From: Pauli Date: Wed, 14 Aug 2024 23:52:04 +0000 (+1000) Subject: Revert "fips: add no digested option to FIPS provider" X-Git-Tag: openssl-3.4.0-alpha1~122 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1b17245b6b56ad064fe10508d6192262a0a3b15;p=thirdparty%2Fopenssl.git Revert "fips: add no digested option to FIPS provider" This reverts commit 889277effb65b7f276e375cf0176c4c8597f4203. Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/25192) --- diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h index 7a11854ee6e..44e8c2ecf81 100644 --- a/providers/common/include/prov/fipscommon.h +++ b/providers/common/include/prov/fipscommon.h @@ -12,7 +12,6 @@ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); -int FIPS_eddsa_no_verify_digested(OSSL_LIB_CTX *libctx); int FIPS_no_short_mac(OSSL_LIB_CTX *libctx); int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx); diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index c5d1b5b4f30..1c38954a5a0 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -88,7 +88,6 @@ typedef struct fips_global_st { SELF_TEST_POST_PARAMS selftest_params; FIPS_OPTION fips_security_checks; FIPS_OPTION fips_tls1_prf_ems_check; - FIPS_OPTION fips_eddsa_no_verify_digested; FIPS_OPTION fips_no_short_mac; FIPS_OPTION fips_restricted_drgb_digests; FIPS_OPTION fips_signature_digest_check; @@ -128,7 +127,6 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) return NULL; init_fips_option(&fgbl->fips_security_checks, 1); init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */ - init_fips_option(&fgbl->fips_eddsa_no_verify_digested, 0); init_fips_option(&fgbl->fips_no_short_mac, 1); init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); init_fips_option(&fgbl->fips_signature_digest_check, 0); @@ -217,7 +215,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters. */ - OSSL_PARAM core_params[30], *p = core_params; + OSSL_PARAM core_params[29], *p = core_params; /* FIPS self test params */ #define FIPS_FEATURE_SELF_TEST(fgbl, pname, field) \ @@ -243,8 +241,6 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) fips_security_checks); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK, fips_tls1_prf_ems_check); - FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_EDDSA_NO_VERIFY_DIGESTED, - fips_eddsa_no_verify_digested); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC, fips_no_short_mac); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST, @@ -336,8 +332,6 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) fips_security_checks); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, fips_tls1_prf_ems_check); - FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_EDDSA_NO_VERIFY_DIGESTED, - fips_eddsa_no_verify_digested); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_NO_SHORT_MAC, fips_no_short_mac); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, @@ -917,7 +911,6 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, FIPS_SET_OPTION(fgbl, fips_security_checks); FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check); - FIPS_SET_OPTION(fgbl, fips_eddsa_no_verify_digested); FIPS_SET_OPTION(fgbl, fips_no_short_mac); FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests); FIPS_SET_OPTION(fgbl, fips_signature_digest_check); @@ -1140,7 +1133,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) FIPS_FEATURE_CHECK(FIPS_security_check_enabled, fips_security_checks) FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check) -FIPS_FEATURE_CHECK(FIPS_eddsa_no_verify_digested, fips_eddsa_no_verify_digested) FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac) FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled, fips_restricted_drgb_digests)