From a254b23c155f25a0f7c0ec8fed22e577f2c02566 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 1 May 2024 11:52:46 -0700
Subject: [PATCH] Kyber Testing

1. Add a workflow for a kyber test.
2. Fix a couple spots where a flag to use kyber wasn't getting set
   correctly.
3. Changed a check to kyber back to the original source, a local
   variable.
---
 .github/workflows/kyber.yml | 56 +++++++++++++++++++++++++++++++++++++
 src/internal.c              |  4 +--
 2 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/kyber.yml

diff --git a/.github/workflows/kyber.yml b/.github/workflows/kyber.yml
new file mode 100644
index 000000000..4e6457dec
--- /dev/null
+++ b/.github/workflows/kyber.yml
@@ -0,0 +1,56 @@
+name: Kyber Tests
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  run_test:
+    name: Build and run
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential autoconf automake libtool git cmake make
+
+      - name: Install liboqs source
+        run: git clone --depth 1 --branch "0.10.0" "https://github.com/open-quantum-safe/liboqs"
+
+      - name: Build and install liboqs
+        working-directory: liboqs
+        run: |
+          mkdir build
+          cd build
+          cmake -DOQS_MINIMAL_BUILD=KEM_kyber_512 -DOQS_USE_OPENSSL=0 ..
+          make
+          sudo make install
+
+      - name: Install wolfSSL source
+        run: git clone --depth 1 --branch "v5.7.0-stable" "https://github.com/wolfssl/wolfssl"
+
+      - name: Build and install wolfSSL
+        working-directory: wolfssl
+        run: |
+          autoreconf -ivf
+          ./configure --enable-wolfssh --enable-kyber --enable-experimental --enable-cryptonly --disable-examples --disable-crypttests
+          make
+          sudo make install
+
+      - name: Install wolfSSH
+        run: git clone --depth 1 "https://github.com/wolfssl/wolfssh"
+
+      - name: Build wolfSSH
+        working-directory: wolfssh
+        run: |
+          echo ${{ matrix.ref }}
+          autoreconf -ivf
+          ./configure --with-liboqs
+          make
+
+      - name: Run wolfssh tests
+        working-directory: wolfssh
+        run: make check
diff --git a/src/internal.c b/src/internal.c
index 4df487807..c4d3688c6 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5133,7 +5133,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
     if (ret == WS_SUCCESS) {
         int useKeyPadding = 1;
 #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256)
-        doKeyPadding = !ssh->handshake->useEccKyber;
+        useKeyPadding = !ssh->handshake->useEccKyber;
 #endif
         ret = GenerateKeys(ssh, hashId, useKeyPadding);
     }
@@ -10639,7 +10639,7 @@ int SendKexDhReply(WOLFSSH* ssh)
     if (ret == WS_SUCCESS) {
         int doKeyPadding = 1;
 #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256)
-        doKeyPadding = !ssh->handshake->useEccKyber;
+        doKeyPadding = !useEccKyber;
 #endif
         ret = GenerateKeys(ssh, hashId, doKeyPadding);
     }