These previously duplicated some code and structures, now shared.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26764)
- When a PKCS#8 has both seed and key cross check the implicit
rejection value |z|
- When an import (EVP_PKEY_fromdata call) provides both a private
and public key, fail if the redundant public key does not match
the copy in the private key.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26656)
- The main ASN.1 private key syntax is the one from Russ Housley's post
on the LAMPS list, subsequently amended to tag the seed instead of the
key (each of the three parameter sets will have a fixed size for the
`expandedKey`):
ML-DSA-PrivateKey ::= CHOICE {
seed [0] IMPLICIT OCTET STRING SIZE (64),
expandedKey OCTET STRING SIZE (1632 | 2400 | 3168)
both SEQUENCE {
seed OCTET STRING SIZE (64),
expandedKey OCTET STRING SIZE (1632 | 2400 | 3168) } }
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26639)
- Moved the codec code out of `ml_kem.c` into its own file in
the provider tree. Will be easier to share some code with
ML-DSA, and possible to use PROV_CTX, to do config lookups
directly in the functions doing the work.
- Update and fixes of the EVP_PKEY-ML-KEM(8) documentation, which
had accumulated some stale/inaccurate material, and needed new
text for the "prefer_seed" parameter.
- Test the "prefer_seed=no" behaviour.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26569)
Viktor Dukhovni