Help needed regarding public/private portion of EVP_PKEY structure used for encoding

[umairsafdar768]

Hello,
I have been playing around with the different tests that are included with oqsprovider in tests directory, specifically the oqs_test_endecode.c file. Consider the following (modified) version of this file:

// SPDX-License-Identifier: Apache-2.0 AND MIT

#include "oqs/oqs.h"
#include "test_common.h"
#include <openssl/buffer.h>
#include <openssl/core_names.h>
#include <openssl/decoder.h>
#include <openssl/encoder.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/provider.h>
#include <openssl/trace.h>
#include <string.h>

static OSSL_LIB_CTX *libctx = NULL;
static char *modulename = NULL;
static char *configfile = NULL;
static char *testpropq = NULL;
static OSSL_LIB_CTX *keyctx = NULL;
static OSSL_LIB_CTX *testctx = NULL;

static OSSL_PROVIDER *dfltprov = NULL;
static OSSL_PROVIDER *keyprov = NULL;

#define nelem(a) (sizeof(a) / sizeof((a)[0]))

typedef struct endecode_params_st {
    char *format;
    char *structure;
    char *keytype;
    char *pass;
    int selection;

} ENDECODE_PARAMS;

static ENDECODE_PARAMS test_params_list[] = {
    {"PEM", "PrivateKeyInfo", NULL, NULL,
     OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
    {"PEM", "EncryptedPrivateKeyInfo", NULL,
     "Pass the holy handgrenade of antioch",
     OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS},
    {"PEM", "SubjectPublicKeyInfo", NULL, NULL,
     OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
    {"DER", "PrivateKeyInfo", NULL, NULL,
     OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
    {"DER", "EncryptedPrivateKeyInfo", NULL,
     "Pass the holy handgrenade of antioch",
     OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS},
    {"DER", "SubjectPublicKeyInfo", NULL, NULL,
     OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
};

static EVP_PKEY *oqstest_make_key(const char *type, EVP_PKEY *template,
                                  OSSL_PARAM *genparams)
{
    EVP_PKEY *pkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;

    if (!alg_is_enabled(type)) {
        printf("Not generating key for disabled algorithm %s.\n", type);
        return NULL;
    }

    ctx = (template != NULL)
              ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
              : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);

    /*
     * No real need to check the errors other than for the cascade
     * effect.  |pkey| will simply remain NULL if something goes wrong.
     */
    (void)(ctx != NULL && EVP_PKEY_keygen_init(ctx) > 0
           && (genparams == NULL || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
           && EVP_PKEY_keygen(ctx, &pkey) > 0);
    EVP_PKEY_CTX_free(ctx);
    return pkey;
}

static int encode_EVP_PKEY_prov(const EVP_PKEY *pkey, const char *format,
                                const char *structure, const char *pass,
                                const int selection, BUF_MEM **encoded)
{
    OSSL_ENCODER_CTX *ectx;
    BIO *mem_ser = NULL;
    BUF_MEM *mem_buf = NULL;
    const char *cipher = "AES-256-CBC";
    int ok = 0;

    ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, format, structure,
                                         NULL);
    if (ectx == NULL) {
        printf("No suitable encoder found\n");
        goto end;
    }

    if (pass != NULL) {
        OSSL_ENCODER_CTX_set_passphrase(ectx, (const unsigned char *)pass,
                                        strlen(pass));
        OSSL_ENCODER_CTX_set_cipher(ectx, cipher, NULL);
    }
    mem_ser = BIO_new(BIO_s_mem());
    if (!OSSL_ENCODER_to_bio(ectx, mem_ser)) {
        /* encoding failure */
        goto end;
    }

    BIO_get_mem_ptr(mem_ser, &mem_buf);
    if (mem_buf == NULL || mem_buf->length == 0)
        goto end;

    /* pkey was successfully encoded into the bio */
    *encoded = BUF_MEM_new();
    (*encoded)->data = mem_buf->data;
    (*encoded)->length = mem_buf->length;

