From f2079387119c57cdbe2702cb393c33212a23007a Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Mon, 3 Feb 2025 15:22:00 +1100
Subject: [PATCH] endecoders: make ML-KEM endecoders have fips=yes property

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26548)
---
 providers/decoders.inc | 12 ++++++------
 providers/encoders.inc | 42 +++++++++++++++++++++---------------------
 test/endecode_test.c   | 27 ++++++++++++++++++---------
 3 files changed, 45 insertions(+), 36 deletions(-)

diff --git a/providers/decoders.inc b/providers/decoders.inc
index 9effdd0835..49ac671942 100644
--- a/providers/decoders.inc
+++ b/providers/decoders.inc
@@ -83,12 +83,12 @@ DECODER_w_structure("RSA-PSS", der, SubjectPublicKeyInfo, rsapss, yes),
 DECODER("RSA", msblob, rsa, yes),
 DECODER("RSA", pvk, rsa, yes),
 #ifndef OPENSSL_NO_ML_DSA
-DECODER_w_structure("ML-DSA-44", der, PrivateKeyInfo, ml_dsa_44, no),
-DECODER_w_structure("ML-DSA-65", der, PrivateKeyInfo, ml_dsa_65, no),
-DECODER_w_structure("ML-DSA-87", der, PrivateKeyInfo, ml_dsa_87, no),
-DECODER_w_structure("ML-DSA-44", der, SubjectPublicKeyInfo, ml_dsa_44, no),
-DECODER_w_structure("ML-DSA-65", der, SubjectPublicKeyInfo, ml_dsa_65, no),
-DECODER_w_structure("ML-DSA-87", der, SubjectPublicKeyInfo, ml_dsa_87, no),
+DECODER_w_structure("ML-DSA-44", der, PrivateKeyInfo, ml_dsa_44, yes),
+DECODER_w_structure("ML-DSA-65", der, PrivateKeyInfo, ml_dsa_65, yes),
+DECODER_w_structure("ML-DSA-87", der, PrivateKeyInfo, ml_dsa_87, yes),
+DECODER_w_structure("ML-DSA-44", der, SubjectPublicKeyInfo, ml_dsa_44, yes),
+DECODER_w_structure("ML-DSA-65", der, SubjectPublicKeyInfo, ml_dsa_65, yes),
+DECODER_w_structure("ML-DSA-87", der, SubjectPublicKeyInfo, ml_dsa_87, yes),
 #endif /* OPENSSL_NO_ML_DSA */
 
 /*
diff --git a/providers/encoders.inc b/providers/encoders.inc
index 10a838c0a7..76f0b73545 100644
--- a/providers/encoders.inc
+++ b/providers/encoders.inc
@@ -69,9 +69,9 @@ ENCODER_TEXT("SM2", sm2, no),
 #endif
 
 # ifndef OPENSSL_NO_ML_DSA
-ENCODER_TEXT("ML-DSA-44", ml_dsa_44, no),
-ENCODER_TEXT("ML-DSA-65", ml_dsa_65, no),
-ENCODER_TEXT("ML-DSA-87", ml_dsa_87, no),
+ENCODER_TEXT("ML-DSA-44", ml_dsa_44, yes),
+ENCODER_TEXT("ML-DSA-65", ml_dsa_65, yes),
+ENCODER_TEXT("ML-DSA-87", ml_dsa_87, yes),
 # endif
 
 /*
@@ -230,26 +230,26 @@ ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo),
 #endif
 
 # ifndef OPENSSL_NO_ML_DSA
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-44", ml_dsa_44, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-44", ml_dsa_44, yes, pem, SubjectPublicKeyInfo),
 
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-65", ml_dsa_65, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-65", ml_dsa_65, yes, pem, SubjectPublicKeyInfo),
 
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, EncryptedPrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, PrivateKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, der, SubjectPublicKeyInfo),
-ENCODER_w_structure("ML-DSA-87", ml_dsa_87, no, pem, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, EncryptedPrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, PrivateKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, der, SubjectPublicKeyInfo),
+ENCODER_w_structure("ML-DSA-87", ml_dsa_87, yes, pem, SubjectPublicKeyInfo),
 # endif /* OPENSSL_NO_ML_DSA */
 
 /*
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 4d213044dc..06a5e6bdce 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -48,6 +48,7 @@ OSSL_provider_init_fn ossl_legacy_provider_init;
 static int default_libctx = 1;
 static int is_fips = 0;
 static int is_fips_3_0_0 = 0;
+static int is_fips_lt_3_5 = 0;
 
 static OSSL_LIB_CTX *testctx = NULL;
 static OSSL_LIB_CTX *keyctx = NULL;
@@ -1352,6 +1353,8 @@ int setup_tests(void)
 
     /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
     is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
+    /* FIPS(3.5.0) is the first to support ML-KEM and ML-DSA */
+    is_fips_lt_3_5 = is_fips && fips_provider_version_lt(testctx, 3, 5, 0);
 
 #ifdef STATIC_LEGACY
     /*
@@ -1418,9 +1421,11 @@ int setup_tests(void)
     MAKE_KEYS(X448, "X448", NULL);
 #endif
 #ifndef OPENSSL_ML_DSA
-    MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
-    MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
-    MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
+    if (!is_fips_lt_3_5) {
+        MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
+        MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
+        MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
+    }
 #endif /* OPENSSL_ML_DSA */
 
     TEST_info("Loading RSA key...");
@@ -1493,9 +1498,11 @@ int setup_tests(void)
 # endif
 
 #ifndef OPENSSL_ML_DSA
-        ADD_TEST_SUITE(ML_DSA_44);
-        ADD_TEST_SUITE(ML_DSA_65);
-        ADD_TEST_SUITE(ML_DSA_87);
+        if (!is_fips_lt_3_5) {
+            ADD_TEST_SUITE(ML_DSA_44);
+            ADD_TEST_SUITE(ML_DSA_65);
+            ADD_TEST_SUITE(ML_DSA_87);
+        }
 #endif /* OPENSSL_ML_DSA */
     }
 
@@ -1545,9 +1552,11 @@ void cleanup_tests(void)
     FREE_KEYS(RSA_PSS);
 
 #ifndef OPENSSL_ML_DSA
-    FREE_KEYS(ML_DSA_44);
-    FREE_KEYS(ML_DSA_65);
-    FREE_KEYS(ML_DSA_87);
+    if (!is_fips_lt_3_5) {
+        FREE_KEYS(ML_DSA_44);
+        FREE_KEYS(ML_DSA_65);
+        FREE_KEYS(ML_DSA_87);
+    }
 #endif /* OPENSSL_ML_DSA */
 
     OSSL_PROVIDER_unload(nullprov);