Skip to content

crypto: enable ML-DSA, ML-KEM, AES-KW, and ChaCha20-Poly1305 on BoringSSL#63255

Open
panva wants to merge 4 commits into
nodejs:mainfrom
panva:make-crypto-boring-again
Open

crypto: enable ML-DSA, ML-KEM, AES-KW, and ChaCha20-Poly1305 on BoringSSL#63255
panva wants to merge 4 commits into
nodejs:mainfrom
panva:make-crypto-boring-again

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented May 11, 2026
edited
Loading

This PR wires up the following when using BoringSSL:

  • AES-KW in Web Cryptography
  • ChaCha20-Poly1305 in Web Cryptography experimental Issues and PRs related to experimental features.
  • ML-DSA and ML-KEM in Web Cryptography experimental Issues and PRs related to experimental features.
  • ML-DSA and ML-KEM in node:crypto

Refs: electron/electron#36256
Refs: electron/electron#41720
Refs: electron/electron#51127

panva added 4 commits May 11, 2026 18:10
@panva
src: simplify OpenSSL feature gates
fafacbf 
Add OPENSSL_WITH_* feature macros for crypto capabilities that vary by
OpenSSL version and use those instead of repeating version checks.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire AES-KW in Web Cryptography when using BoringSSL
0bd26bd 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL
0d2bf8d 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire ML-DSA and ML-KEM for use when using BoringSSL
96d0932 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva requested review from anonrig, codebytere and jasnell May 11, 2026 16:17
@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. labels May 11, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 11, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/performance
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels May 11, 2026
@panva panva requested a review from addaleax May 11, 2026 16:17
@panva panva mentioned this pull request May 11, 2026
Merged
5 tasks
@codecov
Copy link
Copy Markdown

codecov Bot commented May 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.24390% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.03%. Comparing base (58cd0b8) to head (96d0932).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
lib/internal/crypto/webidl.js 50.00% 5 Missing ⚠️
src/crypto/crypto_pqc.cc 92.00% 0 Missing and 2 partials ⚠️
src/crypto/crypto_keys.cc 97.61% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #63255      +/-   ##
==========================================
- Coverage   90.04%   90.03%   -0.01%     
==========================================
  Files         713      713              
  Lines      224950   224969      +19     
  Branches    42531    42546      +15     
==========================================
+ Hits       202555   202559       +4     
  Misses      14182    14182              
- Partials     8213     8228      +15
Files with missing lines Coverage Δ
lib/internal/crypto/util.js 97.08% <100.00%> (+0.10%) ⬆️
src/crypto/crypto_aes.cc 53.81% <ø> (ø)
src/crypto/crypto_aes.h 33.33% <ø> (ø)
src/crypto/crypto_argon2.cc 64.13% <ø> (ø)
src/crypto/crypto_argon2.h 50.00% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.cc 58.13% <ø> (ø)
src/crypto/crypto_cipher.cc 77.43% <ø> (ø)
src/crypto/crypto_kem.cc 80.74% <ø> (ø)
src/crypto/crypto_kem.h 33.33% <ø> (ø)
src/crypto/crypto_kmac.cc 56.66% <ø> (ø)
... and 7 more

... and 27 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell Awaiting requested review from jasnell

@anonrig anonrig Awaiting requested review from anonrig

@codebytere codebytere Awaiting requested review from codebytere

@addaleax addaleax Awaiting requested review from addaleax

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@panva @nodejs-github-bot