[openssl-users] FIPS: Which DRBG is default ?
Hello, When an application does not define OPENSSL_DRBG_DEFAULT_TYPE nor OPENSSL_DRBG_DEFAULT_FLAGS nor any compilation options (if applicable), is the default DRBG the 256 bit CTR AES (+ deviation function) in FIPS mode ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
On 03/24/2015 01:27 PM, jonetsu wrote: > > >> From: "Steve Marquess" Date: 03/24/15 12:38 >> > > >> No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of >> early 2014) for use as-is in doing copycat validations. Some >> non-trivial code hacks will be necessary. > >> We'll do a new open source based validation to succeed the 2.0 >> FIPS module (#1747 validation) at the first opportunity, but that >> opportunity has not yet presented itself. > > I still do not know that much about the validation in practical > terms. If our units go through validation, can this benefit OpenSSL > ? Not in the tiniest, unless you completely open source the entire thing as we did (specifically in a validation that includes the build-from-source part). A FIPS 140-2 validation is like magical pixie dust in that you and I can each take exactly the same source code and each build a binary FIPS module from it in exactly the same way, for exactly the same platform, and your module will be "validated" and mine won't (or vice-versa, depending on the pixe dust). > > Also, to go back to the SP 800-90 vs. SP 800-90A regarding the DRBGs, > do you know how would the OpenSSL SP 800-90 validation fare in a FIPS > testing lab since the Dual EC was removed and the other three were > not touched ? We "revalidate" the DRBGs every time we do a new "change letter" platform addition, which is frequently. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
> From: "Steve Marquess" > Date: 03/24/15 12:38 > No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early > 2014) for use as-is in doing copycat validations. Some non-trivial code > hacks will be necessary. > We'll do a new open source based validation to succeed the 2.0 FIPS > module (#1747 validation) at the first opportunity, but that opportunity > has not yet presented itself. I still do not know that much about the validation in practical terms. If our units go through validation, can this benefit OpenSSL ? Also, to go back to the SP 800-90 vs. SP 800-90A regarding the DRBGs, do you know how would the OpenSSL SP 800-90 validation fare in a FIPS testing lab since the Dual EC was removed and the other three were not touched ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
On 03/24/2015 09:53 AM, jonetsu wrote: > > ... > >> Now the code for the OpenSSL FIPS module can no longer be used >> as-is for new "private label" or copycat validations, but that's >> for different reasons and not because of the DRBGs. > > I've read the User Guide bit on private label validations. In the > case of a product that consists of a dedicated unit, what would be > the best approach ? So far I have considered using the OpenSSL FIPS > module as is, in the hope that its FIPS validation would save costs > at the testing lab. Is this still feasible ? No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early 2014) for use as-is in doing copycat validations. Some non-trivial code hacks will be necessary. We'll do a new open source based validation to succeed the 2.0 FIPS module (#1747 validation) at the first opportunity, but that opportunity has not yet presented itself. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
> From: "Steve Marquess" > Date: 03/24/15 09:22 > At the time that validation was obtained the four (at the time) DRBGs > were specified by SP800-90. That document was subsequently reissued in > several pieces; the current SP800-90A now contains the specifications > for the three surviving DRBGs (the fatally tainted Dual EC DRBG having > been removed from the formal standards and also from the OpenSSL FIPS > Object Module). If it concerns only the removal of the Dual EC, then it should be OK, technically. Not on paper. > Now the code for the OpenSSL FIPS module can no longer be used as-is for > new "private label" or copycat validations, but that's for different > reasons and not because of the DRBGs. I've read the User Guide bit on private label validations. In the case of a product that consists of a dedicated unit, what would be the best approach ? So far I have considered using the OpenSSL FIPS module as is, in the hope that its FIPS validation would save costs at the testing lab. Is this still feasible ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
On 03/23/2015 02:36 PM, xxiao8 wrote: > The key issue still remains, are the validated SP800-90 DRBGs the _same_ > as SP800-90A's DRBGs? If yes then we can probably use Openssl-FIPS with > SP800-90A, otherwise OpenSSL-FIPS 2.0.9 probably can no longer be used > for any new validations? At the time that validation was obtained the four (at the time) DRBGs were specified by SP800-90. That document was subsequently reissued in several pieces; the current SP800-90A now contains the specifications for the three surviving DRBGs (the fatally tainted Dual EC DRBG having been removed from the formal standards and also from the OpenSSL FIPS Object Module). Now the code for the OpenSSL FIPS module can no longer be used as-is for new "private label" or copycat validations, but that's for different reasons and not because of the DRBGs. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
The key issue still remains, are the validated SP800-90 DRBGs the _same_ as SP800-90A's DRBGs? If yes then we can probably use Openssl-FIPS with SP800-90A, otherwise OpenSSL-FIPS 2.0.9 probably can no longer be used for any new validations? Thanks, xxiao --- Hi, For the second question any DRBG that are approved in FIPS SP 800-90A are approved for any application. You can chose over tha Hash, HMAC or CTR DRBG equivalently. Best regards Q Gouchet Le 23 mars 2015 09:38, "jonetsu" a écrit : > Hello, > > Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, > the OpenSSL source code does not seem to mention SP 800-90A. Only SP > 800-90. So the certifications were made for SP 800-90, is that right ? > > Also, does it depend on the application to choose which DRBG and moreover, > for regular FIPS uses, does it matter which DRBG is used since they are all > approved ? > > One more question: is there a way for us to actually know/test which one > id used by an application ? I currently am using a > FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to > identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be > more useful ? > > Regards. > ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
Hi, For the second question any DRBG that are approved in FIPS SP 800-90A are approved for any application. You can chose over tha Hash, HMAC or CTR DRBG equivalently. Best regards Q Gouchet Le 23 mars 2015 09:38, "jonetsu" a écrit : > Hello, > > Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, > the OpenSSL source code does not seem to mention SP 800-90A. Only SP > 800-90. So the certifications were made for SP 800-90, is that right ? > > Also, does it depend on the application to choose which DRBG and moreover, > for regular FIPS uses, does it matter which DRBG is used since they are all > approved ? > > One more question: is there a way for us to actually know/test which one > id used by an application ? I currently am using a > FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to > identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be > more useful ? > > Regards. > > > > ___ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS: Which DRBG ?
Hello, Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So the certifications were made for SP 800-90, is that right ? Also, does it depend on the application to choose which DRBG and moreover, for regular FIPS uses, does it matter which DRBG is used since they are all approved ? One more question: is there a way for us to actually know/test which one id used by an application ? I currently am using a FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be more useful ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users