Steve Marquess wrote:
I've just been informed that we have received the long awaited
official approval of the vulnerability fix for the OpenSSL FIPS
Object Module v1.1.1. The patched version of that product is now
known as v1.1.2 with the new validation certificate number 918 and
can be downloaded from
http://www.openssl.org/source/openssl-fips-1.1.2.tar.gz.
Please note that the DSA algorithm has been removed from the
validation because the rules for DSA changed and the code didn't.
I've received several queries about what happened to DSA. FIPS 140
requires a "Known Answer Test" (KAT) for algorithms. For DSA that
consists of hardcoded values (seed,p,q,g,plaintext) and a runtime check
based on those values. At "power up" (initialization call to the
FIPS_mode_set() function) the plaintext value is signed and then
verified; any failures are fatal.
At the time the validation was initially awarded this DSA KAT only
needed to use 512 bits, since then the requirement has changed to
require 1024 bits. The code of course didn't change (only the specific
vulnerability patch was applied), so the DSA algorithm became
non-compliant. It is still implemented exactly as before, only now it
cannot be used while claiming FIPS compliance.
We could easily have modified the KAT to use 1024 bits, but experience
has shown that any such change would probably delay the revalidation
significantly. With the previous validation already revoked and the
"fast track" timeline still uncertain we decided not to take that hit.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
