Skip to content

[Cherry-pick FIPS 2025] Enable hybrid PQ keyshares on FIPS 4.0 branch#3038

Merged
samuel40791765 merged 2 commits intoaws:fips-2025-09-12from
samuel40791765:fips-2025-09-12-update-4
Feb 25, 2026
Merged

[Cherry-pick FIPS 2025] Enable hybrid PQ keyshares on FIPS 4.0 branch#3038
samuel40791765 merged 2 commits intoaws:fips-2025-09-12from
samuel40791765:fips-2025-09-12-update-4

Conversation

@samuel40791765
Copy link
Copy Markdown
Contributor

@samuel40791765 samuel40791765 commented Feb 24, 2026

Issues:

Resolves P388277972

Description of changes:

The two following commits from main are needed to enable hybrid PQ keyshares on the FIPS 4.0 branch:

These changes are outside the FIPS module and do not change the FIPS integrity hash.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@alexw91 @samuel40791765
Fix tests that assume X25519 will be negotiated (aws#2682)
35067f0 
Fixes tests that assume X25519 will be negotiated and will break when
the default TLS supported group is changed to X25519MLKEM768.

Related to https://github.com/aws/aws-lc/pull/2531/files

(cherry picked from commit 4ae8467)
@alexw91 @samuel40791765
Enable Hybrid PQ KeyShares by default (aws#2531)
a2b0442 
(cherry picked from commit 43721b5)
@samuel40791765 samuel40791765 requested a review from a team as a code owner February 24, 2026 20:01
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Feb 24, 2026

Codecov Report

❌ Patch coverage is 86.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.73%. Comparing base (59455f7) to head (a2b0442).

Files with missing lines Patch % Lines
ssl/extensions.cc 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                 @@
##           fips-2025-09-12    #3038      +/-   ##
===================================================
+ Coverage            78.70%   78.73%   +0.03%     
===================================================
  Files                  667      667              
  Lines               113057   113073      +16     
  Branches             16055    16073      +18     
===================================================
+ Hits                 88976    89032      +56     
+ Misses               23307    23268      -39     
+ Partials               774      773       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sgmenda sgmenda self-assigned this Feb 25, 2026
@samuel40791765 samuel40791765 merged commit d6d2288 into aws:fips-2025-09-12 Feb 25, 2026
118 of 152 checks passed
@samuel40791765 samuel40791765 deleted the fips-2025-09-12-update-4 branch February 25, 2026 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nebeid nebeid nebeid approved these changes

@justsmth justsmth justsmth approved these changes

Assignees

@sgmenda sgmenda

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@samuel40791765 @codecov-commenter @nebeid @justsmth @sgmenda @alexw91