Rename Dilithium to canonical ML-DSA (FIPS 204) names

.wolfssl_known_macro_extras

@@ -652,7 +652,6 @@ WC_ASYNC_NO_SHA512
 WC_ASYNC_NO_X25519
 WC_ASYNC_THREAD_BIND
 WC_CACHE_RESISTANT_BASE64_TABLE
-WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
@@ -737,12 +736,6 @@ WOLFSSL_CLANG_TIDY
 WOLFSSL_CLIENT_EXAMPLE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
-WOLFSSL_DILITHIUM_ASSIGN_KEY
-WOLFSSL_DILITHIUM_NO_CHECK_KEY
-WOLFSSL_DILITHIUM_NO_MAKE
-WOLFSSL_DILITHIUM_REVERSE_HASH_OID
-WOLFSSL_DILITHIUM_SIGN_CHECK_W0
-WOLFSSL_DILITHIUM_SIGN_CHECK_Y
 WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
 WOLFSSL_DRBG_SHA256
 WOLFSSL_DTLS_DISALLOW_FUTURE
@@ -831,6 +824,8 @@ WOLFSSL_NO_DECODE_EXTRA
 WOLFSSL_NO_DEL_HANDLE
 WOLFSSL_NO_DER_TO_PEM
 WOLFSSL_NO_DH186
+WOLFSSL_NO_DILITHIUM_LEGACY_GATES
+WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
 WOLFSSL_NO_DTLS_SIZE_CHECK
 WOLFSSL_NO_ETM_ALERT
 WOLFSSL_NO_FENCE

CMakeLists.txt

@@ -673,21 +673,31 @@ if (WOLFSSL_PQC_HYBRIDS)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PQC_HYBRIDS")
 endif()
 
-# Dilithium
+# ML-DSA (FIPS 204)
+add_option(WOLFSSL_MLDSA
+    "Enable the wolfSSL PQ ML-DSA (FIPS 204) implementation (default: disabled)"
+    "no" "yes;no")
+# Legacy alias: WOLFSSL_DILITHIUM. Kept for backward compatibility.
 add_option(WOLFSSL_DILITHIUM
-    "Enable the wolfSSL PQ Dilithium (ML-DSA) implementation (default: disabled)"
+    "Legacy alias for WOLFSSL_MLDSA (default: disabled)"
     "no" "yes;no")
 
 if (WOLFSSL_DILITHIUM)
-    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM")
+    message(DEPRECATION
+        "WOLFSSL_DILITHIUM is the legacy alias for WOLFSSL_MLDSA and will be "
+        "removed in a future release. Set -DWOLFSSL_MLDSA=yes instead.")
+endif()
+
+if (WOLFSSL_MLDSA OR WOLFSSL_DILITHIUM)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLDSA")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256")
 
-    set_wolfssl_definitions("HAVE_DILITHIUM"       RESULT)
-    set_wolfssl_definitions("WOLFSSL_SHA3"         RESULT)
-    set_wolfssl_definitions("WOLFSSL_SHAKE128"     RESULT)
-    set_wolfssl_definitions("WOLFSSL_SHAKE256"     RESULT)
+    set_wolfssl_definitions("WOLFSSL_HAVE_MLDSA" RESULT)
+    set_wolfssl_definitions("WOLFSSL_SHA3"       RESULT)
+    set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESULT)
+    set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESULT)
 endif()
 
 # LMS

ChangeLog.md

@@ -23,6 +23,19 @@
   NULL/length/`MISSING_KEY` checks as the `*Hash*` family.
   `wc_SlhDsaKey_VerifyMsg` is unchanged. All three gain doxygen coverage.
 
