Re: OpenSSL FIPS 140-2 validation

2008-11-25 Thread joshi chandran 
Hi

Last release of openssl fips 1.1.2 was not allowing shared library
generation of fips capable openssl 9.7m .whether openssl fips 1.2 will allow

shared library generation when compiled with fips capable openssl 0.9.8j?

Thanks

Joshi




On Thu, Nov 20, 2008 at 1:52 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote:

 On Thu, Nov 20, 2008, joshi chandran wrote:

  Hi ,
 
  I have a different requirement . I want to release openssl 0.9.8j has
 normal
  openssl release . i donot want to release fips capable openssl . if i
 remove
  the fips option  in configure will it generate the normal openssl (with
 out
  fips capabability) including all the functionality that are in openssl
 9.8h
 

 Yes if the fips option is not specified in 0.9.8j (when released) or
 later
 then no FIPS capabilities will be included.

 Steve.
 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]




-- 
Regards
Joshi Chandran

Re: OpenSSL FIPS 140-2 validation

2008-11-25 Thread Dr. Stephen Henson 
On Tue, Nov 25, 2008, joshi chandran wrote:

 Hi
 
 Last release of openssl fips 1.1.2 was not allowing shared library
 generation of fips capable openssl 9.7m .whether openssl fips 1.2 will allow
 
 shared library generation when compiled with fips capable openssl 0.9.8j?
 

Yes it will.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-20 Thread Dr. Stephen Henson 
On Thu, Nov 20, 2008, joshi chandran wrote:

 Hi ,
 
 I have a different requirement . I want to release openssl 0.9.8j has normal
 openssl release . i donot want to release fips capable openssl . if i remove
 the fips option  in configure will it generate the normal openssl (with out
 fips capabability) including all the functionality that are in openssl 9.8h
 

Yes if the fips option is not specified in 0.9.8j (when released) or later
then no FIPS capabilities will be included.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-19 Thread Dr. Stephen Henson 
On Tue, Nov 18, 2008, Brad House wrote:


 I'm pretty ignorant when it comes to FIPS, is this a limitation of the
 FIPS requirements itself or a limitation of OpenSSL's FIPS validation?


It is a FIPS requirement.


 Any idea how many root CAs use MD2WithRSAEncryption or any way to work
 around it?  It appears to be a Verisign cert ...


That is the only one I know of. It is only the root CAs self signaure
that uses that algorithm, subordinates use SHA1+RSA.

If a self signed root CA using SHA1+RSA existed that would solve things. I've
not seen one though and browsers and such like have the MD2 version.

It could also be argued that the self signed signature check is redundant so
that could be disabled.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-19 Thread joshi chandran 
Hi ,

I have a different requirement . I want to release openssl 0.9.8j has normal
openssl release . i donot want to release fips capable openssl . if i remove
the fips option  in configure will it generate the normal openssl (with out
fips capabability) including all the functionality that are in openssl 9.8h

Please help

Thanks
joshi

On Wed, Nov 19, 2008 at 6:31 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote:

 On Tue, Nov 18, 2008, Brad House wrote:

 
  I'm pretty ignorant when it comes to FIPS, is this a limitation of the
  FIPS requirements itself or a limitation of OpenSSL's FIPS validation?
 

 It is a FIPS requirement.

 
  Any idea how many root CAs use MD2WithRSAEncryption or any way to work
  around it?  It appears to be a Verisign cert ...
 

 That is the only one I know of. It is only the root CAs self signaure
 that uses that algorithm, subordinates use SHA1+RSA.

 If a self signed root CA using SHA1+RSA existed that would solve things.
 I've
 not seen one though and browsers and such like have the MD2 version.

 It could also be argued that the self signed signature check is redundant
 so
 that could be disabled.

 Steve.
 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]




-- 
Regards
Joshi Chandran

OpenSSL FIPS 140-2 validation

2008-11-18 Thread OpenSSL 
Good news for developers and vendors of software for the U.S. and
Canadian government market where FIPS 140-2 validated cryptography is
required.

The OpenSSL FIPS Object Module, a software component compatible with
the OpenSSL API, has been FIPS 140-2 validated (see certificate #1051
and Security Policy document at
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm).
The source distribution that generates this validated module is at
http://www.openssl.org/source/openssl-fips-1.2.tar.gz.

