fips-1.1 is "not available", fips-1.1.1 is "revoked", fips-1.1.2 is current (without DH), fips-1.2.0 is currently submitted for validation. Steve M (of the OSS Institute, which is the sponsor for the validation) stated that the fast-tracking of the fips-1.1.2 validation was possible because of the changes to the PRNG, but that the requirements for DH validation changed between the validation of 1.1.1 and 1.1.2. He has also stated that changes necessary for DH validation have been integrated into the 1.2.0 codebase. (Since I'm not intimately familiar with the code, I can't say one way or the other.)
However, the code that was submitted for validation as fips-1.2.0 can be found at ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz if you're interested in poking at it. -Kyle H On Tue, Jul 8, 2008 at 3:36 AM, Nilay Tripathi <[EMAIL PROTECTED]> wrote: > Thanks Kyle, > > Yes I was looking at fips-1.1.2 version only. > Can you help me with some information, whether FIPS compliance for DH in > openssl is available already in some other revision or expected in which > future release down the line. > > Also, since the generation of 'q' cyclic order public key does not look > deterministic to me, what is the approach which can be taken to tackle this > compliance issue. > > Appreciate your help!! > Nilay > > > On Tue, Jul 8, 2008 at 3:48 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: >> >> fips-1.1.2 does not have validation for Diffie-Hellmann. >> >> Which version are you looking at? >> >> -Kyle H >> >> On Tue, Jul 8, 2008 at 2:57 AM, Nilay Tripathi <[EMAIL PROTECTED]> >> wrote: >> > Hi All, >> > >> > I have a query regarding FIPS compliance for Diffie-Hellman api's in the >> > openssl stack. >> > >> > FIPS uses the recommendation for pairwise-key establishment schemes from >> > NIST. Document is SP800-56A. Rev.1 >> > >> > As per FIPS compliance requirement for DH, there are a couple of KAT >> > (Known Answer Test) specified in the aforementioned document (which are >> > specified in Sec. 5.6.2.4 and Sec. 5.7.1.1). >> > [Sec. 5.6.2.4 - FFC Full Public Key Validation] >> > [Sec. 5.7.1.1 - FFC DH Primitive] >> > >> > Generating 'p' randomly as a safe prime and using 'g' order as 5, the >> > keys generated are not consistently passing Sec 5.6.2.4 KAT test. The >> > public key does not fall into 'q' cyclic group where 'q' is defined as >> > [q=(p-1)/2] and is a prime number. >> > If I loop for few times I do get such generated values which passes this >> > KAT. But I was expecting that FIPS compliant DH api's in openssl stack >> > will generate and return only such values which satisfy this KAT. >> > >> > The only difference I found in normal and FIPS compliant DH code is that >> > in latter, FIPS_self_tests api is also called; which really doesn't help >> > in the issue noted above. >> > >> > I would really appreciate if anyone can throw some light on the state >> > and any development on this issue. >> > >> > Regards, >> > Nilay Tripathi >> > One Convergence >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
