The branch master has been updated via f261cc8536b90413e7434e00f6f0815f9557f14c (commit) via 1a9ccdeb95839cb6d90f634526db82130ef9d30f (commit) via c4649934a2149bd28a58db52e5351e41b293390c (commit) from 3c4254de41ee0213b2a269162bb1f347323865eb (commit)
- Log ----------------------------------------------------------------- commit f261cc8536b90413e7434e00f6f0815f9557f14c Author: Pauli <paul.d...@oracle.com> Date: Thu Nov 5 09:54:17 2020 +1000 Merge SHA2 entries in FIPS table Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/205) commit 1a9ccdeb95839cb6d90f634526db82130ef9d30f Author: Pauli <paul.d...@oracle.com> Date: Thu Nov 5 09:30:22 2020 +1000 3.0 design: remove the SP 800-90 entropy testing entry. Due to rules changes, this will not be happening. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/205) commit c4649934a2149bd28a58db52e5351e41b293390c Author: Pauli <paul.d...@oracle.com> Date: Thu Nov 5 09:29:45 2020 +1000 3.0 design: remove the compliance column. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/205) ----------------------------------------------------------------------- Summary of changes: docs/OpenSSL300Design.md | 176 +---------------------------------------------- 1 file changed, 2 insertions(+), 174 deletions(-) diff --git a/docs/OpenSSL300Design.md b/docs/OpenSSL300Design.md index 6aab23a..9246e44 100644 --- a/docs/OpenSSL300Design.md +++ b/docs/OpenSSL300Design.md @@ -2756,8 +2756,6 @@ The algorithms which are to be included in the FIPS module are: </td> <td><strong>Standard</strong> </td> - <td><strong>Compliant</strong>[^7]<strong> </strong> - </td> <td><strong>Notes</strong> </td> </tr> @@ -2768,8 +2766,6 @@ The algorithms which are to be included in the FIPS module are: </td> <td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a> </td> - <td>✓ - </td> <td rowspan="2" >Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final">SP 800-67rev2</a>. \ \ TDES support being decryption only (from 2020) and banned (from 2025). \ @@ -2786,8 +2782,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a> </td> - <td>✓ - </td> </tr> <tr> <td>AES @@ -2796,8 +2790,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a> </td> - <td>✓ - </td> <td>All AES cipher modes supporting 128, 192 and 256 bits. </td> </tr> @@ -2808,8 +2800,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td> </td> - <td>✓ - </td> <td> </td> </tr> @@ -2820,8 +2810,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38c/final">SP 800-38C</a> </td> - <td>✓ - </td> <td> </td> </tr> @@ -2832,8 +2820,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a> </td> - <td>✓ - </td> <td> </td> </tr> @@ -2844,8 +2830,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a> </td> - <td>✓ - </td> <td> </td> </tr> @@ -2856,8 +2840,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a> </td> - <td>✓ - </td> <td> </td> </tr> @@ -2868,10 +2850,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a> </td> - <td>✓ - </td> - <td>Changes in IV. Module must generate the IV. - </td> </tr> <tr> <td> @@ -2880,10 +2858,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a> </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> @@ -2892,10 +2866,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a> </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> @@ -2904,8 +2874,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38e/final">SP 800-38E</a> </td> - <td>✓ - </td> <td>See <a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf">FIPS 140-2 I.G.</a> A.9. Needs key check added. This mode does not support 192 bits. Check added by <a href="https://github.com/openssl/openssl/pull/7120">#7120</a>. </td> </tr> @@ -2916,8 +2884,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a> </td> - <td>✓ - </td> <td rowspan="2" >Differences from standard but within it. </td> </tr> @@ -2928,8 +2894,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a> </td> - <td>✓ - </td> </tr> <tr> <td>Hash @@ -2938,10 +2902,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a> </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> @@ -2950,21 +2910,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a> </td> - <td>✓ - </td> - <td>224, 256, 384, 512. - </td> - </tr> - <tr> - <td> - </td> - <td>SHA-2 - </td> - <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a> - </td> - <td>✓ - </td> - <td>512/224, 512/256. Appear to be compliant. + <td>224, 256, 384, 512, 512/224, 512/256. </td> </tr> <tr> @@ -2974,9 +2920,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202</a> </td> - <td>✓ - </td> - <td>224, 256, 384, 512. Appear to be compliant. + <td>224, 256, 384, 512. </td> </tr> <tr> @@ -2986,10 +2930,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a> </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> @@ -2998,8 +2938,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a> </td> - <td>✓ - </td> <td>224, 256, 384, 512. </td> </tr> @@ -3010,46 +2948,18 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a> </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td>CMAC </td> - <td> - </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td>GMAC </td> - <td> - </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td>KMAC </td> - <td> - </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td>DRBG @@ -3058,8 +2968,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a> </td> - <td>✓ - </td> <td rowspan="3" >Issues with <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">SP 800-90C</a>. <p> All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>. @@ -3072,8 +2980,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a> </td> - <td>✓ - </td> </tr> <tr> <td> @@ -3082,20 +2988,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a> </td> - <td>✓ - </td> - </tr> - <tr> - <td>DRBG - </td> - <td>Testing - </td> - <td>SP 800-90 - </td> - <td>✗ - </td> - <td>Support DRBG health test as per current version of these standards: <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">A</a>, <a href="https://csrc.nist.gov/publications/detail/sp/800-90b/final">B</a> & <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">C</a>. - </td> </tr> <tr> <td>RSA @@ -3104,8 +2996,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a> </td> - <td>✓ - </td> <td>Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a>. PKCS#1.5, PSS, Key pair generation. Modulus size changes. </td> </tr> @@ -3116,8 +3006,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a> </td> - <td>✓ - </td> <td>OAEP. Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B rev-1</a> standard. </td> </tr> @@ -3128,8 +3016,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a> </td> - <td>✓ - </td> <td>Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard. </td> </tr> @@ -3140,8 +3026,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a> </td> - <td>✓ - </td> <td>Additional testing to meet ZZonly. CVL/KAS. </td> </tr> @@ -3152,8 +3036,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a> </td> - <td>✓ - </td> <td>PQG generation & verification, signature generation & verification, key pair generation. </td> </tr> @@ -3164,8 +3046,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a> </td> - <td>✓ - </td> <td>Key pair generation, public key generation, signature generation & verification. </td> </tr> @@ -3176,8 +3056,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a> </td> - <td>✓ - </td> <td>B-233, 283, 409, 571; K-233, 283, 409, 571; P-224, 256, 384, 521. Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard. </td> </tr> @@ -3188,8 +3066,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a> </td> - <td>✓ - </td> <td>Additional testing to meet ZZonly. CVL/KAS. </td> </tr> @@ -3200,8 +3076,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td><a href="https://csrc.nist.gov/publications/detail/sp/800-132/final">SP 800-132</a> </td> - <td>✓ - </td> <td>Verify conformance with standards. See <a href="https://github.com/openssl/openssl/pull/6674">#6674</a>. </td> </tr> @@ -3210,84 +3084,42 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td>HKDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>SSKDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>SSHKDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>X9.42 KDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>X9.63 KDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>KBKDF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td> </td> <td>TLS PRF </td> - <td> - </td> - <td>✓ - </td> - <td> - </td> </tr> <tr> <td>TLS @@ -3296,8 +3128,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re </td> <td> </td> - <td>✓ - </td> <td>For TLS 1.2 and 1.3. </td> </tr> @@ -3326,5 +3156,3 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re [^6]: Property names are case insensitive even though only upper case is depicted here. -[^7]: Current from a CMVP perspective. -