mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 17:00:49 +02:00
configure.ac:
* don't default-enable ML-KEM if SHA3/SHAKE are explicitly disabled at user request, or if FIPS <7. * move ML-KEM flag setup after FIPS setup (like SHA3 and SHAKE flag setup) to allow FIPS overrides. * remove the unused and misleading "v6-ready" FIPS flavor, and fix v6-dev to get the v6 version triplet.
This commit is contained in:
+209
-203
@@ -614,7 +614,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
ENABLED_FIPS="yes"
|
||||
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
|
||||
],
|
||||
[v6],[
|
||||
[v6|v6-dev],[
|
||||
FIPS_VERSION="v6"
|
||||
HAVE_FIPS_VERSION=6
|
||||
HAVE_FIPS_VERSION_MAJOR=6
|
||||
@@ -626,7 +626,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
],
|
||||
# Should always remain one ahead of the latest so as not to be confused with
|
||||
# the latest
|
||||
[ready|v6-ready],[
|
||||
[ready],[
|
||||
FIPS_VERSION="ready"
|
||||
HAVE_FIPS_VERSION=7
|
||||
HAVE_FIPS_VERSION_MAJOR=7
|
||||
@@ -636,7 +636,7 @@ AS_CASE([$ENABLED_FIPS],
|
||||
DEF_SP_MATH="yes"
|
||||
DEF_FAST_MATH="no"
|
||||
],
|
||||
[dev|v6-dev],[
|
||||
[dev],[
|
||||
FIPS_VERSION="dev"
|
||||
HAVE_FIPS_VERSION_MAJOR=7
|
||||
HAVE_FIPS_VERSION_MINOR=0
|
||||
@@ -1710,10 +1710,23 @@ AC_ARG_WITH([liboqs],
|
||||
# MLKEM
|
||||
# Used:
|
||||
# - SHA3, Shake128 and Shake256
|
||||
#
|
||||
# Note, setup is later, after FIPS setup.
|
||||
|
||||
if test "$enable_shake128" != "no" &&
|
||||
test "$enable_shake256" != "no" &&
|
||||
test "$enable_sha3" != "no" &&
|
||||
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7)
|
||||
then
|
||||
ENABLED_MLKEM_DEFAULT=yes
|
||||
else
|
||||
ENABLED_MLKEM_DEFAULT=no
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([mlkem],
|
||||
[AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])],
|
||||
[ ENABLED_MLKEM=$enableval ],
|
||||
[ ENABLED_MLKEM=yes ]
|
||||
[ ENABLED_MLKEM=$ENABLED_MLKEM_DEFAULT ]
|
||||
)
|
||||
# note, inherits default from "mlkem" clause above.
|
||||
AC_ARG_ENABLE([kyber],
|
||||
@@ -1721,178 +1734,18 @@ AC_ARG_ENABLE([kyber],
|
||||
[ ENABLED_MLKEM=$enableval ]
|
||||
)
|
||||
|
||||
# FIPS traditionally does not support SHAKE 128 and SHAKE 256 (v6 does), so disable
|
||||
# ML-KEM if FIPS is enabled and version is less than 6
|
||||
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],[
|
||||
AC_MSG_NOTICE([Disabling MLKEM because FIPS < 6 does not support required SHAKE])
|
||||
ENABLED_MLKEM="no"
|
||||
])
|
||||
|
||||
ENABLED_WC_MLKEM=no
|
||||
ENABLED_ML_KEM=unset
|
||||
ENABLED_MLKEM_MAKE_KEY=no
|
||||
ENABLED_MLKEM_ENCAPSULATE=no
|
||||
ENABLED_MLKEM_DECAPSULATE=no
|
||||
for v in `echo $ENABLED_MLKEM | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
yes)
|
||||
ENABLED_MLKEM512=yes
|
||||
ENABLED_MLKEM768=yes
|
||||
ENABLED_MLKEM1024=yes
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
all)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
ENABLED_ML_KEM=yes
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
no)
|
||||
;;
|
||||
small)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
|
||||
;;
|
||||
no-large-code)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
|
||||
;;
|
||||
cache-a)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
|
||||
;;
|
||||
512)
|
||||
ENABLED_MLKEM512=yes
|
||||
;;
|
||||
768)
|
||||
ENABLED_MLKEM768=yes
|
||||
;;
|
||||
1024)
|
||||
ENABLED_MLKEM1024=yes
|
||||
;;
|
||||
make)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
;;
|
||||
encapsulate|enc)
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
;;
|
||||
decapsulate|dec)
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
original|kyber)
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
ml-kem)
|
||||
ENABLED_ML_KEM=yes
|
||||
;;
