CVPN-1636 Server support both ML-KEM and Kyber

expressvpn · Dec 5, 2024 · e8dcbd0 · e8dcbd0
1 parent d4f1f25
commit e8dcbd0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/src/he/ssl_ctx.c b/src/he/ssl_ctx.c
@@ -289,10 +289,11 @@ he_return_code_t he_ssl_ctx_start_server(he_ssl_ctx_t *ctx) {
   }
 
 #ifndef HE_NO_PQC
-  int SERVER_CURVE_PQC_GROUPS[4] = {WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1,
-                                    WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519};
+  int SERVER_CURVE_PQC_GROUPS[5] = {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_P521_KYBER_LEVEL5,
+                                    WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1,
+                                    WOLFSSL_ECC_X25519};
 
-  res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 4);
+  res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 5);
 #else
   int SERVER_CURVE_BASE_GROUPS[2] = {WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519};
 

diff --git a/test/he/test_ssl_ctx.c b/test/he/test_ssl_ctx.c
@@ -449,7 +449,7 @@ void test_he_server_connect_succeeds(void) {
       SSL_SUCCESS);
 
 #ifndef HE_NO_PQC
-  wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS);
+  wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS);
 #else
   wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS);
 #endif
@@ -486,7 +486,7 @@ void test_he_server_connect_succeeds_streaming(void) {
       my_ctx, "TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256", SSL_SUCCESS);
 
 #ifndef HE_NO_PQC
-  wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS);
+  wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS);
 #else
   wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS);
 #endif