Discussion:
Initialization of RNG in FIPS mode
Roger No-Spam
2014-10-08 13:02:02 UTC
Permalink
Hi,

I'm experimenting with porting openssl-1.0.1/openssl-fips-2.0 to a proprietary platform. FIPS_mode_set was failing for me, and some investigation showed that it was the rsa post tests that failed, and that it was related to RNG initialization. I found that if I added the following code before my FIPS_mode_set() call, FIPS mode was entered successfully.

{
DRBG_CTX *ctx;
size_t i;
/*FIPS_set_error_callbacks(put_err_cb, add_err_cb); */
for (i = 0; i < sizeof(dummy_entropy); i++)
dummy_entropy[i] = i & 0xff;
if (entropy_stick)
memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
ctx = FIPS_get_default_drbg();
FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
FIPS_rand_set_method(FIPS_drbg_method());
}

This looks a bit complicated. I've been trying to find information on how RNG initialization is supposed to work in FIPS mode, but I have not been able to find anything. How is this supposed to be handled? I fear that I unknowingly have ripped something out that is causing this.

Can anyone give me a description of RNG initialization in FIPS mode, please?

--
R
Kevin Fowler
2014-10-08 13:32:01 UTC
Permalink
Roger,
The FIPS_mode_set() call normally calls OpenSSL_init(), which calls
RAND_init_fips(), which initializes/instantiates the FIPS DRBG (including
seeding with good entropy from call to the default DRBG bytes() method).
This all happens if built with OPENSSL_FIPS defined. So check that is
defined, and check that FIPS_mode_set() calls OpenSSL_init().

You are right that the rsa/dsa selftests fail if the FIPS DRBG is not
seeded, and your solution accomplished that. But I assume you want the DRBG
seeded with good entropy from the system/kernel.

Kevin
Post by Roger No-Spam
Hi,
I'm experimenting with porting openssl-1.0.1/openssl-fips-2.0 to a
proprietary platform. FIPS_mode_set was failing for me, and some
investigation showed that it was the rsa post tests that failed, and that
it was related to RNG initialization. I found that if I added the following
code before my FIPS_mode_set() call, FIPS mode was entered successfully.
{
DRBG_CTX *ctx;
size_t i;
/*FIPS_set_error_callbacks(put_err_cb, add_err_cb); */
for (i = 0; i < sizeof(dummy_entropy); i++)
dummy_entropy[i] = i & 0xff;
if (entropy_stick)
memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
ctx = FIPS_get_default_drbg();
FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
FIPS_rand_set_method(FIPS_drbg_method());
}
This looks a bit complicated. I've been trying to find information on how
RNG initialization is supposed to work in FIPS mode, but I have not been
able to find anything. How is this supposed to be handled? I fear that I
unknowingly have ripped something out that is causing this.
Can anyone give me a description of RNG initialization in FIPS mode, please?
--
R
Loading...