Revert "PQ: fix timing sidechannels and add IPDWing"

For TLS, early adopters prefer X25519MLKEM768. Remove IPDWing in preparation for adding X25519MLKEM768. https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/ This reverts commit 4725a930d5.
2024-09-10 13:16:14 +02:00 · 2024-09-10 13:16:14 +02:00 · 2c0a14253a
parent 8cb5da61a6
commit 2c0a14253a
3 changed files with 883 additions and 1414 deletions
--- a/boring-sys/patches/boring-pq.patch
+++ b/boring-sys/patches/boring-pq.patch
--- a/boring/src/lib.rs
+++ b/boring/src/lib.rs
@ -83,10 +83,6 @@
 //!    boxes.
 //! - `P256Kyber768Draft00`. Similar again to `X25519Kyber768Draft00`, but uses P256 as classical
 //!    part. It uses a non-standard codepoint. Not recommended.
-//! - `IPDWing`. A preliminary version of
-//!    [X-Wing](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/02/).
-//!    Similar to `X25519Kyber768Draft00Old`, but uses a newer (but not yet final) version of Kyber
-//!    called ML-KEM-ipd. Not recommended.
 //!
 //! Presently all these key agreements are deployed by Cloudflare, but we do not guarantee continued
 //! support for them.
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -723,9 +723,6 @@ impl SslCurve {
    #[cfg(feature = "pq-experimental")]
    pub const P256_KYBER768_DRAFT00: SslCurve = SslCurve(ffi::SSL_CURVE_P256_KYBER768_DRAFT00 as _);

-    #[cfg(feature = "pq-experimental")]
-    pub const IPD_WING: SslCurve = SslCurve(ffi::SSL_CURVE_IPDWING);
-
    /// Returns the curve name
    ///
    /// This corresponds to [`SSL_get_curve_name`]
@ -768,8 +765,6 @@ impl SslCurve {
            ffi::SSL_CURVE_X25519_KYBER512_DRAFT00 => Some(ffi::NID_X25519Kyber512Draft00),
            #[cfg(feature = "pq-experimental")]
            ffi::SSL_CURVE_P256_KYBER768_DRAFT00 => Some(ffi::NID_P256Kyber768Draft00),
-            #[cfg(feature = "pq-experimental")]
-            ffi::SSL_CURVE_IPDWING => Some(ffi::NID_IPDWing),
            _ => None,
        }
    }