CVPN-1420 Switch to use ML-KEM from WolfSSL

expressvpn · Dec 10, 2024 · 8454bb0 · 8454bb0
1 parent 53bbe8a
commit 8454bb0
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/he/conn.c b/src/he/conn.c
@@ -279,7 +279,7 @@ static he_return_code_t he_conn_internal_connect(he_conn_t *conn, he_ssl_ctx_t *
 #ifndef HE_NO_PQC
   // Use PQC Keyshare
   if(!conn->is_server && conn->use_pqc) {
-    res = wolfSSL_UseKeyShare(conn->wolf_ssl, WOLFSSL_P521_KYBER_LEVEL5);
+    res = wolfSSL_UseKeyShare(conn->wolf_ssl, WOLFSSL_P521_ML_KEM_1024);
     if(res != SSL_SUCCESS) {
       return HE_ERR_INIT_FAILED;
     }

diff --git a/test/he/test_conn_connect.c b/test/he/test_conn_connect.c
@@ -210,7 +210,7 @@ void test_he_client_connect_pqc_keyshare_udp(void) {
 
   // Wolf set up
   setup_dtls_expectations();
-  wolfSSL_UseKeyShare_ExpectAndReturn(test_wolf_ssl, WOLFSSL_P521_KYBER_LEVEL5, SSL_SUCCESS);
+  wolfSSL_UseKeyShare_ExpectAndReturn(test_wolf_ssl, WOLFSSL_P521_ML_KEM_1024, SSL_SUCCESS);
 
   wolfSSL_negotiate_ExpectAndReturn(test_wolf_ssl, SSL_SUCCESS);
   // For this test it doesn't matter what it's called with as long as it's called
@@ -230,7 +230,7 @@ void test_he_client_connect_pqc_keyshare_tcp(void) {
 
   // Wolf set up
   setup_tls_expectations();
-  wolfSSL_UseKeyShare_ExpectAndReturn(test_wolf_ssl, WOLFSSL_P521_KYBER_LEVEL5, SSL_SUCCESS);
+  wolfSSL_UseKeyShare_ExpectAndReturn(test_wolf_ssl, WOLFSSL_P521_ML_KEM_1024, SSL_SUCCESS);
 
   wolfSSL_negotiate_ExpectAndReturn(test_wolf_ssl, SSL_SUCCESS);
   // For this test it doesn't matter what it's called with as long as it's called