Address tinytls13 review: ML-DSA-44, canonical ML-DSA/ML-KEM macros, optimizer-measured static-mem bucket guidance, footprint hygiene

aidangarske · aidangarske · commit da3be64dccc5 · 2026-06-24T13:06:14.000-07:00
diff --git a/certs/mldsa/ecc-leaf-mldsa44.pem b/certs/mldsa/ecc-leaf-mldsa44.pem
@@ -0,0 +1,61 @@
+-----BEGIN CERTIFICATE-----
+MIIK4zCCAVmgAwIBAgIURMREBesDbhFE7MTpbJAhFuwlmNgwCwYJYIZIAWUDBAMR
+MFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
+bWFuMRAwDgYDVQQKDAd3b2xmU1NMMRUwEwYDVQQDDAxUZXN0IG1sZHNhNDQwHhcN
+MjYwNjI0MTkyODM5WhcNMzYwNjIxMTkyODM5WjAUMRIwEAYDVQQDDAlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223It
+zpTqK/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo0Iw
+QDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwHwYDVR0jBBgwFoAUswU7
+xg6AYh+iTpNtmT4TaDnG/DIwCwYJYIZIAWUDBAMRA4IJdQBp2TdyejDOdGyPgB2n
+c4X+/TQ1EhPeHNs4dZ3gxtmRmYtilgonNPtuEm31DNp0RrcB4BXK6PKhJP27fTAR
+wuwtfdoU7SnC8tsGr1eX3IKGq3+GCMzunJJgMN0zz6mDi25K3c025AxWFxdHOhhQ
+QguUxoZ/GWJsH/e2LJL5qTyeJvHNi/30cNjImsZXFeatQlv87/f1vcwCK4T5/ajd
+GWn4g1ktgRxzvtozBhg7Hw0CbOj0jXFIA+3k/GDCw9RxckBJ8Yn/ddMZNbljduZk
+zLykzjZsrX9badyy8pFgJaGsptgo/SOcxBhHIpjjGu9rTmi1QxAl1yliNoJXBxJR
+RmZijJ619Vmq6w00PSJnM4hP8O7DN8WZ/dZ9f78/WJsNXsv6s036QFwcpj5wo7ex
+OB6ZJSEXkIM9w4mPNpPUyAXfl9GauLGiXANFyqPmm/31CV5nL5INAON5Ft2vbOG8
+RGQySPVV4Cb9WuTtn0iMYgwqdYMxZJbgFUD4RvXiAl5fsLE8N7AHf7Cuua/k+mgZ
+PfH04f2Harzt100Y5J365x5b2ia7QpqRgYeubbCuW8Zd8nVT7+Imo3mgVwNWM9c8
+nskP0uHq51y5qrY3s0DSb8FKcZnZD7zQ70l8EVnlTD2G3QeiE8Id0XqubtrEO+DT
+vyZuMwU4x5NQKGyPUL6tHeUkt7hEWom9sCvIFkeOa4OadGuktxOdDc3f3w2VgG5/
+4nzlP/Y0PSziTw5RuV/G+f4V3VpWlSPCn2CfoTxjoVak/abCiWrijZ8lR3c4ERAl
+AevDEIxpvq5jIlv506vXw2CZeq6195KtsPGhrNkaax7ThZJQPFH/NR5Tu0Y2EBJG
+0lth79qhKKgQDmhf5VNkomblrqW2R6Dm8CvYRuHwmGSk+FfH4ULavv/fuVXaW+h4
+MYjTV8wq4Jdl9qi9G+rfncUzZc2L8/zKisGjuzK0AoWVhs5UgS+/3xjCbsuWkYHG
+siJ2kuZvl7KWR7Oc5OWfaRvAokNtglYWCtUzpD86V08X4l3U77Xi5UFJMjGcVVW6
+2F/WRyhq653vxvclDtkVyBaYDCcnHND7jGpqBcbJDTJyFE/Z3/GPFiYr1mYkVL/v
+jPZ9qklFeWPXCKRVAHESMfFPozMNvdOpWqW0nxZ4P4rjcSKDfXX5wsQC4tW53pK/
+0fpqGrNVY5xsIu8zV6OYpvbaPoaDxHS+clvDB9PrJlvjZUFBWPAiCzjYJNgcVFqU
+39/aAKWj24dbDarp5QEM8rReQiLvCjzD8ARb1zVAnaeyhaMaxCgwp5v/IEcSShH6
+mNX2dcsht10lic5DxJ8Up9ZFNTZhDSD+1E0tX4Vt0DPR8ZVYbW56rnXHTdYiwKhm
+4lXia11zR2f4pl3JD23yYRvSfPJTilWkUO+wAazmP5vRPELyodO4vvqDL+lOkwff
+7IV6JFCLdOV22RpwMHlO7YZkWpoauocljvfZBLLTOqlmcxKGN+T1na9D39jly5oi
+9Aqb4dK6AFaFw5k78kcei3OLNdCDD8dssY1sReMeLM7ENuj4T7XjJh3PVDBDhRS7
+0WPjztBAsVkqOvIRxINjoXTIRvTL0u8P/NUWKhduSDKe+NIvHChuF5VycgAS6G2p
+C3ZqsVM0D3D4s2AvalPJfyhhBN6c9dVeUfjBCNPWk8z7v+d38VHSAPkq5C4Sp5W3
+dD2Wm4ohgkDe1AkvcTtCHSK5tyo8mV0NyObbuMw5YnYyJ5h2CS/PaEfRME+VOsTI
+FLhgy0EZwRfxV+3Q6pTRA3DC0NR50F3teF50HbcmuXxae4FL3F/4qGjErubs6tbD
+M8QzgBLjALl82UrbtFItELLfTjQC7HtOZgwIGqOwd00Eoy6pqwe2AWzYz63A4F1z
+1PPYPAsjfWtfkQmjFeMcljAYaY0YUGox8139lcL8m/7l+2fLhv62m940rRrg41D1
+DTiCIqJTe070lq20iJZ/zWUnrWM/Vhn5PVnc4mgQ7d0uIAJ9j8wxgqw5UYNGYKRw
+Vf3IqsAyYxPsBo9iibBUy4qPMtPA/wN25B22gorjda2Cp0pQWdBjGSRrFjaO8Bx1
