Rust wrapper: rename dilithium to mldsa#10780
Open
holtrop-wolfssl wants to merge 1 commit into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the Rust wolfcrypt wrapper to track the upstream C API rename from Dilithium (dilithium.h / wc_dilithium_*) to ML-DSA (wc_mldsa.h / wc_MlDsaKey_*), so Rust cfg() detection and FFI symbol matching work correctly when ML-DSA is enabled.
Changes:
- Rename the Rust API surface from
dilithium::Dilithiumtomldsa::MlDsaand switch FFI calls towc_MlDsaKey_*. - Update bindgen input headers and
build.rscfg scanning to usewc_mldsa.handwc_MlDsaKey_*symbols. - Update Rust tests and autotools distribution lists to match the new ML-DSA naming.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| wrapper/rust/wolfssl-wolfcrypt/tests/test_mldsa.rs | Updates test imports and cfg gates from dilithium to mldsa / MlDsa. |
| wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs | Renames wrapper type/API and switches FFI calls/constants to the canonical ML-DSA C API. |
| wrapper/rust/wolfssl-wolfcrypt/src/lib.rs | Removes dilithium module export and adds mldsa module export. |
| wrapper/rust/wolfssl-wolfcrypt/headers.h | Switches bindgen header include from dilithium.h to wc_mldsa.h. |
| wrapper/rust/wolfssl-wolfcrypt/build.rs | Updates cfg scanning keys from wc_dilithium_* to wc_MlDsaKey_*. |
| wrapper/rust/include.am | Updates autotools EXTRA_DIST entries from dilithium to mldsa files/tests. |
Comments suppressed due to low confidence (6)
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:443
size()unconditionally callssys::wc_MlDsaKey_Size, but in wolfSSL this API is only declared whenWOLFSSL_MLDSA_PRIVATE_KEYis enabled (seewolfssl/wolfcrypt/wc_mldsa.h:784-787). In public-key/verify-only builds the binding will not containwc_MlDsaKey_Size, so this method will fail to compile even though themldsamodule is enabled. Gate this method on a cfg that implies private-key support (e.g.mldsa_sign, which is absent underWOLFSSL_MLDSA_VERIFY_ONLY).
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:473priv_size()unconditionally callssys::wc_MlDsaKey_PrivSize, but this API is only declared when bothWOLFSSL_MLDSA_PRIVATE_KEYandWOLFSSL_MLDSA_PUBLIC_KEYare enabled (seewolfssl/wolfcrypt/wc_mldsa.h:788-792). In verify-only/public-key-only builds the binding will not containwc_MlDsaKey_PrivSize, causing a compile error. Gate this method on a cfg that implies private-key support (e.g.mldsa_sign).
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:639import_private()is currently gated only bymldsa_import(set fromwc_MlDsaKey_ImportPubRaw), butwc_MlDsaKey_ImportPrivRawis only available whenWOLFSSL_MLDSA_PRIVATE_KEYis enabled (seewolfssl/wolfcrypt/wc_mldsa.h:811-817). In public-key/verify-only buildsmldsa_importmay be enabled whileImportPrivRawis not present, leading to a compile error. Tighten the cfg gate to require a private-key-capable cfg (e.g.mldsa_sign).
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:681import_key()is currently gated only bymldsa_import(derived from public-key import), butwc_MlDsaKey_ImportKeyis only declared underWOLFSSL_MLDSA_PRIVATE_KEY(seewolfssl/wolfcrypt/wc_mldsa.h:811-817). This can break builds that only enable public-key operations. Gate it on a private-key-capable cfg as well (e.g.mldsa_sign).
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:764export_private()is currently gated only bymldsa_export(set fromwc_MlDsaKey_ExportPubRaw), butwc_MlDsaKey_ExportPrivRawis only declared whenWOLFSSL_MLDSA_PRIVATE_KEYis enabled (seewolfssl/wolfcrypt/wc_mldsa.h:823-826). In verify-only/public-key-only builds this can cause a compile error. Tighten the cfg gate to require a private-key-capable cfg (e.g.mldsa_sign).
wrapper/rust/wolfssl-wolfcrypt/src/mldsa.rs:808export_key()is currently gated only bymldsa_export(public-key export), butwc_MlDsaKey_ExportKeyis only declared underWOLFSSL_MLDSA_PRIVATE_KEY(seewolfssl/wolfcrypt/wc_mldsa.h:823-831). This can break builds that only have public-key/verify support. Gate it on a private-key-capable cfg as well (e.g.mldsa_sign).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
Author
|
retest this please (build timed out) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Rust wrapper: rename dilithium to mldsa
This follows the rename of the C API dilithium.h to wc_mldsa.h. Even though backward-compatible macros were created in the C API, the Rust wrapper FFI does not see those, so it wasn't picking up that ML-DSA support was enabled.
Testing
How did you test?
Checklist