Low Level Digest if Fips mode

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Low Level Digest if Fips mode

Philip Bellino

Hello,

I am looking for some help  and I do not profess to be an expert in this area, so forgive me for asking the following.

 

I am running openssl-fips-2.0.7 with openssl-1.0.1j in my application(in FIPs mode) and am trying to figure out how to get around the following issue:

 

 

sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!

 

 

From the openssl-1.0.1j “CHANGES” file, I see the following entry:

 

Low level digest APIs are not approved in FIPS mode: any attempt

     to use these will cause a fatal error. Applications that *really* want

     to use them can use the private_* version instead.

     [Steve Henson]

 

Does this mean that if I want to use  low level digest APIs that I would comment out the  ‘ if (FIPS_mode())’ test below?

If this is correct, am I now violating FIPS?

 

From crypto/crypto.h:

 

#ifdef OPENSSL_FIPS

#define fips_md_init_ctx(alg, cx) \

     int alg##_Init(cx##_CTX *c) \

     { \

     if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \

           "Low level API call to digest " #alg " forbidden in FIPS mode!"); \

     return private_##alg##_Init(c); \

     } \

     int private_##alg##_Init(cx##_CTX *c)

 

 

If I am barking up the wrong tree(so to speak), what would be the correct course of action for me to take?

 

Thank you,

Phil

 

 

Phil Bellino

Principal Software Engineer | MRV Communications Inc.

300 Apollo Drive Chelmsford, MA 01824

Phone: 978-674-6870  |   Fax: 978-674-6799

www.mrv.com

 

MRV-email

 

 

E-Banner
 

The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.

Reply | Threaded
Open this post in threaded view
|

RE: Low Level Digest if Fips mode

Salz, Rich
> Does this mean that if I want to use  low level digest APIs that I would comment out the  ' if (FIPS_mode())' test below?
> If this is ocorrect, am I now violating FIPS?

Yes, if you make that change and try to use that API, you would be violating the FIPS validation.

The error message seems pretty clear:
        sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!

Are you asking which API to use instead?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Low Level Digest if Fips mode

Philip Bellino
Yes I am.
I have seen in other posting about using EVP instead, but I am a bit unclear on how to get there from here.
Thanks.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Salz, Rich
Sent: Monday, November 24, 2014 8:40 AM
To: [hidden email]
Subject: RE: Low Level Digest if Fips mode

> Does this mean that if I want to use  low level digest APIs that I would comment out the  ' if (FIPS_mode())' test below?
> If this is ocorrect, am I now violating FIPS?

Yes, if you make that change and try to use that API, you would be violating the FIPS validation.

The error message seems pretty clear:
sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!

Are you asking which API to use instead?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
[E-Banner]<http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture>


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Low Level Digest if Fips mode

Salz, Rich
> Yes I am.
> I have seen in other posting about using EVP instead, but I am a bit unclear
> on how to get there from here.

Well, kinda hard to say without looking at what you're  currently doing.  (And I'm not volunteering to do that kind of code review, although others on this list might help.)

Start by reading the EVP_digest documentation.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Low Level Digest if Fips mode

Matt Caswell-2
In reply to this post by Philip Bellino


On 24/11/14 13:45, Philip Bellino wrote:
> Yes I am.
> I have seen in other posting about using EVP instead, but I am a bit unclear on how to get there from here.
> Thanks.

Some sample code here:
https://wiki.openssl.org/index.php/EVP_Message_Digests

Matt


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Low Level Digest if Fips mode

Dr. Stephen Henson
In reply to this post by Philip Bellino
On Mon, Nov 24, 2014, Philip Bellino wrote:

