diff --git a/src/signature.c b/src/signature.c index 10465962..972bc5d0 100644 --- a/src/signature.c +++ b/src/signature.c @@ -2290,10 +2290,23 @@ static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[]) { P11PROV_SIG_CTX *sigctx = (P11PROV_SIG_CTX *)ctx; const OSSL_PARAM *p; + CK_ULONG size; int ret; P11PROV_debug("eddsa set ctx params (ctx=%p, params=%p)", sigctx, params); + size = p11prov_obj_get_key_bit_size(sigctx->key); + if (size != ED25519_BIT_SIZE && size != ED448_BIT_SIZE) { + P11PROV_raise(sigctx->provctx, CKR_KEY_TYPE_INCONSISTENT, + "Invalid EdDSA key size %lu", size); + return RET_OSSL_ERR; + } + + /* PKCS #11 parameters are mandatory for Ed448 key type anyway */ + if (size == ED448_BIT_SIZE) { + sigctx->use_eddsa_params = CK_TRUE; + } + if (params == NULL) { return RET_OSSL_OK; } @@ -2302,7 +2315,6 @@ static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[]) if (p) { const char *instance = NULL; bool matched = false; - CK_ULONG size; ret = OSSL_PARAM_get_utf8_string_ptr(p, &instance); if (ret != RET_OSSL_OK) { @@ -2310,12 +2322,6 @@ static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[]) } P11PROV_debug("Set OSSL_SIGNATURE_PARAM_INSTANCE to %s", instance); - size = p11prov_obj_get_key_bit_size(sigctx->key); - if (size != ED25519_BIT_SIZE && size != ED448_BIT_SIZE) { - P11PROV_raise(sigctx->provctx, CKR_KEY_TYPE_INCONSISTENT, - "Invalid EdDSA key size %lu", size); - return RET_OSSL_ERR; - } if (size == ED25519_BIT_SIZE) { if (OPENSSL_strcasecmp(instance, "Ed25519") == 0) { matched = true; @@ -2359,6 +2365,7 @@ static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[]) return ret; } sigctx->eddsa_params.ulContextDataLen = datalen; + sigctx->use_eddsa_params = CK_TRUE; } return RET_OSSL_OK;