Archived TD0028: MDFPP v2.0 FCS_ CKM_EXT.4 Memory Clear and Read-verify
PP_MD_V2.0, requirement FCS_CKM_EXT.4
The MDFPP v2.0 rewrite of FCS_CKM_EXT.4 requires that the TOE perform a “read-verify” after clearing keys in RAM. This is new (or at least more explicit now), and causing problems as the OpenSSL library does zeroization of memory before freeing them, but does not perform a read-verify. Changing the code to implement the read-verify would invalidate the OpenSSL FIPS 140-2 validation.
The read-verify action should not apply to volatile memory and should be removed from the requirement. It will still be required for non-volatile memory. The revised requirement will read as follows:
FCS_CKM_EXT.4.1 The TSF shall destroy cryptographic keys in accordance with the specified cryptographic key destruction methods:
This was likely the result of copying from the non-volatile memory procedures, since they require read-verify.