diff --git a/3rd_party_deps.yml b/3rd_party_deps.yml index 6ceb190..c73ac9c 100644 --- a/3rd_party_deps.yml +++ b/3rd_party_deps.yml @@ -23,4 +23,4 @@ --enable-tls13 --enable-experimental --enable-sha3 - --enable-kyber=all,original + --enable-kyber=all,original,ml-kem diff --git a/ios/autotools-ios-helper.sh b/ios/autotools-ios-helper.sh index 9922c13..0b87497 100755 --- a/ios/autotools-ios-helper.sh +++ b/ios/autotools-ios-helper.sh @@ -66,7 +66,7 @@ build() { --enable-aes-bitsliced \ --enable-experimental \ --enable-sha3 \ - --enable-kyber=all,original + --enable-kyber=all,original,ml-kem make clean mkdir -p "${EXEC_PREFIX}" make V=1 -j"${MAKE_JOBS}" --debug=j diff --git a/src/he/ssl_ctx.c b/src/he/ssl_ctx.c index 8297da9..1591c2c 100644 --- a/src/he/ssl_ctx.c +++ b/src/he/ssl_ctx.c @@ -289,10 +289,11 @@ he_return_code_t he_ssl_ctx_start_server(he_ssl_ctx_t *ctx) { } #ifndef HE_NO_PQC - int SERVER_CURVE_PQC_GROUPS[4] = {WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1, - WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519}; + int SERVER_CURVE_PQC_GROUPS[5] = {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_P521_KYBER_LEVEL5, + WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1, + WOLFSSL_ECC_X25519}; - res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 4); + res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 5); #else int SERVER_CURVE_BASE_GROUPS[2] = {WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519}; diff --git a/test/he/test_ssl_ctx.c b/test/he/test_ssl_ctx.c index b4edc86..58a024f 100644 --- a/test/he/test_ssl_ctx.c +++ b/test/he/test_ssl_ctx.c @@ -449,7 +449,7 @@ void test_he_server_connect_succeeds(void) { SSL_SUCCESS); #ifndef HE_NO_PQC - wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS); + wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS); #else wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS); #endif @@ -486,7 +486,7 @@ void test_he_server_connect_succeeds_streaming(void) { my_ctx, "TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256", SSL_SUCCESS); #ifndef HE_NO_PQC - wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS); + wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS); #else wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS); #endif diff --git a/windows/wolfssl-user_settings-32.h b/windows/wolfssl-user_settings-32.h index 6e6a68e..12343e4 100644 --- a/windows/wolfssl-user_settings-32.h +++ b/windows/wolfssl-user_settings-32.h @@ -209,7 +209,7 @@ #define WOLFSSL_KYBER_ORIGINAL #undef WOLFSSL_NO_ML_KEM -#define WOLFSSL_NO_ML_KEM +// #define WOLFSSL_NO_ML_KEM // Needed for using WolfSSL's Kyber implementation #undef WOLFSSL_SHA3 diff --git a/windows/wolfssl-user_settings-64.h b/windows/wolfssl-user_settings-64.h index 9c79d83..51a362a 100644 --- a/windows/wolfssl-user_settings-64.h +++ b/windows/wolfssl-user_settings-64.h @@ -209,7 +209,7 @@ #define WOLFSSL_KYBER_ORIGINAL #undef WOLFSSL_NO_ML_KEM -#define WOLFSSL_NO_ML_KEM +// #define WOLFSSL_NO_ML_KEM // Needed for using WolfSSL's Kyber implementation #undef WOLFSSL_SHA3 diff --git a/windows/wolfssl-user_settings-arm-64.h b/windows/wolfssl-user_settings-arm-64.h index 2dc2e5c..0d9508a 100644 --- a/windows/wolfssl-user_settings-arm-64.h +++ b/windows/wolfssl-user_settings-arm-64.h @@ -209,7 +209,7 @@ #define WOLFSSL_KYBER_ORIGINAL #undef WOLFSSL_NO_ML_KEM -#define WOLFSSL_NO_ML_KEM +// #define WOLFSSL_NO_ML_KEM // Needed for using WolfSSL's Kyber implementation #undef WOLFSSL_SHA3