Skip to content

Add ML-DSA support to X.509 signing and verification#14889

Open
alex wants to merge 2 commits into
mainfrom
claude/add-ml-dsa-x509-HNtog
Open

Add ML-DSA support to X.509 signing and verification#14889
alex wants to merge 2 commits into
mainfrom
claude/add-ml-dsa-x509-HNtog

Conversation

@alex
Copy link
Copy Markdown
Member

@alex alex commented May 21, 2026

Summary

Adds support for using ML-DSA (FIPS 204) keys with X.509:

  • Sign and verify X.509 certificates, certificate signing requests, and certificate revocation lists with MLDSA44/MLDSA65/MLDSA87 private keys.
  • Use ML-DSA public keys as certificate public keys, and load certificates/CSRs/CRLs that carry them.

Like Ed25519/Ed448, ML-DSA is a hashless scheme, so signing requires algorithm=None. The signing/verification dispatch in src/rust/src/x509/sign.rs now recognizes the three ML-DSA key types, mapping them to the existing MlDsa44/65/87 AlgorithmParameters (the OIDs and ASN.1 variants already existed). The public OID constants this builds on were added in #14884.

This requires a backend with ML-DSA support (AWS-LC, BoringSSL, or OpenSSL 3.5+); on other backends the new tests skip.

Test plan

  • New tests for building/verifying certificates, CSRs, and CRLs with each ML-DSA variant (signature OID, hashless signature, public-key round-trip, verify_directly_issued_by, bad-signature rejection)
  • Full tests/x509/ suite passes against AWS-LC with no regressions
  • Rust unit tests, cargo fmt/clippy, ruff, and mypy clean
  • CI green across the OpenSSL/BoringSSL/AWS-LC/LibreSSL matrices

https://claude.ai/code/session_01ENDmAD4rsLTkCw1QG9txBL

Generated by Claude Code

claude added 2 commits May 21, 2026 04:00
@claude
Add ML-DSA support to X.509 signing and verification
0ee366f 
Allow ML-DSA-44/65/87 keys to sign and verify X.509 certificates,
certificate signing requests, and certificate revocation lists, and
to be used as certificate public keys. ML-DSA, like Ed25519/Ed448, is
a hashless signature scheme, so signing requires algorithm=None.

https://claude.ai/code/session_01ENDmAD4rsLTkCw1QG9txBL
@claude
Add coverage for ML-DSA hash-rejection path in cert signing
7eaca60 
The arm in compute_signature_algorithm that rejects a hash algorithm
passed alongside an ML-DSA key was not exercised by any test, leaving
sign.rs below 100% coverage.

https://claude.ai/code/session_01ENDmAD4rsLTkCw1QG9txBL
reaperhulk
reaperhulk reviewed May 23, 2026
View reviewed changes
Comment thread tests/x509/test_x509.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reaperhulk reaperhulk reaperhulk left review comments

+1 more reviewer

@dadrian dadrian dadrian approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alex @reaperhulk @dadrian @claude