diff --git a/.github/workflows/ada.yml b/.github/workflows/ada.yml index 8e892e69cc..43558d0f77 100644 --- a/.github/workflows/ada.yml +++ b/.github/workflows/ada.yml @@ -10,7 +10,7 @@ jobs: build: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml index 02291d8b51..063a1b65aa 100644 --- a/.github/workflows/arduino.yml +++ b/.github/workflows/arduino.yml @@ -77,7 +77,7 @@ concurrency: jobs: build: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false diff --git a/.github/workflows/async-examples.yml b/.github/workflows/async-examples.yml index 8a28d4312d..135bf36c8e 100644 --- a/.github/workflows/async-examples.yml +++ b/.github/workflows/async-examples.yml @@ -31,7 +31,7 @@ jobs: - name: Build async examples (no configure) run: | make -C examples/async clean - make -C examples/async ASYNC_MODE=${{ matrix.async_mode }} EXTRA_CFLAGS="${{ matrix.extra_cflags }}" + make -j -C examples/async ASYNC_MODE=${{ matrix.async_mode }} EXTRA_CFLAGS="${{ matrix.extra_cflags }}" - name: Run async examples run: | diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 74c073fe1c..0fa50bc049 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -20,8 +20,6 @@ jobs: # Add new configs here '--enable-asynccrypt --enable-all --enable-dtls13 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', - '--enable-asynccrypt --enable-all --enable-dtls13 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', - '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-asynccrypt --enable-all --enable-dtls13 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', diff --git a/.github/workflows/bind.yml b/.github/workflows/bind.yml index e4d3635b6e..68b6030991 100644 --- a/.github/workflows/bind.yml +++ b/.github/workflows/bind.yml @@ -73,6 +73,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout bind9 uses: actions/checkout@v4 @@ -80,6 +81,7 @@ jobs: repository: isc-projects/bind9 path: bind ref: v${{ matrix.ref }} + fetch-depth: 1 - name: Build and test bind9 working-directory: bind diff --git a/.github/workflows/cmake-autoconf.yml b/.github/workflows/cmake-autoconf.yml index a29636ea75..14e50b6eb6 100644 --- a/.github/workflows/cmake-autoconf.yml +++ b/.github/workflows/cmake-autoconf.yml @@ -9,7 +9,7 @@ on: jobs: build: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: # pull wolfSSL diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index c014360d96..dd70043687 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -9,7 +9,7 @@ on: jobs: build: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: # pull wolfSSL diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 2e5068d71c..8f9b47a991 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -74,6 +74,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout sasl uses: actions/checkout@v4 @@ -81,6 +82,7 @@ jobs: repository: cyrusimap/cyrus-sasl ref: cyrus-sasl-${{ matrix.ref }} path: sasl + fetch-depth: 1 - name: Build cyrus-sasl working-directory: sasl diff --git a/.github/workflows/gencertbuf.yml b/.github/workflows/gencertbuf.yml index 97cd1a5310..3550f22e2b 100644 --- a/.github/workflows/gencertbuf.yml +++ b/.github/workflows/gencertbuf.yml @@ -16,7 +16,7 @@ jobs: gencertbuf: name: gencertbuf if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: @@ -30,7 +30,7 @@ jobs: run: | ./autogen.sh ./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber - make + make -j ./wolfcrypt/test/testwolfcrypt - name: Print errors diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 019c57632a..a88212c25a 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -84,6 +84,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout grpc uses: actions/checkout@v4 @@ -91,6 +92,7 @@ jobs: repository: grpc/grpc path: grpc ref: ${{ matrix.ref }} + fetch-depth: 1 - name: Build grpc working-directory: ./grpc diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index 90b12b9365..55e92a7325 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -77,6 +77,7 @@ jobs: repository: haproxy/haproxy ref: ${{matrix.haproxy_ref}} path: build-dir/haproxy-${{matrix.haproxy_ref}} + fetch-depth: 1 - name: Build haproxy working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 56052f9ea4..bfb8771776 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -117,6 +117,7 @@ jobs: repository: torvalds/linux path: linux