Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Thor Lancelot Simon
On Tue, Dec 11, 2007 at 04:00:42PM -0500, Leichter, Jerry wrote: | It is, of course, the height of irony that the bug was introduced in | the very process, and for the very purpose, of attaining FIPS | compliance! | | But also to be expected, because the feature in question is |

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Thu, Dec 13, 2007 at 08:29:47PM -0500, Thor Lancelot Simon wrote: In fact, I was in the middle of a FIPS-140 certification at level 2 a number of years ago when the Known Answer Test for the X9.17 block cipher based PRNG was introduced. One unanticipated side effect of this test was to

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Thor Lancelot Simon
On Fri, Dec 14, 2007 at 08:33:16AM -0800, Joshua Hill wrote: You may be confusing the requirements for a KAT which is a power-up health check on all of the deterministic components of the PRNG (which is run on power-up and requires that you fix all the inputs to some specific known value and

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Fri, Dec 14, 2007 at 01:27:57PM -0500, Thor Lancelot Simon wrote: The PRNG test which requires DT to be run as a monotonic counter is, in fact, a known-answer test. The variable seed test portion of CAVS testing specifies a DT of 0 in all cases and only one round is run for each seed, so

Re: Flaws in OpenSSL FIPS Object Module

2007-12-13 Thread Leichter, Jerry
| It is, of course, the height of irony that the bug was introduced in | the very process, and for the very purpose, of attaining FIPS | compliance! | | But also to be expected, because the feature in question is | unnatural: the software needs a testable PRNG to pass the compliance | tests,

Re: Flaws in OpenSSL FIPS Object Module

2007-12-11 Thread Steven M. Bellovin
On Mon, 10 Dec 2007 11:27:10 -0500 Vin McLellan [EMAIL PROTECTED] wrote: What does it say about the integrity of the FIPS program, and its CMTL evaluation process, when it is left to competitors to point out non-compliance of evaluated products -- proprietary or open source -- to basic

Re: Flaws in OpenSSL FIPS Object Module

2007-12-11 Thread Ed Gerck
Vin McLellan wrote: What does it say about the integrity of the FIPS program, and its CMTL evaluation process, when it is left to competitors to point out non-compliance of evaluated products -- proprietary or open source -- to basic architectural requirements of the standard? Enter

Re: Flaws in OpenSSL FIPS Object Module

2007-12-11 Thread Leichter, Jerry
| What does it say about the integrity of the FIPS program, and its CMTL | evaluation process, when it is left to competitors to point out | non-compliance of evaluated products -- proprietary or open source -- | to basic architectural requirements of the standard? I was going to ask the same