wolfSSL · dgarske · May 19, 2026 · May 18, 2026
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1231,7 +1231,7 @@ list(
     lib/wolfssl/wolfcrypt/src/tfm.c
     lib/wolfssl/wolfcrypt/src/wc_port.c
     lib/wolfssl/wolfcrypt/src/wolfmath.c
-    lib/wolfssl/wolfcrypt/src/dilithium.c
+    lib/wolfssl/wolfcrypt/src/wc_mldsa.c
     lib/wolfssl/wolfcrypt/src/wc_lms.c
     lib/wolfssl/wolfcrypt/src/wc_lms_impl.c
     lib/wolfssl/wolfcrypt/src/wc_xmss.c

diff --git a/include/user_settings.h b/include/user_settings.h
@@ -230,7 +230,19 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096) || \
     (defined(WOLFCRYPT_SECURE_MODE) && (!defined(PKCS11_SMALL)))
 
-#   define WC_RSA_BLINDING
+    /* RSA blinding protects RSA private-key operations against timing
+     * side-channels and requires the wolfCrypt RNG. wolfssl's settings.h
+     * rejects the combination WC_RSA_BLINDING + WC_NO_RNG, so only enable
+     * blinding in configurations where RNG is available. wolfBoot itself
+     * never invokes a wolfCrypt RSA private-key op (any signing happens
+     * inside the TPM/HSM), so blinding has nothing to protect at runtime
+     * here; this define mainly silences wolfssl's harden-mode warning in
+     * builds where wolfCrypt does have an RNG and could in principle sign. */
+#   if defined(WOLFCRYPT_SECURE_MODE) || defined(WOLFBOOT_TPM_PARMENC) || \
+       defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK) || \
+       defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#       define WC_RSA_BLINDING
+#   endif
 #   define WC_RSA_DIRECT
 #   define RSA_LOW_MEM
 #   define WC_ASN_HASH_SHA256

diff --git a/lib/wolfssl b/lib/wolfssl
diff --git a/options.mk b/options.mk
@@ -187,7 +187,7 @@ XMSS_EXTRA=\
     -D"WOLFSSL_XMSS_VERIFY_ONLY" -D"WOLFSSL_XMSS_MAX_HEIGHT=32"
 
 ML_DSA_OBJS=\
-    $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/dilithium.o
+    $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_mldsa.o
 
 ML_DSA_EXTRA=\
     -D"ML_DSA_IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \

diff --git a/src/xmalloc.c b/src/xmalloc.c
@@ -53,7 +53,7 @@ struct xmalloc_slot {
 #   define HASH_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
 #elif defined WOLFBOOT_HASH_SHA384
 #   include <wolfssl/wolfcrypt/sha512.h>
-#   define HASH_BLOCK_SIZE (WC_SHA384_BLOCK_SIZE / sizeof(uint32_t))
+#   define HASH_BLOCK_SIZE WC_SHA384_BLOCK_SIZE
 #elif defined WOLFBOOT_HASH_SHA3_384
 #   include <wolfssl/wolfcrypt/sha3.h>
 #   define HASH_BLOCK_SIZE WC_SHA3_384_BLOCK_SIZE
@@ -301,9 +301,7 @@ static uint32_t sha_block[HASH_BLOCK_SIZE];
 static uint32_t sha512_block[sizeof(word64) * 16];
 
 static struct xmalloc_slot xmalloc_pool[] = {
-#if defined(WOLFBOOT_HASH_SHA256) || defined(WOLFBOOT_HASH_SHA384)
-    { (uint8_t *)sha_block, HASH_BLOCK_SIZE * sizeof(uint32_t), 0 },
-#endif
+    { (uint8_t *)sha_block, sizeof(sha_block), 0 },
     { (uint8_t *)sha512_block, sizeof(word64) * 16, 0 },
     { NULL, 0, 0}
 };

diff --git a/test-app/CMakeLists.txt b/test-app/CMakeLists.txt
@@ -225,6 +225,7 @@ if(BUILD_TEST_APPS)
             ../lib/wolfssl/wolfcrypt/src/aes.c
             ../lib/wolfssl/wolfcrypt/src/hmac.c
             ../lib/wolfssl/wolfcrypt/src/pwdbased.c
+            ../lib/wolfssl/wolfcrypt/src/pkcs12.c
             ../lib/wolfssl/wolfcrypt/src/hash.c
             ../lib/wolfssl/wolfcrypt/src/sha256.c
             ../lib/wolfssl/wolfcrypt/src/sha512.c