    /* Detach the encoded output */
    mem_buf->data = NULL;
    mem_buf->length = 0;
    ok = 1;

end:
    BIO_free(mem_ser);
    OSSL_ENCODER_CTX_free(ectx);
    return ok;
}

static int decode_EVP_PKEY_prov(const char *input_type, const char *structure,
                                const char *pass, const char *keytype,
                                const int selection, EVP_PKEY **object,
                                const void *encoded, const long encoded_len)
{
    EVP_PKEY *pkey = NULL;
    OSSL_DECODER_CTX *dctx = NULL;
    BIO *encoded_bio = NULL;

    int ok = 0;

    encoded_bio = BIO_new_mem_buf(encoded, encoded_len);
    if (encoded_bio == NULL)
        goto end;

    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, input_type, structure, keytype,
                                         selection, keyctx, NULL);
    if (dctx == NULL)
        goto end;

    if (pass != NULL)
        OSSL_DECODER_CTX_set_passphrase(dctx, (const unsigned char *)pass,
                                        strlen(pass));

    if (!OSSL_DECODER_from_bio(dctx, encoded_bio))
        goto end;

    OSSL_DECODER_CTX_free(dctx);
    dctx = NULL;

    ok = 1;
    *object = pkey;
    pkey = NULL;

end:
    BIO_free(encoded_bio);
    OSSL_DECODER_CTX_free(dctx);
    EVP_PKEY_free(pkey);
    return ok;
}

static int test_oqs_encdec(const char *alg_name)
{
    EVP_PKEY *pkey = NULL;
    EVP_PKEY *decoded_pkey = NULL;
    BUF_MEM *encoded = NULL;
    size_t i;
    int ok = 0;

    //for (i = 0; i < nelem(test_params_list); i++) {
        pkey = oqstest_make_key(alg_name, NULL, NULL);
        if (pkey == NULL)
            goto end;
        //pkey contains a kyber512 key pair in it.
        if (!encode_EVP_PKEY_prov(pkey, test_params_list[5].format,
                                  test_params_list[5].structure,
                                  test_params_list[5].pass,
                                  test_params_list[5].selection, &encoded)) {
            printf("Failed encoding %s", alg_name);
            goto end;
        }
        if (!decode_EVP_PKEY_prov(
                test_params_list[5].format, test_params_list[5].structure,
                test_params_list[5].pass, test_params_list[5].keytype,
                test_params_list[5].selection, &decoded_pkey, encoded->data,
                encoded->length)) {
            printf("Failed decoding %s", alg_name);
            goto end;
        }

        if (EVP_PKEY_eq(pkey, decoded_pkey) != 1) {
            printf("Key equality failed for %s", alg_name);
            goto end;
        }

        EVP_PKEY_CTX *actx = NULL;
    if ((actx = EVP_PKEY_CTX_new_from_pkey(keyctx, decoded_pkey, NULL)) == NULL){
        fprintf(stderr, cRED " EVP_PKEY_CTX_new_from_pkey failure" cNORM "\n");
        goto end;
    }
    if(EVP_PKEY_private_check(actx)==1){
        printf("Private Key yes!\n");
        goto end;
    }
    else{
        printf("no private key\n");
    }
    EVP_PKEY_CTX_free(actx);


        EVP_PKEY_free(pkey);
        pkey = NULL;
        EVP_PKEY_free(decoded_pkey);
        decoded_pkey = NULL;
        BUF_MEM_free(encoded);
        encoded = NULL;
    //}
    ok = 1;
    

end:
    EVP_PKEY_free(pkey);
    EVP_PKEY_free(decoded_pkey);
    BUF_MEM_free(encoded);
    return ok;
}

