The FIPS validation process is... odd. And not at all conducive to the open-source development model.
There is no available OpenSSL FIPS Object Module v1.2. Until it passes validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will be made available. I don't think the source is actually even in the public CVS. (I would like to see a preview version that I can at least link things that use the API against, even if everything's stubbed out. :P) I do have to ask, though: is this one going to compile properly on Intel-based Macs? 1.1 and 1.1.1 didn't. -Kyle H On Nov 29, 2007 5:22 PM, Brendan Simon <[EMAIL PROTECTED]> wrote: > Where can I find information about OpenSSL FIPS Object Module v1.2 ??? > Where can this be downloaded from? CVS only? Or are there tarballs > somewhere? > > Where does FIPS related development/discussion take place? Just the > users mailing list? > > Is there a spot on the website dedicated to FIPS related information? I > can't find anything? > > Cheers, Brendan. > > > Steve Marquess wrote: > > > > A significant flaw in the PRNG implementation for the OpenSSL FIPS > > Object Module v1.1.1 (certificate #733, > > _http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733 > _) > > has been reported by Geoff Lowe of Secure Computing Corporation. Due > > to a coding error in the FIPS self-test the auto-seeding never takes > > place. That means that the PRNG key and seed used correspond to the > > last self-test. The FIPS PRNG gets additional seed data only from > > date-time information, so the generated random data is far more > > predictable than it should be, especially for the first few calls > > (CVE-2007-5502). > > > > Note that this PRNG bug is only present in the v1.1.1 implementation > > and not in the regular OpenSSL product or in the OpenSSL FIPS Object > > Module v1.2 now undergoing validation testing. Only those applications > > using v1.1.1 of the OpenSSL FIPS Object Module which enter FIPS mode > > are affected. Applications which do not enter FIPS mode or which use > > any other version of OpenSSL are not affected. > > > > Bugs like this in open source software are routinely found and > > corrected with a patch and/or updated source distribution. In this > > case two separate patches have been developed by Dr Stephen Henson > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>: > > > > http://www.openssl.org/news/patch-CVE-2007-5502-1.txt > > > > (the simplest direct fix) and: > > > > http://www.openssl.org/news/patch-CVE-2007-5502-2.txt > > > > (a workaround which avoids touching the PRNG code directly). However, > > for FIPS 140-2 validated software no changes are permitted without > > prior CMVP approval so neither of these patches can be applied to the > > v1.1.1 distribution for the purposes of producing a validated module. > > > > We have supplied the information needed for a "letter change" update > > request based on the latter of these two patches to the CMT Laboratory > > for their submission to the CMVP. Once (and if) approved the new > > distribution containing this patch will be posted as > > http://openssl.org/source/openssl-fips-1.1.2.tar.gz to replace the > > current distribution at > > _http://openssl.org/source/openssl-fips-1.1.1.tar.gz_. > > > > Note that in addition to this real-world vulnerability there is a > > separate problem in this same PRNG implementation concerning the FIPS > > 140-2 continuous self-test, about which we have received multiple > > reports. The resolution of that problem hinges on interpretation of > > FIPS 140-2 scripture and we're still working on crafting a fix > > consistent with the conflicting opinions we've received. > > > > At this point I have no estimate as to when the change letter(s), for > > either or both fixes, will be approved. From the perspective of those > > who must deal with events on "Internet time" the CMVP process is > > glacially slow. In the absence of any realistic expectation of quick > > results in that regard OSSI has chosen to make this announcement now > > in the hope of minimizing the disruption for the many products and > > "private label" validations known to use or be derived from the v1.1.1 > > validation and currently undergoing FIPS 140-2 validation. > > > > -Steve M. > > > > -- > > Steve Marquess > > Open Source Software Institute > > [EMAIL PROTECTED] > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
