/dev/random in FIPS mode Error: PRNG not seeded

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

/dev/random in FIPS mode Error: PRNG not seeded

Cipher
Hello,

We have a custom hardware system running Linux Debian OS having openssl
1.0.2l compiled with FIPS module 2.0. We are trying for FIPS 140-2
certification.

By default it looks like openssl RAND_poll() uses /dev/urandom for entropy.
We are told this may not be acceptable for FIPS 140-2 Level 1 certification
and we should be using /dev/random. So we patched e_os.h to change order to
use "/dev/random" than /dev/urandom.

 i.e  before   define DEVRANDOM  "/dev/urandom","/dev/random"
       after     define DEVRANDOM  "/dev/random","/dev/urandom"

Now we see that openssl is using /dev/random, but the problem is openssl
operations randomly fail when run multiple times with "PRNG not seeded"
error. This is in-spite of having rngd installed to boost entropy.

[root@debian ~]# OPENSSL_FIPS=1 openssl version
FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root@debian ~]# OPENSSL_FIPS=1 openssl version
FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root@debian ~]#
[root@debian ~]# OPENSSL_FIPS=1 openssl version
139889362065040:error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:549:You need to read
the OpenSSL FAQ, http://www.openssl.org/support/faq.html
139889362065040:error:2D07406D:FIPS routines:FIPS_drbg_instantiate:error
retrieving entropy:fips_drbg_lib.c:284:
139889362065040:error:24066067:random number generator:RAND_init_fips:error
instantiating drbg:rand_lib.c:293:
139889362065040:error:04088003:rsa routines:RSA_setup_blinding:BN
lib:rsa_crpt.c:212:
139889362065040:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal
error:rsa_eay.c:443:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=RSA SHA256 PSS
139889362065040:error:2A067068:lib(42):ECDSA_sign_setup:random number
generation failed:ecs_ossl.c:149:
139889362065040:error:2A06502A:lib(42):ECDSA_do_sign:reason(42):ecs_ossl.c:308:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=ECDSA P-224
139889362065040:error:0A06B003:dsa routines:DSA_sign_setup:BN
lib:dsa_ossl.c:318:
139889362065040:error:0A070003:dsa routines:DSA_do_sign:BN
lib:dsa_ossl.c:225:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=DSA SHA384

[root@debian ~]# cat /proc/sys/kernel/random/entropy_avail
3090
[root@debian ~]#

Few Questions:
1)Would anyone know if usage of /dev/random as openssl entropy source is
mandatory for FIPS 140-2 certification?
2) entropy_avail shows 3090, yet we hit 'PRNG not seeded' error. Is this
because every FIPS_mode_set(1) call utilizes lot of entropy for selfTests
etc? Is there any entropy estimate for each FIPS_mode_set() call?
3) Is there a way to avoid this issue with openssl code changes? i.e by
doing some sort of auto-fallback to /dev/urandom if /dev/random pool is
drained.
4) Since /dev/random is blocking, shouldn't openssl commands get stuck than
error out if enough entropy is not available? Is there a way to do such a
thing(by waiting for pool to get replenished). If yes what part of code
needs to be changed?

Thanks in Advance,
D



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: /dev/random in FIPS mode Error: PRNG not seeded

Paul Dale
In FIPS mode, the default entropy gathering is not performed.  You, the user, must supply all entropy to the module.
See section 6.1.1 of the OpenSSL FIPS User Guide (https://www.openssl.org/docs/fips/UserGuide-2.0.pdf).


Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia


-----Original Message-----
From: Cipher [mailto:[hidden email]]
Sent: Wednesday, 12 September 2018 7:24 PM
To: [hidden email]
Subject: [openssl-users] /dev/random in FIPS mode Error: PRNG not seeded

Hello,

We have a custom hardware system running Linux Debian OS having openssl 1.0.2l compiled with FIPS module 2.0. We are trying for FIPS 140-2 certification.

By default it looks like openssl RAND_poll() uses /dev/urandom for entropy.
We are told this may not be acceptable for FIPS 140-2 Level 1 certification and we should be using /dev/random. So we patched e_os.h to change order to use "/dev/random" than /dev/urandom.

 i.e  before   define DEVRANDOM  "/dev/urandom","/dev/random"
       after     define DEVRANDOM  "/dev/random","/dev/urandom"

Now we see that openssl is using /dev/random, but the problem is openssl operations randomly fail when run multiple times with "PRNG not seeded"
error. This is in-spite of having rngd installed to boost entropy.

[root@debian ~]# OPENSSL_FIPS=1 openssl version FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root@debian ~]# OPENSSL_FIPS=1 openssl version FIPS mode ON.
OpenSSL 1.0.2l-fips  25 May 2017
[root@debian ~]#
[root@debian ~]# OPENSSL_FIPS=1 openssl version 139889362065040:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:549:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
139889362065040:error:2D07406D:FIPS routines:FIPS_drbg_instantiate:error
retrieving entropy:fips_drbg_lib.c:284:
139889362065040:error:24066067:random number generator:RAND_init_fips:error instantiating drbg:rand_lib.c:293:
139889362065040:error:04088003:rsa routines:RSA_setup_blinding:BN
lib:rsa_crpt.c:212:
139889362065040:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal
error:rsa_eay.c:443:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=RSA SHA256 PSS 139889362065040:error:2A067068:lib(42):ECDSA_sign_setup:random number generation failed:ecs_ossl.c:149:
139889362065040:error:2A06502A:lib(42):ECDSA_do_sign:reason(42):ecs_ossl.c:308:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=ECDSA P-224 139889362065040:error:0A06B003:dsa routines:DSA_sign_setup:BN
lib:dsa_ossl.c:318:
139889362065040:error:0A070003:dsa routines:DSA_do_sign:BN
lib:dsa_ossl.c:225:
139889362065040:error:2D079089:FIPS routines:fips_pkey_signature_test:test
failure:fips_post.c:334:Type=DSA SHA384

[root@debian ~]# cat /proc/sys/kernel/random/entropy_avail
3090
[root@debian ~]#

Few Questions:
1)Would anyone know if usage of /dev/random as openssl entropy source is mandatory for FIPS 140-2 certification?
2) entropy_avail shows 3090, yet we hit 'PRNG not seeded' error. Is this because every FIPS_mode_set(1) call utilizes lot of entropy for selfTests etc? Is there any entropy estimate for each FIPS_mode_set() call?
3) Is there a way to avoid this issue with openssl code changes? i.e by doing some sort of auto-fallback to /dev/urandom if /dev/random pool is drained.
4) Since /dev/random is blocking, shouldn't openssl commands get stuck than error out if enough entropy is not available? Is there a way to do such a thing(by waiting for pool to get replenished). If yes what part of code needs to be changed?

Thanks in Advance,
D



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users