On Tue, Oct 14, 2025 at 10:44:19PM -0000, D. J. Bernstein wrote:
> I'm not saying that it's impossible to argue for other options. For
> example, I've laid out a case for higher security margins on the
> post-quantum side, meaning X25519MLKEM1024, and I've explained how it's
> possible to make a case for higher security margins also on the
> pre-quantum side, meaning X448MLKEM1024.
FWIW, OpenSSL 3.5 and later contains an implementation of a TLS-style
X448MLKEM1024 KEM, but it is not enabled at the TLS layer, the only
barrier being lack of a codepoint. It would also be trivial[1] to add
X25519MLKEM1024, if that were registered.
--
Viktor. 🇺🇦 Слава Україні!
[1] Most the patch for this is below. Still missing TLS code points
and "capabilities" table entries.
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -625,2 +625,4 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
PROV_DESCS_X448MLKEM1024 },
+ { PROV_NAMES_X25519MLKEM1024, "provider=default",
ossl_mlx_x25519_1024_kem_kmgmt_functions,
+ PROV_DESCS_X25519MLKEM1024 },
# endif
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -659,2 +659,4 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
PROV_DESCS_X448MLKEM1024 },
+ { PROV_NAMES_X25519MLKEM1024, FIPS_DEFAULT_PROPERTIES,
ossl_mlx_x25519_1024_kem_kmgmt_functions,
+ PROV_DESCS_X25519MLKEM1024 },
# endif
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -351,2 +351,3 @@ extern const OSSL_DISPATCH
ossl_mlx_x25519_kem_kmgmt_functions[];
extern const OSSL_DISPATCH ossl_mlx_x448_kem_kmgmt_functions[];
+extern const OSSL_DISPATCH ossl_mlx_x25519_1024_kem_kmgmt_functions[];
# endif
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -424,2 +424,4 @@
#define PROV_DESCS_X448MLKEM1024 "X448+ML-KEM-1024 TLS hybrid implementation"
+#define PROV_NAMES_X25519MLKEM1024 "X25519MLKEM1024"
+#define PROV_DESCS_X25519MLKEM1024 "X25519+ML-KEM-1024 TLS hybrid
implementation"
#define PROV_NAMES_SecP256r1MLKEM768 "SecP256r1MLKEM768"
--- a/providers/implementations/keymgmt/mlx_kmgmt.c.in
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c.in
@@ -54,2 +54,3 @@ static const ECDH_VINFO hybrid_vtable[] = {
{ "X448", NULL, 56, 56, 56, 0, EVP_PKEY_ML_KEM_1024 },
+ { "X25519", NULL, 32, 32, 32, 0, EVP_PKEY_ML_KEM_1024 },
#endif
@@ -821,2 +822,3 @@ DECLARE_DISPATCH(x25519, 2);
DECLARE_DISPATCH(x448, 3);
+DECLARE_DISPATCH(x25519_1024, 4);
#endif
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
