On Thu, 2009-08-27 at 10:23 -0400, Steve Marquess wrote: > Mark Phalan wrote: > > I've been working on getting a FIPS Capable OpenSSL into OpenSolaris. > > Excellent, we designed the OpenSSL FIPS Object Module and the "FIPS > capable" OpenSSL to enable just this sort of support in vendor O/S > distros. One set of "FIPS capable" OpenSSL libraries shipped to all > customers, with FIPS mode for the entire system enabled or not at > runtime. Note the global configuration file and OPENSSL_config() call > can be used for this purpose (see section 5.2 of > http://openssl.org/docs/fips/UserGuide-1.2.pdf). > > > Due to the way the FIPS Capable OpenSSL is built it ends up with > > older implementations of ciphers (all the ones that fipscanister.o > > implements). These cipher implementations are used regardless of > > being in FIPS mode or not. > > Ummm, not so. Use the OpenSSL FIPS Object Module v1.2 (the > fipscanister.o part *only*, throw the rest away!) along with a current > version of OpenSSL 0.9.8 for everything else. That way the old but > validated crypto implementations in fipscanister.o are used in FIPS > mode, the standard unvalidated (and current) ones in 0.9.8k+ are used > when not in FIPS mode.
This doesn't appear to be the case the way I build it... Here is a summary of how I built and tested the fips and non-fips versions on my Ultra 24 (Core2Duo Q9650 @ 3.00GHz): $ isainfo amd64 i386 openssl-fips-1.2 $ ./config fipscanisterbuild $ make # make install ... 0.9.8k-fips ./config fips shared make ... 0.9.8k ./config shared make Speed results: OpenSSL 0.9.8k 25 Mar 2009 built on: Fri Aug 28 10:36:58 CEST 2009 options:bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr2) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 135063.79k 184065.92k 202569.47k 208250.88k 209704.28k aes-192 cbc 98324.28k 147109.23k 167682.30k 173344.43k 175494.49k aes-256 cbc 90383.17k 130776.13k 146193.92k 150772.74k 152103.59k OpenSSL 0.9.8k-fips 25 Mar 2009 built on: Fri Aug 28 10:35:09 CEST 2009 options:bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr2) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 88270.08k 96227.86k 98987.43k 99352.58k 99543.72k aes-192 cbc 74932.78k 80559.13k 82352.64k 82683.56k 82952.90k aes-256 cbc 64523.70k 69436.15k 70589.18k 70931.49k 70934.53k Summary: AES is twice as slow when using the FIPS Capable libcrypto (note OPENSSL_FIPS wasn't set as doing so would cause an immediate assertion failure due to the use of non-FIPS approved ciphers) Digging in a little more: # openssl-0.9.8k $ ar t libcrypto.a |grep aes aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o aes-x86_64.o e_aes.o # openssl-0.9.8k-fips $ ar t libcrypto.a |grep aes aes_misc.o aes_ctr.o aes_ige.o aes_wrap.o Clearly the FIPS Capable OpenSSL doesn't contain the same aes implementation as the non-FIPS one. truss(1) shows the FIPS Capable OpenSSL calling _x86_64_AES_encrypt_compact and the non-FIPS one calling _x86_64_AES_encrypt. I believe this is correct as when building in FIPS mode util/arx.pl will exclude the cipher implementations so that when fipscanister.o is included in the library there are no symbol conflicts. (See "FIPSCANLIB" in Configure and EXCL_OBJ in the top-level Makefile). e.g. from fipscanister.o: $ nm fipscanister.o |grep _x86_64_AES_encrypt [308] | 91008| 483|FUNC |LOCL |0 |2 |_x86_64_AES_encrypt .. from the aes object file: $ nm aes-x86_64.o |grep _x86_64_AES_encrypt [4] | 0| 507|FUNC |LOCL |0 |1 |_x86_64_AES_encrypt I've read the user guide and security policy a number of times and I don't believe that I've built this incorrectly. Please correct me if I'm wrong :) > > The FIPS capable build process is discussed in the User Guide document > noted above. > > > ... > > > > I'm new to the list so if these things have been discussed before > > feel free to send me to an archive of that previous discussion. > > Yes, but this is tricky stuff, complex crypto compounded with > unintuitive policy requirements, so please feel free to ask. Thanks, -M ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org