[openssl] master update
Matt Caswell
matt at openssl.org
Thu Apr 23 09:38:31 UTC 2020
The branch master has been updated
via 916b1f83d094fe2e0f7dea1e24f4eac3287a4157 (commit)
from 555ed96812f7f6cfb6066327aee40244517e2e05 (commit)
- Log -----------------------------------------------------------------
commit 916b1f83d094fe2e0f7dea1e24f4eac3287a4157
Author: Pauli <paul.dale at oracle.com>
Date: Wed Apr 22 17:08:30 2020 +1000
FIPS: remove algorithms that are not being validated.
Several MACs and one KDF are included in the FIPS provider with the property
"fips=yes" set but are not listed as being part of the OpenSSL validation.
This removes them from the FIPS provider.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11602)
-----------------------------------------------------------------------
Summary of changes:
providers/fips/fipsprov.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 4fe14c2ba3..a9a7703ea2 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -367,12 +367,6 @@ static const OSSL_ALGORITHM fips_digests[] = {
{ "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
{ "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
{ "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
- /*
- * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
- * KMAC128 and KMAC256.
- */
- { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
- { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
/* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */
{ "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions },
@@ -424,13 +418,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
static const OSSL_ALGORITHM fips_macs[] = {
-#ifndef OPENSSL_NO_CMAC
- { "CMAC", "provider=fips,fips=yes", cmac_functions },
-#endif
{ "GMAC", "provider=fips,fips=yes", gmac_functions },
{ "HMAC", "provider=fips,fips=yes", hmac_functions },
- { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
- { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
{ NULL, NULL, NULL }
};
@@ -439,7 +428,6 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
{ "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
{ "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
{ "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
- { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
{ NULL, NULL, NULL }
};
More information about the openssl-commits
mailing list