBcbJDTJyFE/Z3/GPFiYr1mYkVL/v
|
||||
jPZ9qklFeWPXCKRVAHESMfFPozMNvdOpWqW0nxZ4P4rjcSKDfXX5wsQC4tW53pK/
|
||||
0fpqGrNVY5xsIu8zV6OYpvbaPoaDxHS+clvDB9PrJlvjZUFBWPAiCzjYJNgcVFqU
|
||||
39/aAKWj24dbDarp5QEM8rReQiLvCjzD8ARb1zVAnaeyhaMaxCgwp5v/IEcSShH6
|
||||
mNX2dcsht10lic5DxJ8Up9ZFNTZhDSD+1E0tX4Vt0DPR8ZVYbW56rnXHTdYiwKhm
|
||||
4lXia11zR2f4pl3JD23yYRvSfPJTilWkUO+wAazmP5vRPELyodO4vvqDL+lOkwff
|
||||
7IV6JFCLdOV22RpwMHlO7YZkWpoauocljvfZBLLTOqlmcxKGN+T1na9D39jly5oi
|
||||
9Aqb4dK6AFaFw5k78kcei3OLNdCDD8dssY1sReMeLM7ENuj4T7XjJh3PVDBDhRS7
|
||||
0WPjztBAsVkqOvIRxINjoXTIRvTL0u8P/NUWKhduSDKe+NIvHChuF5VycgAS6G2p
|
||||
C3ZqsVM0D3D4s2AvalPJfyhhBN6c9dVeUfjBCNPWk8z7v+d38VHSAPkq5C4Sp5W3
|
||||
dD2Wm4ohgkDe1AkvcTtCHSK5tyo8mV0NyObbuMw5YnYyJ5h2CS/PaEfRME+VOsTI
|
||||
FLhgy0EZwRfxV+3Q6pTRA3DC0NR50F3teF50HbcmuXxae4FL3F/4qGjErubs6tbD
|
||||
M8QzgBLjALl82UrbtFItELLfTjQC7HtOZgwIGqOwd00Eoy6pqwe2AWzYz63A4F1z
|
||||
1PPYPAsjfWtfkQmjFeMcljAYaY0YUGox8139lcL8m/7l+2fLhv62m940rRrg41D1
|
||||
DTiCIqJTe070lq20iJZ/zWUnrWM/Vhn5PVnc4mgQ7d0uIAJ9j8wxgqw5UYNGYKRw
|
||||
Vf3IqsAyYxPsBo9iibBUy4qPMtPA/wN25B22gorjda2Cp0pQWdBjGSRrFjaO8Bx1
|
||||
oFJ8nOuzPbG5Q5VJbwGrCxDt7kSueh1ernEAsNAXCWf0L9v+dgJBsYreytCFO7hO
|
||||
N+29BKEUh0qXwXmO45gc5Lzw0l19NiBbkm2vYBpW/xh6QHzk22WvPTzMilasDOZK
|
||||
aNDiIOXFqKBi4JcmVpJK04BPCiY69pbSL/OpJS+4oR2tKqYo2+U3z89AHNaiLvuB
|
||||
v+37j1Z8jMjyZNm+Ex+cKh6PaVTv+sk72goCTfx6hex0WrSDMiU+A9nHho002/oj
|
||||
jH3cokwIrpUWd0UpEpMvoNPlCaX9j3s2mL1RxGSy4nd+oabobtGuRRcPDxMK6eRY
|
||||
nd3Bksk05pAVqOnAYZNLIYc3ZypXu6ayK4fOL69Ke41OfbWWHZz+or3htceDwZet
|
||||
4sAuvL86l1LjFF3kq/G9Z/OxwITrWjocLJemWC32spgelsmOcKV0p6K70JkVFQY6
|
||||
c9wl2I360F2oP09wVKd+U7cPvHIMUsQyl0xXR3+bqTVdG4fDqRMksD1nkAQEJvyb
|
||||
Tiinf9pUV9raJN/h6fYKu9tis9GRcdy7XPS0t/uLsVHhmhQv+drlCvaigJadpGUN
|
||||
79I5WKsFtxXjTLuCxQ9mQspNm9QX8aMnvZLUM7v1oLVxywyWucWSsHBvRM5LP4Kk
|
||||
