[openssl-users] FIPS 140-2 casualty list -- Ubuntu 10.4 still MIA

Steve Marquess marquess at openssl.com
Wed Jul 8 13:47:13 UTC 2015 

If you don't know or care what FIPS 140-2 is then dance a little jig of
joy and move on.

The "hostage issue" has resulted in the forced removal[*] of a number of
platforms from the #1747 validation. That removal was done by editing
the "Big Blob o' Text" in the rightmost cell of the entry for the #1747
validation on the NIST CMVP web site:

  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747

Until now no one has paid any attention to the Big Blob, as it's
essentially unreadable, but with this new precedent that has been set it
now matters. The Big Blob as it stands contains what appear to be four
typographical errors:

  Platform 8, "Ubuntu 10.04 Intel Pentium T4200 (x86)" deleted

  One of platform 20 "Linux 2.6 Broadcom BCM11107 (ARMv6)" or platform
21 "Linux 2.6 TI TMS320DM6446 (ARMv4)" deleted (the Big Blob has only
one possible match for both)

  One of platform 45 "NetBSD 5.1 PowerPC-e500" or 46 "NetBSD 5.1 Intel
Xeon 5500 (x86)" deleted (the Big Blob has only one possible match for both)

  Platform 71 "Linux 3.4 under Citrix XenServer Intel Xeon E5-2430L
(x86)" *not* deleted

I was sure those were all typographical errors, which is understandable
given the constipated illegibility of the Big Blob. However, more than
three weeks after those errors were reported we have no response
confirming that assumption and those errors have remained uncorrected,
and that web page has since been updated several times.

So, it's possible that the deletion of the three platforms 8, 20/25, and
45/46 was deliberate, for reasons as yet unknown. If you're using the
module on platforms 20, 21, 45, 46 the ambiguity of the list of
surviving platforms in the Big Blob presumably works in your favor. But,
platform 8 is unambiguously "MIA" (Missing in Action) so any use of the
OpenSSL FIPS module on that platform, Ubuntu 10.04 on x86, is officially
non-validated.

-Steve M.

[*] http://openssl.com/fips/aftermath.html

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list