softhsm
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 46 additions & 9 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 46 additions & 9 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 2 deletions b/‎.gitignore‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmake/modules/CompilerOptions.cmake‎
Lines changed: 21 additions & 0 deletions b/‎cmake/modules/CompilerOptions.cmake‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎cmake/modules/tests/test_openssl_mldsa.c‎
Lines changed: 12 additions & 0 deletions b/‎cmake/modules/tests/test_openssl_mldsa.c‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎configure.ac‎
Lines changed: 1 addition & 0 deletions b/‎configure.ac‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎m4/acx_openssl_mldsa.m4‎
Lines changed: 1 addition & 0 deletions b/‎m4/acx_openssl_mldsa.m4‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/bin/util/CMakeLists.txt‎
Lines changed: 4 additions & 0 deletions b/‎src/bin/util/CMakeLists.txt‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/bin/util/Makefile.am‎
Lines changed: 2 additions & 0 deletions b/‎src/bin/util/Makefile.am‎
Lines changed: 2 additions & 0 deletions
@@ -143,35 +143,71 @@ jobs:
           make check || (find . -name test-suite.log -exec cat {} \; && false)
 
   windows:
-    name: Windows (${{ matrix.arch }}, ${{ matrix.backend }})
+    name: Windows (${{ matrix.arch }}, ${{ matrix.backend }}, OpenSSL ${{ matrix.ossl-version }})
     runs-on: windows-2022
     strategy:
       fail-fast: false
       matrix:
         include:
+          # OpenSSL 1.1.1n variants (+ Botan 2.19.3)
           - arch: x64
             backend: openssl
             target-platform: x64
-            build-options:
+            ossl-version: "1.1.1n"
+            botan-version: ""
+            build-options: ""
           - arch: x64
             backend: botan
             target-platform: x64
-            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+            ossl-version: "1.1.1n"
+            botan-version: "2.19.3"
+            build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
           - arch: x86
             backend: openssl
             target-platform: Win32
-            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+            ossl-version: "1.1.1n"
+            botan-version: ""
+            build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
+          # OpenSSL 3.4.1
+          - arch: x64
+            backend: openssl
+            target-platform: x64
+            ossl-version: "3.4.1"
+            botan-version: ""
+            build-options: ""
+          - arch: x86
+            backend: openssl
+            target-platform: Win32
+            ossl-version: "3.4.1"
+            botan-version: ""
+            build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
+          # OpenSSL 3.5.4 + ML-DSA (x64 only — 32-bit runner limitation)
+          - arch: x64
+            backend: openssl
+            target-platform: x64
+            ossl-version: "3.5.4"
+            botan-version: ""
+            build-options: "-DENABLE_MLDSA=ON"
+            mldsa-test: "true"
     steps:
       - uses: actions/checkout@v4
       - uses: ilammy/msvc-dev-cmd@v1
         with:
           arch: ${{ matrix.arch }}
       - name: Create vcpkg.json
-        run: >
-          echo '{ "dependencies": [ "openssl", "botan", "cppunit" ],
-                  "overrides": [ { "name": "openssl", "version-string": "1.1.1n" },
-                                 { "name": "botan",   "version-string": "2.19.3" } ],
-                  "builtin-baseline": "38d1652f152d36481f2f4e8a85c0f1e14f3769f7" }' > vcpkg.json
+        shell: pwsh
+        run: |
+          $deps = @("openssl", "cppunit")
+          $overrides = @(@{ name = "openssl"; "version-string" = "${{ matrix.ossl-version }}" })
+          if ("${{ matrix.backend }}" -eq "botan") {
+            $deps += "botan"
+            $overrides += @{ name = "botan"; "version-string" = "${{ matrix.botan-version }}" }
+          }
+          [ordered]@{
+            dependencies     = $deps
+            overrides        = $overrides
+            "builtin-baseline" = "38d1652f152d36481f2f4e8a85c0f1e14f3769f7"
+          } | ConvertTo-Json -Depth 5 | Out-File vcpkg.json -Encoding utf8
       - uses: seanmiddleditch/vcpkg-action@master
         id: vcpkg
         with:
@@ -186,5 +222,6 @@ jobs:
       - name: Test
         env:
           CTEST_OUTPUT_ON_FAILURE: 1
+          MLDSA_TEST: ${{ matrix.mldsa-test || '' }}
         run: |
           cmake --build build --target RUN_TESTS
@@ -81,5 +81,5 @@ src/lib/test/softhsm2-reset-on-fork.conf
 src/lib/test/softhsm2-mech.conf
 src/lib/test/softhsm2-negative-mech.conf
 src/lib/test/softhsm2.conf
-src/lib/test/tokens/64d6c3fe-1575-1736-1d26-5ccb28440ea7/
-src/lib/test/tokens/dummy
+src/lib/test/tokens
+src/bin/util/test/tokens
@@ -370,6 +370,27 @@ elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl")
         message(STATUS "OpenSSL: Support for EDDSA is disabled")
     endif(ENABLE_EDDSA)
 
