Rename Dilithium implementation file/symbols to ML-DSA, add backwards-compat shims

The post-quantum signature algorithm originally implemented as Dilithium
was standardized by NIST as ML-DSA in FIPS 204. This commit renames the
implementation file pair, the public API surface, and every internal
helper to the canonical ML-DSA names, mirroring the earlier Kyber ->
ML-KEM migration in wc_mlkem.{h,c}.

This commit deliberately scopes the change to the rename + compatibility
surface only. **No in-tree consumer call sites are converted.** Existing
in-tree consumers (TLS layer, ASN.1 / EVP / cryptocb wrappers, tests,
benchmark, examples, Rust wrapper) keep using the legacy spelling and
compile through the dilithium.h symbol-alias shim and the bi-directional
settings.h gate shim. New consumer code can include
<wolfssl/wolfcrypt/wc_mldsa.h> directly and use the canonical names.

Rebased onto current master (50da0c0) so that PR wolfSSL#10399's ML-DSA
Wconversion fixes (commit 2833a4b, ~220 (sword32)/(byte)/(word32)
casts in dilithium.c plus three cast hunks in asn.c) are inherited
into the new wc_mldsa.c via the file rename. The asn.c cast hunks
land separately on master and aren't part of this commit.

File layout
-----------

  wolfcrypt/src/dilithium.c     -> wolfcrypt/src/wc_mldsa.c
  wolfssl/wolfcrypt/dilithium.h -> wolfssl/wolfcrypt/wc_mldsa.h

The legacy <wolfssl/wolfcrypt/dilithium.h> path is reborn as a thin
compatibility shim that #include's wc_mldsa.h and provides macro
aliases for every legacy linkage symbol.

Build-gate rename
-----------------

  HAVE_DILITHIUM       -> WOLFSSL_HAVE_MLDSA
  WOLFSSL_DILITHIUM_*  -> WOLFSSL_MLDSA_*   (~25 sub-config gates)
  WC_DILITHIUM_CACHE_* -> WC_MLDSA_CACHE_*
  WC_DILITHIUM_FIXED_ARRAY -> WC_MLDSA_FIXED_ARRAY
  WC_DILITHIUMKEY_TYPE_DEFINED -> WC_MLDSAKEY_TYPE_DEFINED

The configure summary echoes "ML-DSA: yes" rather than "DILITHIUM: yes".
The --enable-dilithium configure switch is preserved as a convenience
alias for --enable-mldsa.

A new wolfssl/wolfcrypt/settings_legacy_mldsa.h is included from
settings.h after user_settings.h. It is bi-directional: defining the
legacy gate (e.g. -DHAVE_DILITHIUM) implies the canonical gate, and
defining the canonical gate (e.g. via --enable-mldsa) implies the
legacy gate. The whole shim can be globally suppressed by defining
WOLFSSL_NO_DILITHIUM_LEGACY_GATES.

Public API rename
-----------------

  Type:
    dilithium_key   -> MlDsaKey

  Init / lifecycle (wolfSSL idiom: 1-arg simple form, 3-arg _ex form):
    wc_dilithium_init       -> wc_MlDsaKey_Init
    wc_dilithium_init_ex    -> wc_MlDsaKey_Init_ex
    wc_dilithium_init_id    -> wc_MlDsaKey_InitId
    wc_dilithium_init_label -> wc_MlDsaKey_InitLabel
    wc_dilithium_new        -> wc_MlDsaKey_New
    wc_dilithium_delete     -> wc_MlDsaKey_Delete
    wc_dilithium_free       -> wc_MlDsaKey_Free

  Parameters / sizing:
    wc_dilithium_set_level  -> wc_MlDsaKey_SetParams
    wc_dilithium_get_level  -> wc_MlDsaKey_GetParams
    wc_dilithium_size       -> wc_MlDsaKey_Size
    wc_dilithium_priv_size  -> wc_MlDsaKey_PrivSize
    wc_dilithium_pub_size   -> wc_MlDsaKey_PubSize
    wc_dilithium_sig_size   -> wc_MlDsaKey_SigSize
    wc_dilithium_check_key  -> wc_MlDsaKey_CheckKey

