From 6cd1d7f3c9b1e735746d1fee344d17ce0299af9e Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Fri, 4 Apr 2025 17:54:09 -0400
Subject: [PATCH 1/3] Fix building ML-KEM and LMS with cmake

---
 CMakeLists.txt        | 66 ++++++++++++++++++++++++++++++-------------
 cmake/functions.cmake | 10 +++----
 2 files changed, 51 insertions(+), 25 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 51d9ea427..eed129fe1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -573,10 +573,15 @@ add_option(WOLFSSL_OQS
     "no" "yes;no")
 
 # ML-KEM/Kyber
-add_option(WOLFSSL_MMLKEM
+add_option(WOLFSSL_MLKEM
     "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
     "no" "yes;no")
 
+# LMS
+add_option(WOLFSSL_LMS
+    "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)"
+    "no" "yes;no")
+
 # Experimental features
 add_option(WOLFSSL_EXPERIMENTAL
     "Enable experimental features (default: disabled)"
@@ -590,7 +595,7 @@ if (WOLFSSL_EXPERIMENTAL)
     # check if any experimental features are also enabled:
     set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
 
-    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
+    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT)
 
     # Checking for experimental feature: OQS
     message(STATUS "Looking for WOLFSSL_OQS")
@@ -605,9 +610,9 @@ if (WOLFSSL_EXPERIMENTAL)
             list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
             list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
 
-            set_wolfssl_definitions("HAVE_LIBOQS"          RESUlT)
-            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESUlT)
-            set_wolfssl_definitions("OPENSSL_EXTRA"        RESUlT)
+            set_wolfssl_definitions("HAVE_LIBOQS"          RESULT)
+            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESULT)
+            set_wolfssl_definitions("OPENSSL_EXTRA"        RESULT)
 
         else()
             message(STATUS "Checking OQS - not found")
@@ -617,20 +622,41 @@ if (WOLFSSL_EXPERIMENTAL)
         message(STATUS "Looking for WOLFSSL_OQS - not found")
     endif()
 
-    # Checking for experimental feature: Kyber
-    message(STATUS "Looking for WOLFSSL_KYBER")
-    if (WOLFSSL_KYBER)
+    # Checking for experimental feature: WOLFSSL_MLKEM
+    message(STATUS "Looking for WOLFSSL_MLKEM")
+    if (WOLFSSL_MLKEM)
         set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
 
-        message(STATUS "Automatically set related requirements for Kyber:")
-        set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESUlT)
-        set_wolfssl_definitions("WOLFSSL_WC_MLKEM"   RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
-        message(STATUS "Looking for WOLFSSL_KYBER - found")
+        message(STATUS "Automatically set related requirements for ML-KEM:")
+        add_definitions("-DWOLFSSL_HAVE_MLKEM")
+        add_definitions("-DWOLFSSL_WC_MLKEM")
+        add_definitions("-DWOLFSSL_SHA3")
+        add_definitions("-DWOLFSSL_SHAKE128")
+        add_definitions("-DWOLFSSL_SHAKE256")
+
+        set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT)
+        set_wolfssl_definitions("WOLFSSL_WC_MLKEM"   RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHA3"       RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESULT)
+        message(STATUS "Looking for WOLFSSL_MLKEM - found")
     else()
-        message(STATUS "Looking for WOLFSSL_KYBER - not found")
+        message(STATUS "Looking for WOLFSSL_MLKEM - not found")
+    endif()
+
+    # Checking for experimental feature: WOLFSSL_LMS
+    message(STATUS "Looking for WOLFSSL_LMS")
+    if (WOLFSSL_LMS)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 2)
+
+        message(STATUS "Automatically set related requirements for LMS")
+        add_definitions("-DWOLFSSL_HAVE_LMS")
+        add_definitions("-DWOLFSSL_WC_LMS")
+        set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
+        set_wolfssl_definitions("WOLFSSL_WC_LMS"   RESULT)
+        message(STATUS "Looking for WOLFSSL_LMS - found")
+    else()
+        message(STATUS "Looking for WOLFSSL_LMS - not found")
     endif()
 
     # Other experimental feature detection can be added here...
@@ -643,8 +669,8 @@ if (WOLFSSL_EXPERIMENTAL)
     endif()
 
     # Sanity checks
-    if(WOLFSSL_OQS AND WOLFSSL_KYBER)
-        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
+    if(WOLFSSL_OQS AND WOLFSSL_MLKEM)
+        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.")
     endif()
 
 else()
@@ -653,8 +679,8 @@ else()
     if (WOLFSSL_OQS)
         message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
-    if(WOLFSSL_KYBER)
-        message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
+    if(WOLFSSL_MLKEM)
+        message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
 endif()
 
