FIPS 140-2 CERTIFIED OPENSSL FOR AIX ON POWER
OpenSSL FIPS object module is a cryptographic module that is designed to meet the
requirements for FIPS 140-2 validation by CMVP and is compatible with OpenSSL
libraries. The 2.0.13 FIPS object module version has been FIPS validated and certified by
CMVP for multiple AIX versions on Power 7 and Power 8 platforms under certificate
#2398.
IBM has released a FIPS capable OpenSSL (Fileset VRMF: 20.13.102.1000), which is
OpenSSL 1.0.2j version with 2.0.13 object module. The fileset is available in web download
pack.
The details of the FIPS 140-2 validation and certification for AIX on Power 7 and Power 8
platforms can be found in CMVP validation link (see snapshot below):
A. CERTIFICATION DETAILS
1. OpenSSL FIPS 140-2 VALIDATION FOR AIX on POWER 7:
OpenSSL FIPS 2.0.13 object module has been validated and certified for AIX 6.1, 7.1 and
7.2 on Power 7 by CMVP (see table below for details) under certificate #2398.
POWER
HARDWARE
AIX
LEVEL
MODE
PROCESSOR ALGORITHM
ACCELERATION
POWER 7
6.1
32-bit
NA
POWER 7
6.1
64-bit
NA
POWER 7
7.1
32-bit
NA
POWER 7
7.1
64-bit
NA
POWER 7
7.2
32-bit
NA
POWER 7
7.2
64-bit
NA
Table 1: OpenSSL FIPS Certification for AIX on Power 7
Since no processor algorithm acceleration is available on Power 7 platform, the software
implementation of cryptographic algorithms within FIPS object module has been FIPS 1402 certified.
2. OpenSSL FIPS 140-2 CERTIFICATION FOR AIX on POWER 8:
Power 8 has in-core crypto accelerator which improves the timing performance when any of
the specific supported cryptographic algorithms is used, such as AES CBC, ECB, GCM,
XTS and GHASH.
OpenSSL 1.0.2 version as well as OpenSSL 2.0.13 object module contain the instructions to
exploit the in-core crypto accelerator on Power8. Hence, performance improvement will be
seen on a Power 8 machine irrespective of executing in FIPS mode or not (refer to section 3
below for more details on FIPS mode)
OpenSSL FIPS 2.0.13 object module has been validated and certified for AIX 7.1 and 7.2 on
Power 8 by CMVP (see table below for details) under certificate #2398
POWER
HARDWARE
AIX
LEVEL
MODE
PROCESSOR ALGORITHM
ACCELERATION
(With Power8 In-core Crypto Accelerator)
POWER 8
7.1
32-bit
NO
POWER 8
7.1
32-bit
YES
POWER 8
7.1
64-bit
NO
POWER 8
7.1
64-bit
YES
POWER 8
7.2
32-bit
NO
POWER 8
7.2
32-bit
YES
POWER 8
7.2
64-bit
NO
POWER 8
7.2
64-bit
YES
Table 2: OpenSSL FIPS Certification for AIX on Power 8
3. FIPS MODE:
3.1 What is FIPS Mode?
In FIPS Mode, applications are allowed to only use FIPS compliant algorithms. So, usage of
non-FIPS compliant algorithms (which includes SSL2, SSL3 protocol, RC4, MD5
algorithms among others) is disabled in FIPS Mode.
Once application has done the required modification to enable FIPS mode (Refer to section
3.4) along with using FIPS capable OpenSSL version 20.13.102.1000, then the entire
application stack is considered to be executing in FIPS Mode.
3.2 How FIPS Mode is different from Non-FIPS Mode ?
Though non-FIPS compliant algorithms are weak and disabled in FIPS mode, these
algorithms is currently widely deployed and used in many legacy servers. So, additional
measures need to be taken by application in case of connecting to such servers.
If FIPS capable OpenSSL version 20.13.102.1000 is installed and applications have not
done the modifications to enable FIPS mode, then it is considered to be executing in NonFIPS mode.
