The Doctor wrote:
...
Note also that due to an implementation quirk you need to clear the
currently set RNG when switching back into FIPS mode.
It is not an implementation quirk, it is a requirement of FIPS 140. FIPS
140 requires that when switching modes all keys and "critical security
parameters" must be cleared. The random number generator state is a
critical security parameter. (I'm doing this from memory, but I'm quite
sure I've got it right.)
It is an implementation quirk (or to be honest, an outright goof). By the
time we caught this problem it was too late to fix it (with the FIPS 140
validation process you freeze your code first, *then* test -- ready, fire,
aim!).
Since there is little practical reason to disable FIPS mode once enabled
(reference earlier discussion) we elected to just leave that bug as-is
rather than abort and restart the validation process.
>
...
The end gives up either to choose FIPs and non-MD5 or non-FIPS and MD5.
Please fix as compilation quirks on this is not a laughing
matter.
Ummm, the point is that one *cannot* fix validated software, period,
even for a security vulnerability. We lived that recently with the RNG
ordeal for the OpenSSL FIPS Object Module v1.1.1.
If you want it secure and want it bug-free, don't use validated code.
You can of course use the would-otherwise-be-validated code that has
been fixed (which means it is no longer validated, of course). But then
why use FIPS mode at all, it really doesn't buy you anything in
real-world security terms.
Dr. Steve Henson has recently merged the 0.9.8 FIPS branch into the
0.9.8 stable branch, so use that if you want non-validated but bug fixed
FIPS mode code. We can do bug fixes there, just can't include them in
the v1.2 frozen code baseline for which the validation is still pending.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]