openssl3/contribs10/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch

From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 15 Jul 2022 17:45:40 +0200
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test

In review for FIPS 140-3, the lack of a self-test for the digest_sign
and digest_verify provider functions was highlighted as a problem. NIST
no longer provides ACVP tests for the RSA SigVer primitive (see
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
recommends the use of functions that compute the digest and signature
within the module, we have been advised in our module review that the
self tests should also use the combined digest and signature APIs, i.e.
the digest_sign and digest_verify provider functions.

Modify the signature self-test to use these instead by switching to
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.

Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 crypto/evp/m_sigver.c           | 43 +++++++++++++++++++++++++++------
 providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
 2 files changed, 56 insertions(+), 24 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index db1a1d7bc3..c94c3c53bd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
     ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
     return 0;
 }
+#endif /* !defined(FIPS_MODULE) */
 
 /*
  * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         reinit = 0;
         if (e == NULL)
             ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
+#ifndef FIPS_MODULE
         else
             ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+#endif /* !defined(FIPS_MODULE) */
     }
     if (ctx->pctx == NULL)
         return 0;
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     locpctx = ctx->pctx;
     ERR_set_mark();
 
+#ifndef FIPS_MODULE
     if (evp_pkey_ctx_is_legacy(locpctx))
         goto legacy;
+#endif /* !defined(FIPS_MODULE) */
 
     /* do not reinitialize if pkey is set or operation is different */
     if (reinit
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             signature =
                 evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
                                               supported_sig, locpctx->propquery);
+#ifndef FIPS_MODULE
             if (signature == NULL)
                 goto legacy;
+#endif /* !defined(FIPS_MODULE) */
             break;
         }
         if (signature == NULL)
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
             if (ctx->fetched_digest != NULL) {
                 ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+#ifndef FIPS_MODULE
             } else {
                 /* legacy engine support : remove the mark when this is deleted */
                 ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                     ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
                     goto err;
                 }
+#endif /* !defined(FIPS_MODULE) */
             }
             (void)ERR_pop_to_mark();
         }
     }
 
+#ifndef FIPS_MODULE
     if (ctx->reqdigest != NULL
             && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
             && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             goto err;
         }
     }
+#endif /* !defined(FIPS_MODULE) */
 
     if (ver) {
         if (signature->digest_verify_init == NULL) {
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     EVP_KEYMGMT_free(tmp_keymgmt);
     return 0;
 
+#ifndef FIPS_MODULE
  legacy:
     /*
      * If we don't have the full support we need with provided methods,
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         ctx->pctx->flag_call_digest_custom = 1;
 
     ret = 1;
+#endif /* !defined(FIPS_MODULE) */
 
  end:
 #ifndef FIPS_MODULE
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
                           NULL);
 }
-#endif /* FIPS_MDOE */
 
 int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
 {
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
     return EVP_DigestUpdate(ctx, data, dsize);
 }
 
-#ifndef FIPS_MODULE
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                         size_t *siglen)
 {
-    int sctx = 0, r = 0;
-    EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+    int r = 0;
+#ifndef FIPS_MODULE
+    int sctx = 0;
+    EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+    EVP_PKEY_CTX *pctx = ctx->pctx;
 
+#ifndef FIPS_MODULE
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_SIGNCTX
             || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
+#endif /* !defined(FIPS_MODULE) */
 
     if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
         return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                          sigret, siglen,
                                                          sigret == NULL ? 0 : *siglen);
+#ifndef FIPS_MODULE
     dctx = EVP_PKEY_CTX_dup(pctx);
     if (dctx == NULL)
         return 0;
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                                   sigret, siglen,
                                                   *siglen);
     EVP_PKEY_CTX_free(dctx);
+#endif /* defined(FIPS_MODULE) */
     return r;
 
+#ifndef FIPS_MODULE
  legacy:
     if (pctx == NULL || pctx->pmeth == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
         }
     }
     return 1;
+#endif /* !defined(FIPS_MODULE) */
 }
 
 int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
                           size_t siglen)
 {
-    unsigned char md[EVP_MAX_MD_SIZE];
     int r = 0;
+#ifndef FIPS_MODULE
+    unsigned char md[EVP_MAX_MD_SIZE];
     unsigned int mdlen = 0;
     int vctx = 0;
-    EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+    EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+    EVP_PKEY_CTX *pctx = ctx->pctx;
 
+#ifndef FIPS_MODULE
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_VERIFYCTX
             || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
+#endif /* !defined(FIPS_MODULE) */
 
     if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
         return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
                                                            sig, siglen);
+#ifndef FIPS_MODULE
     dctx = EVP_PKEY_CTX_dup(pctx);
     if (dctx == NULL)
         return 0;
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
     r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
                                                     sig, siglen);
     EVP_PKEY_CTX_free(dctx);
+#endif /* !defined(FIPS_MODULE) */
     return r;
 
