Remove ENABLE_DILITHIUM flag

crypto/CMakeLists.txt

@@ -324,16 +324,6 @@ else()
   file(COPY ${GENERATE_CODE_ROOT}/err_data.c DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
 endif()
 
-set(DILITHIUM_SOURCES)
-if(ENABLE_DILITHIUM)
-  set(
-    DILITHIUM_SOURCES
-
-    evp_extra/p_pqdsa_asn1.c
-    dilithium/ml_dsa.c
-  )
-endif()
-
 set(CRYPTO_ARCH_OBJECTS "")
 if (ARCH STREQUAL "aarch64" AND CMAKE_GENERATOR MATCHES "Visual Studio")
   msbuild_aarch64_asm(TARGET crypto_objects ASM_FILES ${CRYPTO_ARCH_SOURCES} OUTPUT_OBJECTS CRYPTO_ARCH_OBJECTS)
@@ -411,7 +401,7 @@ add_library(
   dh_extra/params.c
   dh_extra/dh_asn1.c
   digest_extra/digest_extra.c
-  ${DILITHIUM_SOURCES}
+  dilithium/ml_dsa.c
   dsa/dsa.c
   dsa/dsa_asn1.c
   ecdh_extra/ecdh_extra.c
@@ -431,6 +421,7 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
+  evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
   evp_extra/p_x25519_asn1.c

crypto/dilithium/p_pqdsa_test.cc

@@ -13,9 +13,6 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
 #include "../fipsmodule/pqdsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
-
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 #include "ml_dsa.h"
@@ -1518,13 +1515,3 @@ TEST_P(PQDSAParameterTest, ParsePublicKey) {
   bssl::UniquePtr<EVP_PKEY> pkey_from_der(EVP_parse_public_key(&cbs));
   ASSERT_TRUE(pkey_from_der);
 }
-
-#else
-
-TEST(PQDSATest, EvpDisabled) {
-  ASSERT_EQ(nullptr, EVP_PKEY_CTX_new_id(EVP_PKEY_NONE, nullptr));
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
-  ASSERT_FALSE(EVP_PKEY_set_type(pkey.get(), EVP_PKEY_NONE));
-}
-
-#endif

crypto/evp_extra/evp_asn1.c

@@ -99,7 +99,7 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
   if (OBJ_cbs2nid(&oid) == NID_rsa) {
     return &rsa_asn1_meth;
   }
-#ifdef ENABLE_DILITHIUM
+
   // The pkey_id for the pqdsa_asn1_meth is EVP_PKEY_PQDSA, as this holds all
   // asn1 functions for pqdsa types. However, the incoming CBS has the OID for
   // the specific algorithm. So we must search explicitly for the algorithm.
@@ -113,7 +113,6 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
       return ret;
     }
   }
-#endif
   return NULL;
 }
 

crypto/evp_extra/evp_extra_test.cc

@@ -697,8 +697,6 @@ static const uint8_t kInvalidPrivateKey[] = {
     0x48, 0x30, 0x01, 0xaa, 0x02, 0x86, 0xc0, 0x30, 0xdf, 0xe9, 0x80,
 };
 
-#ifdef ENABLE_DILITHIUM
-
 // kExampleMLDSA65KeyDER is a ML-DSA private key in ASN.1, DER format.
 // Of course, you should never use this key anywhere but in an example.
 static const uint8_t kExampleMLDSA65KeyDER[] = {
@@ -1015,8 +1013,6 @@ static const uint8_t kExampleMLDSA65KeyDER[] = {
 0xE3, 0x1D, 0xF6, 0xF7, 0xEE, 0x9F, 0xA, 0xC5, 0x91, 0x14, 0x33, 0x4B, 0xDB,
 0xC4, 0xEE, 0xC, 0xFB, 0xE4, 0xD1, 0x43, 0xC2, 0x1B, 0xC3, 0x2, 0x9B, 0x6B };
 
-#endif
-
 static bssl::UniquePtr<EVP_PKEY> LoadExampleRSAKey() {
   bssl::UniquePtr<RSA> rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
                                            sizeof(kExampleRSAKeyDER)));
@@ -1493,12 +1489,8 @@ TEST(EVPExtraTest, d2i_PrivateKey) {
                               sizeof(kExampleRSAPSSKeyPKCS8)));
   EXPECT_TRUE(
       ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));
-
-#ifdef ENABLE_DILITHIUM
   EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_PQDSA, kExampleMLDSA65KeyDER,
                               sizeof(kExampleMLDSA65KeyDER)));
-#endif
-
   EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleBadECKeyDER,
                                sizeof(kExampleBadECKeyDER)));
   ERR_clear_error();

crypto/evp_extra/internal.h

@@ -27,9 +27,7 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
-#ifdef ENABLE_DILITHIUM
 extern const EVP_PKEY_ASN1_METHOD pqdsa_asn1_meth;
-#endif
 extern const EVP_PKEY_ASN1_METHOD kem_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;

crypto/evp_extra/p_methods.c

@@ -20,9 +20,7 @@ const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
   &dsa_asn1_meth,
   &ed25519_asn1_meth,
   &x25519_asn1_meth,
-#ifdef ENABLE_DILITHIUM
   &pqdsa_asn1_meth,
-#endif
   &kem_asn1_meth,
   &hmac_asn1_meth,
   &dh_asn1_meth

crypto/evp_extra/print.c

@@ -64,12 +64,8 @@
 #include "../internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
 #include "../dilithium/ml_dsa.h"
 #include "../fipsmodule/pqdsa/internal.h"
-#endif
-
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
   for (size_t i = 0; i < len; i++) {
@@ -312,8 +308,6 @@ static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
 }
 