static int test_algs(const OSSL_ALGORITHM *algs)
{
    int errcnt = 0;
    //for (; algs->algorithm_names != NULL; algs++) {
        if (test_oqs_encdec("kyber512")) {
            fprintf(stderr,
                    cGREEN "  Encoding/Decoding test succeeded for Kyber512" cNORM "\n");
        } else {
            fprintf(stderr,
                    cRED "  Encoding/Decoding test failed for Kyber512" cNORM "\n");
            ERR_print_errors_fp(stderr);
            errcnt++;
        }
    //}
    return errcnt;
}
#define MIN(X, Y) (((X) < (Y)) ? (X) : (Y))
int alg_is_enabled(const char *algname)
{
    char *alglist = getenv("OQS_SKIP_TESTS");
    char *comma = NULL;
    char totest[200];

    if (alglist == NULL)
        return 1;

    while ((comma = strchr(alglist, ','))) {
        memcpy(totest, alglist, MIN(200, comma - alglist));
        totest[comma - alglist] = '\0';
        if (strstr(algname, totest))
            return 0;
        alglist = comma + 1;
    }
    return strstr(algname, alglist) == NULL;
}
void load_oqs_provider(OSSL_LIB_CTX *libctx, const char *modulename,
                       const char *configfile)
{
    T(OSSL_LIB_CTX_load_config(libctx, configfile));
    T(OSSL_PROVIDER_available(libctx, modulename));
}
int main(int argc, char *argv[])
{
    size_t i;
    int errcnt = 0, test = 0, query_nocache;
    OSSL_PROVIDER *oqsprov = NULL;
    const OSSL_ALGORITHM *algs;

    T((libctx = OSSL_LIB_CTX_new()) != NULL);
   //T(argc == 3);
    modulename = "oqsprovider";
    configfile = "/home/umair/provider-testing/oqs.cnf";

    load_oqs_provider(libctx, modulename, configfile);

    keyctx = OSSL_LIB_CTX_new();

    load_oqs_provider(keyctx, modulename, configfile);

    dfltprov = OSSL_PROVIDER_load(keyctx, "default");
    keyprov = OSSL_PROVIDER_load(keyctx, modulename);
    oqsprov = OSSL_PROVIDER_load(libctx, modulename);

    algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE,
                                         &query_nocache);

    // if (algs) {
    //     errcnt += test_algs(algs);
    // } else {
    //     fprintf(stderr, cRED "  No signature algorithms found" cNORM "\n");
    //     ERR_print_errors_fp(stderr);
    //     errcnt++;
    // }

//#ifdef OQS_KEM_ENCODERS
    algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_KEM, &query_nocache);

    if (algs) {
        errcnt += test_algs(algs);
    } else {
        fprintf(stderr, cRED "  No KEM algorithms found" cNORM "\n");
        ERR_print_errors_fp(stderr);
        errcnt++;
    }
//#endif /* OQS_KEM_ENCODERS */

    OSSL_PROVIDER_unload(dfltprov);
    OSSL_PROVIDER_unload(keyprov);
    if (OPENSSL_VERSION_PREREQ(3, 1))
        OSSL_PROVIDER_unload(oqsprov); // avoid crash in 3.0.x
    OSSL_LIB_CTX_free(libctx);
    OSSL_LIB_CTX_free(keyctx);

    TEST_ASSERT(errcnt == 0)
    return !test;
}

If I understand correctly, the function EVP_PKEY_private_check() is used to verify the private portion of an EVP_PKEY structure. Now in above code, the OSSL_KEYMGMT_SELECT_PUBLIC_KEY selection is being used, which according to this link states that only public portion from the EVP_PKEY structure is considered. This means that after the decode_EVP_PKEY_prov() function, the 'decoded_pkey' should contain only the public key.
If I run the above code, I am getting success for private key verification of the 'decoded_pkey' using the function EVP_PKEY_private_check (which should not be the case, because I only encoded the public portion of the keypair)
I would be very thankful to be pointed in the right direction here. My goal is to encode only the public key portion of the keypair so that it can be sent to the other party for KEM encapsulation, but currently it seems like both public and private information is being encoded.

[baentsch]

I'm not sure what you're asking of us: This feels a bit like you're asking us to debug your code:

because I only encoded the public portion of the keypair

To reduce the amount of code we need to understand, can I ask you to formulate the issue by way of a bug report with the minimal amount of code needed to show dubious behaviour (of course also referencing the relevant documentation)? Alternatively, highlight the modifications to our code and explain the rationale for those modifications.