+* Renamed the post-quantum signature implementation from its
+  pre-standardization name *Dilithium* to its NIST-standardized name
+  **ML-DSA** (FIPS 204), mirroring the earlier Kyber → ML-KEM rename
+  in `wc_mlkem.{h,c}`. The legacy `<wolfssl/wolfcrypt/dilithium.h>`
+  header, `dilithium_key` type, `wc_dilithium_*` / `wc_Dilithium_*`
+  functions, and `HAVE_DILITHIUM` / `WOLFSSL_DILITHIUM_*` /
+  `WC_DILITHIUM_*` build gates remain available through a temporary
+  compatibility shim, so application code keeps compiling unchanged.
+  See [doc/dilithium-to-mldsa-migration.md](doc/dilithium-to-mldsa-migration.md)
+  for the full list of renamed symbols, the new `WOLFSSL_MLDSA` cmake
+  option / `--enable-mldsa` configure switch, and the migration steps
+  for moving consumer code to the canonical API.
+
 * TLS 1.3: zero traffic key staging buffers in `SetKeysSide()` once a
   CryptoCB callback has imported the AES key into a Secure Element
   (`aes->devCtx != NULL`).  Clears `keys->{client,server}_write_key`

IDE/INTIME-RTOS/libwolfssl.vcxproj

@@ -42,7 +42,7 @@
 	<ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
 	<ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
-	<ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />

IDE/INTIME-RTOS/wolfssl-lib.vcxproj

@@ -79,7 +79,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
     <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
     <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\eccsi.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\evp.c">

IDE/WIN10/wolfssl-fips.vcxproj

@@ -318,7 +318,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
     <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mldsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_lms.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_lms_impl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_xmss.c" />

IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj

@@ -122,6 +122,7 @@
 		700F0CF22A2FC11300755BA7 /* curve448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD32A2FC0D500755BA7 /* curve448.h */; };
 		700F0CF32A2FC11300755BA7 /* curve25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CC82A2FC0D500755BA7 /* curve25519.h */; };
 		700F0CF42A2FC11300755BA7 /* dilithium.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE52A2FC0D500755BA7 /* dilithium.h */; };
+		700F0CE52A2FC0D500755BC0 /* wc_mldsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */; };
 		700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDB2A2FC0D500755BA7 /* eccsi.h */; };
 		700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD22A2FC0D500755BA7 /* ed448.h */; };
 		700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE12A2FC0D500755BA7 /* ed25519.h */; };
@@ -280,6 +281,7 @@
 				700F0CF22A2FC11300755BA7 /* curve448.h in CopyFiles */,
 				700F0CF32A2FC11300755BA7 /* curve25519.h in CopyFiles */,
 				700F0CF42A2FC11300755BA7 /* dilithium.h in CopyFiles */,
+				700F0CE52A2FC0D500755BC0 /* wc_mldsa.h in CopyFiles */,
 				700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */,
 				700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */,
 				700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */,
@@ -583,6 +585,7 @@
 		700F0CE22A2FC0D500755BA7 /* ge_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_448.h; path = ../../wolfssl/wolfcrypt/ge_448.h; sourceTree = "<group>"; };
 		700F0CE42A2FC0D500755BA7 /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs12.h; path = ../../wolfssl/wolfcrypt/pkcs12.h; sourceTree = "<group>"; };
 		700F0CE52A2FC0D500755BA7 /* dilithium.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dilithium.h; path = ../../wolfssl/wolfcrypt/dilithium.h; sourceTree = "<group>"; };
+		700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mldsa.h; path = ../../wolfssl/wolfcrypt/wc_mldsa.h; sourceTree = "<group>"; };
 		700F0CE62A2FC0D500755BA7 /* sakke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sakke.h; path = ../../wolfssl/wolfcrypt/sakke.h; sourceTree = "<group>"; };
 		700F0CE72A2FC0D500755BA7 /* signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = signature.h; path = ../../wolfssl/wolfcrypt/signature.h; sourceTree = "<group>"; };
 		700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_pkcs11.h; path = ../../wolfssl/wolfcrypt/wc_pkcs11.h; sourceTree = "<group>"; };
@@ -634,6 +637,7 @@
 				700F0CD32A2FC0D500755BA7 /* curve448.h */,
 				700F0CC82A2FC0D500755BA7 /* curve25519.h */,
 				700F0CE52A2FC0D500755BA7 /* dilithium.h */,
+				700F0CE52A2FC0D500755BC1 /* wc_mldsa.h */,
 				700F0CDB2A2FC0D500755BA7 /* eccsi.h */,
 				700F0CD22A2FC0D500755BA7 /* ed448.h */,
 				700F0CE12A2FC0D500755BA7 /* ed25519.h */,

