On Fri, 2010-01-22 at 10:24 -0500, Przemek Klosowski wrote:
I don't believe so---it's not my line of business but I understand that
in some circumstances (government, regulated companies) encryption must be certified to the FIPS 140-2 standard
on Linux encryption (https, ssh) is handled by OpenSSL, which went through the FIPS certification process
one of the conditions of FIPS certification is a capability for run-time consistency checks, hence the fipscheck package
the fipscheck package checks against the checksums stored in the .XXX.hmac files, therefore those files are required if a system needs to be FIPS-compliant.
Yes, all the above is correct although it does not mean that the packages in Fedora are certified, they just have/use the changes which are necessary for certification.
Having said that, I don't understand how does this scheme prevent someone from subverting the executable and creating a matching .hmac file, so that the fipscheck fails to see the problem. I expect it's handled properly but I don't know how.
No, it does not prevent malicious attacker from subverting the executable. The integrity check prevents just inadvertent modification of the executables/libraries which contain the certified code.