OpenSSL 3.0.0 security concerns using dynamic providers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetings,

                   We are currently investigating the usage of OpenSSL 3.0.0 on our side, especially for FIPS usage, but it seems that for OpenSSL 3.0.0 the providers, especially the FIPS provider, will be loaded dynamically, my main worry is that this will easily permit some kind of attacks on the cryptographic layer, for example:

 

1. Replacing the provider by a tampered provider by replacing the shared/dynamic library. This can partially be protected by the caller verifying the hash of the provider before calling it, will OpenSSL 3.0.0 do this, or will need to be done at integrator level?

2. Having the provider entry points made public because they are dynamic will easily permit MITM attack or modification such as through hooking, have you thought of protection mechanisms to protect against this kind of attack?

 

With FIPS 2.0, from my understanding, it was statically linked, hence these risks would be lessened. Of course it required more work as it required a special linker script to add the hash value and with new NIST requirements, the FIPS mode needed to be enabled by default at premain, but my feeling as that it was more secure.

 

Thanks for your guidance!

Carl Eric Codere

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux