Move PQDSA to FIPSMODULE (#2166)

As part of validating ML-DSA into AWS-LC-FIPS we must include both PQDSA and ML-DSA directories into the fipsmodule.

Author: jakemas

crypto/CMakeLists.txt

@@ -421,7 +421,6 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
-  evp_extra/p_pqdsa.c
   evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
@@ -471,7 +470,6 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
-  pqdsa/pqdsa.c
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c

crypto/evp_extra/evp_asn1.c

@@ -68,7 +68,7 @@
 #include "../bytestring/internal.h"
 #include "../internal.h"
 #include "internal.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
 // The OID is then searched against ASN.1 methods for a method with that OID.

crypto/evp_extra/p_methods.c

@@ -11,7 +11,6 @@ static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = {
   &x25519_pkey_meth,
   &dh_pkey_meth,
   &dsa_pkey_meth,
-  &pqdsa_pkey_meth
 };
 
 const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {

crypto/evp_extra/p_pqdsa_asn1.c

@@ -7,7 +7,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
-#include "../crypto/pqdsa/internal.h"
+#include "../crypto/fipsmodule/pqdsa/internal.h"
 #include "../crypto/internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../ml_dsa/ml_dsa.h"

crypto/evp_extra/p_pqdsa_test.cc

@@ -15,7 +15,7 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
 #include "../ml_dsa/ml_dsa.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 

crypto/evp_extra/print.c

@@ -65,7 +65,7 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
 #include "../ml_dsa/ml_dsa.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
   for (size_t i = 0; i < len; i++) {

crypto/fipsmodule/bcm.c

@@ -118,6 +118,7 @@
 #include "evp/p_hkdf.c"
 #include "evp/p_hmac.c"
 #include "evp/p_kem.c"
+#include "evp/p_pqdsa.c"
 #include "evp/p_rsa.c"
 #include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
@@ -136,6 +137,7 @@
 #include "modes/xts.c"
 #include "modes/polyval.c"
 #include "pbkdf/pbkdf.c"
+#include "pqdsa/pqdsa.c"
 #include "rand/ctrdrbg.c"
 #include "rand/fork_detect.c"
 #include "rand/rand.c"

crypto/fipsmodule/evp/digestsign.c

@@ -57,7 +57,7 @@
 
 #include <openssl/err.h>
 
-#include "../../pqdsa/internal.h"
+#include "../pqdsa/internal.h"
 #include "../delocate.h"
 #include "../digest/internal.h"
 #include "internal.h"

crypto/fipsmodule/evp/evp_ctx.c

@@ -75,6 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
   out->methods[4] = EVP_PKEY_hmac_pkey_meth();
   out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
   out->methods[6] = EVP_PKEY_kem_pkey_meth();
+  out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
 }
 
 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

crypto/fipsmodule/evp/internal.h

@@ -381,8 +381,8 @@ typedef struct {
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
 #define ED25519_PUBLIC_KEY_OFFSET 32
-#define FIPS_EVP_PKEY_METHODS 7
-#define NON_FIPS_EVP_PKEY_METHODS 4
+#define FIPS_EVP_PKEY_METHODS 8
+#define NON_FIPS_EVP_PKEY_METHODS 3
 #define ASN1_EVP_PKEY_METHODS 10
 
 struct fips_evp_pkey_methods {