Re: ssl teses forbidden in FIPS mode

Thu, 25 Sep 2008 06:08:07 -0700 

The Doctor wrote:

...
Note also that due to an implementation quirk you need to clear the currently set RNG when switching back into FIPS mode.
It is not an implementation quirk, it is a requirement of FIPS 140. FIPS 140 requires that when switching modes all keys and "critical security parameters" must be cleared. The random number generator state is a critical security parameter. (I'm doing this from memory, but I'm quite sure I've got it right.)
It is an implementation quirk (or to be honest, an outright goof). By the time we caught this problem it was too late to fix it (with the FIPS 140 validation process you freeze your code first, *then* test -- ready, fire, aim!). 


Since there is little practical reason to disable FIPS mode once enabled 
(reference earlier discussion) we elected to just leave that bug as-is 
rather than abort and restart the validation process.

>

...

The end gives up either to choose FIPs and non-MD5 or non-FIPS and MD5.

Please fix as compilation quirks on this is not a laughing
matter.



Ummm, the point is that one *cannot* fix validated software, period, 
even for a security vulnerability.  We lived that recently with the RNG 
 ordeal for the OpenSSL FIPS Object Module v1.1.1.



If you want it secure and want it bug-free, don't use validated code. 
You can of course use the would-otherwise-be-validated code that has 
been fixed (which means it is no longer validated, of course).  But then 
why use FIPS mode at all, it really doesn't buy you anything in 
real-world security terms.



Dr. Steve Henson has recently merged the 0.9.8 FIPS branch into the 
0.9.8 stable branch, so use that if you want non-validated but bug fixed 
FIPS mode code.  We can do bug fixes there, just can't include them in 
the v1.2 frozen code baseline for which the validation is still pending.


-Steve M.


--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]



























					Reply via email to