OpenSSL UserGuide 2.0

7/25/2019 OpenSSL UserGuide 2.0

1/207

User Guidefor the

OpenSSLFIPS Object Module v2.0(including v2.0.1, v2.0.2, v2.0.3, v2.0.4, v2.0.5, v2.0.6, v2.0.7,2.0.8,2.0.9,2.0.10)

OpenSSL Soft!"e #ound!tion

Noveber !" 20#!
http://openssl.org/http://openssl.org/


2/207

User Guide $ OpenSSL FIPS Object Module v2.0

%op&ri'ht (nd )r(de(r* Notice

$%i& docu'ent i& licen&ed unde" ! "e!tive o''on& tt"i*ution 3.0 +npo"ted Licen&e

(%ttp--c"e!tiveco''on&.o"g-licen&e&-*-3.0-)

OpenSSL/ i& ! "egi&te"ed t"!de'!" of t%e OpenSSL Soft!"e #ound!tion, nc.

Sponsored b&+

Defense Advanced Research Projects Agency (DARPA)Transformative Apps Program

Intersoft International, Inc.

,ep(rtent of -oel(nd Securit&Science (nd )echnolo'& ,irector(te

!ge 2 of 207
http://creativecommons.org/licenses/by/3.0/http://www.securenetterm.com/http://creativecommons.org/licenses/by/3.0/http://www.securenetterm.com/


3/207


Sponsored b&+

Dell Inc.

!ge 3 of 207

sponsor of Beaglebone Black platforms
http://www.dell.com/http://www.dell.com/


4/207


c*no/led'ents

$%e OpenSSL Soft!"e #ound!tion (OS#) &e"ve& !& t%e vendo" fo" t%i& v!lid!tion. "oect

'!n!ge'ent coo"din!tion fo" t%i& effo"t !& p"ovided *Steve Marquess +1 877-673-6775The OpenSSL Software Foundation arquess!openss"#$o18%& Mount 'phrai (oad)dastown* M %171,

S)

it% tec%nic!l o" *

r# Stephen .enson/ Mona$o 0"a$e* shenson!openss"#$oest"ands* 2ew$ast"e-under-Le shenson!drh-$onsu"tan$#$o#u4

Staffordshire# ST5 %T#'n"and* nited indo http99www#drh-$onsu"tan$#$o#u49

)nd 0o"a4ov:ha"ers niversit of Te$hno"o appro!openss"#orS'-/1% &6 ;othen@nfo;ard La


5/207


evi&ion i&to"

$%i& docu'ent ill *e "evi&ed ove" ti'e !& ne info"'!tion *eco'e& !v!il!*le c%ec%ttp--.open&&l.o"g-doc&-fip&- fo" t%e l!te&t ve"&ion. Sugge&tion& fo" !ddition&, co""ection&, o"i'p"ove'ent !"e elco'e !nd ill *e g"!tefull !cnoledged ple!&e &end docu'ent e""o""epo"t& o" &ugge&tion& to u&e"guideopen&&l.co'.

Date Description

2015:11:05 #i; tpo in &ection 4.1.22015:09:30 Section 6.1.1, e;p!nded di&cu&&ion of t%e ent"op c!ll*!c (t%!n& to Lee < =i**in&

[email protected])2015:09:16 Section 6.7, co""ected fou" tpo& (t%!n& to on"!d =e"%!"t >elling

CONRAD.GERAR!."E##[email protected] )dded ne &ection 6.10, ?.

2015:09:05 efe"ence t%e 2.0.10 "evi&ion#i;ed tpo in &ection 6.5 (t%!n& to on"!d =e"%!"t >ellingCONRAD.GERAR!."E##[email protected] )

2015:06:09 +pd!te te!' ==-= e& in ppendi; , noted ne 2.0.8, 2.0.9 pl!tfo"'& in&ection 2.7

2015:04:16 ?ultiple tpog"!p%ic!l co""ection& (t%!n& to ?ie !"denmike.carden@a%.ngc.com&

2014:09:02 #i;ed tpo in Section 4.3.3, !dded ne pl!tfo"'& in Section 32014:07:21 efe"ence t%e 2.0.6 !nd 2.0.7 "evi&ion&2013:12:04 ppendi; @ +pd!ted footnote "efe"encing &peci!l c!&e& in fip&A!lgv&

2013:11:01 dded it"i; !cnoledg'ent2013:10:31 +pd!te +L in &ection 5.6 (t%!n& to mscriven@sdis'.com)2013:09:29 #i;ed tpo in &ection 6 (t%!n& to [email protected])2013:09:13 dded "pt&oft !cnoledg'ent, upd!te fo" 2.0.5, note effective di&!*ling of


6/207


2012:06:28 +pd!te it% ce"tific!te nu'*e"2012:05:15


7/207


)(ble of %ontents

#. IN)O,U%)ION.......................................................................................................................#0

1.1 #S >$E >BB


8/207


-.(.0 B%ilding a *$+, Capable Open,,#..................................................................................-64.3 @+L


9/207


PP4N,I; 1 %M>P )4S) PO%4,U4...............................................................................#00

@.1 @+LB: LG+M-+GM......................................................................................100@.2 L=O$?$BS$S: LG+M-+GM...............................................................................................102

@.3 @+LB: >GS..........................................................................................103@.4 L=O$?$BS$S: >GS...................................................................................................104@.5 #S 140:2 $BS$: LLL$#O?S..........................................................................................104@.6 $BS$B$O


10/207


1. Introduction

$%i& docu'ent i& ! guide to t%e u&e of t%e OpenSSL #S O*ect ?odule, ! &oft!"e co'ponentintended fo" u&e it% t%e OpenSSL c"ptog"!p%ic li*"!" !nd toolit. t i& ! co'p!nion docu'entto t%e Open,,# *$+, )-/( ,ec%rity +olicydocu'ent &u*'itted to GS$ !& p!"t of t%e #S 140:2v!lid!tion p"oce&&. t i& intended !& ! tec%nic!l "efe"ence fo" develope"& u&ing, !nd &&te'!d'ini&t"!to"& in&t!lling, t%e OpenSSL #S &oft!"e, fo" u&e in "i& !&&e&&'ent "evie& *&ecu"it !udito"&, !nd !& ! &u''!" !nd ove"vie fo" p"og"!' '!n!ge"&. t i& intended !& ! guidefo" !nnot!tion !nd 'o"e det!iled e;pl!n!tion of t%e ,ec%rity +olicy, !nd not!& ! "epl!ce'ent. nt%e event of ! pe"ceived conflict o" incon&i&tenc *eteen t%i& docu'ent !nd t%e ,ec%rity +olicyt%e l!tte" docu'ent i& !ut%o"it!tive !& onl it %!& *een "evieed !nd !pp"oved * t%e "ptog"!p%ic?odule !lid!tion "og"!' (?), ! oint +.S. : !n!di!n p"og"!' fo" t%e v!lid!tion ofc"ptog"!p%ic p"oduct& (%ttp--c&"c.ni&t.gov-c"ptv!l- ).

#!'ili!"it it% t%e OpenSSL di&t"i*ution !nd li*"!" (pplic!tion "og"!''ing nte"f!ce) i&!&&u'ed. $%i& docu'ent i& not ! tuto"i!l on t%e u&e of OpenSSL !nd it onl cove"& i&&ue& &pecificto t%e #S 140:2 v!lid!tion. #o" 'o"e info"'!tion on t%e u&e of OpenSSL in gene"!l &ee t%e '!not%e" &ou"ce& of info"'!tion &uc% !& %ttp--open&&l.o"g-doc&- !ndNet'ork ,ec%rity 'it: Open,,#(efe"ence 4).

$%e ,ec%rity +olicydocu'ent (efe"ence 1) i& !v!il!*le online !t t%e GS$ "ptog"!p%ic ?odule!lid!tion e*&ite, %ttp--c&"c.ni&t.gov-g"oup&-S$?-c'vp-docu'ent&-140:1-140&p-140&p1747.pdf .

#o" 'o"e info"'!tion on t%e OpenSSL Soft!"e #ound!tion &ee %ttp--open&&l.co'-. #o" 'o"einfo"'!tion on t%e OpenSSL p"oect &ee %ttp--open&&l.o"g-. #o" 'o"e info"'!tion on GS$ !nd t%ec"ptog"!p%ic 'odule v!lid!tion p"og"!', &ee%ttp--c&"c.ni&t.gov-c"ptv!l- .

#o" info"'!tion !nd !nnounce'ent& "eg!"ding cu""ent !nd futu"e OpenSSL "el!ted v!lid!tion& &ee%ttp--open&&l.o"g-doc&-fip&-fip&note&.%t'l . $%!t e* p!ge !l&o %!& ! ve" Cuic int"oductione;t"!cted %e"e

1.1 FIPS What? Where Do I Start?

O, &o ou" co'p!n need& #S v!lid!ted c"ptog"!p% to l!nd ! *ig &!le, !nd ou" p"oductcu""entl u&e& OpenSSL. Iou %!vent o"ed up t%e 'otiv!tion to !de t%"oug% t%e enti"e +&e"=uide !nd !nt t%e Cuic e;ecutive &u''!". e"e i& ! g"o&&l ove"&i'plified !ccount

OpenSSL it&elf i& not v!lid!ted,!nd neve" ill *e. n&te!d ! c!"efull defined &oft!"e co'ponentc!lled t%e OpenSSL #S O*ect ?odule %!& *een c"e!ted. $%e ?odule !& de&igned fo"co'p!ti*ilit it% t%e OpenSSL li*"!" &o p"oduct& u&ing t%e OpenSSL li*"!" !nd c!n *econve"ted to u&e #S 140:2 v!lid!ted c"ptog"!p% it% 'ini'!l effo"t.

!ge 10 of 207
http://csrc.nist.gov/cryptval/http://openssl.org/docs/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdfhttp://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdfhttp://openssl.com/http://openssl.org/http://csrc.nist.gov/cryptval/http://csrc.nist.gov/cryptval/http://openssl.org/docs/fips/fipsnotes.htmlhttp://openssl.org/docs/fips/fipsnotes.htmlhttp://csrc.nist.gov/cryptval/http://openssl.org/docs/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdfhttp://openssl.com/http://openssl.org/http://csrc.nist.gov/cryptval/http://openssl.org/docs/fips/fipsnotes.html


11/207


$%e OpenSSL #S O*ect ?odule v!lid!tion i& uniCue !'ong !ll #S 140:2 v!lid!tion& in t%!tt%e p"oduct i& delive"ed in &ou"ce code fo"', 'e!ning t%!t if ou c!n u&e it e;!ctl !& i& !nd c!n*uild it fo" ou" pl!tfo"' !cco"ding to ! ve" &pecific &et of in&t"uction&, t%en ou c!n u&e it !&

v!lid!ted c"ptog"!p%3

.

$%e OpenSSL li*"!" i& !l&o uniCue in t%!t ou c!n donlo!d !nd u&e it fo" f"ee.

f ou "eCui"e &ou"ce code o" *uild p"oce&& c%!nge& fo" ou" intended !pplic!tion, t%en ou c!nnotu&e t%e open &ou"ce *!&ed v!lid!ted 'odule P ou 'u&t o*t!in ou" on v!lid!tion. $%i& &itu!tioni& co''on &ee "iv!te L!*el v!lid!tion, *elo.

Ge #S 140:2 v!lid!tion& (of !n tpe) !"e &lo (6:12 'ont%& i& tpic!l), e;pen&ive (+SQ50,000i& tpic!l fo" !n unco'plic!ted v!lid!tion), !nd unp"edict!*le (co'pletion d!te& !"e not onlunce"t!in %en fi"&t *eginning ! v!lid!tion, *ut "e'!in &o du"ing t%e p"oce&&).

Gote t%!t #S 140:2 v!lid!tion i& ! co'plic!ted topic t%!t t%e !*ove &u''!" doe& not !deCu!tel!dd"e&&. Iou %!ve *een !"nedR

1.2 Change Letter Modifications

f t%e e;i&ting v!lid!ted OpenSSL #S O*ect ?odule i& almost%!t ou need, *ut &o'e 'ino"'odific!tion& !"e nece&&!" fo" ou" intended u&e, t%en it may*e po&&i*le to "et"o!ctivel 'odift%e o"igin!l v!lid!tion to include t%o&e nece&&!" c%!nge&. $%e p"oce&& * %ic% t%i& i& done i&non !& t%e F'!inten!nce lette"H o" Fc%!nge lette"H p"oce&&. c%!nge lette" c!n *e &u*&t!nti!llf!&te" !nd le&& e;pen&ive t%!n o*t!ining ! ne, independent v!lid!tion.

?odific!tion& to t%e #S 'odule to &uppo"t ! ne pl!tfo"' (ope"!ting &&te' o" co'pile") !"eoften co'p!ti*le it% t%e c%!nge lette" p"oce&&.

1.3 The Priate La!e" #a"idation

$%e OS# ould p"efe" to o" on open &ou"ce *!&ed v!lid!tion& %ic% *enefit t%e OpenSSL u&e"co''unit !t l!"ge. oeve", e unde"&t!nd not !ll o" c!n *enefit t%e co''unit. >e "efe" tov!lid!tion& *!&ed di"ectl on t%e OpenSSL #S O*ect ?odule *ut not !v!il!*le to t%e co''unit!& p"iv!te l!*el v!lid!tion&. $%e !"e !l&o &o'eti'e& "efe""ed to !& cooie cutte" v!lid!tion&.

?!n S& !nd vendo"& !"e inte"e&ted in p"iv!te l!*el v!lid!tion&, !nd t%e OS# ill !&&i&t in &uc%

effo"t& it% ! p"iced eng!ge'ent. n S o" vendo" u&u!ll o*t!in& ! p"iv!te l!*el v!lid!tion fo"'!"eting o" "i& '!n!ge'ent pu"po&e&. #o" e;!'ple, ! co'p!n '! c%oo&e to p"iv!tel "et!init& v!lid!tion to en&u"e it& co'petitive !dv!nt!ge, o" ! co'p!n 'ig%t 'odif t%e &ou"ce& !ndc%oo&e to eep t%e c%!nge& p"iv!te.