ZrReaVsxyrNHZlfZ0UZoVpoE79FzpYOHj9jh081rY6frEM2a1wYNZFb/hKoN/6FM
|
||||
VVKB19glO7oh1AknhueGaDcbAUuVYhHCEpOZVWbD+uQt4FiI1NNjAJSVzsd2Y6Gw
|
||||
2/BbAyrdf7lAOopyY4bzJPQsuNCM+kdWNUBrkceWl7d+r3nJUN+g94sMtPIUVQRq
|
||||
HWweWk8ZZK167I+/3jPE32H73Dp/8GRuzF8UquAZ0TtBepzaP8BRn2LMUiycqXU9
|
||||
Buq9TC2XpyEBGWN3/ferZ8bBURKKSOJk8GRcElIsXc7e8XgAVCCT8D11ZQgKhAjM
|
||||
dq6UyK8ufg6jpfx19QvCxduGNZb1KhRSfuGUQXJZMJ6/iOhLqvGSTxCE7sPIk91v
|
||||
SAIuxvNEjgFeVFaKn3ETUt51lgANHykqPUJOUWNqgZOaq67HyNHa8PQKFhwnOUZM
|
||||
Zm2Fhqby9PgUNz0/U1aCj5G91OIMDSEoSnF0gITBAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAFiUxOw==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,79 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIOXDCCAVmgAwIBAgIUHkXMjMS80gZRjcfzBuyuhnlS9yEwCwYJYIZIAWUDBAMS
|
||||
MFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
|
||||
bWFuMRAwDgYDVQQKDAd3b2xmU1NMMRUwEwYDVQQDDAxUZXN0IG1sZHNhNjUwHhcN
|
||||
MjYwNjIyMTgyNjQwWhcNMzYwNjE5MTgyNjQwWjAUMRIwEAYDVQQDDAlsb2NhbGhv
|
||||
c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223It
|
||||
zpTqK/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo0Iw
|
||||
QDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwHwYDVR0jBBgwFoAU0X7s
|
||||
9Um6d4uq1MDByuLMZZkKhxIwCwYJYIZIAWUDBAMSA4IM7gA9PW9GacDhmkuLlT+C
|
||||
a7WbLvUQDQh1o7x2+gkqNN9aYFnWM3FgafeDHJGfJOmGk7RWNh7RHCnT6MmUJFXL
|
||||
qlnC6Q0p7rQpIE/RmkfGcuLRvZyZkLhhgHMKQRhStjzzUYVUW74JKNhc7mp7nD2i
|
||||
xCGeO77hy2VP65AoioniSyg71x83eqnEvUAjjtaWYwc3SoDEoSYSf0E6emIjYvvh
|
||||
KMUXlnLxah5X3mw6ZQXp1FspKY8VY1UkXakz/rSamEd4gmv7/cow6eObAQilHrRX
|
||||
OSiVL4E/uv6qfCjTlWBvpjCDGQP6PTJKYGX3RgzVDptXtlFgRw5QCzBVRQdrUdxR
|
||||
nZjbbtQUn7bXyKEEQtDQ32aMqlvOkdrHpDg6Nto0MTdUv0YDfA+iM4KEKItoCvNm
|
||||
fyO9AMQj7+BrK8hgXSAooACq2cDdELpE0PqUAdVboLFcCOu69D2cZjM8G5IhEqZG
|
||||
aeCTchyGD6dOtpGP7uRdYj+b+4rF1gWUNLxvkwBM7DdeSGV//00zIfiVOpZNs8BG
|
||||
