[openssl-users] Forcing the FIPS module to fail (no way)

Alberto Roman Linacero aroman at alienvault.com
Tue Sep 1 19:50:56 UTC 2015


So, it is possible in runtime to know if the FIPS module code has been
changed after compiling? I mean, after the openssl has been compiled
with the FIPS Object Module (./config fips & make & make install), the
4 files in the FIPS Object Module (fipscanister* and so on) doesn't
need to be in the final system to let work the application (openssl
for instance).

Is there any way to know, at runtime, that the FIPS Object Module code
has not been changed?

Or, another way to ask, can I run a FIPS capable openssl and modify
something somewhere that warns me that the crypto module has been
changed?

Also, just for the openssl-users records: to make fail the FIPS module
it is needed to change the fipscanister.o file or the fips_premain.c
file. Then an error will appear when try to link some other
application (openssl in my example):

server:~/openssl-1.0.1p# make install
[...]
( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -ldl}";
LDCMD="${LDCMD:-/usr/local/ssl/fips-2.0/bin/fipsld}";
LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x;
done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed
-e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD}
${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o
dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o
crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o
genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o
apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o
nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o
cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} )
1c1
< HMAC-SHA1(fipscanister.o)= 434ccf6304c5eb4724240ae1a6fd4345d4922db5
---
> HMAC-SHA1(fipscanister.o)= a1b9666ebbcb8fee0cbd15aa9d55862bf0d7062e
/usr/local/ssl/fips-2.0/lib//fipscanister.o fingerprint mismatch
make[2]: *** [link_app.] Error 1

Thanks again,
Alberto.

2015-09-01 19:53 GMT+02:00 Dr. Stephen Henson <steve at openssl.org>:
> On Tue, Sep 01, 2015, Alberto Roman Linacero wrote:
>
>> Hi there, I'd like to know how to make fail some application compiled
>> with the FIPS module, I need to make that test for a certification
>> process but my tests doesn't get the application fail.
>>
>> When some application is compiled with fipscanister.o  it stores
>> inside the application a FIPS_signature. Then, when the application
>> calls to FIPS_mode_set(1) that HMAC-SHA1 signature is checked and if
>> the application binary has been modified it will lead to an error.
>>
>> But I'm not able to generate that error. To test it, I compiled
>> openssl with fips support , then I started FIPS mode, brutally changed
>> some random bits in the apps/openssl binary, and then I tried a simple
>> hash1:
>>
>> server:~/openssl-1.0.1p# export OPENSSL_FIPS=1
>> server:~/openssl-1.0.1p# vi apps/openssl
>> server:~/openssl-1.0.1p# apps/openssl sha1 NEWS
>> SHA1(NEWS)= 163e5a1ff9b2b06dafdc8783ce91c4d0a49f55db
>>
>> Why it is not failing? The fips self-tests should show some kind of
>> error, AFAIK. (obviously I can easily get a segfault, but that's not
>> what I want).
>>
>
> The FIPS signature checks for changes in the FIPS module code itself not
> the whole binary. So if you change some code that isn't part of the FIPS
> module the integrity test will not fail.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Alberto Román

Engineering team
http://www.alienvault.com

Mobile:  +34 605804179
Phone: + 91 5151344
Email: aroman at alienvault.com


More information about the openssl-users mailing list