From 7de4770234582c9e95ea78e5a9ee51cce01faa1d Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 15 Aug 2024 09:51:08 +1000 Subject: [PATCH] Revert "EdDSA: disallow verification from a pregenerated hash when in FIPS" This reverts commit 2d759937e2ee78c27c83f1433f79b33256ab1a39. Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/25192) --- .../implementations/signature/eddsa_sig.c | 56 +++++-------------- 1 file changed, 14 insertions(+), 42 deletions(-) diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c index 9966e96e155..8594af39e14 100644 --- a/providers/implementations/signature/eddsa_sig.c +++ b/providers/implementations/signature/eddsa_sig.c @@ -16,8 +16,6 @@ #include #include "internal/nelem.h" #include "internal/sizes.h" -#include "prov/fipscommon.h" -#include "prov/fipsindicator.h" #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" @@ -144,7 +142,6 @@ typedef struct { unsigned char context_string[EDDSA_MAX_CONTEXT_STRING_LEN]; size_t context_string_len; - OSSL_FIPS_IND_DECLARE } PROV_EDDSA_CTX; static void *eddsa_newctx(void *provctx, const char *propq_unused) @@ -159,7 +156,6 @@ static void *eddsa_newctx(void *provctx, const char *propq_unused) return NULL; peddsactx->libctx = PROV_LIBCTX_OF(provctx); - OSSL_FIPS_IND_INIT(peddsactx) return peddsactx; } @@ -193,7 +189,6 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, return 0; } - OSSL_FIPS_IND_SET_APPROVED(peddsactx) peddsactx->dom2_flag = 0; peddsactx->prehash_flag = 0; peddsactx->context_string_flag = 0; @@ -237,9 +232,9 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, return 1; } -static int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, size_t tbslen) +int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -323,9 +318,9 @@ static int ed448_shake256(OSSL_LIB_CTX *libctx, return ret; } -static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, size_t tbslen) +int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -380,29 +375,16 @@ static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, return 1; } -static int fips_check_verify(PROV_EDDSA_CTX *ctx) -{ -#ifdef FIPS_MODULE - if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, - ctx->libctx, "Verify", "EdDSA", - FIPS_eddsa_no_verify_digested)) - return 0; -#endif /* FIPS_MODULE */ - return 1; -} - -static int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) +int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; uint8_t md[EVP_MAX_MD_SIZE]; size_t mdlen; - if (!ossl_prov_is_running() - || siglen != ED25519_SIGSIZE - || !fips_check_verify(peddsactx)) + if (!ossl_prov_is_running() || siglen != ED25519_SIGSIZE) return 0; #ifdef S390X_EC_ASM @@ -430,18 +412,16 @@ static int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig, peddsactx->libctx, edkey->propq); } -static int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) +int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; uint8_t md[EDDSA_PREHASH_OUTPUT_LEN]; size_t mdlen = sizeof(md); - if (!ossl_prov_is_running() - || siglen != ED448_SIGSIZE - || !fips_check_verify(peddsactx)) + if (!ossl_prov_is_running() || siglen != ED448_SIGSIZE) return 0; #ifdef S390X_EC_ASM @@ -515,8 +495,6 @@ static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params) peddsactx->aid_len)) return 0; - if (!OSSL_FIPS_IND_GET_CTX_PARAM(peddsactx, params)) - return 0; return 1; } @@ -524,7 +502,6 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0), OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0), - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() OSSL_PARAM_END }; @@ -544,10 +521,6 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[]) if (params == NULL) return 1; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(peddsactx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_INSTANCE); if (p != NULL) { char instance_name[OSSL_MAX_NAME_SIZE] = ""; @@ -607,7 +580,6 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[]) static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0), OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED) OSSL_PARAM_END }; -- 2.47.2