0TAe5mVIgE4WEnp9Z0n/zesh5HLhW6d8V8rpqAikcZMOBslzEcpZS4KZIID1A5It
|
||||
NnNGd5u69LyE3vbjjNpif0/75ns/P+z73iO2FJQ8PnRSlPwwhd8BEpSl6lrk5/ZY
|
||||
L7XjyROaFZz3Iwt/mvtZrYcFaUHcMmZY/y3SKfsuyueld38XP87vRmpDk98VsUgL
|
||||
dBr9+QgqZLKscADMQq3f6W66ziVQY5/gzTbRt/xSCf3hazi9/TTLqQvaUpckAdqD
|
||||
HHr4/mTQ/zXxmXNAXwan4OKQBqy26zgIjMbATincEwDSWvFNJwDcHyYt0Pg/+tqK
|
||||
fXAbkvaSF0BO64nW/EGtxHa2b8EkG9n9ivvYyzVLc8D6OF+wBuxTegF8tYTavKCP
|
||||
UzW11/fEh+xEnIgMQ2EzK6ElxiggvJvH/AH3GAJR4C34u+IjKHm7915hCti1C6yv
|
||||
6NmIfvwWRHMC+2XdyLe9mmVcw8uNsAV1OpbgyNGIP+nghBhunZ23Kk8jv/LjADkA
|
||||
5SCOZZuM8/PEMAA98kN4CcUcSyGh1+ZcG6ArtCWIeUzlECEZ8jq0TRoj/M+pJZ8J
|
||||
Ll50p+wGB+maJeiFD05gKmtfAlKqgHH+TxqnTr8q+pVOlEnCMrEL6tNqWTkRwQ16
|
||||
t0EHstwfOjGuu+JA/1ENlfLDTHKYcmVFQv64MPHFGWknS5arj7A2Z63sxln1eCHH
|
||||
zzgN/eY+G5zjyYvSesCWc5MDz1JpHu8QUfO93PEVxovH/KBWcpPWI+9tNkfwPgZM
|
||||
dlJMalwyhvsPz45XMbpqP4UcIQlzLztk6J7KMfSYvbAUCR4aDo5HqLflHuM6MiS6
|
||||
saigxzmXNjomMOCM10HyHmfUSpVB5CLa9xG4ImGAFSz5eP2XTmxXQquGxf1dQlON
|
||||
6hfT9JW2KTNmhyjSbAmddRCXHCpUpa23GxJtw5zWelotzOYD3fN8OsSsv3Za3Exa
|
||||
zI6NzQ3qwZoz/7rpOAxENcZ6zA7qDs36ieqKVviaEO4Pb0ReudyE1WHoTlcUNbYK
|
||||
VnnFSnw8wewKxVbVCa2ic1F/x7wiDBh0BqC4biHTtJcC6iUPjKvO5JNITokuFeC9
|
||||
lTfRJg4Q2LWTEgfLh0wEMBhsUxRzA9MghDxfzA5BZa70//pm9pGCy6FDdVStbIxe
|
||||
FgGaVqHLtV47XHT2P8cHn6UszRGET4odF1S3J/Lqe9rk9p2JJECt6WhLRHUryie2
|
||||
hB+SfG00xmfP4eGyJEndd6ElqQ7grinVWikv9bq0MqVH3uvb8ZMLdK98gF7yZMyx
|
||||
xFXIOogdu0fn5qm43yrizuCLRiw1DXroS2X131ggTLJpObqauYx+gvReqma8fPX/
|
||||
LImlDAfgrUEGAMka3DaULRGWNNF5z5PyaIGyOokIWGvvN20ArM4J7DMzBQMzUZdz
|
||||
IgugrVwxzGlAW3By14S3talrdywbpdbrH/wMi7j6H/VHqyw3bx4cLydQlbjxb1d3
|
||||
B3wm2NgOKYIfvsqw9mHOh16XInqamwCys9LhoRiqR5DwFGyEElWuFZJq9uKQvoyo
|
||||
Vx1P++TDoGP6f4ycmF1kkZaKNDK7Awj+ugmGMVu95Ij74x533kfNgvUDK7ChcJfX
|
||||
1a3VwmBGvB51AZWzaDqqa7d6OWQkoE0NE3gPnDgbNo+vZ6+ElMSK2P9G53kBA50H
|
||||
