DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway)
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Jakuje
	Mar 1 2023, 3:36 PM

Description

IG D.R says

"The new validations, or any revalidations that extend the module’s sunset date, submitted more than one year after the publication date of this IG (i.e., May 16, 2023) shall only use SHA-1, SHA-256 or SHA-512 in Hash_DRBG and HMAC_DRBG."

The current implementation in libgcrypt has SHA384 defines, but does not have them in the parse_flag_string() function so my though is that these can not be enabled (unless somebody would instantiate the drbg with flags created outside of the module, which I believe is not possible). Can you confirm this is the case?

For clarity, it would be good to remove the SHA384 flags altogether in the long term.

Details

Version: master, 1.10.x

Revisions and Commits

rC libgcrypt
	rC45b80678109e random: Remove unused SHA384 DRBGs.

Related Objects

Mentioned In: T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt

Event Timeline

Jakuje created this task.Mar 1 2023, 3:36 PM

Jakuje mentioned this in T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt.Mar 1 2023, 7:57 PM

• werner triaged this task as Normal priority.Mar 2 2023, 11:44 AM

You are right, there is no way to use DRBG with SHA384 by libgcrypt.

• gniibe added a commit: rC45b80678109e: random: Remove unused SHA384 DRBGs..Mar 7 2023, 7:33 AM

Applied your patch (from gitlab) to both (master and 1.10).

• gniibe moved this task from Backlog to Next on the FIPS board.Mar 7 2023, 7:34 AM

• gniibe changed the task status from Open to Testing.Mar 8 2023, 1:47 AM

• gniibe moved this task from Next to Ready for release on the FIPS board.

Fixed in 1.10.2.