SLH_DSA: Make apps.c do_X509_REQ_verify() call work correctly.

- Added sigid_algs for SLH_DSA such that OBJ_find_sigid_algs() works. - OBJ_sn2nid() was also being called, so the SN form of SLH_DSA algorithms needed to be added to the provider dispatch tables. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26625)
2025-02-04 17:39:34 +11:00 · 2025-02-04 17:39:34 +11:00 · 3fcefd51a1
commit 3fcefd51a1
parent 7389cca079
7 changed files with 73 additions and 30 deletions
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@ -87,6 +87,18 @@ static const nid_triple sigoid_srt[] = {
    {NID_ML_DSA_44, NID_undef, NID_ML_DSA_44},
    {NID_ML_DSA_65, NID_undef, NID_ML_DSA_65},
    {NID_ML_DSA_87, NID_undef, NID_ML_DSA_87},
    {NID_SLH_DSA_SHA2_128s, NID_undef, NID_SLH_DSA_SHA2_128s},
    {NID_SLH_DSA_SHA2_128f, NID_undef, NID_SLH_DSA_SHA2_128f},
    {NID_SLH_DSA_SHA2_192s, NID_undef, NID_SLH_DSA_SHA2_192s},
    {NID_SLH_DSA_SHA2_192f, NID_undef, NID_SLH_DSA_SHA2_192f},
    {NID_SLH_DSA_SHA2_256s, NID_undef, NID_SLH_DSA_SHA2_256s},
    {NID_SLH_DSA_SHA2_256f, NID_undef, NID_SLH_DSA_SHA2_256f},
    {NID_SLH_DSA_SHAKE_128s, NID_undef, NID_SLH_DSA_SHAKE_128s},
    {NID_SLH_DSA_SHAKE_128f, NID_undef, NID_SLH_DSA_SHAKE_128f},
    {NID_SLH_DSA_SHAKE_192s, NID_undef, NID_SLH_DSA_SHAKE_192s},
    {NID_SLH_DSA_SHAKE_192f, NID_undef, NID_SLH_DSA_SHAKE_192f},
    {NID_SLH_DSA_SHAKE_256s, NID_undef, NID_SLH_DSA_SHAKE_256s},
    {NID_SLH_DSA_SHAKE_256f, NID_undef, NID_SLH_DSA_SHAKE_256f},
 };
 static const nid_triple *const sigoid_srt_xref[] = {
--- a/crypto/objects/obj_xref.txt
+++ b/crypto/objects/obj_xref.txt
@ -26,6 +26,18 @@ ED448		    undef	ED448
 ML_DSA_44  undef ML_DSA_44
 ML_DSA_65  undef ML_DSA_65
 ML_DSA_87  undef ML_DSA_87
 SLH_DSA_SHA2_128s  undef SLH_DSA_SHA2_128s
 SLH_DSA_SHA2_128f  undef SLH_DSA_SHA2_128f
 SLH_DSA_SHA2_192s  undef SLH_DSA_SHA2_192s
 SLH_DSA_SHA2_192f  undef SLH_DSA_SHA2_192f
 SLH_DSA_SHA2_256s  undef SLH_DSA_SHA2_256s
 SLH_DSA_SHA2_256f  undef SLH_DSA_SHA2_256f
 SLH_DSA_SHAKE_128s undef SLH_DSA_SHAKE_128s
 SLH_DSA_SHAKE_128f undef SLH_DSA_SHAKE_128f
 SLH_DSA_SHAKE_192s undef SLH_DSA_SHAKE_192s
 SLH_DSA_SHAKE_192f undef SLH_DSA_SHAKE_192f
 SLH_DSA_SHAKE_256s undef SLH_DSA_SHAKE_256s
 SLH_DSA_SHAKE_256f undef SLH_DSA_SHAKE_256f
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.
--- a/providers/common/der/der_slh_dsa_key.c
+++ b/providers/common/der/der_slh_dsa_key.c
@ -1,7 +1,12 @@
 /*
- * SLH-DSA low level APIs are deprecated for public use, but still ok for
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
- * internal use.
