File README-FIPS.txt of Package openssl-1_0_0.21013
README-FIPS.txt - Roman Drahtmueller <draht@suse.de>, June 16 2012
NOTE: Finished the adjustment of DSO path and correct the version
information for SLE 12. Still need to review about AES-NI optimization.
Shawn Chang <shchang@suse.com>, Dec 7 2013.
NOTE: Outdated currently for openSUSE Factory / SLE 12, needs review
and adjustments. But basic settings still are the same.
Marcus Meissner <meissner@suse.de>, 2013/Dec/03.
* general information
* FIPS-140-2 mode of operation
* overview: openssl subpackages on SLES12
==============================================================================
* general information
==============================================================================
Dear user of the SUSE Linux Enterprise Server,
SLES12 comes with openssl of version 1.0.1e, a version upgrade from
0.9.8j that came with earlier revisions of SLES11-SP3.
The new version has support for FIPS-140-2 mode of operation.
FIPS is short for Federal Information Processing Standard.
For more information on FIPS-140-2, please see
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
and more publications on the NIST website.
The openssl shared libraries are used by numerous packages in the
SUSE Linux Enterprise Server. If the library runs in FIPS-140-2 mode,
then the binary that links against the library at runtime makes use
of FIPS-140-2 validated cryptography as defined in its cryptographic
module. By consequence, a large number of packages can make a claim
about using FIPS-140-2 validated cryptographical functions.
Both the 64bit and the 32bit shared libraries are supported in FIPS-140-2
mode of operation.
Both in 64bit and in 32bit mode, the AES-NI assembler optimizations are
supported and used, if the used CPU supports the AES-NI instructions. These
assembler optimizations can deliver a substantial performance benefit.
To check if your system's CPU(s) has (have) AES-NI support, have a look
into the Linux kernel's /proc file /proc/cpuinfo - search it for the "aes"
flag.
AES-NI support can be disabled by setting the environment variable
OPENSSL_DISABLE_AESNI before running binaries that link against openssl.
The "openssl speed" command can give you an idea for the performance
differences.
The cryptographic module as defined for FIPS-140-2 is contained in the files
/lib64/.libcrypto.so.1.0.0.hmac
/lib64/.libssl.so.1.0.0.hmac
/lib64/libcrypto.so.1.0.0
/lib64/libssl.so.1.0.0
for 64bit operation and
/lib/.libcrypto.so.1.0.0.hmac
/lib/.libssl.so.1.0.0.hmac
/lib/libcrypto.so.1.0.0
/lib/libssl.so.1.0.0
for 32bit.
The .hmac files contain a HMAC for the internal integrity checking. They
are contained in the package libopenssl1_0_0-hmac, seperate from the
libopenssl1_0_0 package. These hashes are produced as one of the last steps
during the RPM build process.
If the library starts up in FIPS mode, the .hmac files are read, and the
checksum is verified against a new self-measurement of the library.
Essentially, this means that the FIPS mode of operation is not possible
without the .hmac files from the corresponding -hmac package installed.
If the library starts up in non-FIPS mode, it checks if the .hmac files
exist, and if so, it runs through the self-tests as if it operates in FIPS
mode. This self-test in non-FIPS mode is formally mandatory and comes with
a heavy CPU footprint. You can avoid this overhead by un-installing the
libopenssl1_0_0-hmac package (with the consequence that FIPS mode of
operation becomes unavailable).
The openssl library operates in non-FIPS mode by default.
* FIPS-140-2 mode of operation
==============================================================================
The openssl library operates in non-FIPS mode by default.
As noted above (* general information), the .hmac files for the integrity
self-check of the openssl library are contained in their own package.
Unfortunately, the self-test is mandatory even if the library runs in
non-FIPS mode, causing a significant CPU consumption during openssl's
initialization. You can avoid this overhead by de-installing the -hmac
package if you do not need FIPS mode of operation.
If you DO need to run binaries that are linked against the openssl
cryptographic library that runs in FIPS mode, you MUST have the
libopenssl1_0_0-hmac package installed.
!!! If you enable FIPS mode of operation with the methods below, you MUST
!!! have the libopenssl1_0_0-hmac package installed. Programs that runtime-link
!!! against openssl will abort if the FIPS self-tests (including the
!!! integrity check with the .hmac hashes) fail!
There are three ways to switch the shared libraries listed above to
FIPS-140-2 compliant mode:
1) Start your system with the kernel commandline option "fips=1". To
change the configuration for your system on a permanent basis, please
add the command line option to the corresponding line in the bootloader
configuration, typically /boot/grub/menu.lst .
