#include <openssl/proverr.h>
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "prov/fipscommon.h"
+#include "prov/fipsindicator.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
unsigned char context_string[EDDSA_MAX_CONTEXT_STRING_LEN];
size_t context_string_len;
+ OSSL_FIPS_IND_DECLARE
} PROV_EDDSA_CTX;
static void *eddsa_newctx(void *provctx, const char *propq_unused)
return NULL;
peddsactx->libctx = PROV_LIBCTX_OF(provctx);
+ OSSL_FIPS_IND_INIT(peddsactx)
return peddsactx;
}
return 0;
}
+ OSSL_FIPS_IND_SET_APPROVED(peddsactx)
peddsactx->dom2_flag = 0;
peddsactx->prehash_flag = 0;
peddsactx->context_string_flag = 0;
return 1;
}
-int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
- size_t *siglen, size_t sigsize,
- const unsigned char *tbs, size_t tbslen)
+static int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
+ size_t *siglen, size_t sigsize,
+ const unsigned char *tbs, size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
return ret;
}
-int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
- size_t *siglen, size_t sigsize,
- const unsigned char *tbs, size_t tbslen)
+static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
+ size_t *siglen, size_t sigsize,
+ const unsigned char *tbs, size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
return 1;
}
-int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs,
- size_t tbslen)
+static int fips_check_verify(PROV_EDDSA_CTX *ctx)
+{
+#ifdef FIPS_MODULE
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+ ctx->libctx, "Verify", "EdDSA",
+ FIPS_eddsa_no_verify_digested))
+ return 0;
+#endif /* FIPS_MODULE */
+ return 1;
+}
+
+static int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
+ size_t siglen, const unsigned char *tbs,
+ size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
uint8_t md[EVP_MAX_MD_SIZE];
size_t mdlen;
- if (!ossl_prov_is_running() || siglen != ED25519_SIGSIZE)
+ if (!ossl_prov_is_running()
+ || siglen != ED25519_SIGSIZE
+ || !fips_check_verify(peddsactx))
return 0;
#ifdef S390X_EC_ASM
peddsactx->libctx, edkey->propq);
}
-int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs,
- size_t tbslen)
+static int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
+ size_t siglen, const unsigned char *tbs,
+ size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
uint8_t md[EDDSA_PREHASH_OUTPUT_LEN];
size_t mdlen = sizeof(md);
- if (!ossl_prov_is_running() || siglen != ED448_SIGSIZE)
+ if (!ossl_prov_is_running()
+ || siglen != ED448_SIGSIZE
+ || !fips_check_verify(peddsactx))
return 0;
#ifdef S390X_EC_ASM
peddsactx->aid_len))
return 0;
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(peddsactx, params))
+ return 0;
return 1;
}
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
+ OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
if (params == NULL)
return 1;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(peddsactx, OSSL_FIPS_IND_SETTABLE0, params,
+ OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED))
+ return 0;
+
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_INSTANCE);
if (p != NULL) {
char instance_name[OSSL_MAX_NAME_SIZE] = "";
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED)
OSSL_PARAM_END
};
projects / thirdparty / openssl.git / commitdiff
