From 6d6127f97ee0ad6085a0c34f7b60094be30397ac Mon Sep 17 00:00:00 2001
From: Jake Massimo <jakemas@amazon.com>
Date: Thu, 20 Feb 2025 13:16:59 -0800
Subject: [PATCH] added failure mode test

---
 crypto/evp_extra/p_pqdsa_test.cc | 64 +++++++++++++++++---------------
 1 file changed, 35 insertions(+), 29 deletions(-)

diff --git a/crypto/evp_extra/p_pqdsa_test.cc b/crypto/evp_extra/p_pqdsa_test.cc
index 81cd7c45ff..813efc70bc 100644
--- a/crypto/evp_extra/p_pqdsa_test.cc
+++ b/crypto/evp_extra/p_pqdsa_test.cc
@@ -1615,6 +1615,35 @@ static bool DER_to_PEM(const uint8_t* der, size_t der_len,
   return true;
 }
 
+// Helper function that:
+// 1. Creates a BIO
+// 2. Reads the provided |pem_string| into bio
+// 3. Reads the PEM into DER encoding
+// 4. Returns the DER data and length
+static bool PEM_to_DER(const char* pem_str, uint8_t** out_der, long* out_der_len) {
+  char *name = nullptr;
+  char *header = nullptr;
+
+  // Create BIO from memory
+  bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem_str, strlen(pem_str)));
+  if (!bio) {
+    return false;
+  }
+
+  // Read PEM into DER
+  if (PEM_read_bio(bio.get(), &name, &header, out_der, out_der_len) <= 0) {
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(*out_der);
+    *out_der = nullptr;
+    return false;
+  }
+
+  OPENSSL_free(name);
+  OPENSSL_free(header);
+  return true;
+}
+
 TEST_P(PQDSAParameterTest, Marshalv2ParseSeed) {
   // ---- 1. Setup phase: generate a key ----
   int nid = GetParam().nid;
@@ -1675,6 +1704,12 @@ TEST_P(PQDSAParameterTest, Marshalv2ParseSeed) {
   OPENSSL_free(der);
   OPENSSL_free(der1);
   OPENSSL_free(pem);
+
+  // ---- 6. test failure modes ----
+  // Test case in which a parsed key does not contain a seed
+  seeded_pkey.get()->pkey.pqdsa_key->seed = nullptr;
+  ASSERT_TRUE(CBB_init(cbb1.get(), 0));
+  ASSERT_FALSE(EVP_marshal_private_key_v2(cbb1.get(), seeded_pkey.get()));
 }
 
 TEST_P(PQDSAParameterTest, SIGOperations) {
@@ -1799,35 +1834,6 @@ TEST_P(PQDSAParameterTest, ParsePublicKey) {
   ASSERT_TRUE(pkey_from_der);
 }
 
-// Helper function that:
-// 1. Creates a BIO
-// 2. Reads the provided |pem_string| into bio
-// 3. Reads the PEM into DER encoding
-// 4. Returns the DER data and length
-static bool PEM_to_DER(const char* pem_str, uint8_t** out_der, long* out_der_len) {
-  char *name = nullptr;
-  char *header = nullptr;
-
-  // Create BIO from memory
-  bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem_str, strlen(pem_str)));
-  if (!bio) {
-    return false;
-  }
-
-  // Read PEM into DER
-  if (PEM_read_bio(bio.get(), &name, &header, out_der, out_der_len) <= 0) {
-    OPENSSL_free(name);
-    OPENSSL_free(header);
-    OPENSSL_free(*out_der);
-    *out_der = nullptr;
-    return false;
-  }
-
-  OPENSSL_free(name);
-  OPENSSL_free(header);
-  return true;
-}
-
 TEST_P(PQDSAParameterTest, ParsePrivateKey) {
   // ---- 1. Setup phase: parse provided public/private from PEM strings ----
   CBS cbs_pub, cbs_priv;