UbU+T/++QF6m69d02hq7yyiSgaXpVeLtAGEHTswmx3HWzxEE1o3PIsa322xizUsJ
|
||||
JHmHdIpFVDvaYz4A7Per42qRfXahHAqzp0UrqERQQROuzfJAWltp35LBbJIr2BXk
|
||||
l1JYDvjP5plOJgeDGvl1lY+cblsuV1OzSCuXAi//ziFXTpvhrQ0r5zE96NwNl6Fm
|
||||
L09mVZfd0Ic+sBaB9Mw6fN9QpSGHj2P/F9+UePU981qv93PqZv2ZGKrbbRMQg9Hh
|
||||
DsXNddZZduhR91xS6gVXN2IMsRKTRh/zD06oVOZxq9ZCO+NtCYYtMwzgi1By4Wx6
|
||||
R+UBg/t/rqXuui4cFEwUgS2R66VGXKzenhq5fQl1xYJPTRn0fMZBa77QLs90D1Bw
|
||||
qIY0BggeSxJ0u1hR3D2opXq1bjJ/mkjki6xwzVVI/cnWB3BwKdzmVcQJesDzhCkc
|
||||
+kghJygggyyk2T6qYc/nIGf+2fe1vu8DuL969SVcW3WOzOgzzCEVCiGdD/3wMWL8
|
||||
2CLXUS6XBOTzEiahVB2u4ljuTe3pymRP8G3JLNNBvlpGAYxml/BbaKwJKJloO7Xy
|
||||
M1JZ7tno/yTCsvtY2OIMmlfkgaPQhOVwSSlXEZeHxGZZ9pe0QLYsKdBQCfoAFXpq
|
||||
YXdXtzaC3virEUKLkAp4vUGez6bMMjw1LfL8Lp6eW3szPmFrwzU3fMCGQPq7Clsw
|
||||
E2ZzrgM6Tdt4YsXp0ZLmaNbGtTi0WuQikSor4QZjr1zH2jWFs9kVW9T+1iKkKGUC
|
||||
AVwV+PbVtQsyp0gCA9mGFDdrZBH+U8KVn9wGF6I8+UwToWPnDNTYM2jVRpl8DWui
|
||||
xSBq1TxArIZD7T2xX2988zevcYDKs4w1AHj+27j6kmGZW2NGDVvdmHj/xxRuw9WV
|
||||
4tZAlLzavkGEo6/ngGJkdmPW1OAyGhKhpvGqjABMM1HfppvFNHxfyXQfLVroEog3
|
||||
/q+U1RsEs5mfHfWc1wNdL0FBYqTvgkarxUwKZzm48yeGVdO5GE4bTXgCxHLGi3Av
|
||||
aIzMEYJ5qNBIOhp629i2AV14CgPhQjaTZq+OkI3Gr7gKkTDZrJiU/THEUZs08KpJ
|
||||
8FUnWTzkZ0fZoMx8jnx2QXGmii/79S1PnzGzvxN5f8rM5xG/br9g3qEpJ23Yi9PH
|
||||
QqCtm7GVeKEcx1WLd7gZ4UMu4MpXhOmrDKG6du245KVq20AdzEckVWOq5ObGmBV7
|
||||
IYrhrfjojculsXuYse/+q3+vzlSevsz9f/N42pEITGGeAkaUdL6aQrxqjsLW7gNY
|
||||
82H9BbpCqw2UEGX44+sAMViszTrpy34Px16+svZfzdbhsUJdCpoi49Yuf7IdH4iY
|
||||
DJMVN9TNrTEUOZCB6trzbK8I0NDWYOvEBVHl5D0qB1LDqdN9Sc0Fj1dVgaC2Ihx9
|
||||
6c3+9m43zJTIstS+YTQbyZ67ADFnCxY8/eRN0ZDRymWnlTnR7r+ceNvzprUaF3XN
|
||||
ihpVNN3fGsWaejbCWND8YHDj+F5hLTXJLZ5sqzk/CU0doHbkhnai8WHUFdKYVZRl
|
||||
6PDML7snxqobWGv690ECgixrqQkdBtiEKIAOGk0wwJfDIyzyhB1lFRT8bafOnKCX
|
||||
DiHFSfDjVIg0rLANtivOXUCXctv07JoL+jCqpC0WOHe5ch5BNRDnruXhErbu4ZJw
|
||||
