Previous: , Up: Internal architecture of GnuTLS   [Contents][Index]

10.7 FIPS140-2 mode

GnuTLS can operate in a special mode for FIPS140-2. That mode of operation is for the conformance to NIST’s FIPS140-2 publication, which consists of policies for cryptographic modules (such as software libraries). Its implementation in GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled when the library is explicitly compiled with the ’–enable-fips140-mode’ configure option. The operation of the library is then modified, as follows.

There are also few environment variables which modify that operation. The environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable the library integrity tests on startup, and the variable GNUTLS_FORCE_FIPS_MODE can be set to force a value from Figure 10.5, i.e., ’1’ will enable the FIPS140-2 mode, while ’0’ will disable it.

The integrity checks for the dependent libraries and GnuTLS are performed using ’.hmac’ files which are present at the same path as the library. The key for the operations can be provided on compile-time with the configure option ’–with-fips140-key’. The MAC algorithm used is HMAC-SHA256.

On runtime an application can verify whether the library is in FIPS140-2 mode using the gnutls_fips140_mode_enabled function.

Relaxing FIPS140-2 requirements

The library by default operates in a strict enforcing mode, ensuring that all constraints imposed by the FIPS140-2 specification are enforced. However the application can relax these requirements via gnutls_fips140_set_mode which can switch to alternative modes as in Figure 10.5.


The FIPS140-2 mode is disabled.


The default mode; all forbidden operations will cause an operation failure via error code.


A transient state during library initialization. That state cannot be set or seen by applications.


The library still uses the FIPS140-2 relevant algorithms but all forbidden by FIPS140-2 operations are allowed; this is useful when the application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).


Similarly to GNUTLS_FIPS140_LAX , it allows forbidden operations; any use of them results to a message to the audit callback functions.

Figure 10.5: The gnutls_fips_mode_t enumeration.

The intention of this API is to be used by applications which need to run in FIPS140-2 mode, while they utilize few algorithms not in the allowed set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following.


_gnutls_hash_fast(GNUTLS_DIG_MD5, buffer, sizeof(buffer), output);


The GNUTLS_FIPS140_SET_RELAX_MODE and GNUTLS_FIPS140_SET_STRICT_MODE are macros to simplify the following sequence of calls.

if (gnutls_fips140_mode_enabled())
  gnutls_fips140_set_mode(GNUTLS_FIPS140_SET_MODE_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);

_gnutls_hash_fast(GNUTLS_DIG_MD5, buffer, sizeof(buffer), output);

if (gnutls_fips140_mode_enabled())

The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous calls is to localize the change in the mode.

Applications could also switch FIPS140-2 mode explicitly off, by calling

gnutls_fips140_set_mode(GNUTLS_FIPS140_SET_MODE_LAX, 0);

Previous: , Up: Internal architecture of GnuTLS   [Contents][Index]