Skip to content

Ingela/ssl/public key/quantum security/otp 19552 #10004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: maint
Choose a base branch
from
Open

Ingela/ssl/public key/quantum security/otp 19552 #10004

wants to merge 7 commits into from

Conversation

IngelaAndin
Copy link
Contributor

Add support for ML-DSA and ML-KEM

@IngelaAndin IngelaAndin requested review from u3s and dgud and removed request for u3s June 30, 2025 15:39
@IngelaAndin IngelaAndin changed the base branch from master to maint June 30, 2025 15:40
@IngelaAndin IngelaAndin self-assigned this Jun 30, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 30, 2025
edited
Loading

CT Test Results

    4 files     75 suites   28m 50s ⏱️
1 100 tests 1 041 ✅  59 💤 0 ❌
4 715 runs  3 725 ✅ 990 💤 0 ❌

Results for commit 9311afc.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@IngelaAndin IngelaAndin added the team:PS Assigned to OTP team PS label Jun 30, 2025
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/public_key/quantum-security/OTP-19552 branch 14 times, most recently from e807c5b to 81acc7c Compare July 2, 2025 08:18
@IngelaAndin IngelaAndin requested a review from u3s July 2, 2025 08:57
@IngelaAndin IngelaAndin added testing currently being tested, tag is used by OTP internal CI and removed testing currently being tested, tag is used by OTP internal CI labels Jul 2, 2025
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/public_key/quantum-security/OTP-19552 branch from 48969f9 to f64504a Compare July 3, 2025 06:24
@IngelaAndin IngelaAndin added the testing currently being tested, tag is used by OTP internal CI label Jul 3, 2025
@u3s u3s requested a review from Copilot July 3, 2025 07:46
Copilot

This comment was marked as outdated.

Sign in to view

@IngelaAndin IngelaAndin force-pushed the ingela/ssl/public_key/quantum-security/OTP-19552 branch from f64504a to 5b09406 Compare July 3, 2025 08:16
u3s
u3s previously approved these changes Jul 3, 2025
View reviewed changes
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/public_key/quantum-security/OTP-19552 branch from 5b09406 to 4c89af9 Compare July 3, 2025 09:11
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/public_key/quantum-security/OTP-19552 branch from 4c89af9 to 9311afc Compare July 7, 2025 11:05
@u3s u3s requested a review from Copilot July 7, 2025 12:05
Copilot
Copilot AI reviewed Jul 7, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds support for ML-DSA signature schemes (mldsa44, mldsa65, mldsa87) and ML-KEM key-exchange groups (mlkem512, mlkem768, mlkem1024) across SSL/TLS libraries and tests.

  • Introduces new test fixtures and groups for ML-DSA and ML-KEM in ssl_test_lib, ssl_cert_tests, and multiple suite modules.
  • Extends core TLS logic (tls_v1, tls_server_connection_1_3, tls_handshake_1_3, etc.) to recognize and process the new algorithms and groups.
  • Updates runtime dependencies and configuration (ssl_app.src, ssl_config, etc.) and includes new public_key test data.

Reviewed Changes

Copilot reviewed 50 out of 50 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
lib/ssl/test/ssl_test_lib.erl Adjusted OpenSSL client flags, updated skip messages, added ML-DSA signature helper
lib/ssl/test/ssl_cert_SUITE.erl Added mldsa and mlkem group tests and initialization logic
lib/ssl/src/tls_v1.erl Extended signature_schemes and default_signature_schemes for ML-DSA
lib/ssl/src/tls_server_connection_1_3.erl Added generate_server_share override for ML-KEM
lib/ssl/src/ssl_app.src Updated crypto dependency version placeholder
Comments suppressed due to low confidence (2)

lib/ssl/test/ssl_test_lib.erl:409

  • The skip message concatenates 'for' and the group name without a space; consider adding a space after 'for ' to improve readability (e.g., "Missing OpenSSL support for ").
		    {skip, "Missing OpenSSL support for" ++ atom_to_list(GroupName)}

lib/ssl/test/ssl_test_lib.erl:2414

  • The -verify 2 argument is removed from the OpenSSL client invocation; verify that equivalent certificate verification is covered by tests to catch any regressions.
                     ["s_client",

lib/ssl/test/ssl_cert_SUITE.erl
Comment on lines +495 to +500
case [] =/= crypto:supports(kems) of
true ->
Config;
false ->
{skip, "Missing support for mlkem in OpenSSL"}
end;
Copy link
Preview

Copilot AI Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The init_per_testcase/2 handling for mlkem_groups is duplicated across multiple test modules; consider extracting a common helper or macro to reduce repetition.

Suggested change
case [] =/= crypto:supports(kems) of
true ->
Config;
false ->
{skip, "Missing support for mlkem in OpenSSL"}
end;
handle_mlkem_groups(Config);

Copilot uses AI. Check for mistakes.

lib/ssl/test/ssl_cert_SUITE.erl
@@ -308,6 +317,43 @@ init_per_group(GroupName, Config) ->
do_init_per_group(GroupName, Config)
end.

do_init_per_group(Group, Config) when Group == mldsa ->
Copy link
Preview

Copilot AI Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The do_init_per_group/2 logic for mldsa is repeated in multiple SSL test suites; consider refactoring into a shared helper function to avoid duplicated code.

Suggested change
do_init_per_group(Group, Config) when Group == mldsa ->
do_init_per_group(Group, Config) when Group == mldsa ->
do_init_mldsa(Group, Config);
do_init_per_group(Group, Config0) when Group == rsa;
do_init_mldsa(Group, Config) ->

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@u3s u3s u3s left review comments

@dgud dgud Awaiting requested review from dgud

At least 1 approving review is required to merge this pull request.

Assignees

@IngelaAndin IngelaAndin

Labels
team:PS Assigned to OTP team PS testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@IngelaAndin @u3s