IDE/XCODE/wolfssl.xcodeproj/project.pbxproj

@@ -253,6 +253,7 @@
 		700F0C0A2A2FBC5100755BA7 /* curve448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE32A2FBC1500755BA7 /* curve448.h */; };
 		700F0C0B2A2FBC5100755BA7 /* curve25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE52A2FBC1500755BA7 /* curve25519.h */; };
 		700F0C0C2A2FBC5100755BA7 /* dilithium.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEF2A2FBC1500755BA7 /* dilithium.h */; };
+		700F0BEF2A2FBC1500755BC0 /* wc_mldsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */; };
 		700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF72A2FBC1600755BA7 /* eccsi.h */; };
 		700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF82A2FBC1600755BA7 /* ed448.h */; };
 		700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF42A2FBC1600755BA7 /* ed25519.h */; };
@@ -617,6 +618,7 @@
 				700F0C0A2A2FBC5100755BA7 /* curve448.h in CopyFiles */,
 				700F0C0B2A2FBC5100755BA7 /* curve25519.h in CopyFiles */,
 				700F0C0C2A2FBC5100755BA7 /* dilithium.h in CopyFiles */,
+				700F0BEF2A2FBC1500755BC0 /* wc_mldsa.h in CopyFiles */,
 				700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */,
 				700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */,
 				700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */,
@@ -983,6 +985,7 @@
 		700F0BED2A2FBC1500755BA7 /* chacha20_poly1305.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = chacha20_poly1305.h; path = ../../wolfssl/wolfcrypt/chacha20_poly1305.h; sourceTree = "<group>"; };
 		700F0BEE2A2FBC1500755BA7 /* cryptocb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cryptocb.h; path = ../../wolfssl/wolfcrypt/cryptocb.h; sourceTree = "<group>"; };
 		700F0BEF2A2FBC1500755BA7 /* dilithium.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dilithium.h; path = ../../wolfssl/wolfcrypt/dilithium.h; sourceTree = "<group>"; };
+		700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mldsa.h; path = ../../wolfssl/wolfcrypt/wc_mldsa.h; sourceTree = "<group>"; };
 		700F0BF02A2FBC1500755BA7 /* sakke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sakke.h; path = ../../wolfssl/wolfcrypt/sakke.h; sourceTree = "<group>"; };
 		700F0BF12A2FBC1600755BA7 /* cpuid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cpuid.h; path = ../../wolfssl/wolfcrypt/cpuid.h; sourceTree = "<group>"; };
 		700F0BF22A2FBC1600755BA7 /* selftest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = selftest.h; path = ../../wolfssl/wolfcrypt/selftest.h; sourceTree = "<group>"; };
@@ -1144,6 +1147,7 @@
 				700F0BE32A2FBC1500755BA7 /* curve448.h */,
 				700F0BE52A2FBC1500755BA7 /* curve25519.h */,
 				700F0BEF2A2FBC1500755BA7 /* dilithium.h */,
+				700F0BEF2A2FBC1500755BC1 /* wc_mldsa.h */,
 				700F0BF72A2FBC1600755BA7 /* eccsi.h */,
 				700F0BF82A2FBC1600755BA7 /* ed448.h */,
 				700F0BF42A2FBC1600755BA7 /* ed25519.h */,

cmake/functions.cmake

@@ -210,8 +210,8 @@ function(generate_build_flags)
     if(WOLFSSL_MLKEM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_WC_MLKEM "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_DILITHIUM OR WOLFSSL_USER_SETTINGS)
-        set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
+    if(WOLFSSL_MLDSA OR WOLFSSL_DILITHIUM OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_MLDSA "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_FALCON OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
@@ -1029,8 +1029,8 @@ function(generate_lib_src_list LIB_SOURCES)
             list(APPEND LIB_SOURCES wolfcrypt/src/falcon.c)
         endif()
 