-#ifdef ENABLE_DILITHIUM
-
 // MLDSA keys.
 
 static int do_mldsa_65_print(BIO *bp, const EVP_PKEY *pkey, int off, int ptype) {
@@ -357,8 +351,6 @@ static int mldsa_65_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_mldsa_65_print(bp, pkey, indent, 2);
 }
 
-#endif
-
 typedef struct {
   int type;
   int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
@@ -385,14 +377,12 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
         eckey_priv_print,
         eckey_param_print,
     },
-#ifdef ENABLE_DILITHIUM
     {
         EVP_PKEY_PQDSA,
         mldsa_65_pub_print,
         mldsa_65_priv_print,
         NULL /* param_print */,
     },
-#endif
 };
 
 static size_t kPrintMethodsLen = OPENSSL_ARRAY_SIZE(kPrintMethods);

crypto/fipsmodule/bcm.c

@@ -119,9 +119,7 @@
 #include "evp/p_hkdf.c"
 #include "evp/p_hmac.c"
 #include "evp/p_kem.c"
-#ifdef ENABLE_DILITHIUM
 #include "evp/p_pqdsa.c"
-#endif
 #include "evp/p_rsa.c"
 #include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
@@ -140,9 +138,7 @@
 #include "modes/xts.c"
 #include "modes/polyval.c"
 #include "pbkdf/pbkdf.c"
-#ifdef ENABLE_DILITHIUM
 #include "pqdsa/pqdsa.c"
-#endif
 #include "rand/ctrdrbg.c"
 #include "rand/fork_detect.c"
 #include "rand/rand.c"

crypto/fipsmodule/evp/evp_ctx.c

@@ -75,9 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
   out->methods[4] = EVP_PKEY_hmac_pkey_meth();
   out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
   out->methods[6] = EVP_PKEY_kem_pkey_meth();
-#ifdef ENABLE_DILITHIUM
   out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
-#endif
 }
 
 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

crypto/fipsmodule/evp/internal.h

@@ -381,16 +381,9 @@ typedef struct {
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
 #define ED25519_PUBLIC_KEY_OFFSET 32
-
-#ifdef ENABLE_DILITHIUM
 #define FIPS_EVP_PKEY_METHODS 8
 #define NON_FIPS_EVP_PKEY_METHODS 3
 #define ASN1_EVP_PKEY_METHODS 10
-#else
-#define FIPS_EVP_PKEY_METHODS 7
-#define NON_FIPS_EVP_PKEY_METHODS 3
-#define ASN1_EVP_PKEY_METHODS 9
-#endif
 
 struct fips_evp_pkey_methods {
   const EVP_PKEY_METHOD * methods[FIPS_EVP_PKEY_METHODS];
@@ -403,9 +396,7 @@ const EVP_PKEY_METHOD *EVP_PKEY_hkdf_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_hmac_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_ed25519_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_kem_pkey_meth(void);
-#ifdef ENABLE_DILITHIUM
 const EVP_PKEY_METHOD *EVP_PKEY_pqdsa_pkey_meth(void);
-#endif
 
 #if defined(__cplusplus)
 }  // extern C

crypto/x509/algorithm.c

@@ -98,11 +98,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
     return X509_ALGOR_set0(algor, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
   }
 
-#ifdef ENABLE_DILITHIUM
   if (EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA) {
     return X509_ALGOR_set0(algor, OBJ_nid2obj(pkey->pkey.pqdsa_key->pqdsa->nid), V_ASN1_UNDEF, NULL);
   }
-#endif
 
   // Default behavior: look up the OID for the algorithm/hash pair and encode
   // that.
@@ -143,12 +141,10 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
   // when |sigalg_nid| is |NID_rsassaPss|.
   if (pkey_nid != EVP_PKEY_id(pkey) &&
       !(sigalg_nid == NID_rsassaPss && pkey_nid == NID_rsaEncryption &&
-        EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS)
-#ifdef ENABLE_DILITHIUM
-      && !(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
+        EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS) &&
+      !(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
         EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA)
-#endif
-        ) {
+      ) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
     return 0;
   }
@@ -164,11 +160,7 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
     if (sigalg_nid == NID_rsassaPss) {
       return x509_rsa_pss_to_ctx(ctx, sigalg, pkey);
     }
-#ifdef ENABLE_DILITHIUM
     if (sigalg_nid == NID_ED25519 || sigalg_nid == NID_MLDSA65) {
-#else
-    if (sigalg_nid == NID_ED25519) {
-#endif
       if (sigalg->parameter != NULL) {
         OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
         return 0;

crypto/x509/x509_test.cc

@@ -576,7 +576,6 @@ w1AH9efZBw==
 -----END CERTIFICATE-----
 )";
 