ref: ${{ env.LINUX_REF }} + fetch-depth: 1 - name: Compile linux if: steps.cache.outputs.cache-hit != 'true' @@ -249,6 +250,7 @@ jobs: repository: wolfssl/osp path: osp ref: ${{ matrix.config.osp_ref }} + fetch-depth: 1 - if: ${{ matrix.config.osp_ref }} name: Apply patch files diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index bbcdd9028b..533d404ef8 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -66,6 +66,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build ipmitool uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 09d1151df1..50593dcb1c 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -79,6 +79,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout jwt-cpp uses: actions/checkout@v4 @@ -86,6 +87,7 @@ jobs: repository: Thalhammer/jwt-cpp path: jwt-cpp ref: v${{ matrix.config.ref }} + fetch-depth: 1 - name: Build pam-ipmi working-directory: jwt-cpp diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index 37c64e299c..a0c6b5d214 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -68,6 +68,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout krb5 uses: actions/checkout@v4 @@ -75,6 +76,7 @@ jobs: repository: krb5/krb5 ref: krb5-${{ matrix.ref }}-final path: krb5 + fetch-depth: 1 - name: Apply patch working-directory: ./krb5 diff --git a/.github/workflows/libspdm.yml b/.github/workflows/libspdm.yml index 098881e97b..e9ca1678aa 100644 --- a/.github/workflows/libspdm.yml +++ b/.github/workflows/libspdm.yml @@ -64,6 +64,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout libspdm uses: actions/checkout@v4 @@ -71,6 +72,7 @@ jobs: repository: DMTF/libspdm path: libspdm ref: ${{ matrix.ref }} + fetch-depth: 1 - name: Build and test libspdm working-directory: libspdm diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index a80bcf18fe..f450236f84 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -66,6 +66,7 @@ jobs: repository: libssh2/libssh2 ref: libssh2-${{ matrix.ref }} path: libssh2 + fetch-depth: 1 - name: Update libssh2 test to use a stable version of debian working-directory: libssh2 diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml index 8964a57b95..b2e7a1895e 100644 --- a/.github/workflows/libvncserver.yml +++ b/.github/workflows/libvncserver.yml @@ -68,6 +68,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout libvncserver uses: actions/checkout@v4 @@ -75,6 +76,7 @@ jobs: repository: LibVNC/libvncserver path: libvncserver ref: LibVNCServer-${{ matrix.ref }} + fetch-depth: 1 - name: Build libvncserver working-directory: libvncserver diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml index e705c05bc9..af76843a2b 100644 --- a/.github/workflows/mbedtls.yml +++ b/.github/workflows/mbedtls.yml @@ -19,7 +19,7 @@ jobs: build_mbedtls: name: Build mbedtls if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -38,6 +38,7 @@ jobs: repository: Mbed-TLS/mbedtls ref: ${{ env.MBED_REF }} path: mbedtls + fetch-depth: 1 - name: Compile mbedtls if: steps.cache.outputs.cache-hit != 'true' @@ -55,7 +56,7 @@ jobs: mbedtls_test: name: Test interop with mbedtls if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build_mbedtls timeout-minutes: 10 steps: diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index 128c03d470..729b565197 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -64,6 +64,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Install dependencies run: | @@ -77,6 +78,7 @@ jobs: repository: memcached/memcached ref: 1.6.22 path: memcached + fetch-depth: 1 - name: Configure and build memcached run: | diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 3e14debc36..e4e3fea31a 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -63,6 +63,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Install dependencies run: | @@ -76,6 +77,7 @@ jobs: repository: eclipse/mosquitto ref: v${{ matrix.ref }} path: mosquitto + fetch-depth: 1 - name: Update certs run: | @@ -87,7 +89,7 @@ jobs: run: | cd $GITHUB_WORKSPACE/mosquitto/ patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch - make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir + make -j WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir - name: Run mosquitto tests working-directory: ./mosquitto @@ -95,7 +97,7 @@ jobs: # Retry up to five times for i in {1..5}; do TEST_RES=0 - make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$? + make -j WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$? if [ "$TEST_RES" -eq "0" ]; then break fi diff --git a/.github/workflows/msmtp.yml b/.github/workflows/msmtp.yml index 2b1fa7885c..a662e7d211 100644 --- a/.github/workflows/msmtp.yml +++ b/.github/workflows/msmtp.yml @@ -63,6 +63,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Install dependencies run: | @@ -77,6 +78,7 @@ jobs: repository: marlam/msmtp ref: msmtp-${{ matrix.ref }} path: msmtp-${{ matrix.ref }} + fetch-depth: 1 - name: Apply wolfSSL patch working-directory: msmtp-${{ matrix.ref }} diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 3146e7369c..9dab661625 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -66,6 +66,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build net-snmp uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml index c04744e94b..33a40fb88a 100644 --- a/.github/workflows/no-malloc.yml +++ b/.github/workflows/no-malloc.yml @@ -35,7 +35,7 @@ jobs: run: | ./autogen.sh ./configure ${{ matrix.config }} - make + make -j ./wolfcrypt/test/testwolfcrypt - name: Print errors diff --git a/.github/workflows/nss.yml b/.github/workflows/nss.yml index f88f205929..7fef3b014a 100644 --- a/.github/workflows/nss.yml +++ b/.github/workflows/nss.yml @@ -49,6 +49,7 @@ jobs: repository: nss-dev/nss ref: ${{ env.NSS_REF }} path: nss + fetch-depth: 1 - name: Compile nss if: steps.cache.outputs.cache-hit != 'true' diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index 3f2631c01e..d93b19deb0 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -65,6 +65,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 # Avoid DoS'ing ntp site so cache the tar.gz - name: Check if we have ntp diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index 6b81537734..48d46daab9 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -71,6 +71,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout openldap uses: actions/checkout@v4 @@ -78,6 +79,7 @@ jobs: repository: openldap/openldap path: openldap ref: ${{ matrix.git_ref }} + fetch-depth: 1 - name: Build and test OpenLDAP working-directory: openldap diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 99e90b4d2e..63eacd5b9d 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -87,6 +87,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build and test openssh uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 80f91d59f4..b65270e567 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -13,6 +13,9 @@ concurrency: # END OF COMMON SECTION jobs: + # Configs that interact with platform-specific features (sys-ca-certs, + # Apple Security.framework, OpenSSL compat layer, networking). + # Run on both Ubuntu and macOS. make_check: strategy: fail-fast: false @@ -35,22 +38,10 @@ jobs: '--enable-dtls --enable-dtls13 --enable-earlydata --enable-session-ticket --enable-psk CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ', - '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13 - --enable-dtls-frag-ch', - '--enable-all --enable-dtls13 --enable-dtls-frag-ch', '--enable-all --enable-dtls13 --enable-dtls-frag-ch --disable-mlkem', - '--enable-all --enable-dtls13 --enable-dtls-frag-ch - --enable-tls-mlkem-standalone', - '--enable-all --enable-dtls13 --enable-dtls-frag-ch - --enable-tls-mlkem-standalone --enable-experimental - --enable-extra-pqc-hybrids', - '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch - --enable-dtls-mtu', '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA', - '--enable-ascon --enable-experimental', - '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental', '--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ', '--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys CPPFLAGS=-DWOLFSSL_DH_EXTRA', @@ -59,34 +50,17 @@ jobs: '--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB', '--enable-opensslall --enable-opensslextra CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ', - # PKCS#7 with RSA-PSS (CMS RSASSA-PSS signers) - '--enable-pkcs7 CPPFLAGS=-DWC_RSA_PSS', - # PKCS#7 without RSA-PSS - '--enable-pkcs7', '--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ', '--enable-opensslextra=x509small', - 