  Key generation:
    wc_dilithium_make_key            -> wc_MlDsaKey_MakeKey
    wc_dilithium_make_key_from_seed  -> wc_MlDsaKey_MakeKeyFromSeed

  Raw export (no argument reorder):
    wc_dilithium_export_public           -> wc_MlDsaKey_ExportPubRaw
    wc_dilithium_export_private[_only]   -> wc_MlDsaKey_ExportPrivRaw
    wc_dilithium_export_key              -> wc_MlDsaKey_ExportKey

  Raw import / sign / verify / DER decode (FIPS 204 / ML-KEM
  convention puts the key first; legacy form put it last):
    wc_dilithium_import_public(in, inLen, key)
        -> wc_MlDsaKey_ImportPubRaw(key, in, inLen)
    wc_dilithium_import_private[_only](priv, privSz, key)
        -> wc_MlDsaKey_ImportPrivRaw(key, priv, privSz)
    wc_dilithium_import_key(priv, privSz, pub, pubSz, key)
        -> wc_MlDsaKey_ImportKey(key, priv, privSz, pub, pubSz)
    wc_dilithium_sign_msg / sign_ctx_msg / sign_ctx_hash / *_with_seed
        -> wc_MlDsaKey_Sign / SignCtx / SignCtxHash / *WithSeed
    wc_dilithium_verify_msg / verify_ctx_msg / verify_ctx_hash / verify_mu
        -> wc_MlDsaKey_Verify / VerifyCtx / VerifyCtxHash / VerifyMu
    wc_Dilithium_PrivateKeyDecode(in, idx, key, sz)
        -> wc_MlDsaKey_PrivateKeyDecode(key, in, sz, idx)
    wc_Dilithium_PublicKeyDecode(in, idx, key, sz)
        -> wc_MlDsaKey_PublicKeyDecode(key, in, sz, idx)

  ASN.1 encode (no reorder):
    wc_Dilithium_PublicKeyToDer  -> wc_MlDsaKey_PublicKeyToDer
    wc_Dilithium_PrivateKeyToDer -> wc_MlDsaKey_PrivateKeyToDer
    wc_Dilithium_KeyToDer        -> wc_MlDsaKey_KeyToDer

  OpenSSL-compat enum:
    Adds WC_EVP_PKEY_MLDSA / EVP_PKEY_MLDSA. The legacy
    WC_EVP_PKEY_DILITHIUM / EVP_PKEY_DILITHIUM remain as enum
    aliases to the same value (no ABI change for the enum itself).

  Type forward declaration in wolfssl/wolfcrypt/asn_public.h:
    The 6-line forward declaration `typedef struct dilithium_key
    dilithium_key;` (guarded by WC_DILITHIUMKEY_TYPE_DEFINED) is
    flipped to `typedef struct MlDsaKey MlDsaKey;` (guarded by
    WC_MLDSAKEY_TYPE_DEFINED).

  Struct field type in wolfssl/wolfcrypt/asn.h:
    The two `struct dilithium_key` references inside SignatureCtx's
    ML-DSA union arm reference `struct MlDsaKey` directly. The field
    name (`dilithium`) is unchanged so legacy-spelled consumer code
    keeps working.

Internal helper rename
----------------------

All ~80 lower-case static / file-scope helpers in wc_mldsa.{h,c} and
wc_mldsa_asm.S are renamed dilithium_* -> mldsa_* for consistency
with ML-KEM's mlkem_* convention. The two WOLFSSL_TEST_VIS encoders
wc_dilithium_encode_w1_88/32 become wc_mldsa_encode_w1_88/32. The
struct typedef wc_dilithium_params becomes wc_mldsa_params.

The FIPS 204 spec-derived constants (DILITHIUM_Q, DILITHIUM_N,
DILITHIUM_LEVEL{2,3,5}_*, DILITHIUM_ML_DSA_{44,65,87}_*) are kept
under their existing names.

