From: Pauli <ppzgs1@gmail.com>
Date: Thu, 26 Jun 2025 08:44:56 +0000 (+1000)
Subject: lms: add negative tests
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57267e2bcf67cec937ca3c5dbb08c7d9ea944dd4;p=thirdparty%2Fopenssl.git

lms: add negative tests

For EVP_PKEY_sign_message_init and EVP_PKEY_paramgen_init.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
---

diff --git a/test/lms_test.c b/test/lms_test.c
index 6294f71d5f4..eb3aa278cb5 100644
--- a/test/lms_test.c
+++ b/test/lms_test.c
@@ -296,7 +296,7 @@ static int lms_digest_verify_fail_test(void)
     return ret;
 }
 
-static int lms_signing_fail_test(void)
+static int lms_digest_signing_fail_test(void)
 {
     int ret = 0;
     LMS_ACVP_TEST_DATA *td = &lms_testdata[0];
@@ -307,7 +307,6 @@ static int lms_signing_fail_test(void)
         return 0;
     if (!TEST_ptr(vctx = EVP_MD_CTX_new()))
         goto err;
-    /* Only one shot mode is supported, streaming fails to initialise */
     if (!TEST_int_eq(EVP_DigestSignInit_ex(vctx, NULL, NULL, libctx, NULL,
                                            pub, NULL), 0))
         goto err;
@@ -318,6 +317,37 @@ static int lms_signing_fail_test(void)
     return ret;
 }
 
+static int lms_message_signing_fail_test(void)
+{
+    int ret = 0;
+    LMS_ACVP_TEST_DATA *td = &lms_testdata[0];
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_SIGNATURE *sig = NULL;
+
+    ret = TEST_ptr(pkey = lms_pubkey_from_data(td->pub, td->publen))
+        && TEST_ptr(sig = EVP_SIGNATURE_fetch(libctx, "LMS", NULL))
+        && TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL))
+        && TEST_int_eq(EVP_PKEY_sign_message_init(ctx, sig, NULL), -2);
+
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_SIGNATURE_free(sig);
+    return ret;
+}
+
+static int lms_keygen_fail_test(void)
+{
+    int ret;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    ret = TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", NULL))
+        && TEST_int_eq(EVP_PKEY_paramgen_init(ctx), -2);
+
+    EVP_PKEY_CTX_free(ctx);
+    return ret;
+}
+
 static int lms_verify_fail_test(void)
 {
     int ret = 0;
@@ -541,7 +571,9 @@ int setup_tests(void)
     ADD_ALL_TESTS(lms_verify_test, OSSL_NELEM(lms_testdata));
     ADD_TEST(lms_verify_fail_test);
     ADD_TEST(lms_digest_verify_fail_test);
-    ADD_TEST(lms_signing_fail_test);
+    ADD_TEST(lms_digest_signing_fail_test);
+    ADD_TEST(lms_message_signing_fail_test);
+    ADD_TEST(lms_keygen_fail_test);
     ADD_TEST(lms_verify_bad_sig_test);
     ADD_TEST(lms_verify_bad_sig_len_test);
     ADD_TEST(lms_verify_bad_pub_sig_test);