From 403fcc5a4b4d37459de01ba4b162387b1338508d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 28 Feb 2024 17:33:48 +0100 Subject: [PATCH] Fix for PQC enabled handshake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When PQC Kyber support is enabled, incoming KeyShare messages are tested regarding the named group is a PQC Kyber group (pure or hybrid). The boundaries of this test are way too loose (large gap between the pure ones and the hybrid ones). This could result in failing handshakes in case a client uses GREASE (Generate Random Extensions And Sustain Extensibility), as there group numbers in the large gap are used. The fix is just to make sure that the PQC test uses the two small boundaries of the PQC named groups. The lower bound for the hybrid groups has also been updated to reflect the current OQS definition. Signed-off-by: Tobias Frauenschläger --- wolfssl/internal.h | 3 ++- wolfssl/ssl.h | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8b65d0a29..258cb034e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1850,7 +1850,8 @@ enum Misc { (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) #ifdef HAVE_PQC #define WOLFSSL_NAMED_GROUP_IS_PQC(group) \ - (WOLFSSL_PQC_MIN <= (group) && (group) <= WOLFSSL_PQC_MAX) + ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \ + (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX)) #else #define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) #endif /* HAVE_PQC */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index edcff46f6..804ec44bb 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4004,7 +4004,7 @@ enum { WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ WOLFSSL_PQC_SIMPLE_MAX = 573, - WOLFSSL_PQC_HYBRID_MIN = 12052, + WOLFSSL_PQC_HYBRID_MIN = 12090, WOLFSSL_P256_KYBER_LEVEL1 = 12090, WOLFSSL_P384_KYBER_LEVEL3 = 12092, WOLFSSL_P521_KYBER_LEVEL5 = 12093,