Thanks, Steve, for a quick response.
>FIPS_selftest() is called from FIPS_mode_set() (which is actually a
> wrapper in the "FIPS capable" OpenSSL for FIPS_module_mode_set() which
> calls FIPS_selftest()).
I am well aware of this. It is all there in the source code, thank god for
open source and
OpenSSL. :-)
> So FIPS_mode_set() cannot succeed if FIPS_selftest() fails, for static
> or dynamic linking.
No this is not the case on the windows platform.
Tested on a Windows 7 machine using Visual Studio 2010 with OpenSSL.1.0.1.c
and OpenSSL-Fips-2.0.
The FIPS_mode_set() succeeds but FIPS_selftest() fails. The FIPS_mode_set
method should not succeed as you have stated above if FIPS_selftest fails.
FIPS_selftest
clearly works when it is called in the call chain starting
with FIPS_mode_set, but not otherwise. I think this
has to do with how Windows handles loading and mapping of DLL:s.
I recommend trying this, if you do not believe me.
Here is a minimalistic test program that displays this anomaly. Dynamic
linked. It could easily be modified to show
OpenSSL error msgs. But I try to keep it short.
#include <stdio.h>
#include <openssl/hmac.h>
#define FIPS_MODE_LEVEL 1
extern int FIPS_selftest(void);
int main(int argc, char** argv)
{
if (FIPS_mode_set(FIPS_MODE_LEVEL)) {
printf("FIPS mode set\n");
} else {
printf("FIPS mode FAILURE\n");
exit(1);
}
if (FIPS_MODE_LEVEL == FIPS_mode()) {
printf("FIPS mode ok\n");
} else {
printf("FIPS mode NOT ok\n");
}
if (FIPS_selftest()) {
printf("FIPS selftest ok\n");
} else {
printf("FIPS selftest FAILED!\n");
}
return 0;
}
If we make some modifications to crypto.h and o_fips.c and export for
instance FIPS_selftest.
We can make calling of FIPS_selftest work appropriate.
As an example we export a function called FIPS_selftest_2 which calls
FIPS_selftest.
Add to crypto.h
int FIPS_selftest_2(void);
Add to o_fips.c
int FIPS_selftest_2(void)
{
int ret = 0;
ret = FIPS_selftest();
return ret;
}
Add to libeay.def
FIPS_selftest_2 @xxxx
where xxxx is an appropriate number.
Now we can modify our test program so that it will call FIPS_selftest_2
which
will succeed.
#include <stdio.h>
#include <openssl/hmac.h>
#define FIPS_MODE_LEVEL 1
int main(int argc, char** argv)
{
if (FIPS_mode_set(FIPS_MODE_LEVEL)) {
printf("FIPS mode set\n");
} else {
printf("FIPS mode FAILURE\n");
exit(1);
}
if (FIPS_MODE_LEVEL == FIPS_mode()) {
printf("FIPS mode ok\n");
} else {
printf("FIPS mode NOT ok\n");
}
if (FIPS_selftest_2()) {
printf("FIPS selftest ok\n");
} else {
printf("FIPS selftest FAILED!\n");
}
return 0;
}
> BTW note that FIPS_selftest() has no practical value; it was defined as
> an external function call only because such a function is mandated by
> FIPS 140-2. I can't think of any real-world circumstance in which
> calling that function would make sense.
I think if this function is mandated by FIPS 140-2 it should be possible to
call
it, regardless of platform and if the program is static or dynamically
linked.
Once again thank you for your quick response.
Rickard Binnare
2013/2/19 Steve Marquess <marqu...@opensslfoundation.com>
> On 02/19/2013 01:25 PM, Rickard Binnare wrote:
> > Hi!
> >
> > Regarding the FIPS_selftest method. I am a little bit confused regarding
> > this method, according to the documentation UserGuide-2.0.pdf section
> > 2.6.1 it should be possible to call this method. The UserGuide clearly
> > states “/A power-up self-test is performed automatically by the
> > FIPS_mode_set() call, or optionally at any time by the FIPS_selftest()”/
> >
> > However linking dynamically to libeay on Windows FIPS_selftest will
> > always fail. I can see how it would be possible to run this method if
> > static linking were utilized.
> >
> > This could easily be fixed, so is this by design or am I missing
> something?
> >
> > Should FIPS_selftest not be called when using dynamic linking? Is the
> > UserGuide wrong?
>
> FIPS_selftest() is called from FIPS_mode_set() (which is actually a
> wrapper in the "FIPS capable" OpenSSL for FIPS_module_mode_set() which
> calls FIPS_selftest()).
>
> So FIPS_mode_set() cannot succeed if FIPS_selftest() fails, for static
> or dynamic linking.
>
> BTW note that FIPS_selftest() has no practical value; it was defined as
> an external function call only because such a function is mandated by
> FIPS 140-2. I can't think of any real-world circumstance in which
> calling that function would make sense.
>
> -Steve M.
>
> --
> Steve Marquess
> OpenSSL Software Foundation, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD 21710
> USA
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marqu...@opensslfoundation.com
> marqu...@openssl.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
