[openssl-users] Custom Random number generation while in Fips mode

Thomas Francis, Jr. thomas.francis.jr at pobox.com
Thu Jul 28 14:23:04 UTC 2016


> On Jul 27, 2016, at 8:18 PM, pratyush parimal <pratyush.parimal at gmail.com> wrote:
> 
> Hi all,
> 
> I work on a consumer application which is striving to be fips-140-2 compliant.
> 
> I'm using OpenSSL as recommended in the fips guide by invoking fips_mode_set(). However, in certain parts of the same application, I'm using my own non-OpenSSL random number generator to generate salts for hashing passwords for the app user accounts(I'm not using RAND_bytes).
> 
> Does anyone know if using my custom random number generator in this way violates the app's fips compliance?

That’s almost certainly a violation.  There might be a few edge cases where it is not, but they’re very unlikely.  To determine if you’re even close to such cases, ask: Does the RNG I’m using come from another FIPS 140 validated cryptographic module?  Am I using that module in approved mode?  Am I using that module according to its security policy?  Do I have explicit permission from the customers’ auditors to mix two modules in my product?

If the answer to all of those questions is yes, you _might_ be OK, for now.  A few auditors (in the past, anyway) considered it OK to mix modules, while other auditors say no.  My own reading of FIPS 140-2 is that you may not mix modules.  But I’m not an auditor or a lawyer. :)

The other question to ask is: can I clearly explain that the use of the non-approved RNG is for non-cryptographic purposes, and easily justify that explanation?  Given what you said about why you’re using it, I’m pretty sure the answer to that one is “no”. :)  And even if you could, that’s still a very weak argument to be making to your customers’ auditors, who may decide it’s still not allowed even if they agree it’s for non-cryptographic purposes.

> Am I really supposed to be using 
> RAND_bytes for compliance reasons?

Yes.

> Thanks in advance!
> Pratyush.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list