Change FIPS self tests to use EVP_PKEY_sign/verify API.

Self tests no longer use the EVP_DigestSign/Verify API's.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)

providers/fips/self_test_data.inc

@@ -56,7 +56,7 @@ typedef struct st_kat_st {
 /* FIPS 140-3 only allows DSA verification for legacy purposes */
 #define SIGNATURE_MODE_VERIFY_ONLY 1
 #define SIGNATURE_MODE_SIGN_ONLY   2
-#define SIGNATURE_MODE_ONESHOT     4
+#define SIGNATURE_MODE_DIGESTED    4
 
 typedef ST_KAT ST_KAT_DIGEST;
 typedef struct st_kat_cipher_st {
@@ -117,8 +117,8 @@ typedef struct st_kat_kas_st {
 
 typedef struct st_kat_sign_st {
     const char *desc;
-    const char *algorithm;
-    const char *mdalgorithm;
+    const char *keytype;
+    const char *sigalgorithm;
     int mode;
     const ST_KAT_PARAM *key;
     const unsigned char *msg;
@@ -1651,7 +1651,7 @@ static const unsigned char sig_kat_persstr[] = {
 static const ST_KAT_SIGN st_kat_sign_tests[] = {
     {
         OSSL_SELF_TEST_DESC_SIGN_RSA,
-        "RSA", "SHA-256", 0,
+        "RSA", "RSA-SHA256", 0,
         rsa_crt_key,
         ITM_STR(rsa_sig_msg),
         ITM(sig_kat_entropyin),
@@ -1662,7 +1662,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
 #ifndef OPENSSL_NO_EC
     {
         OSSL_SELF_TEST_DESC_SIGN_ECDSA,
-        "EC", "SHA-256", 0,
+        "EC", "ECDSA-SHA256", 0,
         ecdsa_prime_key,
         ITM_STR(rsa_sig_msg),
         ITM(sig_kat_entropyin),
@@ -1673,7 +1673,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
 # ifndef OPENSSL_NO_EC2M
     {
         OSSL_SELF_TEST_DESC_SIGN_ECDSA,
-        "EC", "SHA-256", 0,
+        "EC", "ECDSA-SHA256", 0,
         ecdsa_bin_key,
         ITM_STR(rsa_sig_msg),
         ITM(sig_kat_entropyin),
@@ -1685,7 +1685,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
 # ifndef OPENSSL_NO_ECX
     {
         OSSL_SELF_TEST_DESC_SIGN_EDDSA,
-        "ED448", NULL, SIGNATURE_MODE_ONESHOT,
+        "ED448", "ED448", 0,
         ed448_key,
         ITM(ecx_sig_msg),
         NULL, 0, NULL, 0, NULL, 0,
@@ -1693,7 +1693,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
     },
     {
         OSSL_SELF_TEST_DESC_SIGN_EDDSA,
-        "ED25519", NULL, SIGNATURE_MODE_ONESHOT,
+        "ED25519", "ED25519", 0,
         ed25519_key,
         ITM(ecx_sig_msg),
         NULL, 0, NULL, 0, NULL, 0,
@@ -1704,7 +1704,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
 #ifndef OPENSSL_NO_DSA
     {
         OSSL_SELF_TEST_DESC_SIGN_DSA,
-        "DSA", "SHA-256", SIGNATURE_MODE_VERIFY_ONLY,
+        "DSA", "DSA-SHA256", SIGNATURE_MODE_VERIFY_ONLY,
         dsa_key,
         ITM_STR(rsa_sig_msg),
         ITM(sig_kat_entropyin),

providers/fips/self_test_kats.c

@@ -452,15 +452,19 @@ static int self_test_digest_sign(const ST_KAT_SIGN *t,
     int ret = 0;
     OSSL_PARAM *paramskey = NULL, *paramsinit = NULL;
     OSSL_PARAM_BLD *bldkey = NULL, *bldinit = NULL;
-    EVP_MD_CTX *mctx = NULL;
+    EVP_SIGNATURE *sigalg = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY_CTX *fromctx = NULL;
     EVP_PKEY *pkey = NULL;
     unsigned char sig[256];
     BN_CTX *bnctx = NULL;
     size_t siglen = sizeof(sig);
-    int oneshot = 0;
+    int digested = 0;
     const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
 
+    if (t->sig_expected_len > sizeof(sig))
+        goto err;
+
     if (t->sig_expected == NULL)
         typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
 
@@ -481,71 +485,69 @@ static int self_test_digest_sign(const ST_KAT_SIGN *t,
     if (bldkey == NULL || bldinit == NULL)
         goto err;
 