3Bit%e" di"ectl o" vi! +&e" ffi"'!tion %ic% i& di&cu&&ed in 5.5.

!ge 11 of 207


12/207


OS# %!& pe"fo"'ed nu'e"ou& p"iv!te v!lid!tion& fo" de&top, &e"ve", !nd 'o*ile pl!tfo"'& it%ve" co'petitive p"icing. Often, t%e p"icing i& le&& t%!n t%e !ccount &etup fee fo" clo&ed &ou"ced !ndloced:in &olution. $"ivi!l !nd unco'plic!ted v!lid!tion& c!n often *e pe"fo"'ed u&ing fi;ed "!te

cont"!ct& to !&&u"e co&t con&t"!int&.

2. Background

#o" t%e pu"po&e& of #S 140:2 v!lid!tion, t%e OpenSSL #S O*ect ?odule v2.0 i& defined !& !&pecific di&c"ete unit of *in!" o*ect code (t%e F*$+, Ob4ect 7od%leH) gene"!ted f"o' ! &pecific&et !nd "evi&ion level of &ou"ce file& e'*edded it%in ! &ou"ce di&t"i*ution. $%e&e pl!tfo"'po"t!*le &ou"ce file& !"e co'piled to c"e!te t%e o*ect code in !n i&ol!ted !nd &ep!"!te fo"'. $%!to*ect code i& t%en u&ed to p"ovide ! c"ptog"!p%ic &e"vice& to e;te"n!l !pplic!tion&. $%e te"'&*$+, Ob4ect 7od%le!nd*$+, 7od%leel&e%e"e in t%i& docu'ent "efe" to t%i& Open,,# *$+,Ob4ect 7od%leo*ect code.

$%e #S O*ect ?odule p"ovide& !n fo" invoc!tion of #S !pp"oved c"ptog"!p%ic function&f"o' c!lling !pplic!tion&, !nd i& de&igned fo" u&e in conunction it% &t!nd!"d OpenSSL 1.0.1di&t"i*ution&. $%e&e &t!nd!"d OpenSSL 1.0.1 &ou"ce di&t"i*ution& &uppo"t t%e o"igin!l non:#S !& ell !& !*$+, 7odein %ic% t%e #S !pp"oved !lgo"it%'& !"e i'ple'ented * t%e #SO*ect ?odule !nd non:#S !pp"oved !lgo"it%'& !"e disabled* def!ult. $%e&e non:v!lid!ted!lgo"it%'& include, *ut !"e not li'ited to, @lofi&%, S$,


13/207


$%e #S O*ect ?odule v2.0 i& &i'il!" in '!n "e&pect& to t%e e!"lie" OpenSSL #S O*ect?odule v1.2.;. $%e v1.2.4 !& o"igin!ll v!lid!ted in l!te 2008 it% v!lid!tion ce"tific!te T1051t%!t o"igin!l v!lid!tion %!& *een e;tended &eve"!l ti'e& to inco"po"!te !ddition!l pl!tfo"'&.

$%e v1.2.; ?odule i& onl co'p!ti*le it% OpenSSL 0.9.8 "ele!&e&, %ile t%e v2.0 ?odule i&co'p!ti*le it% OpenSSL 1.0.1 !nd l!te" "ele!&e&. $%e v2.0 ?odule i& t%e *e&t c%oice fo" !ll ne&oft!"e !nd p"oduct develop'ent.

2.1 Terminology

2.1.1 FIPS 140-2 Specific Terminology


14/207


$%e concept of t%e c"ptog"!p%ic 'odule i& i'po"t!nt fo" #S 140:2, !nd it %!& &u*tle nu!nce& int%i& conte;t. onceptu!ll t%e ?odule i& t%e *in!" o*ect code !nd d!t! in t%e #S O*ect ?odule

fo" ! "unning p"oce&&.

$%e Fc"ptog"!p%ic 'oduleH i& often "efe""ed to &i'pl !& F'oduleH. $%!t te"' i& c!pit!liDed int%i& docu'ent !& ! "e'inde" t%!t it %!& ! &o'e%!t diffe"ent 'e!ning t%!n !&&u'ed * &oft!"edevelope"& out&ide of ! #S 140:2 conte;t.

Gote t%!t t"!dition!ll t%e e;ecut!*le (o" &%!"ed li*"!") file on di& co""e&ponding to t%i& ?odule!& ! "unning p"oce&& i& !l&o con&ide"ed to *e ! ?odule5* t%e ?. n integ"it c%ec of t%eenti"e e;ecut!*le file on di& p"io" to 'e'o" '!pping i& con&ide"ed !ccept!*le !& long !& t%!te;ecut!*le file doe& not cont!in !n e;t"!neou&6&oft!"e. n t%i& t"!dition!l c!&e t%e &pecifice;ecut!*le file i& &u*'itted fo" te&ting !nd t%u& t%e p"eci&e content (!& ! *it &t"ing) i& non in!dv!nce.

n t%e c!&e of t%e #S O*ect ?odule onl &ou"ce code i& &u*'itted fo" v!lid!tion te&ting, &o t%e*it &t"ing v!lue of t%e *in!" o*ect code in 'e'o" c!nnot *e non in !dv!nce. c%!in ofc%ec& *eginning it% t%e &ou"ce code !nd e;tending t%"oug% e!c% &tep in t%e t"!n&fo"'!tion of t%e&ou"ce code into ! "unning p"oce&& !& e&t!*li&%ed to p"ovide ! c%ec eCuiv!lent to t%!t u&ed *'o"e t"!dition!l o*ect *!&ed v!lid!tion&.

$%e c%!in of c%ec& o"& *!c!"d& f"o' t%e &oft!"e !& "e&ident in 'e'o" fo" ! p"oce&& to t%ee;ecut!*le p"og"!' file f"o' %ic% t%e p"oce&& !& c"e!ted (t%e e;i&ting p"ecedent), t%en to t%e#S O*ect ?odule u&ed to lin t%e p"og"!' file, !nd fin!ll to t%e o"igin!l &ou"ce file& u&ed toc"e!te t%e #S O*ect ?odule. B!c% of t%o&e &t!ge& c!n *e t%oug%t of !& !ntecedent& of t%e

?odule, !nd t%e integ"it of e!c% need& to *e ve"ified to !&&u"e t%e integ"it of t%e ?odule.

2.1.2 General Gloary

@ pplic!tion @in!" nte"f!ceBS dv!nced Bnc"ption St!nd!"dBS:G BS Ge n&t"uction&? ! p"oce&&o" in&t"uction &et !"c%itectu"e developed *

? olding& pplic!tion "og"!''ing nte"f!ce@lofi&% c"ptog"!p%ic !lgo"it%' not !lloed in #S 'ode

S$ c"ptog"!p%ic !lgo"it%' not !lloed in #S 'ode o''on "ite"i!

5"e&u'!*l *ec!u&e t%e t"!n&fo"'!tion& of t%e di& "e&ident file content& pe"fo"'ed * t%e "unti'e lo!de" !"econ&ide"ed to *e ell unde"&tood !nd &ufficientl 'ini'!l.6$%e definition of %!t con&titute& Fe;t"!neou&H i& not fo"'!ll &pecified !nd &u*ect to inte"p"et!tion.

!ge 14 of 207


15/207


? ounte" it% ip%e" @loc %!ining:?e&&!geut%entic!tion ode, ! 'ode of ope"!tion fo"c"ptog"!p%ic *loc cip%e"&


16/207


#S O*ect ?odule t%e &peci!l 'onolit%ic o*ect 'odule *uilt f"o' t%e&peci!l &ou"ce di&t"i*ution7identified in t%e ,ec%rity+olicy

=? =!loi&-ounte" ?ode, ! 'ode of ope"!tion fo"&''et"ic e c"ptog"!p%ic *loc cip%e"&== See ==+ ="!p%ic!l +&e" nte"f!ce? !&% ?e&&!ge ut%entic!tion ode, ! 'ec%!ni&' fo"

'e&&!ge !ut%entic!tion u&ing c"ptog"!p%ic %!&%function&

nfo"'!tion &&u"!nce


17/207


ST1 u*lic:e "ptog"!p% St!nd!"d T1ST3 u*lic:e "ptog"!p% St!nd!"d T3OS$ oe" +p Self $e&t, !n initi!liD!tion p"oce&& "eCui"ed

* #S 140:2G= &eudo:!ndo' Gu'*e" =ene"!to"G= !ndo' Gu'*e" =ene"!to"SS "o*!*ili&tic Sign!tu"e Sc%e'e, ! p"ov!*l &ecu"e

! of c"e!ting &ign!tu"e& it% SS ive&t:S%!'i":dle'!n, ! pu*lic e c"ptog"!p%ic

!lgo"it%'S Secu"e !&% lgo"it%', ! c"ptog"!p%ic %!&% functionSSB2 St"e!'ing S?< B;ten&ion 2, !n e;ten&ion of t%e ;86

in&t"uction &etSS Secu"e Sell, ! neto" p"otocol fo" &ecu"e d!t!

co''unic!tion

SSL Secu"e Socet L!e", ! p"edece&&o" to t%e $LSp"otocol

SSSB3 Supple'ent!l St"e!'ing S?< B;ten&ion& 3, !ne;ten&ion of t%e ;86 in&t"uction &et

Suite @ ! &et of c"ptog"!p%ic !lgo"it%'& c"e!ted * t%eG!tion!l Secu"it genc

$LS $"!n&po"t L!e" Secu"it, ! c"ptog"!p%ic p"otocolp"oviding co''unic!tion &ecu"it ove" connection&

?S i"tu!l ?e'o" S&te', !n ope"!ting &&te' t%!t "un&on M, lp%! !nd t!niu':*!&ed f!'ilie& ofco'pute"& (no o*&olete)

;86 ! f!'il of in&t"uction &et !"c%itectu"e& o"igin!lldefined * ntel

M$S MBM $e!!*le @loc ip%e" it% ip%e"te;tSte!ling

M$S:BS ! c"ptog"!p%ic !lgo"it%' &pecified in S 800:38B

2.2 The FIPS Module and Integrity Test

$%e #S O*ect ?odule i& gene"!ted in *in!" file fo"'!t, it% !n e'*edded p"e:c!lcul!ted?:S:1 dige&t cove"ing t%e 'odule8!& it i& lo!ded into !pplic!tion !dd"e&& &p!ce. $%e?odule integ"it c%ec con&i&t& of "ec!lcul!ting t%!t dige&t f"o' t%e 'e'o" !"e!& !nd co'p!"ing

it to t%e e'*edded v!lue %ic% "e&ide& in !n !"e! not included in t%e c!lcul!ted dige&t9

. $%i& Fin:co"e %!&%ingH integ"it te&t i& de&igned to *e *ot% e;ecut!*le fo"'!t independent !nd f!il:&!fe.

8Specific!ll, t%e te;t !nd "e!d:onl d!t! &eg'ent& %ic% con&titute t%e initi!liDed co'ponent& of t%e 'odule.9f t%e dige&t v!lue "e&ided in t%e d!t! !"e! included in t%e c!lcul!tion of t%!t dige&t, t%e c!lcul!ted v!lue of t%e dige&tould it&elf *e !n input into t%!t c!lcul!tion.

!ge 17 of 207


18/207


#o" t%i& &cen!"io t%e ?odule i& t%e te;t !nd d!t! &eg'ent& !& '!pped into 'e'o" fo" t%e "unning!pplic!tion.

$%e te"' ?odule i& !l&o u&ed, le&& !ccu"!tel, to de&ign!te t%e !ntecedent of t%!t 'e'o" '!ppedcode !nd d!t!, t%e #S O*ect ?odule file "e&iding on di&.

$%e #S O*ect ?odule i& gene"!ted f"o' &ou"ce code, &o t%e integ"it of t%!t &ou"ce 'u&t !l&o *eve"ified. $%e &ingle "unti'e dige&t c%ec tpic!l of p"e:*uilt *in!" file& i& "epl!ced * ! c%!in ofdige&t c%ec& in o"de" to v!lid!te t%!t t%e "unning code !& in f!ct gene"!ted f"o' t%e o"igin!l&ou"ce code. & *efo"e t%e te"' ?odule p"ope"l de&ign!te& t%e te;t !nd d!t! &eg'ent& '!ppedinto 'e'o", *ut i& !l&o 'o"e loo&el u&ed to "efe"ence &eve"!l level& of !ntecedent&. $%e&e level&!"e di&cu&&ed *elo.

2.3 The FIPS Integrity Test

$%e #S 140:2 &t!nd!"d "eCui"e& !n integ"it te&t of t%e ?odule to ve"if it& integ"it !tiniti!liD!tion. n !ddition to t%e "eCui"e'ent t%!t t%e integ"it te&t v!lid!te t%!t t%e #S O*ect?odule code !nd d!t! %!ve not c%!nged, to !ddition!l i'plicit "eCui"e'ent& fo" t%e integ"it te&te"e identified du"ing t%e v!lid!tion p"oce&&.

2.!.1 "e#uirement for $%clui&e Integrity Tet

n integ"it te&t t%!t i& 'e"el gu!"!nteed to f!il if !n of t%e c"ptog"!p%ic 'odule &oft!"ec%!nge& i& not &ufficient. t i& !l&o nece&&!" t%!t t%e integ"it te&t notf!il if t%e c"ptog"!p%ic'odule &oft!"e i& not di"ectl co""upted, even t%oug% t%e !pplic!tion "efe"encing t%ec"ptog"!p%ic 'odule '! *e d!'!ged it% unp"edict!*le con&eCuence& fo" t%e co""ectfunctioning of t%!t !pplic!tion. not%e" ! of looing !t t%i& i& t%!t !& !pplic!tion f!ilu"e& !"e outof &cope of t%e integ"it te&t t%e"e need& to *e &o'e level of !&&u"!nce t%!t c%!nge& to !pplic!tion&oft!"e do not !ffect t%e c"ptog"!p%ic 'odule integ"it te&t10.