+    # acx_openssl_mldsa.m4
+    if(ENABLE_MLDSA)
+        # ML-DSA
+        set(testfile ${CMAKE_SOURCE_DIR}/cmake/modules/tests/test_openssl_mldsa.c)
+        try_run(RUN_MLDSA COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_MLDSA EQUAL 0)
+            set(WITH_ML_DSA 1)
+            message(STATUS "OpenSSL: Found ML-DSA")
+        else()
+            set(error_msg "OpenSSL: Cannot find ML-DSA! OpenSSL library has no ML-DSA support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_MLDSA)
+        message(STATUS "OpenSSL: Support for ML-DSA is disabled")
+    endif(ENABLE_MLDSA)
+
     # acx_openssl_gost.m4
     if(ENABLE_GOST)
         set(testfile ${CMAKE_SOURCE_DIR}/cmake/modules/tests/test_openssl_gost.c)
 
@@ -0,0 +1,12 @@
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main()
+{
+    EVP_PKEY_CTX *ctx;
+    ctx = EVP_PKEY_CTX_new_from_name(NULL, "ML-DSA-44", NULL);
+    
+    if (ctx == NULL)
+        return 1;
+    EVP_PKEY_CTX_free(ctx);
+    return 0;
+}
@@ -232,6 +232,7 @@ AC_CONFIG_FILES([
 	src/bin/keyconv/Makefile
 	src/bin/migrate/Makefile
 	src/bin/util/Makefile
+	src/bin/util/test/Makefile
 ])
 
 AC_OUTPUT
@@ -20,6 +20,7 @@ AC_DEFUN([ACX_OPENSSL_MLDSA],[
     					EVP_PKEY_CTX_new_from_name(NULL, "ML-DSA-44", NULL);
 						if (pctx == NULL)
 							return 1;
+						EVP_PKEY_CTX_free(pctx);
 						return 0;
 				}
 			]])
 
@@ -43,3 +43,7 @@ install(TARGETS ${PROJECT_NAME}
 install(FILES ${PROJECT_NAME}.1
         DESTINATION ${CMAKE_INSTALL_MANDIR}/man1
         )
+
+if(BUILD_TESTS)
+    add_subdirectory(test)
+endif(BUILD_TESTS)
@@ -36,6 +36,8 @@ if WITH_BOTAN
 softhsm2_util_SOURCES +=	softhsm2-util-botan.cpp
 endif
 
+SUBDIRS =		test
+
 EXTRA_DIST =		$(srcdir)/CMakeLists.txt \
 			$(srcdir)/*.h \
 			$(srcdir)/*.cpp
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ AC_DEFUN([ACX_OPENSSL_MLDSA],[`
`20`	`20`	`EVP_PKEY_CTX_new_from_name(NULL, "ML-DSA-44", NULL);`
`21`	`21`	`if (pctx == NULL)`
`22`	`22`	`return 1;`
	`23`	`+ EVP_PKEY_CTX_free(pctx);`
`23`	`24`	`return 0;`
`24`	`25`	`}`
`25`	`26`	`]])`
Original file line number	Diff line number	Diff line change
`@@ -43,3 +43,7 @@ install(TARGETS ${PROJECT_NAME}`
`43`	`43`	`install(FILES ${PROJECT_NAME}.1`
`44`	`44`	`DESTINATION ${CMAKE_INSTALL_MANDIR}/man1`
`45`	`45`	`)`
	`46`	`+`
	`47`	`+if(BUILD_TESTS)`
	`48`	`+ add_subdirectory(test)`
	`49`	`+endif(BUILD_TESTS)`