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index f43ebf09b..222bc1e05 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -198,14 +198,14 @@ function(generate_build_flags)
     if(WOLFSSL_XCHACHA OR WOLFSSL_USER_SETTINGS)
         set(BUILD_XCHACHA "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_KYBER OR WOLFSSL_USER_SETTINGS)
-        set(BUILD_WC_KYBER "yes" PARENT_SCOPE)
+    if(WOLFSSL_MLKEM OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_MLKEM "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
         set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
-        set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
+        set(BUILD_EXT_MLKEM "yes" PARENT_SCOPE)
         set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
@@ -811,7 +811,7 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
          endif()
 
-         if(BUILD_WC_KYBER)
+         if(BUILD_WC_MLKEM)
               list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem.c)
               list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_poly.c)
 
@@ -820,7 +820,7 @@ function(generate_lib_src_list LIB_SOURCES)
               endif()
          endif()
 
-         if(BUILD_EXT_KYBER)
+         if(BUILD_EXT_MLKEM)
               list(APPEND LIB_SOURCES wolfcrypt/src/ext_mlkem.c)
          endif()
 

From a3c3996c085b42f3da082afee25ebb82251d3f5a Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Fri, 4 Apr 2025 21:23:06 -0400
Subject: [PATCH 2/3] 256/192

---
 CMakeLists.txt     | 15 +++++++++++++++
 cmake/options.h.in |  4 ++++
 2 files changed, 19 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index eed129fe1..5ce0fd432 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -582,6 +582,10 @@ add_option(WOLFSSL_LMS
     "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)"
     "no" "yes;no")
 
+add_option(WOLFSSL_LMSSHA256192
+    "Enable the LMS SHA_256_192 truncated variant (default: disabled)"
+    "no" "yes;no")
+
 # Experimental features
 add_option(WOLFSSL_EXPERIMENTAL
     "Enable experimental features (default: disabled)"
@@ -655,6 +659,17 @@ if (WOLFSSL_EXPERIMENTAL)
         set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
         set_wolfssl_definitions("WOLFSSL_WC_LMS"   RESULT)
         message(STATUS "Looking for WOLFSSL_LMS - found")
+        # Checking for experimental feature: WOLFSSL_LMSSHA256192
+        if (WOLFSSL_LMSSHA256192)
+            message(STATUS "Automatically set related requirements for LMS SHA256-192")
+            add_definitions("-DWOLFSSL_LMS_SHA256_192")
+            add_definitions("-DWOLFSSL_NO_LMS_SHA256_256")
+            set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192"    RESULT)
+            set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT)
+            message(STATUS "Looking for WOLFSSL_LMSSHA256192 - found")
+        else()
+            message(STATUS "Looking for WOLFSSL_LMSSHA256192 - not found")
+        endif()
     else()
         message(STATUS "Looking for WOLFSSL_LMS - not found")
     endif()
diff --git a/cmake/options.h.in b/cmake/options.h.in
index fb7570a83..d55a79531 100644
--- a/cmake/options.h.in
+++ b/cmake/options.h.in
@@ -386,6 +386,10 @@ extern "C" {
 #cmakedefine WOLFSSL_HAVE_LMS
 #undef WOLFSSL_WC_LMS
 #cmakedefine WOLFSSL_WC_LMS
+#undef  WOLFSSL_LMS_SHA256_192
+#cmakedefine WOLFSSL_LMS_SHA256_192
+#undef  WOLFSSL_NO_LMS_SHA256_256
+#cmakedefine WOLFSSL_NO_LMS_SHA256_256
 #undef WOLFSSL_HAVE_XMSS
 #cmakedefine WOLFSSL_HAVE_XMSS
 #undef WOLFSSL_WC_XMSS

From f9874789376a8fd1a0810f1dd184bf0efcff99ad Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Mon, 14 Apr 2025 20:53:24 -0400
Subject: [PATCH 3/3] github test

---
 .github/workflows/cmake.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
index c97ab6cb3..09f1d4f06 100644
--- a/.github/workflows/cmake.yml
+++ b/.github/workflows/cmake.yml
@@ -77,6 +77,7 @@ jobs:
             -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
             -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
             -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \
             -DWOLFSSL_X963KDF:BOOL=yes \
             -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
             ..