[openssl-dev] OpenSSL 1.1.0 and FIPS

[Steve Marquess]

On 02/22/2016 11:01 AM, Wall, Stephen wrote:
> I wonder if I could get the thoughts of some of you developers on how
> difficult it would be to build an engine for OpenSSL 1.1.0 that makes
> use of the current (2.0.11?) fipscanister.o.  Also, opinions on if
> this would be a legitimate way to get FIPS in 1.1.0.
> 
> Thanks, spw
> 

Re-use of the current 2.0 module was debated in detail, with the
conclusion that too many distortions to the new OpenSSL code would be
required. We're trying hard to get away from messy, ugly, fragile code
and reluctantly concluded that only a new FIPS module designed for a
clean interface with OpenSSL 1.1 was feasible.

We are not happy with the loss of FIPS support for 1.1; we know many
users require it. But, we're not willing to compromise sound software
engineering judgment to kludge together an abomination (and frankly the
current FIPS module with OpenSSL 1.0.N is pretty ugly already).

What we need is a new FIPS module, which we're willing to develop given
the opportunity. The main problem there is the formal validation
process. A FIPS 140-2 validation is challenging enough for conventional
proprietary close-source binary code; open source based validations are
enormously more difficult. Those have only been done five times, and my
assessment of the current regulatory environment is that it would be far
too risky for us to attempt a sixth such attempt (at least not without
sponsor(s) willing to absorb most of that risk).

If and when a new FIPS module for 1.1 is developed, it almost certainly
will take the form of a new "engine" style modular component.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc