I have open OpenSSL provided binaries from the third party (libeay32.dll and ssleay32.dll). I need to check and verify if those provided run time libraries are using cryptographic algorithms adhering to FIPS 140-2. Is there any way to check this?
Asked
Active
Viewed 3,185 times
3
jww
- 97,681
- 90
- 411
- 885
Sanjay Phanshikar
- 143
- 1
- 11
1 Answers
2
Is there any way to check this?
Yes, there are a number of ways. The easiest is to run openssl version from the command line. If its FIPS validated cryptography, then it will say something like:
> openssl version
Version: OpenSSL 1.0.1f-fips 6 Jan 2014
A related question for doing so on Linux is at How to check FIPS 140-2 support in OpenSSL?. Windows is sufficiently different, so this question should remain open.
Though the former question is Linux, you can do the same on Windows using dumpbin, find and strings. Be sure to have a Developer Prompt open (and not a regular command prompt) to ensure tools like dumpbin are on path.
Here are some of the things you can check (from the slide deck discussed below):
- Expected user space symbols are present
- FIPS_mode_set(), FIPS_module_mode_set(), FIPS_mode(), FIPS_module_mode()
- Expected internal symbols are present
- FIPS_text_start(), FIPS_text_end(), FIPS_rodata_start[], FIPS_rodata_end[], FIPS_signature[20];
- FIPS_set_mode(1) is called and does not fail
- ERR_get_error returns 0x0f06d065
- CRYPTO_R_FIPS_MODE_NOT_SUPPORTED returned FTW!
- Using strings
- “FIPS 2.0 validated module 14 Mar 2012”
- “FIPS 2.0.1 validated test module 12 Jun 2012”
- etc
- Known Answer Tests
- Binary string data in RO section of executable
- Check the *.c files for static values
- Various subdirectories: aes, cmac, des, …, ecdsa, dsa, …
- Selftest files: aes_selftest.c, dsa_selftes.c, …
Here's an example of the binary string that will be present from fips/rand/fips_drbg_selftest.h:
0x2e,0xbf,0x98,0xf9,0x85,0x27,0x8b,0xff,
0x36,0xb9,0x40,0x0b,0xc0,0xa1,0xa0,0x13,
0x20,0x06,0xcc,0xe6,0x2a,0x03,0x77,0x7d,
0xee,0xde,0xcc,0x34,0xe3,0xcd,0x77,0xea,
0xd0,0x3e,0xbe,0xdd,0xf6,0x15,0xfb,0xa7,
0xd7,0x8e,0xd0,0x2e,0x2f,0x82,0x4c,0xc7,
0x87,0xb1,0x6f,0xc5,0xf8,0x5c,0x78,0xde,
0x77,0x9b,0x15,0x9a,0xb9,0x3c,0x38,0x38
I also uploaded a slide deck I have on the subject to the OpenSSL wiki. Its called Building Applications using OpenSSL Validated Cryptography: Notes from the Field for Developers and Auditors. You will want to review the material starting around Slide 18.
I built the slide deck for OWASP but there's was no interest in receiving it. I know Stack Overflow frowns upon links like the one on the OpenSSL wiki, but I don't know how to provide a 35+ slide deck here.
-
Thanks a lot JWW. I used 'dumpbin /ALL libeay32.dll' to get the information about the libeay32.dll. As per you suggested, I checked for the user space symbols and internal symbols. But I could only find the user space symbols and not all the internal symbols in it. Also the strings mentioned are absent from the ssl runtime libeay32.dll. – Sanjay Phanshikar Apr 04 '16 at 17:46
-
7E1EFCE0: 66 69 70 73 20 6D 6F 64 65 20 61 6C 72 65 61 64 fips mode alread 7E1EFCF0: 79 20 73 65 74 00 00 00 66 69 6E 67 65 72 70 72 y set...fingerpr7E1EFD00: 69 6E 74 20 64 6F 65 73 20 6E 6F 74 20 6D 61 74 int does not mat 7E1EFD10: 63 68 20 73 65 67 6D 65 6E 74 20 61 6C 69 61 73 ch segment alias 7E1EFD20: 69 6E 67 00 66 69 6E 67 65 72 70 72 69 6E 74 20 ing.fingerprint – Sanjay Phanshikar Apr 04 '16 at 17:57
-
so partially validated. Does that mean the ssl runtime are using required cryptography ? – Sanjay Phanshikar Apr 04 '16 at 17:58
-
@SanjayPhanshikar - the validated cryptography is provided by `libcrypto` (I'm not sure what is is called on Windows). `libssl` uses `libcrypto`, so it only depends on `libcrypto` (again, I'm not sure what is is called on Windows). There is some hand waiving because some SSL functionality is affected by FIPS. But it really reduces to `libcrypto`. – jww Apr 04 '16 at 18:14