1 files changed, 66 insertions, 28 deletions

diff --git a/cmake/dependencies/crypt/openssl.cmake b/cmake/dependencies/crypt/openssl.cmake
index ed07cc9d..38eb826f 100644
--- a/cmake/dependencies/crypt/openssl.cmake
+++ b/cmake/dependencies/crypt/openssl.cmake
@@ -1,35 +1,73 @@
 find_package(OpenSSL QUIET)
-if(OPENSSL_FOUND)
-  set(HAVE_OPENSSL_RNG TRUE)
-  if(OPENSSL_VERSION VERSION_LESS "3.0.0")
-    message(STATUS "Install version >= 3.0.0 to enable OpenSSL support "
-                   "(found version \"${OPENSSL_VERSION}\")")
-  else()
-    set(DISABLE_OPENSSL FALSE CACHE BOOL "Disable OpenSSL support")
-    if(NOT DISABLE_OPENSSL)
-      message(STATUS "OpenSSL support enabled, found version ${OPENSSL_VERSION}")
-      set(HAVE_OPENSSL TRUE CACHE INTERNAL "OpenSSL cryptography support available")
-      set(DISABLE_PQC FALSE CACHE BOOL "Disable post-quantum cryptography support")
-      if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.4.0")
-        if(NOT DISABLE_PQC)
-          set(HAVE_OPENSSL_PQC TRUE CACHE INTERNAL "OpenSSL post-quantum cryptography available")
-          message(STATUS "OpenSSL PQC support enabled")
-        else()
-          message(STATUS "OpenSSL PQC support disabled by user")
-          unset(HAVE_OPENSSL_PQC CACHE)
-        endif()
-      else()
-        message(STATUS "Install OpenSSL >= 3.4.0 for PQC support")
-      endif()
-    else()
-      message(STATUS "OpenSSL support disabled")
-      unset(HAVE_OPENSSL CACHE)
-    endif()
-  endif()
-else()
+if(NOT OPENSSL_FOUND)
   message(STATUS "Install OpenSSL version >= 3.0.0 to enable OpenSSL support")
   unset(HAVE_OPENSSL_RNG)
   unset(HAVE_OPENSSL CACHE)
+  return()
+endif()
+
+set(HAVE_OPENSSL_RNG TRUE)
+
+if(OPENSSL_VERSION VERSION_LESS "3.0.0")
+  message(STATUS "Install version >= 3.0.0 to enable OpenSSL support "
+                 "(found version \"${OPENSSL_VERSION}\")")
+  return()
+endif()
+
+set(DISABLE_OPENSSL FALSE CACHE BOOL "Disable OpenSSL support")
+if(DISABLE_OPENSSL)
+  message(STATUS "OpenSSL support disabled")
+  unset(HAVE_OPENSSL CACHE)
+  return()
+endif()
+
+message(STATUS "OpenSSL support enabled, found version ${OPENSSL_VERSION}")
+set(HAVE_OPENSSL TRUE CACHE INTERNAL
+  "OpenSSL cryptography support available")
+
+if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.4.0")
+  set(DISABLE_ML_KEM FALSE CACHE BOOL
+    "Disable ML-KEM support")
+  set(DISABLE_ML_DSA FALSE CACHE BOOL
+    "Disable ML-DSA support")
+  if(NOT DISABLE_ML_KEM)
+    set(HAVE_OPENSSL_ML_KEM TRUE CACHE INTERNAL
+      "OpenSSL ML-KEM available")
+    message(STATUS "OpenSSL ML-KEM support enabled")
+  else()
+    message(STATUS "OpenSSL ML-KEM support disabled")
+    unset(HAVE_OPENSSL_ML_KEM CACHE)
+  endif()
+  if(NOT DISABLE_ML_DSA)
+    set(HAVE_OPENSSL_ML_DSA TRUE CACHE INTERNAL
+      "OpenSSL ML-DSA available")
+    message(STATUS "OpenSSL ML-DSA support enabled")
+  else()
+    message(STATUS "OpenSSL ML-DSA support disabled")
+    unset(HAVE_OPENSSL_ML_DSA CACHE)
+  endif()
+else()
+  message(STATUS
+    "Install OpenSSL >= 3.4.0 for ML-KEM/ML-DSA")
+  unset(HAVE_OPENSSL_ML_KEM CACHE)
+  unset(HAVE_OPENSSL_ML_DSA CACHE)
+endif()
+
+if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.5.0")
+  set(DISABLE_SLH_DSA FALSE CACHE BOOL
+    "Disable SLH-DSA support")
+  if(NOT DISABLE_SLH_DSA)
+    set(HAVE_OPENSSL_SLH_DSA TRUE CACHE INTERNAL
+      "OpenSSL SLH-DSA available")
+    message(STATUS "OpenSSL SLH-DSA support enabled")
+  else()
+    message(STATUS "OpenSSL SLH-DSA support disabled")
+    unset(HAVE_OPENSSL_SLH_DSA CACHE)
+  endif()
+else()
+  message(STATUS
+    "Install OpenSSL >= 3.5.0 for SLH-DSA")
+  unset(HAVE_OPENSSL_SLH_DSA CACHE)
 endif()
 
 # Secure memory options are in cmake/config/global.cmake