-
Notifications
You must be signed in to change notification settings - Fork 833
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kyber: fixes to configure and wolfSSL_get_curve_name #8183
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remote original-only option for kyber in configure.ac. Default is ML-KEM only. original is Kyber only. ml-lem is ML-KEM. to have both: all,original,ml-kem. Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the inclusion of kyber headers.
SparkiDev
force-pushed
the
kyber_fixes_3
branch
from
November 14, 2024 06:25
fc304e4
to
886f5b0
Compare
retest this please |
douzzer
approved these changes
Nov 14, 2024
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags. See: wolfSSL/wolfssl#8183
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags. See: wolfSSL/wolfssl#8183
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags. See: wolfSSL/wolfssl#8183
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 18, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaining support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 18, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags. See: wolfSSL/wolfssl#8183
kp-thomas-yau
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Nov 18, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaining support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185
kp-thomas-yau
added a commit
to expressvpn/lightway-core
that referenced
this pull request
Nov 25, 2024
Remove references to liboqs and edit build flag/configs for each of the platform. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release. The patch consists of the commits and code changes from the following PR from WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185 Configuration for enabling ML-KEM/Kyber: 1. For only ML-KEM: ./configure --enable-kyber ./configure --enable-kyber=all,ml-kem 2. For just Kyber: ./configure --enable-kyber=all,original 3. For ML-KEM and Kyber ./configure --enable-kyber=all,original,ml-kem ./configure --enable-kyber=all,ml-kem,original
8 tasks
kp-thomas-yau
added a commit
to expressvpn/lightway-core
that referenced
this pull request
Nov 26, 2024
Remove references to liboqs and edit build flag/configs for each of the platform. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release. The patch consists of the commits and code changes from the following PR from WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185 Configuration for enabling ML-KEM/Kyber: 1. For only ML-KEM: ./configure --enable-kyber ./configure --enable-kyber=all,ml-kem 2. For just Kyber: ./configure --enable-kyber=all,original 3. For ML-KEM and Kyber ./configure --enable-kyber=all,original,ml-kem ./configure --enable-kyber=all,ml-kem,original
kp-thomas-yau
added a commit
to expressvpn/lightway-core
that referenced
this pull request
Dec 2, 2024
Remove references to liboqs and edit build flag/configs for each of the platform. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release. The patch consists of the commits and code changes from the following PR from WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185 Configuration for enabling ML-KEM/Kyber: 1. For only ML-KEM: ./configure --enable-kyber ./configure --enable-kyber=all,ml-kem 2. For just Kyber: ./configure --enable-kyber=all,original 3. For ML-KEM and Kyber ./configure --enable-kyber=all,original,ml-kem ./configure --enable-kyber=all,ml-kem,original
kp-thomas-yau
added a commit
to expressvpn/lightway-core
that referenced
this pull request
Dec 3, 2024
Remove references to liboqs and edit build flag/configs for each of the platform. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release. The patch consists of the commits and code changes from the following PR from WolfSSL: - wolfSSL/wolfssl#8143 - wolfSSL/wolfssl#8172 - wolfSSL/wolfssl#8183 - wolfSSL/wolfssl#8185 Configuration for enabling ML-KEM/Kyber: 1. For only ML-KEM: ./configure --enable-kyber ./configure --enable-kyber=all,ml-kem 2. For just Kyber: ./configure --enable-kyber=all,original 3. For ML-KEM and Kyber ./configure --enable-kyber=all,original,ml-kem ./configure --enable-kyber=all,ml-kem,original
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Remove original-only option for kyber in configure.ac. Default is ML-KEM only.
original is Kyber only.
ml-kem is ML-KEM.
to have both: all,original,ml-kem.
Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the inclusion of kyber headers.
Fixes zd#18923
Testing
For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
For just Kyber:
./configure --enable-kyber=all,original
For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
To see which algorithms are enabled:
./wolfcrypt/benchmark/benchmark -kyber
To test wolfSSL_get_curve_name() change:
./configure --enable-kyber
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 --pqc P256_ML_KEM_512 &
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 --pqc P256_ML_KEM_512
Output contains
Checklist