Intermediate Save. Fixed compilation errors on MacOS. Fix for test #11 …

…to remove trying finding Quantum-Safe algorithms' methods when OQS support has not been detected.

src/libpki/datatypes.h

@@ -9,6 +9,9 @@
 #ifndef _LIBPKI_PKI_DATATYPES_H
 #define _LIBPKI_PKI_DATATYPES_H	
 
+// Include the library configuration
+#include <libpki/config.h>
+
 #ifndef _LIBPKI_COMPAT_H
 # include <libpki/compat.h>
 #endif

src/libpki/openssl/pki_oid_defs.h

@@ -6,15 +6,18 @@
 * Released under OpenCA LICENSE
 */
 
+#ifndef _LIBPKI_OID_DEFS_H
+#define _LIBPKI_OID_DEFS_H
+
+// Include the library configuration
+#include <libpki/config.h>
+
 #ifdef ENABLE_OQS
 # ifndef OQS_H
 #  include <oqs/oqs.h>
 # endif
 #endif
 
-#ifndef _LIBPKI_OID_DEFS_H
-#define _LIBPKI_OID_DEFS_H
-
 // GENERAL
 # define LEVEL_OF_ASSURANCE_OID   		    "1.3.6.1.4.1.18227.50.1"
 # define LEVEL_OF_ASSURANCE_NAME            "levelOfAssurance"

src/libpki/openssl/pqc/pqc_defs.h

@@ -6,13 +6,18 @@
 * Released under OpenCA LICENSE
 */
 
-#ifndef OQS_H
-#include <oqs/oqs.h>
-#endif
-
 #ifndef _LIBPKI_PQC_DEFS_H
 #define _LIBPKI_PQC_DEFS_H
 
+// Include the library configuration
+#include <libpki/config.h>
+
+#ifdef ENABLE_OQS
+# ifndef OQS_H
+#  include <oqs/oqs.h>
+# endif
+#endif
+
 // ===============
 // OQS definitions
 // ===============

src/openssl/composite/composite_ctx.c

@@ -312,7 +312,7 @@ int COMPOSITE_CTX_explicit_algors_new0(COMPOSITE_CTX              * ctx,
                                        const COMPOSITE_KEY_STACK  * const components,
                                        X509_ALGORS               ** algors) {
 
-  int sk_num = 0;
+  int stack_elements_num = 0;
     // Number of elements in the stack
 
   X509_ALGORS * sk = NULL;
@@ -343,8 +343,8 @@ int COMPOSITE_CTX_explicit_algors_new0(COMPOSITE_CTX              * ctx,
   }
 
   // Gets the number of components
-  if ((sk_num = COMPOSITE_KEY_STACK_num(components)) < 2) {
-    PKI_DEBUG("Insufficient number of components in the key stack (%d)", sk_num);
+  if ((stack_elements_num = COMPOSITE_KEY_STACK_num(components)) < 2) {
+    PKI_DEBUG("Insufficient number of components in the key stack (%d)", stack_elements_num);
     return PKI_ERR;
   }
 
@@ -545,8 +545,8 @@ int COMPOSITE_CTX_explicit_algors_new0(COMPOSITE_CTX              * ctx,
     } break;
 
     case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_P521: {
-      if (sk_num != 3) {
-        PKI_DEBUG("Insufficient number of components in the key stack (%d)", sk_num);
+      if (stack_elements_num != 3) {
+        PKI_DEBUG("Insufficient number of components in the key stack (%d)", stack_elements_num);
         return PKI_ERR;
       }
       // Dilithium5 component
@@ -568,8 +568,8 @@ int COMPOSITE_CTX_explicit_algors_new0(COMPOSITE_CTX              * ctx,
     } break;
 
     case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_RSA: {
-      if (sk_num != 3) {
-        PKI_DEBUG("Insufficient number of components in the key stack (%d)", sk_num);
+      if (stack_elements_num != 3) {
+        PKI_DEBUG("Insufficient number of components in the key stack (%d)", stack_elements_num);
         return PKI_ERR;
       }
       // Dilithium5 component
@@ -596,8 +596,11 @@ int COMPOSITE_CTX_explicit_algors_new0(COMPOSITE_CTX              * ctx,
       return PKI_ERR;
   }
 
