Re: OpenSSL FIPS Object Module v1.2
On 03/08/2012 08:49 PM, Ashit Vora wrote: Steve, First let me clarify that it isn't my intent to challenge OpenSSL validation. In fact the reason I started down this path is because I have a product that uses v1.2 and needs to claim FIPS compliance. I cannot legitimately make that claim if v1.2 is not listed. However I have sent a query to CMVP to get clarification. If CMVP says I am mistaken, I will be extremely happy. Only the CMVP can speak authoritatively about FIPS 140-2, so filing an challenge with them is exactly the right thing to do if you have concerns. It's always possible that the judgment of two test labs (and myself) was completely wrong. In the meantime, your response did not address the CMVP FAQ I pointed to which backs up what I am saying. I am reproducing it here again: ///When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated. /This clearly indicates that the CMVP website is the official source of validation information. This infers that the version listed on the validation website is the validated version. Do you interpret this differently? I do, in that I do not see revocation or repudiation of any previously validated modules for validation #1051. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
Steve, Please see response from Randy (CMVP Director) below. It clearly indicates older versions (including v1.2) are no longer considered validated since they are not listed on the website: *Ashit, You can always view the change history by downloading the CMVP Validation DB from: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140-1val.zip For Cert. #1051: 11/20/09: Added new OS and updated Security Policy. 12/08/10: Replaced SW v1.2.2 and updated Security Policy. 05/12/11: Replaced SW 1.2.2 with 1.2.3, added OE Android 2.2 (gcc Compiler Version 4.4.0); VxWorks 6.7 (gcc Compiler Version 4.1.2), added Triple-DES #1011 and #1066, AES #1534 and #1630, DSA #475 and #512, SHS #1362 and #1435, HMAC #892 and #957, RSA #745 and #804, RNG #826 and #873, and updated Security Policy. 03/07/12: Added OEs Wind River 1.4 (gcc Compiler Version 3.4.0) and Wind River 4.0 (gcc Compiler Version 4.4.1). Added Triple-DES #1259, AES #1933, DSA #616, SHS #1698, HMAC #1167, RSA #999 and RNG #1018. Updated security policy. The vendor/testing laboratory indicates when a change request is sent to the CMVP, whether the new version is added to the current or replaces the current. As the lab/vendor knows, validation is version specific. So if they replace a version, that means anyone who has that version now has a non-validated version. We usually ask the lab when they ask for a replacement to make sure they know what they are asking. So for this module, only v1.2.3 is valid. I cannot provide additional details regarding the nature of the change requests themselves as that is proprietary information. Suggest you may ask the vendor. Randy Randall J. Easter Director Cryptographic Module Validation Program (CMVP) - NIST Computer Security Division - Security Testing, Validation and Measurement Group 100 Bureau Drive, Suite 8930 Gaithersburg, MD 20899 301-975-4641 (Voice) 301-975-4007 (FAX) www.nist.gov/cmvp* Given this do you plan to get the certificate updated with older version (I really care about v1.2 only right now)? Thanks! -Ashit On Fri, Mar 9, 2012 at 7:34 AM, Steve Marquess marqu...@opensslfoundation.com wrote: On 03/08/2012 08:49 PM, Ashit Vora wrote: Steve, First let me clarify that it isn't my intent to challenge OpenSSL validation. In fact the reason I started down this path is because I have a product that uses v1.2 and needs to claim FIPS compliance. I cannot legitimately make that claim if v1.2 is not listed. However I have sent a query to CMVP to get clarification. If CMVP says I am mistaken, I will be extremely happy. Only the CMVP can speak authoritatively about FIPS 140-2, so filing an challenge with them is exactly the right thing to do if you have concerns. It's always possible that the judgment of two test labs (and myself) was completely wrong. In the meantime, your response did not address the CMVP FAQ I pointed to which backs up what I am saying. I am reproducing it here again: ///When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated. /This clearly indicates that the CMVP website is the official source of validation information. This infers that the version listed on the validation website is the validated version. Do you interpret this differently? I do, in that I do not see revocation or repudiation of any previously validated modules for validation #1051. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net
Re: OpenSSL FIPS Object Module v1.2
On 03/09/2012 11:18 AM, Ashit Vora wrote: Steve, Please see response from Randy (CMVP Director) below. It clearly indicates older versions (including v1.2) are no longer considered validated since they are not listed on the website: Randy is the man, so I stand corrected. A huge number of deployed validated modules are now not validated (or rather are revealed to have been so for years). We have a new change letter in the works, so when we submit that revised Security Policy we'll put a statement in it to the effect that previous revisions of the module remain valid. I'll also check with that test lab and see if we can add that wording sooner as this particular change letter is progressing slowly due to technical issues with the new platform. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
