FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

[Matt Caswell]

On 29/10/2021 16:40, Cristian Andrei Sandu wrote:
> Hi all,
> 
> I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL 
> 3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to 
> approach the issue of induced failures for the power on self tests.
> 
> In OpenSSL 1.0.2d we used to use |FIPS_post_set_callback()||||for this 
> purpose, by setting a callback that would trigger a failure of a 
> specific test.|
> 
> ||
> 
> The OpensSSL 3.0.0 design states that “/Any special case code needed to 
> return intermediate values (say for CAVS key generation), to display 
> info (self test states), or change the normal flow of FIPS module code 
> (e.g - self test failure or failing a keygen loop that supplies fixed 
> rand values) will be controlled by *embedding callbacks into the FIPS 
> module code*.”/
> 
> Could you give me some pointers on what would be the best approach for 
> this in OpenSSL 3.0.0?  Am I supposed to use the OSSL_SELF_TEST_* APIs 
> to replace the fips_self_test() callback inside the FIPS module or do I 
> somehow need to patch the FIPS provider with new functionality? Any help 
> would be greatly appreciated.

See the OSSL_PROVIDER-FIPS man page here:

https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-FIPS.html

In particular see the section "SELF TESTING".

See also the man page for OSSL_SELF_TEST_set_callback here:

https://www.openssl.org/docs/man3.0/man3/OSSL_SELF_TEST_set_callback.html

The information on self testing for provider authors may also be useful:
https://www.openssl.org/docs/man3.0/man3/OSSL_SELF_TEST_new.html

Basically you have to provide a callback which will get invoked during 
the self test. The return value from that callback can induce failures. 
There's an example callback on the OSSL_PROVIDER-FIPS man page I linked 
above which shows how to induce a corruption in the SHA1 testing.

Matt