SLH_DSA: Make apps.c do_X509_REQ_verify() call work correctly.

- Added sigid_algs for SLH_DSA such that OBJ_find_sigid_algs() works.
- OBJ_sn2nid() was also being called, so the SN form of SLH_DSA
  algorithms needed to be added to the provider dispatch tables.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26625)

crypto/objects/obj_xref.h

@@ -87,6 +87,18 @@ static const nid_triple sigoid_srt[] = {
     {NID_ML_DSA_44, NID_undef, NID_ML_DSA_44},
     {NID_ML_DSA_65, NID_undef, NID_ML_DSA_65},
     {NID_ML_DSA_87, NID_undef, NID_ML_DSA_87},
+    {NID_SLH_DSA_SHA2_128s, NID_undef, NID_SLH_DSA_SHA2_128s},
+    {NID_SLH_DSA_SHA2_128f, NID_undef, NID_SLH_DSA_SHA2_128f},
+    {NID_SLH_DSA_SHA2_192s, NID_undef, NID_SLH_DSA_SHA2_192s},
+    {NID_SLH_DSA_SHA2_192f, NID_undef, NID_SLH_DSA_SHA2_192f},
+    {NID_SLH_DSA_SHA2_256s, NID_undef, NID_SLH_DSA_SHA2_256s},
+    {NID_SLH_DSA_SHA2_256f, NID_undef, NID_SLH_DSA_SHA2_256f},
+    {NID_SLH_DSA_SHAKE_128s, NID_undef, NID_SLH_DSA_SHAKE_128s},
+    {NID_SLH_DSA_SHAKE_128f, NID_undef, NID_SLH_DSA_SHAKE_128f},
+    {NID_SLH_DSA_SHAKE_192s, NID_undef, NID_SLH_DSA_SHAKE_192s},
+    {NID_SLH_DSA_SHAKE_192f, NID_undef, NID_SLH_DSA_SHAKE_192f},
+    {NID_SLH_DSA_SHAKE_256s, NID_undef, NID_SLH_DSA_SHAKE_256s},
+    {NID_SLH_DSA_SHAKE_256f, NID_undef, NID_SLH_DSA_SHAKE_256f},
 };
 
 static const nid_triple *const sigoid_srt_xref[] = {

crypto/objects/obj_xref.txt

@@ -26,6 +26,18 @@ ED448		    undef	ED448
 ML_DSA_44  undef ML_DSA_44
 ML_DSA_65  undef ML_DSA_65
 ML_DSA_87  undef ML_DSA_87
+SLH_DSA_SHA2_128s  undef SLH_DSA_SHA2_128s
+SLH_DSA_SHA2_128f  undef SLH_DSA_SHA2_128f
+SLH_DSA_SHA2_192s  undef SLH_DSA_SHA2_192s
+SLH_DSA_SHA2_192f  undef SLH_DSA_SHA2_192f
+SLH_DSA_SHA2_256s  undef SLH_DSA_SHA2_256s
+SLH_DSA_SHA2_256f  undef SLH_DSA_SHA2_256f
+SLH_DSA_SHAKE_128s undef SLH_DSA_SHAKE_128s
+SLH_DSA_SHAKE_128f undef SLH_DSA_SHAKE_128f
+SLH_DSA_SHAKE_192s undef SLH_DSA_SHAKE_192s
+SLH_DSA_SHAKE_192f undef SLH_DSA_SHAKE_192f
+SLH_DSA_SHAKE_256s undef SLH_DSA_SHAKE_256s
+SLH_DSA_SHAKE_256f undef SLH_DSA_SHAKE_256f
 
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.

