ML-KEM fixes

* DTLS 1.3 cookie and CH frag handling
* static memory handling
* Fix memory leak in TLS server PQC handling in case of ECH
* Make sure hybrids are actually tested in testsuite
This commit is contained in:
Tobias Frauenschläger
2026-03-13 17:48:35 +01:00
parent b5c532703a
commit 76b1300adb
9 changed files with 208 additions and 50 deletions
+33 -2
View File
@@ -2251,6 +2251,26 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
WOLFSSL_MSG("DTLS Cookie Secret error");
return ret;
}
#if defined(WOLFSSL_DTLS13)
if (IsAtLeastTLSv1_3(ssl->version)) {
#if defined(WOLFSSL_SEND_HRR_COOKIE)
ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("DTLS1.3 Cookie secret error");
return ret;
}
#endif /* WOLFSSL_SEND_HRR_COOKIE */
#if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM)
/* Allow fragmentation of the second ClientHello due to the
* large PQC key share. */
ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("DTLS1.3 CH frag error");
return ret;
}
#endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */
}
#endif /* WOLFSSL_DTLS13 */
}
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
@@ -8006,15 +8026,26 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
WOLFSSL_MSG("DTLS Cookie Secret error");
return ret;
}
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
#if defined(WOLFSSL_DTLS13)
if (IsAtLeastTLSv1_3(ssl->version)) {
#if defined(WOLFSSL_SEND_HRR_COOKIE)
ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("DTLS1.3 Cookie secret error");
return ret;
}
#endif /* WOLFSSL_SEND_HRR_COOKIE */
#if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM)
/* Allow fragmentation of the second ClientHello due to the
* large PQC key share. */
ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("DTLS1.3 CH frag error");
return ret;
}
#endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */
}
#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE */
#endif /* WOLFSSL_DTLS13 */
}
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
+16 -7
View File
@@ -10534,6 +10534,7 @@ static int TLSX_KeyShare_HandlePqcKeyServer(WOLFSSL* ssl,
keyShareEntry->ke = NULL;
keyShareEntry->keLen = 0;
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = ciphertext;
keyShareEntry->pubKeyLen = ctSz;
ciphertext = NULL;
@@ -10770,6 +10771,7 @@ static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz);
}
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = ciphertext;
keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz;
ciphertext = NULL;
@@ -10859,13 +10861,20 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE)
if (ssl->options.side == WOLFSSL_SERVER_END &&
WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl,
keyShareEntry,
data, len,
ssl->arrays->preMasterSecret,
&ssl->arrays->preMasterSz);
if (ret != 0)
return ret;
if (TLSX_IsGroupSupported(group)) {
ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl,
keyShareEntry,
data, len,
ssl->arrays->preMasterSecret,
&ssl->arrays->preMasterSz);
if (ret != 0)
return ret;
}
else {
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->ke = NULL;
keyShareEntry->keLen = 0;
}
}
else if (ssl->options.side == WOLFSSL_SERVER_END &&
WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) {