diff options
| author | Pauli <pauli@openssl.org> | 2023-01-20 09:32:49 +1100 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-01-24 12:35:36 +0000 |
| commit | 8948b5749410084ed1dfabf17a90df65efcf0f82 (patch) | |
| tree | 6e03ead0d5bd7a1c819c0a3a9f47f0d35558d197 /providers/fips | |
| parent | 8353b2dfacd723db5ba8b833b95e68e9600d1cf5 (diff) | |
Put X25519 and X448 back as approved algorithms
CMVP's answer when questioned about this being:
X448 and X25519 uses Curve448 and Curve25519, respectfully, within an
ECDH scheme. Therefore, it is possible for a key agreement scheme
that uses Curve448 and Curve25519 to be used in the approved mode
and be viewed as an allowed algorithm if requirements of Scenario
X2 of IG D.8 and IG A.2 are met (or Scenario 3 of D.F and IG C.A for
FIPS 140-3). The use of EdDSA in the approved mode is not permitted
until FIPS 186-5 is published and part of CMVP guidance.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)
Diffstat (limited to 'providers/fips')
| -rw-r--r-- | providers/fips/fipsprov.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 929aa604f4..b86b27d236 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -378,8 +378,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = { #endif #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, - { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions }, - { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions }, + { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_keyexch_functions }, @@ -435,9 +435,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, - { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions, + { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, PROV_DESCS_X25519 }, - { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, PROV_DESCS_X448 }, { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, PROV_DESCS_ED25519 }, |