On Thu, Dec 23, 2010 at 7:35 PM, <aerow...@gmail.com> wrote: > Jeff, > > The fipscanister's integrity test must be called before main(), and that's > why fipsld does what it does. The process to load it and verify it is given > (in source form) in the fips-1.2.0 package, and those bits can be located as > well as the compiled bits of the canister itself. > > I think that this discussion is good, because it will (hopefully) lead to a > tool -- perhaps a script -- that can perform all of the tests that we can > identify on an executable to determine if it's been statically linked with a > correct fipscanister. > Agreed. Sorry about the traces of cynicism. I just don't trust corporate or government. They collude all the time.
Jeff > On Thu, Dec 23, 2010 at 3:48 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> On Thu, Dec 23, 2010 at 5:56 PM, <aerow...@gmail.com> wrote: >>> >>> OPENSSL_FIPS=1 causes openssl to invoke FIPS_mode_set(1). Once that >>> occurs, >>> MD5 is a prohibited algorithm unless it's explicitly limited to the TLSv1 >>> PRF (and that only because SHA is also used). If an MD5 operation >>> completes >>> successfully, it's not a FIPS canister that's running the cryptography. >>> >>> In other words: If it's FIPS, it will refuse to do it. If it doesn't >>> refuse >>> to do it, it's not FIPS. >> >> Ok. Suppose you download or purchase a component from a company that >> claims to offer FIPS validated implementation using OpenSSL sources. >> I'm not clear how "OPENSSL_FIPS=1" verifies the claim of FIPS >> validation on the binaries. > > It doesn't do it if you can't use bin/openssl itself. That makes my > suggestion a bit less than useful in your scenario. > >>> Looking at it pragmatically: as a client, one can either >>> base the decision on declaration or on demonstrable, observable, and >>> well-defined behavior. >> >> A better perspective might be to look at it from a practical >> standpoint in the context of acceptance testing and quality assurance >> Perhaps the process should require presenting fipscanister.o and >> compiler/version statement in addition to the resulting binary. > > as well as the signature of the person who performed the build, certifying > that it was done in accordance with the security policy. Government is very > big on personal responsibility. > >> If a company claims a FIPS validated module, I can always compile the >> canister using GCC X.Y.Z (or whatever compiler) and reproduce the >> object file, and then search for the bits in the resulting binary. The >> final test would simply be a breakpoint on FIPS_mode_set under GDB to >> ensure the function was called. > > Or, you can accept the documentation provided (including said signature and > certification), and use that as a legal defense if it ever comes up? (Yes, > I agree that this option sucks -- but it's a paper trail and a valid CYA, if > you don't have the time or the tools to run any verification of > acceptability.) > >> Jeff > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
