3.0 design: remove the compliance column.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/205)

diff --git a/docs/OpenSSL300Design.md b/docs/OpenSSL300Design.md
index 6aab23aa7b194b39462d74cba9d45c85fc3d14a4..ae234f464b81fee55f847e75ee19b18caa8a871f 100644 (file)
--- a/docs/OpenSSL300Design.md
+++ b/docs/OpenSSL300Design.md
@@ -2756,8 +2756,6 @@ The algorithms which are to be included in the FIPS module are:
    </td>
    <td><strong>Standard</strong>
    </td>
-   <td><strong>Compliant</strong>[^7]<strong> </strong>
-   </td>
    <td><strong>Notes</strong>
    </td>
   </tr>
@@ -2768,8 +2766,6 @@ The algorithms which are to be included in the FIPS module are:
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a>
    </td>
-   <td>✓
-   </td>
    <td rowspan="2" >Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final">SP 800-67rev2</a>. \
  \
 TDES support being decryption only (from 2020) and banned (from 2025). \
@@ -2786,8 +2782,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02">FIPS 81</a>
    </td>
-   <td>✓
-   </td>
   </tr>
   <tr>
    <td>AES
@@ -2796,8 +2790,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
    </td>
-   <td>✓
-   </td>
    <td>All AES cipher modes supporting 128, 192 and 256 bits.
    </td>
   </tr>
@@ -2808,8 +2800,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td>
    </td>
-   <td>✓
-   </td>
    <td>
    </td>
   </tr>
@@ -2820,8 +2810,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38c/final">SP 800-38C</a>
    </td>
-   <td>✓
-   </td>
    <td>
    </td>
   </tr>
@@ -2832,8 +2820,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
    </td>
-   <td>✓
-   </td>
    <td>
    </td>
   </tr>
@@ -2844,8 +2830,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
    </td>
-   <td>✓
-   </td>
    <td>
    </td>
   </tr>
@@ -2856,8 +2840,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
    </td>
-   <td>✓
-   </td>
    <td>
    </td>
   </tr>
@@ -2868,10 +2850,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a>
    </td>
-   <td>✓
-   </td>
-   <td>Changes in IV. Module must generate the IV.
-   </td>
   </tr>
   <tr>
    <td>
@@ -2880,10 +2858,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">SP 800-38D</a>
    </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
@@ -2892,10 +2866,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">SP 800-38A</a>
    </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
@@ -2904,8 +2874,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38e/final">SP 800-38E</a>
    </td>
-   <td>✓
-   </td>
    <td>See <a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf">FIPS 140-2 I.G.</a> A.9.  Needs key check added.  This mode does not support 192 bits.  Check added by <a href="https://github.com/openssl/openssl/pull/7120">#7120</a>.
    </td>
   </tr>
@@ -2916,8 +2884,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a>
    </td>
-   <td>✓
-   </td>
    <td rowspan="2" >Differences from standard but within it.
    </td>
   </tr>
@@ -2928,8 +2894,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-38f/final">SP 800-38F</a>
    </td>
-   <td>✓
-   </td>
   </tr>
   <tr>
    <td>Hash
@@ -2938,10 +2902,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
    </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
@@ -2950,8 +2910,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
    </td>
-   <td>✓
-   </td>
    <td>224, 256, 384, 512.
    </td>
   </tr>
@@ -2962,9 +2920,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4</a>
    </td>
-   <td>✓
-   </td>
-   <td>512/224, 512/256.  Appear to be compliant.
+   <td>512/224, 512/256.
    </td>
   </tr>
   <tr>
@@ -2974,9 +2930,7 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202</a>
    </td>
-   <td>✓
-   </td>
-   <td>224, 256, 384, 512.  Appear to be compliant.
+   <td>224, 256, 384, 512.
    </td>
   </tr>
   <tr>
@@ -2986,10 +2940,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
    </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
@@ -2998,8 +2948,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
    </td>
-   <td>✓
-   </td>
    <td>224, 256, 384, 512.