Thanks Steve. I will look out for the update on the CMVP webpage. -Ashit On Fri, Mar 9, 2012 at 1:12 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 03/09/2012 11:18 AM, Ashit Vora wrote: Steve, Please see response from Randy (CMVP Director) below. It clearly indicates older versions (including v1.2) are no longer considered validated since they are not listed on the website: Randy is the man, so I stand corrected. A huge number of deployed validated modules are now not validated (or rather are revealed to have been so for years). We have a new change letter in the works, so when we submit that revised Security Policy we'll put a statement in it to the effect that previous revisions of the module remain valid. I'll also check with that test lab and see if we can add that wording sooner as this particular change letter is progressing slowly due to technical issues with the new platform. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net
Re: OpenSSL FIPS Object Module v1.2
On 03/08/2012 01:43 PM, Ashit Vora wrote: Hello, I searched the archives but did not find the answer to this question. What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed as FIPS validated? It seems only v1.2.3 is now listed: That's because the original validation #1051 has been extended to include additional platforms. Each such extension resulting in a change to the software (each set of extensions, actually) results in an incremented module revision number, now at 1.2.3. The functionality of revision 1.2.3 completely subsumes that of prior revisions, hence reference to those has been dropped. There is no reason to use any earlier revisions for any new product development or deployment, but deployed instances of earlier revisions remain valid. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
Thanks Steve. This makes sense (i.e. newer versions subsuming older versions). However given that 1.2 is no longer listed on the NIST website, that version can no longer be considered FIPS validated. This is an issue for deployed products that have depended on v1.2 for FIPS compliance. -Ashit On Thu, Mar 8, 2012 at 3:46 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 03/08/2012 01:43 PM, Ashit Vora wrote: Hello, I searched the archives but did not find the answer to this question. What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed as FIPS validated? It seems only v1.2.3 is now listed: That's because the original validation #1051 has been extended to include additional platforms. Each such extension resulting in a change to the software (each set of extensions, actually) results in an incremented module revision number, now at 1.2.3. The functionality of revision 1.2.3 completely subsumes that of prior revisions, hence reference to those has been dropped. There is no reason to use any earlier revisions for any new product development or deployment, but deployed instances of earlier revisions remain valid. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net
Re: OpenSSL FIPS Object Module v1.2
On 03/08/2012 04:05 PM, Ashit Vora wrote: Thanks Steve. This makes sense (i.e. newer versions subsuming older versions). However given that 1.2 is no longer listed on the NIST website, that version can no longer be considered FIPS validated. This is an issue for deployed products that have depended on v1.2 for FIPS compliance. Well, I disagree. Though I will be the first to note that only the CMVP is in a position to make any authoritative pronouncements. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
On 03/08/2012 05:12 PM, Steve Marquess wrote: On 03/08/2012 04:05 PM, Ashit Vora wrote: Thanks Steve. This makes sense (i.e. newer versions subsuming older versions). However given that 1.2 is no longer listed on the NIST website, that version can no longer be considered FIPS validated. This is an issue for deployed products that have depended on v1.2 for FIPS compliance. Well, I disagree. Though I will be the first to note that only the CMVP is in a position to make any authoritative pronouncements. I should also point out that the certificate still references the original revision number 1.2: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1051.pdf -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
Regarding the certificate, it will never be updated. Whenever the CMVP updates a listing because of a change letter process (IG G.5 scenario 1) they only update the website listing. They never update the certificate. The understanding is that the website listing supersedes the certificate. Please see CMVP FAQ ( http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf) section 5.9, If the CMVP validation web site does not match the posted certificate, which is valid?: * When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated.* Also note that the security policy that is currently linked to on the website only mentions 1.2.3 as the validated module. There is no mention 1.2. All of this points to the conclusion that 1.2 is not FIPS validated currently. If the intention was to not remove 1.2, I would highly recommend contacting your FIPS laboratory and getting it changed. It would be quite simple to change this. My suspicion is that when the laboratory submitted the change letter they forgot to include 1.2 in the list of changes required to the validation. As such CMVP removed 1.2 listing. Thanks! -Ashit On Thu, Mar 8, 2012 at 5:32 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 03/08/2012 05:12 PM, Steve Marquess wrote: On 03/08/2012 04:05 PM, Ashit Vora wrote: Thanks Steve. This makes sense (i.e. newer versions subsuming older versions). However given that 1.2 is no longer listed on the NIST website, that version can no longer be considered FIPS validated. This is an issue for deployed products that have depended on v1.2 for FIPS compliance. Well, I disagree. Though I will be the first to note that only the CMVP is in a position to make any authoritative pronouncements. I should also point out that the certificate still references the original revision number 1.2: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1051.pdf -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net