+  int algor_num = sk_X509_ALGOR_num(sk);
+  int components_num = COMPOSITE_KEY_STACK_num(components);
+
   // Checks the number of components and algorithms to be the same
-  if (sk_X509_ALGOR_num(sk) != COMPOSITE_KEY_STACK_num(components)) {
+  if (algor_num != components_num) {
     PKI_DEBUG("Number of components (%d) and algorithms (%d) do not match",
               COMPOSITE_KEY_STACK_num(components), sk_X509_ALGOR_num(ctx->sig_algs));
     sk_X509_ALGOR_pop_free(sk, X509_ALGOR_free);

src/openssl/pki_algor.c

@@ -434,6 +434,8 @@ int PKI_SCHEME_ID_is_post_quantum(PKI_SCHEME_ID id) {
 
 	switch (id) {
 
+#ifdef ENABLE_OQS
+
 		// Signature
 	#ifdef OQS_ENABLE_SIG_DILITHIUM
 		case PKI_SCHEME_DILITHIUM:
@@ -466,6 +468,8 @@ int PKI_SCHEME_ID_is_post_quantum(PKI_SCHEME_ID id) {
 			// Nothing to do
 		} break;
 
+#endif // End of ENABLE_OQS
+
 		default:
 			// Non-Post Quantum
 			return PKI_ERR;
@@ -1184,6 +1188,8 @@ PKI_SCHEME_ID PKI_SCHEME_ID_get_by_name(const char * data, int *classic_sec_bits
 		return PKI_SCHEME_UNKNOWN;
 	}
 
+#ifdef ENABLE_OQS
+
 	// Explicit Composite - DILITHIUM3-P256
 	if (str_cmp_ex(data, OPENCA_ALG_PKEY_EXP_COMP_EXPLICIT_DILITHIUM3_P256_SHA256_OID, 0, 1) == 0 ||
 		str_cmp_ex(data, OPENCA_ALG_PKEY_EXP_COMP_EXPLICIT_DILITHIUM3_P256_SHA256_NAME, 0, 1) == 0 ||
@@ -1295,39 +1301,6 @@ PKI_SCHEME_ID PKI_SCHEME_ID_get_by_name(const char * data, int *classic_sec_bits
 				str_cmp_ex(data, "D5-F1024-RSA", 0, 1) == 0 ||
 				str_cmp_ex(data, "DILITHIUM5-FALCON1024-RSA", 0, 1) == 0) {
 		ret = PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_RSA;
-	// RSA Option
-	} else if (str_cmp_ex(data, "RSA", 0, 1) == 0) {
-		ret = PKI_SCHEME_RSA;
-	// RSA-PSS Option
-	} else if (str_cmp_ex(data, "RSAPSS", 0, 1) == 0 ||
-			   str_cmp_ex(data, "RSA-PSS", 0, 1) == 0) {
-		ret = PKI_SCHEME_RSAPSS;
-	// ED 25519 Option
-	} else if (str_cmp_ex(data, "ED25519", 0, 1) == 0) {
-		ret = PKI_SCHEME_ED25519;
-	// X25519 Option
-	} else if (str_cmp_ex(data, "X25519", 0, 1) == 0) {
-		ret = PKI_SCHEME_X25519;
-	// ED 448 Option
-	} else if (str_cmp_ex(data, "ED448", 0, 1) == 0) {
-		ret = PKI_SCHEME_ED448;
-	// X448 Option
-	} else if (str_cmp_ex(data, "X448", 0, 1) == 0) {
-		ret = PKI_SCHEME_X448;
-	// EC Option
-	} else if (str_cmp_ex(data, "EC", 0, 1) == 0 ||
-			   str_cmp_ex(data, "ECDSA", 0, 1) == 0 ||
-			   str_cmp_ex(data, "B128", 0, 1) == 0 ||
-			   str_cmp_ex(data, "B192", 0, 1) == 0 ||
-			   str_cmp_ex(data, "B256", 0, 1) == 0 ||
-			   str_cmp_ex(data, "Brainpool", 9, 1) == 0 ||
-			   str_cmp_ex(data, "P256", 0, 1) == 0 ||
-			   str_cmp_ex(data, "P384", 0, 1) == 0 ||
-			   str_cmp_ex(data, "P512", 0, 1) == 0) {
-		ret = PKI_SCHEME_ECDSA;
-	// DSA
-	} else if (str_cmp_ex(data, "DSA", 0, 1) == 0) {
-		ret = PKI_SCHEME_DSA;
 	} else if (str_cmp_ex(data, "DILITHIUMX3", 0, 1) == 0) { 
 		ret = PKI_SCHEME_DILITHIUMX3;
 	} else if (str_cmp_ex(data, "DILITHIUM2", 0, 1) == 0) {
@@ -1365,17 +1338,60 @@ PKI_SCHEME_ID PKI_SCHEME_ID_get_by_name(const char * data, int *classic_sec_bits
 		ret = PKI_SCHEME_KYBER;
 	}
 
