Best determining if a FIPS 140* compatible provider has been loaded in 3.0+?

[ngie-eign]

Hi there!

I was wondering what the best way of determining whether or not a FIPS 140-* compatible provider has been loaded in OpenSSL 3+ is.

The proposed method that my team is looking at using is roughly as follows:

algorithm = EVP_MD_fetch(NULL, "sha256", "fips=yes");
fips_enabled = algorithm == NULL ? true : false;

I don't know if this is honestly the proper way to confirm that a FIPS 140* provider has been loaded. It doesn't seem to work out of the box if I use this API without calling some of the explicit OSSL_PROVIDER_load family of APIs (or init functions that do similar).

Can someone please help me understand what the correct way of determining this, outside of the OSSL_PROVIDER* family of APIs? I'm trying to find a method that would work with FIPS 140* compatible providers, which might not be provided by OpenSSL's fips.so module.

Would using a "banned" algorithm, like MD5, while also omitting "fips=yes" in the properties parameter be the answer, by chance, e.g.,

ctx = EVP_MD_CTX_new();
fips_enabled = EVP_DigestInit_ex(ctx, EVP_md5(), NULL) == 1 ? false : true;
EVP_MD_CTX_free(ctx);

Thanks so much!

PS We tried using EVP_default_properties_is_fips_enabled(), but that's checking to make sure that the "fips=yes" property was set in the config file or programmatically as opposed to confirming that a FIPS 140* compatible provider is usable, right? If so, what is the benefit of using these APIs, in lieu of just using other EVP* APIs? In 1.0.2, FIPS_mode() provided a cut and dry way of determining whether or not FIPS 140* compatible algorithms were usable. I'm trying to find a way to determine whether or not FIPS 140* is allowed, similar to 1.0.2's FIPS_mode() API.

[paulidale]

OSSL_PROVIDER_available() does what you want.

[ngie-eign]

@paulidale : this assumes that the provider that we're working with is always known as "fips". Is there an another way to determine whether or not FIPS 140* algorithms are allowed, without using a FIPS 140* banned algorithm, like MD5 (example shown above), or is using an algorithm like MD5 the proper way to handle this?

More discussion

OSSL_PROVIDER_available(..) requires the FIPS 140* provider to already be loaded, else the response from the API could mislead the end user.

There are other potential reasons/concerns with the OSSL_PROVIDER_available(..) approach, but I don't want to rabbit hole too much with those concerns.

[paulidale]

Any provider, FIPS validated or not, can add a property fips=yes to an algorithm. Checking this is an indication but not a guarantee that the supplied algorithms really have been through validation.

[slontis]

Multiple providers can be loaded, so your algorithms could be fetched from any of these providers.. (Which is why FIPS_mode() was removed, since it makes no sense anymore). The best you can do is load the fips provider, make sure it is loaded (available) and then fetch using fips=yes.