"Steve Marquess" wrote on 01/27/15 09:18:
Thank you (and Tom) for your comments - much appreciated.
> Tom Francis nailed the answer to this one. We did design the FIPS module
> + "FIPS capable" OpenSSL combination to make it possible to have a
> system wide "FIPS mode" capability, but that presume
-Original Message-
> From: "Salz, Rich"
> To: openssl-users@openssl.org
> Date: 02/19/15 07:43
> Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
>
> > For that matter and in a general sense, so far I've seen that many
> > encryption
> > methods do not retu
-Original Message-
> From: "Marcus Meissner"
> To: openssl-users@openssl.org
> Date: 02/19/15 08:07
> Subject: Re: [openssl-users] OpenSSL FIPS mode system integration
> Well, the writing is that the "crypto module" must stop operating
> on error.
> We solved this by calling abor
> From: "Dr. Stephen Henson"
> To: openssl-users@openssl.org
> Date: 02/19/15 11:34
> Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
> The low level cipher and digest APIs cannot be used in FIPS mode: you have to
> use EVP.
That's quite an important point. It br
On Feb 19, 2015 10:50am Henrik Grindal Bakken wrote:
> I'm not sure it will be called on every conceivable error in
> the FIPS module, but what I do in similar situations is
> something like this:
> static int post_cb(int op, int id, int subid, void *ex)
> {
> if (op == FIPS_POST_FAIL)
>
Hello,
To grasp how FIPS methods are called, and following one method
as an example, HMAC_Update() in hmac.c, we can see that if FIPS
mode is active then FIPS_hmac_update() will be called. This is
fine although searching the sources for the physical definiton of
FIPS_hmac_update() does not yiel
Hello,
I tried a simple test to see if FIPS mode would fail, using the example given
in the FIPS user guide 2.0. The test consisted of replacing the /dev/random
and /dev/urandom with /dev/zero. I would have expected that no source of
randomness would make the tests ran at the call of FIPS_m
Hello,
Is there a method that is always in the path of execution when a crypto error
occurs ? The reason for asking is that I would like to very slightly modify
the OpenSSL FIPS version so that it will write a file in tmpfs when an error
occurs. That place will be observed by another app us
> Is there a method that is always in the path of execution when a crypto error
> occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to
create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on yo
> From: "Steve Marquess"
> Date: 03/10/15 08:56
Hello,
Thanks for your reply.
> You're talking about a Level 2 validation (or higher)? You most
> definitely do *not* want to include the OS or applications in the
> "cryptographic module boundary" for Level 1.
It's a level 2. The behaviou
> From: "Dr. Stephen Henson"
> Date: 03/10/15 10:21
> Although you cannot modify the FIPS module itself without voiding the
> validation you *can* change the FIPS capable OpenSSL.
> You might (for example) change FIPS_mode_set() to always add a callback
> which logs any errors.
I see. So t
> From: "Dr. Stephen Henson"
> Date: 03/10/15 20:04
> I mean you could add a callback to FIPS_mode_set using
> FIPS_post_set_callback: see the fips_test_suite.c application
> for an example. The supplied callback is called during each
> POST, continuous RNG and pairwise consistency checks. Th
Hello,
Using fips_hmac.c and the do_crypt() example, compiling
EVP_EncryptInit_ex() with EVP__idea_* in FIPS mode yields:
fips_hmac.c:58:2: warning: passing argument 2 of
‘EVP_EncryptInit_ex’ makes pointer from integer without a cast
[enabled by default]
EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(
Hello,
An application that needs converting to FIPS is currently using
AES_ctr128_encrypt(). That function calls in turn
CRYPTO_ctr128_encrypt() which then does some internal
computations. They are not documented in the 'full list of
crypto APIs'. What would be the FIPS-compatible EVP
equivalen
Hello,
The licenses, patents for ECC was noticed. In short, if we do not care about
this in the sense of not willing to be in any patent infringement situation
down the road, the -ecb archive should be used, is that right ? Also, there is
a mention of a NSA-PLA.pdf agreemnet statement. The
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local and
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local and
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local a
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local
> From: "Dr. Stephen Henson"
> Date: 03/17/15 12:28
> What are the two platforms? That is what does:
First of all, I'm very, very sorry to have posted duplicates of the question.
The web-access email client is, was, a bit on the fuzzy side, stalling and
reporting errors.
