On Wed, Nov 14, 2012 at 4:21 PM, mclellan, dave <dave.mclel...@emc.com> wrote: > Thanks for that clarification. It's not so cut and dry, I see. > > About this: "... and don't even bother to build fipscanister.o"... Then on > what grounds could they claim FIPS compliance? Exactly ;)
And the more important question: how we test that we got what we paid for? > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton > Sent: Wednesday, November 14, 2012 3:57 PM > To: openssl-users@openssl.org > Subject: Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some > assertions > > On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave <dave.mclel...@emc.com> wrote: >> ... >> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) >> and I’d like to test out this set of assumptions (or maybe they are >> ‘assertions’) >> >> - In the context of OpenSSL, FIPS compliance is all about algorithm >> choice. In FIPS mode (FIPS_mode_set() returns success), weaker algorithms >> are disabled and OpenSSL returns an error if use of them is attempted in >> FIPS mode. >> >> - As long as one side of the connection insists that FIPS-approved >> algorithms be used, and as long as the other side is capable and agrees, >> then the two negotiate only a FIPS-approved algorithm. > This is not entirely correct. Its algorithm and application. For > example, MD5 is withdrawn so its no longer a FIPS approved algorithm > per se. However, its still allowed in SSL/TLS where its used as a PRF > (without the need for collision resistance). The MD5 and SSL/TLS > exemption is stated in NIST Special Publication 800-90. > > The TLS 1.0 and 1.1 KDF is approved when the following > conditions are satisfied: > (1) The TLS 1.0 and 1.1 KDF is performed in the context > of the TLS protocol. > (2) SHA-1 and HMAC are as specified in FIPS 180-3 and > 198-1, respectively. > > Note that MD5 and HMAC-MD5 shall not be used as a general > hash function or HMAC function, respectively. > > FIPS compliance/acceptance testing is another can of worms. I've been > in shops where the folks claim to be FIPS based on OpenSSL, yet they > don't even bother to build fipscanister.o. Sigh.... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