[umairsafdar768]

Thanks for the response, let me try to rephrase my query.
If an EVP_PKEY structure (containing a Kyber512 key pair) is encoded using the function OSSL_ENCODER_CTX_new_for_pkey() with selection parameter set to OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, the resulting encoded data should only contain the public key of the EVP_PKEY structure.
If later the above encoded data is decoded using the function decode_EVP_PKEY_prov(), the resulting EVP_PKEY structure will only contain the public key. And if we try to verify this using the function EVP_PKEY_private_check() it should not pass because there is no private key in the decoded data.
Just want to know if this understanding is correct or am I missing something here.
I am referencing the oqs_test_endecode.c file here with just a EVP_PKEY_private_check() check added after decoding function to see if it contains private key or not.
Sorry if this is a silly question, I'll appreciate any hints.

Bets regards
Umair

[baentsch]

Thanks for the textual description of what you're trying to check, @umairsafdar768 : That helped me understand your goal. Yes, we share a common understanding here.

I am referencing the oqs_test_endecode.c file here with just a EVP_PKEY_private_check() check added after decoding function to see if it contains private key or not.

If this is the only addition to the test (? is it? I thus prefer diffs over long code snippets) then this wouldn't cut it as the tests run over several structs, some without, but also some with private key, see

oqs-provider/test/oqs_test_endecode.c

Lines 36 to 50 in 81eae6d

	static ENDECODE_PARAMS test_params_list[] = {
	{"PEM", "PrivateKeyInfo", NULL, NULL,
	OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
	{"PEM", "EncryptedPrivateKeyInfo", NULL,
	"Pass the holy handgrenade of antioch",
	OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS},
	{"PEM", "SubjectPublicKeyInfo", NULL, NULL,
	OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
	{"DER", "PrivateKeyInfo", NULL, NULL,
	OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
	{"DER", "EncryptedPrivateKeyInfo", NULL,
	"Pass the holy handgrenade of antioch",
	OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS},
	{"DER", "SubjectPublicKeyInfo", NULL, NULL,
	OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},

I absolutely don't want to rule out there's something fishy based on your description, but what would help us most to get to the bottom of this would be a (separate? parameterized?) test case for this: If you'd be willing to do that (?), I'd gladly review it in the form of a PR -- and if it documents an error, even better -- that would (after fixing :) make the whole system better.

[umairsafdar768]

If this is the only addition to the test (? is it? I thus prefer diffs over long code snippets)

No its not the only addition. I'll share a diff of my modifications.

as the tests run over several structs, some without, but also some with private key, see

Yes, I am aware of that, and one of the modifications to the test is; using only the last element of this array static ENDECODE_PARAMS test_params_list[] (at index 5) where only the public key is being selected to be encoded.

Below you can see the diff:

diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c
index 1427d12..3484816 100644
--- a/test/oqs_test_endecode.c
+++ b/test/oqs_test_endecode.c
@@ -49,7 +49,33 @@ static ENDECODE_PARAMS test_params_list[] = {
     {"DER", "SubjectPublicKeyInfo", NULL, NULL,
      OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
 };
-
+//dependencies from "test_common.c"
+#define MIN(X, Y) (((X) < (Y)) ? (X) : (Y))
+int alg_is_enabled(const char *algname)
+{
+    char *alglist = getenv("OQS_SKIP_TESTS");
+    char *comma = NULL;
+    char totest[200];
+
+    if (alglist == NULL)
+        return 1;
+
+    while ((comma = strchr(alglist, ','))) {
+        memcpy(totest, alglist, MIN(200, comma - alglist));
+        totest[comma - alglist] = '\0';
+        if (strstr(algname, totest))
+            return 0;
+        alglist = comma + 1;
+    }
+    return strstr(algname, alglist) == NULL;
+}
+void load_oqs_provider(OSSL_LIB_CTX *libctx, const char *modulename,
+                       const char *configfile)
+{
+    T(OSSL_LIB_CTX_load_config(libctx, configfile));
+    T(OSSL_PROVIDER_available(libctx, modulename));
+}
+//dependencies end
 static EVP_PKEY *oqstest_make_key(const char *type, EVP_PKEY *template,
                                   OSSL_PARAM *genparams)
 {
@@ -172,23 +198,23 @@ static int test_oqs_encdec(const char *alg_name)
     BUF_MEM *encoded = NULL;
     size_t i;
     int ok = 0;
-
-    for (i = 0; i < nelem(test_params_list); i++) {
+    
+    //for (i = 0; i < nelem(test_params_list); i++) {
         pkey = oqstest_make_key(alg_name, NULL, NULL);
         if (pkey == NULL)
             goto end;
-
-        if (!encode_EVP_PKEY_prov(pkey, test_params_list[i].format,
-                                  test_params_list[i].structure,
-                                  test_params_list[i].pass,
-                                  test_params_list[i].selection, &encoded)) {
+        //only using Public portion of keypair in encoding -> 6th element of test_params_list array
+        if (!encode_EVP_PKEY_prov(pkey, test_params_list[5].format,
+                                  test_params_list[5].structure,
+                                  test_params_list[5].pass,
+                                  test_params_list[5].selection, &encoded)) {
             printf("Failed encoding %s", alg_name);
             goto end;
         }
         if (!decode_EVP_PKEY_prov(
-                test_params_list[i].format, test_params_list[i].structure,
-                test_params_list[i].pass, test_params_list[i].keytype,
-                test_params_list[i].selection, &decoded_pkey, encoded->data,
+                test_params_list[5].format, test_params_list[5].structure,
+                test_params_list[5].pass, test_params_list[5].keytype,
+                test_params_list[5].selection, &decoded_pkey, encoded->data,
                 encoded->length)) {
             printf("Failed decoding %s", alg_name);
             goto end;
@@ -198,13 +224,27 @@ static int test_oqs_encdec(const char *alg_name)
             printf("Key equality failed for %s", alg_name);
             goto end;
         }
+        //private key existance check
+        EVP_PKEY_CTX *actx = NULL;
+        if ((actx = EVP_PKEY_CTX_new_from_pkey(keyctx, decoded_pkey, NULL)) == NULL){
+            fprintf(stderr, cRED " EVP_PKEY_CTX_new_from_pkey failure" cNORM "\n");
+            goto end;
+        }
+        if(EVP_PKEY_private_check(actx)==1){
+            printf("Private Key yes!\n");
+            goto end;
+        }
+        else{
+            printf("no private key\n");
+        }
+
         EVP_PKEY_free(pkey);
         pkey = NULL;
         EVP_PKEY_free(decoded_pkey);
         decoded_pkey = NULL;
         BUF_MEM_free(encoded);
         encoded = NULL;
-    }
+    //}
     ok = 1;
 end:
     EVP_PKEY_free(pkey);
@@ -216,19 +256,18 @@ end:
 static int test_algs(const OSSL_ALGORITHM *algs)
 {
     int errcnt = 0;
-    for (; algs->algorithm_names != NULL; algs++) {
-        if (test_oqs_encdec(algs->algorithm_names)) {
+    //only checking one algorithm -> kyber512
+    //for (; algs->algorithm_names != NULL; algs++) {
+        if (test_oqs_encdec("kyber512")) {
             fprintf(stderr,
-                    cGREEN "  Encoding/Decoding test succeeded: %s" cNORM "\n",
-                    algs->algorithm_names);
+                    cGREEN "  Encoding/Decoding test succeeded for Kyber512" cNORM "\n");
         } else {
             fprintf(stderr,
-                    cRED "  Encoding/Decoding test failed: %s" cNORM "\n",
-                    algs->algorithm_names);
+                    cRED "  Encoding/Decoding test failed for Kyber512" cNORM "\n");
             ERR_print_errors_fp(stderr);
             errcnt++;
         }
-    }
+    //}
     return errcnt;
 }
 
