fips: remove P-192 #24195
fips: remove P-192 #24195
Conversation
prime192v1 (P-192) is allowed for signature verification and key pair verification but not for signature generation. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
github-actions
bot
added
the
severity: fips change
t8m
added
hold: need otc decision
|
I don't think we can remove this outright. |
It will still be available in regular builds, just not in FIPS provider. The other approach is to patch security checks to allow it for just verification. But that still is the same net result that somebody is using it and will be broken. Or add indicators.... But that's also questionable, as most software doesn't actually check for those. I mean. Transition to 128bit requirements from 2030 will be fun. |
Yes to this. But we also require a bypass mechanism that uses explicit indicators. |
|
OTC: This cannot be a hard removal. It will need an indicator implemented as in the indicators requirements PR. Indicator requirements PR: #23609 |
Ack. I'm not interested to implement an indicator though. Would a compile time option be acceptable with an implicit indicator? I.e. |
I think it would have to be something more general than just for this particular curve. Also it should have fips in the name as it would be really awkward to remove just this curve. Or... maybe what about |
ACK. We will sort of have an impeding 128bit transition too. Which will sort of be either raising security level; or checking all the security bits. Because that would allow to drop SHA1 (haha) SHA2-224 (easy) SHA3-224 (trivial) P-192 and so on. |
In recent NIST standards P-192 now has legacy status for verification only, remove it from FIPS module.
Note, I don't believe it ever was popular. Thus I'm not sure it is needed to support "verification-only" mode of P-192 in the FIPS module.
Related: 24193
Checklist