This validation means that the referenced source distribution can be
used to create a binary module on a wide range of platforms, in a form
compatible with OpenSSL 0.9.8, for enabling FIPS 140-2 validated
cryptography in applications.

Please see the Security Policy document for details on how to create a
validated module for your platform and application.  Other supporting
information will be made available at http://www.openssl.org/docs/fips/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Kyle Hamilton 
I dunno who I'm supposed to give feedback to, but this format of FIPS
announcement needs some work.

First, the subject line doesn't say anything about the version of the
FIPS module that has been validated.  (In this case, it should be
something like OpenSSL FIPS 140-2 validation for module v1.2.)  My
reason for suggesting this is twofold: the original plan called for
multiple versions going through validation, and so that the press
release can be used for press without any additional investigation by
a reporter, and without causing confusion between the multiple fips
module versions by a reader.

Second, it doesn't describe which version of the OpenSSL API that the
newly-validated module supports. (in this case, it supports v0.9.8
(and requires 0.9.8i onward), but I dunno about 0.9.7?)  Providing
compatibility with a version bump in the API is significant enough
that it should be called out in the press release.

Third, a statement that the result of the validation is only validated
if it's built and used in accordance with the security policy would
likely be good as well.  I don't really have a rationale for this one,
except that it reminds people that there is a security policy that
must be followed for FIPS-using applications.

Thanks for your time!

-Kyle H

On Tue, Nov 18, 2008 at 10:40 AM, OpenSSL [EMAIL PROTECTED] wrote:
 Good news for developers and vendors of software for the U.S. and
 Canadian government market where FIPS 140-2 validated cryptography is
 required.

 The OpenSSL FIPS Object Module, a software component compatible with
 the OpenSSL API, has been FIPS 140-2 validated (see certificate #1051
 and Security Policy document at
 http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm).
 The source distribution that generates this validated module is at
 http://www.openssl.org/source/openssl-fips-1.2.tar.gz.

 This validation means that the referenced source distribution can be
 used to create a binary module on a wide range of platforms, in a form
 compatible with OpenSSL 0.9.8, for enabling FIPS 140-2 validated
 cryptography in applications.

 Please see the Security Policy document for details on how to create a
 validated module for your platform and application.  Other supporting
 information will be made available at http://www.openssl.org/docs/fips/
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Dr. Stephen Henson 
On Tue, Nov 18, 2008, Kyle Hamilton wrote:

 
 Second, it doesn't describe which version of the OpenSSL API that the
 newly-validated module supports. (in this case, it supports v0.9.8
 (and requires 0.9.8i onward), but I dunno about 0.9.7?)  Providing
 compatibility with a version bump in the API is significant enough
 that it should be called out in the press release.
 

It is 0.9.8j onward which hasn't been released yet but it will be in the next
few days. In the meantime a 0.9.8 snapshot needs to be used.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Brad House 

Second, it doesn't describe which version of the OpenSSL API that the
newly-validated module supports. (in this case, it supports v0.9.8
(and requires 0.9.8i onward), but I dunno about 0.9.7?)  Providing
compatibility with a version bump in the API is significant enough
that it should be called out in the press release.



It is 0.9.8j onward which hasn't been released yet but it will be in the next
few days. In the meantime a 0.9.8 snapshot needs to be used.


FYI, I pulled the 0.9.8 stable CVS branch this afternoon to test fips
and had  jpake compilation issues (missing jpake.h header file, removing
the Makefile references resolved the build issue).  Hopefully that is 
fixed before 0.9.8j release.


Also, I didn't see an updated Users Guide for v1.2, so I hope
the build is pretty much the same as v1.1.x:
./config --with-fipslibdir=wherever fips

Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in
fips mode during SSL negotiation, but the same binary, simply telling
it via a config setting not to enter fips mode, works fine.  This
is to ssl3.vitalps.net:5003, specifically, but I don't have any reason
to believe other addresses would be different.  This was with the
resultant 0.9.8j-pre CVS release compiled against the fipscanister from
v1.2, haven't tried with the v1.2-generated library directly.

Just thought I'd pass that on since people were already in discussion
here to see if anyone else has had similar issues.  I've yet to actually
debug it further, need to write a test case to see if it occurs there
first or somehow my fault in some other way ;)

-Brad

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Dr. Stephen Henson 
On Tue, Nov 18, 2008, Brad House wrote:

 Second, it doesn't describe which version of the OpenSSL API that the
 newly-validated module supports. (in this case, it supports v0.9.8
 (and requires 0.9.8i onward), but I dunno about 0.9.7?)  Providing
 compatibility with a version bump in the API is significant enough
 that it should be called out in the press release.