Re: OpenSSL FIPS Object Module v1.2
On 03/08/2012 06:09 PM, Ashit Vora wrote: Regarding the certificate, it will never be updated. Whenever the CMVP updates a listing because of a change letter process (IG G.5 scenario 1) they only update the website listing. They never update the certificate. The understanding is that the website listing supersedes the certificate. Please see CMVP FAQ (http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf) section 5.9, If the CMVP validation web site does not match the posted certificate, which is valid?: / When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated./ Also note that the security policy that is currently linked to on the website only mentions 1.2.3 as the validated module. There is no mention 1.2. It is mentioned: ...The v1.2.3 Module can be used in any environment supported by the earlier v1.2 Module.. I can see where you may have been confused by that and the statement Note that the OpenSSL FIPS Object Module v1.2.3 completely replaces the earlier OpenSSL FIPS Object Module v1.2., but those refers to the functional completeness of the modified module (the fact that there is no OE for which only an earlier revision works); *not* the legitimacy of the original validation. All of this points to the conclusion that 1.2 is not FIPS validated currently. Sorry, I still disagree. Of course the certificate isn't updated, that was my point (and now no individual certificate is issued at all). A change letter mod is an update to an existing validation, not a new validation. Only the new changed element(s) are considered and previous validation review and testing is not repeated. For instance, the most recent mod was to add two new platforms. None of the prior OE testing, or source code or document review was repeated, because all of that prior testing remains valid. Ditto for the earlier mods. By your theory all of the hundreds of thousands (millions...?) of deployed instances of the 1.2, 1.2.1, 1.2.2 modules have retroactively become illegitimate -- a significant fraction of all deployed FIPS 140-2 validated software. I do not believe that is the case and I leave it to you to prove otherwise by filing an objection with the CMVP (yes, anyone can challenge the legitimacy of our validations and that was in fact done a number of times for the early OpenSSL FIPS Object Module Validations). If the intention was to not remove 1.2, I would highly recommend contacting your FIPS laboratory and getting it changed. It would be quite simple to change this. My suspicion is that when the laboratory submitted the change letter they forgot to include 1.2 in the list of changes required to the validation. As such CMVP removed 1.2 listing. We did not forget anything, for any of the change letter mods (via multiple labs, incidentally). The updates were all carefully designed to be strictly cumulative, differing only in the addition of new OEs with newer revisions subsuming but not invalidating earlier ones. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module v1.2
Steve, First let me clarify that it isn't my intent to challenge OpenSSL validation. In fact the reason I started down this path is because I have a product that uses v1.2 and needs to claim FIPS compliance. I cannot legitimately make that claim if v1.2 is not listed. However I have sent a query to CMVP to get clarification. If CMVP says I am mistaken, I will be extremely happy. In the meantime, your response did not address the CMVP FAQ I pointed to which backs up what I am saying. I am reproducing it here again: ***When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated. *This clearly indicates that the CMVP website is the official source of validation information. This infers that the version listed on the validation website is the validated version. Do you interpret this differently? Thanks! -Ashit On Thu, Mar 8, 2012 at 6:49 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 03/08/2012 06:09 PM, Ashit Vora wrote: Regarding the certificate, it will never be updated. Whenever the CMVP updates a listing because of a change letter process (IG G.5 scenario 1) they only update the website listing. They never update the certificate. The understanding is that the website listing supersedes the certificate. Please see CMVP FAQ (http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf) section 5.9, If the CMVP validation web site does not match the posted certificate, which is valid?: / When a module is validated, an entry is posted on the CMVP web site valuation list along with a softcopy of the initial printed validation certificate. The hardcopy validation certificate is for informational purposes only. The CMVP web site validation list is the official source of validation information in reference to the module. If changes are made to the module that would change