FIPS Warnings and Cautions

From OpenSSLWiki
Revision as of 11:40, 12 March 2014 by Jwalton (talk | contribs) (moved FIPS:FIPS Warnings and Cautions to FIPS Warnings and Cautions over redirect: Fixed page title)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Software developers are the primary audience of this wiki, and as such naturally tend to focus on technical issues. When told to look into this thing called a "FIPS 140-2 validated module", the developer will focus on questions like: How do I build the FIPS module for this platform? How do I code my application to use it?

This wiki will attempt to address those questions, but there is a huge danger there. There is one and only one reason to use the OpenSSL FIPS Object Module, or the associated "FIPS capable" OpenSSL: because a non-technical policy specifically requires it. There is no advantage to using the FIPS module in any other circumstance; the cryptographic services proviced by the FIPS module are necessarily less secure, less maintainable, and have worse performance than those provided by an OpenSSL release of equal or later vintage. The FIPS module is used only because a specific customer or situation requires it, most commonly the U.S. Government and Department of Defense where procurement policies require that cryptographic implementations be FIPS 140-2 validated.

However, there is a lot more to satisfying those policy mandates than just getting the software to compile and run for your specific platform. FIPS 140-2 also imposes a number of what can be called ideological requirements that have no technical or practical basis and are not obvious or comprehensible to the typical software developer. The mere fact that a FIPS module (and/or FIPS capable OpenSSL) is running on a given platform does not mean that the result can be claimed as FIPS 140-2 validated.

The most obvious example is the requirement that the source code distribution be obtained from a snail-mailed CD and not downloaded from That is true even though a cursory check will show both files to be bit-for-bit identical. A software developer thinks of bits as fungible and interchangeable, like electrons in a wire or drops of water in an ocean; a file (string of bits) copied or moved to another location is the same file. In the world of FIPS 140-2 they are not; the file copied from anywhere than the physical CD is not the same even though it is bit-for-bit identical. The world of FIPS 140-2 contains several such concepts that are incomprehensible to the uninitiated, and sometimes the topic of much discussion and disagreement among the test labs and specialists that work in that world extensively.

The purpose of this page is to present a warning that simply getting the FIPS module to compile and run for your platform(s) of interest is the least of your problems, as you need to satisfy the ideological requirements. That's the hard part, as those requirements are nowhere articulated clearly.

This page will be linked where appropriate using the following icon:

Skull and crossbones.svg Important FIPS Warnings

Summary of major pitfalls (some of which can't easily be summarized and all of which need more detailed discussion):

  • You must use a source distribution file from an official snail-mailed CD.
  • Your target platform must be "close enough" to one of the formally tested platforms.
  • You cannot modify the contents of the source distribution file at all.
  • Your build environment must be "close enough" to the one documented for the formal testing.
This is incomplete.