You can check if the kernel has accepted the commandline option at boot
by inspecting the content of the file /proc/sys/crypto/fips_enabled .
Please note that the fips=1 kernel commandline option switches
the kernel's crypto API to FIPS mode operation, too. As a consequence,
some of the in-kernel cryptographical functions may become unavailable.
As of the writing of this README-FIPS.txt, the kernel's crypto API in
the SUSE Linux Enterprise Server was NOT FIPS-140-2 validated!
2) set the environment variable OPENSSL_FORCE_FIPS_MODE to "1":
export OPENSSL_FORCE_FIPS_MODE=1
and run your application with this environment variable set.
The FIPS-140-2 mode of operation is only given in the context of
processes that have OPENSSL_FORCE_FIPS_MODE set, unless the global
switch as in 1) above is active.
3) In your program, use the exported function
int FIPS_mode_set(int onoff);
to turn on FIPS-140-2 compliant mode. The library will conduct the
mandatory self-tests and the integrity check that makes use of the
.hmac files mentioned above.
The function
int FIPS_mode(void);
can be used to check if the library operates in FIPS-140-2 compliant
mode. It returns 1 in FIPS mode, 0 otherwise.
Notes:
- An easy way to verify if your openssl cryptography subsystem operates
in FIPS-140-2 compliant mode is to look at the output of the
openssl ciphers
command. In FIPS-140-2 compliant mode, the output lists fewer
algorythms.
- The startup time of programs that initialize the openssl shared libraries
in FIPS-140-2 compliant mode is considerably longer due to the self-tests
that are being executed. On fast systems, the startup overhead can be in the
range of 0.05-0.3s. The startup time is two orders of a magnitude smaller
in non-FIPS mode.
Please note that the self-test overhead only occurs during the
initialization of the cryptographic module. There is no other
performance impact of FIPS-140-2 compliant operation of the library.
- The environment variable OPENSSL_FIPS can be set to force the
/usr/bin/openssl binary to operate in FIPS-140-2 compliant mode:
OPENSSL_FIPS=1 openssl ciphers
The variable OPENSSL_FIPS has an effect on the openssl binary only.
- Services and daemons that make use of the openssl shared libraries in
FIPS-140-2 compliant mode need to be configured to use algorythms
from the list of permissable algorythms. If an algorythm is requested
by an application that is not allowed in FIPS-140-2 compliant mode,
the application will terminate (abort(3)).
Please see the FIPS-140-2 Security Policy document for the openssl
FIPS module on the SUSE Linux Enterprise Server 11 SP1 from the
SUSE website at http://www.suse.com/ or the NIST website at
http://csrc.nist.gov/ for more details.
- If you have any questions about the FIPS-140-2 compliant mode of openssl,
please send email to security@suse.com.
* overview: openssl subpackages on SLES12
==============================================================================
The openssl package consists of the following RPM package:
openssl
- manual pages
- the /etc/ssl configuration directory
- the /usr/bin/openssl program
- /usr/bin/fips_standalone_hmac, the program used to reproduce
the integrity HMAC that is contained in the package:
libopenssl1_0_0
- files:
/lib64/libcrypto.so.1.0.0
/lib64/libssl.so.1.0.0
/lib64/engines
/lib64/engines/libcapi.so
/lib64/engines/libgmp.so
/lib64/engines/libgost.so
/lib64/engines/libpadlock.so
libopenssl1_0_0-hmac
- files:
/lib64/.libcrypto.so.1.0.0.hmac
/lib64/.libssl.so.1.0.0.hmac
libopenssl1_0_0-32bit
- files as in package libopenssl1_0_0, but in /lib/.
The .so libraries are for the 32bit compatibility mode of the
openssl library.
libopenssl1_0_0-hmac-32bit
- files as in package libopenssl1_0_0-hmac, but in /lib/.
libopenssl-devel
- header files and static libraries for compiling applications with the
openssl library. Please note that running binaries that are statically
linked against openssl libraries is not supported in terms of FIPS-140-2
compliance.
openssl-doc
- more documentation and manual pages.
openssl-debuginfo
openssl-debugsource
- packages that provide debugging symbols and debugging source code for
running binaries (dynamically) linked against libopenssl1_0_0 in a
debugger.
openssl-certs
- CA certificate collection in /etc/ssl/certs
The openssl-certs package is not a subpackage of the openssl package,
but it merely provides CA certificates where the openssl package
finds them.