@@ -625,20 +625,23 @@ add_option(WOLFSSL_OQS
625625 "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
626626 "no" "yes;no" )
627627
628+ # Falcon (provided via liboqs)
629+ add_option (WOLFSSL_FALCON
630+ "Enable Falcon post-quantum signatures via liboqs (default: disabled)"
631+ "no" "yes;no" )
632+
628633# ML-KEM/Kyber
629634add_option (WOLFSSL_MLKEM
630635 "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
631636 "yes" "yes;no" )
632637
633638if (WOLFSSL_MLKEM)
634639 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM" )
635- list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_MLKEM" )
636640 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3" )
637641 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128" )
638642 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256" )
639643
640644 set_wolfssl_definitions ("WOLFSSL_HAVE_MLKEM" RESULT )
641- set_wolfssl_definitions ("WOLFSSL_WC_MLKEM" RESULT )
642645 set_wolfssl_definitions ("WOLFSSL_SHA3" RESULT )
643646 set_wolfssl_definitions ("WOLFSSL_SHAKE128" RESULT )
644647 set_wolfssl_definitions ("WOLFSSL_SHAKE256" RESULT )
@@ -677,13 +680,11 @@ add_option(WOLFSSL_DILITHIUM
677680
678681if (WOLFSSL_DILITHIUM)
679682 list (APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM" )
680- list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_DILITHIUM" )
681683 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3" )
682684 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128" )
683685 list (APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256" )
684686
685687 set_wolfssl_definitions ("HAVE_DILITHIUM" RESULT )
686- set_wolfssl_definitions ("WOLFSSL_WC_DILITHIUM" RESULT )
687688 set_wolfssl_definitions ("WOLFSSL_SHA3" RESULT )
688689 set_wolfssl_definitions ("WOLFSSL_SHAKE128" RESULT )
689690 set_wolfssl_definitions ("WOLFSSL_SHAKE256" RESULT )
@@ -731,6 +732,15 @@ if (WOLFSSL_EXPERIMENTAL)
731732
732733 set_wolfssl_definitions ("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT )
733734
735+ # Cross-validate WOLFSSL_OQS and WOLFSSL_FALCON: liboqs is only linked
736+ # when a liboqs-backed algorithm (Falcon) is actually enabled.
737+ if (WOLFSSL_FALCON AND NOT WOLFSSL_OQS)
738+ message (FATAL_ERROR "WOLFSSL_FALCON requires WOLFSSL_OQS." )
739+ endif ()
740+ if (WOLFSSL_OQS AND NOT WOLFSSL_FALCON)
741+ message (FATAL_ERROR "WOLFSSL_OQS requires WOLFSSL_FALCON." )
742+ endif ()
743+
734744 # Checking for experimental feature: OQS
735745 message (STATUS "Looking for WOLFSSL_OQS" )
736746 if (WOLFSSL_OQS)
@@ -747,6 +757,7 @@ if (WOLFSSL_EXPERIMENTAL)
747757 set_wolfssl_definitions ("HAVE_LIBOQS" RESULT )
748758 set_wolfssl_definitions ("HAVE_TLS_EXTENSIONS" RESULT )
749759 set_wolfssl_definitions ("OPENSSL_EXTRA" RESULT )
760+ set_wolfssl_definitions ("HAVE_FALCON" RESULT )
750761
751762 else ()
752763 message (STATUS "Checking OQS - not found" )
@@ -775,19 +786,15 @@ if (WOLFSSL_EXPERIMENTAL)
775786 message (STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled." )
776787 endif ()
777788
778- # Sanity checks
779- if (WOLFSSL_OQS AND WOLFSSL_MLKEM)
780- message (FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time." )
781- endif ()
782- if (WOLFSSL_OQS AND WOLFSSL_DILITHIUM)
783- message (FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_DILITHIUM at the same time." )
784- endif ()
785789else ()
786790 # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
787791 message (STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found" )
788792 if (WOLFSSL_OQS)
789793 message (FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time." )
790794 endif ()
795+ if (WOLFSSL_FALCON)
796+ message (FATAL_ERROR "Error: WOLFSSL_FALCON requires WOLFSSL_EXPERIMENTAL at this time." )
797+ endif ()
791798endif ()
792799
793800# LMS
0 commit comments