[openssl-users] Validation status of openssl-fips-2.0.11?

Steve Marquess marquess at openssl.com
Fri Feb 12 22:03:18 UTC 2016 

On 02/12/2016 04:26 PM, Kyle Hamilton wrote:
> I'm not seeing anything about openssl-fips-2.0.11 in
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747
> , so I'm not quite certain what its validation/certificate status is? 

Ok, this is complex, insanely so.

There is one OpenSSL FIPS Module, the "OpenSSL FIPS Object Module v2.0".
It is updated from time to time, to add new platforms, and each revision
of that module is distributed in a tarball with the name
openssl-fips-2.0.N.tar.gz, with N currently at 12. All revisions of the
module are valid; each successive revision by careful design subsumes
all the previously validated platforms.

For a long time this one module had only one validation, #1747. But, we
ran into an intractable issue with the CMVP that meant we were no longer
able to update the #1747 validation[1]. So, we obtained nominally
separate validations for the *same* FIPS module. That one module is now
covered by three separate validations, #1747, #2398, and #2473.

Collectively the three validations include over 120 platforms. One
module, three validations. If you're shipping a product that uses the
OpenSSL FIPS module and need to state which validation number applies,
you need to look to see which of the three validations your platform of
interest is listed for. That is the validation number you reference.

So all three validations are current. The #1747 and #2473 validations
will remain at revision 2.0.10 forever; #1747 because we can't change it
and #2398 so that multi-platform vendors can use the exact same binary
module on the widest range of platforms. New platforms that don't
require source code changes will go on the #2473 validation. New
platforms that require source code changes and thus a new module
revision will of necessity go on the #2398 validation.

Yeah, it's a mess.

> Also, is a new Security Policy in the works integrating the new HMAC
> digests for the new versions of -fips and -fips-ecp?

I don't understand this question.

> (Also, would the mandatory HMAC calculation of the original tarball be
> okay if it were done using a FIPS-validated version of Mozilla's NSS?)

You wouldn't believe how deep that rabbit hole goes. See section 6.6 of
the OpenSSL FIPS user guide
(https://openssl.org/docs/fips/UserGuide-2.0.pdf). The answer to that
question is why we're still snail-mailing CDs (see
http://openssl.com/fips/verify.html).

-Steve M.

[1] A tedious discussion starts at http://openssl.com/fips/hostage.html

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list