Slashdot Mirror
OpenSSL Receives FIPS 140-2 Validation
Argon writes "Close on heals of NewsForge reporting about Government Agency dragging its heels on OpenSSL validation comes the news that OpenSSL receives FIPS Certification. More details are available at the Open Source Institute site which has been driving the effort to get OpenSSL certified.
FIPS 140-2 certification allows software using the certified version of OpenSSL to get into various Government departments previously not possible, thus increasing penetration of Free Software in Government."
Congrats and thanks to the team - I can only imagine what a struggle this has been.
o licy_FINAL.pdf
p s-nist-update_oss-institute.org
From http://www.oss-institute.org/
Two points to remember please: a) the validation is still considered
"pending" until it is posted on the NIST site...in no more than 2
weeks from the announcement date -- NIST official protocol, and b)
the validation does not immediately solve all FIPS 140-2 compliance
issues.
The big thing available now is "OpenSSL Security Policy Version 1.0"
http://oss-institute.org/images/OpenSSL_SecurityP
This document is required as a part of the FIPS 140-2 validation
process. It describes the OpenSSL FIPS cryptographic module in
relation to FIPS 140-2 requirements. The companion document
OpenSSL FIPS 140-2 User Guide (Reference 14)is a technical
reference for developers using, and system administrators
installing, the OpenSSL FIPS software, for use in risk assessment
reviews by security auditors, and as a summary and overview for
program managers.
The "validated OpenSSL USER GUIDE" will be available within two weeks
of the announcement date.
No sign yet of OpenSSL 0.9.7j on the openssl site.
There is an email list available for updates:
http://mail.oss-institute.org/mailman/listinfo/fi
--Neal
Go IETF!
OpenSSL has long been the choice crypto library for many commercial applications. When such products need to be sold into government they invariably face the issue of FIPS 140-2 certification. Does an OpenSSL FIPS 140-2 module signal the end of RSA Security. Other than their SecureID tokens RSA do not seem to have a lot more to offer.
Could you cite your sources? From what I can tell, the FIPS 140-2 list of Approved Security Functions includes AES, and Triple-DES, as well as (curiously) DES and Skipjack[1].
For AES, the ciphers can be operated in the ECB, CBC, CFB, OFB, CTR, CMAC, and CCM modes of operation.
Approved hash functions include SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Keyed hashing must be done using HMAC, but you can use various DES MACs, as well as CCM mode, for message authentication.
Interestingly, what this basically means is that FIPS 140-2 compliance does not imply that your system is secure. All it means is that the government can use it.
[1] Can somebody please check this? I vaguely remember DES and Skipjack being withdrawn, but I can't find the documentation for that.
http://outcampaign.org/
....that there is some way in which you can run OpenSSL in FIPS compliant mode then? Or is it a special FIPS distribution of OpenSSL?
Because under FIPS, the only allowable algorithms are 3DES-CBC for encryption and SHA1 for HMAC.
If you allow anything else to be used, it is not "FIPS compliant".
Two issues. Firstly, AES is acceptable these days for the symmetric cipher and that is supported in TLS. Secondly, the strict requirements about what ciphers are available does not, as far as I know, apply if it's just a FIPS 140-2 level 1 validation which is basically a validation that the FIPS certified ciphers in the library function as required. If they have gone for FIPS 140-2 level 2 then then any key management functionality (such as key wrapping) must use FIPS certified ciphers but one can usually still allow users to use other ciphers. This is important since SSL requires both MD5 and SHA-1 for some of it's obscure MAC functions.
If intelligent life is too complex to evolve on its own, who designed God?
As a side note, it never seemed as if Microsoft's failure to get CC validations promptly ever slowed down IIS or XP deployments, but it's been a major roadblock for any other systems to get through DITSCAP if there was any possible reason to deny the request.
FIPS accreditation removes the final roadblock for open source in the federal government. Now there is not a single valid policy or security requirement that can block deployments of open source systems.
Also of note is that since anyone can use OpenSSL, small development shops are no longer held hostage to Certicom's expensive licensing schemes if they want to deploy FIPS compliant solutions. It used to be financially daunting to sell software to the government that included crypto, and this created a nice, safe sandbox for the small set of approved vendors to charge outrageous prices for FIPS compliant solutions. Now they have to compete with open source, which will likely bring costs down considerably for anyone required to deploy only FIPS compliant solitions.
Another poster mentioned that this restricted the choice of encryption algorithms to 3DES. That is incorrect. FIPS 140-2 is an AES implementation, specifically because of concerns over 3DES' long-term viability. There are no approved 3DES implementations under FIPS 140-2.
Think of it as the computer equivilent to a kit car. Impractical and done mainly for the benifit of the person doing it. Every once in a while someone creating a one off car comes up with something really innovative, but most of the time it is just a single persons hobby that no one really cares about.
With the nominal distribution and reproduction cost of software however, each creation has a remote chance of being a market leader.
Observers seem get caught up on market share and conservation on talent, when a lot of computer work is the scale of a really impressive hobby. That is not to say that people do not create software for other reasons. That is obviously false, but writing a *n*x clone from scratch when BSD already existed to get to learn about the 80386 was a waste of time if one only looks at efficiency of resources, but that was not the goal. The goal was to learn about the 80386, Linux having a sizable market share was an unintended consequence that did not factor in its origination.
(I hope this is not way to pedantic, but the we shouldn't waste resources statements seem to get passed around as truth with out any discussion.)
Work bio at MMWD
It's possible for software to achieve higher than level 1, but you have to presume a standard hardware platform to run it on. They probably just picked a machine that met level 2 physical requirements and ran it through the process using it, so technically, it probably isn't certified unless it is running on that particular machine. This is pretty common.
OpenSSL is one of those cool projects that would be so much cooler if it weren't for the stupid license that makes it a PITA to actually employ in a product. OpenSSL essentially uses the BSD license w/attribution, which makes it difficult to use with GPLd projects, unless you use the version provided by your distro -- which isn't always desireable.
Okay, maybe this is a question of semantics, but since when did a non-viral open source license qualify as "annoying"?