mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
47d905fdc6
openssl/providers
History
Pauli 759ab5984e Revert "Put EdDSA back as approved algorithms." 
This reverts commit 09627a8ceb.

NIST isn't allowing EdDSA at this stage after all, so flag it as not
FIPS approved in the FIPS provider.  Guidance for FIPS 140-3 is expected
later this month:

    The use of EdDSA still remains non-approved.

    Before the FIPS 186-5 and SP 800-186 algorithms / curves can be
    used in the approved mode, the CMVP will need to do (at least)
    the following:

    * Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D;

    * Update IG 10.3.A to incorporate self-test requirements for the
      new algorithms/curves.

    * Write a new IG on this transition to clarify the issues raised in
      this thread and elsewhere and provide a clear transition schedule.

    The CMVP is working on all three of these items and hope to have
    drafts public by the end of March.

    Since security relevant changes are not permitted for new 140-2
    submissions, and under the assumption that this transition away
    from FIPS 186-4 algorithms will be 'soft' and not move modules to
    the historical list, we do not plan on writing 140-2 guidance for
    this transition.

It seems unlikely that all of these requirements will be completed before
we submit.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20343)
2023-02-22 11:29:02 +11:00
..
common Implements Hybrid Public Key Encryption (HPKE) as per RFC9180. 2022-11-25 16:26:55 +00:00
fips Revert "Put EdDSA back as approved algorithms." 2023-02-22 11:29:02 +11:00
implementations kbkdf: Fix kbkdf_dup function pointer type 2023-02-16 15:20:43 +01:00
baseprov.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00
build.info Add VERSIONINFO resource to legacy provider if it is not builtin 2022-06-02 11:09:10 -04:00
decoders.inc Support decode SM2 parameters 2022-08-23 11:08:11 +10:00
defltprov.c Implement deterministic ECDSA sign (RFC6979) 2022-11-30 07:31:53 +00:00
encoders.inc ENCODER PROV: Add encoders with EncryptedPrivateKeyInfo output 2021-09-05 21:34:51 +02:00
fips-sources.checksums Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
fips.checksum Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
fips.module.sources Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
legacyprov.c Fix regression in default key length for Blowfish CFB and OFB ciphers 2022-05-23 08:50:42 +02:00
nullprov.c null prov: fix gettable param array type. 2020-10-16 10:33:38 +10:00
prov_running.c keygen: add FIPS error state management to conditional self tests 2020-09-12 16:46:51 +10:00
stores.inc Add support for loading root CAs from Windows crypto API 2022-09-14 14:10:18 +01:00