Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25188)
author: Tomas Mraz <tomas@openssl.org> 2024-08-14 17:36:56 +0200
committer: Neil Horman <nhorman@openssl.org> 2024-08-14 14:52:47 -0400
commit: ca112fccdd34a8538f14ddf8c3569b8331eae357 (patch)
tree: 9fb26732df8073e4330d8b28d6e5514a6e345934
parent: 096a54ee45d6dc1f68989c0bcf86855b42fab822 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c
index 9966e96e15..223338b420 100644
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -383,9 +383,10 @@ static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
 static int fips_check_verify(PROV_EDDSA_CTX *ctx)
 {
 #ifdef FIPS_MODULE
-    if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
-                                     ctx->libctx, "Verify", "EdDSA",
-                                     FIPS_eddsa_no_verify_digested))
+    if (ctx->prehash_flag
+        && !OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
+                                        ctx->libctx, "Verify", "EdDSA",
+                                        FIPS_eddsa_no_verify_digested))
         return 0;
 #endif  /* FIPS_MODULE */
     return 1;
author	Tomas Mraz <tomas@openssl.org>	2024-08-14 17:36:56 +0200
committer	Neil Horman <nhorman@openssl.org>	2024-08-14 14:52:47 -0400
commit	ca112fccdd34a8538f14ddf8c3569b8331eae357 (patch)
tree	9fb26732df8073e4330d8b28d6e5514a6e345934
parent	096a54ee45d6dc1f68989c0bcf86855b42fab822 (diff)