RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions

Wed, 14 Nov 2012 13:23:32 -0800 

Thanks for that clarification.   It's not so cut and dry, I see. 

About this: "... and don't even bother to build fipscanister.o"... Then on what 
grounds could they claim FIPS compliance? 

Dave 

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jeffrey Walton
Sent: Wednesday, November 14, 2012 3:57 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some 
assertions

On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave <dave.mclel...@emc.com> wrote:
> ...
> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
> and I’d like to test out this set of assumptions (or maybe they are
> ‘assertions’)
>
> -          In the context of OpenSSL, FIPS compliance is all about algorithm
> choice.   In FIPS mode (FIPS_mode_set() returns success), weaker algorithms
> are disabled and OpenSSL returns an error if use of them is attempted in
> FIPS mode.
>
> -          As long as one side of the connection insists that FIPS-approved
> algorithms be used, and as long as the other side is capable and agrees,
> then the two negotiate only a FIPS-approved algorithm.
This is not entirely correct. Its algorithm and application. For
example, MD5 is withdrawn so its no longer a FIPS approved algorithm
per se. However, its still allowed in SSL/TLS where its used as a PRF
(without the need for collision resistance). The MD5 and SSL/TLS
exemption is stated in NIST Special Publication 800-90.

    The TLS 1.0 and 1.1 KDF is approved when the following
    conditions are satisfied:
        (1) The TLS 1.0 and 1.1 KDF is performed in the context
             of the TLS protocol.
        (2) SHA-1 and HMAC are as specified in FIPS 180-3 and
            198-1, respectively.

    Note that MD5 and HMAC-MD5 shall not be used as a general
    hash function or HMAC function, respectively.

FIPS compliance/acceptance testing is another can of worms. I've been
in shops where the folks claim to be FIPS based on OpenSSL, yet they
don't even bother to build fipscanister.o. Sigh....

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

:��I"Ϯ��r�m����
(����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���

Reply via email to