Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only

author Tomas Mraz <tomas@openssl.org>

Wed, 14 Aug 2024 15:36:56 +0000 (17:36 +0200)

committer Neil Horman <nhorman@openssl.org>

Wed, 14 Aug 2024 18:52:47 +0000 (14:52 -0400)
author Tomas Mraz <tomas@openssl.org>
Wed, 14 Aug 2024 15:36:56 +0000 (17:36 +0200)
committer Neil Horman <nhorman@openssl.org>
Wed, 14 Aug 2024 18:52:47 +0000 (14:52 -0400)
diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c

index 9966e96e1556ffa3e577769829279e9f7d6f947f..223338b420787d772e858289790c915b1e399dc4 100644 (file)
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -383,9 +383,10 @@ static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
  static int fips_check_verify(PROV_EDDSA_CTX *ctx)
  {
  #ifdef FIPS_MODULE
-    if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
-                                     ctx->libctx, "Verify", "EdDSA",
-                                     FIPS_eddsa_no_verify_digested))
+    if (ctx->prehash_flag
+        && !OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+                                        ctx->libctx, "Verify", "EdDSA",
+                                        FIPS_eddsa_no_verify_digested))
          return 0;
  #endif  /* FIPS_MODULE */
      return 1;
author	Tomas Mraz <tomas@openssl.org>
	Wed, 14 Aug 2024 15:36:56 +0000 (17:36 +0200)
committer	Neil Horman <nhorman@openssl.org>
	Wed, 14 Aug 2024 18:52:47 +0000 (14:52 -0400)