如何在 OpenSSL 中检查 FIPS 140-2 支持? [英] How to check FIPS 140-2 support in OpenSSL?
问题描述
我们有一个客户询问 OpenSSL FIPS(联邦信息处理标准)140-2 兼容支持 验证的加密使用.如何检查 OpenSSL 是否有 FIPS 抱怨 是否提供 FIPS 验证的加密?
We have a client which is asking about OpenSSL FIPS (Federal Information Processing Standard) 140-2 compliant support validated cryptography use. How do I check whether OpenSSL has FIPS complains is providing FIPS validated cryptography or not?
操作系统:Redhat 5 Linux
推荐答案
如何检查 OpenSSL 是否提供了 FIPS 验证的加密?
How do I check whether OpenSSL has is providing FIPS validated cryptography or not?
这取决于您想要检查的方式和时间.这也取决于应用程序.
It depends on how and when you want to check. It also depends on the application.
FIPS 可能可用但未使用.因此,应用程序必须通过 FIPS_mode_set 启用经过验证的加密,并且调用必须成功.
FIPS could be available but not used. So an application must enable the validated cryptography via FIPS_mode_set, and the call must succeed.
如果您想检查 FIPS Capable Library(例如 OpenSSL 1.0.1e)是否配置为使用 FIPS 对象模块,那么您可以:
If you want to check if the FIPS Capable Library, such as OpenSSL 1.0.1e, was configured to use the FIPS Object Module, then you can:
$ cat /usr/local/ssl/include/openssl/opensslconf.h | grep -A 2 -i fips
#ifndef OPENSSL_FIPS
# define OPENSSL_FIPS
#endif
OPENSSL_FIPS 告诉您 FIPS 功能库已配置为使用 FIPS 对象模块.所以 FIPS 验证的密码学是可用的.
OPENSSL_FIPS tells you the FIPS Capable Library was configured to use FIPS Object Module. So the FIPS validated cryptography is available.
OPENSSL_FIPS 并不意味着应用程序正在使用 FIPS 验证的加密技术.应用程序必须调用FIPS_mode_set,函数必须返回成功.
OPENSSL_FIPS does not mean the application is using the FIPS validated cryptography, though. The application must call FIPS_mode_set, and the function must return success.
在运行时,您可以打印与以下内容关联的字符串(取自我专门为此使用的代码):
At runtime, you can print the string associated with the following (its taken from code I use specifically for this):
ostringstream oss;
oss << OPENSSL_VERSION_TEXT;
LogVersion(oss.str().c_str());
该代码将生成类似于以下内容的日志条目:
The code will produce a log entry similar to the following:
Version: OpenSSL 1.0.1f-fips 6 Jan 2014
<小时>
您可以使用一些技巧来审核模块.例如,如果可执行文件是真正的 FIPS,下面将测试必须存在的一些符号.
在这种情况下,我正在测试 OpenSSL FIPS Capable 共享对象.如果应用程序链接到 libcrypto.a,那么您可以审核程序而不是 OpenSSL 共享对象.
In this case, I'm testing the OpenSSL FIPS Capable shared object. If the application links to libcrypto.a, then you can audit the program rather than the OpenSSL shared object.
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_*
00000000000c7f60 T ERR_load_FIPS_strings
00000000000c2250 T FIPS_add_error_data
00000000000c3900 T FIPS_add_lock
0000000000082820 T FIPS_bn_bin2bn
0000000000082980 T FIPS_bn_bn2bin
0000000000082760 T FIPS_bn_clear
0000000000082350 T FIPS_bn_clear_free
00000000000823d0 T FIPS_bn_free
0000000000087c90 T FIPS_bn_generate_prime_ex
0000000000082790 T FIPS_bn_get_word
0000000000082d20 T FIPS_bn_is_bit_set
0000000000087c80 T FIPS_bn_is_prime_ex
0000000000087750 T FIPS_bn_is_prime_fasttest_ex
...
<小时>
您还有来自 fips_premain.c 的符号:
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_text_*
00000000000c4520 T FIPS_text_end
000000000007b340 T FIPS_text_start
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_rodata*
00000000001e1e20 R FIPS_rodata_end
00000000001d8ce0 R FIPS_rodata_start
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_signature*
00000000004696c0 B FIPS_signature
$ nm /usr/local/ssl/lib/libcrypto.so | grep -i fips_incore*
000000000007b5a0 T FIPS_incore_fingerprint
<小时>
现在,这真的是偷偷摸摸.您可以检查模块是否包含自检.例如,fips_drbg_selftest.h 将包括以下字节的自测:
Now, this is really sneaky. You can check that the module includes the self tests. For example, fips_drbg_selftest.h will include the following bytes its self tests:
0x2e,0xbf,0x98,0xf9,0x85,0x27,0x8b,0xff,0x36,0xb9,0x40,0x0b,
0xc0,0xa1,0xa0,0x13,0x20,0x06,0xcc,0xe6,0x2a,0x03,0x77,0x7d,
0xee,0xde,0xcc,0x34,0xe3,0xcd,0x77,0xea,0xd0,0x3e,0xbe,0xdd,
0xf6,0x15,0xfb,0xa7,0xd7,0x8e,0xd0,0x2e,0x2f,0x82,0x4c,0xc7,
0x87,0xb1,0x6f,0xc5,0xf8,0x5c,0x78,0xde,0x77,0x9b,0x15,0x9a,
0xb9,0x3c,0x38
<小时>
并且您可以通过转储符号 FIPS_signatureincore 或 macho_incore 以嵌入 FIPS 指纹>.如果它的 20 个字节是 0(fips_premain.c 中的默认值),则指纹未嵌入并且 FIPS_mode_set 将失败.因此,在这种情况下不可能使用 FIPS 验证的密码术.
And you can verify the developer ran incore or macho_incore on their executable to embed the FIPS fingerprint by dumping the 20 bytes of the symbol FIPS_signature. If its 20 bytes of 0's (the default from fips_premain.c), then the fingerprint was not embedded and FIPS_mode_set will fail. So its not possible to use FIPS validated cryptography in this case.
更新:我已将有关该主题的幻灯片上传到 OpenSSL wiki.它称为 使用 OpenSSL 验证密码学构建应用程序:来自现场的笔记供开发人员和审计人员使用.您需要从幻灯片 18 左右开始复习材料.
Update: I uploaded a slide deck I have on the subject to the OpenSSL wiki. Its called Building Applications using OpenSSL Validated Cryptography: Notes from the Field for Developers and Auditors. You will want to review the material starting around Slide 18.
我为 OWASP 制作了幻灯片,但没有兴趣收到它.我知道 Stack Overflow 不喜欢 OpenSSL wiki 上的链接,但我不知道如何在此处提供 35+ 幻灯片.
I built the slide deck for OWASP but there's was no interest in receiving it. I know Stack Overflow frowns upon links like the one on the OpenSSL wiki, but I don't know how to provide a 35+ slide deck here.
这篇关于如何在 OpenSSL 中检查 FIPS 140-2 支持?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
