From: slontis <shane.lontis@oracle.com>
Date: Tue, 21 Jan 2025 00:58:49 +0000 (+1100)
Subject: ML-DSA encoder fixups
X-Git-Tag: openssl-3.5.0-alpha1~597
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5a1caef900373c552f28aba97221a16686207edf;p=thirdparty%2Fopenssl.git

ML-DSA encoder fixups

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26483)
---

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index e52fa5c9304..85eb94b369d 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -647,26 +647,19 @@ ml_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)
     const X509_ALGOR *alg = NULL;
     int plen, ptype;
 
-    /*
-     * The private key format in PKCS8 is the 64-bytes (d, z) seed pair.
-     * Algorithm parameters must be absent.
-     */
     if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL
         || !PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf))
         goto end;
 
+    /* Algorithm parameters must be absent */
     if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) {
         ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,
                        "unexpected parameters with a PKCS#8 %s private key",
                        ctx->desc->keytype_name);
         goto end;
     }
-    if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type) {
-        ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_OID,
-                       "unexpected algorithm OID for a PKCS#8 %s private key",
-                       ctx->desc->keytype_name);
+    if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)
         goto end;
-    }
     if ((key = ossl_ml_dsa_key_new(libctx, ctx->propq,
                                    ctx->desc->keytype_name)) == NULL)
         goto end;
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index a67c63d6cc6..4d1881d6c4e 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -597,16 +597,19 @@ static int ml_dsa_to_text(BIO *out, const void *key, int selection)
         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
+    name = ossl_ml_dsa_key_get_name(key);
     if (ossl_ml_dsa_key_get_pub(key) == NULL) {
         /* Regardless of the |selection|, there must be a public key */
-        ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
+        ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
+                       "no %s key material available", name);
         return 0;
     }
 
     name = ossl_ml_dsa_key_get_name(key);
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
         if (ossl_ml_dsa_key_get_priv(key) == NULL) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
+            ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
+                           "no %s key material available", name);
             return 0;
         }
         if (BIO_printf(out, "%s Private-Key:\n", name) <= 0)
diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index fbe5cc87d56..a10c21fc341 100644
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -212,9 +212,6 @@ static int ml_dsa_export(void *keydata, int selection,
 
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
         return 0;
-    /* The public key is required for private keys */
-    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
-        return 0;
 
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)