+ *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include <openssl/obj_mac.h>
 #include <openssl/objects.h>
 #include "internal/packet.h"
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@ -409,18 +409,18 @@
 #define PROV_DESCS_SecP256r1MLKEM768 "P-256+ML-KEM-768 TLS hybrid implementation"
 #define PROV_NAMES_SecP384r1MLKEM1024 "SecP384r1MLKEM1024"
 #define PROV_DESCS_SecP384r1MLKEM1024 "P-384+ML-KEM-1024 TLS hybrid implementation"
-#define PROV_NAMES_SLH_DSA_SHA2_128S "SLH-DSA-SHA2-128s:2.16.840.1.101.3.4.3.20"
+#define PROV_NAMES_SLH_DSA_SHA2_128S "SLH-DSA-SHA2-128s:id-slh-dsa-sha2-128s:2.16.840.1.101.3.4.3.20"
-#define PROV_NAMES_SLH_DSA_SHA2_128F "SLH-DSA-SHA2-128f:2.16.840.1.101.3.4.3.21"
+#define PROV_NAMES_SLH_DSA_SHA2_128F "SLH-DSA-SHA2-128f:id-slh-dsa-sha2-128f:2.16.840.1.101.3.4.3.21"
-#define PROV_NAMES_SLH_DSA_SHA2_192S "SLH-DSA-SHA2-192s:2.16.840.1.101.3.4.3.22"
+#define PROV_NAMES_SLH_DSA_SHA2_192S "SLH-DSA-SHA2-192s:id-slh-dsa-sha2-192s:2.16.840.1.101.3.4.3.22"
-#define PROV_NAMES_SLH_DSA_SHA2_192F "SLH-DSA-SHA2-192f:2.16.840.1.101.3.4.3.23"
+#define PROV_NAMES_SLH_DSA_SHA2_192F "SLH-DSA-SHA2-192f:id-slh-dsa-sha2-192f:2.16.840.1.101.3.4.3.23"
-#define PROV_NAMES_SLH_DSA_SHA2_256S "SLH-DSA-SHA2-256s:2.16.840.1.101.3.4.3.24"
+#define PROV_NAMES_SLH_DSA_SHA2_256S "SLH-DSA-SHA2-256s:id-slh-dsa-sha2-256s:2.16.840.1.101.3.4.3.24"
-#define PROV_NAMES_SLH_DSA_SHA2_256F "SLH-DSA-SHA2-256f:2.16.840.1.101.3.4.3.25"
+#define PROV_NAMES_SLH_DSA_SHA2_256F "SLH-DSA-SHA2-256f:id-slh-dsa-sha2-256f:2.16.840.1.101.3.4.3.25"
-#define PROV_NAMES_SLH_DSA_SHAKE_128S "SLH-DSA-SHAKE-128s:2.16.840.1.101.3.4.3.26"
+#define PROV_NAMES_SLH_DSA_SHAKE_128S "SLH-DSA-SHAKE-128s:id-slh-dsa-shake-128s:2.16.840.1.101.3.4.3.26"
-#define PROV_NAMES_SLH_DSA_SHAKE_128F "SLH-DSA-SHAKE-128f:2.16.840.1.101.3.4.3.27"
+#define PROV_NAMES_SLH_DSA_SHAKE_128F "SLH-DSA-SHAKE-128f:id-slh-dsa-shake-128f:2.16.840.1.101.3.4.3.27"
-#define PROV_NAMES_SLH_DSA_SHAKE_192S "SLH-DSA-SHAKE-192s:2.16.840.1.101.3.4.3.28"
+#define PROV_NAMES_SLH_DSA_SHAKE_192S "SLH-DSA-SHAKE-192s:id-slh-dsa-shake-192s:2.16.840.1.101.3.4.3.28"
-#define PROV_NAMES_SLH_DSA_SHAKE_192F "SLH-DSA-SHAKE-192f:2.16.840.1.101.3.4.3.29"
+#define PROV_NAMES_SLH_DSA_SHAKE_192F "SLH-DSA-SHAKE-192f:id-slh-dsa-shake-192f:2.16.840.1.101.3.4.3.29"
-#define PROV_NAMES_SLH_DSA_SHAKE_256S "SLH-DSA-SHAKE-256s:2.16.840.1.101.3.4.3.30"
+#define PROV_NAMES_SLH_DSA_SHAKE_256S "SLH-DSA-SHAKE-256s:id-slh-dsa-shake-256s:2.16.840.1.101.3.4.3.30"
-#define PROV_NAMES_SLH_DSA_SHAKE_256F "SLH-DSA-SHAKE-256f:2.16.840.1.101.3.4.3.31"
+#define PROV_NAMES_SLH_DSA_SHAKE_256F "SLH-DSA-SHAKE-256f:id-slh-dsa-shake-256f:2.16.840.1.101.3.4.3.31"
 #define PROV_DESCS_SLH_DSA_SHA2_128S "OpenSSL SLH-DSA-SHA2-128s implementation"
 #define PROV_DESCS_SLH_DSA_SHA2_128F "OpenSSL SLH-DSA-SHA2-128f implementation"
 #define PROV_DESCS_SLH_DSA_SHA2_192S "OpenSSL SLH-DSA-SHA2-192s implementation"
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@ -173,22 +173,24 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
            && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key)))
        return 0;
    pub = ossl_slh_dsa_key_get_pub(key);
    priv = ossl_slh_dsa_key_get_priv(key);
