fix for MLKEM1024 (v0.5.6)

GlenDC · GlenDC · commit 7b3fb171483c · 2025-11-05T11:07:33.000+01:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["boring", "boring-sys", "tokio-boring"]
 resolver = "2"
 
 [workspace.package]
-version = "0.5.5"
+version = "0.5.6"
 repository = "https://github.com/plabayo/rama-boring"
 # we should stick on edition 2021 until ecosystem is ready,
 # and perhaps let cloudflare do it if ever,
@@ -18,9 +18,9 @@ tag-prefix = ""
 publish = false
 
 [workspace.dependencies]
-rama-boring = { version = "0.5.5", path = "./boring" }
-rama-boring-sys = { version = "0.5.5", path = "./boring-sys" }
-rama-boring-tokio = { version = "0.5.5", path = "./tokio-boring" }
+rama-boring = { version = "0.5.6", path = "./boring" }
+rama-boring-sys = { version = "0.5.6", path = "./boring-sys" }
+rama-boring-tokio = { version = "0.5.6", path = "./tokio-boring" }
 
 antidote = "1.0.0"
 anyhow = "1"
diff --git a/boring-sys/patches/rama_boring_pq.patch b/boring-sys/patches/rama_boring_pq.patch
@@ -3648,10 +3648,10 @@ index 344e7f2ea..72f743137 100644
      12 /* X509 */,
      402 /* X509v3 AC Targeting */,
 diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num
-index 82d0a3db0..2a46adfe8 100644
+index 82d0a3db0..e768101da 100644
 --- a/crypto/obj/obj_mac.num
 +++ b/crypto/obj/obj_mac.num
-@@ -952,5 +952,7 @@ X448		961
+@@ -952,5 +952,8 @@ X448		961
  sha512_256		962
  hkdf		963
  X25519Kyber768Draft00		964
@@ -3661,6 +3661,7 @@ index 82d0a3db0..2a46adfe8 100644
 +P256Kyber768Draft00		966
 +X25519Kyber768Draft00Old		967
 +X25519MLKEM768		968
++MLKEM1024		969
 diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt
 index a38969bc4..14859cb4c 100644
 --- a/crypto/obj/objects.txt
@@ -3892,10 +3893,10 @@ index 000000000..745defefd
 +
 +#endif  // OPENSSL_HEADER_CRYPTO_KYBER_INTERNAL_H
 diff --git a/include/openssl/nid.h b/include/openssl/nid.h
-index 7f018ceec..6dfd090e6 100644
+index 7f018ceec..a71e719d9 100644
 --- a/include/openssl/nid.h
 +++ b/include/openssl/nid.h
-@@ -4213,8 +4213,17 @@ extern "C" {
+@@ -4213,11 +4213,20 @@ extern "C" {
  #define SN_X25519Kyber768Draft00 "X25519Kyber768Draft00"
  #define NID_X25519Kyber768Draft00 964
  
@@ -3913,7 +3914,11 @@ index 7f018ceec..6dfd090e6 100644
 +#define NID_X25519MLKEM768 968
  
  #define SN_MLKEM1024 "MLKEM1024"
- #define NID_MLKEM1024 966
+-#define NID_MLKEM1024 966
++#define NID_MLKEM1024 969
+ 
+ 
+ #if defined(__cplusplus)
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
 index eb9ef2d87..fde43d5dd 100644
 --- a/include/openssl/ssl.h
@@ -3943,20 +3948,20 @@ index 1366cc825..2631944e3 100644
      case SSL_GROUP_MLKEM1024:
        return true;
 diff --git a/ssl/internal.h b/ssl/internal.h
-index f623e2dc8..ea0d825e4 100644
+index f623e2dc8..c4eafca7b 100644
 --- a/ssl/internal.h
 +++ b/ssl/internal.h
 @@ -964,7 +964,7 @@ struct NamedGroup {
  Span<const NamedGroup> NamedGroups();
  
  // kNumNamedGroups is the number of supported groups.
 -constexpr size_t kNumNamedGroups = 7u;
-+constexpr size_t kNumNamedGroups = 9u;
++constexpr size_t kNumNamedGroups = 10u;
  
  // DefaultSupportedGroupIds returns the list of IDs for the default groups that
  // are supported when the caller hasn't explicitly configured supported groups.
 diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc
-index 94d07ff95..51eba7fb2 100644
+index 94d07ff95..89b7ae7d6 100644
 --- a/ssl/ssl_key_share.cc
 +++ b/ssl/ssl_key_share.cc
 @@ -26,14 +26,15 @@
@@ -4582,7 +4587,7 @@ index 94d07ff95..51eba7fb2 100644
  };
  
  // draft-ietf-tls-mlkem-04
-@@ -440,10 +783,16 @@ constexpr NamedGroup kNamedGroups[] = {
+@@ -440,10 +783,17 @@ constexpr NamedGroup kNamedGroups[] = {
      {NID_secp384r1, SSL_GROUP_SECP384R1, "P-384", "secp384r1"},
      {NID_secp521r1, SSL_GROUP_SECP521R1, "P-521", "secp521r1"},
      {NID_X25519, SSL_GROUP_X25519, "X25519", "x25519"},
@@ -4598,11 +4603,12 @@ index 94d07ff95..51eba7fb2 100644
 +    {NID_P256Kyber768Draft00, SSL_GROUP_P256_KYBER768_DRAFT00,
 +        "P256Kyber768Draft00", "P256Kyber768D00"},
 +    {NID_X25519MLKEM768, SSL_GROUP_X25519_MLKEM768,
-+        "X25519MLKEM768", "X25519MLKEM768"}
++        "X25519MLKEM768", "X25519MLKEM768"},
++    {NID_MLKEM1024, SSL_GROUP_MLKEM1024, "MLKEM1024", ""}
  };
  
  static_assert(std::size(kNamedGroups) == kNumNamedGroups,
-@@ -455,9 +804,14 @@ Span<const NamedGroup> NamedGroups() { return kNamedGroups; }
+@@ -455,9 +805,14 @@ Span<const NamedGroup> NamedGroups() { return kNamedGroups; }
  
  Span<const uint16_t> DefaultSupportedGroupIds() {
    static const uint16_t kDefaultSupportedGroupIds[] = {
@@ -4620,7 +4626,7 @@ index 94d07ff95..51eba7fb2 100644
    };
    return Span(kDefaultSupportedGroupIds);
  }
-@@ -472,10 +826,16 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
+@@ -472,10 +827,16 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
        return MakeUnique<ECKeyShare>(EC_group_p521(), SSL_GROUP_SECP521R1);
      case SSL_GROUP_X25519:
        return MakeUnique<X25519KeyShare>();
