I wish to make it very clear that in this message I am speaking solely as
an individual, and do not represent my employer or its views in any way at
all.
> We don't know the full story behind this yet, and perhaps never will. As
> John Weathersby noted in the article, "This is not about technology".
This is baloney.
The "boundary" around the formerly-validated code was completely wrong --
a simple analysis showed that code within the "FIPS container" called code
outside the container. A sample program showed how this led to trivial
breaks in security. I have seen a document that had this analysis, and
included a sample program that printed all private keys to the screen and
when asked for random numbers always returned the same value. I know this
document was given to the module authors and the validation lab. The
authors ignored this and also convinced the validation lab to ignore it.
The lab (I'm really glad they're not a subsidiary of my employer any more)
trusted the vendor; had they performed the most basic due diligence --
compile the program! -- they would have seen that the code should not have
passed. Hell, 'nm fipscanister.o | fgrep U' would have shown it!
There were other problems as well. For example, the DES/3DES self-test did
not test encryption. Even worse, the implementation tested isn't the one
used by the public API's. (OpenSSL includes multiple DES/3DES
implementations.)
Open source is not magic pixie dust that allows you to ignore basic
reality. The certified code had serious flaws that were known to the
parties involved in certification, yet they went ahead anyway. CMVP did
the right thing. Can you imagine the damage that could have been done if
either critical systems were built using that code, or if a true enemy of
the open source movement published the sample code after it had widespread
use?
It greatly saddens me to say this, but unless there are significant
changes in the process and/or participants, I will continue to advise
anyone who wants to rely on a FIPS-ccertified OpenSSL that it is not safe
to do so.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