 It is 0.9.8j onward which hasn't been released yet but it will be in the 
 next
 few days. In the meantime a 0.9.8 snapshot needs to be used.

 FYI, I pulled the 0.9.8 stable CVS branch this afternoon to test fips
 and had  jpake compilation issues (missing jpake.h header file, removing
 the Makefile references resolved the build issue).  Hopefully that is fixed 
 before 0.9.8j release.


Should be fixed now.

 Also, I didn't see an updated Users Guide for v1.2, so I hope
 the build is pretty much the same as v1.1.x:
 ./config --with-fipslibdir=wherever fips


Yes. 

 Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in
 fips mode during SSL negotiation, but the same binary, simply telling
 it via a config setting not to enter fips mode, works fine.  This
 is to ssl3.vitalps.net:5003, specifically, but I don't have any reason
 to believe other addresses would be different.  This was with the
 resultant 0.9.8j-pre CVS release compiled against the fipscanister from
 v1.2, haven't tried with the v1.2-generated library directly.

 Just thought I'd pass that on since people were already in discussion
 here to see if anyone else has had similar issues.  I've yet to actually
 debug it further, need to write a test case to see if it occurs there
 first or somehow my fault in some other way ;)


The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm
and that is prohibited in FIPS mode. 

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Brad House 

Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in
fips mode during SSL negotiation, but the same binary, simply telling
it via a config setting not to enter fips mode, works fine.  This
is to ssl3.vitalps.net:5003, specifically, but I don't have any reason
to believe other addresses would be different.  This was with the
resultant 0.9.8j-pre CVS release compiled against the fipscanister from
v1.2, haven't tried with the v1.2-generated library directly.


The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm
and that is prohibited in FIPS mode. 


I'm pretty ignorant when it comes to FIPS, is this a limitation of the
FIPS requirements itself or a limitation of OpenSSL's FIPS validation?

Also, how do you find out the signature algorithm used for the root CA?
I don't see it listed when trying to connect using
openssl s_client -connect host:port -CAfile mycafile.pem

Any idea how many root CAs use MD2WithRSAEncryption or any way to work
around it?  It appears to be a Verisign cert ...

Thanks.

-Brad
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: OpenSSL FIPS 140-2 validation

2008-11-18 Thread David Schwartz 

  The problem is the root CA uses MD2WithRSAEncryption as a
  signature algorithm
  and that is prohibited in FIPS mode.

 I'm pretty ignorant when it comes to FIPS, is this a limitation of the
 FIPS requirements itself or a limitation of OpenSSL's FIPS validation?

The former. FIPS does not allow the use of algorithms not considered
adequately secure. A general-purpose SSL application intended to
interoperate on the Internet should not be using FIPS mode.

 Also, how do you find out the signature algorithm used for the root CA?
 I don't see it listed when trying to connect using
 openssl s_client -connect host:port -CAfile mycafile.pem

Save the cert, and do this:

openssl x509 -text  MyCertFile.pem | grep Algorithm

Make sure all the algorithms you see are FIPS-approved.

 Any idea how many root CAs use MD2WithRSAEncryption or any way to work
 around it?  It appears to be a Verisign cert ...

The workaround is not to use FIPS in an application designed to interoperate
with non-FIPS applications. The public Internet infrastructure just is not
FIPS.

Unless you have absolutely no choice, you should not attempt strict FIPS
compliance. The downsides are massive.

 -Brad

DS


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL FIPS 140-2 validation

2008-11-18 Thread Brad House 

The problem is the root CA uses MD2WithRSAEncryption as a
signature algorithm
and that is prohibited in FIPS mode.



I'm pretty ignorant when it comes to FIPS, is this a limitation of the
FIPS requirements itself or a limitation of OpenSSL's FIPS validation?


The former. FIPS does not allow the use of algorithms not considered
adequately secure. A general-purpose SSL application intended to
interoperate on the Internet should not be using FIPS mode.


Thanks for the info.  Our clients that would be using this probably
would be segmented away from the internet anyhow and be using
private circuits for direct point-to-point communication, just for
my own testing I hit the issue and didn't know what to make of it.
Thanks for the clarification and I'll add the info to my notes for
future reference.

-Brad
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]