ML-DSA Wconversion fixes by Frauschi · Pull Request #10399 · wolfSSL/wolfssl

Frauschi · 2026-05-05T13:22:38Z

Add ML-DSA to Wconversion CI tests and add required casts to fix all errors. Required for FIPS 140-3 certification.

github-actions · 2026-05-05T13:39:41Z

MemBrowse Memory Report

No memory changes detected for:

douzzer

seeing some new warnings from this currently, atop current (6a3eb6f) master:

[quantum-safe-wolfssl-all-clang-tidy] [29 of 42] [41a62b2e29]
    configure with clang-tidy...   real 0m12.471s  user 0m0.002s  sys 0m0.005s
    build...075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 2835)             state[4*4 + l] = (word64)(0x1f0000U + ((word32)k << 8) + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:2835:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
2835 |             state[4*4 + l] = (word64)(0x1f0000U + ((word32)k << 8) + (word32)l);
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 2942)             state[4*4 + l] = (word64)(0x1f0000U + ((word32)((k + l) / 5) << 8) +
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:2942:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
2942 |             state[4*4 + l] = (word64)(0x1f0000U + ((word32)((k + l) / 5) << 8) +
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 2997)         state[4*4 + l] = (word64)(0x1f0000U + (5U << 8) + (word32)(l + 3));
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:2997:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
2997 |         state[4*4 + l] = (word64)(0x1f0000U + (5U << 8) + (word32)(l + 3));
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 3088)             state[4*4 + l] = (word64)(0x1f0000U + ((word32)((k + l) / 7) << 8) +
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:3088:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
3088 |             state[4*4 + l] = (word64)(0x1f0000U + ((word32)((k + l) / 7) << 8) +
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 3700)             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:3700:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
3700 |             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 3813)             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:3813:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
3813 |             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 3866)         state[8*4 + l] = (word64)(0x1f0000U + 8U + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:3866:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
3866 |         state[8*4 + l] = (word64)(0x1f0000U + 8U + (word32)l);
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 3968)             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:3968:30: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
3968 |             state[8*4 + l] = (word64)(0x1f0000U + ((word32)k * 4U + (word32)l));
|                              ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 4021)         state[8*4 + l] = (word64)(0x1f0000U + 12U + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:4021:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
4021 |         state[8*4 + l] = (word64)(0x1f0000U + 12U + (word32)l);
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 4224)         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:4224:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
4224 |         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 4294)         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:4294:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
4294 |         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 4372)         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:4372:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
4372 |         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
|                          ^
075e6a3f8a (<tobias@wolfssl.com> 2026-05-05 15:21:15 +0200 4401)         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
/tmp/tmp.4346_38755/wolfssl_test_workdir.2622907/wolfssl/wolfcrypt/src/dilithium.c:4401:26: warning: either cast from 'unsigned int' to 'word64' (aka 'unsigned long') is ineffective, or there is loss of precision before the conversion [bugprone-misplaced-widening-cast]
4401 |         state[8*4 + l] = (word64)(0x1f0000U + (word32)kappa + (word32)l);
|                          ^
Suppressed 18 warnings (18 in non-user code).
   real 0m16.168s  user 0m0.061s  sys 0m0.075s
    clang-tidy reported defects in 1 file(s).

Frauschi · 2026-05-06T09:01:20Z

All warnings and failures should be fixed now. The failing Python tests are unrelated to this PR and will be fixed by #10279.

douzzer

tested with wolfssl-multi-test.sh ... super-quick-check '.*Wconversion.*' alongside wolfssl/fips#379, merged with #10399 and #10390

