[openssl/openssl] 12d299: fips: document that the EdDSA algorithms are not-v...

Pauli noreply at github.com
Tue Jan 24 12:38:45 UTC 2023 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 12d2997109f90e6638e38d962011b4860b480aa3
      https://github.com/openssl/openssl/commit/12d2997109f90e6638e38d962011b4860b480aa3
  Author: Pauli <pauli at openssl.org>
  Date:   2023-01-24 (Tue, 24 Jan 2023)

  Changed paths:
    M doc/man7/OSSL_PROVIDER-FIPS.pod
    M doc/man7/fips_module.pod
    M doc/man7/migration_guide.pod

  Log Message:
  -----------
  fips: document that the EdDSA algorithms are not-validated

Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent their accidental
use.  This therefore requires that applications always specify the "fips=yes"
property query to enforce FIPS correctness.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

(cherry picked from commit 8353b2dfacd723db5ba8b833b95e68e9600d1cf5)


  Commit: 6f09571af0e1f2ed654730669113ed76500ed3c8
      https://github.com/openssl/openssl/commit/6f09571af0e1f2ed654730669113ed76500ed3c8
  Author: Pauli <pauli at openssl.org>
  Date:   2023-01-24 (Tue, 24 Jan 2023)

  Changed paths:
    M providers/fips/fipsprov.c

  Log Message:
  -----------
  Put X25519 and X448 back as approved algorithms

CMVP's answer when questioned about this being:

    X448 and X25519 uses Curve448 and Curve25519, respectfully, within an
    ECDH scheme.  Therefore, it is possible for a key agreement scheme
    that uses Curve448 and Curve25519 to be used in the approved mode
    and be viewed as an allowed algorithm if requirements of Scenario
    X2 of IG D.8 and IG A.2 are met (or Scenario 3 of D.F and IG C.A for
    FIPS 140-3).  The use of EdDSA in the approved mode is not permitted
    until FIPS 186-5 is published and part of CMVP guidance.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

(cherry picked from commit 8948b5749410084ed1dfabf17a90df65efcf0f82)


  Commit: d702d0144f8e1cead044d22ac1507043f8eac038
      https://github.com/openssl/openssl/commit/d702d0144f8e1cead044d22ac1507043f8eac038
  Author: Pauli <pauli at openssl.org>
  Date:   2023-01-24 (Tue, 24 Jan 2023)

  Changed paths:
    M CHANGES.md

  Log Message:
  -----------
  changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

(cherry picked from commit d4e105f6d53002ebaac2caf0c723bbf734f4a21a)


  Commit: c46385e996fbebab4ad25da5c1bd9a9f9051e250
      https://github.com/openssl/openssl/commit/c46385e996fbebab4ad25da5c1bd9a9f9051e250
  Author: Pauli <pauli at openssl.org>
  Date:   2023-01-24 (Tue, 24 Jan 2023)

  Changed paths:
    M test/fips-and-base.cnf

  Log Message:
  -----------
  test: note that a default property query must be included for FIPS validity

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

(cherry picked from commit d8523bf16205399363604c8fc90256791ad8c019)


Compare: https://github.com/openssl/openssl/compare/f0af262bd8d0...c46385e996fb

More information about the openssl-commits mailing list