diff options
| author | Pauli <pauli@openssl.org> | 2023-01-09 11:25:55 +1100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-01-13 09:47:52 +1100 |
| commit | 9fa553247874728cee8ca0ece9aaed476eb0f303 (patch) | |
| tree | 73773a26a79a5baf7d091276fa993138b66f4880 /providers | |
| parent | 7efc653c43851dcbc3ec043baded029c7d31ab9f (diff) | |
| download | openssl-new-9fa553247874728cee8ca0ece9aaed476eb0f303.tar.gz | |
fips: make EdDSA unapproved for FIPS
Likewise for the related ECX key exchanges.
NIST is mandating this until FIPS 186-5 is finalised.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20020)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/fips/fipsprov.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index c967d61eb8..929aa604f4 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -378,8 +378,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = { #endif #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, - { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, - { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, + { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions }, + { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions }, #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_keyexch_functions }, @@ -393,8 +393,9 @@ static const OSSL_ALGORITHM fips_signature[] = { #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, #ifndef OPENSSL_NO_EC - { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, - { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, + { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + ossl_ed25519_signature_functions }, + { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, @@ -434,13 +435,13 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, - { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, + { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions, PROV_DESCS_X25519 }, - { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, + { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, + { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, + { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, PROV_DESCS_ED448 }, #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, |