|
||||
noasm)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
|
||||
break;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
|
||||
# Use liboqs if specified.
|
||||
if test "$ENABLED_LIBOQS" = "no"; then
|
||||
ENABLED_WC_MLKEM=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ORIGINAL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=no
|
||||
fi
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=yes
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "yes"; then
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
|
||||
fi
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_WC_MLKEM" = "yes"
|
||||
then
|
||||
test "$enable_sha3" = "" && enable_sha3=yes
|
||||
test "$enable_shake128" = "" && enable_shake128=yes
|
||||
test "$enable_shake256" = "" && enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([tls-mlkem-standalone],
|
||||
[AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])],
|
||||
[ ENABLED_MLKEM_STANDALONE=$enableval ],
|
||||
[ ENABLED_MLKEM_STANDALONE=no ]
|
||||
)
|
||||
|
||||
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
|
||||
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([pqc-hybrids],
|
||||
[AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])],
|
||||
[ ENABLED_PQC_HYBRIDS=$enableval ],
|
||||
[ ENABLED_PQC_HYBRIDS=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
|
||||
then
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
|
||||
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
|
||||
fi
|
||||
fi
|
||||
|
||||
# Extra PQ/T Hybrid combinations
|
||||
AC_ARG_ENABLE([extra-pqc-hybrids],
|
||||
[AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])],
|
||||
@@ -1900,12 +1753,6 @@ AC_ARG_ENABLE([extra-pqc-hybrids],
|
||||
[ ENABLED_EXTRA_PQC_HYBRIDS=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
|
||||
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
|
||||
fi
|
||||
|
||||
# Dilithium
|
||||
# - SHA3, Shake128 and Shake256
|
||||
@@ -4688,17 +4535,6 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM"
|
||||
fi
|
||||
|
||||
# MLKEM requires SHA-3. Force-enable SHA-3 when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHA3" = "no"
|
||||
then
|
||||
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
|
||||
ENABLED_SHA3=yes
|
||||
enable_sha3=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# SHAKE128
|
||||
AC_ARG_ENABLE([shake128],
|
||||
[AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])],
|
||||
@@ -4706,17 +4542,6 @@ AC_ARG_ENABLE([shake128],
|
||||
[ ENABLED_SHAKE128=no ]
|
||||
)
|
||||
|
||||
# MLKEM requires SHAKE128. Force-enable when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHAKE128" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
||||
ENABLED_SHAKE128=yes
|
||||
enable_shake128=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# SHAKE256
|
||||
AC_ARG_ENABLE([shake256],
|
||||
[AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
|
||||
@@ -4724,17 +4549,6 @@ AC_ARG_ENABLE([shake256],
|
||||
[ ENABLED_SHAKE256=no ]
|
||||
)
