{
OSSL_SELF_TEST_DESC_SIGN_SLH_DSA,
"SLH-DSA-SHA2-128f", "SLH-DSA-SHA2-128f",
- 0, SIGNATURE_MODE_SIG_DIGESTED,
+ 1, SIGNATURE_MODE_SIG_DIGESTED,
slh_dsa_sha2_128f_key_params,
ITM(slh_dsa_sha2_sig_msg),
NULL, 0, NULL, 0, NULL, 0,
{
OSSL_SELF_TEST_DESC_SIGN_SLH_DSA,
"SLH-DSA-SHAKE-128f", "SLH-DSA-SHAKE-128f",
- 0, SIGNATURE_MODE_SIG_DIGESTED,
+ 1, SIGNATURE_MODE_SIG_DIGESTED,
slh_dsa_shake_128f_key_params,
ITM(slh_dsa_shake_sig_msg),
NULL, 0, NULL, 0, NULL, 0,
# if !defined(OPENSSL_NO_SLH_DSA)
{
OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA,
- "SLH-DSA-SHA2-128f", 0,
+ "SLH-DSA-SHA2-128f", 1,
slh_dsa_sha2_128f_keygen_init_params,
slh_dsa_128f_keygen_expected_params
},
#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
+#ifdef FIPS_MODULE
+static FIPS_DEFERRED_TEST slh_key_gen_deferred_tests[] = {
+ {
+ "SLH-DSA-SHA2-128f",
+ FIPS_DEFERRED_KAT_ASYM_KEYGEN,
+ FIPS_DEFERRED_TEST_INIT
+ },
+ { NULL, 0, 0 },
+};
+#endif
+
+static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
+{
+ if (!ossl_prov_is_running())
+ return 0;
+
+#ifdef FIPS_MODULE
+ return FIPS_deferred_self_tests(libctx, slh_key_gen_deferred_tests);
+#else
+ return 1;
+#endif
+}
+
struct slh_dsa_gen_ctx {
SLH_DSA_HASH_CTX *ctx;
OSSL_LIB_CTX *libctx;
static void *slh_dsa_new_key(void *provctx, const char *alg)
{
- if (!ossl_prov_is_running())
+ if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
return 0;
return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
/* The contents of the reference is the address to our object */
key = *(SLH_DSA_KEY **)reference;
+
/* We grabbed, so we detach it */
*(SLH_DSA_KEY **)reference = NULL;
return key;
int alloc_ctx = 0;
/* During self test, it is a waste to do this test */
- if (ossl_fips_self_testing())
+ if (ossl_fips_self_testing()
+ || slh_key_gen_deferred_tests[0].state == FIPS_DEFERRED_TEST_IN_PROGRESS)
return 1;
if (ctx == NULL) {
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/proverr.h>
+#include <openssl/self_test.h>
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "crypto/slh_dsa.h"
#include "internal/cryptlib.h"
#include "internal/sizes.h"
+#include "internal/fips.h"
#include "providers/implementations/signature/slh_dsa_sig.inc"
#define SLH_DSA_MAX_ADD_RANDOM_LEN 32
static OSSL_FUNC_signature_set_ctx_params_fn slh_dsa_set_ctx_params;
static OSSL_FUNC_signature_settable_ctx_params_fn slh_dsa_settable_ctx_params;
+#ifdef FIPS_MODULE
+static FIPS_DEFERRED_TEST slh_sig_deferred_tests[] = {
+ {
+ "SLH-DSA-SHA2-128f",
+ FIPS_DEFERRED_KAT_SIGNATURE,
+ FIPS_DEFERRED_TEST_INIT
+ },
+ {
+ "SLH-DSA-SHAKE-128f",
+ FIPS_DEFERRED_KAT_SIGNATURE,
+ FIPS_DEFERRED_TEST_INIT
+ },
+ { NULL, 0, 0 },
+};
+#endif
+
+static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
+{
+ if (!ossl_prov_is_running())
+ return 0;
+
+#ifdef FIPS_MODULE
+ return FIPS_deferred_self_tests(libctx, slh_sig_deferred_tests);
+#else
+ return 1;
+#endif
+}
+
/*
* NOTE: Any changes to this structure may require updating slh_dsa_dupctx().
*/
{
PROV_SLH_DSA_CTX *ctx;
- if (!ossl_prov_is_running())
+ if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
return NULL;
ctx = OPENSSL_zalloc(sizeof(PROV_SLH_DSA_CTX));
projects / thirdparty / openssl.git / commitdiff
