For backwards compatability reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest
-passed in `mdname` must be NULL (i.e. It effectively behaves the same as above).
+passed in `mdname` must be NULL (i.e. it effectively behaves the same as above).
Passing a non NULL digest results in an error.
OSSL_PKEY_PARAM_MANDATORY_DIGEST must return "" in the key manager getter and
For backwards compatability reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest
-passed in |mdname| must be NULL.
+passed in I<mdname> must be NULL.
=head1 EXAMPLES
static OSSL_FUNC_signature_digest_sign_init_fn ml_dsa_digest_signverify_init;
static OSSL_FUNC_signature_digest_sign_fn ml_dsa_digest_sign;
static OSSL_FUNC_signature_digest_verify_fn ml_dsa_digest_verify;
-
static OSSL_FUNC_signature_freectx_fn ml_dsa_freectx;
static OSSL_FUNC_signature_set_ctx_params_fn ml_dsa_set_ctx_params;
static OSSL_FUNC_signature_settable_ctx_params_fn ml_dsa_settable_ctx_params;
EVP_PKEY_CTX_free(vctx);
return ret;
}
-
static int ml_dsa_44_sign_verify_test(int tstid)
{
return do_ml_dsa_sign_verify("ML-DSA-44", tstid);
return do_ml_dsa_sign_verify("ML-DSA-87", tstid);
}
+static int ml_dsa_digest_sign_verify_test(void)
+{
+ int ret = 0;
+ const struct sig_params_st *sp = &sig_params[0];
+ EVP_PKEY *key = NULL;
+ uint8_t *sig = NULL;
+ size_t sig_len = 0;
+ OSSL_PARAM params[3], *p = params;
+ const char *alg = "ML-DSA-44";
+ EVP_MD_CTX *mctx = NULL;
+
+ if (!TEST_ptr(key = do_gen_key(alg, NULL, 0)))
+ goto err;
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING,
+ (int *)&sp->encoded);
+ if (sp->ctx != NULL)
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
+ sp->ctx, sp->ctx_len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ if (!TEST_ptr(mctx = EVP_MD_CTX_new())
+ || !TEST_int_eq(EVP_DigestSignInit_ex(mctx, NULL, "SHA256",
+ lib_ctx, "?fips=true",
+ key, params), 0)
+ || !TEST_int_eq(EVP_DigestSignInit_ex(mctx, NULL, NULL, lib_ctx,
+ "?fips=true", key, params), 1))
+ goto err;
+ if (sp->expected == 0) {
+ ret = 1; /* return true as we expected to fail */
+ goto err;
+ }
+ if (!TEST_int_eq(EVP_DigestSign(mctx, NULL, &sig_len, sp->msg, sp->msg_len), 1)
+ || !TEST_ptr(sig = OPENSSL_zalloc(sig_len)))
+ goto err;
+ sig_len--;
+ if (!TEST_int_eq(EVP_DigestSign(mctx, sig, &sig_len, sp->msg, sp->msg_len), 0))
+ goto err;
+ sig_len++;
+ if (!TEST_int_eq(EVP_DigestSignInit_ex(mctx, NULL, NULL, lib_ctx, "?fips=true",
+ key, params), 1)
+ || !TEST_int_eq(EVP_DigestSign(mctx, sig, &sig_len,
+ sp->msg, sp->msg_len), 1)
+ || !TEST_int_eq(EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256",
+ lib_ctx, "?fips=true",
+ key, params), 0)
+ || !TEST_int_eq(EVP_DigestVerifyInit_ex(mctx, NULL, NULL,
+ lib_ctx, "?fips=true",
+ key, params), 1)
+ || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len,
+ sp->msg, sp->msg_len), 1))
+ goto err;
+ ret = 1;
+err:
+ EVP_PKEY_free(key);
+ EVP_MD_CTX_free(mctx);
+ OPENSSL_free(sig);
+ return ret;
+}
+
const OPTIONS *test_get_options(void)
{
static const OPTIONS options[] = {
ADD_ALL_TESTS(ml_dsa_87_sign_verify_test, OSSL_NELEM(sig_params));
ADD_TEST(from_data_invalid_public_test);
ADD_TEST(from_data_bad_input_test);
+ ADD_TEST(ml_dsa_digest_sign_verify_test);
return 1;
}
setup("test_req");
-plan tests => 111;
+plan tests => 112;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
}
};
+subtest "generating certificate requests with ML-DSA" => sub {
+ plan tests => 3;
+
+ SKIP: {
+ skip "ML-DSA is not supported by this OpenSSL build", 3
+ if disabled("ml-dsa");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-x509", "-sha256", "-nodes", "-days", "365",
+ "-newkey", "ML-DSA-44",
+ "-keyout", "privatekey_ml_dsa_44.pem",
+ "-out", "cert_ml_dsa_44.pem",
+ "-subj", "/CN=test-self-signed",
+ "-addext","keyUsage=digitalSignature"])),
+ "Generating self signed ML-DSA-44 cert and private key");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-x509", "-sha256", "-nodes", "-days", "365",
+ "-newkey", "ML-DSA-65",
+ "-keyout", "privatekey_ml_dsa_65.pem",
+ "-out", "cert_ml_dsa_65.pem",
+ "-subj", "/CN=test-self-signed",
+ "-addext","keyUsage=digitalSignature"])),
+ "Generating self signed ML-DSA-65 cert and private key");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-x509", "-sha256", "-nodes", "-days", "365",
+ "-newkey", "ML-DSA-44",
+ "-keyout", "privatekey_ml_dsa_87.pem",
+ "-out", "cert_ml_dsa_87.pem",
+ "-subj", "/CN=test-self-signed",
+ "-addext","keyUsage=digitalSignature"])),
+ "Generating self signed ML-DSA-87 cert and private key");
+ }
+};
+
subtest "generating certificate requests with -cipher flag" => sub {
plan tests => 6;
projects / thirdparty / openssl.git / commitdiff