It turns out, at
Hello,
I have the impression that the 'ciphers -v' option to openssl, when OpenSSL
is compiled in FIPS mode, lists more than FIPS-only. There are RC5 and RC4 in
there, for instance. Is there a specific openssl command that will list only
the ones that are FIPS-allowed ?
Regards.
___
> From: "Dr. Stephen Henson"
> Date: 03/20/15 12:48
> OPENSSL_FIPS=1 openssl ciphers -v
> openssl ciphers -v FIPS
Thanks, this works great, on the workstation where I have installed at default
development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.
However, we have built D
Hello,
Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the
OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So
the certifications were made for SP 800-90, is that right ?
Also, does it depend on the application to choose which DRBG and moreov
> From: "Steve Marquess"
> Date: 03/24/15 09:22
> At the time that validation was obtained the four (at the time) DRBGs
> were specified by SP800-90. That document was subsequently reissued in
> several pieces; the current SP800-90A now contains the specifications
> for the three surviving DR
> From: "Steve Marquess"
> Date: 03/24/15 12:38
> No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early
> 2014) for use as-is in doing copycat validations. Some non-trivial code
> hacks will be necessary.
> We'll do a new open source based validation to succeed the 2.0 F
Hello,
When an application does not define OPENSSL_DRBG_DEFAULT_TYPE nor
OPENSSL_DRBG_DEFAULT_FLAGS nor any compilation options (if applicable), is the
default DRBG the 256 bit CTR AES (+ deviation function) in FIPS mode ?
Regards.
___
openssl-us
Hello,
This is not about OpenSSL, although from experience, maybe some know the
answer. Does anyone know if actual documentation exists for the Linux kernel
FIPS mode apart from the source itself ? There is nothing in Documentation/ as
per 3.18.2. - thanks.
Regards.
_
Hello,
Is FIPS_mode_set(1) taking care of setting up a default DRBG ? Would a
subsequent call to RAND_pseudo_bytes() for instance be using the default DRBG (
256-bit CTR AES ?) There are quite a few DRBG-related FIPS methods described in
the User Guide, and one that is called FIPS_get_defaul
> From: jonetsu
> Date: 03/26/15 11:11
> Is FIPS_mode_set(1) taking care of setting up a default DRBG ?
Yes. It does. When using post_cb() from fips_test_suite.c in for instance the
fips_hmac.c demo, with only but a FIPS_mode_set(1) call, it is reported that
the four DRBGs a
Hello,
As part of development, still using the fips_hmac test code, this time on a
target unit using 1.0.1e, the following errors are shown at the console:
3069614096:error:2D088086:FIPS
routines:FIPS_selftest_x931:selftest
failed:fips_rand_selftest.c:171:
3069614096:error:2D082086:FIPS
routi
Thanks for the comments - much appreciated.
The following question might be on the naive side of things, but then I'm
all new to this. Since crypt() in glibc2 supports SHA-256 and SHA-512 for
password, and assuming that these two are FIPS compatible, what would be the
(financial) overhead of havi
Thanks for all the comments, they're much appreciated. It is a Debian
system, so there is no Red Hat FIPS validation (or SuSE which also has one I
think) or validated components that can be used.
If I may, I'd like to ask about including the Linux kernel in the
validation. Now, including glibc2
Salz, Rich wrote
> As the old joke goes, "if you have to ask, you can't afford it."
Well, exploration can be free. I noticed that Strongswan uses a plug-in
architecture for crypto that seemingly allows the use of OpenSSL instead of
the kernel for crypto operations, for use under FIPS. Does anyo
> From: "Steve Marquess"
> Date: 04/14/15 09:31
> and note that of the 101 platforms ("OEs") appearing there, most of
> those operating systems are neither CC certified nor have any other FIPS
> 140-2 validated crypto. Keep in mind that at Level 1 the validation
> applies to the cryptographic
> What is the security risk?
Management ? :)
--
View this message in context:
http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57670.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
It can be indeed easy to find out about companies in Hartford, CT but, I
still do not see any threat to any existing product. 'Having problems with
OpenSSL' is not good enough.
In any case, when concerned, do like many people and use a pseudo from
another mailing system. Employees will not gain
Hi,
... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)
https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0
Specifically:
"FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0"
"FCS_TLSS_EXT.2.2 The TSF shall deny connections
Hello,
> In FIPS mode SSL 3.0 is not allowed: that has always been the
> case.
