From: slontis <shane.lontis@oracle.com>
Date: Thu, 6 Feb 2025 20:52:27 +0000 (+1100)
Subject: MLDSA: Fix no-ml-dsa configure option.
X-Git-Tag: openssl-3.5.0-alpha1~557
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dd1d010130c587c47d507ca501f6dc239798a97c;p=thirdparty%2Fopenssl.git

MLDSA: Fix no-ml-dsa configure option.

Added to 'bulk' group and CI

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26654)
---

diff --git a/Configure b/Configure
index b090f0ad364..98ad2dc8248 100755
--- a/Configure
+++ b/Configure
@@ -623,7 +623,7 @@ my @disable_cascades = (
                              "ec", "engine",
                              "filenames",
                              "idea", "ktls",
-                             "md4", "multiblock", "nextprotoneg",
+                             "md4", "ml-dsa", "multiblock", "nextprotoneg",
                              "ocsp", "ocb", "poly1305", "psk",
                              "rc2", "rc4", "rmd160",
                              "seed", "siphash", "siv",
diff --git a/crypto/ml_dsa/build.info b/crypto/ml_dsa/build.info
index eb6a16dec69..a0aee56f5a0 100644
--- a/crypto/ml_dsa/build.info
+++ b/crypto/ml_dsa/build.info
@@ -4,7 +4,7 @@ $COMMON=ml_dsa_encoders.c ml_dsa_key_compress.c ml_dsa_key.c \
         ml_dsa_matrix.c ml_dsa_ntt.c ml_dsa_params.c ml_dsa_sample.c \
         ml_dsa_sign.c
 
-IF[{- !$disabled{'ml_dsa'} -}]
+IF[{- !$disabled{'ml-dsa'} -}]
   SOURCE[../../libcrypto]=$COMMON
   SOURCE[../../providers/libfips.a]=$COMMON
 ENDIF
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 6377693de3e..1cbb30f1846 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -567,6 +567,7 @@ err:
     return ret;
 }
 
+#ifndef OPENSSL_NO_ML_DSA
 /*
  * Test that a deterministic key generation produces the correct key
  */
@@ -621,6 +622,7 @@ err:
     OSSL_SELF_TEST_onend(st, ret);
     return ret;
 }
+#endif /* OPENSSL_NO_ML_DSA */
 
 /*
  * Test a data driven list of KAT's for digest algorithms.
@@ -839,6 +841,7 @@ static int setup_main_random(OSSL_LIB_CTX *libctx)
 
 static int self_test_asym_keygens(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
 {
+#ifndef OPENSSL_NO_ML_DSA
     int i, ret = 1;
 
     for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_keygen_tests); ++i) {
@@ -846,6 +849,9 @@ static int self_test_asym_keygens(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
             ret = 0;
     }
     return ret;
+#else
+    return 1;
+#endif /* OPENSSL_NO_ML_DSA */
 }
 
 /*
diff --git a/providers/implementations/encode_decode/ml_dsa_codecs.h b/providers/implementations/encode_decode/ml_dsa_codecs.h
index 87993415fba..86a4303a0c8 100644
--- a/providers/implementations/encode_decode/ml_dsa_codecs.h
+++ b/providers/implementations/encode_decode/ml_dsa_codecs.h
@@ -11,9 +11,10 @@
 # define PROV_ML_DSA_CODECS_H
 # pragma once
 
-# include <openssl/e_os2.h>
-# include "crypto/ml_dsa.h"
-# include "prov/provider_ctx.h"
+# ifndef OPENSSL_NO_ML_DSA
+#  include <openssl/e_os2.h>
+#  include "crypto/ml_dsa.h"
+#  include "prov/provider_ctx.h"
 
  /*-
   * The DER ASN.1 encoding of ML-KEM (and ML-DSA) public keys prepends 22 bytes
@@ -26,7 +27,7 @@
   * -  4 byte bit string tag and length
   * -    1 bitstring lead byte
   */
-# define ML_DSA_SPKI_OVERHEAD   22
+#  define ML_DSA_SPKI_OVERHEAD   22
 typedef struct {
     const uint8_t asn1_prefix[ML_DSA_SPKI_OVERHEAD];
 } ML_DSA_SPKI_FMT;
@@ -100,4 +101,5 @@ __owur
 int ossl_ml_dsa_i2d_prvkey(const ML_DSA_KEY *key, unsigned char **out,
                            PROV_CTX *provctx);
 
+# endif /* OPENSSL_NO_ML_DSA */
 #endif  /* PROV_ML_DSA_CODECS_H */
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 06a5e6bdce5..e730ac4ca52 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -1066,14 +1066,14 @@ IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
 #endif
 
-#ifndef OPENSSL_ML_DSA
+#ifndef OPENSSL_NO_ML_DSA
 KEYS(ML_DSA_44);
 KEYS(ML_DSA_65);
 KEYS(ML_DSA_87);
 IMPLEMENT_TEST_SUITE(ML_DSA_44, "ML-DSA-44", 1)
 IMPLEMENT_TEST_SUITE(ML_DSA_65, "ML-DSA-65", 1)
 IMPLEMENT_TEST_SUITE(ML_DSA_87, "ML-DSA-87", 1)
-#endif /*  OPENSSL_ML_DSA */
+#endif /*  OPENSSL_NO_ML_DSA */
 
 #ifndef OPENSSL_NO_EC
 /* Explicit parameters that match a named curve */
@@ -1420,13 +1420,13 @@ int setup_tests(void)
     MAKE_KEYS(X25519, "X25519", NULL);
     MAKE_KEYS(X448, "X448", NULL);
 #endif
-#ifndef OPENSSL_ML_DSA
+#ifndef OPENSSL_NO_ML_DSA
     if (!is_fips_lt_3_5) {
         MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
         MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
         MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
     }
-#endif /* OPENSSL_ML_DSA */
+#endif /* OPENSSL_NO_ML_DSA */
 
     TEST_info("Loading RSA key...");
     ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
@@ -1497,13 +1497,13 @@ int setup_tests(void)
         ADD_TEST_SUITE_PROTECTED_PVK(RSA);
 # endif
 
-#ifndef OPENSSL_ML_DSA
+#ifndef OPENSSL_NO_ML_DSA
         if (!is_fips_lt_3_5) {
             ADD_TEST_SUITE(ML_DSA_44);
             ADD_TEST_SUITE(ML_DSA_65);
             ADD_TEST_SUITE(ML_DSA_87);
         }
-#endif /* OPENSSL_ML_DSA */
+#endif /* OPENSSL_NO_ML_DSA */
     }
 
     return 1;
@@ -1551,13 +1551,13 @@ void cleanup_tests(void)
     FREE_KEYS(RSA);
     FREE_KEYS(RSA_PSS);
 
-#ifndef OPENSSL_ML_DSA
+#ifndef OPENSSL_NO_ML_DSA
     if (!is_fips_lt_3_5) {
         FREE_KEYS(ML_DSA_44);
         FREE_KEYS(ML_DSA_65);
         FREE_KEYS(ML_DSA_87);
     }
-#endif /* OPENSSL_ML_DSA */
+#endif /* OPENSSL_NO_ML_DSA */
 
     OSSL_PROVIDER_unload(nullprov);
     OSSL_PROVIDER_unload(deflprov);