-        if(BUILD_DILITHIUM)
-            list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
+        if(BUILD_MLDSA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa.c)
 
             if(BUILD_INTELASM)
                 list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa_asm.S)

cmake/options.h.in

@@ -96,8 +96,8 @@ extern "C" {
 #cmakedefine HAVE_CURVE448
 #undef HAVE_DH_DEFAULT_PARAMS
 #cmakedefine HAVE_DH_DEFAULT_PARAMS
-#undef HAVE_DILITHIUM
-#cmakedefine HAVE_DILITHIUM
+#undef WOLFSSL_HAVE_MLDSA
+#cmakedefine WOLFSSL_HAVE_MLDSA
 #undef HAVE_ECC
 #cmakedefine HAVE_ECC
 #undef HAVE_ECH

configure.ac

@@ -1810,54 +1810,54 @@ AC_ARG_ENABLE([extra-pqc-hybrids],
 #  - SHA3, Shake128 and Shake256
 AC_ARG_ENABLE([mldsa],
     [AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])],
-    [ ENABLED_DILITHIUM=$enableval ],
-    [ ENABLED_DILITHIUM=no ]
+    [ ENABLED_MLDSA=$enableval ],
+    [ ENABLED_MLDSA=no ]
     )
 # note, inherits default from "mldsa" clause above.
 AC_ARG_ENABLE([dilithium],
     [AS_HELP_STRING([--enable-dilithium],[Alias for --enable-mldsa])],
-    [ ENABLED_DILITHIUM=$enableval ]
+    [ ENABLED_MLDSA=$enableval ]
     )
 
-ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM
-ENABLED_DILITHIUM_MAKE_KEY=no
-ENABLED_DILITHIUM_SIGN=no
-ENABLED_DILITHIUM_VERIFY=no
-for v in `echo $ENABLED_DILITHIUM_OPTS | tr "," " "`
+ENABLED_MLDSA_OPTS=$ENABLED_MLDSA
+ENABLED_MLDSA_MAKE_KEY=no
+ENABLED_MLDSA_SIGN=no
+ENABLED_MLDSA_VERIFY=no
+for v in `echo $ENABLED_MLDSA_OPTS | tr "," " "`
 do
   case $v in
   yes)
     ENABLED_MLDSA44=yes
     ENABLED_MLDSA65=yes
     ENABLED_MLDSA87=yes
-    ENABLED_DILITHIUM_MAKE_KEY=yes
-    ENABLED_DILITHIUM_SIGN=yes
-    ENABLED_DILITHIUM_VERIFY=yes
+    ENABLED_MLDSA_MAKE_KEY=yes
+    ENABLED_MLDSA_SIGN=yes
+    ENABLED_MLDSA_VERIFY=yes
     ;;
   no)
     ;;
   all)
-    ENABLED_DILITHIUM_MAKE_KEY=yes
-    ENABLED_DILITHIUM_SIGN=yes
-    ENABLED_DILITHIUM_VERIFY=yes
+    ENABLED_MLDSA_MAKE_KEY=yes
+    ENABLED_MLDSA_SIGN=yes
+    ENABLED_MLDSA_VERIFY=yes
     ;;
   make)
-    ENABLED_DILITHIUM_MAKE_KEY=yes
+    ENABLED_MLDSA_MAKE_KEY=yes
     ;;
   sign)
-    ENABLED_DILITHIUM_SIGN=yes
+    ENABLED_MLDSA_SIGN=yes
     ;;
   verify)
-    ENABLED_DILITHIUM_VERIFY=yes
+    ENABLED_MLDSA_VERIFY=yes
     ;;
   verify-only)
-    ENABLED_DILITHIUM_MAKE_KEY=no
-    ENABLED_DILITHIUM_SIGN=no
-    ENABLED_DILITHIUM_VERIFY=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_VERIFY_ONLY"
+    ENABLED_MLDSA_MAKE_KEY=no
+    ENABLED_MLDSA_SIGN=no
+    ENABLED_MLDSA_VERIFY=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_VERIFY_ONLY"
     ;;
   small)
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_SMALL"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_SMALL"
     ;;
   44)
     ENABLED_MLDSA44=yes
@@ -1869,13 +1869,13 @@ do
     ENABLED_MLDSA87=yes
     ;;
   draft|fips204-draft)
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_FIPS204_DRAFT"
     ;;
   no-ctx)
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_CTX"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_CTX"
     ;;
   *)
-    AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_DILITHIUM.])
+    AC_MSG_ERROR([Invalid choice for ML-DSA [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_MLDSA.])
     break;;
   esac
 done
@@ -6400,15 +6400,15 @@ AS_CASE([$FIPS_VERSION],
              ENABLED_MLKEM_ENCAPSULATE="yes"
              ENABLED_MLKEM_DECAPSULATE="yes"])
 
