lib: Add SLH-DSA tests and per-algorithm PQC gating

This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with
per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the
OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5.

SLH-DSA was already working, but now added explicit authentication
tests for it with a full certificate chain (root CA, intermediate CA,
server) to show full support.

Rename PQC test files and cert headers to use algorithm-specific names
(ml_kem, ml_dsa, slh_dsa) and move cert headers to
include/test/certs/.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/tests/kex_test.c b/src/lib/tests/kex_test.c
index 0a588550..04200679 100644
--- a/src/lib/tests/kex_test.c
+++ b/src/lib/tests/kex_test.c
@@ -276,7 +276,7 @@ static int test_kex_validate_algo(void)
                 goto fail;
         }
 
-#ifdef HAVE_OPENSSL_PQC
+#ifdef HAVE_OPENSSL_ML_KEM
         if (kex_validate_algo("ML-KEM-768") != 0) {
                 printf("ML-KEM-768 should be valid.\n");
                 goto fail;
@@ -536,7 +536,7 @@ static int test_kex_all(void)
         for (i = 0; kex_supported_nids[i] != NID_undef; i++) {
                 const char * algo = kex_nid_to_str(kex_supported_nids[i]);
 
-                /* KEM tests are in kex_test_pqc.c */
+                /* KEM tests are in kex_test_ml_kem.c */
                 if (IS_KEM_ALGORITHM(algo))
                         continue;
 
@@ -552,7 +552,7 @@ static int test_kex_dhe_corrupted_pubkey_all(void)
         int i;
 
         /* Test corruption for all DHE algorithms */
-        /* KEM error injection tests are in kex_test_pqc.c */
+        /* KEM error injection tests are in kex_test_ml_kem.c */
         for (i = 0; kex_supported_nids[i] != NID_undef; i++) {
                 const char * algo = kex_nid_to_str(kex_supported_nids[i]);