fix: allow ED25519 public key algorithm in FIPS mode (!216) · Merge requests · GitLab.org / labkit

Previously ED25519 was not on the default public key algorithms, but this is actually allowed in FIPS 140-3. curve25519-sha256 is not an allowed key exchange, but as https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf mentions:

Curves that are included in SP 800-186 but not included in SP 800-56Arev3 are not approved for key agreement. E.g., the ECDH X25519 and X448 key agreement schemes (defined in RFC 7748) that use Curve25519 and Curve448, respectively, are not compliant to SP 800-56Arev3.

Relates to gitlab#367429 (closed)

Edited Sep 03, 2025 by Stan Hu

fix: allow ED25519 public key algorithm in FIPS mode

Merge request reports