[web] master update
Dr. Paul Dale
pauli at openssl.org
Tue Nov 10 22:05:21 UTC 2020
The branch master has been updated
via f261cc8536b90413e7434e00f6f0815f9557f14c (commit)
via 1a9ccdeb95839cb6d90f634526db82130ef9d30f (commit)
via c4649934a2149bd28a58db52e5351e41b293390c (commit)
from 3c4254de41ee0213b2a269162bb1f347323865eb (commit)
- Log -----------------------------------------------------------------
commit f261cc8536b90413e7434e00f6f0815f9557f14c
Author: Pauli <paul.dale at oracle.com>
Date: Thu Nov 5 09:54:17 2020 +1000
Merge SHA2 entries in FIPS table
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/205)
commit 1a9ccdeb95839cb6d90f634526db82130ef9d30f
Author: Pauli <paul.dale at oracle.com>
Date: Thu Nov 5 09:30:22 2020 +1000
3.0 design: remove the SP 800-90 entropy testing entry.
Due to rules changes, this will not be happening.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/205)
commit c4649934a2149bd28a58db52e5351e41b293390c
Author: Pauli <paul.dale at oracle.com>
Date: Thu Nov 5 09:29:45 2020 +1000
3.0 design: remove the compliance column.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/205)
-----------------------------------------------------------------------
Summary of changes:
docs/OpenSSL300Design.md | 176 +----------------------------------------------
1 file changed, 2 insertions(+), 174 deletions(-)
diff --git a/docs/OpenSSL300Design.md b/docs/OpenSSL300Design.md
index 6aab23a..9246e44 100644
--- a/docs/OpenSSL300Design.md
+++ b/docs/OpenSSL300Design.md
@@ -2756,8 +2756,6 @@ The algorithms which are to be included in the FIPS module are:
</td>
<td><strong>Standard</strong>
</td>
- <td><strong>Compliant</strong>[^7]<strong> </strong>
- </td>
<td><strong>Notes</strong>
</td>
</tr>
@@ -2768,8 +2766,6 @@ The algorithms which are to be included in the FIPS module are:
</td>
<td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a>
</td>
- <td>✓
- </td>
<td rowspan="2" >Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final">SP 800-67rev2</a>. \
\
TDES support being decryption only (from 2020) and banned (from 2025). \
@@ -2786,8 +2782,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a>
</td>
- <td>✓
- </td>
</tr>
<tr>
<td>AES
@@ -2796,8 +2790,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
</td>
- <td>✓
- </td>
<td>All AES cipher modes supporting 128, 192 and 256 bits.
</td>
</tr>
@@ -2808,8 +2800,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td>
</td>
- <td>✓
- </td>
<td>
</td>
</tr>
@@ -2820,8 +2810,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38c/final">SP 800-38C</a>
</td>
- <td>✓
- </td>
<td>
</td>
</tr>
@@ -2832,8 +2820,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
</td>
- <td>✓
- </td>
<td>
</td>
</tr>
@@ -2844,8 +2830,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
</td>
- <td>✓
- </td>
<td>
</td>
</tr>
@@ -2856,8 +2840,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
</td>
- <td>✓
- </td>
<td>
</td>
</tr>
@@ -2868,10 +2850,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a>
</td>
- <td>✓
- </td>
- <td>Changes in IV. Module must generate the IV.
- </td>
</tr>
<tr>
<td>
@@ -2880,10 +2858,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a>
</td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
@@ -2892,10 +2866,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
</td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
@@ -2904,8 +2874,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38e/final">SP 800-38E</a>
</td>
- <td>✓
- </td>
<td>See <a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf">FIPS 140-2 I.G.</a> A.9. Needs key check added. This mode does not support 192 bits. Check added by <a href="https://github.com/openssl/openssl/pull/7120">#7120</a>.
</td>
</tr>
@@ -2916,8 +2884,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a>
</td>
- <td>✓
- </td>
<td rowspan="2" >Differences from standard but within it.
</td>
</tr>
@@ -2928,8 +2894,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a>
</td>
- <td>✓
- </td>
</tr>
<tr>
<td>Hash
@@ -2938,10 +2902,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
</td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
@@ -2950,21 +2910,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
</td>
- <td>✓
- </td>
- <td>224, 256, 384, 512.
