Dear all, I'm trying to map the SP800-56b NIST document to the OpenSSL capabilities running in FIPS mode.
There is a table full of "should not", "should", "shall" and so on, needed to be filled by any NIST approved product, but there are certain issues, that seems that OpenSSL doesn't pass, and the NIST validators requires a rationale for deviation, for each "no". I saw (two years ago may be?) a guy asking about this table in an openssl mailing list, but the data wasn't available. So, is there anyone that has filled this table and explained a rationale for deviations? Or where could I find this information? You can see an example of the table from a random company in https://www.niap-ccevs.org/st/st_vid10523-st.pdf (page 53) or in https://www.niap-ccevs.org/st/st_vid10505-st.pdf (page 40) For instance, in NIST SP800-56b section Reference 7.2.2.3, it says that (talking about RSA-OAEP Decryption Operation) "the observable behavior of the mask generation function *should not* reveal even partial information about the MGF seed employed in the process ". Do you know why OpenSSL doesn't fulfil that capability? I'm not able to find why OpenSSL in FIPS mode may reveal partial information about the MGF seed and I'm not able to find why this is not harmful. Just for the records, the sections that I think that OpenSSL doesn't fulfil, are: 6.6 (shall not), 7.2.1.3 (should not), 7.2.3.3 (should not) and 8.3.2 (should not). Thanks for your help in advance and kind regards, Alberto. -- Alberto Román Engineering team http://www.alienvault.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
