Add ML-KEM and ML-DSA support by aidangarske · Pull Request #399 · wolfSSL/wolfProvider

aidangarske · 2026-05-23T05:56:36Z

ML-KEM (FIPS 203) and ML-DSA (FIPS 204) via wolfSSL backend.

Algorithms: ML-KEM-512/768/1024, ML-DSA-44/65/87

Opt-in: ./scripts/build-wolfprovider.sh --enable-pqc (adds --enable-mlkem --enable-dilithium --enable-experimental to wolfSSL). wolfProvider auto-detects from wolfSSL's options.h macros; older wolfSSL builds skip the PQC paths cleanly with no code changes here.

Validation: three independent paths cross-checked, all pass.

Internal unit tests (11 functions x 3 levels = 33 assertions) in make test
wolfProvider <-> OpenSSL 3.5 default provider (12 cross-pairs)
wolfProvider <-> wolfSSL direct wc_* API (12 cross-pairs)

CI: new wolfssl-versions-pqc.yml runs three matrix rows -- pre-PQC wolfSSL, latest stable, master -- and the three-way interop validator on the PQC-enabled rows.

Test plan

make test passes (all 11 PQC tests + existing suite)
./test/pqc_interop.test -- ALL PASS (24 cross-pairs)
Build against pre-PQC wolfSSL: PQC code paths skip, make test clean
CI green on all three matrix rows

…tion honoring

aidangarske added 7 commits May 22, 2026 22:08

Add PQC scaffolding: ML-KEM/ML-DSA macros, names, externs, build flag

aad005d

Add ML-KEM keymgmt and KEM dispatch for 512/768/1024

d203979

Add ML-DSA keymgmt and signature dispatch for 44/65/87

be25627

Add ML-KEM and ML-DSA unit tests + dupctx buffer copy fix

3df1a6f

Add PQC version-compat CI: pre-PQC, latest stable, master

f78fdb8

Add FIPS 204 ctx mode for ML-DSA + three-way interop validator in CI

c1b7c10

Add ML-KEM and ML-DSA raw key import/export roundtrip tests

60f2cd6

Copilot AI review requested due to automatic review settings May 23, 2026 05:56

Copilot started reviewing on behalf of aidangarske May 23, 2026 05:56 View session

This comment was marked as resolved.

Sign in to view

aidangarske added 2 commits May 22, 2026 23:11

Gate PQC macros on header availability via __has_include

dae5cd6

Address Copilot review + dynamic wolfSSL version matrix with PQC floor

0aec54f

aidangarske self-assigned this May 23, 2026

aidangarske added 7 commits May 22, 2026 23:47

Document ML-KEM and ML-DSA support in README and integration guide

618ad0a

Address Skoll review: input validation, consistency checks, dup selec…

39e677c

…tion honoring

Run PQC version matrix on draft PRs too (match wolfTPM behavior)

ef9ac48

Use wc_mlkem.h (mlkem.h removed on wolfssl master); drop absence check

ed58142

CI: diagnose OpenSSL default provider PQC support

0b04e5a

interop: use global lib ctx for default provider side (CI lib ctx fix)

371c4e6

CI: include lib64 in LD_LIBRARY_PATH so Linux finds the local libcrypto

f69c064

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ML-KEM and ML-DSA support#399

Add ML-KEM and ML-DSA support#399
aidangarske wants to merge 16 commits into
wolfSSL:masterfrom
aidangarske:pqc-support

aidangarske commented May 23, 2026

Uh oh!

This comment was marked as resolved.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

aidangarske commented May 23, 2026

Test plan

Uh oh!

This comment was marked as resolved.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants