Skip to content

Backport ML-KEM for SCOSSL 1.10#171

Open
mamckee wants to merge 17 commits into
scossl-1.10from
mamckee-mlkem-backport
Open

Backport ML-KEM for SCOSSL 1.10#171
mamckee wants to merge 17 commits into
scossl-1.10from
mamckee-mlkem-backport

Conversation

@mamckee

@mamckee mamckee commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

This PR backports ML-KEM and ML-KEM hybrid for SCOSSL 1.10 (based on 1.9)

The following PRs are backported, with some minor bugfixes and tweaks.
#103
#153

mamckee and others added 8 commits June 3, 2026 20:51
* Boilerplate mlkem kem and keymgmt interfaces

* ML-KEM key management

* ML-KEM KEM interface

* Update to latest APIs

* ML-KEM decoder

* MLKEM PEM and DER encoder. Refactor decoder

* Consolidate ML-KEM decoder

* MLKEM text encoder and bugfixes

* Start of hybrid implementation

* ML-KEM hyrbid key management

* Expose classic ECDH functions for ML-KEM hybrid

* ML-KEM hybrid

* Cleanup ecc usage from mlkem keymgmt

* Cleanup ML-KEM hybrid and register algorithms

* Bugfixes for compatibility with public PQ endpoints

* Fix ordering for non-x25519 hybrid and add P384MLKEM1024

* Rebase cleanup

* Cleanup

* Cleanup and refactoring

* Fix TLS names

* Use new debug logging for symcrypt errors

* PR comments

* PR comments

* Only copy modified private bits with key material

* PR comments and cleanup

* Merge branch 'main' into mamckee-ml-kem

* PR comments

* Fix ML-KEM constants
…cations (#133)

* Refactor logic to avoid use of uninitialized memory and improve
consistency

* Fix up a few more nitpicks

+ Potential memory leak in common gcm init ctx (never hit with provider,
  but could be hit from engine)
+ Consistency of dupctx ERR and assignment

* Fix some unhandled OPENSSL_strdup failures
* Stub out ML-KEM interfaces

* Split mlkem standalone key management

* Standalone MLKEM

* Hybrid key management

* Re-add hybrid ML-KEM

* Separate ML-KEM decoders

* Separate MLKEM encoders

* Cleanup

* Add comment indicating hybrids are only for TLS

* Cleanup and add explicit ikme rejection

* Add mlkem evp_test

* PR comments

* Don't use boolean operators on SCOSSL_STATUS

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR backports ML-KEM and ML-KEM-hybrid support into the SymCrypt provider for the SCOSSL 1.10 release line, including key management, KEM operations, and OpenSSL encoder/decoder integration, plus TLS group capability updates.

Changes:

  • Add ML-KEM (512/768/1024) KEM + keymgmt, and ML-KEM hybrid KEM + keymgmt (X25519/P-256/P-384 hybrids).
  • Add DER/PEM/text encoders and DER decoders for ML-KEM keys, plus shared encode/decode helper infrastructure.
  • Introduce a core-BIO wrapper for encoder/decoder I/O and register new TLS group capability metadata (including KEM groups).