@@ -240,9 +279,10 @@ int main(int argc, char *argv[])
     const OSSL_ALGORITHM *algs;
 
     T((libctx = OSSL_LIB_CTX_new()) != NULL);
-    T(argc == 3);
-    modulename = argv[1];
-    configfile = argv[2];
+    //specifying modulename and configfile here instead of taking as arguments
+    //T(argc == 3);
+    modulename = "oqsprovider";
+    configfile = "/home/ros2/diff-oqs/oqs.cnf";
 
     load_oqs_provider(libctx, modulename, configfile);
 
@@ -253,19 +293,20 @@ int main(int argc, char *argv[])
     dfltprov = OSSL_PROVIDER_load(keyctx, "default");
     keyprov = OSSL_PROVIDER_load(keyctx, modulename);
     oqsprov = OSSL_PROVIDER_load(libctx, modulename);
-
-    algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE,
-                                         &query_nocache);
-
-    if (algs) {
-        errcnt += test_algs(algs);
-    } else {
-        fprintf(stderr, cRED "  No signature algorithms found" cNORM "\n");
-        ERR_print_errors_fp(stderr);
-        errcnt++;
-    }
-
-#ifdef OQS_KEM_ENCODERS
+    
+    //disabling signature algorithm check
+    // algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE,
+    //                                      &query_nocache);
+
+    // if (algs) {
+    //     errcnt += test_algs(algs);
+    // } else {
+    //     fprintf(stderr, cRED "  No signature algorithms found" cNORM "\n");
+    //     ERR_print_errors_fp(stderr);
+    //     errcnt++;
+    // }
+//only checking kem algorithm
+//#ifdef OQS_KEM_ENCODERS
     algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_KEM, &query_nocache);
 
     if (algs) {
@@ -275,7 +316,7 @@ int main(int argc, char *argv[])
         ERR_print_errors_fp(stderr);
         errcnt++;
     }
-#endif /* OQS_KEM_ENCODERS */
+//#endif /* OQS_KEM_ENCODERS */
 
     OSSL_PROVIDER_unload(dfltprov);
     OSSL_PROVIDER_unload(keyprov);

In an Ubuntu 22.04 system with openssl 3.2.0 and liboqs 0.8.0 and oqs-provider 0.5.2 installed in default locations (/usr/local), the following can be used to compile the above modified C file:
gcc -o bin oqs_test_endecode.c -loqs -lcrypto and run using ./bin

The expected behavior (based on above diff) is that since only public portion of key pair is being encoded, the EVP_PKEY_private_check() function should not return a '1' and the output should contain

no private key

But the actual behavior is that the function EVP_PKEY_private_check() does return a '1' and

Private Key yes!

is printed as output of the compiled program.

If you'd be willing to do that (?)

Yes I am surely willing to do that. Will a modified oqs_test_endecode.c file based above diff be good for a PR for you to review ? Or if there are any specific requirements for it, please do let me know.

Thanks,
Umair

[baentsch]

Yes I am surely willing to do that. Will a modified oqs_test_endecode.c file based above diff be good for a PR for you to review ? Or if there are any specific requirements for it, please do let me know.

Thanks for your willingness to do that. The specific requirement for any PR is that it refers to the current "main" branch, does not contain references to specific, unknown config files ("/home/ros2/diff-oqs/oqs.cnf" in the diff) or any other hard coded constants. In this case, I'd figure some if statement checking for the conceptual absence of private key material would be sensible.

All that said, I wonder what exactly entails "validation" in the OpenSSL spec for EVP_PKEY_private_check? Do you have any information what this means (particularly outside the realm of a FIPS provider)? Have you tried to execute EVP_PKEY_pairwise_check on the decoded key? Have you tried either operation on the original key before encoding? Have you tried running the oqsprovider in DEBUG and logging mode to see whether OpenSSL tries to invoke operations that the provider may not have?