'CPPFLAGS=''-DWOLFSSL_EXTRA'' ', - '--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--disable-sys-ca-certs', '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ', '--enable-all CPPFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"', - '--enable-coding=no', '--enable-dtls --enable-dtls13 --enable-ocspstapling --enable-ocspstapling2 --enable-cert-setup-cb --enable-sessioncerts', '--enable-dtls --enable-dtls13 --enable-tls13 CPPFLAGS=-DWOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC', - '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info', - 'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY', '--enable-all --enable-certgencache', - '--enable-sessionexport --enable-dtls --enable-dtls13', - '--enable-sessionexport', - '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', - '--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', '--enable-all --enable-dilithium --enable-cryptocb --enable-cryptocbutils --enable-pkcallbacks', - '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"', - '--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC', - 'CPPFLAGS=-DNO_WOLFSSL_CLIENT', - 'CPPFLAGS=-DNO_WOLFSSL_SERVER', 'CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH', 'CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''', 'CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''', @@ -95,8 +69,6 @@ jobs: '--enable-all CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH', '--enable-all CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''', '--enable-all CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''', - '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"', - '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"', '--enable-ocsp --enable-ocsp-responder --enable-ocspstapling CPPFLAGS="-DWOLFSSL_NONBLOCK_OCSP" --enable-maxfragment', '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP', '--enable-all --enable-writedup', @@ -113,6 +85,45 @@ jobs: configure: CFLAGS="-pedantic -Wno-overlength-strings -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }} check: true + # Platform-agnostic configs: pure crypto algorithms, preprocessor guards, + # or features with no macOS-specific code paths. Linux only. + make_check_linux: + strategy: + fail-fast: false + matrix: + config: [ + '--enable-ascon --enable-experimental', + '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental', + # PKCS#7 with RSA-PSS (CMS RSASSA-PSS signers) + '--enable-pkcs7 CPPFLAGS=-DWC_RSA_PSS', + # PKCS#7 without RSA-PSS + '--enable-pkcs7', + 'CPPFLAGS=''-DWOLFSSL_EXTRA'' ', + '--enable-coding=no', + '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info', + 'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY', + '--enable-sessionexport --enable-dtls --enable-dtls13', + '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', + '--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', + '--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC', + 'CPPFLAGS=-DNO_WOLFSSL_CLIENT', + 'CPPFLAGS=-DNO_WOLFSSL_SERVER', + '--enable-lms=small,verify-only --enable-xmss=small,verify-only', + '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"', + '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"', + ] + name: make check (Linux only) + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 14 + steps: + - name: Build and test wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + configure: CFLAGS="-pedantic -Wno-overlength-strings -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }} + check: true + make_user_settings: strategy: fail-fast: false @@ -139,7 +150,9 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-24.04, macos-latest ] + # testwolfcrypt runs pure crypto tests with no platform-specific + # features, so Linux-only is sufficient for these user_settings. + os: [ ubuntu-24.04 ] user-settings: [ # Add new user_settings.h here (alphabetical order) 'examples/configs/user_settings_ca.h', @@ -198,7 +211,7 @@ jobs: cp ./examples/configs/user_settings_all.h user_settings.h sed -i -e "s/if 0/if 1/" user_settings.h ./configure --enable-usersettings - make + make -j make check windows_build: diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index 78b162a3ce..122dea8159 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -71,6 +71,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout pam-ipmi uses: actions/checkout@v4 @@ -78,6 +79,7 @@ jobs: repository: openbmc/pam-ipmi path: pam-ipmi ref: ${{ matrix.git_ref }} + fetch-depth: 1 - name: Build pam-ipmi working-directory: pam-ipmi diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml index 988618c07e..073f086fc4 100644 --- a/.github/workflows/pq-all.yml +++ b/.github/workflows/pq-all.yml @@ -20,14 +20,12 @@ jobs: # Add new configs here '--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=4"', '--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-tls-mlkem-standalone --enable-extra-pqc-hybrids --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"', '--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY"', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY"', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"', '--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', '--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', + '--disable-intelasm --enable-all --disable-mlkem --enable-lms=yes,small,verify-only --enable-xmss=yes,small,verify-only --enable-slhdsa=yes,small,verify-only --enable-dilithium=yes,small,verify-only --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 4080b1528c..b98992f4ea 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -120,6 +120,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout CPython uses: actions/checkout@v4 @@ -127,6 +128,7 @@ jobs: repository: python/cpython ref: v${{ matrix.python_ver }} path: cpython + fetch-depth: 1 - name: Apply wolfSSL patch working-directory: cpython diff --git a/.github/workflows/renode-stm32h753.yml b/.github/workflows/renode-stm32h753.yml index 9a56d39cf2..9b4292424e 100644 --- a/.github/workflows/renode-stm32h753.yml +++ b/.github/workflows/renode-stm32h753.yml @@ -29,7 +29,7 @@ on: jobs: test: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 30 steps: diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml index dc26de62e1..923ec6e730 100644 --- a/.github/workflows/rng-tools.yml +++ b/.github/workflows/rng-tools.yml @@ -72,6 +72,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout jitterentropy-library uses: actions/checkout@v4 @@ -79,6 +80,7 @@ jobs: repository: smuellerDD/jitterentropy-library path: jitterentropy-library ref: v3.5.0 + fetch-depth: 1 - name: Build jitterentropy-library working-directory: jitterentropy-library diff --git a/.github/workflows/rust-wrapper.yml b/.github/workflows/rust-wrapper.yml index 667960d944..4fe191b085 100644 --- a/.github/workflows/rust-wrapper.yml +++ b/.github/workflows/rust-wrapper.yml @@ -33,13 +33,12 @@ jobs: run: make -C wrapper/rust test strategy: matrix: - os: [ ubuntu-24.04, ubuntu-24.04-arm ] + os: [ ubuntu-24.04 ] config: [ # Add new configs here '', '--enable-all', '--enable-all --enable-dilithium', - '--enable-all --enable-mlkem', '--enable-cryptonly --disable-examples', '--enable-cryptonly --disable-examples --disable-mlkem --disable-aes --disable-aesgcm', '--enable-cryptonly --disable-examples --disable-mlkem --disable-aescbc', @@ -74,3 +73,11 @@ jobs: '--enable-cryptonly --disable-examples --disable-mlkem --disable-srtp-kdf', '--enable-cryptonly --disable-examples --disable-mlkem --disable-x963kdf', ] + include: + # Core configs also run on ARM + - os: ubuntu-24.04-arm + config: '' + - os: ubuntu-24.04-arm + config: '--enable-all' + - os: ubuntu-24.04-arm + config: '--enable-all --enable-dilithium' diff --git a/.github/workflows/smallStackSize.yml b/.github/workflows/smallStackSize.yml index bd832026b4..d754751c57 100644 --- a/.github/workflows/smallStackSize.yml +++ b/.github/workflows/smallStackSize.yml @@ -21,19 +21,19 @@ jobs: '--disable-asm', # defaults + native PQ, no asm - '--disable-asm --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium', + '--disable-asm --enable-mlkem --enable-lms --enable-xmss --enable-mldsa', # all-crypto + native PQ, no asm - '--disable-asm --enable-all-crypto --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium', + '--disable-asm --enable-all-crypto --enable-mlkem --enable-lms --enable-xmss --enable-mldsa', # defaults, intelasm + sp-asm '--enable-intelasm --enable-sp-asm', # defaults + native PQ, intelasm + sp-asm - '--enable-intelasm --enable-sp-asm --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium', + '--enable-intelasm --enable-sp-asm --enable-mlkem --enable-lms --enable-xmss --enable-mldsa', # all-crypto + native PQ, intelasm + sp-asm - '--enable-intelasm --enable-sp-asm --enable-all-crypto --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium' + '--enable-intelasm --enable-sp-asm --enable-all-crypto --enable-mlkem --enable-lms --enable-xmss --enable-mldsa' ] name: build library if: github.repository_owner == 'wolfssl' diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index 89e4fcc788..a856690046 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -72,6 +72,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build socat working-directory: ./socat-${{ matrix.socat_version }} @@ -79,7 +80,7 @@ jobs: patch -p1 < ../osp/socat/${{ matrix.socat_version }}/socat-${{ matrix.socat_version }}.patch autoreconf -vfi ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4 - make + make -j - name: Run socat tests working-directory: ./socat-${{ matrix.socat_version }} diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml index ea9b3e5aa4..7391177695 100644 --- a/.github/workflows/softhsm.yml +++ b/.github/workflows/softhsm.yml @@ -72,6 +72,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Checkout SoftHSMv2 uses: actions/checkout@v4 @@ -79,6 +80,7 @@ jobs: repository: opendnssec/SoftHSMv2 path: softhsm ref: ${{ matrix.ref }} + fetch-depth: 1 # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work - name: Build softhsm diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 797a1f4fbf..c2e0ce2dea 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -85,6 +85,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build and test sssd uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 977ac3ee59..7348ec1885 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -64,6 +64,7 @@ jobs: with: repository: wolfssl/osp path: osp + fetch-depth: 1 - name: Build and test stunnel uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/trackmemory.yml b/.github/workflows/trackmemory.yml index 0c9f44cb43..a071b973b3 100644 --- a/.github/workflows/trackmemory.yml +++ b/.github/workflows/trackmemory.yml @@ -33,7 +33,7 @@ jobs: ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff --git a/.github/workflows/wolfsm.yml b/.github/workflows/wolfsm.yml index f67485793e..d0d39e254a 100644 --- a/.github/workflows/wolfsm.yml +++ b/.github/workflows/wolfsm.yml @@ -38,6 +38,7 @@ jobs: with: repository: wolfssl/wolfsm path: wolfsm + fetch-depth: 1 - name: Install wolfsm working-directory: wolfsm @@ -47,7 +48,7 @@ jobs: run: | ./autogen.sh ./configure ${{ matrix.config }} - make + make -j make check - name: Print errors diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 1f705a7aa0..9ebd027b96 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -24992,8 +24992,8 @@ int test_mldsa_pkcs12(void) { EXPECT_DECLS; #if !defined(NO_ASN) && defined(HAVE_PKCS12) && \ - defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ - !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(NO_TLS) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ !defined(NO_CERTS) && !defined(NO_DES3) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ defined(WOLFSSL_CERT_GEN) diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index bf0b3cf6af..7767cb92f4 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -525,6 +525,8 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) /** * Attempt to import a private Dilithium key at a specified level. * @@ -541,6 +543,7 @@ static int d2i_dilithium_priv_key_level(dilithium_key* dilithium, byte level, return (wc_dilithium_set_level(dilithium, level) == 0) && (wc_dilithium_import_private(mem, (word32)memSz, dilithium) == 0); } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ /** * Attempt to import a public Dilithium key at a specified level. @@ -586,6 +589,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* Try decoding data as a Dilithium private/public key. */ if (priv) { +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) isDilithium = d2i_dilithium_priv_key_level(dilithium, WC_ML_DSA_44, mem, memSz); if (!isDilithium) { @@ -596,6 +600,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, isDilithium = d2i_dilithium_priv_key_level(dilithium, WC_ML_DSA_87, mem, memSz); } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ } else { isDilithium = d2i_dilithium_pub_key_level(dilithium, WC_ML_DSA_44,