the referenced certificate information, only the web site validation list is updated./ Also note that the security policy that is currently linked to on the website only mentions 1.2.3 as the validated module. There is no mention 1.2. It is mentioned: ...The v1.2.3 Module can be used in any environment supported by the earlier v1.2 Module.. I can see where you may have been confused by that and the statement Note that the OpenSSL FIPS Object Module v1.2.3 completely replaces the earlier OpenSSL FIPS Object Module v1.2., but those refers to the functional completeness of the modified module (the fact that there is no OE for which only an earlier revision works); *not* the legitimacy of the original validation. All of this points to the conclusion that 1.2 is not FIPS validated currently. Sorry, I still disagree. Of course the certificate isn't updated, that was my point (and now no individual certificate is issued at all). A change letter mod is an update to an existing validation, not a new validation. Only the new changed element(s) are considered and previous validation review and testing is not repeated. For instance, the most recent mod was to add two new platforms. None of the prior OE testing, or source code or document review was repeated, because all of that prior testing remains valid. Ditto for the earlier mods. By your theory all of the hundreds of thousands (millions...?) of deployed instances of the 1.2, 1.2.1, 1.2.2 modules have retroactively become illegitimate -- a significant fraction of all deployed FIPS 140-2 validated software. I do not believe that is the case and I leave it to you to prove otherwise by filing an objection with the CMVP (yes, anyone can challenge the legitimacy of our validations and that was in fact done a number of times for the early OpenSSL FIPS Object Module Validations). If the intention was to not remove 1.2, I would highly recommend contacting your FIPS laboratory and getting it changed. It would be quite simple to change this. My suspicion is that when the laboratory submitted the change letter they forgot to include 1.2 in the list of changes required to the validation. As such CMVP removed 1.2 listing. We did not forget anything, for any of the change letter mods (via multiple labs, incidentally). The updates were all carefully designed to be strictly cumulative, differing only in the addition of new OEs with newer revisions subsuming but not invalidating earlier ones. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net
Re: OpenSSL FIPS Object Module v1.2
Brendan Simon wrote: Where can I find information about OpenSSL FIPS Object Module v1.2 ??? Where can this be downloaded from? CVS only? Or are there tarballs somewhere? CVS only, branch OpenSSL-fips-0_9_8-stable branch. I'm not releasing the draft Security Policy yet because it has not been reviewed by the CMVP and there's not much any outsiders could contribute to it anyway -- it doesn't have a lot of technical content. I will publish the draft User Guide, which will have useful technical content, when I have a chance to finish the edits from the v1.1.1 version. Since that's not a deliverable to the CMVP process it isn't a high priority, sorry. Your first stop for information about OpenSSL and FIPS 140-2 should be the v1.1.1 User Guide, http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf. I also recently updated the FAQ at http://oss-institute.org/fips-faq.html and will extend that as time permits. Where does FIPS related development/discussion take place? Just the users mailing list? Yes, and/or the OpenSSL dev list. Is there a spot on the website dedicated to FIPS related information? I can't find anything? There are occasional news pieces at the OSSI website, http://oss-institute.org/. I'll try to be better about announcements to the OpenSSL lists. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS Object Module v1.2
The FIPS validation process is... odd. And not at all conducive to the open-source development model. There is no available OpenSSL FIPS Object Module v1.2. Until it passes validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will be made available. I don't think the source is actually even in the public CVS. (I would like to see a preview version that I can at least link things that use the API against, even if everything's stubbed out. :P) I do have to ask, though: is this one going to compile properly on Intel-based Macs? 1.1 and 1.1.1 didn't. -Kyle H On Nov 29, 2007 5:22 PM, Brendan Simon [EMAIL PROTECTED] wrote: Where can I find information about OpenSSL FIPS Object Module v1.2 ??? Where can this be downloaded from? CVS only? Or are there tarballs somewhere? Where does FIPS related development/discussion take place? Just the users mailing list? Is there a spot on the website dedicated to FIPS related information? I can't find anything? Cheers, Brendan. Steve Marquess wrote: A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 (certificate #733, _http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733 _) has been reported by Geoff Lowe of Secure Computing Corporation. Due to a coding error in the FIPS self-test the auto-seeding never takes place. That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be, especially for the first few calls (CVE-2007-5502). Note that this PRNG bug is only present in the v1.1.1 implementation and not in the regular OpenSSL product or in the OpenSSL FIPS Object Module v1.2 now undergoing validation testing. Only those applications using