Skip to content

Route ML-DSA ACVP to the right APIs#2884

Merged
samuel40791765 merged 2 commits intoaws:mainfrom
samuel40791765:fix-acvp-ml-dsa-2
Dec 6, 2025
Merged

Route ML-DSA ACVP to the right APIs#2884
samuel40791765 merged 2 commits intoaws:mainfrom
samuel40791765:fix-acvp-ml-dsa-2

Conversation

@samuel40791765
Copy link
Copy Markdown
Contributor

@samuel40791765 samuel40791765 commented Dec 5, 2025

Description of changes:

The previous ML-DSA change weren't routing against the right APIs. This fixes that.

Issues were mainly:

  1. extmu is exclusive to signatureInterface=internal, but we were passing in false for signatureInterface=external.
  2. ml_dsa_*_sign APIs are non-deterministic and we weren't passing in rnd as the random bytes. This routes the SignGen tests to the right places.

Call-outs:

N/A

Testing:

New ACVP demo vector, verified against expected outputs and added to this change. The new tests fail without the new changes made to ACVP.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@samuel40791765 samuel40791765 requested a review from a team as a code owner December 5, 2025 23:00
skmcgrail
skmcgrail previously approved these changes Dec 5, 2025
View reviewed changes
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Dec 5, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.22%. Comparing base (7c02cb3) to head (ad163ed).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2884      +/-   ##
==========================================
- Coverage   78.23%   78.22%   -0.01%     
==========================================
  Files         683      683              
  Lines      117412   117416       +4     
  Branches    16500    16503       +3     
==========================================
- Hits        91856    91854       -2     
- Misses      24668    24674       +6     
  Partials      888      888

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@samuel40791765 samuel40791765 enabled auto-merge (squash) December 6, 2025 00:45
@samuel40791765 samuel40791765 merged commit 745d009 into aws:main Dec 6, 2025
387 of 391 checks passed
samuel40791765 added a commit to samuel40791765/aws-lc that referenced this pull request Dec 8, 2025
@samuel40791765
Route ML-DSA ACVP to the right APIs (aws#2884)
cfc86d9 
### Description of changes:
The previous ML-DSA change weren't routing against the right APIs. This
fixes that.

Issues were mainly:
1. `extmu` is exclusive to `signatureInterface=internal`, but we were
passing in false for `signatureInterface=external`.
2. `ml_dsa_*_sign` APIs are non-deterministic and we weren't passing in
`rnd` as the random bytes. This routes the SignGen tests to the right
places.

### Call-outs:
N/A

### Testing:
New ACVP demo vector, verified against expected outputs and added to
this change. The new tests fail without the new changes made to ACVP.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

(cherry picked from commit 745d009)
@skmcgrail skmcgrail mentioned this pull request Dec 11, 2025
Merged
justsmth pushed a commit that referenced this pull request Dec 12, 2025
@skmcgrail
Prepare v1.66.0 release (#2900)
c23b2ae 
## What's Changed
* Add encap/decapKeyCheck support in ACVP by @samuel40791765 in
#2872
* Clarify comments and API behaviour for equal-preference for TLS 1.3 by
@torben-hansen in #2873
* Add support for external contexts in ML-DSA ACVP by @samuel40791765 in
#2880
* Route ML-DSA ACVP to the right APIs by @samuel40791765 in
#2884
* Add sha1 CLI by @nhatnghiho in #2885
* Fix openssl comparison tests by @justsmth in
#2888
* tool-openssl: pkcs8 error output on decrypt by @justsmth in
#2883
* Add RSA_X931_PADDING to rsa.h by @justsmth in
#2889
* Bump urllib3 from 2.5.0 to 2.6.0 in /tests/ci by @dependabot[bot] in
#2886
* Run ACCP integration tests on aarch64 by @WillChilds-Klein in
#2894
* Blowfish OFB Block Cipher Mode Support by @skmcgrail in
#2892

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@samuel40791765 @codecov-commenter @skmcgrail @WillChilds-Klein