$%i& "eCui"e'ent i& 'et it% !n in:co"e integ"it te&t t%!t c!"efull e;clude& !n e;t"!neou& 11o*ectcode f"o' t%e dige&t c!lcul!tion !nd ve"ific!tion.

2.!.2 "e#uirement for Fi%ed '()ect *ode 'rder

$%e "el!tive o"de" of !ll o*ect code co'ponent& it%in t%e 'odule 'u&t *e fi;ed !nd inv!"i!nt.

$%e u&u!l lining p"oce&& doe& not c!"e !*out t%e "el!tive o"de" of individu!l o*ect 'odule&, e.g.*ot%

gcc -o runfile alpha.o beta.o gamma.o

10$%i& !&&u"!nce !& given * &%oing du"ing te&ting t%!t co""uption of code o" d!t! out&ide of t%e 'e'o" !"e!cont!ining t%e #S O*ect ?odule did not "e&ult in !n integ"it te&t f!ilu"e.11$%e definition of %!t con&titute& e;t"!neou& i& not fo"'!ll &pecified !nd t%u& &u*ect to inte"p"et!tion.

!ge 18 of 207


19/207


!nd

gcc -o runfile beta.o alpha.o gamma.o

p"oduce function!ll identic!l e;ecut!*le file&. Liei&e, t%e o"de" of o*ect 'odule& in ! &t!ticlin li*"!" i& i""elev!nt

ar r libxxx.a alpha.o beta.o gamma.o

!nd

ar r libxxx.a beta.o alpha.o gamma.o

p"oduce inte"c%!nge!*le lin li*"!"ie&, !nd ! given !pplic!tion '! not inco"po"!te !ll of t%e o*ect'odule& cont!ined it% t%e lin li*"!" %en "e&olving "efe"ence&. #o" t%e #S O*ect ?odule it!& "eCui"ed t%!t !n &uc% o'i&&ion o" "e!""!nge'ent of t%e ?odule o*ect 'odule& du"ing t%e!pplic!tion c"e!tion p"oce&& not occu". $%i& "eCui"e'ent i& &!ti&fied * &i'pl co'piling !ll t%e&ou"ce code into ! &ingle 'onolit%ic o*ect 'odule

ld -r -o fipscanister.o fips_start.o ... fips_end.o

it% !ll t%e o*ect 'odule& *eteen t%e fips_start.o!nd fips_end.o'odule& t%!t define t%elo !nd %ig% *ound!"ie& of ! 'onolit%ic o*ect 'odule. ll &u*&eCuent "efe"ence to t%i&'onolit%ic o*ect 'odule ill p"e&e"ve t%e "el!tive o"de", !nd p"e&ence, of t%e o"igin!l o*ect codeco'ponent&.

2.4 The File Integrity Chain

?o&t v!lid!ted p"oduct& con&i&ting of ! p"e:*uilt *in!" e;ecut!*le i'ple'ent t%e 'odule integ"itc%ec !& ! dige&t c%ec ove" po"tion& of t%!t e;ecut!*le file o" t%e co""e&ponding 'e'o" '!ppedi'!ge. #o" t%e #S O*ect ?odule t%e 'odule integ"it c%ec in&te!d t!e& t%e fo"' of ! c%!in ofdige&t c%ec& *eginning it% t%e &ou"ce file& u&ed fo" t%e ? v!lid!tion te&ting. Gote t%!t%ile t%i& c%!in of c%ec& i& 'o"e co'ple;, it p"ovide& 'uc% 'o"e vi&i*ilit fo" independentve"ific!tion co'p!"ed to t%e c!&e of v!lid!ted p"e:*uilt *in!" e;ecut!*le&. >it% t%e #S O*ect?odule t%e p"o&pective u&e" c!n independentl ve"if t%!t t%e "unti'e e;ecut!*le doe& indeeddi"ectl de"ive f"o' t%e &!'e &ou"ce t%!t !& t%e *!&i& of t%e v!lid!tion.

2.4.1 Source File +Build Time, Integrity

F@uild ti'eH i& %en t%e #S O*ect ?odule i& c"e!ted f"o' t%e OpenSSL #S &ou"cedi&t"i*ution, in !cco"d!nce it% t%e ,ec%rity +olicy.

$%e fi"&t file integ"it c%ec occu"& !t *uild ti'e %en t%e ?:S:1 dige&t of t%e di&t"i*utionfile i& c!lcul!ted !nd co'p!"ed to t%e &to"ed v!lue pu*li&%ed in t%e ,ec%rity +olicy 5Appendi2 B&.

@ec!u&e t%e &ou"ce file& "e&ide in t%i& &pecific di&t"i*ution !nd c!nnot *e 'odified t%e&e &ou"cefile& !"e "efe""ed to !& se1%esteredfile&.

!ge 19 of 207


20/207


Gote t%!t ! 'e!n& to c!lcul!te t%e ?:S:1 dige&t i& "eCui"ed in o"de" to pe"fo"' t%i&integ"it c%ec. F*oot&t"!pH &t!nd!lone ?:S:1 utilit, fips_standalone_sha1, i&

included in t%e di&t"i*ution. $%i& utilit i& gene"!ted fi"&t *efo"e t%e &eCue&te"ed file& !"e co'piledin o"de" to pe"fo"' t%e integ"it c%ec. ppendi; give& !n e;!'ple of !n eCuiv!lent utilit.

2.4.2 '()ect odule +ink Time, Integrity

FLin ti'eH i& %en t%e !pplic!tion i& lined it% t%e p"eviou&l *uilt !nd in&t!lled #S O*ect?odule to gene"!te !n e;ecut!*le p"og"!'.

$%e *uild p"oce&& de&c"i*ed in t%e ,ec%rity +olicy "e&ult& in t%e c"e!tion of !n o*ect 'odule,fipscanister.o, !nd ! '!tc%ing dige&t file, fipscanister.o.sha1. $%i& #S O*ect?odule cont!in& t%e o*ect code co""e&ponding to t%e &eCue&te"ed &ou"ce file& (o*ect code fo"

#S &pecific function& &uc% !& FIPS_mode_set()!nd fo" t%e !lgo"it%' i'ple'ent!tion&).

$%e lin ti'e integ"it c%ec occu"& %en t%e #S O*ect ?odule i& u&ed to c"e!te !n !pplic!tione;ecut!*le o*ect (*in!" e;ecut!*le o" &%!"ed li*"!"). $%e dige&t &to"ed in t%e in&t!lled filefipscanister.o.sha1'u&t '!tc% t%e dige&t c!lcul!ted fo" t%e fipscanister.ofile.

Gote t%!t e;cept in t%e 'o&t unu&u!l ci"cu'&t!nce& t%e #S O*ect ?odule it&elf(fipscanister.o) i& not lined di"ectl it% !pplic!tion code. n&te!d t%e #S O*ect ?odulei& e'*edded in t%e OpenSSL li*c"pto li*"!" (li*c"pto.!-li*c"pto.&o) %ic% i& t%en "efe"enced int%e u&u!l ! * t%e !pplic!tion code. $%!t co'*in!tion i& non !& ! #S c!p!*le OpenSSLli*"!" !nd i& di&cu&&ed in 'o"e det!il in &ection 2.5.

2.4.! /pplication $%ecuta(le '()ect +"un Time, Integrity

pplic!tion F"un ti'eH occu"& %en t%e p"eviou&l *uilt !nd in&t!lled !pplic!tion p"og"!' i&invoed. +nlie t%e p"eviou& &tep t%i& invoc!tion i& u&u!ll pe"fo"'ed "epe!tedl.

$%e "unti'e integ"it c%ec occu"& %en t%e !pplic!tion !tte'pt& to en!*le #S 'ode vi! t%eFIPS_mode_set()function c!ll. $%e dige&t e'*edded it%in t%e o*ect code f"o'fipscanister.o'u&t '!tc% t%e dige&t c!lcul!ted fo" t%e 'e'o" '!pped te;t !nd d!t! !"e!&.

2.5 Relationship to the penSS! "PI

$%e #S O*ect ?odule i& de&igned fo" indi"ect u&e vi! t%e OpenSSL . pplic!tion& linedit% t%e #S c!p!*le OpenSSL li*"!"ie& c!n u&e *ot% t%e #S v!lid!ted c"ptog"!p%ic function&of t%e #S O*ect ?odule !nd t%e %ig% level function& of OpenSSL. $%e #S O*ect ?odule&%ould not *e confu&ed it% OpenSSL li*"!" !nd toolit o" !n &pecific offici!l OpenSSLdi&t"i*ution "ele!&e.

!ge 20 of 207


21/207


ve"&ion of t%e OpenSSL p"oduct t%!t i& &uit!*le fo" u&e it% t%e #S O*ect ?odule i& ! *$+,Compatible Open,,#.

>%en t%e #S O*ect ?odule !nd ! #S co'p!ti*le OpenSSL !"e &ep!"!tel *uilt !nd in&t!lledon ! &&te', it% t%e #S O*ect ?odule e'*edded it%in t%e OpenSSL li*"!" !& p!"t of t%eOpenSSL *uild p"oce&&, t%e co'*in!tion i& "efe""ed to !& !*$+, capable Open,,#.

Su(r& of definitions

$%e*$+, Ob4ect 7od%lei& t%e #S 140:2 v!lid!ted 'odule de&c"i*ed in t%e ,ec%rity +olicy

*$+, compatible Open,,#i& ! ve"&ion of t%e OpenSSL p"oduct t%!t i& de&igned fo" co'p!ti*ilit it%t%e #S O*ect ?odule

*$+, capable Open,,#i& t%e co'*in!tion of t%e &ep!"!tel in&t!lled*$+, Ob4ect 7od%le !long it% !*$+, compatible Open,,#.

!able (.=

$%e OpenSSL li*"!"ie&, %en *uilt f"o' ! &t!nd!"d OpenSSL di&t"i*ution it% t%e FfipsHconfigu"!tion option fo" u&e it% t%e #S O*ect ?odule, ill cont!in t%e u&u!l non:#S!lgo"it%'& !nd non:c"ptog"!p%ic &uppo"ting function&, !nd t%e non:#S !lgo"it%' di&!*ling"e&t"iction&.

Gote t%!t u&e of individu!l o*ect 'odule& co'p"i&ing t%e 'onolit%ic #S O*ect ?odule i&&pecific!ll fo"*idden * #S 140:2 !nd t%e ?12. n t%e !*&ence of t%!t "e&t"iction t%eindividu!l o*ect 'odule& ould u&t *e inco"po"!ted di"ectl in t%e OpenSSL libcrypto.ali*"!". $%e 'onolit%ic #S O*ect ?odule 'u&t *e u&ed in it& enti"el !nd c!nnot *e edited to!cco''od!te &iDe con&t"!int&.

!"iou& non:#S !lgo"it%'& &uc% !& @lofi&%,


22/207


! non:#S OpenSSL li*"!" c!nnot *e &u*&tituted fo" t%e #S o'p!ti*le li*"!" *ec!u&e t%e#S &pecific function c!ll& ill not *e p"e&ent (&uc% !& FIPS_mode_set()).

2.# FIPS Mode o$ peration

pplic!tion& t%!t utiliDe #S 'ode 'u&t c!ll t%e FIPS_mode_set()function. fte" &ucce&&ful#S 'ode initi!liD!tion, t%e non:#S !lgo"it%'& ill *e di&!*led * def!ult.$%e #S O*ect ?odule toget%e" it% ! co'p!ti*le ve"&ion of t%e OpenSSL p"oduct c!n *e u&edin t%e gene"!tion of *ot% #S 'ode !nd convention!l !pplic!tion&. n t%i& &en&e, t%e co'*in!tionof t%e #S O*ect ?odule !nd t%e u&u!l OpenSSL li*"!"ie& con&titute& ! F#S c!p!*le H, !ndp"ovide *ot% # !pp"oved !lgo"it%'& !nd non:#S !lgo"it%'&.

2..1 FIPS ode Initialiation

Onl one initi!liD!tion c!ll, FIPS_mode_set(), i& "eCui"ed to ope"!te t%e #S O*ect ?odulein ! #S 140:2 pp"oved 'ode, "efe""ed to %e"ein !& #S 'ode. >%en t%e #S O*ect?odule i& in #S 'ode !ll &ecu"it function& !nd c"ptog"!p%ic !lgo"it%'& !"e pe"fo"'ed inpp"oved 'ode. +&e of t%e FIPS_mode_set()function c!ll i& de&c"i*ed in 5.

poe":up &elf:te&t i& pe"fo"'ed !uto'!tic!ll * t%e FIPS_mode_set()c!ll, o" option!ll !t!n ti'e * t%e FIPS_selftest()c!ll (&ee ppendi;


23/207


di&!*ling i& intended !& !n !id to t%e develope" in p"eventing t%e !ccident!l u&e of non:#S!lgo"it%'& in #S 'ode, !nd not !& !n !*&olute gu!"!ntee. t i& t%e "e&pon&i*ilit of t%e !pplic!tiondevelope" to en&u"e t%!t onl #S !lgo"it%'& !"e u&ed %en in #S 'ode.