providers/common/der/der_slh_dsa_key.c

@@ -1,7 +1,12 @@
 /*
- * SLH-DSA low level APIs are deprecated for public use, but still ok for
- * internal use.
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <openssl/obj_mac.h>
 #include <openssl/objects.h>
 #include "internal/packet.h"

providers/implementations/include/prov/names.h

@@ -409,18 +409,18 @@
 #define PROV_DESCS_SecP256r1MLKEM768 "P-256+ML-KEM-768 TLS hybrid implementation"
 #define PROV_NAMES_SecP384r1MLKEM1024 "SecP384r1MLKEM1024"
 #define PROV_DESCS_SecP384r1MLKEM1024 "P-384+ML-KEM-1024 TLS hybrid implementation"
-#define PROV_NAMES_SLH_DSA_SHA2_128S "SLH-DSA-SHA2-128s:2.16.840.1.101.3.4.3.20"
-#define PROV_NAMES_SLH_DSA_SHA2_128F "SLH-DSA-SHA2-128f:2.16.840.1.101.3.4.3.21"
-#define PROV_NAMES_SLH_DSA_SHA2_192S "SLH-DSA-SHA2-192s:2.16.840.1.101.3.4.3.22"
-#define PROV_NAMES_SLH_DSA_SHA2_192F "SLH-DSA-SHA2-192f:2.16.840.1.101.3.4.3.23"
-#define PROV_NAMES_SLH_DSA_SHA2_256S "SLH-DSA-SHA2-256s:2.16.840.1.101.3.4.3.24"
-#define PROV_NAMES_SLH_DSA_SHA2_256F "SLH-DSA-SHA2-256f:2.16.840.1.101.3.4.3.25"
-#define PROV_NAMES_SLH_DSA_SHAKE_128S "SLH-DSA-SHAKE-128s:2.16.840.1.101.3.4.3.26"
-#define PROV_NAMES_SLH_DSA_SHAKE_128F "SLH-DSA-SHAKE-128f:2.16.840.1.101.3.4.3.27"
-#define PROV_NAMES_SLH_DSA_SHAKE_192S "SLH-DSA-SHAKE-192s:2.16.840.1.101.3.4.3.28"
-#define PROV_NAMES_SLH_DSA_SHAKE_192F "SLH-DSA-SHAKE-192f:2.16.840.1.101.3.4.3.29"
-#define PROV_NAMES_SLH_DSA_SHAKE_256S "SLH-DSA-SHAKE-256s:2.16.840.1.101.3.4.3.30"
-#define PROV_NAMES_SLH_DSA_SHAKE_256F "SLH-DSA-SHAKE-256f:2.16.840.1.101.3.4.3.31"
+#define PROV_NAMES_SLH_DSA_SHA2_128S "SLH-DSA-SHA2-128s:id-slh-dsa-sha2-128s:2.16.840.1.101.3.4.3.20"
+#define PROV_NAMES_SLH_DSA_SHA2_128F "SLH-DSA-SHA2-128f:id-slh-dsa-sha2-128f:2.16.840.1.101.3.4.3.21"
+#define PROV_NAMES_SLH_DSA_SHA2_192S "SLH-DSA-SHA2-192s:id-slh-dsa-sha2-192s:2.16.840.1.101.3.4.3.22"
+#define PROV_NAMES_SLH_DSA_SHA2_192F "SLH-DSA-SHA2-192f:id-slh-dsa-sha2-192f:2.16.840.1.101.3.4.3.23"
+#define PROV_NAMES_SLH_DSA_SHA2_256S "SLH-DSA-SHA2-256s:id-slh-dsa-sha2-256s:2.16.840.1.101.3.4.3.24"
+#define PROV_NAMES_SLH_DSA_SHA2_256F "SLH-DSA-SHA2-256f:id-slh-dsa-sha2-256f:2.16.840.1.101.3.4.3.25"
+#define PROV_NAMES_SLH_DSA_SHAKE_128S "SLH-DSA-SHAKE-128s:id-slh-dsa-shake-128s:2.16.840.1.101.3.4.3.26"
+#define PROV_NAMES_SLH_DSA_SHAKE_128F "SLH-DSA-SHAKE-128f:id-slh-dsa-shake-128f:2.16.840.1.101.3.4.3.27"
+#define PROV_NAMES_SLH_DSA_SHAKE_192S "SLH-DSA-SHAKE-192s:id-slh-dsa-shake-192s:2.16.840.1.101.3.4.3.28"
+#define PROV_NAMES_SLH_DSA_SHAKE_192F "SLH-DSA-SHAKE-192f:id-slh-dsa-shake-192f:2.16.840.1.101.3.4.3.29"
+#define PROV_NAMES_SLH_DSA_SHAKE_256S "SLH-DSA-SHAKE-256s:id-slh-dsa-shake-256s:2.16.840.1.101.3.4.3.30"
+#define PROV_NAMES_SLH_DSA_SHAKE_256F "SLH-DSA-SHAKE-256f:id-slh-dsa-shake-256f:2.16.840.1.101.3.4.3.31"
 #define PROV_DESCS_SLH_DSA_SHA2_128S "OpenSSL SLH-DSA-SHA2-128s implementation"
 #define PROV_DESCS_SLH_DSA_SHA2_128F "OpenSSL SLH-DSA-SHA2-128f implementation"
 #define PROV_DESCS_SLH_DSA_SHA2_192S "OpenSSL SLH-DSA-SHA2-192s implementation"