+oFJ8nOuzPbG5Q5VJbwGrCxDt7kSueh1ernEAsNAXCWf0L9v+dgJBsYreytCFO7hO
+N+29BKEUh0qXwXmO45gc5Lzw0l19NiBbkm2vYBpW/xh6QHzk22WvPTzMilasDOZK
+aNDiIOXFqKBi4JcmVpJK04BPCiY69pbSL/OpJS+4oR2tKqYo2+U3z89AHNaiLvuB
+v+37j1Z8jMjyZNm+Ex+cKh6PaVTv+sk72goCTfx6hex0WrSDMiU+A9nHho002/oj
+jH3cokwIrpUWd0UpEpMvoNPlCaX9j3s2mL1RxGSy4nd+oabobtGuRRcPDxMK6eRY
+nd3Bksk05pAVqOnAYZNLIYc3ZypXu6ayK4fOL69Ke41OfbWWHZz+or3htceDwZet
+4sAuvL86l1LjFF3kq/G9Z/OxwITrWjocLJemWC32spgelsmOcKV0p6K70JkVFQY6
+c9wl2I360F2oP09wVKd+U7cPvHIMUsQyl0xXR3+bqTVdG4fDqRMksD1nkAQEJvyb
+Tiinf9pUV9raJN/h6fYKu9tis9GRcdy7XPS0t/uLsVHhmhQv+drlCvaigJadpGUN
+79I5WKsFtxXjTLuCxQ9mQspNm9QX8aMnvZLUM7v1oLVxywyWucWSsHBvRM5LP4Kk
+ZrReaVsxyrNHZlfZ0UZoVpoE79FzpYOHj9jh081rY6frEM2a1wYNZFb/hKoN/6FM
+VVKB19glO7oh1AknhueGaDcbAUuVYhHCEpOZVWbD+uQt4FiI1NNjAJSVzsd2Y6Gw
+2/BbAyrdf7lAOopyY4bzJPQsuNCM+kdWNUBrkceWl7d+r3nJUN+g94sMtPIUVQRq
+HWweWk8ZZK167I+/3jPE32H73Dp/8GRuzF8UquAZ0TtBepzaP8BRn2LMUiycqXU9
+Buq9TC2XpyEBGWN3/ferZ8bBURKKSOJk8GRcElIsXc7e8XgAVCCT8D11ZQgKhAjM
+dq6UyK8ufg6jpfx19QvCxduGNZb1KhRSfuGUQXJZMJ6/iOhLqvGSTxCE7sPIk91v
+SAIuxvNEjgFeVFaKn3ETUt51lgANHykqPUJOUWNqgZOaq67HyNHa8PQKFhwnOUZM
+Zm2Fhqby9PgUNz0/U1aCj5G91OIMDSEoSnF0gITBAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAFiUxOw==
+-----END CERTIFICATE-----
diff --git a/certs/mldsa/ecc-leaf-mldsa65.pem b/certs/mldsa/ecc-leaf-mldsa65.pem
diff --git a/certs/mldsa/include.am b/certs/mldsa/include.am
@@ -28,10 +28,10 @@ EXTRA_DIST += \
 		 certs/mldsa/mldsa44-key.pem \
 		 certs/mldsa/mldsa44-cert.pem \
 		 certs/mldsa/mldsa44-cert.der \
+		 certs/mldsa/ecc-leaf-mldsa44.pem \
 		 certs/mldsa/mldsa65-key.pem \
 		 certs/mldsa/mldsa65-cert.pem \
 		 certs/mldsa/mldsa65-cert.der \
-		 certs/mldsa/ecc-leaf-mldsa65.pem \
 		 certs/mldsa/mldsa87-key.pem \
 		 certs/mldsa/mldsa87-cert.pem \
 		 certs/mldsa/mldsa87-cert.der \
diff --git a/configure.ac b/configure.ac
@@ -2950,7 +2950,7 @@ then
         rsaverify)  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TINY_TLS13_RSA_VERIFY" ;;
         sha384)     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384" ;;
         mldsa)      tinytls13_mldsa=yes
-                    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA -DWOLFSSL_DILITHIUM_VERIFY_ONLY -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_NO_ML_DSA_44 -DWOLFSSL_NO_ML_DSA_87" ;;
+                    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA -DWOLFSSL_MLDSA_VERIFY_ONLY -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_NO_ML_DSA_65 -DWOLFSSL_NO_ML_DSA_87" ;;
         no)         ;;
         *)          AC_MSG_ERROR([Invalid --enable-tinytls13 value: $v. Valid: psk cert server mutualauth staticmem asm p256 sha384 mldsa rsaverify.]) ;;
         esac
@@ -2961,7 +2961,7 @@ then
     # verify ML-DSA certificates, so keep ASN.1 there.
     if test "$tinytls13_mldsa" = "yes" && test "$tinytls13_base" != "cert"
     then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_ASN1"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_ASN1"
     fi
 