Compatibility surface
---------------------

Two independent shims, each suppressible via its own opt-out:

- The wolfssl/wolfcrypt/dilithium.h compatibility shim provides
  macro aliases for every legacy linkage symbol. Direct one-to-one
  #defines for the no-reorder APIs and function-like macros that
  swap arguments back for the 16 arg-reorder APIs. Suppressed by
  defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES.

- The wolfssl/wolfcrypt/settings_legacy_mldsa.h shim is
  bi-directional: defining either spelling of any of the 32
  build gates implies the other. Suppressed by defining
  WOLFSSL_NO_DILITHIUM_LEGACY_GATES.

A small block of internal-helper aliases at the bottom of
dilithium.h covers WOLFSSL_LOCAL `dilithium_get_oid_sum` and the
WOLFSSL_TEST_VIS `wc_dilithium_encode_w1_*` encoders that this
branch's unmigrated in-tree consumers (src/ssl_load.c and
tests/api/test_mldsa.c) still call.

Tests / verification
--------------------

A compile-time validation block at the bottom of wc_mldsa.c (under
WOLFSSL_NO_DILITHIUM_LEGACY_NAMES suppression) exercises every
legacy macro alias. The bodies sit inside `if (0)` so the compiler
parses and type-checks the expansions without emitting any runtime
call. A missing or misordered alias produces an immediate compile
error.

Wconversion preservation: master's PR wolfSSL#10399 added 220 `(sword32)`
casts (and several `(byte)` / `(word32)` casts) inside dilithium.c.
After the file rename, the new wc_mldsa.c has all 220 `(sword32)`
casts intact (count verified equal between master's dilithium.c
and our new wc_mldsa.c).

Builds clean with --enable-mldsa and --enable-dilithium (legacy
alias). make check passes; testwolfcrypt DILITHIUM test passes.

https://claude.ai/code/session_01N9vLeZw4Gsfb11N4BU1Mbe

Author: claude

CMakeLists.txt

@@ -679,12 +679,12 @@ add_option(WOLFSSL_DILITHIUM
     "no" "yes;no")
 
 if (WOLFSSL_DILITHIUM)
-    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM")
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLDSA")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256")
 
-    set_wolfssl_definitions("HAVE_DILITHIUM"       RESULT)
+    set_wolfssl_definitions("WOLFSSL_HAVE_MLDSA"       RESULT)
     set_wolfssl_definitions("WOLFSSL_SHA3"         RESULT)
     set_wolfssl_definitions("WOLFSSL_SHAKE128"     RESULT)
     set_wolfssl_definitions("WOLFSSL_SHAKE256"     RESULT)

