Revert: "Put EdDSA back as approved algorithms." #20343
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paulidale
added
branch: master
github-actions
bot
added
the
severity: fips change
hlandau
removed
the
approval: otc review pending
|
They'll be back, just not for our first 140-3 validation 😞 |
slontis
added
approval: done
|
@paulidale Can you confirm what you meant by the statement 'NIST isn't allowing EdDSA at this stage after all, so remove it from the FIPS provider.' You have not removed it.. You have changed it to not have fips=true. |
This reverts commit 09627a8. NIST isn't allowing EdDSA at this stage after all, so flag it as not FIPS approved in the FIPS provider. Guidance for FIPS 140-3 is expected later this month: The use of EdDSA still remains non-approved. Before the FIPS 186-5 and SP 800-186 algorithms / curves can be used in the approved mode, the CMVP will need to do (at least) the following: * Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D; * Update IG 10.3.A to incorporate self-test requirements for the new algorithms/curves. * Write a new IG on this transition to clarify the issues raised in this thread and elsewhere and provide a clear transition schedule. The CMVP is working on all three of these items and hope to have drafts public by the end of March. Since security relevant changes are not permitted for new 140-2 submissions, and under the assumption that this transition away from FIPS 186-4 algorithms will be 'soft' and not move modules to the historical list, we do not plan on writing 140-2 guidance for this transition. It seems unlikely that all of these requirements will be completed before we submit.
paulidale
force-pushed
the
eddsa-continued
branch
from
a393257
to
5b9299d
Compare
|
Read the description which includes NIST's comments and you'll know as much as I do. I've updated what I wrote to indicate not approved rather than removed. |
|
Merged, thanks for the reviews. |
openssl-machine
pushed a commit
that referenced
this pull request
Feb 22, 2023
This reverts commit 09627a8. NIST isn't allowing EdDSA at this stage after all, so flag it as not FIPS approved in the FIPS provider. Guidance for FIPS 140-3 is expected later this month: The use of EdDSA still remains non-approved. Before the FIPS 186-5 and SP 800-186 algorithms / curves can be used in the approved mode, the CMVP will need to do (at least) the following: * Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D; * Update IG 10.3.A to incorporate self-test requirements for the new algorithms/curves. * Write a new IG on this transition to clarify the issues raised in this thread and elsewhere and provide a clear transition schedule. The CMVP is working on all three of these items and hope to have drafts public by the end of March. Since security relevant changes are not permitted for new 140-2 submissions, and under the assumption that this transition away from FIPS 186-4 algorithms will be 'soft' and not move modules to the historical list, we do not plan on writing 140-2 guidance for this transition. It seems unlikely that all of these requirements will be completed before we submit. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #20343)
openssl-machine
pushed a commit
that referenced
this pull request
Feb 22, 2023
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #20343)
openssl-machine
pushed a commit
that referenced
this pull request
Feb 22, 2023
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #20343)
openssl-machine
pushed a commit
that referenced
this pull request
Feb 22, 2023
This reverts commit 09627a8. NIST isn't allowing EdDSA at this stage after all, so flag it as not FIPS approved in the FIPS provider. Guidance for FIPS 140-3 is expected later this month: The use of EdDSA still remains non-approved. Before the FIPS 186-5 and SP 800-186 algorithms / curves can be used in the approved mode, the CMVP will need to do (at least) the following: * Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D; * Update IG 10.3.A to incorporate self-test requirements for the new algorithms/curves. * Write a new IG on this transition to clarify the issues raised in this thread and elsewhere and provide a clear transition schedule. The CMVP is working on all three of these items and hope to have drafts public by the end of March. Since security relevant changes are not permitted for new 140-2 submissions, and under the assumption that this transition away from FIPS 186-4 algorithms will be 'soft' and not move modules to the historical list, we do not plan on writing 140-2 guidance for this transition. It seems unlikely that all of these requirements will be completed before we submit. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #20343) (cherry picked from commit 759ab59)
|
@paulidale Do you need to look at the entries in encoders.inc and decoders.inc also? |
|
Outside the boundary 😁 |
not cryptographic algorithms - as it's pure mechanical data translation / marshaling |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NIST isn't allowing EdDSA at this stage after all, so make it non-FIPS in the FIPS provider. Guidance for FIPS 140-3 is expected later this month:
It seems unlikely that all of these requirements will be completed before we submit.