Add method to get type of ML-DSA instance configured under EVP PKEY#2980
Merged
torben-hansen merged 2 commits intoaws:mainfrom Feb 4, 2026
Merged
Add method to get type of ML-DSA instance configured under EVP PKEY#2980torben-hansen merged 2 commits intoaws:mainfrom
torben-hansen merged 2 commits intoaws:mainfrom
Conversation
| } | ||
|
|
||
| int EVP_PKEY_pqdsa_get_type(const EVP_PKEY *pkey) { | ||
| SET_DIT_AUTO_RESET; |
Contributor
There was a problem hiding this comment.
warning: use of undeclared identifier 'SET_DIT_AUTO_RESET' [clang-diagnostic-error]
SET_DIT_AUTO_RESET;
^
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2980 +/- ##
=======================================
Coverage 78.30% 78.31%
=======================================
Files 689 689
Lines 120959 120966 +7
Branches 16985 16988 +3
=======================================
+ Hits 94717 94729 +12
+ Misses 25345 25341 -4
+ Partials 897 896 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
justsmth
reviewed
Feb 3, 2026
Contributor
WillChilds-Klein
left a comment
There was a problem hiding this comment.
looking forward to deleting this fun little check we have to do in ACCP!
dkostic
previously approved these changes
Feb 3, 2026
dkostic
approved these changes
Feb 3, 2026
WillChilds-Klein
approved these changes
Feb 3, 2026
Merged
justsmth
added a commit
that referenced
this pull request
Feb 20, 2026
### Description of changes: * Bump urllib3 from 2.6.0 to 2.6.3 in /tests/ci by @dependabot[bot] in #2932 * Add weekly automated check for outdated third-party test vectors by @sgmenda in #2933 * Enable Hybrid PQ KeyShares by default by @alexw91 in #2531 * Remove AVX conditional from cmake script by @torben-hansen in #2958 * openssl-ca command implementation for self-sign certificates by @skmcgrail in #2937 * Initial Framework for Using Doxygen to Document Public Header Files by @m271828 in #2908 * Move md4 out of FIPS module by @torben-hansen in #2956 * Fix image-build-windows workflow to only push on workflow_call and workflow_dispatch by @skmcgrail in #2961 * Remove FIPS counter framework and other tidying up by @torben-hansen in #2947 * Model Device Farm CI Resources in CDK by @skmcgrail in #2965 * Adds a new randomness generation API by @torben-hansen in #2963 * Migrate Android Testing to GitHub Actions by @skmcgrail in #2969 * Ensure pkcs7 checks ASN1_TYPE->type by @skmcgrail in #2968 * Fix checkout logic for android-omnibus by @skmcgrail in #2970 * Add missing env vars to check-vectors workflow step by @sgmenda in #2962 * Shorten Windows Build Directory Path by @skmcgrail in #2974 * Bump mysql cluster version by @WillChilds-Klein in #2967 * Integrate Wycheproof ML-DSA test vectors by @sgmenda in #2973 * Simplify FIPS conditional in top-level build script by @torben-hansen in #2976 * Fix aws-lc-rs CI job by @justsmth in #2966 * Add method to get type of ML-DSA instance configured under EVP PKEY by @torben-hansen in #2980 * Nmap build needs liblinear by @justsmth in #2985 * Disable SLP vectorizer for FIPS shared library builds on GCC 14+ by @geedo0 in #2977 * Update Wycheproof ECDSA test vectors and fix workflow typo by @sgmenda in #2972 * Address some CMake findings by @skmcgrail in #2979 * Bump bytes from 1.7.1 to 1.11.1 in /tests/ci/lambda by @dependabot[bot] in #2983 * Support GCC 4.8 for aarch64 by @justsmth in #2964 * Free potential memory before assigning new pointer by @torben-hansen in #2989 * Add PyOpenSSL integration test by @WillChilds-Klein in #2992 * Ensure index argument is not negative in ASN1_BIT_STRING_set_bit by @torben-hansen in #2987 * Ensure no overflow in signed output length in do_buf by @torben-hansen in #2988 * Remove redundant CPython 3.9 integration test by @WillChilds-Klein in #2996 * Ensure public key is set before verifying through ML-DSA verify by @torben-hansen in #2990 * Correct CCM nids in object definition by @torben-hansen in #2991 * Address Reported Bug Findings by @skmcgrail in #3000 * Fix CI: gcc-4.8 by @justsmth in #3011 * Fix Windows CI: use `cd /d` in run_windows_tests.bat to handle cross-drive paths by @justsmth in #3012 * Fix OPENSSL_memchr per C23 by @justsmth in #3008 * Fix argument order in `hmac_copy` by @justsmth in #3014 * Miscellaneous CI improvements by @skmcgrail in #2978 * Fix CI: mariadb by @justsmth in #3015 * Update Ubuntu 24:04 image compiler verification by @skmcgrail in #3017 * Support WASM/Emscripten by @justsmth in #2959 * Generate Rust Bindings by @justsmth in #2999 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issues:
P375996324
Description of changes:
The actual ML-DSA instance configured under an EVP PKEY is two levels deep. And it's configured in an object whose definition is internal. There currently exist no accessor that consumers can use to access that. From the top-level the only information one can retrieve as a generic
EVP_PKEY_PQDSAidentifier.This PR adds a function to get the more granular identifier. This information could be derived through e.g. the key size. But that's not a terribly good user experience.
I considered adding a getter for
PQDSA_KEYthat has a reference to thePQDSAobject that configures the named identifier we are after. But none of those are referenced counted, so the implementation would look different from what the current pattern is for other PKEY key types (or one would need to implemented reference counting in the objects (no thanks)).The concept "PQ DSA" is not a well-defined functional interface. But the abstraction has already escaped and no longer an internal implementation detail. So, I'm not sure we can revert back to a top-level
EVP_PKEY_footype anymore (e.g. similar to the 25519 pattern).FWIW, same problem exist for the KEM key type. At least I don't immediately see a method to get the configured instance.
Testing:
Simple test to check the correct NID is returned.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.