-
Right now, there are two ECDSA implementations in the repo. One uses the curves implemented in `Common/`, and one defines all the legal curves in the same module as the signature implementation.
I…
-
As per https://github.com/quictls/openssl/issues/138#issuecomment-1902542979 PQC QUIC support got "mangled" in some upstream brouhaha. This issue is to suggest re-activating it, either by working on h…
-
Address Kris's comments:
ZjQcmQRYFpfptBannerEnd
In the section "B.1 FIPS certification", the draft says:
* "algorithm to be [...] considered FIPS-approved even when one of the component algorithm…
-
In there are numerous claims that Ed25519 should be preferred over P-384.
> ECDSA is much more dangerous to implement than Ed25519
> If you're concerned about NSA backdoors, don't use v3 (which…
-
For most users and really for most new linux distributions that will ship version 3.0 it will be extremely cool to have a random provider that uses only the getrandom syscall for all entropy needs, wi…
-
AES/CBC/PKCS5Padding and AES/CBC/PKCS7Padding are flagged as broken/risky algorithms. Brief investigation suggests that the PKCS[5,7]Padding is exploitable. Need to investigate further and if possibl…
-
**Provide the location of the issue**
cPP FCS_CKM.1 and FCS_COP.1/SigGen
**What is the enhancement request for the cPP? Please describe.**
Ed25519 was added as per #127 but Ed448 was not. Ed448 …
-
To allow running of clickhouse in governmental agencies.
May require:
1. Moving to a FIPS-validated version of boringSSL
https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/fips…
-
Some users insist on using only cryptography officially sanctioned by their favorite standards body, such as the NIST FIPS-140; notary should at least not make this impossible by design. The following…
-
This OpenPGP certificate contains a "1st party approved 3rd party certifications" ([1pa3pc](https://datatracker.ietf.org/doc/draft-dkg-openpgp-1pa3pc/)) signature over its User ID:
```
-----BEGIN …