ChangeLog.md

@@ -2,6 +2,79 @@
 
 ## Enhancements
 
+* Renamed the ML-DSA implementation file pair from
+  `wolfcrypt/src/dilithium.c` and `wolfssl/wolfcrypt/dilithium.h` to
+  `wolfcrypt/src/wc_mldsa.c` and `wolfssl/wolfcrypt/wc_mldsa.h`,
+  matching the existing ML-KEM (`wc_mlkem.{h,c}`) naming convention.
+  Inside that pair, the public API surface and every internal helper
+  is renamed to its FIPS 204 ML-DSA spelling: `dilithium_key` becomes
+  `MlDsaKey`, every `wc_dilithium_*` / `wc_Dilithium_*` function
+  becomes `wc_MlDsaKey_*` (with the FIPS 204 / ML-KEM key-first
+  argument order for sign / verify / import / DER-decode entry
+  points), `HAVE_DILITHIUM` becomes `WOLFSSL_HAVE_MLDSA`, every
+  `WOLFSSL_DILITHIUM_*` / `WC_DILITHIUM_*` sub-config gate becomes
+  `WOLFSSL_MLDSA_*` / `WC_MLDSA_*`, and the lower-case static
+  helpers (`dilithium_get_params`, `dilithium_hash256`, etc.) become
+  `mldsa_*`. The internal parameter-table struct keeps its wolfSSL
+  MixedCase form: `wc_dilithium_params` becomes `MlDsaParams`. The
+  `wc_MlDsaKey_Init` canonical entry point takes 3 arguments
+  (`MlDsaKey*`, `void* heap`, `int devId`) to match the ML-KEM
+  `wc_MlKemKey_Init` convention; the legacy 1-argument
+  `wc_dilithium_init(key)` is mapped through the shim to
+  `wc_MlDsaKey_Init(key, NULL, INVALID_DEVID)`.
+
+  Backwards compatibility is preserved through a single TEMPORARY
+  shim, `<wolfssl/wolfcrypt/dilithium.h>`, that will be removed in
+  a future release once consumer code has migrated to the canonical
+  names. The shim performs two services, each separately
+  suppressible:
+
+    - Macro / static-inline aliases for the legacy
+      `dilithium_key` / `wc_dilithium_params` / `wc_dilithium_*` /
+      `wc_Dilithium_*` names, including arg-reordering wrappers for
+      the entry points whose canonical prototype puts the key first.
+      Suppressible via `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`. The
+      `dilithium_key` typedef alias is also exposed from
+      `<wolfssl/wolfcrypt/asn_public.h>` so code that included only
+      that header on master keeps compiling.
+
+    - Bi-directional propagation of the sub-config build-gate
+      names (`WOLFSSL_DILITHIUM_* <-> WOLFSSL_MLDSA_*`,
+      `WC_DILITHIUM_* <-> WC_MLDSA_*`) so existing `user_settings.h`
+      files and unmigrated consumer code keep gating correctly.
+      Suppressible via `WOLFSSL_NO_DILITHIUM_LEGACY_GATES`. The
+      parent gate (`HAVE_DILITHIUM <-> WOLFSSL_HAVE_MLDSA`) is
+      mapped earlier in `<wolfssl/wolfcrypt/settings.h>` because
+      `<wolfssl/internal.h>` and `<wolfssl/wolfcrypt/cryptocb.h>`
+      gate their transitive include of `dilithium.h` on
+      `HAVE_DILITHIUM`; this parent mapping is always active.
+
+  Two wolfSSL-internal infrastructure files
+  (`wolfssl/wolfcrypt/memory.h` for `LARGEST_MEM_BUCKET` sizing and
+  `wolfssl/certs_test.h` auto-generated cert-data buffers) had their
+  legacy `WOLFSSL_DILITHIUM_*` sub-gate references migrated to
+  canonical `WOLFSSL_MLDSA_*` spellings, since neither file pulls
+  in `<wolfssl/wolfcrypt/dilithium.h>` and so cannot rely on the
+  bi-directional shim. The corresponding generator script
+  (`gencertbuf.pl`) was updated to keep emitting canonical
+  sub-gate names on regeneration.
+
+  The OpenSSL-compat enum gains `WC_EVP_PKEY_MLDSA` /
+  `EVP_PKEY_MLDSA`; the legacy `WC_EVP_PKEY_DILITHIUM` /
+  `EVP_PKEY_DILITHIUM` names remain as aliases to the same numeric
+  value. The `--enable-dilithium` configure switch is preserved as a
+  convenience alias for `--enable-mldsa`.
+
+  **ABI note:** the library's exported linkage symbols are renamed
+  (the `.so` now exports `wc_MlDsaKey_*` instead of
+  `wc_dilithium_*`). Applications that linked dynamically against
+  the legacy symbol names need to either recompile against the
+  legacy header path (which provides macro aliases that resolve to
+  the new symbols) or switch their sources to the canonical names.
+  Existing in-tree consumer code keeps using the legacy spelling and
+  compiles through the shim — new consumer code must include
+  `wc_mldsa.h` directly and use the canonical names.
+
 * TLS 1.3: zero traffic key staging buffers in `SetKeysSide()` once a
   CryptoCB callback has imported the AES key into a Secure Element
   (`aes->devCtx != NULL`).  Clears `keys->{client,server}_write_key`