providers/implementations/keymgmt/slh_dsa_kmgmt.c

@@ -173,22 +173,24 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
             && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key)))
         return 0;
 
-    pub = ossl_slh_dsa_key_get_pub(key);
     priv = ossl_slh_dsa_key_get_priv(key);
-
-    /* This just gets the private elements */
-    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
-    if (p != NULL) {
-        if (priv == NULL
-                || !OSSL_PARAM_set_octet_string(p, priv,
-                                                ossl_slh_dsa_key_get_priv_len(key) / 2))
+    if (priv != NULL) {
+        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
+        /*
+         * ossl_slh_dsa_key_get_priv_len() includes the public key also
+         * so dividing by 2 returns only the private component.
+         */
+        if (p != NULL
+            && !OSSL_PARAM_set_octet_string(p, priv,
+                                            ossl_slh_dsa_key_get_priv_len(key) / 2))
             return 0;
     }
-    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
-    if (p != NULL) {
-        if (pub == NULL
-                || !OSSL_PARAM_set_octet_string(p, pub,
-                                                ossl_slh_dsa_key_get_pub_len(key)))
+    pub = ossl_slh_dsa_key_get_pub(key);
+    if (pub != NULL) {
+        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
+        if (p != NULL
+            && !OSSL_PARAM_set_octet_string(p, pub,
+                                            ossl_slh_dsa_key_get_pub_len(key)))
             return 0;
     }
     /*

providers/implementations/signature/slh_dsa_sig.c

@@ -198,7 +198,7 @@ static int slh_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
 }
 
 static int slh_dsa_digest_sign(void *vctx, uint8_t *sig, size_t *siglen, size_t sigsize,
-                              const uint8_t *tbs, size_t tbslen)
+                               const uint8_t *tbs, size_t tbslen)
 {
     return slh_dsa_sign(vctx, sig, siglen, sigsize, tbs, tbslen);
 }

test/recipes/25-test_req.t

@@ -455,10 +455,10 @@ subtest "generating certificate requests with -cipher flag" => sub {
 };
 
 subtest "generating certificate requests with SLH-DSA" => sub {
-    plan tests => 3;
+    plan tests => 5;
 
     SKIP: {
-        skip "SLH-DSA is not supported by this OpenSSL build", 3
+        skip "SLH-DSA is not supported by this OpenSSL build", 5
             if disabled("slh-dsa");
 
         ok(run(app(["openssl", "req",
@@ -488,6 +488,18 @@ subtest "generating certificate requests with SLH-DSA" => sub {
                     "-subj", "/CN=test-self-signed",
                     "-addext","keyUsage=digitalSignature"])),
                     "Generating self signed SLH-DSA-SHAKE-256f cert and private key");
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new",
+                    "-sigopt","hextest-entropy:000102030405060708090a0b0c0d0e0f",
+                    "-out", "csr_slh_dsa_shake128.pem",
+                    "-newkey", "SLH-DSA-SHAKE-128s",
+                    "-passout", "pass:x"])),
+                    "Generating SLH-DSA-SHAKE-128s csr");
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-in", "csr_slh_dsa_shake128.pem"])),
+                    "verifying SLH-DSA-SHAKE-128s csr");
     }
 };