OpenSSL 3.0.0 FIPS compatible ECDH-KAS

Dr Paul Dale pauli at openssl.org
Fri Oct 8 00:09:09 UTC 2021


Kory,

The situation is more complicated but your solution below is the one I'd 
have suggested.

SP800-90B says bad things about /dev/random but this is modified by IG 
7.14 indicates that it is okay to use /dev/random. Then IG 7.19 says 
that it isn't.  The current FIPS 140-2 validation is sidestepping the 
ongoing changes to the standards and mandates by placing the entropy 
collection outside the FIPS boundary.  This will incur a caveat but it 
is the best we could hope for given the variety of platforms being 
validated and the rate of change of the commandments.

Pauli


On 8/10/21 6:23 am, Kory Hamzeh wrote:
> Hi Pauli,
>
> I had some success by doing this:
>
>
> static const OSSL_ALGORITHM sc4k_rands[] = {
>      { "SC4K-SEED-SRC", "fips=yes", sc4k_seed_src_functions },
>      { NULL, NULL, NULL }
> };
>
> and passing “fips=yes” when I set the seed source.
>
> I am still curious to know is the FIPS module uses  providers/implementations/rands/seed_src.c to seed the RNG. My understanding is that /dev/random is not secure enough per NIST SP-800-90B.
>
> Sorry I picked the wrong message thread for these questions. This is about my custom entropy source that you helped ne with.
>
> Thanks,
> Kory
>
>
> .
>> On Oct 7, 2021, at 11:19 AM, Kory Hamzeh <kory at avatarci.com> wrote:
>>
>> Hi Pauli,
>>
>> Running into a strange problem. My custom seed source works fine, but if I call:
>>    EVP_set_default_properties(NULL, "fips=yes");
>>
>> Then my seed source is not used. Does FIPS have its own seed source? The whole purpose of this exercise was to create a NIST SP-800-90B compliant entropy source for FIPS.
>>
>> Thanks,
>> Kory
>>
>>
>>> On Sep 22, 2021, at 3:51 PM, Dr Paul Dale <pauli at openssl.org> wrote:
>>>
>>> If you are only using functions that are deprecated, you'll get away without for the moment.
>>>
>>> Pauli
>>>
>>> On 23/9/21 8:45 am, Kory Hamzeh wrote:
>>>> Hi Pauli,
>>>>
>>>> Thanks for the reply. Yes, I have loaded the base and fips providers.
>>>>
>>>> But just to clarify, I still need to rewrite to low-level code to use the EVP code, correct?
>>>>
>>>> Thanks,
>>>> Kory
>>>>
>>>>
>>>>> On Sep 22, 2021, at 3:29 PM, Dr Paul Dale <pauli at openssl.org> wrote:
>>>>>
>>>>> Adding that should be enough to force only FIPS validated algorithms are used.
>>>>>
>>>>> Just doing that isn't enough, there is more you are going to need to do.  E.g. you will need to load the FIPS and base providers either via config or explicitly.
>>>>>
>>>>> It's possible to set the default properties via config too.
>>>>>
>>>>>
>>>>> Everything is documented and I'd recommend starting with the migration guide manual page and working from there.
>>>>>
>>>>> In my opinion, the 1.0 -> 1.1 transition is the more onerous part.
>>>>>
>>>>>
>>>>> Pauli
>>>>>
>>>>> On 23/9/21 3:44 am, Kory Hamzeh wrote:
>>>>>> I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g + openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using the low level ECDH functions similar to what is documented here:
>>>>>>
>>>>>> https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#Using_the_Low_Level_APIs
>>>>>>
>>>>>> According to the OpenSSL 3.0.0 Wiki, I MUST rewrite my code to use the high level EVP functions if I want FIPS compatibility. If so, I was going to follow the EVP example at the top of the same URL above.
>>>>>>
>>>>>> However, I can use some help. Using the EVP example on that page, when and which methods do I need to fetch? If I just add this at the top:
>>>>>>
>>>>>>    EVP_set_default_properties(NULL, "fips=yes”);
>>>>>>
>>>>>> will that be enough?
>>>>>>
>>>>>> Thanks,
>>>>>> Kory
>>>>>>
>>>>>>
>>>>>>
>>>>>>



More information about the openssl-users mailing list