% openssl version
OpenSSL 1.0.1f 6 Jan 2014
% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
ECDHE-RSA-AES256-SHASSLv3
ECDHE-ECDSA-AES256-SHA SSLv3
DHE-RSA-AES256-SHA SSLv3
DHE-DSS-AES256-SHA SSLv3
[snip
> That refers to the minimum version of the ciphersuite: it
> doesn't imply that it will only be used in SSLv3 (which is
> disabled in FIPS mode).
Hmmm... I'm sorry but I do not really understand this. Since openssl is
run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3
ciphe
> SSLv3 in the ciphersuite definition means it can be used in
> SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3,
> and then again for TLS1.0, and again for TLS1.1 etc - its just
> defined once and is reused across multiple protocol versions.
Yes, this is what I basically understood.
Hello,
What would be the equivalent of the SHA256() function in the EVP
class of methods ? EVP_sha256() could be it, although from the
short description in manual page it does not seemingly fit in,
returning a EVP_MD which is, if not mistaken, a env_md_st
structure.
The code I'm adapting to EVP
Thanks for the comments.
> If you are implementing HMAC, perhaps for PBKDF2 (which does
> that prehash-if-too-long), I hope you mean the code does...
Yes it does.
The man page (the one online from OpenSSL project - SHA256.html)
gives a description using SHA1() which computes a message digest.
Be
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
correlation to the EVP methods, let alone an a
> Even a small convenience is still a convenience.
And eventually they add up.
Thanks for the comments - it's appreciated.
--
View this message in context:
http://openssl.6102.n7.nabble.com/SHA256-to-EVP-tp57774p57826.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
The validation is on the ARM platform using Linux 2.4. I am one of those
'unlucky' having to deal with FIPS so please pardon any silly questions.
Would this validation be limited to these two aspects ? And, is there any
money-saving advantage at using an already validated OpenSSL when the whole
Hello,
Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL
1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as
0x0800L and several tests are made for this value in the code. The CHANGES
mentions though that this had some side effects, the option
Does this mean, since the 'no insert fragments' is part of SSL_OP_ALL, that
OpenSSL is BEAST-proof since some time regarding it's use of TLS 1.0 and SSL
3.0 ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/BEAST-and-SSL-OP-DONT-INSERT-EMPTY-FRAGMENTS-tp59291p59732.
OK. So this means that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not the
solution for the BEAST attack. Is there a solution while keeping TLS 1.0
and SSL v3.0 ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/BEAST-and-SSL-OP-DONT-INSERT-EMPTY-FRAGMENTS-tp59291p59
Thanks for your comments - much appreciated. What is exactly the "poodle
patch" and how doe sit come into providing some form of protection against
the BEAST attack ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/BEAST-and-SSL-OP-DONT-INSERT-EMPTY-FRAGMENTS-tp59291p59743.
Hello,
The documentation does not seem too clear about what the behaviour exactly is
when OpenSSL deals with a broken OCSP responder. For instance, one that would
send an OK without any contents. We call openssl from an application and would
like to know what is returned in such a case, or i
> From: "Salz, Rich"
> Date: 09/14/15 16:07
> Are you talking about the command-line?
Yes.
> It would be great if someone sent in a patch that standardized
> and documented exit codes, like 0 for got a "good"
> response, "1" for got a "bad" response, and 10 for got an
> unparseable response
Hello,
Sorry if this is a bit beside OpenSSL per se, the idea behind this post is to
perhaps have some information form the OpenSSL experience with FIPS validation.
There was so much effort put into FIPS compliance that it would not be
far-fetched to consider that there is also knowledge abo
> From: "Steve Marquess"
> Date: 10/21/15 14:18
> See Appendix B of the OpenSSL FIPS User Guide:
> https://openssl.org/docs/fips/UserGuide-2.0.pdf
Thanks.
> The specific algorithm tests have changed quite a bit since then
> (constant change is part of the fun), but the general concept is th
In 1.0.1e the following is observed when using OpenSSL in FIPS mode:
% OPENSSL_FIPS=1 openssl pkcs12 -export -in
/tmp/ipsec.d/certs/192.168.11.1 -inkey
/tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out
/tmp/ipsec.d/192.168.11.1.p12 -password pass:""
3067167952:error:060A60A3:digit
Sorry if this is answered elsewhere ...
Is the version control repository as well as the bug tracker of public read
access ?
