projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bfd5680) | patch
fips: document that the EdDSA algorithms are not-validated
authorPauli <pauli@openssl.org>
Thu, 19 Jan 2023 00:16:40 +0000 (11:16 +1100)
committerHugo Landau <hlandau@openssl.org>
Tue, 24 Jan 2023 12:35:36 +0000 (12:35 +0000)
commit8353b2dfacd723db5ba8b833b95e68e9600d1cf5
tree5fb6196f1800c212092537dd168f7a5aa496b593tree | snapshot
parentbfd5680e6be789fd554acf2ad34428816a644eeccommit | diff
fips: document that the EdDSA algorithms are not-validated

Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent their accidental
use.  This therefore requires that applications always specify the "fips=yes"
property query to enforce FIPS correctness.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)
doc/man7/OSSL_PROVIDER-FIPS.pod diff | blob | history
doc/man7/fips_module.pod diff | blob | history
doc/man7/migration_guide.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.