     if test "$tinytls13_base" = "cert"
diff --git a/examples/configs/tinytls13_smoke.c b/examples/configs/tinytls13_smoke.c
@@ -156,11 +156,11 @@ int main(int argc, char** argv)
 #ifdef WOLFSSL_TINY_TLS13_CERT
     /* Server presents a P-256 ECDSA leaf; the client validates it against the
      * CA. The leaf is signed by the CA whose algorithm this profile verifies,
-     * so a completed handshake drives that verify path (ECDSA, ML-DSA-65, or
+     * so a completed handshake drives that verify path (ECDSA, ML-DSA-44, or
      * RSA-PSS). */
     #if defined(WOLFSSL_HAVE_MLDSA)
-        XSNPRINTF(sCert, sizeof(sCert), "%s/mldsa/ecc-leaf-mldsa65.pem", certDir);
-        XSNPRINTF(cCa,   sizeof(cCa),   "%s/mldsa/mldsa65-cert.pem", certDir);
+        XSNPRINTF(sCert, sizeof(sCert), "%s/mldsa/ecc-leaf-mldsa44.pem", certDir);
+        XSNPRINTF(cCa,   sizeof(cCa),   "%s/mldsa/mldsa44-cert.pem", certDir);
     #elif defined(WOLFSSL_TINY_TLS13_RSA_VERIFY)
         XSNPRINTF(sCert, sizeof(sCert), "%s/rsapss/ecc-leaf-rsapss.pem", certDir);
         XSNPRINTF(cCa,   sizeof(cCa),   "%s/rsapss/ca-rsapss.pem", certDir);
diff --git a/examples/configs/user_settings_tinytls13.h b/examples/configs/user_settings_tinytls13.h
@@ -75,6 +75,16 @@ extern "C" {
          * static memory pool above. */
     #define WOLFSSL_NO_MALLOC
 #endif
+#if 0   /* Static-memory pool buckets for a tinytls13 PSK handshake, measured with
+         * wolfSSL's memory-bucket-optimizer. The distribution sets the minimum
+         * pool size (~320 KB for client+server, ~half a single role), so enable
+         * these only once your buffer matches; re-run the optimizer for your own
+         * role/adders. Left out of the floor because forcing a large distribution
+         * breaks consumers that load a smaller buffer. */
+    #define WOLFMEM_BUCKETS     64,96,160,288,816,3408,5088,6176,10784
+    #define WOLFMEM_DIST        92,34,36,421,63,20,3,1,2
+    #define WOLFMEM_DEF_BUCKETS 9
+#endif
 