xZxrafS7+79U0MQAum2SSTCYnJE96VzNUzDdZg9z1ZKEVjhp9eAEfzQdZf0JwmQs
|
||||
gZvaPyOdJ+i1bndol4NOstjx3QHsiPimvkInYlPwaaRvaUDwmucIRAIWAk0X3ZkU
|
||||
X6iC7zLeLPiGUNpsI2FJHVD5eG1bivhsWFLRvHC6pHfCMSfCcw8wLTsbx0rwrQaA
|
||||
YntZeGqc45E7f+Ef6d+6Yg80O73F9iZBHrCwVg4E4wMxzDw91xoKtbMdOoWIRTn4
|
||||
BGR9+HjGK8tH7lpj5vP2EAoNFW+m25vu6tvCebUdZyWuGgnFQc7WyvLiCiNoCo5K
|
||||
DJb+XcYkOSb0YGt1HCcZCkZ0jjUN9qH1YQfCAoOI98/YhUiL4z9FAVfdM3OhUopT
|
||||
MZGUffqI1C+OZeSvGE4GZDdIUxznJ6JURSxS93X/BUyD89U1I86Jn5wAkRH4sjKO
|
||||
lipqwbk8EY1UkfszCSFkQJTXjDxciY7CDBpYaXHG5fJCYpPX2NoEUFR+hKy0uCxM
|
||||
bYCvvMX5/h8xU1Rof5WptbzH6wAAAAAAAAAFDRMbJDA=
|
||||
-----END CERTIFICATE-----
|
||||
@@ -28,10 +28,10 @@ EXTRA_DIST += \
|
||||
certs/mldsa/mldsa44-key.pem \
|
||||
certs/mldsa/mldsa44-cert.pem \
|
||||
certs/mldsa/mldsa44-cert.der \
|
||||
certs/mldsa/ecc-leaf-mldsa44.pem \
|
||||
certs/mldsa/mldsa65-key.pem \
|
||||
certs/mldsa/mldsa65-cert.pem \
|
||||
certs/mldsa/mldsa65-cert.der \
|
||||
certs/mldsa/ecc-leaf-mldsa65.pem \
|
||||
certs/mldsa/mldsa87-key.pem \
|
||||
certs/mldsa/mldsa87-cert.pem \
|
||||
certs/mldsa/mldsa87-cert.der \
|
||||
|
||||
+2
-2
@@ -2950,7 +2950,7 @@ then
|
||||
rsaverify) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TINY_TLS13_RSA_VERIFY" ;;
|
||||
sha384) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384" ;;
|
||||
mldsa) tinytls13_mldsa=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA -DWOLFSSL_DILITHIUM_VERIFY_ONLY -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_NO_ML_DSA_44 -DWOLFSSL_NO_ML_DSA_87" ;;
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA -DWOLFSSL_MLDSA_VERIFY_ONLY -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_NO_ML_DSA_65 -DWOLFSSL_NO_ML_DSA_87" ;;
|
||||
no) ;;
|
||||
*) AC_MSG_ERROR([Invalid --enable-tinytls13 value: $v. Valid: psk cert server mutualauth staticmem asm p256 sha384 mldsa rsaverify.]) ;;