    </td>
   </tr>
@@ -3010,46 +2958,18 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://www.nist.gov/publications/keyed-hash-message-authentication-code-hmac-0?pub_id=901614">FIPS 198-1</a>
    </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>CMAC
    </td>
-   <td>
-   </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>GMAC
    </td>
-   <td>
-   </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>KMAC
    </td>
-   <td>
-   </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>DRBG
@@ -3058,8 +2978,6 @@ Security Policy statement regarding the <a href="https://csrc.nist.gov/publicati
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
    </td>
-   <td>✓
-   </td>
    <td rowspan="3" >Issues with <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">SP 800-90C</a>.
 <p>
 All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>.
@@ -3072,8 +2990,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
    </td>
-   <td>✓
-   </td>
   </tr>
   <tr>
    <td>
@@ -3082,8 +2998,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">SP 800-90A</a>
    </td>
-   <td>✓
-   </td>
   </tr>
   <tr>
    <td>DRBG
@@ -3092,8 +3006,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td>SP 800-90
    </td>
-   <td>✗
-   </td>
    <td>Support DRBG health test as per current version of these standards: <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final">A</a>, <a href="https://csrc.nist.gov/publications/detail/sp/800-90b/final">B</a> & <a href="https://csrc.nist.gov/publications/detail/sp/800-90c/draft">C</a>.
    </td>
   </tr>
@@ -3104,8 +3016,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
    </td>
-   <td>✓
-   </td>
    <td>Refer also to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a>.  PKCS#1.5, PSS, Key pair generation.  Modulus size changes.
    </td>
   </tr>
@@ -3116,8 +3026,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B</a>
    </td>
-   <td>✓
-   </td>
    <td>OAEP.  Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft">SP 800-56B rev-1</a> standard.
    </td>
   </tr>
@@ -3128,8 +3036,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a>
    </td>
-   <td>✓
-   </td>
    <td>Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard.
    </td>
   </tr>
@@ -3140,8 +3046,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a>
    </td>
-   <td>✓
-   </td>
    <td>Additional testing to meet ZZonly.  CVL/KAS.
    </td>
   </tr>
@@ -3152,8 +3056,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
    </td>
-   <td>✓
-   </td>
    <td>PQG generation & verification, signature generation & verification, key pair generation.
    </td>
   </tr>
@@ -3164,8 +3066,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">FIPS 186-4</a>
    </td>
-   <td>✓
-   </td>
    <td>Key pair generation, public key generation, signature generation & verification.
    </td>
   </tr>
@@ -3176,8 +3076,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A</a>
    </td>
-   <td>✓
-   </td>
    <td>B-233, 283, 409, 571; K-233, 283, 409, 571; P-224, 256, 384, 521.  Update to <a href="https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final">SP 800-56A rev-3</a> standard.
    </td>
   </tr>
@@ -3188,8 +3086,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/keymgmt/KASVS.pdf">KASVS</a>
    </td>
-   <td>✓
-   </td>
    <td>Additional testing to meet ZZonly.  CVL/KAS.
    </td>
   </tr>
@@ -3200,8 +3096,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td><a href="https://csrc.nist.gov/publications/detail/sp/800-132/final">SP 800-132</a>
    </td>
-   <td>✓
-   </td>
    <td>Verify conformance with standards.  See <a href="https://github.com/openssl/openssl/pull/6674">#6674</a>.
    </td>
   </tr>
@@ -3210,84 +3104,42 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td>HKDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>SSKDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>SSHKDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>X9.42 KDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>X9.63 KDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>KBKDF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>
    </td>
    <td>TLS PRF
    </td>
-   <td>
-   </td>
-   <td>✓
-   </td>
-   <td>
-   </td>
   </tr>
   <tr>
    <td>TLS
@@ -3296,8 +3148,6 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
    </td>
    <td>
    </td>
-   <td>✓
-   </td>
    <td>For TLS 1.2 and 1.3.
    </td>
   </tr>
@@ -3326,5 +3176,3 @@ All comply with <a href="https://csrc.nist.gov/publications/detail/sp/800-90a/re
 [^6]: Property names are case insensitive even though only upper case
     is depicted here.
 
-[^7]: Current from a CMVP perspective.
-