@@ -625,20 +625,23 @@ add_option(WOLFSSL_OQS
625625 "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
626626 "no" "yes;no" )
627627
628+ # Falcon (provided via liboqs)
629+ add_option (WOLFSSL_FALCON
630+ "Enable Falcon post-quantum signatures via liboqs (default: disabled)"
631+ "no" "yes;no" )
632+
628633# ML-KEM/Kyber
629634add_option (WOLFSSL_MLKEM
630635 "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
631636 "yes" "yes;no" )
632637
633638if (WOLFSSL_MLKEM)
634639 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM" )
635- list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_MLKEM" )
636640 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3" )
637641 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128" )
638642 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256" )
639643
640644 set_wolfssl_definitions ("WOLFSSL_HAVE_MLKEM" RESULT )
641- set_wolfssl_definitions ("WOLFSSL_WC_MLKEM" RESULT )
642645 set_wolfssl_definitions ("WOLFSSL_SHA3" RESULT )
643646 set_wolfssl_definitions ("WOLFSSL_SHAKE128" RESULT )
644647 set_wolfssl_definitions ("WOLFSSL_SHAKE256" RESULT )
@@ -677,13 +680,11 @@ add_option(WOLFSSL_DILITHIUM
677680
678681if (WOLFSSL_DILITHIUM)
679682 list (APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM" )
680- list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_DILITHIUM" )
681683 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3" )
682684 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128" )
683685 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256" )
684686
685687 set_wolfssl_definitions ("HAVE_DILITHIUM" RESULT )
686- set_wolfssl_definitions ("WOLFSSL_WC_DILITHIUM" RESULT )
687688 set_wolfssl_definitions ("WOLFSSL_SHA3" RESULT )
688689 set_wolfssl_definitions ("WOLFSSL_SHAKE128" RESULT )
689690 set_wolfssl_definitions ("WOLFSSL_SHAKE256" RESULT )
@@ -733,6 +734,15 @@ if (WOLFSSL_EXPERIMENTAL)
733734
734735 set_wolfssl_definitions ("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT )
735736
737+ # Cross-validate WOLFSSL_OQS and WOLFSSL_FALCON: liboqs is only linked
738+ # when a liboqs-backed algorithm (Falcon) is actually enabled.
739+ if (WOLFSSL_FALCON AND NOT WOLFSSL_OQS)
740+ message (FATAL_ERROR "WOLFSSL_FALCON requires WOLFSSL_OQS." )
741+ endif ()
742+ if (WOLFSSL_OQS AND NOT WOLFSSL_FALCON)
743+ message (FATAL_ERROR "WOLFSSL_OQS requires WOLFSSL_FALCON." )
744+ endif ()
745+
736746 # Checking for experimental feature: OQS
737747 message (STATUS "Looking for WOLFSSL_OQS" )
738748 if (WOLFSSL_OQS)
@@ -749,6 +759,7 @@ if (WOLFSSL_EXPERIMENTAL)
749759 set_wolfssl_definitions ("HAVE_LIBOQS" RESULT )
750760 set_wolfssl_definitions ("HAVE_TLS_EXTENSIONS" RESULT )
751761 set_wolfssl_definitions ("OPENSSL_EXTRA" RESULT )
762+ set_wolfssl_definitions ("HAVE_FALCON" RESULT )
752763
753764 else ()
754765 message (STATUS "Checking OQS - not found" )
@@ -777,19 +788,15 @@ if (WOLFSSL_EXPERIMENTAL)
777788 message (STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled." )
778789 endif ()
779790
780- # Sanity checks
781- if (WOLFSSL_OQS AND WOLFSSL_MLKEM)
782- message (FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time." )
783- endif ()
784- if (WOLFSSL_OQS AND WOLFSSL_DILITHIUM)
785- message (FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_DILITHIUM at the same time." )
786- endif ()
787791else ()
788792 # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
789793 message (STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found" )
790794 if (WOLFSSL_OQS)
791795 message (FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time." )
792796 endif ()
797+ if (WOLFSSL_FALCON)
798+ message (FATAL_ERROR "Error: WOLFSSL_FALCON requires WOLFSSL_EXPERIMENTAL at this time." )
799+ endif ()
793800endif ()
794801
795802# LMS
0 commit comments