|
||||
esac
|
||||
@@ -2961,7 +2961,7 @@ then
|
||||
# verify ML-DSA certificates, so keep ASN.1 there.
|
||||
if test "$tinytls13_mldsa" = "yes" && test "$tinytls13_base" != "cert"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_ASN1"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_ASN1"
|
||||
fi
|
||||
|
||||
if test "$tinytls13_base" = "cert"
|
||||
|
||||
@@ -123,7 +123,8 @@ int main(int argc, char** argv)
|
||||
membuf c2s; /* client writes, server reads */
|
||||
membuf s2c; /* server writes, client reads */
|
||||
int i, cdone = 0, sdone = 0, ret = 1;
|
||||
int cret = WOLFSSL_FATAL_ERROR, sret = WOLFSSL_FATAL_ERROR;
|
||||
int cret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
|
||||
int sret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
|
||||
const char* cipher = (argc > 1) ? argv[1] : "-";
|
||||
const char* group = (argc > 2) ? argv[2] : "-";
|
||||
int mlkemGroup[1];
|
||||
@@ -156,11 +157,11 @@ int main(int argc, char** argv)
|
||||
#ifdef WOLFSSL_TINY_TLS13_CERT
|
||||
/* Server presents a P-256 ECDSA leaf; the client validates it against the
|
||||
* CA. The leaf is signed by the CA whose algorithm this profile verifies,
|
||||
* so a completed handshake drives that verify path (ECDSA, ML-DSA-65, or
|
||||
* so a completed handshake drives that verify path (ECDSA, ML-DSA-44, or
|
||||
* RSA-PSS). */
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
XSNPRINTF(sCert, sizeof(sCert), "%s/mldsa/ecc-leaf-mldsa65.pem", certDir);
|
||||
XSNPRINTF(cCa, sizeof(cCa), "%s/mldsa/mldsa65-cert.pem", certDir);
|
||||
XSNPRINTF(sCert, sizeof(sCert), "%s/mldsa/ecc-leaf-mldsa44.pem", certDir);
|
||||
XSNPRINTF(cCa, sizeof(cCa), "%s/mldsa/mldsa44-cert.pem", certDir);
|
||||
#elif defined(WOLFSSL_TINY_TLS13_RSA_VERIFY)
|
||||
XSNPRINTF(sCert, sizeof(sCert), "%s/rsapss/ecc-leaf-rsapss.pem", certDir);
|
||||
XSNPRINTF(cCa, sizeof(cCa), "%s/rsapss/ca-rsapss.pem", certDir);
|
||||
|
||||
@@ -75,6 +75,16 @@ extern "C" {
|
||||
* static memory pool above. */
|
||||
#define WOLFSSL_NO_MALLOC
|
||||
#endif
|
||||
#if 0 /* Static-memory pool buckets for a tinytls13 PSK handshake, measured with
|
||||
* wolfSSL's memory-bucket-optimizer. The distribution sets the minimum
|
||||
* pool size (~320 KB for client+server, ~half a single role), so enable
|
||||
* these only once your buffer matches; re-run the optimizer for your own
|
||||
* role/adders. Left out of the floor because forcing a large distribution
|
||||
* breaks consumers that load a smaller buffer. */
|
||||
#define WOLFMEM_BUCKETS 64,96,160,288,816,3408,5088,6176,10784
|
||||
#define WOLFMEM_DIST 92,34,36,421,63,20,3,1,2
|
||||
#define WOLFMEM_DEF_BUCKETS 9
|
||||
#endif
|
||||
|
||||
/* ===== SPEED ============================================================ */
|
||||
#if 0 /* tiny+fast: assembly crypto instead of small-C (size up, speed up) */
|
||||