…-compat shims The post-quantum signature algorithm originally implemented as Dilithium was standardized by NIST as ML-DSA in FIPS 204. This commit renames the implementation file pair, the public API surface, and every internal helper to the canonical ML-DSA names, mirroring the earlier Kyber -> ML-KEM migration in wc_mlkem.{h,c}. This commit deliberately scopes the change to the rename + compatibility surface only. **No in-tree consumer call sites are converted.** Existing in-tree consumers (TLS layer, ASN.1 / EVP / cryptocb wrappers, tests, benchmark, examples, Rust wrapper) keep using the legacy spelling and compile through the dilithium.h symbol-alias shim and the bi-directional settings.h gate shim. New consumer code can include <wolfssl/wolfcrypt/wc_mldsa.h> directly and use the canonical names. Rebased onto current master (50da0c0) so that PR wolfSSL#10399's ML-DSA Wconversion fixes (commit 2833a4b, ~220 (sword32)/(byte)/(word32) casts in dilithium.c plus three cast hunks in asn.c) are inherited into the new wc_mldsa.c via the file rename. The asn.c cast hunks land separately on master and aren't part of this commit. File layout ----------- wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c wolfssl/wolfcrypt/dilithium.h -> wolfssl/wolfcrypt/wc_mldsa.h The legacy <wolfssl/wolfcrypt/dilithium.h> path is reborn as a thin compatibility shim that #include's wc_mldsa.h and provides macro aliases for every legacy linkage symbol. Build-gate rename ----------------- HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA WOLFSSL_DILITHIUM_* -> WOLFSSL_MLDSA_* (~25 sub-config gates) WC_DILITHIUM_CACHE_* -> WC_MLDSA_CACHE_* WC_DILITHIUM_FIXED_ARRAY -> WC_MLDSA_FIXED_ARRAY WC_DILITHIUMKEY_TYPE_DEFINED -> WC_MLDSAKEY_TYPE_DEFINED The configure summary echoes "ML-DSA: yes" rather than "DILITHIUM: yes". The --enable-dilithium configure switch is preserved as a convenience alias for --enable-mldsa. A new wolfssl/wolfcrypt/settings_legacy_mldsa.h is included from settings.h after user_settings.h. It is bi-directional: defining the legacy gate (e.g. -DHAVE_DILITHIUM) implies the canonical gate, and defining the canonical gate (e.g. via --enable-mldsa) implies the legacy gate. The whole shim can be globally suppressed by defining WOLFSSL_NO_DILITHIUM_LEGACY_GATES. Public API rename ----------------- Type: dilithium_key -> MlDsaKey Init / lifecycle (wolfSSL idiom: 1-arg simple form, 3-arg _ex form): wc_dilithium_init -> wc_MlDsaKey_Init wc_dilithium_init_ex -> wc_MlDsaKey_Init_ex wc_dilithium_init_id -> wc_MlDsaKey_InitId wc_dilithium_init_label -> wc_MlDsaKey_InitLabel wc_dilithium_new -> wc_MlDsaKey_New wc_dilithium_delete -> wc_MlDsaKey_Delete wc_dilithium_free -> wc_MlDsaKey_Free Parameters / sizing: wc_dilithium_set_level -> wc_MlDsaKey_SetParams wc_dilithium_get_level -> wc_MlDsaKey_GetParams wc_dilithium_size -> wc_MlDsaKey_Size wc_dilithium_priv_size -> wc_MlDsaKey_PrivSize wc_dilithium_pub_size -> wc_MlDsaKey_PubSize wc_dilithium_sig_size -> wc_MlDsaKey_SigSize wc_dilithium_check_key -> wc_MlDsaKey_CheckKey Key generation: wc_dilithium_make_key -> wc_MlDsaKey_MakeKey wc_dilithium_make_key_from_seed -> wc_MlDsaKey_MakeKeyFromSeed Raw export (no argument reorder): wc_dilithium_export_public -> wc_MlDsaKey_ExportPubRaw wc_dilithium_export_private[_only] -> wc_MlDsaKey_ExportPrivRaw wc_dilithium_export_key -> wc_MlDsaKey_ExportKey Raw import / sign / verify / DER decode (FIPS 204 / ML-KEM convention puts the key first; legacy form put it last): wc_dilithium_import_public(in, inLen, key) -> wc_MlDsaKey_ImportPubRaw(key, in, inLen) wc_dilithium_import_private[_only](priv, privSz, key) -> wc_MlDsaKey_ImportPrivRaw(key, priv, privSz) wc_dilithium_import_key(priv, privSz, pub, pubSz, key) -> wc_MlDsaKey_ImportKey(key, priv, privSz, pub, pubSz) wc_dilithium_sign_msg / sign_ctx_msg / sign_ctx_hash / *_with_seed -> wc_MlDsaKey_Sign / SignCtx / SignCtxHash / *WithSeed wc_dilithium_verify_msg / verify_ctx_msg / verify_ctx_hash / verify_mu -> wc_MlDsaKey_Verify / VerifyCtx / VerifyCtxHash / VerifyMu wc_Dilithium_PrivateKeyDecode(in, idx, key, sz) -> wc_MlDsaKey_PrivateKeyDecode(key, in, sz, idx) wc_Dilithium_PublicKeyDecode(in, idx, key, sz) -> wc_MlDsaKey_PublicKeyDecode(key, in, sz, idx) ASN.1 encode (no reorder): wc_Dilithium_PublicKeyToDer -> wc_MlDsaKey_PublicKeyToDer wc_Dilithium_PrivateKeyToDer -> wc_MlDsaKey_PrivateKeyToDer wc_Dilithium_KeyToDer -> wc_MlDsaKey_KeyToDer OpenSSL-compat enum: Adds WC_EVP_PKEY_MLDSA / EVP_PKEY_MLDSA. The legacy WC_EVP_PKEY_DILITHIUM / EVP_PKEY_DILITHIUM remain as enum aliases to the same value (no ABI change for the enum itself). Type forward declaration in wolfssl/wolfcrypt/asn_public.h: The 6-line forward declaration `typedef struct dilithium_key dilithium_key;` (guarded by WC_DILITHIUMKEY_TYPE_DEFINED) is flipped to `typedef struct MlDsaKey MlDsaKey;` (guarded by WC_MLDSAKEY_TYPE_DEFINED). Struct field type in wolfssl/wolfcrypt/asn.h: The two `struct dilithium_key` references inside SignatureCtx's ML-DSA union arm reference `struct MlDsaKey` directly. The field name (`dilithium`) is unchanged so legacy-spelled consumer code keeps working. Internal helper rename ---------------------- All ~80 lower-case static / file-scope helpers in wc_mldsa.{h,c} and wc_mldsa_asm.S are renamed dilithium_* -> mldsa_* for consistency with ML-KEM's mlkem_* convention. The two WOLFSSL_TEST_VIS encoders wc_dilithium_encode_w1_88/32 become wc_mldsa_encode_w1_88/32. The struct typedef wc_dilithium_params becomes wc_mldsa_params. The FIPS 204 spec-derived constants (DILITHIUM_Q, DILITHIUM_N, DILITHIUM_LEVEL{2,3,5}_*, DILITHIUM_ML_DSA_{44,65,87}_*) are kept under their existing names. Compatibility surface --------------------- Two independent shims, each suppressible via its own opt-out: - The wolfssl/wolfcrypt/dilithium.h compatibility shim provides macro aliases for every legacy linkage symbol. Direct one-to-one #defines for the no-reorder APIs and function-like macros that swap arguments back for the 16 arg-reorder APIs. Suppressed by defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES. - The wolfssl/wolfcrypt/settings_legacy_mldsa.h shim is bi-directional: defining either spelling of any of the 32 build gates implies the other. Suppressed by defining WOLFSSL_NO_DILITHIUM_LEGACY_GATES. A small block of internal-helper aliases at the bottom of dilithium.h covers WOLFSSL_LOCAL `dilithium_get_oid_sum` and the WOLFSSL_TEST_VIS `wc_dilithium_encode_w1_*` encoders that this branch's unmigrated in-tree consumers (src/ssl_load.c and tests/api/test_mldsa.c) still call. Tests / verification -------------------- A compile-time validation block at the bottom of wc_mldsa.c (under WOLFSSL_NO_DILITHIUM_LEGACY_NAMES suppression) exercises every legacy macro alias. The bodies sit inside `if (0)` so the compiler parses and type-checks the expansions without emitting any runtime call. A missing or misordered alias produces an immediate compile error. Wconversion preservation: master's PR wolfSSL#10399 added 220 `(sword32)` casts (and several `(byte)` / `(word32)` casts) inside dilithium.c. After the file rename, the new wc_mldsa.c has all 220 `(sword32)` casts intact (count verified equal between master's dilithium.c and our new wc_mldsa.c). Builds clean with --enable-mldsa and --enable-dilithium (legacy alias). make check passes; testwolfcrypt DILITHIUM test passes. https://claude.ai/code/session_01N9vLeZw4Gsfb11N4BU1Mbe

