Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it disables the use of non-approved
algorithms.
A single application can work in both FIPS and non-FIPS mode. You can
add in code to choose which mode to be in on a per-connection basis if
that is what your application requires.
See the usage of FIPS_mode_set()
Note also that due to an implementation quirk you need to clear the
currently set RNG when switching back into FIPS mode.
It is not an implementation quirk, it is a requirement of FIPS 140.
FIPS 140 requires that when switching modes all keys and "critical
security parameters" must be cleared. The random number generator state
is a critical security parameter. (I'm doing this from memory, but I'm
quite sure I've got it right.)
The model they use is that in non-FIPS mode, insecure things might be
running that would read out the state, or allow the state to be
modified. In an attacker could set the state, then transition into FIPS
mode, he could predict future outputs. All FIPS approved random number
generators have backtracking resistance, i.e. discovering the state does
not reveal previous outputs. So transitioning out of FIPS mode with RNG
state intact would be less serious than transitioning into it. But you
still don't want to spill state of an RNG that was just used to make a
high-value key.
i.e.
RAND_set_rand_method(NULL);
FIPS_set_mode(1);
Tim.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
-- David Jacobson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