-
+    if (priv != NULL) {
-    /* This just gets the private elements */
+        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
-    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
+        /*
-    if (p != NULL) {
+         * ossl_slh_dsa_key_get_priv_len() includes the public key also
-        if (priv == NULL
+         * so dividing by 2 returns only the private component.
-                || !OSSL_PARAM_set_octet_string(p, priv,
+         */
-                                                ossl_slh_dsa_key_get_priv_len(key) / 2))
+        if (p != NULL
            && !OSSL_PARAM_set_octet_string(p, priv,
                                            ossl_slh_dsa_key_get_priv_len(key) / 2))
            return 0;
    }
-    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
+    pub = ossl_slh_dsa_key_get_pub(key);
-    if (p != NULL) {
+    if (pub != NULL) {
-        if (pub == NULL
+        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
-                || !OSSL_PARAM_set_octet_string(p, pub,
+        if (p != NULL
-                                                ossl_slh_dsa_key_get_pub_len(key)))
+            && !OSSL_PARAM_set_octet_string(p, pub,
                                            ossl_slh_dsa_key_get_pub_len(key)))
            return 0;
    }
    /*
--- a/providers/implementations/signature/slh_dsa_sig.c
+++ b/providers/implementations/signature/slh_dsa_sig.c
@ -198,7 +198,7 @@ static int slh_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
 }
 static int slh_dsa_digest_sign(void *vctx, uint8_t *sig, size_t *siglen, size_t sigsize,
-                              const uint8_t *tbs, size_t tbslen)
+                               const uint8_t *tbs, size_t tbslen)
 {
    return slh_dsa_sign(vctx, sig, siglen, sigsize, tbs, tbslen);
 }
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@ -455,10 +455,10 @@ subtest "generating certificate requests with -cipher flag" => sub {
 };
 subtest "generating certificate requests with SLH-DSA" => sub {
-    plan tests => 3;
+    plan tests => 5;
    SKIP: {
-        skip "SLH-DSA is not supported by this OpenSSL build", 3
+        skip "SLH-DSA is not supported by this OpenSSL build", 5
            if disabled("slh-dsa");
        ok(run(app(["openssl", "req",
@ -488,6 +488,18 @@ subtest "generating certificate requests with SLH-DSA" => sub {
                    "-subj", "/CN=test-self-signed",
                    "-addext","keyUsage=digitalSignature"])),
                    "Generating self signed SLH-DSA-SHAKE-256f cert and private key");
        ok(run(app(["openssl", "req",
                    "-config", srctop_file("test", "test.cnf"),
                    "-new",
                    "-sigopt","hextest-entropy:000102030405060708090a0b0c0d0e0f",
                    "-out", "csr_slh_dsa_shake128.pem",
                    "-newkey", "SLH-DSA-SHAKE-128s",
                    "-passout", "pass:x"])),
                    "Generating SLH-DSA-SHAKE-128s csr");
        ok(run(app(["openssl", "req",
                    "-config", srctop_file("test", "test.cnf"),
                    "-in", "csr_slh_dsa_shake128.pem"])),
                    "verifying SLH-DSA-SHAKE-128s csr");
    }
 };