From 794bd47ac81613ed2543af251fee39fb5eacebdd Mon Sep 17 00:00:00 2001 From: blackshirt Date: Fri, 6 Feb 2026 11:43:02 +0700 Subject: [PATCH] x.crypto.slhdsa: fix slh signature testing on latest version (fix #24086) (#26519) --- vlib/x/crypto/slhdsa/slhdsa.v | 72 +++++++++++------------ vlib/x/crypto/slhdsa/slhdsa_siggen_test.v | 6 +- 2 files changed, 38 insertions(+), 40 deletions(-) diff --git a/vlib/x/crypto/slhdsa/slhdsa.v b/vlib/x/crypto/slhdsa/slhdsa.v index 1d75e7fbc..b3c0af46f 100644 --- a/vlib/x/crypto/slhdsa/slhdsa.v +++ b/vlib/x/crypto/slhdsa/slhdsa.v @@ -225,51 +225,47 @@ fn slhdsa_do_sign(key &C.EVP_PKEY, msg []u8, opt SignerOpts) ![]u8 { C.EVP_PKEY_CTX_free(sctx) return error('OSSL_PARAM_BLD_new failed') } - // if context string was set into non-null string, then we set - // `context-string` params into context key generator. - if opt.context.len > 0 { - // OSSL_PARAM_octet_string("context-string", (unsigned char *)"A context string", 33), - o := C.OSSL_PARAM_BLD_push_octet_string(param_bld, c'context-string', opt.context.str, - opt.context.len) - if o <= 0 { - C.OSSL_PARAM_BLD_free(param_bld) - C.EVP_SIGNATURE_free(sig_alg) - C.EVP_PKEY_CTX_free(sctx) - return error('OSSL_PARAM_BLD_push_octet_string FAILED') - } + + // writes `context-string` params into context key generator. + // OSSL_PARAM_octet_string("context-string", (unsigned char *)"A context string", 33), + cs := C.OSSL_PARAM_BLD_push_octet_string(param_bld, c'context-string', opt.context.str, + opt.context.len) + if cs <= 0 { + C.OSSL_PARAM_BLD_free(param_bld) + C.EVP_SIGNATURE_free(sig_alg) + C.EVP_PKEY_CTX_free(sctx) + return error('OSSL_PARAM_BLD_push_octet_string context-string flag FAILED') + } + + // write `message-encoding` flag + me := C.OSSL_PARAM_BLD_push_int(param_bld, c'message-encoding', opt.encoding) + if me <= 0 { + C.OSSL_PARAM_BLD_free(param_bld) + C.EVP_SIGNATURE_free(sig_alg) + C.EVP_PKEY_CTX_free(sctx) + return error('OSSL_PARAM_BLD_push_int message-encoding flag FAILED') } + // handle entropy testing - if opt.entropy.len > 0 { - if opt.encoding != 0 { - C.OSSL_PARAM_BLD_free(param_bld) - C.EVP_SIGNATURE_free(sig_alg) - C.EVP_PKEY_CTX_free(sctx) - return error('encoding need 0 for testing') - } - o := C.OSSL_PARAM_BLD_push_octet_string(param_bld, c'test-entropy', opt.entropy.data, + // `test-entropy flag only handled when `encoding` flag was set into 0 value + if opt.encoding == 0 { + te := C.OSSL_PARAM_BLD_push_octet_string(param_bld, c'test-entropy', opt.entropy.data, opt.entropy.len) - if o <= 0 { + if te <= 0 { C.OSSL_PARAM_BLD_free(param_bld) C.EVP_SIGNATURE_free(sig_alg) C.EVP_PKEY_CTX_free(sctx) - return error('OSSL_PARAM_BLD_push_octet_string failed') - } - oo := C.OSSL_PARAM_BLD_push_int(param_bld, c'message-encoding', opt.encoding) - if oo <= 0 { - C.OSSL_PARAM_BLD_free(param_bld) - C.EVP_SIGNATURE_free(sig_alg) - C.EVP_PKEY_CTX_free(sctx) - return error('OSSL_PARAM_BLD_push_int FAILED') + return error('OSSL_PARAM_BLD_push_octet_string test-entropy flag failed') } } - if opt.encoding == 0 { - oo := C.OSSL_PARAM_BLD_push_int(param_bld, c'message-encoding', opt.encoding) - if oo <= 0 { - C.OSSL_PARAM_BLD_free(param_bld) - C.EVP_SIGNATURE_free(sig_alg) - C.EVP_PKEY_CTX_free(sctx) - return error('OSSL_PARAM_BLD_push_int FAILED') - } + + // write `deterministic` flag, its getting ignored if "test-entropy" is set. + dt := C.OSSL_PARAM_BLD_push_int(param_bld, c'deterministic', opt.deterministic) + if dt <= 0 { + C.OSSL_PARAM_BLD_free(param_bld) + C.EVP_SIGNATURE_free(sig_alg) + C.EVP_PKEY_CTX_free(sctx) + return error('OSSL_PARAM_BLD_push_int deterministic flag FAILED') } // build params params := C.OSSL_PARAM_BLD_to_param(param_bld) @@ -293,7 +289,7 @@ fn slhdsa_do_sign(key &C.EVP_PKEY, msg []u8, opt SignerOpts) ![]u8 { C.OSSL_PARAM_free(params) C.EVP_SIGNATURE_free(sig_alg) C.EVP_PKEY_CTX_free(sctx) - return error('EVP_PKEY_sign_message_init failed') + return error('EVP_PKEY_sign failed') } // return the copy of the sig diff --git a/vlib/x/crypto/slhdsa/slhdsa_siggen_test.v b/vlib/x/crypto/slhdsa/slhdsa_siggen_test.v index d6c438fa7..889f4b6da 100644 --- a/vlib/x/crypto/slhdsa/slhdsa_siggen_test.v +++ b/vlib/x/crypto/slhdsa/slhdsa_siggen_test.v @@ -38,9 +38,11 @@ fn test_sha2_128_signature_generation() ! { // signing (verifying) options s_opt := SignerOpts{ - encoding: 0 - entropy: entropy + encoding: 0 + entropy: entropy + deterministic: 0 } + out_sig := pv.sign(msg, s_opt)! assert out_sig == sig -- 2.39.5