v1.1.1 of the OpenSSL FIPS Object Module which enter FIPS mode are affected. Applications which do not enter FIPS mode or which use any other version of OpenSSL are not affected. Bugs like this in open source software are routinely found and corrected with a patch and/or updated source distribution. In this case two separate patches have been developed by Dr Stephen Henson [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: http://www.openssl.org/news/patch-CVE-2007-5502-1.txt (the simplest direct fix) and: http://www.openssl.org/news/patch-CVE-2007-5502-2.txt (a workaround which avoids touching the PRNG code directly). However, for FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module. We have supplied the information needed for a letter change update request based on the latter of these two patches to the CMT Laboratory for their submission to the CMVP. Once (and if) approved the new distribution containing this patch will be posted as http://openssl.org/source/openssl-fips-1.1.2.tar.gz to replace the current distribution at _http://openssl.org/source/openssl-fips-1.1.1.tar.gz_. Note that in addition to this real-world vulnerability there is a separate problem in this same PRNG implementation concerning the FIPS 140-2 continuous self-test, about which we have received multiple reports. The resolution of that problem hinges on interpretation of FIPS 140-2 scripture and we're still working on crafting a fix consistent with the conflicting opinions we've received. At this point I have no estimate as to when the change letter(s), for either or both fixes, will be approved. From the perspective of those who must deal with events on Internet time the CMVP process is glacially slow. In the absence of any realistic expectation of quick results in that regard OSSI has chosen to make this announcement now in the hope of minimizing the disruption for the many products and private label validations known to use or be derived from the v1.1.1 validation and currently undergoing FIPS 140-2 validation. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS Object Module v1.2
Kyle Hamilton wrote: The FIPS validation process is... odd. And not at all conducive to the open-source development model. There is a certain dissonance, for sure :-) There is no available OpenSSL FIPS Object Module v1.2. Well, yes and no. Check out the OpenSSL-fips-0_9_8-stable branch. The code we're trying to validate now is from that branch. Currently we're at tag FIPS_098_TEST_8. Until it passes validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will be made available. I don't think the source is actually even in the public CVS. (I would like to see a preview version that I can at least link things that use the API against, even if everything's stubbed out. :P) The fact that the code is publicly available doesn't help anyone who wants a validated module now. We also can't know until the very end if the code will change -- the considerations behind some of the FIPS 140-2 requirements are not aways obvious, even in hindsight. The requirements and interpretations thereof evolve over time as well, even during the course of a single validation. I do have to ask, though: is this one going to compile properly on Intel-based Macs? 1.1 and 1.1.1 didn't. Try it and see. If you find problems it will probably be too late to do anything for the current v1.2 validation, but we can address it for the next. Note that we haven't attempted to solicit widespread testing because of the peculiar timing of the FIPS validation process -- you have to effectively freeze the code baseline *before* starting testing. The ideal way to deal with that would be to have a continuing stream of validations in process, spaced a few months apart -- then problems found in validation N could be addressed in validation N+1. But validations are very expensive and our financial sponsorship is erratic so we proceed as resources allow. -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS Object Module v1.2
It should be public, and probably must be public, given it is supposed to be true open-source, etc. Everyone should be able to do test builds (on all types of architectures and variants etc) to iron out bugs, etc, before being submitted for validation. I'd be very surprised if it wasn't available for preview somewhere. It would be good if there was a development page somewhere for FIPS related news, etc. Cheers, Brendan. Kyle Hamilton wrote: The FIPS validation process is... odd. And not at all conducive to the open-source development model. There is no available OpenSSL FIPS Object Module v1.2. Until it passes validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will be made available. I don't think the source is actually even in the public CVS. (I would like to see a preview version that I can at least link things that use the API against, even if everything's stubbed out. :P) I do have to ask, though: is this one going to compile properly on Intel-based Macs? 1.1 and 1.1.1 didn't. -Kyle H On Nov 29, 2007 5:22 PM, Brendan Simon [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Where can I find information about OpenSSL FIPS Object Module v1.2 ??? Where can this be downloaded from? CVS only? Or are there tarballs somewhere? Where does FIPS related development/discussion take place? Just the users mailing list? Is there a spot on the website dedicated to FIPS related information? I can't find anything? Cheers, Brendan. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]