IDE/INTIME-RTOS/libwolfssl.vcxproj

@@ -42,7 +42,7 @@
 	<ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
 	<ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
-	<ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />

IDE/INTIME-RTOS/wolfssl-lib.vcxproj

@@ -79,7 +79,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
     <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
     <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\eccsi.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\evp.c">

IDE/WIN10/wolfssl-fips.vcxproj

@@ -318,7 +318,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
     <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_lms.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_lms_impl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_xmss.c" />

IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj

@@ -122,6 +122,7 @@
 		700F0CF22A2FC11300755BA7 /* curve448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD32A2FC0D500755BA7 /* curve448.h */; };
 		700F0CF32A2FC11300755BA7 /* curve25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CC82A2FC0D500755BA7 /* curve25519.h */; };
 		700F0CF42A2FC11300755BA7 /* dilithium.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE52A2FC0D500755BA7 /* dilithium.h */; };
+		700F0CE52A2FC0D500755BC0 /* wc_mldsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */; };
 		700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDB2A2FC0D500755BA7 /* eccsi.h */; };
 		700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD22A2FC0D500755BA7 /* ed448.h */; };
 		700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE12A2FC0D500755BA7 /* ed25519.h */; };
@@ -280,6 +281,7 @@
 				700F0CF22A2FC11300755BA7 /* curve448.h in CopyFiles */,
 				700F0CF32A2FC11300755BA7 /* curve25519.h in CopyFiles */,
 				700F0CF42A2FC11300755BA7 /* dilithium.h in CopyFiles */,
+				700F0CE52A2FC0D500755BC0 /* wc_mldsa.h in CopyFiles */,
 				700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */,
 				700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */,
 				700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */,
@@ -583,6 +585,7 @@
 		700F0CE22A2FC0D500755BA7 /* ge_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_448.h; path = ../../wolfssl/wolfcrypt/ge_448.h; sourceTree = "<group>"; };
 		700F0CE42A2FC0D500755BA7 /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs12.h; path = ../../wolfssl/wolfcrypt/pkcs12.h; sourceTree = "<group>"; };
 		700F0CE52A2FC0D500755BA7 /* dilithium.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dilithium.h; path = ../../wolfssl/wolfcrypt/dilithium.h; sourceTree = "<group>"; };
+		700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mldsa.h; path = ../../wolfssl/wolfcrypt/wc_mldsa.h; sourceTree = "<group>"; };
 		700F0CE62A2FC0D500755BA7 /* sakke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sakke.h; path = ../../wolfssl/wolfcrypt/sakke.h; sourceTree = "<group>"; };
 		700F0CE72A2FC0D500755BA7 /* signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = signature.h; path = ../../wolfssl/wolfcrypt/signature.h; sourceTree = "<group>"; };
 		700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_pkcs11.h; path = ../../wolfssl/wolfcrypt/wc_pkcs11.h; sourceTree = "<group>"; };
@@ -634,6 +637,7 @@
 				700F0CD32A2FC0D500755BA7 /* curve448.h */,
 				700F0CC82A2FC0D500755BA7 /* curve25519.h */,
 				700F0CE52A2FC0D500755BA7 /* dilithium.h */,
+				700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */,
 				700F0CDB2A2FC0D500755BA7 /* eccsi.h */,
 				700F0CD22A2FC0D500755BA7 /* ed448.h */,
 				700F0CE12A2FC0D500755BA7 /* ed25519.h */,

