Fips 140-2 change re X25519
Pauli
ppzgs1 at gmail.com
Wed Apr 3 07:22:44 UTC 2024
This is conflating concerns between FIPS 140-2 and FIPS 140-3 -- they
are *very* different and completely distinct.
X25519 is not currently permitted under 140-3 (for which our validation
is a while away).
It was permitted under 140-2 (which is the only currently validated
module). The project has asked our lab for a ruling for the 140-2
validation.
Once the lab responds, we'll know definitively. These things take time.
If it is no longer permitted under the 140-2 rules, it will be removed
in due course (either via policy or technically).
If it is permitted, it will remain.
My understanding (which is obviously not definitive), is that it is
permitted under 140-2.
I could easily be wrong. FIPS is fickle.
Pauli
On 3/4/2024 4:58 am, Hubert Kario wrote:
> On Tuesday, 2 April 2024 17:41:40 CEST, Salz, Rich wrote:
>> I admit to being lost in a twisty maze of NIST documents, all alike
>> as it were.
>>
>> Please see https://github.com/openssl/openssl/discussions/22054 and
>> what conclusion you, and the project, come to.
>
> I don't see that the 3rd of February date changed anything.
>
> X25519 and X448 was not approved, is not approved, it may become
> approved at some later time. But even if it does become approved
> later, it will require new certification for that code, current
> certified modules won't gain it just by virtue of X25519 becoming
> an approved algorithm.
>
More information about the openssl-project
mailing list