OpenSSL p"ovide& 'ec%!ni&'& fo" inte"f!cing it% e;te"n!l c"ptog"!p%ic device&, &uc% !&!ccele"!to" c!"d&, vi! FBG=GBS.H $%i& 'ec%!ni&' i& not di&!*led in #S 'ode. n gene"!l, if !#S v!lid!ted c"ptog"!p%ic device i& u&ed it% OpenSSL in #S 'ode &o t%!t !ll c"ptog"!p%icope"!tion& !"e pe"fo"'ed eit%e" * t%e device o" t%e #S O*ect ?odule, t%en t%e "e&ult i& &till#S v!lid!ted c"ptog"!p%.

oeve", if !n c"ptog"!p%ic ope"!tion& !"e pe"fo"'ed * ! non:#S v!lid!ted device, t%e "e&ulti& u&e of non:v!lid!ted c"ptog"!p%. t i& t%e "e&pon&i*ilit of t%e !pplic!tion develope" to en&u"et%!t BG=GBS u&ed du"ing #S 'ode of ope"!tion !"e !l&o #S v!lid!ted.

2.% Re&isions o$ the 2.' Module

B;i&ting #S 140:2 v!lid!tion& c!n *e "et"o!ctivel 'odified, it%in defined li'it&, vi! t%e'!inten!nce lette" o" c%!nge lette" p"oce&&. %!nge lette" 'odific!tion& !"e tpic!ll done toco""ect 'ino" non:c"ptog"!p%ic!ll &ignific!nt *ug& o", 'o&t co''onl, to !dd &uppo"t fo" nepl!tfo"'&. %!nge lette" !ction& !"e u&u!ll le&& e;pen&ive !nd f!&te" t%!n ! full v!lid!tion !nd !"e!n !tt"!ctive option to t%e &oft!"e vendo" de&i"ing to u&e t%e #S 'odule fo" ! pl!tfo"' notcu""entl cove"ed * t%e v!lid!tion.

Seve"!l c%!nge lette" 'odific!tion& e"e in p"oce&& p"io" to t%e fo"'!l !!"d of t%e initi!lOpenSSL #S O*ect ?odule v2.0 v!lid!tion. ?o"e c%!nge lette"& !"e !nticip!ted ove" t%elifeti'e of t%e v!lid!tion. #o" !ll p!&t v!lid!tion& e %!ve !l!& *een c!"eful to int"oduce !n

c%!nge& in ! ! t%!t ill not i'p!ct !n p"eviou&l te&ted pl!tfo"'&, &o t%!t t%e 'o&t "ecent"evi&ion of t%e 'odule c!n *e u&ed fo" ne deplo'ent& on !n pl!tfo"'.

$%e %i&to" of ne "evi&ion& include

2.0.1 ddition of pple iOS 5.1 on ?v72.0.1 ddition of >inB 5.0 on ?v72.0.1 ddition of Linu; 2.6 on oe"32:e500 ()2.0.1 ddition of inB 6.0 on ?v72.0.1 ddition of nd"oid 4.0 on O? 3 (?v7)

2.0.2 ddition of Get@S< 5.1 on oe"32:e500 ()2.0.2 ddition of Get@S< 5.1 on ntel Meon 5500 (;86)2.0.3 ddition of >in2008 on Meon B3:1220v2 (;86)2.0.3 ddition of BL 32-64 *it on Meon B3:1220v2 (;86) unde" vSp%e"e2.0.3 ddition of >in7 on ntel o"e i5:2430? (;86) it% BS:G2.0.3 ddition of nd"oid 4.1-4.2 on Gvidi! $eg"! 3 (?v7) it%-it%out GBOG

!ge 23 of 207


24/207


2.0.3 ddition of >inB7 on #"ee&c!le i.?M53;< (?v7) it%-it%out GBOG2.0.3 ddition of nd"oid 4.0 on Ku!lco'' Sn!pd"!gon K8060 (?v7)2.0.3 ddition of ?!"e o"iDon ?odule on Ku!lco'' ?S?8M60 (?v7)

2.0.3 ddition of pple OS M 10.7 on ntel o"e i7:3615K? (;86)2.0.3 ddition of pple iOS 5.0 on ? o"te; 8 (?v7)2.0.4 ddition of Open>$ 2.6 on ?S 24c2.0.5 ddition of KGM 6.4 on #"ee&c!le i.?M25 (?v4)2.0.5 ddition of pple iOS 6.1 on pple 6M So (?v7&)2.0.5 ddition of eo& 3 on #"ee&c!le i.?M27 926e& (?v5$BJ)2.0.5 ddition of ?!"e o"iDon >o"&p!ce 1.5 unde" vSp%e"e on ntel Meon B3:1220

(;86) it%-it%out BS:G2.0.5 ddition of +*untu 13.04 on ?335; o"te;:8 (?v7) it%-it%out GBOG2.0.5 ddition of Linu; 3.8 on ?926 (?v5$BJ)2.0.5 ddition of Linu; 3.4 unde" it"i; MenSe"ve" on ntel Meon B5:2430L (;86)

it%-it%out BS:G

2.0.5 ddition of Linu; 3.4 unde" ?!"e BSM on ntel Meon B5:2430L (;86)it%-it%out BS:G

2.0.5 ddition of Linu; 3.4 unde" ?ic"o&oft pe": on ntel Meon B5:2430L (;86)it%-it%out BS:G

2.0.5 ddition of pple iOS 6.0 on pple 5 - ? o"te;:9 it%-it%out GBOG2.0.6 e'ov!l of


25/207


2.0.10 ddition of iOS 8.1 64:*it on pple 7 (?v8) it%-it%out GBOG !nd "ptoB;ten&ion&

2.0.10 ddition of ;>o"& 6.9 on #"ee&c!le 2020 ()

2.0.10 ddition of iOS 8.1 32:*it on pple 7 (?v8) it%-it%out GBOG2.0.10 ddition of nd"oid 5.0 32:*it on Ku!lco'' K8084 (?v7) it%-it%outGBOG

2.0.10 ddition of nd"oid 5.0 64:*it on S?S+G= B;no&7420 (?v8) it%-it%outGBOG !nd "pto B;ten&ion&

evi&ion& 2.0.6 !nd 2.0.7 con&titute !n unfo"tun!te pe"ve"&it. $%e 2.0.6 "evi&ion "e'oved t%e


26/207


2. $%e 1.2.; #S 'odule& e"e co'p!ti*le onl it% t%e #S c!p!*le 0.9.8 *!&eline. $%e2.0 #S 'odule i& co'p!ti*le it% t%e #S c!p!*le 1.0.1 *!&eline, !nd ill p"o*!*l"e'!in u&!*le it% futu"e OpenSSL ve"&ion& (1.1.0 !nd l!te").

3. $%e 2.0 #S 'odule %!& ! &ignific!ntl f!&te" OS$ pe"fo"'!nce. $%e &lo OS$ fo" t%e1.2.; 'odule& !& ! &ignific!nt i'pedi'ent to u&e on &o'e lo:poe"ed p"oce&&o"&.

4. $%e 2.0 #S 'odule cont!in& &eve"!l !ddition!l c"ptog"!p%ic !lgo"it%'&, including !ll ofSuite @.

5. $%e 2.0 #S 'odule 'o"e di"ectl !cco''od!te& c"o&&:co'pil!tion, !& *ot% n!tive !ndc"o&&:co'pil!tion no u&e t%e &!'e tec%niCue fo" dete"'ining t%e 'odule integ"it dige&t!t *uild ti'e.

2., Future FIPS )*e+t Modules

$%e open &ou"ce *!&ed OpenSSL #S O*ect ?odule v!lid!tion& !"e difficult !nd e;pen&ive, !nd!& ! "e&ult %!ve *een done inf"eCuentl. $%e long inte"v!l& *eteen v!lid!tion& co'pound t%edifficult of o*t!ining e!c% ne v!lid!tion

1. $%e co'p!nion OpenSSL p"oduct c%!nge& &ignific!ntl, "eCui"ing &ignific!nt "eo" to*ot% t%!t p"oduct !nd t%e ne #S 'odule fo" t%e #S c!p!*le function!lit

2. nu'*e" of ne !nd "el!tivel unt"ied !lgo"it%' te&t& !"e int"oduced * t%e

3. Ge v!lid!tion "eCui"e'ent& !"e int"oduced * t%e ?.

$%e "e&ult i& ! viciou& ccle t%e ne v!lid!tion t!e& 'uc% 'o"e effo"t !nd ti'e, du"ing %ic%t%e&e f!cto"& continue to 'ount (t%e ? c!n !nd doe& int"oduce ne "eCui"e'ent& in t%e cou"&eof !n ongoing v!lid!tion). $%!t co&t !nd difficult *eco'e& !n inti'id!ting f!cto" fo" pl!nning, !nd&oliciting funding !nd-o" coll!*o"!tion fo", t%e ne;t v!lid!tion.

n o"de" to t" !nd *p!&& t%i& ccle t%e OS# ould lie to pe"fo"' open &ou"ce *!&ed v!lid!tion&'o"e f"eCuentl, ide!ll !& often !& t%e inte"v!l "eCui"ed to o*t!in ! v!lid!tion %ic% i& !*out !e!". $%!t ould 'e!n t%!t !t !n point in ti'e t%e"e ill *e ! "el!tivel cu""ent co'pletedv!lid!tion !nd ! ne v!lid!tion in p"oce&&. Ge fe!tu"e& o" 'odific!tion& t%!t ould !dve"&eli'p!ct t%e ongoing v!lid!tion c!n t%en *e defe""ed to t%e ne;t upco'ing one. Ge "eCui"e'ent&

!nd !lgo"it%' te&t& c!n *e !dd"e&&ed ! fe !t ! ti'e in&te!d of !ll !t once in ! %uge on&l!ug%t.

otenti!l &pon&o"& of &uc% !n effo"t !"e elco'e, !nd !"e invited to cont!ct OS# to e;p"e&& t%ei"inte"e&t.

!ge 26 of 207


27/207


!. *ompati(le Platform

$%e #S O*ect ?odule i& de&igned to "un on ! ide "!nge of %!"d!"e !nd &oft!"e pl!tfo"'&.n co'puting pl!tfo"' t%!t 'eet& t%e condition& in t%e ,ec%rity +olicyc!n *e u&ed to %o&t ! #S140:2 v!lid!ted #S O*ect ?odule p"ovided t%!t 'odule i& gene"!ted in !cco"d!nce it% t%e,ec%rity +olicy.

t t%e ti'e t%e Open,,# *$+, Ob4ect 7od%le v(.!& developed, !ll +ni;/15:lie envi"on'ent&&uppo"ted * t%e full OpenSSL di&t"i*ution e"e !l&o &uppo"ted * t%e #S v!lid!ted &ou"ce file&included in t%e #S O*ect ?odule. oeve", &ucce&&ful co'pil!tion of t%e #S O*ect ?odulefo" !ll &uc% pl!tfo"'& !& not ve"ified. f !n pl!tfo"' &pecific co'pil!tion e""o"& occu" t%!t c!nonl *e co""ected * 'odific!tion of t%e #S di&t"i*ution file& (&ee ppendi; @ of t%e ,ec%rity+olicy), t%en t%e #S O*ect ?odule ill not *e v!lid!ted fo" t%!t pl!tfo"'.

t i& !l&o noted t%!t ! pl!tfo"' %ic% i& cu""entl &uppo"ted (*ut unte&ted) '! not *e &uppo"ted int%e futu"e !& "evi&ion& !"e '!de to t%e #S v!lid!ted &ou"ce&. #o" e;!'ple, ! c%!nge '!de fo" onepl!tfo"' '! !dve"&el !ffect !not%e", unte&ted pl!tfo"'.

@ def!ult, t%e #S O*ect ?odule &oft!"e utiliDe& !&&e'*l l!ngu!ge opti'iD!tion& fo" &o'e&uppo"ted pl!tfo"'&. u""entl !&&e'*le" l!ngu!ge code "e&iding it%in t%e c"ptog"!p%ic 'odule*ound!" i& u&ed fo" t%e ;86-ntel16BL# !nd ?17'!c%ine !"c%itectu"e&. $%e #S O*ect?odule *uild p"oce&& ill !uto'!tic!ll &elect !nd include t%e&e !&&e'*l "outine& * def!ult%en *uilding on ! ;86 pl!tfo"'. $%e !&&e'*l l!ngu!ge code !& included in t%e v!lid!tionte&ting, &o ! #S O*ect ?odule *uilt u&ing t%e ;86-ntel/!&&e'*l l!ngu!ge "outine& ill "e&ultin ! #S 140:2 v!lid!ted O*ect ?odule. &&e'*l L!ngu!ge !nd Opti'iD!tion& !"e di&cu&&ed indet!il in Section 3.2.3 &&e'*le" Opti'iD!tion&.

3.1 -uild n&ironment Re/uirements

$%e pl!tfo"' po"t!*ilit of t%e #S O*ect ?odule &ou"ce code i& contingent on &eve"!l *!&ic!&&u'ption& !*out t%e *uild envi"on'ent

1. $%e envi"on'ent i& eit%e" !) F+ni;/:lieH it% !makeco''!nd !nd ! ldco''!nd it%! F-rH (o" F-iH) option, o" ?ic"o&oft >indo&.

"e!tion of t%e 'onolit%ic #S O*ect ?odule fipscanister.o"eCui"e& ! line"

c!p!*le of 'e"ging &eve"!l o*ect 'odule& into one. $%i& "eCui"e'ent i& non to *e !p"o*le' it% ?S !nd &o'e olde" ve"&ion& of LD.EXEunde" >indo&/.

15+GM i& ! "egi&te"ed t"!de'!" of $%e Open ="oup16ntel i& ! "egi&te"ed t"!de'!" of t%e ntel o"po"!tion17? i& ! t"!de'!" of ? Li'ited.