> Hello,
> I am looking for some help  and I do not profess to be an expert in this area, so forgive me for asking the following.
>
> I am running openssl-fips-2.0.7 with openssl-1.0.1j in my application(in FIPs mode) and am trying to figure out how to get around the following issue:
>
>
> sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!
>
>
> >From the openssl-1.0.1j "CHANGES" file, I see the following entry:
>
> Low level digest APIs are not approved in FIPS mode: any attempt
>      to use these will cause a fatal error. Applications that *really* want
>      to use them can use the private_* version instead.
>      [Steve Henson]
>
> Does this mean that if I want to use  low level digest APIs that I would comment out the  ' if (FIPS_mode())' test below?
> If this is correct, am I now violating FIPS?
>
> >From crypto/crypto.h:
>
> #ifdef OPENSSL_FIPS
> #define fips_md_init_ctx(alg, cx) \
>      int alg##_Init(cx##_CTX *c) \
>      { \
>      if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
>            "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
>      return private_##alg##_Init(c); \
>      } \
>      int private_##alg##_Init(cx##_CTX *c)
>
>
> If I am barking up the wrong tree(so to speak), what would be the correct course of action for me to take?
>

BIG DISCLAIMER: This is a rather complex topic with many differing opinions so
I'll only give mine FWIW.

During the design of the FIPS module it was hoped that changing applications
to support FIPS mode would be a relatively simple process. However it was also
realised that existing applications could perform operations which would
normally be prohibited in FIPS mode. For example use of weak or unapproved
algorithms or APIs that bypass some of the FIPS requirements.

If these were allowed by default then each application would have to be
carefully checked to see if it didn't use any prohibited algorithms or APIs
a tedious error prone process which could result in some applications claiming
compliance when they weren't.

To partly resolve this a form of "blocking" was introduced which returns
errors or in some cases hard asserts failures.

[The reason for the hard assert failures is that some APIs which need to be
blocked have no mechanism to return an error *or* they would always
succeed so applications might not even check errors with potentially severe
consequences]

That however isn't the complete story. There are some unusual circumstances
under which the use of an unapproved algorithm or API might be acceptable even
in FIPS mode. An internal example of that is the use of MD5 for TLS in the PRF.
As a result a mechanism was included to bypass the algorithm or API blocking.
The fact that this isn't done by default means an application writer
(hopefully!) has to think very hard before decidicing to override the
blocking.

TL;DR: in your case it's highly likely you'll have to use the EVP APIs for SHA1
use.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Low Level Digest if Fips mode

Rahul Godbole
In reply to this post by Philip Bellino

Phil,

You need to use the EVP interface.  Using low level API is not recommended and disallowed in FIPS mode. EVP interface is also easy to use.

Thanks
Rahul

On Nov 24, 2014 7:07 PM, "Philip Bellino" <[hidden email]> wrote:

Hello,

I am looking for some help  and I do not profess to be an expert in this area, so forgive me for asking the following.

 

I am running openssl-fips-2.0.7 with openssl-1.0.1j in my application(in FIPs mode) and am trying to figure out how to get around the following issue:

 

 

sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!

 

 

From the openssl-1.0.1j “CHANGES” file, I see the following entry:

 

Low level digest APIs are not approved in FIPS mode: any attempt

     to use these will cause a fatal error. Applications that *really* want

     to use them can use the private_* version instead.

     [Steve Henson]

 

Does this mean that if I want to use  low level digest APIs that I would comment out the  ‘ if (FIPS_mode())’ test below?

If this is correct, am I now violating FIPS?

 

From crypto/crypto.h:

 

#ifdef OPENSSL_FIPS

#define fips_md_init_ctx(alg, cx) \

     int alg##_Init(cx##_CTX *c) \

     { \

     if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \

           "Low level API call to digest " #alg " forbidden in FIPS mode!"); \

     return private_##alg##_Init(c); \

     } \

     int private_##alg##_Init(cx##_CTX *c)

 

 

If I am barking up the wrong tree(so to speak), what would be the correct course of action for me to take?

 

Thank you,

Phil

 

 

Phil Bellino

Principal Software Engineer | MRV Communications Inc.

300 Apollo Drive Chelmsford, MA 01824

Phone: 978-674-6870  |   Fax: 978-674-6799

www.mrv.com

 

MRV-email

 

 

E-Banner
 

The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.