From: Viktor Dukhovni Date: Thu, 30 Jan 2025 04:56:19 +0000 (+1100) Subject: Test ML-KEM in FIPS module only when ML-KEM is enabled X-Git-Tag: openssl-3.5.0-alpha1~521 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc225d9fb72be4689c6da3ededdd7974b2865947;p=thirdparty%2Fopenssl.git Test ML-KEM in FIPS module only when ML-KEM is enabled Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/26569) --- diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 7afa3724328..68838bef3aa 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -2987,6 +2987,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { * openssl dgst -shake256 -xoflen 32 -binary > expected.dat */ +#ifndef OPENSSL_NO_ML_KEM static const unsigned char ml_kem_512_cipher_text[] = { 0x6b, 0xc5, 0x04, 0x00, 0x27, 0x7a, 0xbb, 0x7e, 0x6b, 0xf9, 0xfb, 0x56, 0x82, 0x01, 0x75, 0xeb, @@ -3431,3 +3432,4 @@ static const ST_KAT_KEM st_kat_kem_tests[] = { ml_kem_512_reject_secret /* No length because same as _secret's */ }, }; +#endif diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 5ba0d9348bf..45111ed1de2 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -625,6 +625,7 @@ err: } #endif /* OPENSSL_NO_ML_DSA */ +#ifndef OPENSSL_NO_ML_KEM /* * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM * encapsulation. @@ -820,6 +821,7 @@ err: EVP_PKEY_free(pkey); return ret; } +#endif /* * Test a data driven list of KAT's for digest algorithms. @@ -850,12 +852,15 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { - int i, ret = 1; + int ret = 1; +#ifndef OPENSSL_NO_ML_KEM + int i; for (i = 0; i < (int)OSSL_NELEM(st_kat_kem_tests); ++i) { if (!self_test_kem(&st_kat_kem_tests[i], st, libctx)) ret = 0; } +#endif return ret; }