!ge 27 of 207


28/207


2. $%e co'pile" i& "eCui"ed to pl!ce v!"i!*le& decl!"ed it% t%e constCu!lifie" in ! "e!d:onl

&eg'ent. $%i& *e%!vio" i& t"ue of !l'o&t !ll 'ode"n co'pile"&. f t%e co'pile" f!il& to do&o t%e condition ill *e detected !t "un:ti'e !nd t%e in:co"e %!&%ing integ"it c%ec ill

f!il.

3. $%e pl!tfo"' &uppo"t& e;ecution of co'piled code on t%e *uild &&te' (i.e. *uild %o&t !ndt!"get !"e *in!" co'p!ti*le) o" !n !pp"op"i!te inco"e utilit i& !v!il!*le to c!lcul!te t%edige&t f"o' t%e on:di& "e&ident o*ect code. See fu"t%e" di&cu&&ion of c"o&&:co'pil!tion in3.4.

4. "o&&:co'pil!tion u&e& ! tec%niCue fo" dete"'ining t%e integ"it c%ec dige&t t%!t '! noto" fo" !ll c"o&&:co'pil!tion envi"on'ent&, &o e!c% &uc% ne envi"on'ent 'u&t *e!n!lDed fo" &uit!*ilit. See fu"t%e" di&cu&&ion of c"o&&:co'pil!tion in 3.4.

3.2 0non Supported Plat$orms

$%e gene"!tion of ! 'onolit%ic o*ect 'odule !nd t%e in:co"e %!&%ing integ"it te&t %!ve *eenve"ified to o" it% *ot% &t!tic !nd &%!"ed *uild& on t%e folloing pl!tfo"'& (note t%e ./configsharedoption i& fo"*idden * t%e te"'& of t%e v!lid!tion %en *uilding ! #S v!lid!ted'odule, *ut t%e fipscanister.oo*ect 'odule c!n *e u&ed in ! &%!"ed li*"!"18). Gote !&ucce&&ful *uild of t%e #S 'odule '! *e po&&i*le on ot%e" pl!tfo"'& onl t%e folloing e"ee;plicitl te&ted !& of t%e d!te t%i& docu'ent !& l!&t upd!ted

nd"oid/19on ?v72032 *it nd"oid/on ?v7 it% GBOG 32 *it :+M/21, on 64 it% 32 !nd 64 *it Linu;/22on ?v6, ?v7 32 *it Linu; on ;86:64 32 !nd 64 *it Linu; on ;86:64 32 it% SSB2 !nd 64 *it Linu; on ;86:64 it% BS:G 32 !nd 64 *it Linu; on oe"/23

Sol!"i&/24on ;86:64 it% 32 !nd 64 *it Sol!"i&/on Sv925it% 32 !nd 64 *it Sol!"i&/on ;86:64 it% SSB2 32 !nd 64 *it >indo&/on ;86:64 it% SSB2 32 !nd 64 *it

18 convenient ! of gene"!ting ! &%!"ed li*"!" cont!ining fipscanister.oi& di&cu&&ed in ppendi; @19

nd"oid i& ! t"!de'!" of =oogle nc.20?, i& ! t"!de'!" o" "egi&te"ed t"!de'!" of ? Ltd o" it& &u*&idi!"ie&.21:+M i& ! "egi&te"ed t"!de'!" of elett:!c!"d o'p!n.22Linu; i& t%e "egi&te"ed t"!de'!" of Linu& $o"v!ld& in t%e +.S. !nd ot%e" count"ie&.23oe" i& ! t"!de'!" of nte"n!tion!l @u&ine&& ?!c%ine& o"po"!tion in t%e +nited St!te&, ot%e" count"ie&, o"*ot%.24Sol!"i& i& ! "egi&te"ed t"!de'!" of O"!cle !nd-o" it& !ffili!te&.25S/ i& ! "egi&te"ed t"!de'!" of S nte"n!tion!l, nc.

!ge 28 of 207


29/207


ulinu;/26on ?v4 ;>o"&/27on ?S/28

indo& B on ?v7 Get@Sindo& B

Get@Sind ive" S&te'&, nc.28?S i& ! t"!de'!" o" "egi&te"ed t"!de'!" of ?S $ec%nologie&, nc. in t%e +nited St!te& !nd ot%e" count"ie&.29$ i& ! "egi&te"ed t"!de'!" of $e;!& n&t"u'ent& nco"po"!ted30pple !nd iOS !"e "egi&te"ed t"!de'!"& of pple nc.31Get@S


30/207


Pl(tfor %ross eference

?v7

?v7 GBOG

64 32 *it

64 64 *it

?S

oe"

Sv9 32 *it

Sv9 64 *it

;86:64 32 *it

;86:64 64 *it

;86:64 SSB2 32 *it

;86:64 SSB2 64 *it

;86:64 BS:G 32 *it

;86:64 BS:G 64 *it

!able 0.(

co''onl !&ed Cue&tion i& doe& t%i& v!lid!tion e;tend to ' &pecific pl!tfo"' ME #o"in&t!nce Fi& u&e of t%e ?odule v!lid!ted on entOS ;86:64 %en entOS !& not fo"'!ll te&ted*ut #edo"! !&EH O" Fi& u&e it% Linu; e"nel 2.6.35 v!lid!ted %en onl 2.6.33 !& fo"'!ll

te&tedEH +nfo"tun!tel t%e"e i& no %!"d !nd f!&t !n&e" to &uc% Cue&tion&.

@!&ed on e;ten&ive di&cu&&ion& ove" t%e e!"& e %!ve developed &o'e info"'!l "ule& of t%u'* todete"'ine %en ! given t!"get pl!tfo"' co""e&pond& it% ! fo"'!ll te&ted pl!tfo"' (Ope"!tion!lBnvi"on'ent)

ule& of t%u'*

!ge 30 of 207

I$%ortant Disc"ai$er

Only t:e C7;+ can provide a%t:oritative ans'ers to 1%estionsabo%t *$+, )-/(. !:e follo'ing disc%ssion represents t:e %n/enlig:tened and non/a%t:oritative opinions of persons andinstit%tions lacking any official standing to interpret t:e meaning orintent of *$+, )-/( or t:e validation process. C7;+ g%idanceal'ays takes precedence over any statements in t:is doc%ment.


31/207


1.


32/207


1. endo" o" u&e" !ffi"'!tion pe" &ection =.5 of t%e 'ple'ent!tion =uid!nce docu'ent(efe"ence 3). $%i& topic i& di&cu&&ed in 'o"e det!il in 5.5.

2. c%!nge lette" 'odific!tion to e;tend !n e;i&ting v!lid!tion to include t%e pl!tfo"' ofinte"e&t. $%e c%!nge lette" p"oce&& c!n often *e pe"fo"'ed in ! fe ee& it% ! p"ice t!gin t%e lo five figu"e&, !& oppo&ed to t%e '!n 'ont%& !nd %ig% five figu"e to lo &i; figu"ep"ice t!g of ! convention!l full v!lid!tion.

3. full v!lid!tion leve"!ging t%e &ou"ce code !nd docu'ent!tion f"o' t%e OpenSSL #SO*ect ?odule v!lid!tion. Suc% ! p"iv!te l!*el v!lid!tion ill &till t!e '!n 'ont%& *uti& tpic!ll 'uc% le&& e;pen&ive t%!n !n un"el!ted v!lid!tion. n !dv!nt!ge of t%e p"iv!tel!*el v!lid!tion i& t%!t upon fo"'!ll eng!ging !n !cc"edited te&t l!* t%e vendo" *eco'e&eligi*le35to %!ve t%e p"o&pective 'odule li&ted on t%e ?odule& n "oce&& li&t36(%ttp--c&"c.ni&t.gov-g"oup&-S$?-c'vp-docu'ent&-140:1-140n"oce&&.pdf). $%e p"e&enceof ! vendo" 'odule on t%!t li&t i& ! &ufficient condition fo" co'pletion of '!n p"ocu"e'ent!ction& in t%e +.S. 1 u1 1

35St"ictl &pe!ing t%e te&t l!* 'u&t !l&o *e in po&&e&&ion of d"!ft& of !ll "eCui"ed docu'ent!tion. n t%e c!&e of p"iv!tel!*el v!lid!tion& clo&el 'odeled on !n OpenSSL #S O*ect ?odule v!lid!tion t%!t i& "e!dil !cco'pli&%ed, u&u!ll*efo"e t%e fo"'!l cont"!ct it% t%e te&t l!* i& e;ecuted.36$%e ?odule in "oce&& li&t i& often "efe""ed to !& t%e p"e:v!l li&t.

!ge 32 of 207


33/207


%ode P(th %o(nd Set

Linu;-+ni; >indo&

epresent(tive Pl(tfor

Linu;-+ni; >indo&

pu"e 64 *it +2 >2 u1 2

;86 !&&e'*le" +3 >3 u2 3

;86:64 !&&e'*le" +4 >4 u2 4

!able 0.(.)a / Code +at:s and Command ,ets

%e"e t%e co''!nd &et& !"e

%o(nd Set N(e 1uild %o(nds

+1 Linu;-+ni;, pu"e ./config no-asmmake

make install+2 Linu;-+ni; it% ;86-;86:64

opti'iD!tion&./config

make

make install

>1 >indo&, pu"e ms\do_fips no-asm

>2 >indo& it% ;86-;86:64 opti'iD!tion& ms\do_fips

0.(.)b / Command ,ets

$%e !ctu!l "ep"e&ent!tive &&te'& te&ted fo" t%e v!lid!tion e"e

&eneric S'ste$ (ct)a" S'ste$

*S + Processor + *%ti$i,ation

1 nd"oid 2.2 on ?v7 it%GBOG

nd"oid 2.2 ($indo& 732 *it

ntel ele"on (;86) Gone

4 uLinu; on ?v4 ulinu; 0.9.29 ? 922$ (?v4) Gone

!ge 33 of 207


34/207




5 Linu; 2.6 on ;86 it% BS:G64 *it

#edo"! 14 ntel o"e i5 (;86) BS:G

6 :+M 11 on 64 32 *it :+M 11i (%pu;:i!64:cc, 32 *it 'ode)

ntel t!niu' 2 (64) Gone

7 :+M 11 on 64 64 *it :+M 11i (%pu;64:i!64:cc, 64 *it 'ode)

ntel t!niu' 2 (64) Gone

8 Linu; on ;86 32*it +*untu 10.04 ntel entiu' $4200 (;86) Gone

9 nd"oid 2.2 on ?v7(duplic!te of pl!tfo"' 2)

nd"oid 2.2(?oto"ol! Moo')

Gindo& on ;86 64 *it ?ic"o&oft >indo& 764 *it

ntel entiu' 4 (;86) Gone

12 Linu; 2.6 on ;86 it% BS:G32 *it

+*untu 10.04 32 *it ntel o"e i5 (;86) BS:G

13 Linu; 2.6 on (duplic!te ofpl!tfo"' 10)

Linu; 2.6.33 oe"32 e300 () Gone

16 nd"oid 2.2 on ?v7 it%GBOG (duplic!te of pl!tfo"'1)

nd"oid 2.2 O? 3530 (?v7) GBOG

17 64;V


35/207




28 Sol!"i& 11 on ;86:64 it%BS:G 64 *it

Sol!"i& 11 64*it ntel Meon 5260 (;86) BS:G

29 O"!cle Linu; 5 on ;86:64 64*it

O"!cle Linu; 5 64*it ntel Meon 5260 (;86) Gone

30 !&c!deOS 6.1 3 on ;86 32 *it !&c!deOS 6.1 32*it ntel entiu' $4200 (;86) Gone

31 !&c!deOS 6.1 3 on ;86 64 *it !&c!deOS 6.1 64*it ntel entiu' $4200 (;86) Gone

32 Linu; 2.6 on ;86:64 32 *it +*untu 10.04 32*it ntel entiu' $4200 (;86) Gone

33 Linu; 2.6 on ;86:64 64 *it +*untu 10.04 64*it ntel entiu' $4200 (;86) Gone

34 O"!cle Linu; 5 on ;86:64 it%

BS:G

O"!cle Linu; 5 ntel Meon 5675 (;86) BS:G

35 O"!cle Linu; 6 on ;86:64 O"!cle Linu; 6 ntel Meon 5675 (;86) Gone

36 O"!cle Linu; 6 on ;86:64 it%BS:G

O"!cle Linu; 6 ntel Meon 5675 (;86) BS:G

37 Sol!"i& 11 32*it on Sv9 Sol!"i& 11 32*it S:$3 (Sv9) Gone

38 Sol!"i& 11 64*it on Sv9 Sol!"i& 11 64*it S:$3 (Sv9) Gone

39 nd"oid 4.0 on ?v7 nd"oid 4.0(?oto"ol! Moo')

Gindo& 2008 32:*it unde"

vSp%e"e on ;86:64

>indo& 2008 Meon B3:1220v2 (;86) Gone

48 >indo& 2008 64:*it unde"vSp%e"e on ;86:64

>indo& 2008 Meon B3:1220v2 (;86) Gone

49 BL 6 32:*it on ;86:64 BL 6 Meon B3:1220v2 (;86) Gone

50 BL 6 64:*it on ;86:64 BL 6 Meon B3:1220v2 (;86) Gone

!ge 35 of 207


36/207




51 >indo& 7 64:*it on ;86:64it% BS:G

>indo& 7 ntel o"e i5:2430? (;86) BS:G

52 nd"oid 4.1 on ?v7 nd"oid 4.1 $


37/207




69 +*untu 13.04 on ?v7 it%GBOG

+*untu 13.04 ?335; o"te;:8 (?v7) GBOG

70 Linu; 3.8 on ?v5$BJ Linu; 3.8 ?926 (?v5$BJ) Gone

71 Linu; 3.4 unde" it"i;MenSe"ve" on ;86:64

Linu; 3.4 unde"it"i; MenSe"ve"

ntel Meon B5:2430L (;86) Gone

72 Linu; 3.4 unde" it"i;MenSe"ve" on ;86:64 it%BS:G

Linu; 3.4 unde"it"i; MenSe"ve"

ntel Meon B5:2430L (;86) BS:G

73 Linu; 3.4 unde" ?!"e BSMon ;86:64

Linu; 3.4 unde"?!"e BSM


74 Linu; 3.4 unde" ?!"e BSMon ;86:64 it% BS:G

Linu; 3.4 unde"?!"e BSM


75 Linu; 3.4 unde" ?ic"o&oftpe": on ;86:64

Linu; 3.4 unde"?ic"o&oft pe":