3.3 Is application enabled for FIPS Mode by default ?
Even if the FIPS Capable OpenSSL version 20.13.102.1000 is installed on the system,
applications can still use non-FIPS compliant algorithms. To make sure applications only
make use of FIPS-compliant algorithms, applications have to be modified to invoke
OpenSSL FIPS related APIs to enable FIPS Mode. Refer to section 3.4 on how to enable
FIPS Mode in application
Only installing FIPS Capable Openssl version will not disable weaker algorithms.
3.4 How applications can enable FIPS Mode?
A. For OpenSSL command lines
FIPS mode can be enabled by setting environment variable OPENSSL_FIPS to 1.
Example:
# cat test
1234
# export OPENSSL_FIPS=1
# openssl dgst -md5 test
Error setting digest dgst
804401144:error:060A80A3:digital envelope
routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:
#
B. For applications using OpenSSL libraries
APIs are provided like FIPS_mode_set to enable FIPS mode. Applications can either make
a 'direct call' to FIPS_mode_set function or a 'indirect call' through OPENSSL_config
function to take the settings from a configuration file. Refer to the Example 5.2b in 2.0
User Guide on the format for the configuration file.
After making relevant code changes to enable FIPS mode, applications can either statically
link with FIPS object module (fipscanister.o) or dynamically link to FIPS capable OpenSSL
libcrypto.a. Refer to section 5.3.1 in 2.0 User Guide (or) Section IV of 20.13.102.1000
Readme for the Makefile modifications required to statically link FIPS object module.
Along with this, applications should avoid any usage of Low Level APIs provided in
OpenSSL like MD5, RC4 and should be using EVP layer API calls instead.
4. General Definitions:
FIPS (Federal Information Processing Standards) is a standard within NIST that defines the
basic requirements for cryptographic functions that provides a high degree of security ( a
few examples are the encryption, hashing, and random number generation algorithms to be
used ). This standard provides four increasing levels of security named Level 1 - Level 4.
NIST (National Institute of Standards for Technology) is a unit of U.S Commerce
Department which provides standards, guidelines and various other publications to assist US
federal agencies to protect its information.
CMVP (Cryptographic Module Validation Program) is a US Govt. agency that is
established by NIST to validate the cryptographic modules to Federal Information
Processing Standards 140-1/140-2 Security Requirements.
CAVP (Cryptographic Algorithm Validation Program) is another US Govt. agency that
provides the guidelines for testing of FIPS approved cryptographic algorithms and it is a
prerequisite for CMVP
As of today (November 2016), Products must comply with FIPS 140-2 standard if they are
to be used by US Federal agencies in a security system that processes sensitive but
unclassified information.
5. Certification Process by CMVP:
1. Execute FIPS related test suite
2. Test by accredited testing Lab
3.CAVP To provide algorithms verification result
4. Test results and Change Letter submitted to CMVP by OVS
5. If accepted, CMVP provides FIPS certification for platform
Updates Security Policy document
More details is as mentioned below:
1. Initially, the FIPS related test suite will be executed on IBM Power platforms with
AIX to ensure that there is no deviation in the regular compilation process as
recommended under 2.0 User Guide
2. This is followed with testing by an accredited testing laboratory
3. Later, CAVP will provide the algorithms verification results for IBM platforms
4. These results along with a change letter to include the IBM Platforms under
certification #2398 will be submitted to CMVP by OpenSSL Validation Services
(OVS, Earlier known as OpenSSL Software Foundation (OSF)).
5. Once accepted, the security policy document will be updated to include the IBM
platforms and the FIPS object module will be released by OVS.
6. Reference:
1.
2.
3.
4.
5.
6.
7.
8.
9.
FIPS: https://en.wikipedia.org/wiki/FIPS_140-2
NIST: https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
CMVP: http://csrc.nist.gov/groups/STM/cmvp/
CAVP: http://csrc.nist.gov/groups/STM/cavp/
OpenSSL Validation Services: https://www.openssl.org/community/contacts.html
FIPS 2.0.13 object module source code: https://www.openssl.org/source/old/fips/
FIPS object module User Guide: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
Certification: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398
OpenSSL FIPS Security Policy Document:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2398.pdf
10. OpenSSL fileset download : https://www01.ibm.com/marketing/iwm/iwm/web/reg/download.do?
source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8&dlmethod=http
11. http://www.ibm.com/developerworks/library/se-power8-in-core-cryptography/index.html