wolfSSL
diff --git a/‎.github/workflows/build-workflow.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build-workflow.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/clang-tidy.yml‎
Lines changed: 5 additions & 3 deletions b/‎.github/workflows/clang-tidy.yml‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎.github/workflows/cmake.yml‎
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/cmake.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/sanitizer-tests.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/sanitizer-tests.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.github/workflows/scan-build.yml‎
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/scan-build.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/unit-test.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/unit-test.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎CMakeLists.txt‎
Lines changed: 18 additions & 0 deletions b/‎CMakeLists.txt‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎cmake/options.h.in‎
Lines changed: 2 additions & 0 deletions b/‎cmake/options.h.in‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎configure.ac‎
Lines changed: 22 additions & 0 deletions b/‎configure.ac‎
Lines changed: 22 additions & 0 deletions
@@ -35,7 +35,7 @@ jobs:
       working-directory: ./wolfssl
       run: |
         ./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 \
-            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
+            --enable-mldsa C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
     - name: wolfssl make install
       working-directory: ./wolfssl
       run: make
 
@@ -29,19 +29,21 @@ on:
 jobs:
   clang-tidy:
     runs-on: ubuntu-latest
-    
+
     strategy:
       fail-fast: false
       matrix:
         config:
           - name: "Standard Build"
             configure_flags: ""
-          - name: "NSS Build" 
+          - name: "NSS Build"
             configure_flags: "--enable-nss"
           - name: "TPM Build"
             configure_flags: "--enable-tpm"
           - name: "NSS+TPM Build"
             configure_flags: "--enable-nss --enable-tpm"
+          - name: "PKCS#11 V3.2 PQC Build"
+            configure_flags: "--enable-pkcs11v32 --enable-mldsa"
 
     steps:
     # Checkout wolfPKCS11
@@ -70,7 +72,7 @@ jobs:
         cd wolfssl
         ./autogen.sh
         ./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 \
-            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
+            --enable-mldsa C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
         make -j$(nproc)
         sudo make install
         sudo ldconfig
 
@@ -61,7 +61,9 @@ jobs:
             -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DWOLFPKCS11_INSTALL:BOOL=yes -DWOLFPKCS11_DEBUG:BOOL=yes \
             -DWOLFPKCS11_AESKEYWRAP:BOOL=yes -DWOLFPKCS11_AESCTR:BOOL=yes -DWOLFPKCS11_AESCCM:BOOL=yes \
             -DWOLFPKCS11_AESECB:BOOL=yes -DWOLFPKCS11_AESCTS:BOOL=yes -DWOLFPKCS11_AESCMAC:BOOL=yes \
-            -DWOLFPKCS11_PBKDF2:BOOL=yes -DCMAKE_MODULE_PATH="$GITHUB_WORKSPACE/install/${CMAKE_INSTALL_LIBDIR}" \
+            -DWOLFPKCS11_PBKDF2:BOOL=yes -DWOLFPKCS11_SHA3:BOOL=yes -DWOLFPKCS11_PKCS11_V3_0:BOOL=yes \
+            -DWOLFPKCS11_PKCS11_V3_2:BOOL=yes -DWOLFPKCS11_MLDSA:BOOL=yes \
+            -DCMAKE_MODULE_PATH="$GITHUB_WORKSPACE/install/${CMAKE_INSTALL_LIBDIR}" \
             ..
         cmake --build .
         ctest -j $(nproc)
 
@@ -19,12 +19,14 @@ jobs:
         config:
           - name: "Standard Build"
             configure_flags: ""
-          - name: "NSS Build" 
+          - name: "NSS Build"
             configure_flags: "--enable-nss"
           - name: "TPM Build"
             configure_flags: "--enable-tpm"
           - name: "NSS+TPM Build"
             configure_flags: "--enable-nss --enable-tpm"
+          - name: "PKCS#11 V3.2 PQC Build"
+            configure_flags: "--enable-pkcs11v32 --enable-mldsa"
 
     steps:
 #pull wolfPKCS11
@@ -73,7 +75,7 @@ jobs:
             ;;
         esac
         ./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 --enable-debug \
-            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
+            --enable-mldsa C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
     - name: wolfssl make
       working-directory: ./wolfssl
       run: |
 
@@ -44,6 +44,8 @@ jobs:
             configure_flags: "--enable-tpm"
           - name: "NSS+TPM Build"
             configure_flags: "--enable-nss --enable-tpm"
+          - name: "PKCS#11 V3.2 PQC Build"
+            configure_flags: "--enable-pkcs11v32 --enable-mldsa"
 
     steps:
     # Checkout wolfPKCS11
@@ -72,7 +74,7 @@ jobs:
         cd wolfssl
         ./autogen.sh
         ./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 \
-            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
+            --enable-mldsa C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
         make -j$(nproc)
         sudo make install
         sudo ldconfig
 
@@ -102,6 +102,10 @@ jobs:
     uses: ./.github/workflows/build-workflow.yml
     with:
       config: --enable-pkcs11v32 --disable-shared
+  mldsa:
+    uses: ./.github/workflows/build-workflow.yml
+    with:
+      config: --enable-mldsa
   debug:
     uses: ./.github/workflows/build-workflow.yml
     with:
 
@@ -462,6 +462,24 @@ if(WOLFPKCS11_PKCS11_V3_2)
 endif()
 
 
+# ML-DSA
+add_option("WOLFPKCS11_MLDSA"
+    "Enable wolfPKCS11 ML-DSA support (default: disabled)"
+    "no" "yes;no"
+)
+
+if(NOT WOLFPKCS11_SHA3)
+    override_cache(WOLFPKCS11_MLDSA "no")
+endif()
+
+if(WOLFPKCS11_MLDSA)
+    if(NOT WOLFPKCS11_PKCS11_V3_2)
+        message(FATAL_ERROR "ML-DSA requires PKCS#11 Version 3.2 support (enable WOLFPKCS11_PKCS11_V3_2)")
+    endif()
+    list(APPEND WOLFPKCS11_DEFINITIONS "-DWOLFPKCS11_MLDSA")
+endif()
+
+
 # If wolfpkcs11/options.h exists, delete it to avoid
 # a mixup with build/wolfpkcs11/options.h.
 if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/wolfpkcs11/options.h")
 
@@ -92,6 +92,8 @@ extern "C" {
 #cmakedefine WOLFSSL_SHA512
 #undef WOLFSSL_SHA3
 #cmakedefine WOLFSSL_SHA3
+#undef WOLFPKCS11_MLDSA
+#cmakedefine WOLFPKCS11_MLDSA
 #undef WOLFPKCS11_TPM
 #cmakedefine WOLFPKCS11_TPM
 #undef WOLFPKCS11_NSS
 
@@ -516,6 +516,27 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFPKCS11_PKCS11_V3_2"
 fi
 
+AC_ARG_ENABLE([mldsa],
+    [AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA (default: disabled)])],
+    [ ENABLED_MLDSA=$enableval ],
+    [ ENABLED_MLDSA=no ]
+    )
+
+if test "$ENABLED_SHA3" = "no"
+then
+    echo "ML-DSA requires SHA-3 support (disabled), disabling ML-DSA"
+    ENABLED_MLDSA=no
+fi
+
+if test "$ENABLED_MLDSA" = "yes"
+then
+    if test "$ENABLED_PKCS11V3_2" = "no"; then
+        ENABLED_PKCS11V3_2=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFPKCS11_PKCS11_V3_2"
+    fi
+    AM_CFLAGS="$AM_CFLAGS -DWOLFPKCS11_MLDSA"
+fi
+
 
 AM_CONDITIONAL([BUILD_STATIC],[test "x$enable_shared" = "xno"])
 
@@ -703,6 +724,7 @@ echo "   * RSA-PSS:                    $ENABLED_RSAPSS"
 echo "   * DH:                         $ENABLED_DH"
 echo "   * ECC:                        $ENABLED_ECC"
 echo "   * HKDF:                       $ENABLED_HKDF"
+echo "   * ML-DSA:                     $ENABLED_MLDSA"
 echo "   * NSS modifications:          $ENABLED_NSS"
 echo "   * Default token path:         $WOLFPKCS11_DEFAULT_TOKEN_PATH"
 echo "   * PKCS#11 Version 3.0:        $ENABLED_PKCS11V3_0"