76 Linu; 3.4 unde" ?ic"o&oftpe": on ;86:64 it% BS:G

Linu; 3.4 unde"?ic"o&oft pe":


77 pple iOS 6.0 on ?v7 pple iOS 6.0 pple 5 - ? o"te;:9

(?v7)

Gone

78 pple iOS 6.0 on ?v7 it%GBOG

pple iOS 6.0 pple 5 - ? o"te;:9

(?v7)

GBOG

79 e;OS 1.0 unde" vSp%e"e on;86:64

e;OS 1.0 unde"vSp%e"e


80 e;OS 1.0 unde" vSp%e"e on;86:64 it% BS:G

e;OS 1.0 unde"vSp%e"e


81 Linu; 2.6 on Linu; 2.6 #"ee&c!le e500v2 () Gone

82 c!nOS 1.0 on ;86:64 c!nOS 1.0 ntel o"e i7:3612KB (;86) Gone

83 c!nOS 1.0 on ;86:64 it%BS:G

c!nOS 1.0 ntel o"e i7:3612KB (;86) BS:G

84 c!nOS 1.0 on ?v5 c!nOS 1.0 ntel o"e i7:3612KB (;86) Gone

85 #"ee@S< 8.4 on ;86:64 #"ee@S< 8.4 ntel Meon B5440 (;86) Gone

86 #"ee@S< 9.1 on ;86:64 #"ee@S< 9.1 Meon B5:2430L (;86) Gone

!ge 37 of 207


38/207




87 #"ee@S< 9.1 on ;86:64 it%BS:G

#"ee@S< 9.1 Meon B5:2430L (;86) BS:G

88 "*OS 5.3 on ;86:64 "*OS 5.3 Meon B5645 (;86) Gone

89 "*OS 5.3 on ;86:64 it%BS:G

"*OS 5.3 Meon B5645 (;86) BS:G

90 Linu; OLBS 2.6 on?v5

Linu; OLBS2.6

SBB< S$:Se"ie& (?v5) Gone

91 Linu; OLBS 2.6 on?v5

Linu; OLBS2.6

B'ule; LO$ 3 (?v5) Gone


93 #"ee@S< 9.2 on ;86:64 it%BS:G

#"ee@S< 9.2 Meon B5:2430L (;86) BS:G


95 #"ee@S< 10.0 on ;86:64 it%BS:G

#"ee@S< 10.0 Meon B5:2430L (;86) B&:G

96

97

98

99

100

!able 0.(.)c / Representative ,ystems

!.2.2 !2 &eru 4 Bit /rcitecture

?!n 64 *it pl!tfo"'& p"ovide *!c!"d co'p!ti*le &uppo"t fo" 32 *it code vi! %!"d!"e o"&oft!"e e'ul!tion. Soft!"e *uilt on ! 32 *it ve"&ion of ! &pecific ope"!ting &&te' ill gene"!ll"un !&:i& on t%e eCuiv!lent 64 *it ve"&ion of t%!t ope"!ting &&te'. Soft!"e *uilt on ! 64 *itope"!ting &&te' c!n *e eit%e" 32 *it o" 64 *it code depending on vendo" *uild envi"on'ent

def!ult& !nd e;plicit *uild ti'e option&. n &uc% 64 *it code ill not "un on ! 32 *it eCuiv!lentope"!ting &&te', &o c!"e 'u&t *e t!en %en co'piling code fo" di&t"i*ution to *ot% 32 !nd 64 *it&&te'&.

@ def!ult t%e #S O*ect ?odule *uild p"oce&& ill gene"!te 64 *it code on 64 *it &&te'&.

!ge 38 of 207


39/207


Since t%e co''!nd &et& included in t%e v!lid!tion te&ting do not pe"'it t%e e;plicit &pecific!tion oft%e co'pile ti'e option& t%!t ould ot%e"i&e *e u&ed to &pecif t%e gene"!tion of 32 o" 64 *itcode, it '! *e nece&&!" fo" &o'e pl!tfo"'& to *uild ! 32 *it #S O*ect ?odule on ! 32 *it

&&te', !nd conve"&el fo" 64 *it.

t i& !l&o po&&i*le on 'o&t 64:*it pl!tfo"'& to in&t!ll ! 32:*it *uild envi"on'ent %ic% ould *e&uppo"ted. it%out GBOG2. >it% GBOG (?7 onl)

$%e "unti'e v!"i!*le OBGSSLA!"'c!pW0 di&!*le& u&e of GBOG opti'iD!tion& fo" ?.

!ge 39 of 207


40/207


f !ll opti'iD!tion level& %!ve not *een fo"'!ll te&ted fo" ! given pl!tfo"', c!"e 'u&t *e t!en tove"if t%!t t%e opti'iD!tion& en!*led !t "un:ti'e on !n t!"get &&te'& co""e&pond to ! fo"'!llte&ted pl!tfo"'. #o" in&t!nce, if >indo& on ;86 32:*it !& fo"'!ll te&ted *ut >indo& on

;86 it% BS:G 32:*it !& not37

t%en t%e ?odule ould *e v!lid!ted %en e;ecuted on ! non:BS:G c!p!*le t!"get p"oce&&o", *ut ould not*e v!lid!ted %en e;ecuted on !n BS:G c!p!*le&&te'. Gote t%e p"oce&&o" opti'iD!tion c!p!*ilitie& ill often not *e o*viou& to !d'ini&t"!to"& o"end u&e"& in&t!lling &oft!"e.

>%en t%e t!"get pl!tfo"'& !"e not non to %!ve c!p!*ilitie& co""e&ponding to te&ted pl!tfo"'&t%en t%e "i& of in!dve"tentl utiliDing t%e unv!lid!ted opti'iD!tion& !t "un:ti'e c!n c!n *e !voided* &etting t%e !pp"op"i!te envi"on'ent v!"i!*le& !t "un:ti'e38

,is(blin' run$tie select(ble optii?(tions

Pl(tfor 4nvironent >(ri(ble >(lue

;86-;86:64 OBGSSLAi!32c!p X0;200000200000000

? OBGSSLA!"'c!p 0

3.3 Creation o$ Shared !i)raries

$%e #S O*ect ?odule i& not di"ectl u&!*le !& ! &%!"ed li*"!", *ut it c!n *e lined into !n!pplic!tion t%!t i& ! &%!"ed li*"!". F#S co'p!ti*leH OpenSSL di&t"i*ution ill !uto'!tic!llinco"po"!te !n !v!il!*le #S O*ect ?odule into t%e libcrypto&%!"ed li*"!" %en *uilt u&ingt%e fipsoption (&ee A4.2.3).

3.4 Cross+ompilation

o'pile"& !nd line"& !"e &ep!"!te p"og"!'& %ic% o" toget%e" to gene"!te o*ect code fo" !t!"get &&te'. $%e !"e !l&o p"og"!'& co'po&ed of o*ect code t%!t i& e;ecuted on t%e *uild&&te'. >%en t%e *uild !nd t!"get &&te'& !"e t%e &!'e e &! t%e p"oce&& i& "efe""ed to !& !n!tive *uild %en t%e !"e diffe"ent it i& "efe""ed to !& ! c"o&&:co'pil!tion *uild.

?!n co'pile"& !nd line"& (o" *uild envi"on'ent& cont!ining co'pile"& !nd line"&) !"e c!p!*leof c"e!ting o*ect code fo" 'ultiple t!"get pl!tfo"'&. #o" t%e c!&e of t%e n!tive *uild t%e./config co''!nd39!uto'!tic!ll dete"'ine& t%e t!"get &&te' f"o' t%e c%!"!cte"i&tic& of t%e

*uild &&te'. $%i& dete"'in!tion i& '!de * &etting ! &e"ie& of v!"i!*le& t%!t !"e u&ed to &elect !n

37$%i& !& t%e c!&e !& of t%e initi!l OpenSSL #S O*ect ?odule 2.0 v!lid!tion, t%oug% &uc% pl!tfo"'& '! *e !dded* &u*&eCuent 'odific!tion&.38n !lte"n!tive i& to &pon&o" t%e !ddition of t%e un&uppo"ted pl!tfo"' opti'iD!tion to t%e v!lid!ted ?odule39?ic"o&oft >indo& pl!tfo"'& !"e %!ndled &o'e%!t diffe"entl !nd !"e di&cu&&ed el&e%e"e.

!ge 40 of 207


41/207


!"*it"!" !"c%itectu"e l!*el defined in t%e ./Configureco''!nd t%!t i& invoed *./config. $%i& !"c%itectu"e l!*el c!n *e di&pl!ed it% t%e -t co''!nd line option

$ ./config -tOperating system: i686-whatever-linux2

Configuring for linux-elf

/usr/bin/perl ./Configure linux-elf -march=pentium -Wa,--

noexecstack

$

n t%i& e;!'ple t%e !"c%itectu"e t!"get i& linu;:elf !nd t%e ./Configureco''!nd ill *e

invoed it% t%e !ddition!l !"gu'ent& -march=pentium -Wa,--noexecstack .

$%i& i'plicit dete"'in!tion of t%e t!"get !"c%itectu"e c!n *e ove""idden * '!nu!ll &pecifing t%e

!pp"op"i!te envi"on'ent v!"i!*le&. $%i& e;plicit dete"'in!tion i& option!l !nd unnece&&!" fo"n!tive *uild&, *ut "eCui"ed fo" c"o&&:co'pil!tion. tpic!l e;!'ple i& &%on %e"e fo" c"o&&:co'pil!tion fo" t%e nd"oid ? t!"get pl!tfo"'

#!/bin/sh

# Edit this to wherever you unpacked the NDK

export ANDROID_NDK=$PWD

# Edit to wherever you put incore script

export FIPS_SIG=$PWD/incore

# Shouldn't need to edit anything past here.

PATH=$ANDROID_NDK/android-ndk-r4b/build/prebuilt/linux-x86/arm-eabi-4.4.0/bin:$PATH ; export PATH

export MACHINE=armv7l

export RELEASE=2.6.32.GMU

export SYSTEM=android

export ARCH=arm

export CROSS_COMPILE="arm-eabi-"

export ANDROID_DEV="$ANDROID_NDK/android-ndk-

r4b/build/platforms/android-8/arch-arm/usr"

export HOSTCC=gcc

>it% t%o&e envi"on'ent v!"i!*le& &pecified on ! Linu; ;86 &&te' t%e ./configno &elect& !diffe"ent t!"get !"c%itectu"e

$ ./config -t

Operating system: armv7l-whatever-android

Configuring for android-armv7

!ge 41 of 207


42/207


/usr/bin/perl ./Configure android-armv7 -Wa,--noexecstack

$

>%en *uilding u&ing c"o&&:co'pil!tion ! diffe"ent tec%niCue 'u&t *e u&ed to dete"'ine t%ee'*edded integ"it c%ec dige&t v!lue. #o" n!tive *uild& !n inte"i' e;ecut!*le i& c"e!ted !nde;ecuted to c!lcul!te t%i& dige&t f"o' live 'e'o", in t%e &!'e ! t%!t t%e dige&t i& c!lcul!ted !t"unti'e du"ing t%e OS$ integ"it te&t. >%en c"o&&:co'piling t%!t tec%niCue c!nnot *e u&ed*ec!u&e t%e c"o&&:co'piled e;ecut!*le& c!nnot (in gene"!l) *e "un on t%e *uild %o&t.

n&te!d of *uilding !nd e;ecuting !n inte"i' e;ecut!*le, ! &peci!l pu"po&e utilit i& u&ed toc!lcul!te t%e dige&t * e;!'ining t%e c"o&&:co'piled o*ect code !& it "e&ide& on di&. One &uc%utilit, incore, i& p"ovided to %!ndle BL# fo"'!t&. Bven t%oug% t%i& utilit i& effectivel pl!tfo"'neut"!l on 'o&t Linu;:lie ope"!ting &&te'& , t%e p"oce&& !& ! %ole i& not de&igned to o" it%!"*it"!" BL# code !nd c!n *e "elied on onl fo" e;plicitl ve"ified c"o&&:co'pile c!&e& !& "eflectedin fips?fipscanister.c. cco''od!tion of ne c"o&&:co'pil!tion t!"get& i& liel to *e t"ivi!l *utill &till "eCui"e &ep!"!te v!lid!tion.

$%u&, !lt%oug% t%e incoreutilit i& t%eo"etic!ll c!p!*le of %!ndling !"*it"!" BL# *in!" code(n!tive o" not), it i& not u&ed in non:c"o&&:co'pile-n!tive c!&e&. "o&&:co'piled non:BL#pl!tfo"'& ould "eCui"e diffe"ent utilitie& !nd &ep!"!te v!lid!tion.

n gene"!l t%e co'pile" i& "eCui"ed to &eg"eg!te con&t!nt d!t! in ! contiguou& !"e! (e.g. * pl!cingit in ! dedic!ted &eg'ent) to co'pile t%e #S 'odule. So'e co'pile"& e"e found to f!il to 'eett%e con&t d!t! &eg'ent "eCui"e'ent. n t%e c!&e& %e"e t%e e""!nt *e%!vio" !& o*&e"ved, t%eco'pile" !& in&t"ucted to gene"!te po&ition:independent code40.

n &uc% c!&e& it 'ig%t *e po&&i*le to "ectif t%e p"o*le' * defining t%e fipsconstseg'!c"o infips?fipssyms.:!nd %!"'oniDing t%!t definition it% decl!"!tion of*$+,rodatastart!nd*$+,rodataendin fips?fipscanister.c. +nfo"tun!tel, &uc% !n !pp"o!c% ill "eCui"e ! &ep!"!te#S 140:2 v!lid!tion, %oeve".

