diff options
author | Tomas Mraz <tomas@openssl.org> | 2024-08-14 17:36:56 +0200 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-08-14 14:52:47 -0400 |
commit | ca112fccdd34a8538f14ddf8c3569b8331eae357 (patch) | |
tree | 9fb26732df8073e4330d8b28d6e5514a6e345934 | |
parent | 096a54ee45d6dc1f68989c0bcf86855b42fab822 (diff) |
Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25188)
-rw-r--r-- | providers/implementations/signature/eddsa_sig.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c index 9966e96e15..223338b420 100644 --- a/providers/implementations/signature/eddsa_sig.c +++ b/providers/implementations/signature/eddsa_sig.c @@ -383,9 +383,10 @@ static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, static int fips_check_verify(PROV_EDDSA_CTX *ctx) { #ifdef FIPS_MODULE - if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, - ctx->libctx, "Verify", "EdDSA", - FIPS_eddsa_no_verify_digested)) + if (ctx->prehash_flag + && !OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, + ctx->libctx, "Verify", "EdDSA", + FIPS_eddsa_no_verify_digested)) return 0; #endif /* FIPS_MODULE */ return 1; |