[openssl-users] Custom Random number generation while in Fips mode

pratyush parimal pratyush.parimal at gmail.com
Thu Jul 28 15:00:33 UTC 2016

Hi Thomas,

Thanks for your response! It clears up matters a lot :)

There's one thing that I thought of though -- even though I'm generating
the salt via non-OpenSSL means, the actual function that I'm using for
hashing is "SHA512" from FIPS OpenSSL.
Does the mere usage of salt that was generated via a non-FIPS-recommended
approach violate my compliance ?

I understand what you mean by "I'm not an auditor or a lawyer" , but I'd
still appreciate your opinion / experience in the matter :)


On Thu, Jul 28, 2016 at 10:23 AM, Thomas Francis, Jr. <
thomas.francis.jr at pobox.com> wrote:

> > On Jul 27, 2016, at 8:18 PM, pratyush parimal <
> pratyush.parimal at gmail.com> wrote:
> >
> > Hi all,
> >
> > I work on a consumer application which is striving to be fips-140-2
> compliant.
> >
> > I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certain parts of the same application, I'm
> using my own non-OpenSSL random number generator to generate salts for
> hashing passwords for the app user accounts(I'm not using RAND_bytes).
> >
> > Does anyone know if using my custom random number generator in this way
> violates the app's fips compliance?
> That’s almost certainly a violation.  There might be a few edge cases
> where it is not, but they’re very unlikely.  To determine if you’re even
> close to such cases, ask: Does the RNG I’m using come from another FIPS 140
> validated cryptographic module?  Am I using that module in approved mode?
> Am I using that module according to its security policy?  Do I have
> explicit permission from the customers’ auditors to mix two modules in my
> product?
> If the answer to all of those questions is yes, you _might_ be OK, for
> now.  A few auditors (in the past, anyway) considered it OK to mix modules,
> while other auditors say no.  My own reading of FIPS 140-2 is that you may
> not mix modules.  But I’m not an auditor or a lawyer. :)
> The other question to ask is: can I clearly explain that the use of the
> non-approved RNG is for non-cryptographic purposes, and easily justify that
> explanation?  Given what you said about why you’re using it, I’m pretty
> sure the answer to that one is “no”. :)  And even if you could, that’s
> still a very weak argument to be making to your customers’ auditors, who
> may decide it’s still not allowed even if they agree it’s for
> non-cryptographic purposes.
> > Am I really supposed to be using
> > RAND_bytes for compliance reasons?
> Yes.
> > Thanks in advance!
> > Pratyush.
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160728/71335cf8/attachment-0001.html>

More information about the openssl-users mailing list