Skip to content

Commit

Permalink
Make X25519 and X448 FIPS unapproved
Browse files Browse the repository at this point in the history 
Partially fixes: #22105

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from #24099)
  • Loading branch information
@t8m
t8m committed Apr 19, 2024
1 parent 4e3c1e6 commit 52ca560
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 4 deletions.
5 changes: 5 additions & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ OpenSSL 3.4

*Stephan Wurm*

* The X25519 and X448 key exchange implementation in the FIPS provider
is unapproved and has `fips=no` property.

* Tomas Mraz*

OpenSSL 3.3
-----------

Expand Down
4 changes: 4 additions & 0 deletions doc/man7/OSSL_PROVIDER-FIPS.pod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,12 @@ This is an unapproved algorithm.

=item X25519, see L<EVP_KEYMGMT-X25519(7)>

This is an unapproved algorithm.

=item X448, see L<EVP_KEYMGMT-X448(7)>

This is an unapproved algorithm.

=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>

This is an unapproved algorithm.
Expand Down
8 changes: 4 additions & 4 deletions providers/fips/fipsprov.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,8 +410,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
#ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
# ifndef OPENSSL_NO_ECX
{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
{ PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions },
{ PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions },
# endif
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
Expand Down Expand Up @@ -471,9 +471,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC },
# ifndef OPENSSL_NO_ECX
{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
{ PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions,
PROV_DESCS_X25519 },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
{ PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions,
PROV_DESCS_X448 },
{ PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
PROV_DESCS_ED25519 },
Expand Down

0 comments on commit 52ca560

Please sign in to comment.