Mark kyber as experimental
Kyber will be changing once the standardization of ML_KEM
is finalized by NIST.
Update-Note: The use of Kyber functions from
<openssl/experimental/kyber.h> will not compile unless the build
using them defines an appropriate preprocessor define.
As this interface will change once NIST finalizes the
standardization of ML_KEM. Users of this code must be aware, and be
prepared to make changes when this happens
Change-Id: I159bae38e58dd059b3fcccf69ae9f3d5fb03bd46
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66868
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/kyber/kyber.c b/crypto/kyber/kyber.c
index 0e97359..411ec48 100644
--- a/crypto/kyber/kyber.c
+++ b/crypto/kyber/kyber.c
@@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#define OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
#include <openssl/experimental/kyber.h>
#include <assert.h>
diff --git a/crypto/kyber/kyber_test.cc b/crypto/kyber/kyber_test.cc
index 9b05813..be384fc 100644
--- a/crypto/kyber/kyber_test.cc
+++ b/crypto/kyber/kyber_test.cc
@@ -20,6 +20,7 @@
#include <openssl/bytestring.h>
#include <openssl/ctrdrbg.h>
+#define OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
#include <openssl/experimental/kyber.h>
#include "../test/file_test.h"
diff --git a/include/openssl/experimental/kyber.h b/include/openssl/experimental/kyber.h
index e0268fc..e6e9e9a 100644
--- a/include/openssl/experimental/kyber.h
+++ b/include/openssl/experimental/kyber.h
@@ -22,6 +22,14 @@
#endif
+#if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER)
+// This header implements experimental, draft versions of not-yet-standardized
+// primitives. When the standard is complete, these functions will be removed
+// and replaced with the final, incompatible standard version. They are
+// available now for short-lived experiments, but must not be deployed anywhere
+// durable, such as a long-lived key store. To use these functions define
+// OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
+
// Kyber768.
//
// This implements the round-3 specification of Kyber, defined at
@@ -128,6 +136,8 @@
OPENSSL_EXPORT int KYBER_parse_private_key(
struct KYBER_private_key *out_private_key, CBS *in);
+#endif // OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
+
#if defined(__cplusplus)
} // extern C
diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc
index f4fda3f..419724c 100644
--- a/ssl/ssl_key_share.cc
+++ b/ssl/ssl_key_share.cc
@@ -24,6 +24,7 @@
#include <openssl/curve25519.h>
#include <openssl/ec.h>
#include <openssl/err.h>
+#define OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
#include <openssl/experimental/kyber.h>
#include <openssl/hrss.h>
#include <openssl/mem.h>
diff --git a/tool/speed.cc b/tool/speed.cc
index 827911c..4390e1e 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -25,8 +25,6 @@
#include <stdlib.h>
#include <string.h>
-#define OPENSSL_I_UNDERSTAND_EXPERIMENTAL_FUNCTION_RISK
-
#include <openssl/aead.h>
#include <openssl/aes.h>
#include <openssl/base64.h>
@@ -42,8 +40,9 @@
#include <openssl/evp.h>
#define OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM
#include <openssl/experimental/dilithium.h>
-#define OPENSSL_UNSTABLE_EXPERIMENTAL_SPX
+#define OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
#include <openssl/experimental/kyber.h>
+#define OPENSSL_UNSTABLE_EXPERIMENTAL_SPX
#include <openssl/experimental/spx.h>
#include <openssl/hrss.h>
#include <openssl/mem.h>
