mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make X25519 and X448 FIPS unapproved

Browse Source 
Partially fixes: #22105

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24099)
This commit is contained in:
Tomas Mraz 2024-04-11 08:57:51 +02:00
parent 4e3c1e6206
commit 52ca56090c
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES.md
View File

@ -36,6 +36,11 @@ OpenSSL 3.4
*Stephan Wurm* *Stephan Wurm*
* The X25519 and X448 key exchange implementation in the FIPS provider
is unapproved and has `fips=no` property.
* Tomas Mraz*
OpenSSL 3.3 OpenSSL 3.3
----------- -----------

4
doc/man7/OSSL_PROVIDER-FIPS.pod
View File

@ -204,8 +204,12 @@ This is an unapproved algorithm.
=item X25519, see L<EVP_KEYMGMT-X25519(7)> =item X25519, see L<EVP_KEYMGMT-X25519(7)>
This is an unapproved algorithm.
=item X448, see L<EVP_KEYMGMT-X448(7)> =item X448, see L<EVP_KEYMGMT-X448(7)>
This is an unapproved algorithm.
=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> =item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
This is an unapproved algorithm. This is an unapproved algorithm.

8
providers/fips/fipsprov.c
View File

@ -410,8 +410,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
# ifndef OPENSSL_NO_ECX # ifndef OPENSSL_NO_ECX
{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions },
# endif # endif
#endif #endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
@ -471,9 +471,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC }, PROV_DESCS_EC },
# ifndef OPENSSL_NO_ECX # ifndef OPENSSL_NO_ECX
{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions,
PROV_DESCS_X25519 }, PROV_DESCS_X25519 },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions,
PROV_DESCS_X448 }, PROV_DESCS_X448 },
{ PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
PROV_DESCS_ED25519 }, PROV_DESCS_ED25519 },