OpenSSL is now FIPS 140-1 and FIPS 140-2 validated
jaltman at MIT.EDU
Thu Mar 23 09:47:20 EST 2006
OpenSSL FIPS 140-1 and FIPS 140-2 validation as a cryptographic module
has now been approved and posted
The security policy for its use is posted here
The important things to note is that the OpenSSL API as a whole is not
validated. The only thing that is validated and must remain static is
the "OpenSSL FIPS Object Module" which only provides the cryptographic
operations for DES1, Triple DES, AES, RSA (for digital signatures), DH,
DSA, SHA1, SHA224, SHA256, SHA384, SHA512, and HMACSHA1, HMACSHA224,
HMACSHA256, HMAC384, and HMACSHA512. The "OpenSSL FIPS Object Module"
also performs ANSI X9.31 compliant pseudorandom number generation.
If a kcrypto API were to be implemented on top of this module, there
could be an open source Kerberos implementation with FIPS validated
crypto. Although as the readers of this list are aware there are issues
with the OpenSSL license that would make it incompatible with the needs
of some users.
As the "OpenSSL FIPS Object Module" is not distributed in binary form
but is instead distributed as source code to be compiled on any platform
the majority of the security policy deals with a multi-stage
verification process that must be used both during the compilation
process as well as at run-time to ensure the integrity of the source
code, the integrity of the object code and the integrity of the
Given the way in which integrity checks are performed not all build
processes and operating systems are supported. In particular, cross
compilation is not supported and operating systems that do not permit
memory mapped access to the loaded module are not supported.
The Q&A session at Linux World Expo Boston will be on April 4th at 6:30
pm EST. I can't attend as I will be presented at NIST PKI'06 that day
but if someone is willing to go and scribe I would be very must
interested in reading the results.
More information about the krbdev