Kyber: fixes to configure and wolfSSL_get_curve_name

Remote original-only option for kyber in configure.ac. Default is ML-KEM only. original is Kyber only. ml-lem is ML-KEM. to have both: all,original,ml-kem. Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the inclusion of kyber headers.
wolfSSL · Nov 13, 2024 · fc304e4 · fc304e4
1 parent 878cf3a
commit fc304e4
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 19 deletions.
diff --git a/configure.ac b/configure.ac
@@ -1309,7 +1309,7 @@ AC_ARG_ENABLE([kyber],
     )
 
 ENABLED_WC_KYBER=no
-ENABLED_ML_KEM=yes
+ENABLED_ML_KEM=unset
 for v in `echo $ENABLED_KYBER | tr "," " "`
 do
   case $v in
@@ -1335,9 +1335,8 @@ do
   original)
     ENABLED_ORIGINAL=yes
     ;;
-  original-only)
-    ENABLED_ORIGINAL=yes
-    ENABLED_ML_KEM=no
+  ml-kem)
+    ENABLED_ML_KEM=yes
     ;;
   *)
     AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
@@ -1366,6 +1365,12 @@ then
         if test "$ENABLED_KYBER1024" = ""; then
             AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
         fi
+        if test "$ENABLED_ML_KEM" = "unset"; then
+            ENABLED_ML_KEM=no
+        fi
+    fi
+    if test "$ENABLED_ML_KEM" = "unset"; then
+        ENABLED_ML_KEM=yes
     fi
     if test "$ENABLED_ML_KEM" = "yes"; then
         if test "$ENABLED_KYBER512" = ""; then

diff --git a/src/ssl.c b/src/ssl.c
@@ -14572,19 +14572,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
         case WOLFSSL_P521_ML_KEM_1024:
             return "P521_ML_KEM_1024";
 #elif defined(WOLFSSL_WC_KYBER)
-    #ifdef WOLFSSL_WC_ML_KEM_512
+    #ifndef WOLFSSL_NO_ML_KEM_512
         case WOLFSSL_ML_KEM_512:
             return "ML_KEM_512";
         case WOLFSSL_P256_ML_KEM_512:
             return "P256_ML_KEM_512";
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_768
+    #ifndef WOLFSSL_NO_ML_KEM_768
         case WOLFSSL_ML_KEM_768:
             return "ML_KEM_768";
         case WOLFSSL_P384_ML_KEM_768:
             return "P384_ML_KEM_768";
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_1024
+    #ifndef WOLFSSL_NO_ML_KEM_1024
         case WOLFSSL_ML_KEM_1024:
             return "ML_KEM_1024";
         case WOLFSSL_P521_ML_KEM_1024:

diff --git a/src/tls.c b/src/tls.c
@@ -7984,17 +7984,17 @@ static int kyber_id2type(int id, int *type)
 
     switch (id) {
 #ifndef WOLFSSL_NO_ML_KEM
-    #ifdef WOLFSSL_WC_ML_KEM_512
+    #ifndef WOLFSSL_NO_ML_KEM_512
         case WOLFSSL_ML_KEM_512:
             *type = WC_ML_KEM_512;
             break;
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_768
+    #ifndef WOLFSSL_NO_ML_KEM_768
         case WOLFSSL_ML_KEM_768:
             *type = WC_ML_KEM_768;
             break;
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_1024
+    #ifndef WOLFSSL_NO_ML_KEM_1024
         case WOLFSSL_ML_KEM_1024:
             *type = WC_ML_KEM_1024;
             break;
@@ -9694,15 +9694,15 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
 #ifdef WOLFSSL_HAVE_KYBER
 #ifndef WOLFSSL_NO_ML_KEM
     #ifdef WOLFSSL_WC_KYBER
-        #ifdef WOLFSSL_WC_ML_KEM_512
+        #ifndef WOLFSSL_NO_ML_KEM_512
             case WOLFSSL_ML_KEM_512:
             case WOLFSSL_P256_ML_KEM_512:
         #endif
-        #ifdef WOLFSSL_WC_ML_KEM_768
+        #ifndef WOLFSSL_NO_ML_KEM_768
             case WOLFSSL_ML_KEM_768:
             case WOLFSSL_P384_ML_KEM_768:
         #endif
-        #ifdef WOLFSSL_WC_ML_KEM_1024
+        #ifndef WOLFSSL_NO_ML_KEM_1024
             case WOLFSSL_ML_KEM_1024:
             case WOLFSSL_P521_ML_KEM_1024:
         #endif
@@ -9816,15 +9816,15 @@ static const word16 preferredGroup[] = {
 #endif
 #ifndef WOLFSSL_NO_ML_KEM
 #ifdef WOLFSSL_WC_KYBER
-    #ifdef WOLFSSL_WC_ML_KEM_512
+    #ifndef WOLFSSL_NO_ML_KEM_512
     WOLFSSL_ML_KEM_512,
     WOLFSSL_P256_ML_KEM_512,
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_768
+    #ifndef WOLFSSL_NO_ML_KEM_768
     WOLFSSL_ML_KEM_768,
     WOLFSSL_P384_ML_KEM_768,
     #endif
-    #ifdef WOLFSSL_WC_ML_KEM_1024
+    #ifndef WOLFSSL_NO_ML_KEM_1024
     WOLFSSL_ML_KEM_1024,
     WOLFSSL_P521_ML_KEM_1024,
     #endif
@@ -13484,23 +13484,23 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
 #ifdef WOLFSSL_HAVE_KYBER
 #ifndef WOLFSSL_NO_ML_KEM
 #ifdef WOLFSSL_WC_KYBER
-#ifdef WOLFSSL_WC_ML_KEM_512
+#ifndef WOLFSSL_NO_ML_KEM_512
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
                                      ssl->heap);
 #endif
-#ifdef WOLFSSL_WC_ML_KEM_768
+#ifndef WOLFSSL_NO_ML_KEM_768
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
                                      ssl->heap);
 #endif
-#ifdef WOLFSSL_WC_ML_KEM_1024
+#ifndef WOLFSSL_NO_ML_KEM_1024
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
                                      ssl->heap);