-	if (!ret) {
-		// Some debugging
-		PKI_DEBUG("Cannot Convert [%s] into a recognized OID.", data);
+#endif
+
+	// Checks for Traditional Crypto
+	// =============================
+
+	if (ret == PKI_SCHEME_UNKNOWN) {
+		// RSA Option
+		if (str_cmp_ex(data, "RSA", 0, 1) == 0) {
+			ret = PKI_SCHEME_RSA;
+		// RSA-PSS Option
+		} else if (str_cmp_ex(data, "RSAPSS", 0, 1) == 0 ||
+				str_cmp_ex(data, "RSA-PSS", 0, 1) == 0) {
+			ret = PKI_SCHEME_RSAPSS;
+		// ED 25519 Option
+		} else if (str_cmp_ex(data, "ED25519", 0, 1) == 0) {
+			ret = PKI_SCHEME_ED25519;
+		// X25519 Option
+		} else if (str_cmp_ex(data, "X25519", 0, 1) == 0) {
+			ret = PKI_SCHEME_X25519;
+		// ED 448 Option
+		} else if (str_cmp_ex(data, "ED448", 0, 1) == 0) {
+			ret = PKI_SCHEME_ED448;
+		// X448 Option
+		} else if (str_cmp_ex(data, "X448", 0, 1) == 0) {
+			ret = PKI_SCHEME_X448;
+		// EC Option
+		} else if (str_cmp_ex(data, "EC", 0, 1) == 0 ||
+				str_cmp_ex(data, "ECDSA", 0, 1) == 0 ||
+				str_cmp_ex(data, "B128", 0, 1) == 0 ||
+				str_cmp_ex(data, "B192", 0, 1) == 0 ||
+				str_cmp_ex(data, "B256", 0, 1) == 0 ||
+				str_cmp_ex(data, "Brainpool", 9, 1) == 0 ||
+				str_cmp_ex(data, "P256", 0, 1) == 0 ||
+				str_cmp_ex(data, "P384", 0, 1) == 0 ||
+				str_cmp_ex(data, "P512", 0, 1) == 0) {
+			ret = PKI_SCHEME_ECDSA;
+		// DSA
+		} else if (str_cmp_ex(data, "DSA", 0, 1) == 0) {
+			ret = PKI_SCHEME_DSA;
+		}
 	}
 
-	// Checks if we need to retrieve the default security bits
-	if (default_sec_bits) {
-		// Returns the security bits for the scheme
-		if (PKI_ERR == PKI_SCHEME_ID_security_bits(ret, classic_sec_bits, quantum_sec_bits)) {
-			PKI_DEBUG("Cannot get security bits for scheme %d", ret);
-			return PKI_SCHEME_UNKNOWN;
+	// Checks if we found the scheme
+	if (ret == PKI_SCHEME_UNKNOWN) {
+		// Some debugging
+		PKI_DEBUG("Cannot Convert [%s] into a recognized OID.", data);
+	} else {
+		// Checks if we need to retrieve the default security bits
+		if (default_sec_bits) {
+			// Returns the security bits for the scheme
+			if (PKI_ERR == PKI_SCHEME_ID_security_bits(ret, classic_sec_bits, quantum_sec_bits)) {
+				PKI_DEBUG("Cannot get security bits for scheme %d", ret);
+				return PKI_SCHEME_UNKNOWN;
+			}
 		}
 	}
 

src/openssl/pki_id.c

@@ -195,6 +195,8 @@ int PKI_ID_is_pqc(PKI_ID id, PKI_SCHEME_ID * scheme_id) {
 	// Checks the PKEY / Signatures
 	switch (id) {
 
+#ifdef ENABLE_PQC
+
 		// Signature Algorithms
 		case NID_dilithium2:
         case NID_dilithium3:
@@ -260,6 +262,8 @@ int PKI_ID_is_pqc(PKI_ID id, PKI_SCHEME_ID * scheme_id) {
 			return PKI_OK;
 		} break;
 
