support providers without Ed25519 support

golang-fips · Sep 1, 2023 · 9ec909e · 9ec909e
1 parent 5de2d73
commit 9ec909e
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/ed25519.go b/ed25519.go
@@ -7,6 +7,8 @@ import "C"
 import (
 	"errors"
 	"strconv"
+	"sync"
+	"unsafe"
 )
 
 const (
@@ -20,11 +22,32 @@ const (
 	seedSizeEd25519 = 32
 )
 
-// SupportsEd25519 returns true if the current OpenSSL version supports Ed25519.
-// Don't use it to check for Ed25519ctx or Ed25519ph support, those are currently
-// not supported by OpenSSL.
+// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them,
+// which will probably be in 3.2.0.
+
+var (
+	onceSupportsEd25519 sync.Once
+	supportsEd25519     bool
+)
+
+// SupportsEd25519 returns true if the current OpenSSL version supports
+// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519.
 func SupportsEd25519() bool {
-	return version1_1_1_or_above()
+	onceSupportsEd25519.Do(func() {
+		switch vMajor {
+		case 1:
+			supportsEd25519 = version1_1_1_or_above()
+		case 3:
+			name := C.CString("ED25519")
+			defer C.free(unsafe.Pointer(name))
+			sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, name, nil)
+			if sig != nil {
+				C.go_openssl_EVP_SIGNATURE_free(sig)
+				supportsEd25519 = true
+			}
+		}
+	})
+	return supportsEd25519
 }
 
 func GenerateKeyEd25519() (pub, priv []byte, err error) {

diff --git a/shims.h b/shims.h
@@ -107,6 +107,7 @@ typedef void* GO_EVP_MAC_CTX_PTR;
 typedef void* GO_OSSL_PARAM_BLD_PTR;
 typedef void* GO_OSSL_PARAM_PTR;
 typedef void* GO_CRYPTO_THREADID_PTR;
+typedef void* GO_EVP_SIGNATURE_PTR;
 
 // #include <openssl/md5.h>
 typedef void* GO_MD5_CTX_PTR;
@@ -362,4 +363,6 @@ DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set1_tls1_prf_secret, (GO_EVP_PKEY_CTX_PTR arg0
 DEFINEFUNC_3_0(int, EVP_PKEY_CTX_add1_tls1_prf_seed, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \
 DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_public_key, (GO_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t *len), (pkey, pub, len)) \
 DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_private_key, (GO_EVP_PKEY_PTR pkey, const unsigned char *priv, size_t *len), (pkey, priv, len)) \
+DEFINEFUNC_3_0(GO_EVP_SIGNATURE_PTR, EVP_SIGNATURE_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
+DEFINEFUNC_3_0(void, EVP_SIGNATURE_free, (GO_EVP_SIGNATURE_PTR signature), (signature)) \