Add ML-DSA design document.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from

Add ML-DSA design document.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26400)

show more ...

Add ML-DSA documentation

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from htt

Add ML-DSA documentation

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26400)

show more ...

ML-DSA encoder fixups

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26483)

ML-DSA: Add python utility used to parse ACVP test data.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/o

ML-DSA: Add python utility used to parse ACVP test data.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

show more ...

ML-DSA: Fix endian issue in ossl_ml_dsa_poly_sample_in_ball().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github

ML-DSA: Fix endian issue in ossl_ml_dsa_poly_sample_in_ball().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

show more ...

ML-DSA: Add evp_test support for ML-DSA ACVP test vectors.

The evp_test line buffer was increased to 32K to deal with the large
lines required for PQ messages and signatures.
The tes

ML-DSA: Add evp_test support for ML-DSA ACVP test vectors.

The evp_test line buffer was increased to 32K to deal with the large
lines required for PQ messages and signatures.
The test data files were generated by parsing AVCP test files using
a python script.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

show more ...

ML-DSA: Add support for dup.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

ML_DSA: Fix partially uninitialised hint buffer.
The encoded hint data consists of omega + k bytes.
The bytes at the end of omega section of the buffer may be 0,
so the buffer must be cle

ML_DSA: Fix partially uninitialised hint buffer.
The encoded hint data consists of omega + k bytes.
The bytes at the end of omega section of the buffer may be 0,
so the buffer must be cleared initially.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

show more ...

Add ML_DSA encoders

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26451)

ML-DSA fixups

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github

ML-DSA fixups

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)

show more ...

Add ML-DSA-44 and ML-DSA-87, fix endian issues & add fixups

- Make data encoding work on big-endian systems.

- Fix some ML-DSA-44 specific bugs related to w1-vector bits
per-c

Add ML-DSA-44 and ML-DSA-87, fix endian issues & add fixups

- Make data encoding work on big-endian systems.

- Fix some ML-DSA-44 specific bugs related to w1-vector bits
per-coefficient, overall size and high-bits rounding.

- Use "do { ... } while (pointer < end)" style consistently.

- Drop redundant reference counting of provided keys.

- Add parameter blocks for ML-DSA-44 and ML-DSA-87 and turn on
associated provider glue. These now pass both keygen and
siggen tests (to be added separately).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)

show more ...

Add ML-DSA sign/verify

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https

Add ML-DSA sign/verify

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)

show more ...

ML_DSA: Use pointers instead of arrays for polynomials in Vectors and Matrix.

A DSA_KEY when created will alloc enough space to hold its k & l
vectors and then just set the vectors to po

ML_DSA: Use pointers instead of arrays for polynomials in Vectors and Matrix.

A DSA_KEY when created will alloc enough space to hold its k & l
vectors and then just set the vectors to point to the allocated blob.

Local Vectors and Matricies can then be initialised in a similar way by
passing them an array of Polnomials that are on the local stack.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)

show more ...

Add ML-DSA Keygen support

The key generation algorithm requires a significant portion of the many
algorithms present in FIPS 204.

This work is derived from the BoringSSL code lo

Add ML-DSA Keygen support

The key generation algorithm requires a significant portion of the many
algorithms present in FIPS 204.

This work is derived from the BoringSSL code located at
https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/mldsa/mldsa.cc

Instead of c++ templates it uses an ML_DSA_PARAMS object to store constants such as k & l.
To perform hash operations a temporary EVP_MD_CTX object is used, which is supplied with a
prefetched EVP_MD shake128 or shake256 object that reside in the ML_DSA_KEY object.

The ML_DSA_KEY object stores the encoded public and/or private key
whenever a key is loaded or generated. A public key is always present
if the private key component exists.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)

show more ...

Rework and simplify RCU code

Use __ATOMIC_RELAXED where possible.
Dont store additional values in the users field.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by

Rework and simplify RCU code

Use __ATOMIC_RELAXED where possible.
Dont store additional values in the users field.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26690)

show more ...

Revert "rcu: Ensure that updates to the ID field of a qp don't lose refs"

This reverts commit fbd34c03e3ca94d3805e97a01defdf8b6037f61c.

Reviewed-by: Neil Horman <nhorman@openssl.org

Revert "rcu: Ensure that updates to the ID field of a qp don't lose refs"

This reverts commit fbd34c03e3ca94d3805e97a01defdf8b6037f61c.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26690)

show more ...

Test openssl ecparam -list_curves

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Test openssl ecparam -list_curves

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26525)

show more ...

ecparam: process -list_curves before reading input

Fixes #26519

This is a regression from commit 1dbb67c4

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by

ecparam: process -list_curves before reading input

Fixes #26519

This is a regression from commit 1dbb67c4

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26525)

show more ...

Fix arithmetic in a comment

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Fix arithmetic in a comment

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26707)

show more ...

[vpsm4_ex][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

[vpsm4_ex][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...

[vpsm4][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

[vpsm4][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...

[sm3][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

[sm3][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...

[poly1305][aarch64] Extend address range by adrp + add

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

[poly1305][aarch64] Extend address range by adrp + add

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...

[bsaes][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

[bsaes][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...

[chacha_sve][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

[chacha_sve][aarch64] Move constant to .rodata section

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26509)

show more ...