+#ifndef FIPS_MODULE
  legacy:
     if (pctx == NULL || pctx->pmeth == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
     if (vctx || !r)
         return r;
     return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
+#endif /* !defined(FIPS_MODULE) */
 }
 
 int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
         return -1;
     return EVP_DigestVerifyFinal(ctx, sigret, siglen);
 }
-#endif /* FIPS_MODULE */
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
     int ret = 0;
     OSSL_PARAM *params = NULL, *params_sig = NULL;
     OSSL_PARAM_BLD *bld = NULL;
+    EVP_MD *md = NULL;
+    EVP_MD_CTX *ctx = NULL;
     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
     EVP_PKEY *pkey = NULL;
-    unsigned char sig[256];
     BN_CTX *bnctx = NULL;
     BIGNUM *K = NULL;
+    const char *msg = "Hello World!";
+    unsigned char sig[256];
     size_t siglen = sizeof(sig);
     static const unsigned char dgst[] = {
         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
         || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
         goto err;
 
-    /* Create a EVP_PKEY_CTX to use for the signing operation */
-    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
-    if (sctx == NULL
-        || EVP_PKEY_sign_init(sctx) <= 0)
-        goto err;
-
-    /* set signature parameters */
-    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
-                                         t->mdalgorithm,
-                                         strlen(t->mdalgorithm) + 1))
-        goto err;
+    /* Create a EVP_MD_CTX to use for the signature operation, assign signature
+     * parameters and sign */
     params_sig = OSSL_PARAM_BLD_to_param(bld);
-    if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+    md = EVP_MD_fetch(libctx, "SHA256", NULL);
+    ctx = EVP_MD_CTX_new();
+    if (md == NULL || ctx == NULL)
+        goto err;
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+    if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
+        || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
+        || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
+        || EVP_MD_CTX_reset(ctx) <= 0)
         goto err;
 
-    if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
-        || EVP_PKEY_verify_init(sctx) <= 0
+    /* sctx is not freed automatically inside the FIPS module */
+    EVP_PKEY_CTX_free(sctx);
+    sctx = NULL;
+
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+    if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
         || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
         goto err;
 
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
         goto err;
 
     OSSL_SELF_TEST_oncorrupt_byte(st, sig);
-    if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+    if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
         goto err;
     ret = 1;
 err:
     BN_CTX_free(bnctx);
     EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(kctx);
+    EVP_MD_free(md);
+    EVP_MD_CTX_free(ctx);
+    /* sctx is not freed automatically inside the FIPS module */
     EVP_PKEY_CTX_free(sctx);
+    EVP_PKEY_CTX_free(kctx);
     OSSL_PARAM_free(params);
     OSSL_PARAM_free(params_sig);
     OSSL_PARAM_BLD_free(bld);
-- 
2.37.1