-        AS_IF([test "$ENABLED_DILITHIUM" != "yes" &&
+        AS_IF([test "$ENABLED_MLDSA" != "yes" &&
                (test "$FIPS_VERSION" != "dev" || test "$enable_dilithium" != "no")],
-            [ENABLED_DILITHIUM="yes"
+            [ENABLED_MLDSA="yes"
              ENABLED_MLDSA44="yes"
              ENABLED_MLDSA65="yes"
              ENABLED_MLDSA87="yes"
-             ENABLED_DILITHIUM_MAKE_KEY="yes"
-             ENABLED_DILITHIUM_SIGN="yes"
-             ENABLED_DILITHIUM_VERIFY="yes"])
+             ENABLED_MLDSA_MAKE_KEY="yes"
+             ENABLED_MLDSA_SIGN="yes"
+             ENABLED_MLDSA_VERIFY="yes"])
 
         AS_IF([test "$ENABLED_XMSS" != "yes" &&
                (test "$FIPS_VERSION" != "dev" || test "$enable_xmss" != "no")],
@@ -7330,7 +7330,7 @@ then
     ENABLED_SHAKE128=yes
     ENABLED_SHAKE256=yes
 fi
-if test "$ENABLED_DILITHIUM" != "no"
+if test "$ENABLED_MLDSA" != "no"
 then
     ENABLED_SHA3=yes
     ENABLED_SHAKE128=yes
@@ -7496,11 +7496,11 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
 fi
 
-# Dilithium CFLAG processing (after FIPS section for sandwich pattern)
-if test "$ENABLED_DILITHIUM" != "no"
+# ML-DSA CFLAG processing (after FIPS section for sandwich pattern)
+if test "$ENABLED_MLDSA" != "no"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
-    AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_DILITHIUM"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA"
+    AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_MLDSA"
 
     if test "$ENABLED_MLDSA44" = ""; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44"
@@ -7511,14 +7511,14 @@ then
     if test "$ENABLED_MLDSA87" = ""; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87"
     fi
-    if test "$ENABLED_DILITHIUM_MAKE_KEY" = "no"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_MAKE_KEY"
+    if test "$ENABLED_MLDSA_MAKE_KEY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_MAKE_KEY"
     fi
-    if test "$ENABLED_DILITHIUM_SIGN" = "no"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_SIGN"
+    if test "$ENABLED_MLDSA_SIGN" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_SIGN"
     fi
-    if test "$ENABLED_DILITHIUM_VERIFY" = "no"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_VERIFY"
+    if test "$ENABLED_MLDSA_VERIFY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_VERIFY"
     fi
 
     test "$enable_sha3" = "" && enable_sha3=yes
@@ -12172,7 +12172,7 @@ AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_
 AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_MLDSA],[test "x$ENABLED_MLDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -12725,7 +12725,7 @@ echo "   * LMS:                        $ENABLED_LMS"
 echo "   * XMSS:                       $ENABLED_XMSS"
 echo "   * SLH-DSA                     $ENABLED_SLHDSA"
 echo "   * MLKEM:                      $ENABLED_MLKEM"
-echo "   * DILITHIUM:                  $ENABLED_DILITHIUM"
+echo "   * ML-DSA:                     $ENABLED_MLDSA"
 echo "   * ECCSI                       $ENABLED_ECCSI"
 echo "   * SAKKE                       $ENABLED_SAKKE"
 echo "   * ASN:                        $ENABLED_ASN"