Is it possible to find a specific commit in the OpenSSL repository that would
hopefully fix a single discovered/reported bug ?
We have hit the 'FIPS_CIPHERINIT:disab
Hello,
There is a thread in 2013 (30 May 03:15) in which Steve writes that OpenSSL
1.0.1 has a bug regarding the use of PKCS12 in FIPS mode since it tries to
handle a certificate using a non-FIPS component. I think I found the commit
that fixes this, although it is part of a quite huge commit
In the NSA page referred above, the p-384 curves are specifically mentioned
for DH. These would be the ones covered by the Suite B NSA license
sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS
in such a way that only these curves will be used ?
Regards.
--
View this
Hello,
I would like to see the bug fix for RT3515 'Use 3DES in pkcs12 if built with
no-rc2' although the opnssl tree I got recently does not show it:
% git status
On branch master
Your branch is up-to-date with 'origin/master'.
% git show 92830dc1ca0bb2d12bf05a12ebb798709595fa5a
fatal: bad
Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
it make functional sense using those versions to patch RSA_generate_key_ex()
(../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
this means an upgrade ?)
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61769.html
Sent from the OpenSSL - User mailing list archive
What would then be the permitting conditions to pursue a new validation ? If
you don't mind me asking. I have read several notes you have on the subject
and I agree that the whole thing is of Dedalus proportions. In a nutshell
what would be these conditions ?
Thanks, much appreciated.
--
Vie
Sorry, I forgot: What about the code itself, if we do not mind the validation
? Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61774.html
Sent from
Fair enough (in this context). But what about the code itself, is it ready
to be RSA 186-4 compliant ?
And, if we go through a validation, can OpenSSL benefit from it ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753
Does this mean that running 1.01e in FIPS mode is protected regarding this
SLOTH attack ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62074.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
> Does FIPS mode prevent use of MD5: Yes.
> Does FIPS mode prevent insecure uses of SHA-1 (a FIPS
> algorithm): No.
> Does FIPS mode prevent the SSL/TLS handshake from using 96 bit
> truncated HMAC values: Probably not.
> Does FIPS mode prevent use of the insecurely designed
> 'tls-unique' featu
Hello,
Using 1.0.1e running FIPS module 2.0.9, the following two
commands for querying the ciphers do not yield the same results.
There are more ciphers declared in the 'string' version.
The 'environment variable' version:
% OPENSSL_FIPS=1 openssl ciphers -v |
The 'string' version:
% openssl c
Hello,
Does OpenSSL allows TLS 1.0 when running in FIPS mode ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/TLS-1-0-in-FIPS-mode-tp65343.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe: https://m
Hello,
Is there anything new regarding the prime number requirement handling for
FIPS 186-4, as far as supporting it ? I asked some time ago. Just want to
see if anything has changed, if there's anything planned. - thanks !
--
View this message in context:
http://openssl.6102.n7.nabble.com/
Hello,
Does 2.0.12 support 186-4 ? Specifically, does it support the RSA requirements
?
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
Is it possible to simulate FIPS failure at run-time, at any given time ? Or
does OpenSSL have to start in failure simulation mode ? Also, is failure
simulation a standard part of a normal, non-debug, build ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/
Hello,
Is it normal to get a 'linker imput file unused because linking
not done' warning when compiling C code that uses OpenSSL in FIPS
mode, hence using fipsld ?
The object file is actually generated,a s well as the executable,
and it does execute in a meaningful manner.
The warning:
[...]
The current FIPS User Guide mentions:
"3.3 Creation of Shared Libraries
The FIPS Object Module is not directly usable as a shared
library, but it can be linked into an application that is a
shared library. A “FIPS compatible” OpenSSL distribution will
automatically incorporate an avai
FIPS: Need to use FIPS versions of (EVP) methods ?
In FIPS mode, is there a need to use the FIPS_* methods instead of the
regular ones once FIPS_mode_set(1) was successfully executed ? For
instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1()
? Wouldn't the FIPS version of EVP_s
Thanks for the explanation.
> Just link against the library produced by the FIPS capable
> OpenSSL build. If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?
The confusion came from trying to u
Hello,
We are using FOM 2.0.9 for an embedded product that will go for FIPS
validation. Validation of the full product, that is. All development so far
is with 2.0.9. What would be the reasons, if any, to update to 2.0.12 before
going to the lab ?
Thanks - comments much appreciated.
--
75 matches
Mail list logo