Where can I find information about OpenSSL FIPS Object Module v1.2 ???
Where can this be downloaded from? CVS only? Or are there tarballs
somewhere?
Where does FIPS related development/discussion take place? Just the
users mailing list?
Is there a spot on the website dedicated to FIPS related information? I
can't find anything?
Cheers, Brendan.
Steve Marquess wrote:
A significant flaw in the PRNG implementation for the OpenSSL FIPS
Object Module v1.1.1 (certificate #733,
_http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733_)
has been reported by Geoff Lowe of Secure Computing Corporation. Due
to a coding error in the FIPS self-test the auto-seeding never takes
place. That means that the PRNG key and seed used correspond to the
last self-test. The FIPS PRNG gets additional seed data only from
date-time information, so the generated random data is far more
predictable than it should be, especially for the first few calls
(CVE-2007-5502).
Note that this PRNG bug is only present in the v1.1.1 implementation
and not in the regular OpenSSL product or in the OpenSSL FIPS Object
Module v1.2 now undergoing validation testing. Only those applications
using v1.1.1 of the OpenSSL FIPS Object Module which enter FIPS mode
are affected. Applications which do not enter FIPS mode or which use
any other version of OpenSSL are not affected.
Bugs like this in open source software are routinely found and
corrected with a patch and/or updated source distribution. In this
case two separate patches have been developed by Dr Stephen Henson
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>:
http://www.openssl.org/news/patch-CVE-2007-5502-1.txt
(the simplest direct fix) and:
http://www.openssl.org/news/patch-CVE-2007-5502-2.txt
(a workaround which avoids touching the PRNG code directly). However,
for FIPS 140-2 validated software no changes are permitted without
prior CMVP approval so neither of these patches can be applied to the
v1.1.1 distribution for the purposes of producing a validated module.
We have supplied the information needed for a "letter change" update
request based on the latter of these two patches to the CMT Laboratory
for their submission to the CMVP. Once (and if) approved the new
distribution containing this patch will be posted as
http://openssl.org/source/openssl-fips-1.1.2.tar.gz to replace the
current distribution at
_http://openssl.org/source/openssl-fips-1.1.1.tar.gz_.
Note that in addition to this real-world vulnerability there is a
separate problem in this same PRNG implementation concerning the FIPS
140-2 continuous self-test, about which we have received multiple
reports. The resolution of that problem hinges on interpretation of
FIPS 140-2 scripture and we're still working on crafting a fix
consistent with the conflicting opinions we've received.
At this point I have no estimate as to when the change letter(s), for
either or both fixes, will be approved. From the perspective of those
who must deal with events on “Internet time” the CMVP process is
glacially slow. In the absence of any realistic expectation of quick
results in that regard OSSI has chosen to make this announcement now
in the hope of minimizing the disruption for the many products and
“private label” validations known to use or be derived from the v1.1.1
validation and currently undergoing FIPS 140-2 validation.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
