goto err;
if (!TEST_ptr_null(pkey))
goto err;
+ } else if (strncmp(pairwise_name, "ml-dsa", 6) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-DSA-87", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else if (strncmp(pairwise_name, "slh-dsa", 7) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "SLH-DSA-SHA2-256f", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else if (strncmp(pairwise_name, "ml-kem", 6) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-KEM-1024", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
}
ret = 1;
err:
plan skip_all => "These tests are unsupported in a non fips build"
if disabled("fips");
-plan tests => 6;
+plan tests => 9;
my $provconf = srctop_file("test", "fips-and-base.cnf");
run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
"-pairwise", "eddsa"])),
"fips provider eddsa keygen pairwise failure test");
}
+
+SKIP: {
+ skip "Skip ML-DSA test because of no ml-dsa in this build", 1
+ if disabled("ml-dsa");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ml-dsa"])),
+ "fips provider ml-dsa keygen pairwise failure test");
+}
+
+SKIP: {
+ skip "Skip SLH-DSA test because of no slh-dsa in this build", 1
+ if disabled("slh-dsa");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "slh-dsa"])),
+ "fips provider slh-dsa keygen pairwise failure test");
+}
+
+SKIP: {
+ skip "Skip ML-KEM test because of no ml-kem in this build", 1
+ if disabled("ml-kem");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ml-kem"])),
+ "fips provider ml-kem keygen pairwise failure test");
+}
projects / thirdparty / openssl.git / commitdiff