@@ -103,23 +113,28 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/* ===== PQC ADDERS (valid on either profile; SHA-3/SHAKE pulled in auto) = */
|
||||
#if 0 /* ML-DSA-65 verify-only. Use with the cert profile (Profile B) for TLS
|
||||
#if 0 /* ML-DSA-44 verify-only. Use with the cert profile (Profile B) for TLS
|
||||
* auth: the PSK floor has no certificate to verify, so on Profile A
|
||||
* this only confirms the umbrella builds. */
|
||||
* this only confirms the umbrella builds. ML-DSA-44 is the right tier
|
||||
* for a tiny stack paired with X25519/P-256 + AES-128; higher levels
|
||||
* add no security against that classical floor. */
|
||||
#define WOLFSSL_HAVE_MLDSA
|
||||
#define WOLFSSL_DILITHIUM_VERIFY_ONLY
|
||||
#define WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
|
||||
#define WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#define WOLFSSL_MLDSA_VERIFY_SMALL_MEM
|
||||
#ifndef WOLFSSL_TINY_TLS13_CERT
|
||||
/* PSK floor never parses a cert; the cert profile needs ML-DSA ASN.1
|
||||
* to decode and verify ML-DSA certificates, so keep it there. */
|
||||
#define WOLFSSL_DILITHIUM_NO_ASN1
|
||||
#define WOLFSSL_MLDSA_NO_ASN1
|
||||
#endif
|
||||
#define WOLFSSL_NO_ML_DSA_44
|
||||
#define WOLFSSL_NO_ML_DSA_65
|
||||
#define WOLFSSL_NO_ML_DSA_87
|
||||
#endif
|
||||
#if 0 /* ML-KEM-768 + X25519MLKEM768 hybrid */
|
||||
#if 0 /* ML-KEM-768 + X25519MLKEM768 hybrid (768 is the widely-adopted tier;
|
||||
* disable 512/1024) */
|
||||
#define WOLFSSL_HAVE_MLKEM
|
||||
#define WOLFSSL_WC_MLKEM
|
||||
#define WOLFSSL_NO_ML_KEM_512
|
||||
#define WOLFSSL_NO_ML_KEM_1024
|
||||
#define WOLFSSL_MLKEM_DYNAMIC_KEYS
|
||||
#endif
|
||||
|
||||
/* ===== PLATFORM (bare-metal defaults; adjust for your target) ========== */
|
||||
|
||||
@@ -2028,13 +2028,19 @@
|
||||
#undef NO_PWDBASED
|
||||
#define NO_PWDBASED
|
||||
|
||||
/* Footprint hygiene. */
|
||||
/* Footprint hygiene. NO_FILESYSTEM stays template-only so examples link. */
|
||||
#undef NO_ERROR_STRINGS
|
||||
#define NO_ERROR_STRINGS
|
||||
#undef WOLFSSL_SMALL_STACK
|
||||
#define WOLFSSL_SMALL_STACK
|
||||
#undef NO_SESSION_CACHE
|
||||
#define NO_SESSION_CACHE
|
||||
#undef NO_CLIENT_CACHE
|
||||
#define NO_CLIENT_CACHE
|
||||
#undef NO_HANDSHAKE_DONE_CB
|
||||
#define NO_HANDSHAKE_DONE_CB
|
||||
#undef NO_SIG_WRAPPER
|
||||
#define NO_SIG_WRAPPER
|
||||
#undef SINGLE_THREADED
|
||||
#define SINGLE_THREADED
|
||||
|
||||
@@ -2053,6 +2059,8 @@
|
||||
#ifdef WOLFSSL_TINY_TLS13_STATIC_MEM
|
||||
#undef WOLFSSL_STATIC_MEMORY
|
||||
#define WOLFSSL_STATIC_MEMORY
|
||||
/* Size a tiny WOLFMEM_* pool with the memory-bucket-optimizer; see the
|
||||
* measured starting point in user_settings_tinytls13.h. */
|
||||
#endif
|
||||
|
||||
/* Profile A: no X.509 at all (the cert variant keeps ASN/certs). */
|
||||
|
||||
Reference in New Issue
Block a user