Reject seedless ML-KEM/ML-DSA PKCS#8 imports in WebCrypto (
8ccbe8e)
SubtleCrypto now throws NotSupportedError when importing ML-KEM or ML-DSA PKCS#8 private keys that omit the seed. This closes a gap where seedless private-only encodings were previously accepted, and the new tests also cover mismatched expanded-key cases.
Default ML-KEM/ML-DSA PKCS#8 exports to seed-only when available (da5843b)
OpenSSL provider parameters are now configured so PKCS#8 exports prefer the seed-only format for ML-KEM and ML-DSA private keys, falling back to private-only only when no seed exists. That makes exported keys more consistent with the seed-bearing form users expect, and the tests were updated accordingly.
Other misc changes
- Updated bundled
merveto 1.2.2 - Removed outdated Chrome 66 /
ndbdebugger docs - Added missing
throwIfNoEntryhistory entries forfs.statAPIs