…-compat shims The post-quantum signature algorithm originally implemented as Dilithium was standardized by NIST as ML-DSA in FIPS 204. This commit renames the implementation file pair, the public API surface, and every internal helper to the canonical ML-DSA names, mirroring the earlier Kyber -> ML-KEM migration in wc_mlkem.{h,c}. This commit deliberately scopes the change to the rename + compatibility surface only. **No in-tree consumer call sites are converted.** Existing in-tree consumers (TLS layer, ASN.1 / EVP / cryptocb wrappers, tests, benchmark, examples, Rust wrapper) keep using the legacy spelling and compile through the dilithium.h compatibility shim, which provides both the legacy macro / inline name aliases and the bi-directional sub-config build-gate translation in a single header. New consumer code can include <wolfssl/wolfcrypt/wc_mldsa.h> directly and use the canonical names. See doc/dilithium-to-mldsa-migration.md for the full migration guide. Rebased onto current master (7d1516f). The rebase pulls in three upstream fixes: - PR wolfSSL#10399 (commit 2833a4b, ~220 (sword32)/(byte)/(word32) casts in dilithium.c plus three cast hunks in asn.c) -- inherited into the new wc_mldsa.c via the file rename. - PR wolfSSL#10400 (commit 4191d46, "Fix Dilithium signing when WC_DILITHIUM_CACHE_MATRIX_A is enabled") -- backported into wc_mldsa.c with canonical gate names; assigns to key->a (not local a), adds (size_t) cast on params->aSz, and zero-initializes after successful allocation in mldsa_sign_with_seed_mu. - PR wolfSSL#10420 (commit 55d7ed8, "ML-DSA fixes: small vfy key object, small SHA-3, fix test") -- the verify-only k[] gate was manually backported from master's struct dilithium_key into our renamed struct MlDsaKey in wc_mldsa.h (same #if !defined(WOLFSSL_MLDSA_VERIFY_ONLY) structure for both INTEL_SPEEDUP and non-INTEL paths). The test_mldsa.c WOLFSSL_NO_ML_DSA_44/65/87 test gates auto-merged cleanly. File layout ----------- wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c wolfssl/wolfcrypt/dilithium.h -> wolfssl/wolfcrypt/wc_mldsa.h The legacy <wolfssl/wolfcrypt/dilithium.h> path is reborn as a thin compatibility shim that #include's wc_mldsa.h and provides macro / inline aliases for every legacy linkage symbol. The shim also hosts the bi-directional sub-config build-gate translation block (the parent gate HAVE_DILITHIUM <-> WOLFSSL_HAVE_MLDSA is mapped earlier in settings.h, since some files read it before dilithium.h is included). Build-gate rename ----------------- HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA WOLFSSL_DILITHIUM_* -> WOLFSSL_MLDSA_* (~25 sub-config gates) WC_DILITHIUM_CACHE_* -> WC_MLDSA_CACHE_* WC_DILITHIUM_FIXED_ARRAY -> WC_MLDSA_FIXED_ARRAY WC_DILITHIUMKEY_TYPE_DEFINED -> WC_MLDSAKEY_TYPE_DEFINED Build-system options -------------------- CMake: WOLFSSL_MLDSA -- new canonical option. WOLFSSL_DILITHIUM -- preserved as a legacy alias; either being set enables -DWOLFSSL_HAVE_MLDSA. BUILD_DILITHIUM (cmake/automake conditional) -> BUILD_MLDSA. Autotools: --enable-mldsa -- canonical configure switch. --enable-dilithium -- preserved as a convenience alias. Internal shell variables ENABLED_DILITHIUM* renamed to ENABLED_MLDSA*. The configure summary echoes "ML-DSA: yes" rather than "DILITHIUM: yes". Public API rename ----------------- Type: dilithium_key -> MlDsaKey wc_dilithium_params -> MlDsaParams Init / lifecycle (3-arg Init matching wc_MlKemKey_Init): wc_dilithium_init -> wc_MlDsaKey_Init (was 1-arg, now 3-arg with heap + devId; legacy 1-arg form is supplied by the shim's static-inline wrapper that defaults heap=NULL, devId=INVALID_DEVID). wc_dilithium_init_ex -> wc_MlDsaKey_Init (3-arg) wc_dilithium_init_id -> wc_MlDsaKey_InitId wc_dilithium_init_label -> wc_MlDsaKey_InitLabel wc_dilithium_new -> wc_MlDsaKey_New wc_dilithium_delete -> wc_MlDsaKey_Delete wc_dilithium_free -> wc_MlDsaKey_Free Parameters / sizing: wc_dilithium_set_level -> wc_MlDsaKey_SetParams wc_dilithium_get_level -> wc_MlDsaKey_GetParams wc_dilithium_size -> wc_MlDsaKey_Size wc_dilithium_priv_size -> wc_MlDsaKey_PrivSize wc_dilithium_pub_size -> wc_MlDsaKey_PubSize wc_dilithium_sig_size -> wc_MlDsaKey_SigSize wc_dilithium_check_key -> wc_MlDsaKey_CheckKey Key generation: wc_dilithium_make_key -> wc_MlDsaKey_MakeKey wc_dilithium_make_key_from_seed -> wc_MlDsaKey_MakeKeyFromSeed Raw export (no argument reorder): wc_dilithium_export_public -> wc_MlDsaKey_ExportPubRaw wc_dilithium_export_private[_only] -> wc_MlDsaKey_ExportPrivRaw wc_dilithium_export_key -> wc_MlDsaKey_ExportKey Raw import / sign / verify / DER decode (FIPS 204 / ML-KEM convention puts the key first; legacy form put it last): wc_dilithium_import_public(in, inLen, key) -> wc_MlDsaKey_ImportPubRaw(key, in, inLen) wc_dilithium_import_private[_only](priv, privSz, key) -> wc_MlDsaKey_ImportPrivRaw(key, priv, privSz) wc_dilithium_import_key(priv, privSz, pub, pubSz, key) -> wc_MlDsaKey_ImportKey(key, priv, privSz, pub, pubSz) wc_dilithium_sign_msg / sign_ctx_msg / sign_ctx_hash / *_with_seed -> wc_MlDsaKey_Sign / SignCtx / SignCtxHash / *WithSeed wc_dilithium_verify_msg / verify_ctx_msg / verify_ctx_hash / verify_mu -> wc_MlDsaKey_Verify / VerifyCtx / VerifyCtxHash / VerifyMu wc_Dilithium_PrivateKeyDecode(in, idx, key, sz) -> wc_MlDsaKey_PrivateKeyDecode(key, in, sz, idx) wc_Dilithium_PublicKeyDecode(in, idx, key, sz) -> wc_MlDsaKey_PublicKeyDecode(key, in, sz, idx) ASN.1 encode (no reorder): wc_Dilithium_PublicKeyToDer -> wc_MlDsaKey_PublicKeyToDer wc_Dilithium_PrivateKeyToDer -> wc_MlDsaKey_PrivateKeyToDer wc_Dilithium_KeyToDer -> wc_MlDsaKey_KeyToDer Type forward declaration in wolfssl/wolfcrypt/asn_public.h: typedef struct MlDsaKey MlDsaKey added (guarded by WC_MLDSAKEY_TYPE_DEFINED). The legacy `typedef struct MlDsaKey dilithium_key` typedef alias is also exposed from this header (guarded by !WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) so application code that included only asn_public.h on master keeps compiling. OpenSSL-compat enum (wolfssl/openssl/evp.h): Unchanged in this PR -- WC_EVP_PKEY_DILITHIUM = 301 / EVP_PKEY_DILITHIUM are kept as-is. Aligning the enum value with OpenSSL 3.5+'s actual NID_ML_DSA_44/65/87 (1457/1458/1459) is planned for a follow-up PR. Struct field in wolfssl/wolfcrypt/asn.h: Unchanged in this PR -- SignatureCtx::dilithium remains a `struct dilithium_key*`, and the surrounding gates remain on HAVE_DILITHIUM. The legacy struct tag resolves to the canonical type via the shim macro `#define dilithium_key MlDsaKey`. Internal helper rename ---------------------- All ~80 lower-case static / file-scope helpers in wc_mldsa.{h,c} and wc_mldsa_asm.S are renamed dilithium_* -> mldsa_* for consistency with ML-KEM's mlkem_* convention. The two WOLFSSL_TEST_VIS encoders wc_dilithium_encode_w1_88/32 become wc_mldsa_encode_w1_88/32. The struct typedef wc_dilithium_params becomes MlDsaParams. The FIPS 204 spec-derived constants (DILITHIUM_Q, DILITHIUM_N, DILITHIUM_LEVEL{2,3,5}_*, DILITHIUM_ML_DSA_{44,65,87}_*) are kept under their existing names; renaming those public macro constants is out of scope for this PR. Compatibility surface --------------------- A single shim header at wolfssl/wolfcrypt/dilithium.h. It provides two independent compatibility services, each suppressible via its own opt-out: - Macro / static-inline aliases for the legacy linkage names. Direct one-to-one #defines for the no-reorder APIs and static-inline function wrappers for the 16 arg-reorder APIs (so the legacy names remain addressable, not just preprocessor expansions). Suppressed by defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES. - Bi-directional translation of all 31 sub-config build gates (legacy WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* <-> canonical WOLFSSL_MLDSA_* / WC_MLDSA_*). The block runs before the shim's #include of wc_mldsa.h so the canonical implementation reads its conditional declarations correctly regardless of which spelling user_settings.h or the build system used. Suppressed by defining WOLFSSL_NO_DILITHIUM_LEGACY_GATES. The parent gate HAVE_DILITHIUM <-> WOLFSSL_HAVE_MLDSA is mapped in settings.h (forward arm unconditional, reverse arm honors the opt-out) because some files (notably memory.h via types.h) need the parent gate visible before they have a chance to include dilithium.h. A small block of internal-helper aliases inside dilithium.h covers WOLFSSL_LOCAL `dilithium_get_oid_sum` and the WOLFSSL_TEST_VIS `wc_dilithium_encode_w1_*` encoders that this branch's unmigrated in-tree consumers (src/ssl_load.c, tests/api/test_mldsa.c) still call. Two wolfSSL-internal infrastructure files have their sub-gate references migrated to canonical names because neither pulls in the dilithium.h shim: - wolfssl/wolfcrypt/memory.h reads 4 sub-gates for LARGEST_MEM_BUCKET sizing. Reachable from <types.h> very early, before any TU has a chance to include dilithium.h. - wolfssl/certs_test.h is auto-generated from gencertbuf.pl and has zero #include directives. Reachable from external TUs that include only <wolfssl/ssl.h>, which does not transitively pull in dilithium.h. For both files, configure now emits canonical -DWOLFSSL_MLDSA_* defines, so canonical sub-gate references are correct without relying on the bidirectional shim. gencertbuf.pl was updated accordingly so future regenerations stay on canonical. Tests / verification -------------------- A compile-time validation block at the bottom of wc_mldsa.c (under !WOLFSSL_NO_DILITHIUM_LEGACY_NAMES suppression) exercises every legacy macro / inline alias. A parallel block exercises every canonical declaration in wc_mldsa.h. The bodies sit inside `if (0)` so the compiler parses and type-checks the expansions without emitting any runtime call. A missing or misordered alias produces an immediate compile error. Wconversion preservation: master's PR wolfSSL#10399 added 220 `(sword32)` casts (and several `(byte)` / `(word32)` casts) inside dilithium.c. After the file rename, the new wc_mldsa.c has all 220 `(sword32)` casts intact (count verified equal between master's dilithium.c and our new wc_mldsa.c). Builds clean with --enable-mldsa, --enable-dilithium (legacy alias), and --enable-mldsa with -DWOLFSSL_MLDSA_VERIFY_ONLY. make check passes; testwolfcrypt DILITHIUM test passes. https://claude.ai/code/session_01N9vLeZw4Gsfb11N4BU1Mbe