 /* ===== SPEED ============================================================ */
 #if 0   /* tiny+fast: assembly crypto instead of small-C (size up, speed up) */
@@ -103,23 +113,28 @@ extern "C" {
 #endif
 
 /* ===== PQC ADDERS (valid on either profile; SHA-3/SHAKE pulled in auto) = */
-#if 0   /* ML-DSA-65 verify-only. Use with the cert profile (Profile B) for TLS
+#if 0   /* ML-DSA-44 verify-only. Use with the cert profile (Profile B) for TLS
          * auth: the PSK floor has no certificate to verify, so on Profile A
-         * this only confirms the umbrella builds. */
+         * this only confirms the umbrella builds. ML-DSA-44 is the right tier
+         * for a tiny stack paired with X25519/P-256 + AES-128 — higher levels
+         * add no security against that classical floor. */
     #define WOLFSSL_HAVE_MLDSA
-    #define WOLFSSL_DILITHIUM_VERIFY_ONLY
-    #define WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+    #define WOLFSSL_MLDSA_VERIFY_ONLY
+    #define WOLFSSL_MLDSA_VERIFY_SMALL_MEM
     #ifndef WOLFSSL_TINY_TLS13_CERT
         /* PSK floor never parses a cert; the cert profile needs ML-DSA ASN.1
          * to decode and verify ML-DSA certificates, so keep it there. */
-        #define WOLFSSL_DILITHIUM_NO_ASN1
+        #define WOLFSSL_MLDSA_NO_ASN1
     #endif
-    #define WOLFSSL_NO_ML_DSA_44
+    #define WOLFSSL_NO_ML_DSA_65
     #define WOLFSSL_NO_ML_DSA_87
 #endif
-#if 0   /* ML-KEM-768 + X25519MLKEM768 hybrid */
+#if 0   /* ML-KEM-768 + X25519MLKEM768 hybrid (768 is the widely-adopted tier;
+         * disable 512/1024) */
     #define WOLFSSL_HAVE_MLKEM
-    #define WOLFSSL_WC_MLKEM
+    #define WOLFSSL_NO_ML_KEM_512
+    #define WOLFSSL_NO_ML_KEM_1024
+    #define WOLFSSL_MLKEM_DYNAMIC_KEYS
 #endif
 
 /* ===== PLATFORM (bare-metal defaults; adjust for your target) ========== */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -2028,13 +2028,19 @@
     #undef  NO_PWDBASED
     #define NO_PWDBASED
 
-    /* Footprint hygiene. */
+    /* Footprint hygiene. NO_FILESYSTEM stays template-only so examples link. */
     #undef  NO_ERROR_STRINGS
     #define NO_ERROR_STRINGS
     #undef  WOLFSSL_SMALL_STACK
     #define WOLFSSL_SMALL_STACK
     #undef  NO_SESSION_CACHE
     #define NO_SESSION_CACHE
+    #undef  NO_CLIENT_CACHE
+    #define NO_CLIENT_CACHE
+    #undef  NO_HANDSHAKE_DONE_CB
+    #define NO_HANDSHAKE_DONE_CB
+    #undef  NO_SIG_WRAPPER
+    #define NO_SIG_WRAPPER
     #undef  SINGLE_THREADED
     #define SINGLE_THREADED
 
@@ -2053,6 +2059,8 @@
     #ifdef WOLFSSL_TINY_TLS13_STATIC_MEM
         #undef  WOLFSSL_STATIC_MEMORY
         #define WOLFSSL_STATIC_MEMORY
+        /* Size a tiny WOLFMEM_* pool with the memory-bucket-optimizer; see the
+         * measured starting point in user_settings_tinytls13.h. */
     #endif
 
     /* Profile A: no X.509 at all (the cert variant keeps ASN/certs). */
