wolfProvider Post-Quantum Cryptography: ML-KEM and ML-DSA

wolfProvider now brings post-quantum key encapsulation and signatures to any OpenSSL 3.x application through the wolfCrypt backend, with no application code changes. The difference from OpenSSL’s own post-quantum support is validation. The ML-KEM (FIPS 203) and ML-DSA (FIPS 204) implementations that actually run are wolfCrypt’s, which hold NIST CAVP validation under certificate #5041. An application that already calls OpenSSL loads the provider and gets CAVP-validated post-quantum algorithms in place of OpenSSL’s unvalidated default-provider implementations. ML-KEM and ML-DSA are added in PR #399

Family Standard Parameter Sets Use
ML-KEM FIPS 203 ML-KEM-512 / 768 / 1024 Key encapsulation
ML-DSA FIPS 204 ML-DSA-44 / 65 / 87 Digital signatures
Hybrid ML-KEM FIPS 203 + ECDHE X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024 TLS 1.3 key exchange

The post-quantum path is opt-in. The build wrapper sets the required wolfSSL options and compiles the matching provider code:

./scripts/build-wolfprovider.sh --enable-pqc
  • Explicitly enabled. The post-quantum paths turn on only when PQC is requested, either through the –enable-pqc build flag or the matching wolfSSL PQC macros. wolfProvider then reads the wolfSSL configuration, gated on __has_include of the wolfSSL headers, and registers the algorithms only when present. Builds without PQC skip the paths cleanly with no source change.
  • Cross-validated three ways. Internal unit tests, wolfProvider against the OpenSSL 3.6 default provider, and wolfProvider against the raw wolfCrypt wc_* API, for 24 interop cross-pairs in total, all passing, including raw key import/export round-trips.
  • CI guards compatibility. wolfssl-versions-pqc.yml runs three wolfSSL rows (pre-PQC, latest stable, master) with the three-way interop validator on the PQC-enabled rows.
  • Full KAT parity. The provider runs the OpenSSL PQC test suite with wolfCrypt as the backend and matches the known-answer test vectors for every ML-KEM and ML-DSA parameter set, so wolfCrypt produces the same results as the reference implementation.
  • nginx PQC interop. The algorithms are exercised end to end through the Open Quantum Safe oqs-demos nginx test suite, confirming a live TLS server negotiates and serves over ML-KEM, the hybrid groups, and ML-DSA certificate authentication through wolfProvider.

Because OpenSSL is the cryptographic backend for a huge range of deployed software, adding ML-KEM and ML-DSA at the provider layer lets that software adopt FIPS-track post-quantum algorithms without rewriting against a new API, on top of a FIPS-validated wolfCrypt module. wolfProvider is dual-licensed (GPLv3 or commercial) and the source is in the public wolfSSL/wolfProvider repository. To see the full implementation, test suite, and review history, see PR #399.

 
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now