Frauschi self-assigned this May 5, 2026

Frauschi force-pushed the mldsa_Wconversion branch from 624af9c to 591f28a Compare May 5, 2026 15:26

Frauschi assigned wolfSSL-Bot and unassigned Frauschi May 5, 2026

Frauschi force-pushed the mldsa_Wconversion branch from 591f28a to 78a27c4 Compare May 5, 2026 19:22

douzzer requested changes May 5, 2026

View reviewed changes

dgarske assigned Frauschi May 5, 2026

Frauschi force-pushed the mldsa_Wconversion branch 3 times, most recently from 0a1a51d to 40b26c2 Compare May 6, 2026 07:57

Frauschi requested a review from douzzer May 6, 2026 09:01

Frauschi removed their assignment May 6, 2026

ML-DSA Wconversion fixes

2833a4b

Frauschi force-pushed the mldsa_Wconversion branch from 40b26c2 to 2833a4b Compare May 6, 2026 13:33

douzzer approved these changes May 6, 2026

View reviewed changes

douzzer merged commit 01f500b into wolfSSL:master May 6, 2026
383 of 385 checks passed

Frauschi mentioned this pull request May 6, 2026

Rename Dilithium implementation file/symbols to ML-DSA, add temporary backward-compat shims Frauschi/wolfssl#17

Closed

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ML-DSA Wconversion fixes#10399

ML-DSA Wconversion fixes#10399
douzzer merged 1 commit intowolfSSL:masterfrom
Frauschi:mldsa_Wconversion

Frauschi commented May 5, 2026

Uh oh!

github-actions Bot commented May 5, 2026 •

edited

Loading

Uh oh!

douzzer left a comment

Uh oh!

Frauschi commented May 6, 2026 •

edited

Loading

Uh oh!

douzzer left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Frauschi commented May 5, 2026

Uh oh!

github-actions Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

MemBrowse Memory Report

Uh oh!

douzzer left a comment

Choose a reason for hiding this comment

Uh oh!

Frauschi commented May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

douzzer left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

github-actions Bot commented May 5, 2026 •

edited

Loading

Frauschi commented May 6, 2026 •

edited

Loading