From: Pauli Date: Wed, 13 Aug 2025 03:00:12 +0000 (+1000) Subject: ecdsa sig: make indicator parameter conditional on FIPS X-Git-Tag: openssl-3.6.0-alpha1~106 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecc3491d536c53668519216eea0c3480053268ce;p=thirdparty%2Fopenssl.git ecdsa sig: make indicator parameter conditional on FIPS Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28243) --- diff --git a/providers/implementations/signature/ecdsa_sig.c.in b/providers/implementations/signature/ecdsa_sig.c.in index 4c18f495d69..6fd3bed09fe 100644 --- a/providers/implementations/signature/ecdsa_sig.c.in +++ b/providers/implementations/signature/ecdsa_sig.c.in @@ -680,8 +680,8 @@ static void *ecdsa_dupctx(void *vctx) ['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'], ['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], - ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint'], - ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint', 'fips'], + ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], )); -} static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) @@ -730,9 +730,13 @@ struct ecdsa_all_set_ctx_params_st { OSSL_PARAM *digest; /* ecdsa_set_ctx_params */ OSSL_PARAM *propq; /* ecdsa_set_ctx_params */ OSSL_PARAM *size; /* ecdsa_set_ctx_params */ +#ifdef FIPS_MODULE OSSL_PARAM *ind_d; OSSL_PARAM *ind_k; +#endif +#if !defined(OPENSSL_NO_ACVP_TESTS) OSSL_PARAM *kat; +#endif OSSL_PARAM *nonce; OSSL_PARAM *sig; /* ecdsa_sigalg_set_ctx_params */ }; @@ -768,10 +772,11 @@ static int ecdsa_common_set_ctx_params(PROV_ECDSA_CTX *ctx, (['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], ['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'], ['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'], - ['SIGNATURE_PARAM_KAT', 'kat', 'uint'], + ['SIGNATURE_PARAM_KAT', 'kat', 'uint', + "#if !defined(OPENSSL_NO_ACVP_TESTS)"], ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], - ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], - ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], )); -} static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -956,10 +961,11 @@ static const char **ecdsa_sigalg_query_key_types(void) {- produce_param_decoder('ecdsa_sigalg_set_ctx_params', (['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'], - ['SIGNATURE_PARAM_KAT', 'kat', 'uint'], + ['SIGNATURE_PARAM_KAT', 'kat', 'uint', + "#if !defined(OPENSSL_NO_ACVP_TESTS)"], ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], - ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], - ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], )); -} static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,