[openssl-users] FIPS 140-2 certification

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Oleg Paikin
> Sent: Wednesday, June 20, 2018 01:01

> We would like to add to our product OpenSSL with FIPS 140-2 module. The problem is that our OS and CPUs
> are not FIPS certified. We use vxWorks 5.5.1 with 3 types of CPUs in different products.

Disclaimer: I've never had to shepherd anything through the FIPS validation process. The following is just my understanding from reading about it.


Nothing is "FIPS certified". FIPS 140-2 does not define a "certification". There is FIPS validation, which if successful results in a "validation certificate". There's also FIPS 140 "user affirmation", which basically involves you saying "hey, any crypto we have is FIPS 140-2 validated in some other context, just not here, cross our hearts". Some customers may accept that, and others may not.

There's also a "FIPS Inside" claim, where you say that even if the entire system is not FIPS-validated, all the actual crypto is. (I'm actually not sure that's officially endorsed by the NIST procurement procedures doc; I've heard people who should know claim that it is, but I haven't looked for chapter & verse myself.)

Also, note that what's validated is a combination of the cryptographic implementation itself; cryptographic things that are done (e.g. the self-tests) and not done (e.g. no forbidden algorithms are used); and the runtime platform (the "Operational Environment"). So what you'd be getting validated is not the OS and CPUs themselves, but the combination of OpenSSL (and any other crypto software or hardware you might have), OS, and CPU. From your description, it sounds like you need four validations, unless your customers will accept user affirmation.

That's assuming your customers aren't also requesting FIPS 140-2 hardware tamper-resistance or some other additional assurance.

> How can we get certification for these environments? OSF answered that they do not do FIPS consulting
> work anymore. Can somebody explain what is the process and cost to get such certification?

The process is you find a lab that will do FIPS 104-2 validation, pay them a lot of money, and wait a long time (months) while they do the testing and go back and forth with the CMVP. History shows that the CMVP can be rather arbitrary. The cost is generally considerable - I think tens of thousands of dollars is typical.

Now, all that said, you can use OpenSSL with the FIPS container and enable FIPS mode without claiming you're FIPS-validated. That doesn't fulfill NIST procurement rules, but you may have a customer who isn't subject to those rules but wants to tick some "FIPS" checkbox anyway. (There's no technical advantage to doing so, but cryptography is an esoteric subject and sometimes people come up with pointless requirements.) I've known people who don't need FIPS validation to ask for some FIPS claim anyway, even when that claim is essentially meaningless. If that's the case, just make it possible for the customer to enable FIPS mode and let them go their merry way.

--
Michael Wojcik
Distinguished Engineer, Micro Focus