On Fri, Jul 02, 2004, Marquess, Steve Mr JMLFDC wrote: > > Two related patches I posted earlier are for a FIPS specific default > ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases > (pem_lib.c). Any additional feedback on those would also be greatly > appreciated; so far I've heard no objections to either. If there is > a reason they can't be incorporated please let me know. >
I hadn't seen the PEM patch before. IMHO there are problems with that approach. As it stands it simply changes the key derivation digest from MD5 to SHA1 without any indication in the private key file that this is so. The result is that private keys generated in FIPS mode can't be accessed outside FIPS mode and vice-versa. I also suspect that the error produced by attempting to access keys from different modes is just a decrypt failure which is exactly the same as you get, for example, if the passphrase is incorrect. OpenSSL already supports various private key formats which only use FIPS approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one solution is to just change the behaviour of PEM_write_PrivateKey() and friends to call the PKCS#8 variants. The openssl pkcs8 utility can readily convert between the formats. The read version PEM_read_PrivateKey() automatically works out the format so it doesn't need to be changed. The second alternative is to modify the PEM headers to include a string saying that SHA1 is the digest algorithm used and to recognize this in both FIPS and none FIPS modes. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
