RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu
Hello,


I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance.  We are using OpenSSL 1.0.1e with the fips-2.0.9 module.    Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have: 


#ifdef OPENSSL_FIPS
        if (FIPS_mode())
    return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif


Instead of using FIPS_rsa_generate_key_ex()


(and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in rsa_gen.c)




Thanks.



_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Marcus Meissner
On Thu, Dec 17, 2015 at 04:26:21PM -0500, jonetsu wrote:

> Hello,
>
>
> I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance.  We are using OpenSSL 1.0.1e with the fips-2.0.9 module.    Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have: 
>
>
> #ifdef OPENSSL_FIPS
> if (FIPS_mode())
>     return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
> #endif
>
>
> Instead of using FIPS_rsa_generate_key_ex()
>
>
> (and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in rsa_gen.c)

I do not think this x931 RSA key generation is 186-4 compliant.

Ciao, Marcus
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu
Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if this means an upgrade ?)

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Steve Marquess-4
On 12/18/2015 11:03 AM, jonetsu wrote:
> Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
> this means an upgrade ?)

We aren't allowed to update existing validations to include that type of
"cryptographically significant" change, just like we aren't allowed to
fix vulnerabilities (e.g. Lucky 13).

So no.

We will address all new FIPS 140-2 requirements, and known
vulnerabilities, and support of OpenSSL 1.1, if and when we're in a
position to pursue a new open source based validation to succeed the
current #1747/#2398/#2473.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu
What would then be the permitting conditions to pursue a new validation ?  If you don't mind me asking.  I have read several notes you have on the subject and I agree that the whole thing is of Dedalus proportions.  In a nutshell what would be these conditions ?

Thanks, much appreciated.
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Salz, Rich
> What would then be the permitting conditions to pursue a new validation ?
> If you don't mind me asking.  I have read several notes you have on the
> subject and I agree that the whole thing is of Dedalus proportions.  In a
> nutshell what would be these conditions ?

In a nutshell: someone willing to spend the money (low six figures) without adding requirements that violates the spirit of our open source philosophy, and while knowing that the project might fail for non-technical reasons.



_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu
In reply to this post by Steve Marquess-4
Sorry, I forgot: What about the code itself, if we do not mind the validation ?  Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ?
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Steve Marquess-4
In reply to this post by Salz, Rich
On 12/18/2015 01:10 PM, Salz, Rich wrote:

>> What would then be the permitting conditions to pursue a new
>> validation ? If you don't mind me asking.  I have read several
>> notes you have on the subject and I agree that the whole thing is
>> of Dedalus proportions.  In a nutshell what would be these
>> conditions ?
>
> In a nutshell: someone willing to spend the money (low six figures)
> without adding requirements that violates the spirit of our open
> source philosophy, and while knowing that the project might fail for
> non-technical reasons.

I'll also note that each of the previous five open source based
validations had one or more U.S. government sponsors with an interest in
a successful outcome. I believe that interest, expressed and exercised
in ways I was not fully privy to, was the key element in those
successful outcomes.

We will undertake another tilt a the windmill with the prerequisites
Rich noted above, but I think a successful outcome for the sixth
such validation will also require the engagement of politically adept
stakeholders.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu
Fair enough (in this context).  But what about the code itself, is it ready to be RSA 186-4 compliant ?

And, if we go through a validation, can OpenSSL benefit from it ?

Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Steve Marquess-4
On 12/18/2015 12:58 PM, jonetsu wrote:
> Fair enough (in this context).  But what about the code itself, is it ready
> to be RSA 186-4 compliant ?

We think we know how to write the code that would be necessary, for FIPS
186-4 and all the other new requirements, though you can never be sure
until *your* specific module has been formally validated. Given the
capriciousness of the FIPS 140-2 validation process, which I've
commented on frequently, the fact that someone else did something in
*their* validation doesn't necessarily mean a lot for *your* validation.

But, without an open source based validation in which such code would
have any general utility, we see no point in writing FIPS specific code.
We're not in the business of doing speculative software development.

>
> And, if we go through a validation, can OpenSSL benefit from it ?

By "we" do you mean some sort of proprietary commercial validation?
Those don't contribute at all to the availability of a no-cost open
source validated module; code is worthless (even "open source" code) for
the purposes of satisfying the USG/DoD FIPS 140-2 procurement
requirements if it hasn't been sprinkled with the magical pixie dust of
FIPS 140-2 validation.

Writing the code isn't trivial, but that has never been the hard part...

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Jakob Bohm-7
On 18/12/2015 19:58, Steve Marquess wrote:

> On 12/18/2015 12:58 PM, jonetsu wrote:
>> Fair enough (in this context).  But what about the code itself, is it ready
>> to be RSA 186-4 compliant ?
> We think we know how to write the code that would be necessary, for FIPS
> 186-4 and all the other new requirements, though you can never be sure
> until *your* specific module has been formally validated. Given the
> capriciousness of the FIPS 140-2 validation process, which I've
> commented on frequently, the fact that someone else did something in
> *their* validation doesn't necessarily mean a lot for *your* validation.
>
> But, without an open source based validation in which such code would
> have any general utility, we see no point in writing FIPS specific code.
> We're not in the business of doing speculative software development.
>
>> And, if we go through a validation, can OpenSSL benefit from it ?
> By "we" do you mean some sort of proprietary commercial validation?
> Those don't contribute at all to the availability of a no-cost open
> source validated module; code is worthless (even "open source" code) for
> the purposes of satisfying the USG/DoD FIPS 140-2 procurement
> requirements if it hasn't been sprinkled with the magical pixie dust of
> FIPS 140-2 validation.
>
> Writing the code isn't trivial, but that has never been the hard part...
Maybe he is asking that if "they" contribute the code, could this
ease the (non-bureaucratic) work that OpenSSL would need to do for
that future "version 3" FIPS module?

Enjoy and Merry Christmas

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

Steve Marquess-4
On 12/21/2015 07:06 AM, Jakob Bohm wrote:

> On 18/12/2015 19:58, Steve Marquess wrote:
>> On 12/18/2015 12:58 PM, jonetsu wrote:
>>> Fair enough (in this context).  But what about the code itself, is it
>>> ready
>>> to be RSA 186-4 compliant ?
>> We think we know how to write the code that would be necessary, for FIPS
>> 186-4 and all the other new requirements, though you can never be sure
>> until *your* specific module has been formally validated. Given the
>> capriciousness of the FIPS 140-2 validation process, which I've
>> commented on frequently, the fact that someone else did something in
>> *their* validation doesn't necessarily mean a lot for *your* validation.
>>
>> But, without an open source based validation in which such code would
>> have any general utility, we see no point in writing FIPS specific code.
>> We're not in the business of doing speculative software development.
>>
>>> And, if we go through a validation, can OpenSSL benefit from it ?
>> By "we" do you mean some sort of proprietary commercial validation?
>> Those don't contribute at all to the availability of a no-cost open
>> source validated module; code is worthless (even "open source" code) for
>> the purposes of satisfying the USG/DoD FIPS 140-2 procurement
>> requirements if it hasn't been sprinkled with the magical pixie dust of
>> FIPS 140-2 validation.
>>
>> Writing the code isn't trivial, but that has never been the hard part...
> Maybe he is asking that if "they" contribute the code, could this
> ease the (non-bureaucratic) work that OpenSSL would need to do for
> that future "version 3" FIPS module?

No, because my colleagues have very specific and detailed ideas on how
the new FIPS specific code would be implemented; as with many
contributions the effort of adapting a third party contribution would be
as much or more work than writing it from scratch.

Availability of code isn't the obstacle here.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users