Revert "fips: add no digested option to FIPS provider"

author Pauli <ppzgs1@gmail.com>

Wed, 14 Aug 2024 23:52:04 +0000 (09:52 +1000)

committer Pauli <ppzgs1@gmail.com>

Fri, 16 Aug 2024 01:34:22 +0000 (11:34 +1000)
author Pauli <ppzgs1@gmail.com>
Wed, 14 Aug 2024 23:52:04 +0000 (09:52 +1000)
committer Pauli <ppzgs1@gmail.com>
Fri, 16 Aug 2024 01:34:22 +0000 (11:34 +1000)
diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h

index 7a11854ee6e481aeea91c3c91b9bfe59f3c09e44..44e8c2ecf81b03dce20522afa5469115bb6ca0b3 100644 (file)
--- a/providers/common/include/prov/fipscommon.h
+++ b/providers/common/include/prov/fipscommon.h
@@ -12,7 +12,6 @@
  
  int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
  int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
-int FIPS_eddsa_no_verify_digested(OSSL_LIB_CTX *libctx);
  int FIPS_no_short_mac(OSSL_LIB_CTX *libctx);
  int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
  int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx);
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c

index c5d1b5b4f305dceef72e6ffa21d2668dcbab9806..1c38954a5a0a719f731db5de57ddc49669184d7a 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -88,7 +88,6 @@ typedef struct fips_global_st {
      SELF_TEST_POST_PARAMS selftest_params;
      FIPS_OPTION fips_security_checks;
      FIPS_OPTION fips_tls1_prf_ems_check;
-    FIPS_OPTION fips_eddsa_no_verify_digested;
      FIPS_OPTION fips_no_short_mac;
      FIPS_OPTION fips_restricted_drgb_digests;
      FIPS_OPTION fips_signature_digest_check;
@@ -128,7 +127,6 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
          return NULL;
      init_fips_option(&fgbl->fips_security_checks, 1);
      init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
-    init_fips_option(&fgbl->fips_eddsa_no_verify_digested, 0);
      init_fips_option(&fgbl->fips_no_short_mac, 1);
      init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
      init_fips_option(&fgbl->fips_signature_digest_check, 0);
@@ -217,7 +215,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
      * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
      * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
      */
-    OSSL_PARAM core_params[30], *p = core_params;
+    OSSL_PARAM core_params[29], *p = core_params;
  
  /* FIPS self test params */
  #define FIPS_FEATURE_SELF_TEST(fgbl, pname, field)                             \
@@ -243,8 +241,6 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
                          fips_security_checks);
      FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
                          fips_tls1_prf_ems_check);
-    FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_EDDSA_NO_VERIFY_DIGESTED,
-                        fips_eddsa_no_verify_digested);
      FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC,
                          fips_no_short_mac);
      FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST,
@@ -336,8 +332,6 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
                       fips_security_checks);
      FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK,
                       fips_tls1_prf_ems_check);
-    FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_EDDSA_NO_VERIFY_DIGESTED,
-                     fips_eddsa_no_verify_digested);
      FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_NO_SHORT_MAC,
                       fips_no_short_mac);
      FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST,
@@ -917,7 +911,6 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
  
      FIPS_SET_OPTION(fgbl, fips_security_checks);
      FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check);
-    FIPS_SET_OPTION(fgbl, fips_eddsa_no_verify_digested);
      FIPS_SET_OPTION(fgbl, fips_no_short_mac);
      FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests);
      FIPS_SET_OPTION(fgbl, fips_signature_digest_check);
@@ -1140,7 +1133,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
  
  FIPS_FEATURE_CHECK(FIPS_security_check_enabled, fips_security_checks)
  FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check)
-FIPS_FEATURE_CHECK(FIPS_eddsa_no_verify_digested, fips_eddsa_no_verify_digested)
  FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac)
  FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled,
                     fips_restricted_drgb_digests)
author	Pauli <ppzgs1@gmail.com>
	Wed, 14 Aug 2024 23:52:04 +0000 (09:52 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Fri, 16 Aug 2024 01:34:22 +0000 (11:34 +1000)
providers/common/include/prov/fipscommon.h		patch \| blob \| blame \| history
providers/fips/fipsprov.c		patch \| blob \| blame \| history