)]}'
{
  "commit": "8bbefbfeee609b17622deedd100163c12f5c95dc",
  "tree": "fc5d3ae59cad7393c2c2379441358b5aa70bb111",
  "parents": [
    "972ab522382ace61745be58c330a9e3cdfb1bd1b"
  ],
  "author": {
    "name": "Adam Langley",
    "email": "alangley@gmail.com",
    "time": "Fri Mar 18 13:00:09 2022 -0700"
  },
  "committer": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Mon Mar 21 19:33:24 2022 +0000"
  },
  "message": "Document that |EC_KEY_generate_fips| works for both cases.\n\nOur FIPS module only claims support for RSA signing/verification, and\n|RSA_generate_key_fips| already performs a sign/verify pair-wise\nconsistency test (PCT). For ECDSA, |EC_KEY_generate_fips| performs a\nsign/verify PCT too. But when |EC_KEY_generate_fips| is used for key\nagreement a sign/verify PCT may not be correct.\n\nThe FIPS IG[1], page 60, says:\n\n\u003e Though not a CAST, a pairwise consistency test (PCT) shall be\n\u003e conducted for every generated public and private key pair for the\n\u003e applicable approved algorithm (per ISO/IEC 19790:2012 Section\n\u003e 7.10.3.3). To further clarify, at minimum, the PCT that is required by\n\u003e the underlying algorithm standard (e.g. SP 800- 56Arev3 or SP\n\u003e 800-56Brev2) shall be performed.\n\nSP 800-56Ar3, page 36, says:\n\n\u003e For an ECC key pair (d, Q): Use the private key, d, along with the\n\u003e generator G and other domain parameters associated with the key pair,\n\u003e to compute dG (according to the rules of elliptic-curve arithmetic).\n\u003e Compare the result to the public key, Q. If dG is not equal to Q, then\n\u003e the pair-wise consistency test fails\n\nBut |EC_KEY_generate_fips| has always done that via\n|EC_KEY_check_key|. So I believe that |EC_KEY_generate_fips| works for\neither case.\n\nThis change documents that.\n\n[1] FIPS 140-3 IG dated 2022-03-14 and with SHA-256\n2f232f7f5839e3263284d71c35771c9fdf2e505b02813be999377030c56b37e4\n\nChange-Id: I4b4e2ed92ae3d59e2f2404c41694abeb3eb283f4\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51988\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "d7acf969c4eeb8fdb4a90d83e1e948296b1a4f72",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/ec/ec_key.c",
      "new_id": "2d04d13cc7eb7d340eecb14ec8cf3aaa32dec1c5",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/ec/ec_key.c"
    },
    {
      "type": "modify",
      "old_id": "3a408566060f8195a74b49ad1583bc40e30758bf",
      "old_mode": 33188,
      "old_path": "include/openssl/ec_key.h",
      "new_id": "502bfc2d95950a651b191022dede0ec8bc18aa92",
      "new_mode": 33188,
      "new_path": "include/openssl/ec_key.h"
    }
  ]
}