From 040bdfb18684d809cb5edacf9867d3378b7e093b Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Tue, 17 Feb 2026 22:37:39 +0100 Subject: lib: Add SLH-DSA tests and per-algorithm PQC gating This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/tests/kex_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/tests/kex_test.c') diff --git a/src/lib/tests/kex_test.c b/src/lib/tests/kex_test.c index 0a588550..04200679 100644 --- a/src/lib/tests/kex_test.c +++ b/src/lib/tests/kex_test.c @@ -276,7 +276,7 @@ static int test_kex_validate_algo(void) goto fail; } -#ifdef HAVE_OPENSSL_PQC +#ifdef HAVE_OPENSSL_ML_KEM if (kex_validate_algo("ML-KEM-768") != 0) { printf("ML-KEM-768 should be valid.\n"); goto fail; @@ -536,7 +536,7 @@ static int test_kex_all(void) for (i = 0; kex_supported_nids[i] != NID_undef; i++) { const char * algo = kex_nid_to_str(kex_supported_nids[i]); - /* KEM tests are in kex_test_pqc.c */ + /* KEM tests are in kex_test_ml_kem.c */ if (IS_KEM_ALGORITHM(algo)) continue; @@ -552,7 +552,7 @@ static int test_kex_dhe_corrupted_pubkey_all(void) int i; /* Test corruption for all DHE algorithms */ - /* KEM error injection tests are in kex_test_pqc.c */ + /* KEM error injection tests are in kex_test_ml_kem.c */ for (i = 0; kex_supported_nids[i] != NID_undef; i++) { const char * algo = kex_nid_to_str(kex_supported_nids[i]); -- cgit v1.2.3