OpenSSL *source* to get FIPS 140-2 Level 1 certification

Joshua Hill josh-crypto at untruth.org
Fri Sep 5 17:01:13 EDT 2003 

On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote:
> It is the first *source code* certification.

The ability to do this runs counter to my understanding of FIPS 140-2.

First, there are a series of requirements that deal with executable
binary authentication that I'm not sure could be met.

Second, it is unclear to me what would be tested during operational
testing.  The source code can't itself be a module, because the source
code doesn't do anything until it is compiled and run. FIPS 140-2
currently only allows for fully functional units to be modules; you'll
note, for instance, that FIPS certs for "software" modules are listed as
a "multi-chip standalone" embodiment, for instance.  NIST was talking
about producing documents that would support a true "software only"
embodiment, but that initiative seems to have stalled with the change
of directors of the CMVP (the NIST group that issues FIPS 140-2 certs).

Third, nominally, the FIPS certificate only applies to the particular
operating system (and OS version) that the operational testing was
done on.  For level 1 modules, NIST has historically allowed OSes in
the same "family" to also be covered, and they have been very liberal
in their definition of "family".

Those seem like the big problems.  NIST has historically been intractable
on these issues.  That's not to say that they couldn't have changed their
mind, but doing so would require that they go against previously issued
(formal) guidance and many verbal conversations.

I don't want to rain on anyone's parade.  If the OpenSSL cert goes
through, and the certificate covers the code itself, then I assure
you that I'll be cheering just as loudly as anyone.  Sadly, I honestly
suspect that this won't be the case.  It would require too many broad
interpretation changes on NIST's part, and it would require that they
contradict their previous guidance, which isn't something they do
very often.

			Josh

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list