Skip to content

crypto: enable ML-DSA, ML-KEM, AES-KW, and ChaCha20-Poly1305 on BoringSSL#63255

Open
panva wants to merge 4 commits into
nodejs:mainfrom
panva:make-crypto-boring-again
Open

crypto: enable ML-DSA, ML-KEM, AES-KW, and ChaCha20-Poly1305 on BoringSSL#63255
panva wants to merge 4 commits into
nodejs:mainfrom
panva:make-crypto-boring-again

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented May 11, 2026
edited
Loading

This PR wires up the following when using BoringSSL:

  • AES-KW in Web Cryptography
  • ChaCha20-Poly1305 in Web Cryptography experimental Issues and PRs related to experimental features.
  • ML-DSA and ML-KEM in Web Cryptography experimental Issues and PRs related to experimental features.
  • ML-DSA and ML-KEM in node:crypto

Refs: electron/electron#36256
Refs: electron/electron#41720
Refs: electron/electron#51127

@panva panva requested review from anonrig, codebytere and jasnell May 11, 2026 16:17
@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. labels May 11, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 11, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/performance
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels May 11, 2026
@panva panva requested a review from addaleax May 11, 2026 16:17
@panva panva mentioned this pull request May 11, 2026
Merged
5 tasks
@codecov
Copy link
Copy Markdown

codecov Bot commented May 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.24390% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.05%. Comparing base (6482073) to head (a1d227f).
⚠️ Report is 9 commits behind head on main.

Files with missing lines Patch % Lines
lib/internal/crypto/webidl.js 50.00% 5 Missing ⚠️
src/crypto/crypto_pqc.cc 92.00% 0 Missing and 2 partials ⚠️
src/crypto/crypto_keys.cc 97.61% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #63255      +/-   ##
==========================================
+ Coverage   90.04%   90.05%   +0.01%     
==========================================
  Files         714      714              
  Lines      225352   225371      +19     
  Branches    42605    42621      +16     
==========================================
+ Hits       202909   202954      +45     
+ Misses      14234    14191      -43     
- Partials     8209     8226      +17
Files with missing lines Coverage Δ
lib/internal/crypto/util.js 97.08% <100.00%> (+0.10%) ⬆️
src/crypto/crypto_aes.cc 54.16% <ø> (+0.34%) ⬆️
src/crypto/crypto_aes.h 33.33% <ø> (ø)
src/crypto/crypto_argon2.cc 64.13% <ø> (ø)
src/crypto/crypto_argon2.h 50.00% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.cc 58.13% <ø> (ø)
src/crypto/crypto_cipher.cc 77.43% <ø> (ø)
src/crypto/crypto_kem.cc 80.74% <ø> (ø)
src/crypto/crypto_kem.h 33.33% <ø> (ø)
src/crypto/crypto_kmac.cc 56.66% <ø> (ø)
... and 7 more

... and 34 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

panva added 3 commits May 15, 2026 09:47
@panva
src: simplify OpenSSL feature gates
45d5040 
Add OPENSSL_WITH_* feature macros for crypto capabilities that vary by
OpenSSL version and use those instead of repeating version checks.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire AES-KW in Web Cryptography when using BoringSSL
9a007e4 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL
556bcb3 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva force-pushed the make-crypto-boring-again branch from 96d0932 to fbb81c2 Compare May 15, 2026 07:47
@panva
crypto: wire ML-DSA and ML-KEM for use when using BoringSSL
a1d227f 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva force-pushed the make-crypto-boring-again branch from fbb81c2 to a1d227f Compare May 15, 2026 09:51
@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels May 15, 2026
@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 15, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 15, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/73462/

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 15, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/73471/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@anonrig anonrig Awaiting requested review from anonrig

@codebytere codebytere Awaiting requested review from codebytere

@addaleax addaleax Awaiting requested review from addaleax

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@panva @nodejs-github-bot @jasnell