openssl 3.x.x support

[iamwum]

Hi, Does the example app provided by libacvp (acvp_app) support openssl 3.x (Fips enabled) version?

[abkarcher]

Hello,

3.X support is underway; it is in the libacvp_1_TBD_throttle branch. Lots of algorithms are done, but I still have some work to go (drbg is in progress, KMAC + DSA next, and some odds and ends.)

I hope to have support completed in the next 2-3 months loosely.

Thanks, Andrew

[iamwum]

Thanks for the update.

[abkarcher]

Hello anyone monitoring this,

Just wanted to provide an update. Algorithm support for 3.X is complete. A release is not yet ready due to pending feature additions, UT additions, general testing, fixes, etc.

If anyone needs to use libacvp for algorithm testing OpenSSL 3.X, you can pull the latest from the libacvp_1_TBD_throttle branch (it will eventually become the libacvp_2_0_0-throttle branch). Please be aware that there may be issues; any bug reports are appreciated.

The build process is similar to prior versions; you just don't need to include a --with-fom-dir. Static linking is also not supported yet (it will not be possible to statically link to the FIPS provider as per openSSL). FIPS is tested by default. Updates to the documentation have only just begun so feel free to reach out here if you need clarification on anything until then.

I have attempted to make the --all_algs registration for 3.X match OpenSSL's algorithm cert; there may be one or two inconsistencies (e.g. RSA keygen indicates B.3.3 on the alg cert, when OpenSSL supports B.3.6). Opening an issue for any other noted inconsistencies would be beneficial as well.

Thanks, Andrew

[JohnsonEnova]

Hi,

I built acvp_app with Visual Studio but there still was the error "Cannot open include file 'openssl/fips.h'. Does OpenSSL 3.x have fips.h ? Isn't it an OpenSSL 2.x file ?

Thanks.

[abkarcher]

I probably should have indicated that we have not yet updated the visual studio files 😅 We should have an update on those pretty soon. My apologies!

Thanks, Andrew

[gm2518]

Hi.. Tried compiling version 1.5.3 (released 2 days ago) as an offline app using FIPS and openssl 3.0.0 on Win x64 using VS 2022. The make_lib.bat compiled smoothly, but make_app.bat throws an error "missing openssl\fips.h".

If the windows version is still a work-in-progress, then I shall await. If the openssl needs to be of some specific patch version, please let me know. (though the openssl source codes do not have this file in any 3.0.x patch releases).

Thanks, Gautam

[abkarcher]

Hello, 1.5.3 does not contain support for OpenSSL 3.X. To do any testing with OpenSSL 3.X, you must use the still-in-progress libacvp_1_TBD_throttle branch (This will eventually be Libacvp 2.0.0). However, we have not yet gotten around to updating the Windows build files there; it is on the backlog.

Thanks, Andrew

[iamwum]

@abkarcher I'm trying to run acvp app with openssl 3.0 FIPS mode in the libacvp_1_TBD_throttle branch I'm getting curl login issue,

[ACVP]: Logging in... [ACVP][ERROR]: Curl failed with code 58 (Problem with the local SSL certificate) [ACVP][ERROR]: Received no response from server. [ACVP][ERROR]: Login Send Failed [ACVP][ERROR]: Failed to login with ACVP server

The same parameters/curl login works well in main branch of libacvp. Any suggestions?

Thanks

[abkarcher]

Hi,

I have found that I have to explicitly activate the default provider in the openSSL config (on top of the FIPS provider) for Curl to function properly. If not that, maybe playing with other aspects of the config file can yield results (or at least more info).

Thanks, Andrew

[iamwum]

@abkarcher Thanks for the update, I added default provider in the openSSL config and login is successful now. I'm trying to run acvp for all the available algorithms in acvp_app with openSSL 3.x as the DUT. I will update on the result of all available algorithms.

openssl.cnf ....... ....... [provider_sect] default = default_sect fips = fips_sect base = base_sect

[default_sect] activate = 1

[iamwum]

@abkarcher I'm facing an issue in kda algorithm with acvp_app with openSSL 3.x as DUT, any suggestions?

[ACVP]: Algorithm: KDA [ACVP]: Mode: HKDF Failure deriving key material in KDA-HKDF [ACVP][ERROR]: crypto module failed the operation [ACVP][ERROR]: Unable to process vector set! Error: 12 [ACVP][ERROR]: Failed to process vectors

[abkarcher]

Hi,

Please see this issue: https://github.com/openssl/openssl/issues/19909

The fix has since been merged into OpenSSL, but I do not think it has yet been released. All should work if you test with the latest (unreleased) OpenSSL code. I am unsure if this fix resides inside the FIPS boundary or not off the top of my head.

Thanks, Andrew

[iamwum]

@abkarcher Thanks for the information.

[abkarcher]

Hello all,

Sometime this week the libacvp_1_TBD_throttle branch will be replaced with "libacvp_2_0_0-throttle". I will leave libacvp_1_TBD_throttle on the repo for the near term, but future work will go into the 2_0_0 branch leading up to a 2.0 release.

Thanks, Andrew

[RandallSteck]

Regarding the RSA KeyGen issue -- I think this is something that needs to be addressed by the OMC or OTC.

The original 140-2 module (#1747) was written to meet the FIPS 186-2 standard, which only had one KeyGen method specified. The standard updated to FIPS 186-4 (now -5), which specified the now familiar B.3.x methods. By my understanding, B.3.6 is effectively what was specified in 186-2.

The OMC/OTC never addressed this in the 2.0.x FIPS module, but others did, such as Oracle and RedHat. In both of those cases, they completed their validations with B.3.3 testing.

With OSSL3, all of the 3.0.0, 3.0.8, and 3.1 algorithm testing was passed with B.3.3, so I don't believe that's a mistake. I believe it is an ambiguous situation which could (and should) be resolved by OMC/OTC.

The curious part is that I can get passing results with both B.3.3 or B.3.6. So does it actually do both, depending on code path?

[abkarcher]

B.3.3 testing seemed less strict than B.3.6 testing, off the top of my head. I was able to pass B.3.3 testing during development, but I wasn't really doing key generation, just using misc APIs. I haven't given it a go with the current harness. I am a little uneducated on the specifics of which method is best used with what FIPS standards, but the OpenSSL documentation was very specific in that it conformed to B.3.6. I have asked them about the issue previously (twice) and they indicated they thought it might be an error on the cert, but since the latest 3.0.8 and 3.1 alg certs persist with B.3.3, maybe I am missing something.

Whether its a problem with the alg cert, with the implementation, or with the documentation, it would definitely be good to get an official course of action. I may ping them on one of the old issues again.

[abkarcher]

Hi all, libacvp 2.0.0 has launched. If anyone experiences issues with this release or testing OpenSSL 3.0, please open an issue. I will be looking into any changes needed for the registration for OpenSSL 3.1 when I get a chance; testing should work but I have not yet looked into any algorithm certificate differences.

I'll go ahead and close this now, but feel free to open issues with any other questions, etc.

Thanks! Andrew