On Thu, Dec 23, 2010 at 5:56 PM, <aerow...@gmail.com> wrote: > OPENSSL_FIPS=1 causes openssl to invoke FIPS_mode_set(1). Once that occurs, > MD5 is a prohibited algorithm unless it's explicitly limited to the TLSv1 > PRF (and that only because SHA is also used). If an MD5 operation completes > successfully, it's not a FIPS canister that's running the cryptography. > > In other words: If it's FIPS, it will refuse to do it. If it doesn't refuse > to do it, it's not FIPS. Ok. Suppose you download or purchase a component from a company that claims to offer FIPS validated implementation using OpenSSL sources. I'm not clear how "OPENSSL_FIPS=1" verifies the claim of FIPS validation on the binaries.
> I agree that a differentiated string would be nice, but that's not something > that's going to really help the underlying problem of people (like those > companies) lying. Doveryai, no proveryai: trust, but verify. Unfortunately, corporate America (among others) cannot be trusted. The recent economic meltdown is a perfect example: collapsing an economy is usually an act of war carried out by covert agencies. In the case of US financial institutions, it was business as usual because the industry bribes the US congress (err, makes PAC contributions). Since there are no consequences for the actions, the behavior will continue. > Looking at it pragmatically: as a client, one can either > base the decision on declaration or on demonstrable, observable, and > well-defined behavior. A better perspective might be to look at it from a practical standpoint in the context of acceptance testing and quality assurance Perhaps the process should require presenting fipscanister.o and compiler/version statement in addition to the resulting binary. If a company claims a FIPS validated module, I can always compile the canister using GCC X.Y.Z (or whatever compiler) and reproduce the object file, and then search for the bits in the resulting binary. The final test would simply be a breakpoint on FIPS_mode_set under GDB to ensure the function was called. Jeff > > On Thu, Dec 23, 2010 at 1:40 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> On Thu, Dec 23, 2010 at 3:35 PM, <aerow...@gmail.com> wrote: >>> >>> Export the environment variable OPENSSL_FIPS=1, and then try openssl md5? >>> >> I am aware of two companies which are (were?) claiming a FIPS >> validated module via OpenSSL sources, but not building the canister. >> For completeness, the companies may have fixed the issues with their >> internal build and compliance processes. >> >> I believe something stronger is needed to audit vendor provided binaries. >> >> Jeff >> >>> >>> On Tue, Dec 21, 2010 at 1:04 PM, Zamora, Robert >>> <robert.zam...@serco-na.com> >>> wrote: >>>> >>>> Is there a way to determine if OpenSSL binaries were compiled with the >>>> FIPS "certified" module v1.2.x ? Compiling OpenSSL FIPS test module >>>> gives >>>> me the same results using fips_test_suite. >>>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