1	From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
2	From: Clemens Lang <cllang@redhat.com>
3	Date: Fri, 15 Jul 2022 17:45:40 +0200
4	Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
5
6	In review for FIPS 140-3, the lack of a self-test for the digest_sign
7	and digest_verify provider functions was highlighted as a problem. NIST
8	no longer provides ACVP tests for the RSA SigVer primitive (see
9	https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
10	recommends the use of functions that compute the digest and signature
11	within the module, we have been advised in our module review that the
12	self tests should also use the combined digest and signature APIs, i.e.
13	the digest_sign and digest_verify provider functions.
14
15	Modify the signature self-test to use these instead by switching to
16	EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
17	crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
18
19	Signed-off-by: Clemens Lang <cllang@redhat.com>
20	---
21	crypto/evp/m_sigver.c \| 43 +++++++++++++++++++++++++++------
22	providers/fips/self_test_kats.c \| 37 +++++++++++++++-------------
23	2 files changed, 56 insertions(+), 24 deletions(-)
24
25	diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
26	index db1a1d7bc3..c94c3c53bd 100644
27	--- a/crypto/evp/m_sigver.c
28	+++ b/crypto/evp/m_sigver.c
29	@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX ctx, const void data, size_t datalen)
30	ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
31	return 0;
32	}
33	+#endif /* !defined(FIPS_MODULE) */
34
35	/*
36	* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
37	@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
38	reinit = 0;
39	if (e == NULL)
40	ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
41	+#ifndef FIPS_MODULE
42	else
43	ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
44	+#endif /* !defined(FIPS_MODULE) */
45	}
46	if (ctx->pctx == NULL)
47	return 0;
48	@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
49	locpctx = ctx->pctx;
50	ERR_set_mark();
51
52	+#ifndef FIPS_MODULE
53	if (evp_pkey_ctx_is_legacy(locpctx))
54	goto legacy;
55	+#endif /* !defined(FIPS_MODULE) */
56
57	/* do not reinitialize if pkey is set or operation is different */
58	if (reinit
59	@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
60	signature =
61	evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
62	supported_sig, locpctx->propquery);
63	+#ifndef FIPS_MODULE
64	if (signature == NULL)
65	goto legacy;
66	+#endif /* !defined(FIPS_MODULE) */
67	break;
68	}
69	if (signature == NULL)
70	@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
71	ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
72	if (ctx->fetched_digest != NULL) {
73	ctx->digest = ctx->reqdigest = ctx->fetched_digest;
74	+#ifndef FIPS_MODULE
75	} else {
76	/* legacy engine support : remove the mark when this is deleted */
77	ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
78	@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
79	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
80	goto err;
81	}
82	+#endif /* !defined(FIPS_MODULE) */
83	}
84	(void)ERR_pop_to_mark();
85	}
86	}
87
88	+#ifndef FIPS_MODULE
89	if (ctx->reqdigest != NULL
90	&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
91	&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
92	@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
93	goto err;
94	}
95	}
96	+#endif /* !defined(FIPS_MODULE) */
97
98	if (ver) {
99	if (signature->digest_verify_init == NULL) {
100	@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
101	EVP_KEYMGMT_free(tmp_keymgmt);
102	return 0;
103
104	+#ifndef FIPS_MODULE
105	legacy:
106	/*
107	* If we don't have the full support we need with provided methods,
108	@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
109	ctx->pctx->flag_call_digest_custom = 1;
110
111	ret = 1;
112	+#endif /* !defined(FIPS_MODULE) */
113
114	end:
115	#ifndef FIPS_MODULE
116	@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
117	return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
118	NULL);
119	}
120	-#endif /* FIPS_MDOE */
121
122	int EVP_DigestSignUpdate(EVP_MD_CTX ctx, const void data, size_t dsize)
123	{
124	@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX ctx, const void data, size_t dsize)
125	return EVP_DigestUpdate(ctx, data, dsize);
126	}
127
128	-#ifndef FIPS_MODULE
129	int EVP_DigestSignFinal(EVP_MD_CTX ctx, unsigned char sigret,
130	size_t *siglen)
131	{
132	- int sctx = 0, r = 0;
133	- EVP_PKEY_CTX dctx, pctx = ctx->pctx;
134	+ int r = 0;
135	+#ifndef FIPS_MODULE
136	+ int sctx = 0;
137	+ EVP_PKEY_CTX *dctx;
138	+#endif /* !defined(FIPS_MODULE) */
139	+ EVP_PKEY_CTX *pctx = ctx->pctx;
140
141	+#ifndef FIPS_MODULE
142	if (pctx == NULL
143	\|\| pctx->operation != EVP_PKEY_OP_SIGNCTX
144	\|\| pctx->op.sig.algctx == NULL
145	\|\| pctx->op.sig.signature == NULL)
146	goto legacy;
147	+#endif /* !defined(FIPS_MODULE) */
148
149	if (sigret == NULL \|\| (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
150	return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
151	sigret, siglen,
152	sigret == NULL ? 0 : *siglen);
153	+#ifndef FIPS_MODULE
154	dctx = EVP_PKEY_CTX_dup(pctx);
155	if (dctx == NULL)
156	return 0;
157	@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX ctx, unsigned char sigret,
158	sigret, siglen,
159	*siglen);
160	EVP_PKEY_CTX_free(dctx);
