From cc17b31623f23dbea0887badad0b223295af994c Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 5 Dec 2024 14:07:15 -0800
Subject: [PATCH] ML-DSA default is level 2. The keytools must be able to
 support all ML-DSA levels at run-time using `ML_DSA_LEVEL` environment
 variable. wolfBoot needs to be built with the correct level specified in the
 .config.

---
 tools/keytools/Makefile        | 3 ---
 tools/keytools/user_settings.h | 7 +++++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tools/keytools/Makefile b/tools/keytools/Makefile
index 0db21eccd..4a25b3869 100644
--- a/tools/keytools/Makefile
+++ b/tools/keytools/Makefile
@@ -17,9 +17,6 @@ LDFLAGS =
 OBJDIR = ./
 LIBS =
 
-ML_DSA_LEVEL?=5
-CFLAGS+=-DML_DSA_LEVEL=$(ML_DSA_LEVEL)
-
 LMS_LEVELS?=1
 LMS_HEIGHT?=10
 LMS_WINTERNITZ?=8
diff --git a/tools/keytools/user_settings.h b/tools/keytools/user_settings.h
index 2e1e2d533..10e478236 100644
--- a/tools/keytools/user_settings.h
+++ b/tools/keytools/user_settings.h
@@ -86,10 +86,13 @@
 #if 0
     #define WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #endif
+
+/* Default the keygen/sign tool to use ML-DSA level 2 */
 #ifndef ML_DSA_LEVEL
-    #define ML_DSA_LEVEL 5
+    #define ML_DSA_LEVEL 2
 #endif
-/* dilithium needs these sha functions. */
+
+/* Dilithium needs SHAKE128 */
 #define WOLFSSL_SHAKE128
 
 /* LMS */