crypto: rollback BoringCrypto fips-20220613 update

[FiloSottile]

Following the discussion at #62372, we decided to upgrade to the fips-20220613 module, weighting the compliance risk of an In Review module against the NIST SP 800-52 Rev. 2 TLS 1.3 requirement. The change was applied in #64717.

Since then, it was pointed out that NIST SP 800-52 is only intended for US government users, so it only affects a small subset of FIPS 140 users, if any.

these guidelines are primarily designed for federal users and system administrators to adequately protect sensitive but unclassified U.S. Federal Government data against serious threats on the Internet

Agencies shall support TLS 1.3 by January 1, 2024. After this date, servers shall support TLS 1.3 for both government-only and citizen or business-facing applications.

Also considering that, it was decided to wait until the fips-20220613 certificate is available to update.

As a reminder, Go+BoringCrypto (GOEXPERIMENT=boringcrypto) is not officially supported and users should independently assess its suitability for any compliance goal. The reasoning shared above is informational.

/cc @golang/release for the late change. Note that the rollback only affects GOEXPERIMENT=boringcrypto files or code paths.

/cc @golang/security

[FiloSottile]

@gopherbot please open backport issues for Go 1.20, Go 1.21, and Go 1.22 (if that works).

This is rolling back the #64717 cherry-picks.

[gopherbot]

Backport issue(s) opened: #65322 (for 1.20), #65323 (for 1.21), #65324 (for 1.22).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/558796 mentions this issue: Revert "crypto/internal/boring: upgrade module to fips-20220613" +1

[gopherbot]

Change https://go.dev/cl/558797 mentions this issue: [release-branch.go1.22] Revert "crypto/internal/boring: upgrade module to fips-20220613" +1

[gopherbot]

Change https://go.dev/cl/560275 mentions this issue: [release-branch.go1.21] Revert "crypto/internal/boring: upgrade module to fips-20220613" +1

[gopherbot]

Change https://go.dev/cl/560276 mentions this issue: [release-branch.go1.20] Revert "crypto/internal/boring: upgrade module to fips-20220613" +1

[HakanSunay]

@FiloSottile are there any plans for the reintroduction of this change in the foreseeable future?

[reedloden]

@FiloSottile are there any plans for the reintroduction of this change in the foreseeable future?

That depends on when NIST CMVP approves the new BoringCrypto module, which is outside the hands of the Go team.

You can follow along here (search for "BoringCrypto"). Once it disappears from that list and shows up here, then the change can be re-introduced.

[HakanSunay]

@FiloSottile are there any plans for the reintroduction of this change in the foreseeable future?

That depends on when NIST CMVP approves the new BoringCrypto module, which is outside the hands of the Go team.

You can follow along here (search for "BoringCrypto"). Once it disappears from that list and shows up here, then the change can be re-introduced.

@reedloden, @FiloSottile if I am not mistaken, the certificate has been issued very recently 🎉
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4735

[cwayne18]

@FiloSottile is there any plan to bring this back now that the cert has been issued? Or is the current plan to have 140-3 compliance only for 1.24+?

[rolandshoemaker]

This change was re-submitted in August once the cert was finalized (https://go.dev/cl/603375), it should land in Go 1.24, scheduled for ~Feb 2025. We've not thought much about backporting it.

[cwayne18]

Is there any specific way to express interest in having it backported (filing an issue/PR) or is this something the team would decide on internally?

[ianlancetaylor]

The backporting guidelines are at https://go.dev/wiki/MinorReleases.

[FiloSottile]

Note that this is a bigger change than we would normally backport, so there would need to be a very compelling reason. (See also #69536 for the general direction we're hoping to take with regards to FIPS compliance.)