diff --git a/test-app/Makefile b/test-app/Makefile
@@ -223,7 +223,7 @@ ifeq ($(WOLFCRYPT_SUPPORT),1)
       ifeq ($(PPC64),1) # requires wolfssl PR 9852
         # AES
         APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/ppc64/ppc64-aes-asm_c.o
-        CFLAGS+=-DWOLFSSL_PPC64_ASM 
+        CFLAGS+=-DWOLFSSL_PPC64_ASM
         CFLAGS+=-DWOLFSSL_PPC64_ASM_INLINE
         CFLAGS+=-DWOLFSSL_PPC64_ASM_SMALL
         CFLAGS+=-DWOLFSSL_PPC64_ASM_AES_NO_HARDEN
@@ -282,6 +282,7 @@ ifeq ($(TZEN),1)
             APP_OBJS+=./wcs/aes.o
             APP_OBJS+=./wcs/hmac.o
             APP_OBJS+=./wcs/pwdbased.o
+            APP_OBJS+=./wcs/pkcs12.o
             APP_OBJS+=./wcs/hash.o
             APP_OBJS+=./wcs/sha256.o
             APP_OBJS+=./wcs/sha512.o
@@ -299,6 +300,17 @@ ifeq ($(TZEN),1)
             APP_OBJS+=./wcs/coding.o
             APP_OBJS+=./wcs/wc_encrypt.o
             APP_OBJS+=./wcs/wc_port.o
+            ifeq ($(SIGN),LMS)
+                APP_OBJS+=./wcs/wc_lms.o
+                APP_OBJS+=./wcs/wc_lms_impl.o
+            endif
+            ifeq ($(SIGN),XMSS)
+                APP_OBJS+=./wcs/wc_xmss.o
+                APP_OBJS+=./wcs/wc_xmss_impl.o
+            endif
+            ifeq ($(SIGN),ML_DSA)
+                APP_OBJS+=./wcs/wc_mldsa.o
+            endif
 
             ifeq ($(SPMATH),1)
               CFLAGS+=-DWOLFSSL_HAVE_SP_RSA -DWOLFSSL_HAVE_SP_ECC

diff --git a/tools/keytools/Makefile b/tools/keytools/Makefile
@@ -108,7 +108,7 @@ OBJS_REAL+=\
 OBJS_REAL+=\
 	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_xmss.o \
 	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_xmss_impl.o
-OBJS_REAL+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/dilithium.o
+OBJS_REAL+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_mldsa.o
 
 OBJS_VIRT=$(addprefix $(OBJDIR), $(notdir $(OBJS_REAL)))
 DEPS=$(OBJS_VIRT:.o=.d) sign.d keygen.d

diff --git a/tools/keytools/wolfBootKeygenTool.vcxproj b/tools/keytools/wolfBootKeygenTool.vcxproj
@@ -157,7 +157,7 @@
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\asn.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\chacha.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\coding.c" />
-    <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ed25519.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ed448.c" />

diff --git a/tools/keytools/wolfBootSignTool.vcxproj b/tools/keytools/wolfBootSignTool.vcxproj
@@ -158,7 +158,7 @@
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\asn.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\chacha.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\coding.c" />
-    <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ed25519.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\ed448.c" />

diff --git a/tools/test.mk b/tools/test.mk
@@ -1187,7 +1187,7 @@ test-all: clean
 test-size-all:
 	make test-size SIGN=NONE LIMIT=5066 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ED25519 LIMIT=11828 NO_ARM_ASM=1
+	make test-size SIGN=ED25519 LIMIT=11852 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=ECC256  LIMIT=18944 NO_ARM_ASM=1
 	make clean
@@ -1211,25 +1211,25 @@ test-size-all:
 	make clean
 	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=12600 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSAPSS2048 LIMIT=13676 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS2048 LIMIT=13680 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSAPSS2048 NO_ASM=1 LIMIT=14236 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS2048 NO_ASM=1 LIMIT=14240 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSAPSS3072 LIMIT=13844 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS3072 LIMIT=13848 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSAPSS3072 NO_ASM=1 LIMIT=14368 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS3072 NO_ASM=1 LIMIT=14372 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSAPSS4096 LIMIT=14016 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS4096 LIMIT=14020 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSAPSS4096 NO_ASM=1 LIMIT=14556 NO_ARM_ASM=1
+	make test-size SIGN=RSAPSS4096 NO_ASM=1 LIMIT=14560 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \
 		WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \
-		IMAGE_HEADER_SIZE?=5288 LIMIT=7840 NO_ARM_ASM=1
+		IMAGE_HEADER_SIZE?=5288 LIMIT=8084 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \
 		IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \
-		LIMIT=8700 NO_ARM_ASM=1
+		LIMIT=8944 NO_ARM_ASM=1
 	make keysclean
 	make clean
 	make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=19800 \

diff --git a/tools/unit-tests/unit-sign-encrypted-output.mkfrag b/tools/unit-tests/unit-sign-encrypted-output.mkfrag
@@ -26,5 +26,5 @@ KEYTOOLS_SIGN_SRCS=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.c \
 	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_lms_impl.c \
 	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_xmss.c \
 	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_xmss_impl.c \
-	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/dilithium.c \
+	$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_mldsa.c \
 	../../src/delta.c