40$%e p"i'!" "e!&on fo" co'piling t%e #S 2.0 'odule it% /f+$Ci& fo" ve"&!tilit, &o t%!t t%e fipscanister o*ect'odule ill *e u&!*le in eit%e" t%e conte;t of ! &t!tic!ll:lined !pplic!tion o" dn!'ic li*"!". +&e of non: codei& in!pp"op"i!te in ! dn!'ic li*"!", *ut lining &t!tic!ll !& p"oven to o" on !ll te&ted pl!tfo"'&. $%u&,%e"e &uc% ve"&!tilit i& not of inte"e&t t%en /f+$Ccould *e d"opped to t!"get &t!tic!ll:lined !pplic!tion& onl. &ep!"!te v!lid!tion ill *e "eCui"ed, of cou"&e.

!ge 42 of 207


43/207


4. Generating te FIPS '()ect odule

$%i& &ection de&c"i*e& t%e c"e!tion of ! #S O*ect ?odule fo" &u*&eCuent u&e * !n !pplic!tion.$%e ,ec%rity +olicyp"ovide& p"ocedu"e& fo" !cCui"ing, ve"ifing, *uilding, in&t!lling, p"otecting,!nd initi!liDing t%e #S O*ect ?odule. n c!&e of di&c"ep!ncie& *eteen t%e >ser G%ide!nd t%e,ec%rity +olicy, t%e ,ec%rity +olicy&%ould *e u&ed.

#in!ll, "ec!ll f"o' Section 2.4.2, Ob4ect 7od%le 5#ink !ime& $ntegrity, t%!t !pplic!tion& lin!g!in&t libcrypto.soo" libcrypto.a, !nd not di"ectl to fipscanister.o.

4.1 eli&ery o$ Sour+e Code

$%e OpenSSL #S O*ect ?odule &oft!"e i& onl !v!il!*le in &ou"ce fo"'!t. $%e &pecific &ou"ce

code di&t"i*ution& c!n *e found !t %ttp--.open&&l.o"g-&ou"ce-41. !& file& it% n!'e& of t%e fo"'openssl/fip/(..N.tar.g9%e"e t%e "evi&ion nu'*e"N"eflect& &ucce&&ive e;ten&ion& of t%e #SO*ect ?odule to &uppo"t !ddition!l pl!tfo"'&

%ttp--.open&&l.o"g-&ou"ce-open&&l:fip&:2.0.t!".gD%ttp--.open&&l.o"g-&ou"ce-open&&l:fip&:2.0.1.t!".gD%ttp--.open&&l.o"g-&ou"ce-open&&l:fip&:2.0.2.t!".gD

$%e l!te&t "evi&ion ill *e &uit!*le fo" !ll te&ted pl!tfo"'&, %e"e!& e!"lie" "evi&ion& ill o" onlfo" t%e pl!tfo"'& te&ted !& of t%!t "evi&ion.

$%e ? int"oduced &ignific!nt ne "eCui"e'ent& fo" ve"ific!tion of t%e 2.0 &ou"ce codedi&t"i*ution. $%i& "eCui"e'ent i& di&cu&&ed in 'o"e det!il in 4.1.3 *ut in &u''!", it c!n nolonge" *e donlo!ded !nd u&ed !& *efo"e. t"u&ted p!t% 'u&t *e u&ed fo" t"!n&fe" of t%e &ou"cecode di&t"i*ution.

t p"e&ent t%e one 'et%od non to &!ti&f t%e Ft"u&ted p!t%H "eCui"e'ent i&o*t!in t%e &ou"ce code di&t"i*ution f"o' t%e vendo" of "eco"d (OS#) onp%&ic!l 'edi! (


44/207


#o" e!c% of t%e openssl-fips-2.0.N.tar.gzdi&t"i*ution& t%e"e i& !l&o ! di&t"i*ution file

it% t%e n!'e of t%e fo"' openssl-fips-ecp-2.0.N.tar.gz. $%e&e ecp di&t"i*ution&!"e t%e &!'e !& t%e co""e&ponding 2.0.Ndi&t"i*ution& it% *in!" cu"ve B o'itted (&ee Section

6.5).

Gote OS# "eco''end& t%!t t%e donlo!ded t!"*!ll& *e con&ide"ed unt"u&ted fo" !n pu"po&e untilve"ified !& de&c"i*ed in 4.1.2.

4.1.1 *reation of a FIPS '()ect odule from 'ter Source *ode

?!n OpenSSL di&t"i*ution& ot%e" t%!n t%e &pecific di&t"i*ution& u&ed fo" t%e v!lid!tion c!n *eu&ed to *uild ! fipscanister.oo*ect u&ing undocu'ented *uild:ti'e option&. $%e "e!de" i&"e'inded t%!t !n &uc% o*ect code cannot*e u&ed o" "ep"e&ented !& #S 140:2 v!lid!ted. $%eSecu"it olic docu'ent i& ve" cle!" on t%!t point.

4.1.2 3erifying Integrity of itri(ution +Bet Practice,$%i& &tep i& option!l !nd not '!nd!ted * t%e #S140:2 v!lid!tion. t i& !l&o not "ecogniDed !&%!ving !n v!lue * t%e ?, *ut i& con&ide"ed ! *e&t p"!ctice * t%e OpenSSL te!' fo" !ll&oft!"e donlo!d& f"o' OpenSSL.

$%e integ"it !nd !ut%enticit of t%e co'plete OpenSSL di&t"i*ution &%ould *e v!lid!ted '!nu!llit% t%e = &ign!tu"e&42pu*li&%ed * t%e OpenSSL te!' it% t%e di&t"i*ution&(ftp--ftp.open&&l.o"g-&ou"ce- ) to gu!"d !g!in&t ! co""upted &ou"ce di&t"i*ution. Gote t%i& c%ec i&separate and distinctf"o' t%e ? '!nd!ted #S 140:2 &ou"ce file integ"it c%ec (4.1.3).

$%e = &ign!tu"e& !"e cont!ined in t%e file

openssl-fips-2.0.tar.gz.asc

$%i& digit!l &ign!tu"e of t%e di&t"i*ution file c!n *e ve"ified !g!in&t t%e OpenSSL = pu*lic e* u&ing t%e = o" == !pplic!tion& (== c!n *e o*t!ined f"ee of c%!"ge f"o'%ttp--.gnupg.o"g-)43. $%i& v!lid!tion con&i&t& of confi"'ing t%!t t%e di&t"i*ution !& &igned *! non t"u&ted e !& identified in ppendi; , FOpen,,# Distrib%tion ,igning eysH.

#i"&t, find out %ic% e !& u&ed to &ign t%e di&t"i*ution. n of &eve"!l diffe"ent v!lid e& '!%!ve *een u&ed fo" t%i& pu"po&e. $%e %e;!deci'!l e id, !n identifie" u&ed fo" loc!ting e& ont%e e&to"e &e"ve"&, i& di&pl!ed %en !tte'pting to ve"if t%e di&t"i*ution. f t%e &igning e i&not !l"e!d in ou" e"ing t%e %e;!deci'!l e id of t%e unnon e ill &till *e di&pl!ed

42Gote t%i& =-== &ign!tu"e c%ec i& not"el!ted to !n of t%e #S integ"it c%ec&R43Gote t%!t !lt%oug% = !nd == !"e function!ll inte"ope"!*le, &o'e ve"&ion& of = !"e cu""entl #S 140:2v!lid!ted !nd no ve"&ion& of == !"e. #o" t%e pu"po&e& of #S 140:2 v!lid!tion ! v!lid!ted ve"&ion of = 'u&t *eu&ed. $%e e;!'ple& given %e"e !"e !pplic!*le to *ot% == !nd =.

!ge 44 of 207

$ gpg openssl-1.0.1z.tar.gz.asc

gpg: Signature made Tue Sep 30 09:00:37 2009 using RSA key ID 49A563D9

gpg: Can't check signature: public key not found

$
ftp://ftp.openssl.org/source/http://www.gnupg.org/ftp://ftp.openssl.org/source/http://www.gnupg.org/


45/207


B;!'ple 4.1.2! : #ind d of Signing e

n t%i& e;!'ple t%e e id i& 0x49A563D9. Ge;t &ee if t%i& e id *elong& to one of t%e OpenSSL

co"e te!' 'e'*e"& !ut%o"iDed to &ign di&t"i*ution&. $%e !ut%o"iDed e& !"e li&ted in ppendi; .

Gote t%!t &o'e olde" ve"&ion& of pill not di&pl! t%e e id of !n unnon pu*lic e eit%e"upg"!de to ! nee" ve"&ion o" lo!d !ll of t%e !ut%o"iDed e&.

f t%e %e;!deci'!l e id '!tc%e& one of t%e non v!lid OpenSSL co"e te!' e& t%en donlo!d!nd i'po"t t%e e.

= e& c!n *e donlo!ded inte"!ctivel f"o' ! e&e"ve" e* inte"f!ce o" di"ectl * t%e ppo"pco''!nd&.

$%e %e;!deci'!l e id of t%e te!' 'e'*e" e (fo" e;!'ple, t%e &e!"c% &t"ing 0x49A563D9c!n *e u&ed to donlo!d t%e OpenSSL = e f"o' ! pu*lic e&e"ve"(%ttp--.e&e"ve".net-, %ttp--pgp.'it.edu, o" ot%e"&). e& c!n *e donlo!ded inte"!ctivel to!n inte"'edi!te file o" di"ectl * t%e ppo" pp"og"!'.

Once donlo!ded to !n inte"'edi!te file, markco2.keyin t%i& e;!'ple, t%e e c!n *e i'po"tedit% t%e co''!nd

ve"ifcdB;!'ple 4.1.2* : 'po"ting ! e f"o' !


46/207


$o ve"if t%!t t%e di&t"i*ution file !& &igned * t%e i'po"ted e u&e t%e ppo" p co''!ndit% t%e &ign!tu"e file !& t%e !"gu'ent, it% t%e di&t"i*ution file !l&o p"e&ent in t%e &!'e di"ecto"

B;!'ple 4.1.2d : = #ile Sign!tu"e e"ific!tion

n t%i& e;!'ple t%e v!lidit of t%e file &ign!tu"e it% "e&pect to t%e e !& ve"ified. $%!t i&, t%et!"get file openssl-fips-2.0.tar.gz!& &igned * t%e e it% id /&)563 $%e!"ning 'e&&!ge in t%i& e;!'ple i& !le"ting t%e e i& not p!"t of t%e e* of t"u&t, ! "el!tion!l"!ning &&te' *!&ed on '!nu!ll !&&igned confidence level&. n&te!d of "eling on t%e e* oft"u&t %ic% ill diffe" f"o' one u&e" to !not%e", t%e e &%ould *e '!tc%ed di"ectl to ! li&t ofnon v!lid e&.

$%e fin!l &tep of ve"ific!tion i& to e&t!*li&% t%!t t%e &igning e i& !ut%entic. $o do &o, confi"' t%ee finge"p"int of t%e e %ic% &igned t%e di&t"i*ution i& one of t%e v!lid OpenSSL co"e te!' e&li&ted in ppendi; , FOpen,,# Distrib%tion ,igning eysH. n t%i& e;!'ple, 7B 79 19 FA 71 6B87 25 0E 77 21 E5 52 D9 83 BFi& in f!ct !ut%entic !cco"ding to ppendi; .4.1.3 e"ifing nteg"it of t%e #ull


47/207


+SV1 877:OBGSSL(V1 877 673 6775)

ve"ifcdopen&&l.co'

n B:'!il cont!ining t%e full po&t!l !dd"e&& i& t%e p"efe""ed point of cont!ct. t i& ou" intention top"ovide t%e&e


48/207


49/207


4.2.2 Intalling and Protecting te FIPS '()ect odule

$%e &&te' !d'ini&t"!to" &%ould in&t!ll t%e gene"!ted fipscanister.o,

fipscanister.o.sha1, !nd fips_premain.cfile& in ! loc!tion p"otected * t%e %o&tope"!ting &&te' &ecu"it fe!tu"e&. $%e&e p"otection& &%ould !llo "ite !cce&& onl to !ut%o"iDed&&te' !d'ini&t"!to"& (#S 140:2 "pto Office"&) !nd "e!d !cce&& onl to !ut%o"iDed u&e"&.

#o" +ni;/*!&ed o" Linu;/&&te'& t%i& p"otection u&u!ll t!e& t%e fo"' of rootone"&%ip !ndpe"'i&&ion& of


50/207


ill *uild !nd in&t!ll t%e ne OpenSSL it%out ove""iting t%e v!lid!ted #S O*ect ?odulefile&. $%e FIPSDIR envi"on'ent v!"i!*le o" t%e ::with-fipsdir co''!nd line option c!n*e u&ed to e;plicitl "efe"ence t%e loc!tion of t%e #S O*ect ?odule (fipscanister.o).

$%e co'*in!tion of t%e v!lid!ted #S O*ect ?odule plu& !n OpenSSL di&t"i*ution *uilt in t%i&! i& "efe""ed to !& !*$+, capable Open,,#, !& it c!n *e u&ed eit%e" !& ! d"op:in "epl!ce'ent fo"! non:#S OpenSSL o" fo" u&e in gene"!ting #S 'ode !pplic!tion&.

