[openssl-dev] OpenSSL 1.1.0 and FIPS

[Steve Marquess]

On 02/23/2016 08:16 AM, Wall, Stephen wrote:
> Thanks for the feedback, I was deliberately ignoring the issue of not
> running non-FIPS algos, there are actually instances where it's
> desirable to have access to them in FIPS mode (RADIUS, eg).  A
> generic way to handle that (aside from Richards dream proposal) would
> be to have a NO_INTERNAL_ALGORITHMS setting somewhere in the API.
> Possibly split into NO_INTERNAL_SYMMETRIC_ALGOS, ASYMMETRIC, HASHES,
> etc, for finer grained control.  Or even a bit per specific algo to
> go to the extreme.  Probably too late to get something like that in
> for a 1.1.0 release...?
> 
> As far as structure incompatibility, translation could be handled
> internally to the engine (though that would require a lot of
> near-duplicate structures).  Feasible, maybe not practical.

Sufficient desperation and sufficiently deep pockets set the boundaries
of "feasible". FIPS 140-2 isn't practical to begin with.

I know of several commercial vendors planning to hand-jamb some variant
of the current FIPS module into OpenSSL 1.1 (what they see as their
least bad option). The result is going to be horrible, though, and will
still require validation. It will leave them with a maintenance tail
that will haunt them for years to come.

I wish them luck, and understand that FIPS 140-2 is important enough to
their business that they have no choice. But here at the OpenSSL project
we've made the conscious decision to not allow FIPS 140-2 to distort and
pervert OpenSSL even more than has already been the case. We'll do a
(relatively) clean and sane implementation for 1.1 if and when we can,
and nothing otherwise.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc