We have a client which is asking about OpenSSL FIPS (Federal Information Processing Standard) 140-2
compliant support validated cryptography use. How do I check whether OpenSSL has FIPS complains is providing FIPS validated cryptography or not?
OS: Redhat 5 Linux
The easiest way to determine if your vendor is FIPS 140-2 certified is to check the NIST website. If a company's name appears in NIST's Cryptographic Module Validation Program (CMVP), they have been vetted by NIST and you should feel comfortable using the vendor's technology.
OpenSSL version 3 contains a FIPS module, see the FIPS module manual page for more information. This FIPS module is validated, and has the certificate number #4282.
Overview. Open up your registry editor and navigate to HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled. If the Enabled value is 0 then FIPS is not enabled. If the Enabled value is 1 then FIPS is enabled.
How do I check whether OpenSSL has is providing FIPS validated cryptography or not?
It depends on how and when you want to check. It also depends on the application.
FIPS could be available but not used. So an application must enable the validated cryptography via FIPS_mode_set
, and the call must succeed.
If you want to check if the FIPS Capable Library, such as OpenSSL 1.0.1e, was configured to use the FIPS Object Module, then you can:
$ cat /usr/local/ssl/include/openssl/opensslconf.h | grep -A 2 -i fips
#ifndef OPENSSL_FIPS
# define OPENSSL_FIPS
#endif
OPENSSL_FIPS
tells you the FIPS Capable Library was configured to use FIPS Object Module. So the FIPS validated cryptography is available.
OPENSSL_FIPS
does not mean the application is using the FIPS validated cryptography, though. The application must call FIPS_mode_set
, and the function must return success.
At runtime, you can print the string associated with the following (its taken from code I use specifically for this):
ostringstream oss;
oss << OPENSSL_VERSION_TEXT;
LogVersion(oss.str().c_str());
The code will produce a log entry similar to the following:
Version: OpenSSL 1.0.1f-fips 6 Jan 2014
You can audit the module with a few tricks. For example, the following will test for some symbols that must be present if executable is truly FIPS.
In this case, I'm testing the OpenSSL FIPS Capable shared object. If the application links to libcrypto.a
, then you can audit the program rather than the OpenSSL shared object.
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_*
00000000000c7f60 T ERR_load_FIPS_strings
00000000000c2250 T FIPS_add_error_data
00000000000c3900 T FIPS_add_lock
0000000000082820 T FIPS_bn_bin2bn
0000000000082980 T FIPS_bn_bn2bin
0000000000082760 T FIPS_bn_clear
0000000000082350 T FIPS_bn_clear_free
00000000000823d0 T FIPS_bn_free
0000000000087c90 T FIPS_bn_generate_prime_ex
0000000000082790 T FIPS_bn_get_word
0000000000082d20 T FIPS_bn_is_bit_set
0000000000087c80 T FIPS_bn_is_prime_ex
0000000000087750 T FIPS_bn_is_prime_fasttest_ex
...
You also have the symbols from fips_premain.c
:
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_text_*
00000000000c4520 T FIPS_text_end
000000000007b340 T FIPS_text_start
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_rodata*
00000000001e1e20 R FIPS_rodata_end
00000000001d8ce0 R FIPS_rodata_start
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_signature*
00000000004696c0 B FIPS_signature
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_incore*
000000000007b5a0 T FIPS_incore_fingerprint
Now, this is really sneaky. You can check that the module includes the self tests. For example, fips_drbg_selftest.h
will include the following bytes its self tests:
0x2e,0xbf,0x98,0xf9,0x85,0x27,0x8b,0xff,0x36,0xb9,0x40,0x0b,
0xc0,0xa1,0xa0,0x13,0x20,0x06,0xcc,0xe6,0x2a,0x03,0x77,0x7d,
0xee,0xde,0xcc,0x34,0xe3,0xcd,0x77,0xea,0xd0,0x3e,0xbe,0xdd,
0xf6,0x15,0xfb,0xa7,0xd7,0x8e,0xd0,0x2e,0x2f,0x82,0x4c,0xc7,
0x87,0xb1,0x6f,0xc5,0xf8,0x5c,0x78,0xde,0x77,0x9b,0x15,0x9a,
0xb9,0x3c,0x38
And you can verify the developer ran incore
or macho_incore
on their executable to embed the FIPS fingerprint by dumping the 20 bytes of the symbol FIPS_signature
. If its 20 bytes of 0's (the default from fips_premain.c
), then the fingerprint was not embedded and FIPS_mode_set
will fail. So its not possible to use FIPS validated cryptography in this case.
Update: I uploaded a slide deck I have on the subject to the OpenSSL wiki. Its called Building Applications using OpenSSL Validated Cryptography: Notes from the Field for Developers and Auditors. You will want to review the material starting around Slide 18.
I built the slide deck for OWASP but there's was no interest in receiving it. I know Stack Overflow frowns upon links like the one on the OpenSSL wiki, but I don't know how to provide a 35+ slide deck here.
To check if openssl is operating under fips mode, issue the following:
$ openssl md5 somefile
The above should fail as MD5 is not a fips approved Hash Standard.
$ openssl sha1 somefile
The above would work as SHA1 is the fips Approved Hash Standard.
Example:
# openssl md5 message.txt
Error setting digest md5
140062425388872:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:251:
# openssl sha1 message.txt
SHA1(messagetext.txt)= 9f5080758dbf71537cc44a4d8cb67564f2ad938a
Reference
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With