Gote t%!t ! &t!nd!"d OpenSSL di&t"i*ution *uilt fo" u&e it% t%e #S O*ect ?odule 'u&t %!ve t%e./config fipsoption &pecified. Ot%e" configu"!tion option& '! *e &pecified in !ddition tofips, *ut o'i&&ion of t%e fipsoption ill c!u&e e""o"& %en u&ing t%e OpenSSL li*"!"ie& it%t%e #S O*ect ?odule.

4.3 -uilding and Installing the FIPS )*e+t Module ith penSS!

9indos8

$%e *uild p"ocedu"e fo" >indo& i& &i'il!" to t%!t fo" t%e "egul!" OpenSSL p"oduct, u&ing ?S!nd GS? fo" co'pil!tion. Gote ?S? i& not &uppo"ted.

$%e &econd &t!ge u&e& VV to lin OpenSSL 1.0.1 o" l!te" !g!in&t t%e in&t!lled #S 'odule, too*t!in t%e co'plete #S c!p!*le OpenSSL. @ot% &t!tic !nd &%!"ed li*"!"ie& !"e &uppo"ted.

4.!.1 Building te FIPS '()ect odule from Source

@uild t%e #S O*ect ?odule f"o' &ou"ce

ms\do_fips [no-asm]

%e"e t%e no-asmoption '! o" '! not *e p"e&ent depending on t%e pl!tfo"' (&ee 3.2.1).

Gote t%!t !& ! condition of t%e #S 140:2 v!lid!tion no ot%e" u&e" &pecified configu"!tion option&'! *e &pecified.

6.3.2 Inst(llin' (nd Protectin' the FIPS Object Module

$%e &&te' !d'ini&t"!to" &%ould in&t!ll t%e gene"!ted fipscanister.lib,

fipscanister.lib.sha1, !nd fips_premain.cfile& in ! loc!tion p"otected * t%e %o&tope"!ting &&te' &ecu"it fe!tu"e&. $%e&e p"otection& &%ould !llo "ite !cce&& onl to !ut%o"iDed&&te' !d'ini&t"!to"& (#S 140:2 "pto Office"&) !nd "e!d !cce&& onl to !ut%o"iDed u&e"&.

!ge 50 of 207


51/207


#o" ?ic"o&oft/>indo&/*!&ed &&te'& t%i& p"otection c!n *e p"ovided * L& li'iting "ite!cce&& to t%e administratorg"oup. >%en !ll &&te' u&e"& !"e not !ut%o"iDed u&e"& t%e Bve"one(pu*lic) "e!d !nd e;ecute pe"'i&&ion& &%ould *e "e'oved f"o' t%e&e file&.

4.!.! Building a FIPS *apa(le 'penSS

$%e fin!l &t!ge i& VV co'pil!tion of ! &t!nd!"d OpenSSL di&t"i*ution to *e "efe"enced inconunction it% t%e p"eviou&l *uilt !nd in&t!lled #S O*ect ?odule.

indo&/*uild p"ocedu"e e;ceptt%!tin&te!d of t%e co''!nd

perl Configure VC-WIN32

do

perl Configure VC-WIN32 fips --with-fipsdir=c:\fips\path

%e"e c:\fips\path i& %e"eve" t%e #S 'odule f"o' t%e fi"&t &t!ge !&in&t!lled. St!tic!nd &%!"ed li*"!" *uild& !"e &uppo"ted.

$%i& co''!nd i& folloed * t%e u&u!l

ms\do_nasm

!nd

nmake -f ms\ntdll.mak

to *uild t%e &%!"ed li*"!"ie& onl, o"

nmake -f ms\nt.mak

to *uild t%e OpenSSL &t!tic li*"!"ie&. $%e &t!nd!"d OpenSSL *uild it% t%e fipsoption ill u&e !*!&e !dd"e&& fo" libeay32.dllof 0xFB00000* def!ult. $%i& v!lue !& c%o&en *ec!u&e it i&unliel to conflict it% ot%e" dn!'ic!ll lo!ded li*"!"ie&. n t%e event of ! cl!&% it% !not%e"dn!'ic!ll lo!ded li*"!" %ic% ill t"igge" "unti'e "eloc!tion of libeay32.dll, t%e integ"it

c%ec ill f!il it% t%e e""o"

FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED

*!&e !dd"e&& conflict c!n *e "e&olved * &%uffling t%e ot%e"


52/207


Gote t%!t t%e develope" c!n identif %ic%


53/207


5. *reating /pplication 6ic "eference te FIPS '()ectodule

Onl 'ino" 'odific!tion& !"e needed to !d!pt 'o&t !pplic!tion& t%!t cu""entl u&e OpenSSL fo"c"ptog"!p% to u&e t%e #S c!p!*le OpenSSL it% t%e #S O*ect ?odule. $%e c%ecli&t in#igu"e 4 &u''!"iDe& t%e 'odific!tion& %ic% !"e cove"ed in 'o"e det!il in t%e folloingdi&cu&&ion

*ig%re - / Application C:ecklist

ppendi;cont!in& ! &i'ple *ut co'plete &!'ple !pplic!tion utiliDing t%e #S O*ect ?oduleit% OpenSSL !& de&c"i*ed in t%i& &ection.

5.1 6+lusi&e se o$ the FIPS )*e+t Module $or Cryptography

n o"de" fo" t%e "efe"encing !pplic!tion to cl!i' #S 140:2 v!lid!tion, !ll c"ptog"!p%ic function&utiliDed * t%e !pplic!tion 'u&t *e p"ovided e;clu&ivel * t%e #S O*ect ?odule. $%eOpenSSL u&ed in conunction it% t%e #S O*ect ?odule in #S 'ode i& de&igned to!uto'!tic!ll di&!*le !ll non:#S c"ptog"!p%ic !lgo"it%'&.

5.2 FIPS Mode Initiali:ation

So'e%e"e ve" e!"l in t%e e;ecution of t%e !pplic!tion #S 'ode 'u&t *e en!*led. $%i& &%ould*e done * invoc!tion of t%e FIPS_mode_set()function c!ll, eit%e" di"ectl o" indi"ectl !& in

t%e&e folloing e;!'ple&.

Gote t%!t it i& pe"'itted to noten!*le #S 'ode, in %ic% c!&e OpenSSL &%ould function !& it!l!& %!&. $%e !pplic!tion ill not, of cou"&e, *e ope"!ting in v!lid!ted 'ode.

$%e #SA'odeA&et() function c!ll %en invoed it% !n po&itive !"gu'ent ill en!*le t%e #S'ode of ope"!tion.


54/207


Option (F $ndirect call via O+EN,,#config5&

$%e OPENSSL_config()c!ll c!n *e u&ed to en!*le #S 'ode vi! t%e &t!nd!"d openssl.confconfigu"!tion file

!ge 54 of 207

#ifdef OPENSSL_FIPS

if(options.no_fips


55/207


$%e c!ll to OPENSSL_config("XXXX_conf")ill c%ec t%e &&te' def!ult OpenSSLconfigu"!tion file fo" ! &ection XXXX_conf. f &ection XXXX_confi& not found t%en t%e &ection

def!ult& to openssl_conf. $%e "e&ulting &ection i& c%eced fo" !n alg_section&pecific!tionn!'ing ! &ection t%!t c!n cont!in !n option!l Ffips_mode = yesH &t!te'ent.

Gote t%!t OPENSSL_config()%!& no "etu"n code. f ! configu"!tion e""o" occu"& it ill "ite toS$


56/207


#o" &t!tic lining t%e e'*edding of t%e "unti'e dige&t c!n *e !cco'pli&%ed in one of to !&

1. $o Step Lining it% nte"i' unti'e B;ecut!*le

B!"lie" ve"&ion& of t%e #S O*ect ?odule &uppo"ted onl t%i& tec%niCue, %e"e !n initi!l lini& pe"fo"'ed to c"e!te !n inte"i' e;ecut!*le %ic% i& t%en e;ecuted in t%e t!"get envi"on'ent toc!lcul!te !nd di&pl! t%e dige&t v!lue. &econd lin i& pe"fo"'ed to c"e!te t%e fin!l e;ecut!*leit% t%e e'*edded dige&t v!lue. $%i& to &tep p"oce&& i& tpic!ll pe"fo"'ed * t%e fip&lin.plutilit.

$%i& to &tep tec%niCue o"& ell enoug% fo" n!tive *uild&, %e"e t%e *uild &&te' !nd"unti'e t!"get &&te' !"e t%e &!'e, *ut i& !!"d !t *e&t fo" c"o&&:co'pil!tion due to t%e needto 'ove t%e inte"i' e;ecut!*le to t%e t!"get &&te', e;ecute it, !nd "et"ieve t%e c!lcul!teddige&t.

$%i& tec%niCue doe& %!ve t%e !dv!nt!ge of o"ing (!t le!&t in p"inciple) fo" !ll pl!tfo"'&.

2. n:pl!ce Bditing of t%e O*ect ode

n o"de" to e!&e t%e t!& of c"o&&:co'piling t%e #S O*ect ?odule, ! ne tec%niCue !&developed. n&te!d of dete"'ining t%e "unti'e dige&t v!lue * !ctu!l e;ecution on t%e t!"get&&te', ! utilit i& u&ed to !n!lDe t%e co'piled o*ect code on t%e *uild &&te' !nd c!lcul!tet%e dige&t. $%i& utilit i& pl!tfo"' (o" o*ect code fo"'!t) &en&itive. #o" BL# *in!"ie& it i& c!lledincore, fo" ?ic"o&oft >indo& msincore, fo" OS M !nd iOS incoremac:o.

5.!.1 inking under 7ni%8inu%

$%e OpenSSL di&t"i*ution cont!in& ! utilit, fipsld, %ic% *ot% pe"fo"'& t%e c%ec of t%e #S

O*ect ?odule !nd gene"!te& t%e ne ?:S:1 dige&t fo" t%e !pplic!tion e;ecut!*le. $%efipsldutilit %!& *een de&igned to !ct !& ! f"ont end fo" t%e !ctu!l co'pil!tion !nd liningope"!tion& in o"de" to e!&e t%e t!& of 'odifing !n e;i&ting &oft!"e p"oect to inco"po"!te t%e#S O*ect ?odule. t c!n *e u&ed to c"e!te eit%e" *in!" e;ecut!*le& o" &%!"ed li*"!"ie&.

$%e fipsld co''!nd "eCui"e& t%!t t%e CC!nd-o" FIPSLD_CCenvi"on'ent v!"i!*le& *e &et,

it% t%e l!tte" t!ing p"ecedence. $%e&e v!"i!*le& !llo ! tpic!l ?!efile to *e u&ed it%out'odific!tion * &pecifing ! co''!nd of t%e fo"'

make CC=fipsld FIPSLD_CC=gcc

%e"e fipsldi& invoed *makein lieu of t%e o"igin!l co'pile" !nd line" (gccin t%i&e;!'ple), !nd in tu"n invoe& t%!t co'pile" %e"e !pp"op"i!te. Gote t%!t CC=fipsldc!n *ep!&&ed to !utoconf configu"e &c"ipt& !& ell.

!ge 56 of 207


57/207


$%i& tpe of co''!nd line '!c"o ove"lo!ding ill o" fo" '!n &'!lle" &oft!"e p"oect&. $%e'!efile c!n !l&o *e 'odified to !c%ieve t%e &!'e '!c"o &u*&titution&.


58/207


: .c

env FIPSLD_CC=$(CC) fipsld $(CFLAGS) -o $@ [email protected] \

$(LIBCRYPTO) ...

L!"ge" &oft!"e p"oect& !"e liel to p"efe" to 'odif onl t%e ?!efile "ule(&) lining t%e!pplic!tion it&elf, le!ving ot%e" ?!efile "ule& int!ct. #o" t%e&e 'o"e co'plic!ted ?!efile& t%eindividu!l "ule& c!n *e 'odified to &u*&titute fipsldfo" u&t t%e "elev!nt co'pil!tion lining&tep&.

$%e fipsldco''!nd i& de&igned to loc!te fipscanister.o!uto'!tic!ll. t ill ve"if t%!t

t%e ?:S:1 dige&t in file fipscanister.o.sha1 '!tc%e& t%e dige&t gene"!ted f"o'fipscanister.o, !nd ill t%en c"e!te t%e file cont!ining t%e o*ect codef"o' fipscanister.o !nd e'*edded it%in t%!t t%e dige&t c!lcul!ted f"o' t%e o*ect code

!nd d!t! in fipscanister.o.

t "unti'e t%e FIPS_mode_set()function co'p!"e& t%e e'*edded ?:S:1 dige&t it%

! dige&t gene"!ted f"o' t%e te;t !nd d!t! !"e!&. $%i& dige&t i& t%e fin!l lin in t%e c%!in of v!lid!tionf"o' t%e o"igin!l &ou"ce to t%e !pplic!tion e;ecut!*le o*ect file.

5.!.2 inking under 6indo9

#o" ! &%!"ed li*"!" !pplic!tion u&t lining it% t%e


59/207


FIPSLIB_Di& t%e p!t% to t%e di"ecto" cont!ining t%e in&t!lled #S 'odule

>%en t%e&e v!"i!*le& !"e &pecified fipslink.plc!n *e c!lled in t%e &!'e ! !& t%e &t!nd!"d

line". t ill !uto'!tic!ll c%ec t%e %!&%e&, lin t%e t!"get, gene"!te t%e t!"get in:co"e %!&%, !ndlin ! &econd ti'e to e'*ed t%e %!&% in t%e t!"get file.

$%e &t!tic li*"!" ?!efilems\nt.makin t%e OpenSSL di&t"i*ution give& !n e;!'ple of t%e

u&!ge of fipslink.pl.

5.4 "ppli+ation Implementation Re+ommendations

$%i& &ection de&c"i*e& !ddition!l &tep& not &t"ictl "eCui"ed fo" #S 140:2 v!lid!tion *ut"eco'

OpenSSL UserGuide 2.0

Documents

Transcript of OpenSSL UserGuide 2.0