161	+#endif /* defined(FIPS_MODULE) */
162	return r;
163
164	+#ifndef FIPS_MODULE
165	legacy:
166	if (pctx == NULL \|\| pctx->pmeth == NULL) {
167	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
168	@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX ctx, unsigned char sigret,
169	}
170	}
171	return 1;
172	+#endif /* !defined(FIPS_MODULE) */
173	}
174
175	int EVP_DigestSign(EVP_MD_CTX ctx, unsigned char sigret, size_t *siglen,
176	@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX ctx, unsigned char sigret, size_t *siglen,
177	int EVP_DigestVerifyFinal(EVP_MD_CTX ctx, const unsigned char sig,
178	size_t siglen)
179	{
180	- unsigned char md[EVP_MAX_MD_SIZE];
181	int r = 0;
182	+#ifndef FIPS_MODULE
183	+ unsigned char md[EVP_MAX_MD_SIZE];
184	unsigned int mdlen = 0;
185	int vctx = 0;
186	- EVP_PKEY_CTX dctx, pctx = ctx->pctx;
187	+ EVP_PKEY_CTX *dctx;
188	+#endif /* !defined(FIPS_MODULE) */
189	+ EVP_PKEY_CTX *pctx = ctx->pctx;
190
191	+#ifndef FIPS_MODULE
192	if (pctx == NULL
193	\|\| pctx->operation != EVP_PKEY_OP_VERIFYCTX
194	\|\| pctx->op.sig.algctx == NULL
195	\|\| pctx->op.sig.signature == NULL)
196	goto legacy;
197	+#endif /* !defined(FIPS_MODULE) */
198
199	if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
200	return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
201	sig, siglen);
202	+#ifndef FIPS_MODULE
203	dctx = EVP_PKEY_CTX_dup(pctx);
204	if (dctx == NULL)
205	return 0;
206	@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX ctx, const unsigned char sig,
207	r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
208	sig, siglen);
209	EVP_PKEY_CTX_free(dctx);
210	+#endif /* !defined(FIPS_MODULE) */
211	return r;
212
213	+#ifndef FIPS_MODULE
214	legacy:
215	if (pctx == NULL \|\| pctx->pmeth == NULL) {
216	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
217	@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX ctx, const unsigned char sig,
218	if (vctx \|\| !r)
219	return r;
220	return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
221	+#endif /* !defined(FIPS_MODULE) */
222	}
223
224	int EVP_DigestVerify(EVP_MD_CTX ctx, const unsigned char sigret,
225	@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX ctx, const unsigned char sigret,
226	return -1;
227	return EVP_DigestVerifyFinal(ctx, sigret, siglen);
228	}
229	-#endif /* FIPS_MODULE */
230	diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
231	index b6d5e8e134..77eec075e6 100644
232	--- a/providers/fips/self_test_kats.c
233	+++ b/providers/fips/self_test_kats.c
234	@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
235	int ret = 0;
236	OSSL_PARAM params = NULL, params_sig = NULL;
237	OSSL_PARAM_BLD *bld = NULL;
238	+ EVP_MD *md = NULL;
239	+ EVP_MD_CTX *ctx = NULL;
240	EVP_PKEY_CTX sctx = NULL, kctx = NULL;
241	EVP_PKEY *pkey = NULL;
242	- unsigned char sig[256];
243	BN_CTX *bnctx = NULL;
244	BIGNUM *K = NULL;
245	+ const char *msg = "Hello World!";
246	+ unsigned char sig[256];
247	size_t siglen = sizeof(sig);
248	static const unsigned char dgst[] = {
249	0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
250	@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
251	\|\| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
252	goto err;
253
254	- /* Create a EVP_PKEY_CTX to use for the signing operation */
255	- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
256	- if (sctx == NULL
257	- \|\| EVP_PKEY_sign_init(sctx) <= 0)
258	- goto err;
259	-
260	- /* set signature parameters */
261	- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
262	- t->mdalgorithm,
263	- strlen(t->mdalgorithm) + 1))
264	- goto err;
265	+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
266	+ * parameters and sign */
267	params_sig = OSSL_PARAM_BLD_to_param(bld);
268	- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
269	+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
270	+ ctx = EVP_MD_CTX_new();
271	+ if (md == NULL \|\| ctx == NULL)
272	+ goto err;
273	+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE \| EVP_MD_CTX_FLAG_ONESHOT);
274	+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
275	+ \|\| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
276	+ \|\| EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
277	+ \|\| EVP_MD_CTX_reset(ctx) <= 0)
278	goto err;
279
280	- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
281	- \|\| EVP_PKEY_verify_init(sctx) <= 0
282	+ /* sctx is not freed automatically inside the FIPS module */
283	+ EVP_PKEY_CTX_free(sctx);
284	+ sctx = NULL;
285	+
286	+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE \| EVP_MD_CTX_FLAG_ONESHOT);
287	+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
288	\|\| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
289	goto err;
290
291	@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
292	goto err;
293
294	OSSL_SELF_TEST_oncorrupt_byte(st, sig);
295	- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
296	+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
297	goto err;
298	ret = 1;
299	err:
300	BN_CTX_free(bnctx);
301	EVP_PKEY_free(pkey);
302	- EVP_PKEY_CTX_free(kctx);
303	+ EVP_MD_free(md);
304	+ EVP_MD_CTX_free(ctx);
305	+ /* sctx is not freed automatically inside the FIPS module */
306	EVP_PKEY_CTX_free(sctx);
307	+ EVP_PKEY_CTX_free(kctx);
308	OSSL_PARAM_free(params);
309	OSSL_PARAM_free(params_sig);
310	OSSL_PARAM_BLD_free(bld);
311	--
312	2.37.1
313