+#endif // End of ENABLE_PQC
+
 		default:
 			break;
 	}

src/openssl/pki_keypair.c

@@ -926,7 +926,7 @@ int PKI_X509_KEYPAIR_get_curve(const PKI_X509_KEYPAIR *kp) {
 	}
 
 	// Retrieves the EC key
-	EC_KEY * ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)kp->value);
+	EC_KEY * ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY((EVP_PKEY *)kp->value);
 	if (!ec) {
 		PKI_ERROR(PKI_ERR_POINTER_NULL, NULL);
 		return PKI_ERR;

src/openssl/pki_keyparams.c

@@ -790,6 +790,8 @@ int PKI_KEYPARAMS_set_oqs_key_params(PKI_KEYPARAMS * kp, PKI_ALGOR_OQS_PARAM alg
 /*! \brief Sets the bits size for key generation */
 int PKI_KEYPARAMS_add_key(PKI_KEYPARAMS * kp, PKI_X509_KEYPAIR * key) {
 
+#ifdef ENABLE_COMPOSITE
+
 	int add_key_id = -1;
 	int last_key_id = -1;
 	int next_required_id = -1;
@@ -840,6 +842,8 @@ int PKI_KEYPARAMS_add_key(PKI_KEYPARAMS * kp, PKI_X509_KEYPAIR * key) {
 			next_required_id = 0; // No Required ID (any can work)
 		} break;
 
+#ifdef ENABLE_OQS
+
 		case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_RSA: {
 
 			// NID_dilithium3
@@ -1064,6 +1068,8 @@ int PKI_KEYPARAMS_add_key(PKI_KEYPARAMS * kp, PKI_X509_KEYPAIR * key) {
 				return PKI_ERR;
 			}
 		} break;
+
+#endif // End of ENABLE_OQS
 
 		default: {
 			// Not Handled
@@ -1088,6 +1094,14 @@ int PKI_KEYPARAMS_add_key(PKI_KEYPARAMS * kp, PKI_X509_KEYPAIR * key) {
 
 	// All Done
 	return PKI_OK;
+
+#else
+
+	// No Composite Support
+	return PKI_ERR;
+
+#endif // End of ENABLE_COMPOSITE
+
 }
 
 /*! \brief Sets the k_of_n parameter for Composite keys */

src/openssl/pqc/pqc_asn1_meth.c

@@ -1,8 +1,7 @@
 
-
-#ifndef _LIBPKI_PQC_AMETH_LOCAL_H
 #include "pqc_asn1_meth.h"
-#endif
+
+#ifdef ENABLE_OQS
 
 // ===========
 // AMETH Tools
@@ -514,3 +513,5 @@ int oqs_ameth_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) {
 // DEFINE_OQS_EVP_METHODS(sphincssha256128frobust, NID_sphincssha256128frobust, "sphincssha256128frobust", "OpenSSL SPHINCS+-SHA256-128f-robust algorithm")
 // DEFINE_OQS_EVP_METHODS(sphincsshake256128frobust, NID_sphincsshake256128frobust, "sphincsshake256128frobust", "OpenSSL SPHINCS+-SHAKE256-128f-robust algorithm")
 // ///// OQS_TEMPLATE_FRAGMENT_DEFINE_OQS_EVP_METHS_END
+
+#endif // End of ENABLE_OQS

src/openssl/pqc/pqc_asn1_meth.h

@@ -2,6 +2,11 @@
 #ifndef _LIBPKI_PQC_AMETH_LOCAL_H
 #define _LIBPKI_PQC_AMETH_LOCAL_H
 
+// Include the library configuration
+#include <libpki/config.h>
+
+#ifdef ENABLE_OQS
+
 #ifndef _LIBPKI_OS_H
 #include <libpki/os.h>
 #endif
@@ -22,6 +27,10 @@
 #include "pqc_tools.h"
 #endif
 
+#ifndef HEADER_OPENSSL_TYPES_H
+#include <openssl/ossl_typ.h>
+#endif
+
 #ifndef HEADER_ERR_H
 #include <openssl/err.h>
 #endif
@@ -127,4 +136,6 @@ int oqs_ameth_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2);
 
 END_C_DECLS
 
-# endif // End of _LIBPKI_PQC_AMETH_LOCAL_H
+# endif // End of ENABLE_OQS
+
+#endif // End of _LIBPKI_PQC_AMETH_LOCAL_H