-    if (!add_params(bldkey, t->key, bnctx))
-        goto err;
-    if (!add_params(bldinit, t->init, bnctx))
+    if (!add_params(bldkey, t->key, bnctx)
+            || !add_params(bldinit, t->init, bnctx))
         goto err;
     paramskey = OSSL_PARAM_BLD_to_param(bldkey);
     paramsinit = OSSL_PARAM_BLD_to_param(bldinit);
 
-    fromctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
+    fromctx = EVP_PKEY_CTX_new_from_name(libctx, t->keytype, NULL);
     if (fromctx == NULL
-        || paramskey == NULL
-        || paramsinit == NULL)
+            || paramskey == NULL
+            || paramsinit == NULL)
         goto err;
     if (EVP_PKEY_fromdata_init(fromctx) <= 0
-        || EVP_PKEY_fromdata(fromctx, &pkey, EVP_PKEY_KEYPAIR, paramskey) <= 0)
+            || EVP_PKEY_fromdata(fromctx, &pkey, EVP_PKEY_KEYPAIR, paramskey) <= 0)
         goto err;
 
-    mctx = EVP_MD_CTX_new();
-    if (mctx == NULL)
+    sigalg = EVP_SIGNATURE_fetch(libctx, t->sigalgorithm, NULL);
+    if (sigalg == NULL)
+        goto err;
+    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+    if (ctx == NULL)
         goto err;
 
-    oneshot = ((t->mode & SIGNATURE_MODE_ONESHOT) != 0);
+    digested = ((t->mode & SIGNATURE_MODE_DIGESTED) != 0);
 
     if ((t->mode & SIGNATURE_MODE_VERIFY_ONLY) != 0) {
         memcpy(sig, t->sig_expected, t->sig_expected_len);
         siglen = t->sig_expected_len;
     } else {
-        if (EVP_DigestSignInit_ex(mctx, NULL, t->mdalgorithm, libctx, NULL,
-                                  pkey, paramsinit) <= 0)
-            goto err;
-
-        if (oneshot) {
-            if (EVP_DigestSign(mctx, sig, &siglen, t->msg, t->msg_len) <= 0)
+        if (digested) {
+            if (EVP_PKEY_sign_init_ex2(ctx, sigalg, paramsinit) <= 0)
                 goto err;
         } else {
-            if (EVP_DigestSignUpdate(mctx, t->msg, t->msg_len) <= 0
-                    || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0)
+            if (EVP_PKEY_sign_message_init(ctx, sigalg, paramsinit) <= 0)
                 goto err;
         }
+        if (EVP_PKEY_sign(ctx, sig, &siglen, t->msg, t->msg_len) <= 0)
+            goto err;
 
         if (t->sig_expected != NULL
-            && (siglen != t->sig_expected_len
-                || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
+                && (siglen != t->sig_expected_len
+                    || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
             goto err;
     }
 
     if ((t->mode & SIGNATURE_MODE_SIGN_ONLY) == 0) {
-        if (EVP_DigestVerifyInit_ex(mctx, NULL, t->mdalgorithm, libctx, NULL,
-                                    pkey, paramsinit) <= 0)
-            goto err;
-        OSSL_SELF_TEST_oncorrupt_byte(st, sig);
-        if (oneshot) {
-            if (EVP_DigestVerify(mctx, sig, siglen, t->msg, t->msg_len) <= 0)
+        if (digested) {
+            if (EVP_PKEY_verify_init_ex2(ctx, sigalg, NULL) <= 0)
                 goto err;
         } else {
-            if (EVP_DigestVerifyUpdate(mctx, t->msg, t->msg_len) <= 0
-                    || EVP_DigestVerifyFinal(mctx, sig, siglen) <= 0)
+            if (EVP_PKEY_verify_message_init(ctx, sigalg, NULL) <= 0)
                 goto err;
         }
+        OSSL_SELF_TEST_oncorrupt_byte(st, sig);
+        if (EVP_PKEY_verify(ctx, sig, siglen, t->msg, t->msg_len) <= 0)
+            goto err;
     }
     ret = 1;
 err:
     BN_CTX_free(bnctx);
     EVP_PKEY_free(pkey);
     EVP_PKEY_CTX_free(fromctx);
-    EVP_MD_CTX_free(mctx);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_SIGNATURE_free(sigalg);
     OSSL_PARAM_free(paramskey);
     OSSL_PARAM_free(paramsinit);
     OSSL_PARAM_BLD_free(bldkey);