From: Igor Ustinov <igus68@gmail.com>
Date: Thu, 6 Nov 2025 20:25:41 +0000 (+0100)
Subject: Remove Ed25519ctx from the FIPS provider
X-Git-Tag: 3.5-PRE-CLANG-FORMAT-WEBKIT~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b67b76a187f1705e642ed284d02ecda222a3b01;p=thirdparty%2Fopenssl.git

Remove Ed25519ctx from the FIPS provider

This variant of Ed25519 algorithm is not FIPS approved.

Fixes #27502

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29091)

(cherry picked from commit f95dfe09504f5cd9d054ee3b75d9dde4d6e24636)
---

diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod
index 924f254aad0..559968664e1 100644
--- a/doc/man7/EVP_SIGNATURE-ED25519.pod
+++ b/doc/man7/EVP_SIGNATURE-ED25519.pod
@@ -134,6 +134,9 @@ since version 1.1.1.
 Valid algorithm names are B<ed25519>, B<ed448> and B<eddsa>. If B<eddsa> is
 specified, then both Ed25519 and Ed448 are benchmarked.
 
+Since Ed25519ctx is not included in FIPS 186-5, it is not present
+in the FIPS provider.
+
 =head1 EXAMPLES
 
 To sign a message using an ED25519 EVP_PKEY structure:
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index e260b5b6652..0d31e8391d0 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -473,8 +473,6 @@ static const OSSL_ALGORITHM fips_signature[] = {
       ossl_ed25519_signature_functions },
     { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES,
       ossl_ed25519ph_signature_functions },
-    { PROV_NAMES_ED25519ctx, FIPS_DEFAULT_PROPERTIES,
-      ossl_ed25519ctx_signature_functions },
     { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES,
       ossl_ed448_signature_functions },
     { PROV_NAMES_ED448ph, FIPS_DEFAULT_PROPERTIES,
diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c
index 28b17eab93f..d5843c5e237 100644
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -191,6 +191,7 @@ static int eddsa_setup_instance(void *vpeddsactx, int instance_id,
         peddsactx->prehash_flag = 0;
         peddsactx->context_string_flag = 0;
         break;
+#ifndef FIPS_MODULE
     case ID_Ed25519ctx:
         if (peddsactx->key->type != ECX_KEY_TYPE_ED25519)
             return 0;
@@ -198,6 +199,7 @@ static int eddsa_setup_instance(void *vpeddsactx, int instance_id,
         peddsactx->prehash_flag = 0;
         peddsactx->context_string_flag = 1;
         break;
+#endif
     case ID_Ed25519ph:
         if (peddsactx->key->type != ECX_KEY_TYPE_ED25519)
             return 0;
@@ -855,9 +857,11 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[])
         if (OPENSSL_strcasecmp(pinstance_name, SN_Ed25519) == 0) {
             eddsa_setup_instance(peddsactx, ID_Ed25519, 0,
                                  peddsactx->prehash_by_caller_flag);
+#ifndef FIPS_MODULE
         } else if (OPENSSL_strcasecmp(pinstance_name, SN_Ed25519ctx) == 0) {
             eddsa_setup_instance(peddsactx, ID_Ed25519ctx, 0,
                                  peddsactx->prehash_by_caller_flag);
+#endif
         } else if (OPENSSL_strcasecmp(pinstance_name, SN_Ed25519ph) == 0) {
             eddsa_setup_instance(peddsactx, ID_Ed25519ph, 0,
                                  peddsactx->prehash_by_caller_flag);
@@ -869,6 +873,10 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[])
                                  peddsactx->prehash_by_caller_flag);
         } else {
             /* we did not recognize the instance */
+            ERR_raise_data(ERR_LIB_PROV,
+                           PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION,
+                           "unknown INSTANCE name: %s",
+                           pinstance_name != NULL ? pinstance_name : "<null>");
             return 0;
         }
 
diff --git a/test/recipes/30-test_evp_data/evppkey_ecx.txt b/test/recipes/30-test_evp_data/evppkey_ecx.txt
index e40141c34fe..15881618aa3 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecx.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecx.txt
@@ -702,7 +702,7 @@ PublicKeyRaw = EDDSA-TV-6-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-6-Raw:EDDSA-TV-6-PUBLIC-Raw
 