- </td>
- </tr>
- <tr>
- <td>
- </td>
- <td>SHA-2
- </td>
- <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
- </td>
- <td>✓
- </td>
- <td>512/224, 512/256. Appear to be compliant.
+ <td>224, 256, 384, 512, 512/224, 512/256.
</td>
</tr>
<tr>
@@ -2974,9 +2920,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202</a>
</td>
- <td>✓
- </td>
- <td>224, 256, 384, 512. Appear to be compliant.
+ <td>224, 256, 384, 512.
</td>
</tr>
<tr>
@@ -2986,10 +2930,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
</td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
@@ -2998,8 +2938,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
</td>
- <td>✓
- </td>
<td>224, 256, 384, 512.
</td>
</tr>
@@ -3010,46 +2948,18 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
</td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>CMAC
</td>
- <td>
- </td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>GMAC
</td>
- <td>
- </td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>KMAC
</td>
- <td>
- </td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>DRBG
@@ -3058,8 +2968,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
</td>
- <td>✓
- </td>
<td rowspan="3" >Issues with <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">SP 800-90C</a>.
<p>
All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>.
@@ -3072,8 +2980,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
</td>
- <td>✓
- </td>
</tr>
<tr>
<td>
@@ -3082,20 +2988,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
</td>
- <td>✓
- </td>
- </tr>
- <tr>
- <td>DRBG
- </td>
- <td>Testing
- </td>
- <td>SP 800-90
- </td>
- <td>✗
- </td>
- <td>Support DRBG health test as per current version of these standards: <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">A</a>, <a href="https://csrc.nist.gov/publications/detail/sp/800-90b/final">B</a> & <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">C</a>.
- </td>
</tr>
<tr>
<td>RSA
@@ -3104,8 +2996,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
</td>
- <td>✓
- </td>
<td>Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a>. PKCS#1.5, PSS, Key pair generation. Modulus size changes.
</td>
</tr>
@@ -3116,8 +3006,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a>
</td>
- <td>✓
- </td>
<td>OAEP. Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B rev-1</a> standard.
</td>
</tr>
@@ -3128,8 +3016,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a>
</td>
- <td>✓
- </td>
<td>Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard.
</td>
</tr>
@@ -3140,8 +3026,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a>
</td>
- <td>✓
- </td>
<td>Additional testing to meet ZZonly. CVL/KAS.
</td>
</tr>
@@ -3152,8 +3036,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
</td>
- <td>✓
- </td>
<td>PQG generation & verification, signature generation & verification, key pair generation.
</td>
</tr>
@@ -3164,8 +3046,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
</td>
- <td>✓
- </td>
<td>Key pair generation, public key generation, signature generation & verification.
</td>
</tr>
@@ -3176,8 +3056,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a>
</td>
- <td>✓
- </td>
<td>B-233, 283, 409, 571; K-233, 283, 409, 571; P-224, 256, 384, 521. Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard.
</td>
</tr>
@@ -3188,8 +3066,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a>
</td>
- <td>✓
- </td>
<td>Additional testing to meet ZZonly. CVL/KAS.
</td>
</tr>
@@ -3200,8 +3076,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td><a href="https://csrc.nist.gov/publications/detail/sp/800-132/final">SP 800-132</a>
</td>
- <td>✓
- </td>
<td>Verify conformance with standards. See <a href="https://github.com/openssl/openssl/pull/6674">#6674</a>.
</td>
</tr>
@@ -3210,84 +3084,42 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td>HKDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>SSKDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>SSHKDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>X9.42 KDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>X9.63 KDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>KBKDF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>
</td>
<td>TLS PRF
</td>
- <td>
- </td>
- <td>✓
- </td>
- <td>
- </td>
</tr>
<tr>
<td>TLS
@@ -3296,8 +3128,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
</td>
<td>
</td>
- <td>✓
- </td>
<td>For TLS 1.2 and 1.3.
</td>
</tr>
@@ -3326,5 +3156,3 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
[^6]: Property names are case insensitive even though only upper case
is depicted here.
-[^7]: Current from a CMVP perspective.
-
More information about the openssl-commits
mailing list