OpenSSL 3.0.0 FIPS compatible ECDH-KAS
Dr Paul Dale
pauli at openssl.org
Fri Oct 8 00:09:09 UTC 2021
Kory,
The situation is more complicated but your solution below is the one I'd
have suggested.
SP800-90B says bad things about /dev/random but this is modified by IG
7.14 indicates that it is okay to use /dev/random. Then IG 7.19 says
that it isn't. The current FIPS 140-2 validation is sidestepping the
ongoing changes to the standards and mandates by placing the entropy
collection outside the FIPS boundary. This will incur a caveat but it
is the best we could hope for given the variety of platforms being
validated and the rate of change of the commandments.
Pauli
On 8/10/21 6:23 am, Kory Hamzeh wrote:
> Hi Pauli,
>
> I had some success by doing this:
>
>
> static const OSSL_ALGORITHM sc4k_rands[] = {
> { "SC4K-SEED-SRC", "fips=yes", sc4k_seed_src_functions },
> { NULL, NULL, NULL }
> };
>
> and passing “fips=yes” when I set the seed source.
>
> I am still curious to know is the FIPS module uses providers/implementations/rands/seed_src.c to seed the RNG. My understanding is that /dev/random is not secure enough per NIST SP-800-90B.
>
> Sorry I picked the wrong message thread for these questions. This is about my custom entropy source that you helped ne with.
>
> Thanks,
> Kory
>
>
> .
>> On Oct 7, 2021, at 11:19 AM, Kory Hamzeh <kory at avatarci.com> wrote:
>>
>> Hi Pauli,
>>
>> Running into a strange problem. My custom seed source works fine, but if I call:
>> EVP_set_default_properties(NULL, "fips=yes");
>>
>> Then my seed source is not used. Does FIPS have its own seed source? The whole purpose of this exercise was to create a NIST SP-800-90B compliant entropy source for FIPS.
>>
>> Thanks,
>> Kory
>>
>>
>>> On Sep 22, 2021, at 3:51 PM, Dr Paul Dale <pauli at openssl.org> wrote:
>>>
>>> If you are only using functions that are deprecated, you'll get away without for the moment.
>>>
>>> Pauli
>>>
>>> On 23/9/21 8:45 am, Kory Hamzeh wrote:
>>>> Hi Pauli,
>>>>
>>>> Thanks for the reply. Yes, I have loaded the base and fips providers.
>>>>
>>>> But just to clarify, I still need to rewrite to low-level code to use the EVP code, correct?
>>>>
>>>> Thanks,
>>>> Kory
>>>>
>>>>
>>>>> On Sep 22, 2021, at 3:29 PM, Dr Paul Dale <pauli at openssl.org> wrote:
>>>>>
>>>>> Adding that should be enough to force only FIPS validated algorithms are used.
>>>>>
>>>>> Just doing that isn't enough, there is more you are going to need to do. E.g. you will need to load the FIPS and base providers either via config or explicitly.
>>>>>
>>>>> It's possible to set the default properties via config too.
>>>>>
>>>>>
>>>>> Everything is documented and I'd recommend starting with the migration guide manual page and working from there.
>>>>>
>>>>> In my opinion, the 1.0 -> 1.1 transition is the more onerous part.
>>>>>
>>>>>
>>>>> Pauli
>>>>>
>>>>> On 23/9/21 3:44 am, Kory Hamzeh wrote:
>>>>>> I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g + openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using the low level ECDH functions similar to what is documented here:
>>>>>>
>>>>>> https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#Using_the_Low_Level_APIs
>>>>>>
>>>>>> According to the OpenSSL 3.0.0 Wiki, I MUST rewrite my code to use the high level EVP functions if I want FIPS compatibility. If so, I was going to follow the EVP example at the top of the same URL above.
>>>>>>
>>>>>> However, I can use some help. Using the EVP example on that page, when and which methods do I need to fetch? If I just add this at the top:
>>>>>>
>>>>>> EVP_set_default_properties(NULL, "fips=yes”);
>>>>>>
>>>>>> will that be enough?
>>>>>>
>>>>>> Thanks,
>>>>>> Kory
>>>>>>
>>>>>>
>>>>>>
>>>>>>
More information about the openssl-users
mailing list