-FIPSversion = >=3.2.0
+Availablein = default
 OneShotDigestSign = NULL
 Key = EDDSA-TV-6-Raw
 Input = f726936d19c800494e3fdaff20b276a8
@@ -718,7 +718,7 @@ PublicKeyRaw = EDDSA-TV-7-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-7-Raw:EDDSA-TV-7-PUBLIC-Raw
 
-FIPSversion = >=3.2.0
+Availablein = default
 OneShotDigestSign = NULL
 Key = EDDSA-TV-7-Raw
 Input = f726936d19c800494e3fdaff20b276a8
@@ -734,7 +734,7 @@ PublicKeyRaw = EDDSA-TV-8-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-8-Raw:EDDSA-TV-8-PUBLIC-Raw
 
-FIPSversion = >=3.2.0
+Availablein = default
 OneShotDigestSign = NULL
 Key = EDDSA-TV-8-Raw
 Input = 508e9e6882b979fea900f62adceaca35
@@ -750,7 +750,7 @@ PublicKeyRaw = EDDSA-TV-9-PUBLIC-Raw:ED25519:0f1d1274943b91415889152e893d80e9327
 
 PrivPubKeyPair = EDDSA-TV-9-Raw:EDDSA-TV-9-PUBLIC-Raw
 
-FIPSversion = >=3.2.0
+Availablein = default
 OneShotDigestSign = NULL
 Key = EDDSA-TV-9-Raw
 Input = f726936d19c800494e3fdaff20b276a8
diff --git a/test/recipes/30-test_evp_data/evppkey_ecx_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_ecx_sigalg.txt
index cb3e6249ce5..afeb0242d16 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecx_sigalg.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecx_sigalg.txt
@@ -430,7 +430,7 @@ PublicKeyRaw = EDDSA-TV-6-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-6-Raw:EDDSA-TV-6-PUBLIC-Raw
 
-FIPSversion = >=3.4.0
+Availablein = default
 Sign-Message = ED25519ctx:EDDSA-TV-6-Raw
 Input = f726936d19c800494e3fdaff20b276a8
 Ctrl = hexcontext-string:666f6f
@@ -444,7 +444,7 @@ PublicKeyRaw = EDDSA-TV-7-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-7-Raw:EDDSA-TV-7-PUBLIC-Raw
 
-FIPSversion = >=3.4.0
+Availablein = default
 Sign-Message = Ed25519ctx:EDDSA-TV-7-Raw
 Input = f726936d19c800494e3fdaff20b276a8
 Ctrl = hexcontext-string:626172
@@ -458,7 +458,7 @@ PublicKeyRaw = EDDSA-TV-8-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed68
 
 PrivPubKeyPair = EDDSA-TV-8-Raw:EDDSA-TV-8-PUBLIC-Raw
 
-FIPSversion = >=3.4.0
+Availablein = default
 Sign-Message = Ed25519ctx:EDDSA-TV-8-Raw
 Input = 508e9e6882b979fea900f62adceaca35
 Ctrl = hexcontext-string:666f6f
@@ -472,7 +472,7 @@ PublicKeyRaw = EDDSA-TV-9-PUBLIC-Raw:ED25519:0f1d1274943b91415889152e893d80e9327
 
 PrivPubKeyPair = EDDSA-TV-9-Raw:EDDSA-TV-9-PUBLIC-Raw
 
-FIPSversion = >=3.4.0
+Availablein = default
 Sign-Message = Ed25519ctx:EDDSA-TV-9-Raw
 Input = f726936d19c800494e3fdaff20b276a8
 Ctrl = hexcontext-string:666f6f