[openssl-users] /dev/random in FIPS mode Error: PRNG not seeded

Cipher dhanukumar1990 at gmail.com
Wed Sep 12 09:23:45 UTC 2018 

Hello,

We have a custom hardware system running Linux Debian OS having openssl
1.0.2l compiled with FIPS module 2.0. We are trying for FIPS 140-2
certification.

By default it looks like openssl RAND_poll() uses /dev/urandom for entropy.
We are told this may not be acceptable for FIPS 140-2 Level 1 certification
and we should be using /dev/random. So we patched e_os.h to change order to
use "/dev/random" than /dev/urandom.

 i.e  before   define DEVRANDOM  "/dev/urandom","/dev/random"
       after     define DEVRANDOM  "/dev/random","/dev/urandom"

Now we see that openssl is using /dev/random, but the problem is openssl
operations randomly fail when run multiple times with "PRNG not seeded"
error. This is in-spite of having rngd installed to boost entropy.

[root at debian ~]# OPENSSL_FIPS=1 openssl version
FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root at debian ~]# OPENSSL_FIPS=1 openssl version
FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root at debian ~]#
[root at debian ~]# OPENSSL_FIPS=1 openssl version
139889362065040:error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:549:You need to read
the OpenSSL FAQ, http://www.openssl.org/support/faq.html
139889362065040:error:2D07406D:FIPS routines:FIPS_drbg_instantiate:error
retrieving entropy:fips_drbg_lib.c:284:
139889362065040:error:24066067:random number generator:RAND_init_fips:error
instantiating drbg:rand_lib.c:293:
139889362065040:error:04088003:rsa routines:RSA_setup_blinding:BN
lib:rsa_crpt.c:212:
139889362065040:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal
error:rsa_eay.c:443:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=RSA SHA256 PSS
139889362065040:error:2A067068:lib(42):ECDSA_sign_setup:random number
generation failed:ecs_ossl.c:149:
139889362065040:error:2A06502A:lib(42):ECDSA_do_sign:reason(42):ecs_ossl.c:308:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=ECDSA P-224
139889362065040:error:0A06B003:dsa routines:DSA_sign_setup:BN
lib:dsa_ossl.c:318:
139889362065040:error:0A070003:dsa routines:DSA_do_sign:BN
lib:dsa_ossl.c:225:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=DSA SHA384

[root at debian ~]# cat /proc/sys/kernel/random/entropy_avail
3090
[root at debian ~]#

Few Questions:
1)Would anyone know if usage of /dev/random as openssl entropy source is
mandatory for FIPS 140-2 certification?
2) entropy_avail shows 3090, yet we hit 'PRNG not seeded' error. Is this
because every FIPS_mode_set(1) call utilizes lot of entropy for selfTests
etc? Is there any entropy estimate for each FIPS_mode_set() call?
3) Is there a way to avoid this issue with openssl code changes? i.e by
doing some sort of auto-fallback to /dev/urandom if /dev/random pool is
drained.
4) Since /dev/random is blocking, shouldn't openssl commands get stuck than
error out if enough entropy is not available? Is there a way to do such a
thing(by waiting for pool to get replenished). If yes what part of code
needs to be changed?

Thanks in Advance,
D



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

More information about the openssl-users mailing list