Re: [openssl-users] FIPS, continuous tests, and error reporting
On 02/19/2015 11:09 AM, Salz, Rich wrote: For instance, any of the void DES_*_encrypt(). This cursory observation is also supported by a vendor application code such as: Ah, okay. Those functions are 'just math' They depend on no external state. They can't fail. It's shifts and masking, etc. Which incidentally is true also of most of the FIPS 140-2 required KATs; they are tautological in the sense that they only way they can possibly fail is if the math is wrong, i.e. 1+1 != 2. Apparently in the dim mists of time from whence the basic FIPS 140-2 requirements originated, when cryptography was done with mechanical devices and dedicated discrete component electronics, such failures were a serious concern. So to this day in a FIPS module the POST does the equivalent of diligently confirming that 1+1=2, many times over. If one of those tautological tests *does* fail, then you have worse problems than a non-functioning FIPS module. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 02/19/15 11:34 Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting The low level cipher and digest APIs cannot be used in FIPS mode: you have to use EVP. That's quite an important point. It brings a question: how are the 'continuous' FIPS tests performed ? Are they automatically called at the beginning of an EVP_* method ? Do they run periodically in the background ? Both ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS, continuous tests, and error reporting
Hello, I have some questions regarding table '6b - Conditional Tests' of the 2.0.7 Security Policy. It is mentioned that there are continuous tests for stuck fault. Is the meaning of 'continuous' a the matter of frequency ? Or are these continuous tests ran each time an algorithm is used ? The document mentions: In the event of a DRBG self-test failure the calling application must... - how is the result communicated to the application ? For that matter and in a general sense, so far I've seen that many encryption methods do not return any error code. How does error reporting generally works ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
For that matter and in a general sense, so far I've seen that many encryption methods do not return any error code. How does error reporting generally works ? Really? Which ones? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
For instance, any of the void DES_*_encrypt(). This cursory observation is also supported by a vendor application code such as: Ah, okay. Those functions are 'just math' They depend on no external state. They can't fail. It's shifts and masking, etc. This is basically why I'm wondering about how errors propagate in the OpenSSL library. Functions that can fail return a status. Those that are just math are often void. There's an error stack where functions can put more detailed status, and it propagates; see ERR_get_error, ERR_clear_error, etc., for details. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
Hello, I have some questions regarding table '6b - Conditional Tests' of the 2.0.7 Security Policy. It is mentioned that there are continuous tests for stuck fault. Is the meaning of 'continuous' a the matter of frequency ? Or are these continuous tests ran each time an algorithm is used ? The CRNGT test is described in section 4.9.2 of FIPS 140-2. It is continuous in that it is applied to all the output of the RNG. The spec is absolutely not clear on what you do with a failure, nor is it an effective stuck at fault test. It is not present in the ISO equivalent spec, nor was it present in the drafts of the (now defunct) 140-3 draft. It is a data modifying test and has interest mathematical properties that raise concerns that it is something other than a stuck-at test. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
On Thu, Feb 19, 2015, jonetsu wrote: -Original Message- From: Salz, Rich rs...@akamai.com To: openssl-users@openssl.org Date: 02/19/15 07:43 Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting For that matter and in a general sense, so far I've seen that many encryption methods do not return any error code. How does error reporting generally works ? Really? Which ones? For instance, any of the void DES_*_encrypt(). This cursory observation is also supported by a vendor application code such as: The low level cipher and digest APIs cannot be used in FIPS mode: you have to use EVP. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS, continuous tests, and error reporting
-Original Message- From: Salz, Rich rs...@akamai.com To: openssl-users@openssl.org Date: 02/19/15 07:43 Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting For that matter and in a general sense, so far I've seen that many encryption methods do not return any error code. How does error reporting generally works ? Really? Which ones? For instance, any of the void DES_*_encrypt(). This cursory observation is also supported by a vendor application code such as: static void des_encrypt(char key1[8], char key2[8], char key3[8], char ivec[8], char *input, char *output, int len, int encrypt) { [snip] DES_set_key(des_key1, schedule1); DES_set_key(des_key2, schedule2); DES_set_key(des_key3, schedule3); DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, len, schedule1, schedule2, schedule3, des_ivec, encrypt); } This is basically why I'm wondering about how errors propagate in the OpenSSL library. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users