[openssl-users] Custom Random number generation while in Fips mode
Thomas Francis, Jr.
thomas.francis.jr at pobox.com
Thu Jul 28 14:23:04 UTC 2016
> On Jul 27, 2016, at 8:18 PM, pratyush parimal <pratyush.parimal at gmail.com> wrote:
>
> Hi all,
>
> I work on a consumer application which is striving to be fips-140-2 compliant.
>
> I'm using OpenSSL as recommended in the fips guide by invoking fips_mode_set(). However, in certain parts of the same application, I'm using my own non-OpenSSL random number generator to generate salts for hashing passwords for the app user accounts(I'm not using RAND_bytes).
>
> Does anyone know if using my custom random number generator in this way violates the app's fips compliance?
That’s almost certainly a violation. There might be a few edge cases where it is not, but they’re very unlikely. To determine if you’re even close to such cases, ask: Does the RNG I’m using come from another FIPS 140 validated cryptographic module? Am I using that module in approved mode? Am I using that module according to its security policy? Do I have explicit permission from the customers’ auditors to mix two modules in my product?
If the answer to all of those questions is yes, you _might_ be OK, for now. A few auditors (in the past, anyway) considered it OK to mix modules, while other auditors say no. My own reading of FIPS 140-2 is that you may not mix modules. But I’m not an auditor or a lawyer. :)
The other question to ask is: can I clearly explain that the use of the non-approved RNG is for non-cryptographic purposes, and easily justify that explanation? Given what you said about why you’re using it, I’m pretty sure the answer to that one is “no”. :) And even if you could, that’s still a very weak argument to be making to your customers’ auditors, who may decide it’s still not allowed even if they agree it’s for non-cryptographic purposes.
> Am I really supposed to be using
> RAND_bytes for compliance reasons?
Yes.
> Thanks in advance!
> Pratyush.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list