IDE/XCODE/wolfssl.xcodeproj/project.pbxproj

@@ -253,6 +253,7 @@
 		700F0C0A2A2FBC5100755BA7 /* curve448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE32A2FBC1500755BA7 /* curve448.h */; };
 		700F0C0B2A2FBC5100755BA7 /* curve25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE52A2FBC1500755BA7 /* curve25519.h */; };
 		700F0C0C2A2FBC5100755BA7 /* dilithium.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEF2A2FBC1500755BA7 /* dilithium.h */; };
+		700F0BEF2A2FBC1500755BC0 /* wc_mldsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */; };
 		700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF72A2FBC1600755BA7 /* eccsi.h */; };
 		700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF82A2FBC1600755BA7 /* ed448.h */; };
 		700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF42A2FBC1600755BA7 /* ed25519.h */; };
@@ -617,6 +618,7 @@
 				700F0C0A2A2FBC5100755BA7 /* curve448.h in CopyFiles */,
 				700F0C0B2A2FBC5100755BA7 /* curve25519.h in CopyFiles */,
 				700F0C0C2A2FBC5100755BA7 /* dilithium.h in CopyFiles */,
+				700F0BEF2A2FBC1500755BC0 /* wc_mldsa.h in CopyFiles */,
 				700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */,
 				700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */,
 				700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */,
@@ -983,6 +985,7 @@
 		700F0BED2A2FBC1500755BA7 /* chacha20_poly1305.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = chacha20_poly1305.h; path = ../../wolfssl/wolfcrypt/chacha20_poly1305.h; sourceTree = "<group>"; };
 		700F0BEE2A2FBC1500755BA7 /* cryptocb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cryptocb.h; path = ../../wolfssl/wolfcrypt/cryptocb.h; sourceTree = "<group>"; };
 		700F0BEF2A2FBC1500755BA7 /* dilithium.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dilithium.h; path = ../../wolfssl/wolfcrypt/dilithium.h; sourceTree = "<group>"; };
+		700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mldsa.h; path = ../../wolfssl/wolfcrypt/wc_mldsa.h; sourceTree = "<group>"; };
 		700F0BF02A2FBC1500755BA7 /* sakke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sakke.h; path = ../../wolfssl/wolfcrypt/sakke.h; sourceTree = "<group>"; };
 		700F0BF12A2FBC1600755BA7 /* cpuid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cpuid.h; path = ../../wolfssl/wolfcrypt/cpuid.h; sourceTree = "<group>"; };
 		700F0BF22A2FBC1600755BA7 /* selftest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = selftest.h; path = ../../wolfssl/wolfcrypt/selftest.h; sourceTree = "<group>"; };
@@ -1144,6 +1147,7 @@
 				700F0BE32A2FBC1500755BA7 /* curve448.h */,
 				700F0BE52A2FBC1500755BA7 /* curve25519.h */,
 				700F0BEF2A2FBC1500755BA7 /* dilithium.h */,
+				700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */,
 				700F0BF72A2FBC1600755BA7 /* eccsi.h */,
 				700F0BF82A2FBC1600755BA7 /* ed448.h */,
 				700F0BF42A2FBC1600755BA7 /* ed25519.h */,

cmake/functions.cmake

@@ -211,7 +211,7 @@ function(generate_build_flags)
         set(BUILD_WC_MLKEM "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_DILITHIUM OR WOLFSSL_USER_SETTINGS)
-        set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
+        set(BUILD_MLDSA "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_FALCON OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
@@ -1029,8 +1029,8 @@ function(generate_lib_src_list LIB_SOURCES)
             list(APPEND LIB_SOURCES wolfcrypt/src/falcon.c)
         endif()
 
-        if(BUILD_DILITHIUM)
-            list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
+        if(BUILD_MLDSA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa.c)
 
             if(BUILD_INTELASM)
                 list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa_asm.S)

cmake/options.h.in

@@ -96,8 +96,8 @@ extern "C" {
 #cmakedefine HAVE_CURVE448
 #undef HAVE_DH_DEFAULT_PARAMS
 #cmakedefine HAVE_DH_DEFAULT_PARAMS
-#undef HAVE_DILITHIUM
-#cmakedefine HAVE_DILITHIUM
+#undef WOLFSSL_HAVE_MLDSA
+#cmakedefine WOLFSSL_HAVE_MLDSA
 #undef HAVE_ECC
 #cmakedefine HAVE_ECC
 #undef HAVE_ECH