3.0 FIPS related questions
rpb5bnc at gmail.com
Tue Mar 24 14:06:23 UTC 2020
I have two questions regarding support for FIPS in 3.0. We're currently working on early planning for our migration to OpenSSL 3.0 and we're
trying to size the effort for our team. We're also beginning to put together contingency plans in the event that dates on either side change
dramatically. I suspect I already know the answers to these questions, but I wanted to ask just to be sure so that we plan correctly.
Over the years we have had requirements to include additional functionality within our FIPS boundary beyond what was in the OpenSSL
based FOM. We would start with the existing OpenSSL FOM, add in the additional functionality, and then go through a full validation with the
test lab on this slightly modified FOM. We had the impression that there are other groups that do the same. An example of additional
functionality, especially for the 3.0 FOM, might be something like the SSH KDF. If this KDF were to not be included in the 3.0 FOM and we
needed a FIPS validated version of it in our solutions, we would need to move this into the FIPS provider and then take this altered FOM through
a complete FIPS validation. If however, we were to create a 3rd party provider that only contains this supplemental FIPS functionality, we
could go through an abbreviated FIPS validation of just that functionality and then have both the OpenSSL 3.0 FOM and this
supplemental FOM active at the same time in our solution. So the question is, will the OpenSSL 3.0 design allow for more than one active
I've made a pass through the 3.0 design specification looking specifically at FIPS provider related content but did not see an
explicit statement that there can only be one FIPS provider, although, I suspect this is the case and wanted to confirm this. If it's at all
possible to have two active FIPS provider, it could make subsequent FIPS validations simpler. On the other hand, am I completely missing some
fundamental aspect of FIPS provider functionality in 3.0 and this need to add additional support into the FOM will not be as involved as it
used to be?
The second question is somewhat related. Has there been a decision yet whether the FOM 3.0 will go through a 140-2 or a 140-3 validation?
More information about the openssl-users