endecoders: make ML-KEM endecoders have fips=yes property

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)

providers/decoders.inc

@@ -83,12 +83,12 @@ DECODER_w_structure("RSA-PSS", der, SubjectPublicKeyInfo, rsapss, yes),
 DECODER("RSA", msblob, rsa, yes),
 DECODER("RSA", pvk, rsa, yes),
 #ifndef OPENSSL_NO_ML_DSA
-DECODER_w_structure("ML-DSA-44", der, PrivateKeyInfo, ml_dsa_44, no),
-DECODER_w_structure("ML-DSA-65", der, PrivateKeyInfo, ml_dsa_65, no),
-DECODER_w_structure("ML-DSA-87", der, PrivateKeyInfo, ml_dsa_87, no),
-DECODER_w_structure("ML-DSA-44", der, SubjectPublicKeyInfo, ml_dsa_44, no),
-DECODER_w_structure("ML-DSA-65", der, SubjectPublicKeyInfo, ml_dsa_65, no),
-DECODER_w_structure("ML-DSA-87", der, SubjectPublicKeyInfo, ml_dsa_87, no),
+DECODER_w_structure("ML-DSA-44", der, PrivateKeyInfo, ml_dsa_44, yes),
+DECODER_w_structure("ML-DSA-65", der, PrivateKeyInfo, ml_dsa_65, yes),
+DECODER_w_structure("ML-DSA-87", der, PrivateKeyInfo, ml_dsa_87, yes),
+DECODER_w_structure("ML-DSA-44", der, SubjectPublicKeyInfo, ml_dsa_44, yes),
+DECODER_w_structure("ML-DSA-65", der, SubjectPublicKeyInfo, ml_dsa_65, yes),
+DECODER_w_structure("ML-DSA-87", der, SubjectPublicKeyInfo, ml_dsa_87, yes),
 #endif /* OPENSSL_NO_ML_DSA */
 
 /*

providers/encoders.inc

@@ -69,9 +69,9 @@ ENCODER_TEXT("SM2", sm2, no),
 #endif
 
 # ifndef OPENSSL_NO_ML_DSA
-ENCODER_TEXT("ML-DSA-44", ml_dsa_44, no),
-ENCODER_TEXT("ML-DSA-65", ml_dsa_65, no),
-ENCODER_TEXT("ML-DSA-87", ml_dsa_87, no),
+ENCODER_TEXT("ML-DSA-44", ml_dsa_44, yes),
+ENCODER_TEXT("ML-DSA-65", ml_dsa_65, yes),
+ENCODER_TEXT("ML-DSA-87", ml_dsa_87, yes),
 # endif
 
 /*
@@ -230,26 +230,26 @@ ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo),
 #endif
 
 # ifndef OPENSSL_NO_ML_DSA
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, SubjectPublicKeyInfo),
 
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, SubjectPublicKeyInfo),
 
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, SubjectPublicKeyInfo),
 # endif /* OPENSSL_NO_ML_DSA */
 
 /*

test/endecode_test.c

@@ -48,6 +48,7 @@ OSSL_provider_init_fn ossl_legacy_provider_init;
 static int default_libctx = 1;
 static int is_fips = 0;
 static int is_fips_3_0_0 = 0;
+static int is_fips_lt_3_5 = 0;
 
 static OSSL_LIB_CTX *testctx = NULL;
 static OSSL_LIB_CTX *keyctx = NULL;
@@ -1352,6 +1353,8 @@ int setup_tests(void)
 
     /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
     is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
+    /* FIPS(3.5.0) is the first to support ML-KEM and ML-DSA */
+    is_fips_lt_3_5 = is_fips && fips_provider_version_lt(testctx, 3, 5, 0);
 
 #ifdef STATIC_LEGACY
     /*
@@ -1418,9 +1421,11 @@ int setup_tests(void)
     MAKE_KEYS(X448, "X448", NULL);
 #endif
 #ifndef OPENSSL_ML_DSA
-    MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
-    MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
-    MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
+    if (!is_fips_lt_3_5) {
+        MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
+        MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
+        MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
+    }
 #endif /* OPENSSL_ML_DSA */
 
     TEST_info("Loading RSA key...");
@@ -1493,9 +1498,11 @@ int setup_tests(void)
 # endif
 
 #ifndef OPENSSL_ML_DSA
-        ADD_TEST_SUITE(ML_DSA_44);
-        ADD_TEST_SUITE(ML_DSA_65);
-        ADD_TEST_SUITE(ML_DSA_87);
+        if (!is_fips_lt_3_5) {
+            ADD_TEST_SUITE(ML_DSA_44);
+            ADD_TEST_SUITE(ML_DSA_65);
+            ADD_TEST_SUITE(ML_DSA_87);
+        }
 #endif /* OPENSSL_ML_DSA */
     }
 
@@ -1545,9 +1552,11 @@ void cleanup_tests(void)
     FREE_KEYS(RSA_PSS);
 
 #ifndef OPENSSL_ML_DSA
-    FREE_KEYS(ML_DSA_44);
-    FREE_KEYS(ML_DSA_65);
-    FREE_KEYS(ML_DSA_87);
+    if (!is_fips_lt_3_5) {
+        FREE_KEYS(ML_DSA_44);
+        FREE_KEYS(ML_DSA_65);
+        FREE_KEYS(ML_DSA_87);
+    }
 #endif /* OPENSSL_ML_DSA */
 
     OSSL_PROVIDER_unload(nullprov);