If you don't know or care what FIPS 140-2 is then count yourself lucky and skip this message.
For those who do, and masochists, brace yourselves and read on. Back in January we submitted a formal request to the FIPS 140-2 cryptographic module validation bureaucracy to remove Dual EC DRBG from the OpenSSL FIPS Object Module v2.0 (validation certificate #1747). That prospective revision, 2.0.6, languished for months. We weren't particularly surprised because expert opinion was divided on our chances of success. One accredited test lab was absolutely positively certain it would never ever be permitted (such "cryptographically significant" changes are highly discouraged, to put it mildly). Another lab was willing to give it a shot, though with no guarantee of success. So we decided to gamble some of our own funds to try. Months later we submitted a routine platform portability update, 2.0.7. Since the fate of 2.0.6 was unknown we tested those new platforms with code that still included the Dual EC DRBG implementation, as otherwise we ran the risk of having to completely redo that submission if 2.0.6 was rejected (or never approved). As it happens both 2.0.6 and 2.0.7 were approved in the span of a single week. That leaves us with the very odd result that Dual EC DRBG is removed in 2.0.6 and then restored in 2.0.7. We presumably will be allowed to remove it again in a future 2.0.8, but since change letter modifications cost money we'll wait until a funded opportunity for a 2.0.8 revision presents itself. In the meantime, if you don't care about Dual EC DRBG and don't require one of the platforms[*] added by 2.0.7, do nothing. If you want a Dual EC-less FIPS module and don't use one of those new platforms, use 2.0.6. If you do want a Dual EC-less FIPS module and also require one of those new platforms, you're out of luck at least for now. As always, if you aren't specifically *required* to use FIPS 140-2 validated cryptography then don't; use the latest version of the regular OpenSSL which will have all current vulnerability and bug fixes, performance enhancements, and platform support. -Steve M. [*] Those would be platforms number 81 through 91 in Table 2 of the Security Policy document at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf, except that URL on the NIST CMVP web site still points to the 2.0.6 revision of that document. That error has been reported and should be corrected in a few days. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
