Overview
-----------------
FIPS 140-2 is a U.S. Government computer security standard to accredit
cryptographic modules. The certification process validates and certifies the
crypto within the module or used by the module.
Canonical is pursuing FIPS 140-2 certification for several modules in
16.04, openssl, kernel crypto, strongswan and openssh server and client.
Each module will require some additions and/or modifications to meet the
FIPS 140-2 standard. From what I understand, we will certify on an
update to 16.04. However, I was informed it would be a good idea to
begin getting some of the changes into 16.04 now. Thus this openssl
freeze exception.
Some general FIPS 140-2 requirements are
1. Selftests
Each fips-approved crypto algorithm tests against a known test vector to
verify its correctness.
2. Integrity check
Verify that hmac-sha of the running library is the same as the hmac-sha of
the shipped and nstalled binary.
The selftests and integrity check are done upon startup and initialization of
the module and once passed, the module runs in fips mode, meaning only
fips-approved crypto algorithms that have been certified are to be accessed.
However, applications can link to the library and choose to use the
non-approved algorithms. When they do so, they cannot claim to conform to fips.
(I refer to openssl as the module here.)
Implementation specifics
-----------------------------------
For openssl to run in fips mode, several things must occur successfully.
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass
openssl does not run in fips mode unless all 3 things are successfully
accomplished.
A linking application can also call FIPS_mode_set(), to enable fips_mode. If
openssl is not already in fips mode,
FIPS_mode_set will run selftests and integrity check and they must both pass in
order for fips mode to be enabled.
Patchset background
-------------------------------
Both Red Hat and Suse have already acquired FIPS 140-2 certification for some
of the same modules we are wanting to certify.
The openssl community has also pursued and achieved fips 140-2 certification.
https://www.openssl.org/docs/fips.html
However, the openssl community created an entirely separate openssl fips module
to achieve this. Upon investigation and consultations, Canonical has decided
to pursue fips 140-2 certification of openssl in a manner more similar to
redhat and suse which requires making changes to the regular openssl rather
than including a separate openssl fips module.
Redhat and Suse appear to have used the same fips patchset for openssl,
with some minor differences between the two. The code in debdiff
attached to this bug is based upon Red Hat and Suse's fips patches found
in the opensuse and fedora openssl source, with some minor changes to
accommodate updates to the fips standards and some code improvements.
The openssl community's openssl fips module had a few updated self-
tests, so I included these where appropriate.
The fips patchsets will not be included into the upstream openssl nor
the upstream debian. They are to be maintained by Canonical and used to
achieve FIPS 140-2 certification for Ubuntu.
Brief overview of the patchset
--------------------------------------------
The openssl changes and additions in this bug are the following.
1. Include the selftests. The selftests are run upon startup and initialization
of openssl. These run successfully.
2. Partially completed integrity check. This patch includes the code to
perform the integrity check. But it does not include the hmac-sha of
libcrypto and libssl to verify against. Thus the integrity check will
fail and openssl won't run in fips-mode. Linking applications can access
the same crypto they always have and run as they always have.
3. Defines OPENSSL_FIPS , which introduces additional code that had previously
been undefined. Some of the code within this define was no longer needed or
needed updating to comply with recent fips specs. Those changes were done where
appropriate. Also most of the crypto code changes within this define requires
openssl to be running in fips mode to be executed. i.e. if (FIPS_mode) then do
something OR if (FIPS_selftest_failed) return error;
When not in fips mode, 0 is returned by these routines, and nothing happens.
4. This patchset does not enable openssl to run in fips mode. Runtime behaviour
should not change, other than the selftest and integrity check are run upon
initialization and startup.
- The Ubuntu kernel does not yet create the /proc/sys/crypto/fips_enabled
file and put a 1 in it.
This check will fail and openssl will run in "non-fips" mode, in other
words run as it normally does.
- The integrity check will never pass since we do not ship the hmac-sha of
the installed binary to verify against.
So, any linking applications that call FIPS_mode_set(), this call will
fail and not enable fips mode.
Testing
-----------
The tests in openssl/test directory were run when the test package compiled.
Successfully installed the package on a VM and ran following tests provided by
security team in lp:qa-regression-testing.
test-openssl.py
test-apache2.py
test-apache2-mpm-prefork.py
test-wget.py
test-ca-certficates.py
Unfortunately, I am not aware of any other interoperabilty testcases
that I can run other than integrating into the system and using. The
alternative is defer this until the 16.04 update that we actually
certify openssl and the other modules in.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1553309
Title:
[FFe]: Include FIPS 140-2 into openssl package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
