Skip to content

Ed25519ctx is not fips approved #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simo5 merged 1 commit into from
Dec 16, 2025
Merged

Ed25519ctx is not fips approved #388

simo5 merged 1 commit into from
Dec 16, 2025

Conversation

@simo5
Copy link
Member

@simo5 simo5 commented Dec 15, 2025
edited
Loading

Description

And OpenSSL completely removed it from the FIPs module. So fail early.

Fixes #380

Checklist

  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Rustdoc string were added or updated
  • CHANGELOG and/or other documentation added or updated
  • This is not a code change

Reviewer's checklist:

  • Any issues marked for closing are fully addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • A changelog entry is added if the change is significant
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible text
  • Doc string are properly updated

@simo5 simo5 requested a review from Jakuje December 15, 2025 20:08
@Jakuje
Copy link
Contributor

Jakuje commented Dec 15, 2025

Could we have at least a simple test or should we put it under the #288?

@simo5
Copy link
Member Author

simo5 commented Dec 15, 2025

Could we have at least a simple test or should we put it under the #288?

Well we have a test failure that indicates to me we already test for this, and actually need to catch it :)

@Jakuje
Copy link
Contributor

Jakuje commented Dec 15, 2025

Could we have at least a simple test or should we put it under the #288?

Well we have a test failure that indicates to me we already test for this, and actually need to catch it :)

oh. Good point. I see now. Its the issue that I do not run the kryoptic tests in the rust-cryptoki testsuite that I did not catch it in there.

@simo5
Copy link
Member Author

simo5 commented Dec 15, 2025

Could we have at least a simple test or should we put it under the #288?

Well we have a test failure that indicates to me we already test for this, and actually need to catch it :)

oh. Good point. I see now. Its the issue that I do not run the kryoptic tests in the rust-cryptoki testsuite that I did not catch it in there.

The odd thing is that it doesn't fail locally for me, I am ... intrigued.

@simo5
Copy link
Member Author

simo5 commented Dec 15, 2025

Could we have at least a simple test or should we put it under the #288?

Well we have a test failure that indicates to me we already test for this, and actually need to catch it :)

oh. Good point. I see now. Its the issue that I do not run the kryoptic tests in the rust-cryptoki testsuite that I did not catch it in there.

The odd thing is that it doesn't fail locally for me, I am ... intrigued.

Nevermind, as usual when CI complains and local test don't it is 99% a PEBCAK problem ... and it was :-D

@simo5
Ed25519ctx is not FIPS approved
5aa1e17 
And OpenSSL completely removed it from the fips module.
So fail early.

Signed-off-by: Simo Sorce <[email protected]>
@simo5
Copy link
Member Author

simo5 commented Dec 15, 2025

@Jakuje tests have been changed to expect a failure in FIPS builds.

@simo5 simo5 merged commit 7b0e689 into latchset:main Dec 16, 2025
50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jakuje Jakuje Jakuje approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

The FIPS provider supports ED25519, but not ED25519CTX

2 participants

@simo5 @Jakuje