]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab1b883) | patch
fips: Upgrade KAT ECDSA curves to minimum 128bits master
authorDimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Wed, 14 Jan 2026 21:08:42 +0000 (21:08 +0000)
committerPauli <paul.dale@oracle.com>
Wed, 21 Jan 2026 00:06:12 +0000 (11:06 +1100)
commitb2ecef451ccede07366023da4553f113f6e4fe71
treed5c906cd951a61694e77b6e13582fa5fd9fcc1f8tree | snapshot
parentab1b8837c64dac7ddde0f00544c17e722df698a3commit | diff
fips: Upgrade KAT ECDSA curves to minimum 128bits

Upgrade prime ECDSA self tests from secp224r1 to prime256v1.
Upgrade binary ECDSA self tests from sect233r1 to sect283r1.

This is forward looking change to allow raising the lower bound in
ossl_ec_check_security_strength() /
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS in case legacy/deprecated
behaviour is not needed to be supported (for example builds with
support for primary curves only of P-256 or higher).

Did a test build to ensure that updating
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS to 128 passes fips
selftests. Note not currently recommended.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29674)
providers/fips/self_test_data.inc diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git