-#ifdef ENABLE_DILITHIUM
 // This certificate is the example certificate provided in section 3 of
 //https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
 static const char kMLDSA65Cert[] = R"(
@@ -946,8 +945,6 @@ DhQcIi8=
 -----END CERTIFICATE-----
 )";
 
-#endif
-
 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
 // contains SANS for example.com, [email protected], 127.0.0.1, and
 // https://example.com/. (The latter is useless for now since crypto/x509
@@ -2923,8 +2920,6 @@ TEST(X509Test, Ed25519Sign) {
   ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
 }
 
-#ifdef ENABLE_DILITHIUM
-
 TEST(X509Test, MLDSA65SignVerifyCert) {
   // This test generates a MLDSA65 keypair, generates and signs a
   // certificate, then verifies the certificate's signature.
@@ -2995,8 +2990,6 @@ TEST(X509Test, TestBadParamsMLDSA65) {
   ERR_clear_error();
 }
 
-#endif
-
 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
                      const char *pem) {
   bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));

include/openssl/evp.h

@@ -198,11 +198,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int
 #define EVP_PKEY_HKDF NID_hkdf
 #define EVP_PKEY_HMAC NID_hmac
 #define EVP_PKEY_DH NID_dhKeyAgreement
-
-#ifdef ENABLE_DILITHIUM
 #define EVP_PKEY_PQDSA NID_PQDSA
-#endif
-
 #define EVP_PKEY_KEM NID_kem
 
 // EVP_PKEY_set_type sets the type of |pkey| to |type|. It returns one if
@@ -944,24 +940,28 @@ OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key);
 
 // PQDSA specific functions.
 
-#ifdef ENABLE_DILITHIUM
 // EVP_PKEY_CTX_pqdsa_set_params sets in |ctx| the parameters associated with
 // the signature scheme defined by the given |nid|. It returns one on success
-// and zero on error.
+// and zero on error. This API is marked as EXPERIMENTAL (using the deprecated
+// warning) to indicate that this API may change as the standards around the
+// signature schemes finalize.
 OPENSSL_EXPORT int EVP_PKEY_CTX_pqdsa_set_params(EVP_PKEY_CTX *ctx, int nid);
 
 // EVP_PKEY_pqdsa_new_raw_public_key generates a new EVP_PKEY object of type
 // EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
 // public key part of the PQDSA key with the contents of |in|. It returns the
-// pointer to the allocated PKEY on sucess and NULL on error.
+// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
+// as EXPERIMENTAL to indicate that this API may change as the standards around
+// the signature schemes finalize.
 OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t len);
 
 // EVP_PKEY_pqdsa_new_raw_private_key generates a new EVP_PKEY object of type
 // EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
 // secret key part of the PQDSA key with the contents of |in|. It returns the
-// pointer to the allocated PKEY on sucess and NULL on error.
+// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
+// as EXPERIMENTAL to indicate that this API may change as the standards around
+// the signature schemes finalize.
 OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t len);
-#endif
 
 // Diffie-Hellman-specific control functions.
 

include/openssl/pem.h

@@ -88,12 +88,6 @@ extern "C" {
 #define PEM_STRING_PUBLIC "PUBLIC KEY"
 #define PEM_STRING_RSA "RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
-
-#ifdef ENABLE_DILITHIUM
-#define PEM_STRING_DILITHIUM3 "DILITHIUM3 PRIVATE KEY"
-#define PEM_STRING_DILITHIUM3_PUBLIC "DILITHIUM3 PUBLIC KEY"
-#endif
-
 #define PEM_STRING_DSA "DSA PRIVATE KEY"
 #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
 #define PEM_STRING_EC "EC PRIVATE KEY"

tool/speed.cc

@@ -867,7 +867,7 @@ static bool SpeedKEM(std::string selected) {
          SpeedSingleKEM("Kyber1024_R3", NID_KYBER1024_R3, selected);
 }
 
-#if defined(ENABLE_DILITHIUM) && AWSLC_API_VERSION > 31
+#if AWSLC_API_VERSION > 31
 
 static bool SpeedDigestSignNID(const std::string &name, int nid,
                             const std::string &selected) {
@@ -2866,7 +2866,7 @@ bool Speed(const std::vector<std::string> &args) {
 #if AWSLC_API_VERSION > 16
        !SpeedKEM(selected) ||
 #endif
-#if defined(ENABLE_DILITHIUM) && AWSLC_API_VERSION > 31
+#if AWSLC_API_VERSION > 31
        !SpeedDigestSign(selected) ||
 #endif
        !SpeedAEADSeal(EVP_aead_aes_128_gcm(), "AEAD-AES-128-GCM", kTLSADLen, selected) ||