Reviewed changes

Copilot reviewed 25 out of 26 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
SymCryptProvider/src/p_scossl_ecc.h Adds #pragma once to the ECC provider header.
SymCryptProvider/src/p_scossl_bio.h Declares core-BIO dispatch wiring and provider-side BIO helpers for encoding/decoding.
SymCryptProvider/src/p_scossl_bio.c Implements provider BIO_METHOD backed by core BIO callbacks.
SymCryptProvider/src/p_scossl_base.c Registers new KEM/keymgmt/encoder/decoder algorithms and TLS group capability metadata; initializes core BIO method.
SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.h Declares ML-KEM keymgmt helper APIs used by encoder/decoder and keymgmt.
SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c Implements ML-KEM key generation, import/export, match/dup, and encoded key helpers.
SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c Implements hybrid (classic + ML-KEM) keymgmt including import/export and encoding layout rules.
SymCryptProvider/src/keyexch/p_scossl_ecdh.h Exposes ECDH provider context helpers for re-use by hybrid KEM implementation.
SymCryptProvider/src/keyexch/p_scossl_ecdh.c Refactors ECDH context type/entry points to be externally reusable.
SymCryptProvider/src/kem/p_scossl_mlkem.h Declares ML-KEM group metadata, key context, and registration/parameter helpers.
SymCryptProvider/src/kem/p_scossl_mlkem.c Implements ML-KEM KEM operations and algorithm/NID registration helpers.
SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.h Declares hybrid key context structure.
SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c Implements hybrid KEM encaps/decaps combining ECDH + ML-KEM with group-dependent layout.
SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.h Declares hybrid-specific ECC helper routines for ephemeral ECDH handling.
SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.c Implements ECC import/export/dup/gen helpers for hybrid classic components.
SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c Adds encoders for ML-KEM PrivateKeyInfo / EncryptedPrivateKeyInfo / SPKI and text output.
SymCryptProvider/src/encoder/p_scossl_encode_common.h Adds shared encoder framework types/helpers used by ML-KEM encoders.
SymCryptProvider/src/encoder/p_scossl_encode_common.c Implements shared encoder context handling and core-BIO output bridging.
SymCryptProvider/src/decoder/p_scossl_decode_mlkem.c Adds DER decoders for ML-KEM PrivateKeyInfo and SubjectPublicKeyInfo.
SymCryptProvider/src/decoder/p_scossl_decode_common.h Adds shared decoder framework types/helpers used by ML-KEM decoders.
SymCryptProvider/src/decoder/p_scossl_decode_common.c Implements shared decoder context handling and core-BIO input bridging.
SymCryptProvider/inc/scossl_provider.h Adds ML-KEM algorithm SN/LN/OID constants and a compatibility define for OSSL_PKEY_PARAM_ML_KEM_SEED.
SymCryptProvider/inc/p_scossl_base.h.in Adds BIO include and stores coreBioMeth in provider context.
SymCryptProvider/CMakeLists.txt Adds new KEM/keymgmt/encoder/decoder/BIO sources to the provider build.
CMakeLists.txt Bumps project version to 1.10.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SymCryptProvider/src/decoder/p_scossl_decode_common.c Outdated
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_common.c
Comment thread SymCryptProvider/src/p_scossl_bio.c
Comment thread SymCryptProvider/src/kem/p_scossl_mlkem.c
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c Outdated
Comment thread SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.c Outdated

@samuel-lee-msft samuel-lee-msft left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo comments; I reviewed the commits from ca4b35b onwards with focus on the diff between p_scossl_mlkem_hybrid_ecc.c and p_scossl_ecc.c, which seems to be the main new stuff for the backport - let me know if you would appreciate me looking at something else in particular

Some of the AI comments also seem legit, if nitpicky.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 27 changed files in this pull request and generated 5 comments.

Comment thread SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c
Comment thread SymCryptProvider/src/kem/p_scossl_mlkem.c
Comment thread SymCryptProvider/src/decoder/p_scossl_decode_mlkem.c
Comment thread SymCryptProvider/src/p_scossl_base.c Outdated
Comment thread SymCryptProvider/src/p_scossl_bio.c Outdated
mamckee and others added 2 commits June 23, 2026 01:01
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 27 changed files in this pull request and generated 4 comments.

Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 27 out of 28 changed files in this pull request and generated 8 comments.

Comment thread SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.c
Comment thread SymCryptProvider/src/p_scossl_bio.h
Comment thread SymCryptProvider/src/kem/p_scossl_mlkem.h
Comment thread SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.h
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_common.h
Comment thread SymCryptProvider/src/decoder/p_scossl_decode_common.h
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c
@mamckee mamckee requested a review from Copilot June 23, 2026 20:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 27 out of 28 changed files in this pull request and generated 4 comments.

Comment thread SymCryptProvider/src/decoder/p_scossl_decode_common.c
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c
Comment thread SymCryptProvider/src/p_scossl_base.c
Comment thread SymCryptProvider/src/p_scossl_base.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 27 out of 28 changed files in this pull request and generated 1 comment.

Comment thread SymCryptProvider/src/p_scossl_base.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 27 out of 28 changed files in this pull request and generated 5 comments.

Comment thread SymCryptProvider/src/p_scossl_bio.h
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c
Comment thread SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c
Comment thread SymCryptProvider/src/encoder/p_scossl_encode_common.c
Comment thread SymCryptProvider/src/decoder/p_scossl_decode_common.c
@mamckee mamckee marked this pull request as ready for review June 23, 2026 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants