Version 5.8.4 improves wolfSSL’s implementation of ML-KEM (formerly Kyber) and ML-DSA (formerly Dilithium) post-quantum algorithms.
Download wolfSSL →
Bug Fixes
The ML-KEM derive secret operation was corrected to properly compute shared secrets; there was a miscalculation of an offset in a buffer. An out-of-bounds read was fixed in the ML-KEM/Kyber 5-bit value decomposition code, where the Intel assembly optimized path was reading 15 bytes when only 10 bytes were available. This was caught by valgrind testing. For ML-DSA, a fix was made to the dilithium_expand_s function, so it properly falls through to the C implementation when the Intel speedup code path does not handle a particular case, avoiding potential undefined behavior detected by clang static analysis.
New API Functions:
New memory allocation helper functions were added for both algorithms to support language bindings like C#. For ML-KEM, wc_MlKemKey_New() and wc_MlKemKey_Delete() were added. For ML-DSA, wc_dilithium_new() and wc_dilithium_delete() were added. These are needed because the size of the key structures depends on build options, making it difficult for external language wrappers to allocate memory correctly without these helpers.
Key Import Enhancement:
Support was added to import ML-DSA private key seeds from PKCS8 formatted files. This allows ML-DSA keys stored in the standard PKCS8 format to be properly loaded and used, improving interoperability with other cryptographic tools and libraries.
The Code:
Here are the pull requests that we are talking about:
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now