|
||||
|
||||
# MLKEM requires SHAKE256. Force-enable when MLKEM is enabled.
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHAKE256" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
||||
ENABLED_SHAKE256=yes
|
||||
enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# SHA512
|
||||
AC_ARG_ENABLE([sha512],
|
||||
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
|
||||
@@ -6593,6 +6407,10 @@ AS_CASE([$FIPS_VERSION],
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")],
|
||||
[enable_shake256="no"; ENABLED_SHAKE256="no"])
|
||||
|
||||
AS_IF([test "$ENABLED_MLKEM" != "no" &&
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_mlkem" != "yes")],
|
||||
[enable_mlkem="no"; ENABLED_MLKEM="no"])
|
||||
|
||||
AS_IF([test "$ENABLED_MD5" != "no" &&
|
||||
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")],
|
||||
[enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"])
|
||||
@@ -6922,6 +6740,194 @@ AS_CASE([$SELFTEST_VERSION],
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
|
||||
])
|
||||
|
||||
|
||||
# Set ML-KEM flags
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_SHA3" = "no"
|
||||
then
|
||||
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
|
||||
ENABLED_SHA3=yes
|
||||
enable_sha3=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHAKE128" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
||||
ENABLED_SHAKE128=yes
|
||||
enable_shake128=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHAKE256" = "no"
|
||||
then
|
||||
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
||||
ENABLED_SHAKE256=yes
|
||||
enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
ENABLED_WC_MLKEM=no
|
||||
ENABLED_ML_KEM=unset
|
||||
ENABLED_MLKEM_MAKE_KEY=no
|
||||
ENABLED_MLKEM_ENCAPSULATE=no
|
||||
ENABLED_MLKEM_DECAPSULATE=no
|
||||
for v in `echo $ENABLED_MLKEM | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
yes)
|
||||
ENABLED_MLKEM512=yes
|
||||
ENABLED_MLKEM768=yes
|
||||
ENABLED_MLKEM1024=yes
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
all)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
ENABLED_ML_KEM=yes
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
no)
|
||||
;;
|
||||
small)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
|
||||
;;
|
||||
no-large-code)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
|
||||
;;
|
||||
cache-a)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
|
||||
;;
|
||||
512)
|
||||
ENABLED_MLKEM512=yes
|
||||
;;
|
||||
768)
|
||||
ENABLED_MLKEM768=yes
|
||||
;;
|
||||
1024)
|
||||
ENABLED_MLKEM1024=yes
|
||||
;;
|
||||
make)
|
||||
ENABLED_MLKEM_MAKE_KEY=yes
|
||||
;;
|
||||
encapsulate|enc)
|
||||
ENABLED_MLKEM_ENCAPSULATE=yes
|
||||
;;
|
||||
decapsulate|dec)
|
||||
ENABLED_MLKEM_DECAPSULATE=yes
|
||||
;;
|
||||
original|kyber)
|
||||
ENABLED_ORIGINAL=yes
|
||||
;;
|
||||
ml-kem)
|
||||
ENABLED_ML_KEM=yes
|
||||
;;
|
||||
noasm)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
|
||||
break;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
|
||||
# Use liboqs if specified.
|
||||
if test "$ENABLED_LIBOQS" = "no"; then
|
||||
ENABLED_WC_MLKEM=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ORIGINAL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=no
|
||||
fi
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||
ENABLED_ML_KEM=yes
|
||||
fi
|
||||
if test "$ENABLED_ML_KEM" = "yes"; then
|
||||
if test "$ENABLED_MLKEM512" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM768" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM1024" = ""; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
|
||||
fi
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
|
||||
fi
|
||||
if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_WC_MLKEM" = "yes"
|
||||
then
|
||||
test "$enable_sha3" = "" && enable_sha3=yes
|
||||
test "$enable_shake128" = "" && enable_shake128=yes
|
||||
test "$enable_shake256" = "" && enable_shake256=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
|
||||
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
|
||||
then
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
|
||||
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
|
||||
ENABLED_PQC_HYBRIDS=no
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
|
||||
then
|
||||
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
|
||||
then
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
|
||||
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
|
||||
fi
|
||||
|
||||
|
||||
AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
|
||||
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
|
||||
|
||||
Reference in New Issue
Block a user