Skip to content

chore: Delete all code that references Kyber#5705

Merged
alexw91 merged 1 commit intoaws:mainfrom
alexw91:delete-kyber
Feb 19, 2026
Merged

chore: Delete all code that references Kyber#5705
alexw91 merged 1 commit intoaws:mainfrom
alexw91:delete-kyber

Conversation

@alexw91
Copy link
Copy Markdown
Contributor

@alexw91 alexw91 commented Jan 15, 2026
edited
Loading

Goal

Removes any reference that Kyber ever existed from s2n-tls's codebase.

Why

  1. Kyber was a draft standard that predates MLKEM.
  2. AWS-LC about to delete their Kyber implementation code.
  3. Now that MLKEM is standardized and supported everywhere that Kyber was previously supported, we no longer need Kyber, and can delete any references to it.

How

  • Did a bunch of grep -ni kyber -r . in the s2n-tls directory and deleted everything I could find.
  • Where it was trivial, tests were updated in place to use MLKEM. Otherwise Kyber tests were deleted entirely.
  • PQ TLS Policies that only had Kyber (and did not have MLKEM) were deleted and marked as deprecated.
  • PQ TLS Policies that contained both MLKEM and Kyber, were updated in place to have Kyber removed from the bottom of the preference list.
  • All references or usages of LibOQS is removed (since it was only used to test Kyber interoperability)

Callouts

  1. There is still a lot of dead PQ TLS 1.2 code paths that are never used. Those still need to be removed eventually.
  2. This PR deletes the s2n TLS Policy 20240730 which was previously pointed to by default_pq. I don't think that will cause any issues, but wanted to call that out for others to confirm.
  3. test_all_fips was updated to add all MLKEM KeyShares since kem_preferences_all is now FIPS compliant.
  4. Updated crypto/s2n_fips_rules.c so that pure ML-KEM-1024 would be detected as FIPS.
  5. Note: As a rule of thumb, any PQ TLS Policy with the year "2023" or earlier in the name only contained Kyber and is now deprecated. PQ TLS Policies with the year "2024" or newer in the name contained both MLKEM and Kyber and are still supported by s2n (just with Kyber support removed).

Testing

Unit Testing on M4 Mac.

Related

Related to:

release summary: Delete all code that references Kyber

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@alexw91 alexw91 requested a review from dougch as a code owner January 15, 2026 23:49
@alexw91 alexw91 marked this pull request as draft January 15, 2026 23:50
@alexw91 alexw91 force-pushed the delete-kyber branch 5 times, most recently from 7b38a03 to 7820197 Compare January 16, 2026 00:48
@alexw91 alexw91 marked this pull request as ready for review January 16, 2026 01:16
maddeleine
maddeleine reviewed Jan 16, 2026
View reviewed changes
dougch
dougch approved these changes Jan 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dougch dougch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! it might also be worth calling out dropping OQS...

maddeleine
maddeleine reviewed Jan 23, 2026
View reviewed changes
@alexw91 alexw91 requested a review from maddeleine January 27, 2026 20:51
@dougch dougch self-requested a review February 2, 2026 18:38
@CarolYeh910 CarolYeh910 mentioned this pull request Feb 3, 2026
Merged
@alexw91 alexw91 changed the title Delete all code that references Kyber chore: Delete all code that references Kyber Feb 19, 2026
@alexw91 alexw91 added this pull request to the merge queue Feb 19, 2026
Merged via the queue into aws:main with commit 8f842ab Feb 19, 2026
54 checks passed
@alexw91 alexw91 deleted the delete-kyber branch February 19, 2026 21:17
@CarolYeh910 CarolYeh910 mentioned this pull request Mar 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dougch dougch dougch approved these changes

@maddeleine maddeleine maddeleine approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexw91 @dougch @maddeleine