Re: OpenSSL FIPS 140-2 validation
Hi Last release of openssl fips 1.1.2 was not allowing shared library generation of fips capable openssl 9.7m .whether openssl fips 1.2 will allow shared library generation when compiled with fips capable openssl 0.9.8j? Thanks Joshi On Thu, Nov 20, 2008 at 1:52 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote: On Thu, Nov 20, 2008, joshi chandran wrote: Hi , I have a different requirement . I want to release openssl 0.9.8j has normal openssl release . i donot want to release fips capable openssl . if i remove the fips option in configure will it generate the normal openssl (with out fips capabability) including all the functionality that are in openssl 9.8h Yes if the fips option is not specified in 0.9.8j (when released) or later then no FIPS capabilities will be included. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Regards Joshi Chandran
Re: OpenSSL FIPS 140-2 validation
On Tue, Nov 25, 2008, joshi chandran wrote: Hi Last release of openssl fips 1.1.2 was not allowing shared library generation of fips capable openssl 9.7m .whether openssl fips 1.2 will allow shared library generation when compiled with fips capable openssl 0.9.8j? Yes it will. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
On Thu, Nov 20, 2008, joshi chandran wrote: Hi , I have a different requirement . I want to release openssl 0.9.8j has normal openssl release . i donot want to release fips capable openssl . if i remove the fips option in configure will it generate the normal openssl (with out fips capabability) including all the functionality that are in openssl 9.8h Yes if the fips option is not specified in 0.9.8j (when released) or later then no FIPS capabilities will be included. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
On Tue, Nov 18, 2008, Brad House wrote: I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? It is a FIPS requirement. Any idea how many root CAs use MD2WithRSAEncryption or any way to work around it? It appears to be a Verisign cert ... That is the only one I know of. It is only the root CAs self signaure that uses that algorithm, subordinates use SHA1+RSA. If a self signed root CA using SHA1+RSA existed that would solve things. I've not seen one though and browsers and such like have the MD2 version. It could also be argued that the self signed signature check is redundant so that could be disabled. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
Hi , I have a different requirement . I want to release openssl 0.9.8j has normal openssl release . i donot want to release fips capable openssl . if i remove the fips option in configure will it generate the normal openssl (with out fips capabability) including all the functionality that are in openssl 9.8h Please help Thanks joshi On Wed, Nov 19, 2008 at 6:31 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote: On Tue, Nov 18, 2008, Brad House wrote: I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? It is a FIPS requirement. Any idea how many root CAs use MD2WithRSAEncryption or any way to work around it? It appears to be a Verisign cert ... That is the only one I know of. It is only the root CAs self signaure that uses that algorithm, subordinates use SHA1+RSA. If a self signed root CA using SHA1+RSA existed that would solve things. I've not seen one though and browsers and such like have the MD2 version. It could also be argued that the self signed signature check is redundant so that could be disabled. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Regards Joshi Chandran
OpenSSL FIPS 140-2 validation
Good news for developers and vendors of software for the U.S. and Canadian government market where FIPS 140-2 validated cryptography is required. The OpenSSL FIPS Object Module, a software component compatible with the OpenSSL API, has been FIPS 140-2 validated (see certificate #1051 and Security Policy document at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm). The source distribution that generates this validated module is at http://www.openssl.org/source/openssl-fips-1.2.tar.gz. This validation means that the referenced source distribution can be used to create a binary module on a wide range of platforms, in a form compatible with OpenSSL 0.9.8, for enabling FIPS 140-2 validated cryptography in applications. Please see the Security Policy document for details on how to create a validated module for your platform and application. Other supporting information will be made available at http://www.openssl.org/docs/fips/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
I dunno who I'm supposed to give feedback to, but this format of FIPS announcement needs some work. First, the subject line doesn't say anything about the version of the FIPS module that has been validated. (In this case, it should be something like OpenSSL FIPS 140-2 validation for module v1.2.) My reason for suggesting this is twofold: the original plan called for multiple versions going through validation, and so that the press release can be used for press without any additional investigation by a reporter, and without causing confusion between the multiple fips module versions by a reader. Second, it doesn't describe which version of the OpenSSL API that the newly-validated module supports. (in this case, it supports v0.9.8 (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing compatibility with a version bump in the API is significant enough that it should be called out in the press release. Third, a statement that the result of the validation is only validated if it's built and used in accordance with the security policy would likely be good as well. I don't really have a rationale for this one, except that it reminds people that there is a security policy that must be followed for FIPS-using applications. Thanks for your time! -Kyle H On Tue, Nov 18, 2008 at 10:40 AM, OpenSSL [EMAIL PROTECTED] wrote: Good news for developers and vendors of software for the U.S. and Canadian government market where FIPS 140-2 validated cryptography is required. The OpenSSL FIPS Object Module, a software component compatible with the OpenSSL API, has been FIPS 140-2 validated (see certificate #1051 and Security Policy document at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm). The source distribution that generates this validated module is at http://www.openssl.org/source/openssl-fips-1.2.tar.gz. This validation means that the referenced source distribution can be used to create a binary module on a wide range of platforms, in a form compatible with OpenSSL 0.9.8, for enabling FIPS 140-2 validated cryptography in applications. Please see the Security Policy document for details on how to create a validated module for your platform and application. Other supporting information will be made available at http://www.openssl.org/docs/fips/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
On Tue, Nov 18, 2008, Kyle Hamilton wrote: Second, it doesn't describe which version of the OpenSSL API that the newly-validated module supports. (in this case, it supports v0.9.8 (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing compatibility with a version bump in the API is significant enough that it should be called out in the press release. It is 0.9.8j onward which hasn't been released yet but it will be in the next few days. In the meantime a 0.9.8 snapshot needs to be used. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
Second, it doesn't describe which version of the OpenSSL API that the newly-validated module supports. (in this case, it supports v0.9.8 (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing compatibility with a version bump in the API is significant enough that it should be called out in the press release. It is 0.9.8j onward which hasn't been released yet but it will be in the next few days. In the meantime a 0.9.8 snapshot needs to be used. FYI, I pulled the 0.9.8 stable CVS branch this afternoon to test fips and had jpake compilation issues (missing jpake.h header file, removing the Makefile references resolved the build issue). Hopefully that is fixed before 0.9.8j release. Also, I didn't see an updated Users Guide for v1.2, so I hope the build is pretty much the same as v1.1.x: ./config --with-fipslibdir=wherever fips Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in fips mode during SSL negotiation, but the same binary, simply telling it via a config setting not to enter fips mode, works fine. This is to ssl3.vitalps.net:5003, specifically, but I don't have any reason to believe other addresses would be different. This was with the resultant 0.9.8j-pre CVS release compiled against the fipscanister from v1.2, haven't tried with the v1.2-generated library directly. Just thought I'd pass that on since people were already in discussion here to see if anyone else has had similar issues. I've yet to actually debug it further, need to write a test case to see if it occurs there first or somehow my fault in some other way ;) -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
On Tue, Nov 18, 2008, Brad House wrote: Second, it doesn't describe which version of the OpenSSL API that the newly-validated module supports. (in this case, it supports v0.9.8 (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing compatibility with a version bump in the API is significant enough that it should be called out in the press release. It is 0.9.8j onward which hasn't been released yet but it will be in the next few days. In the meantime a 0.9.8 snapshot needs to be used. FYI, I pulled the 0.9.8 stable CVS branch this afternoon to test fips and had jpake compilation issues (missing jpake.h header file, removing the Makefile references resolved the build issue). Hopefully that is fixed before 0.9.8j release. Should be fixed now. Also, I didn't see an updated Users Guide for v1.2, so I hope the build is pretty much the same as v1.1.x: ./config --with-fipslibdir=wherever fips Yes. Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in fips mode during SSL negotiation, but the same binary, simply telling it via a config setting not to enter fips mode, works fine. This is to ssl3.vitalps.net:5003, specifically, but I don't have any reason to believe other addresses would be different. This was with the resultant 0.9.8j-pre CVS release compiled against the fipscanister from v1.2, haven't tried with the v1.2-generated library directly. Just thought I'd pass that on since people were already in discussion here to see if anyone else has had similar issues. I've yet to actually debug it further, need to write a test case to see if it occurs there first or somehow my fault in some other way ;) The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm and that is prohibited in FIPS mode. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in fips mode during SSL negotiation, but the same binary, simply telling it via a config setting not to enter fips mode, works fine. This is to ssl3.vitalps.net:5003, specifically, but I don't have any reason to believe other addresses would be different. This was with the resultant 0.9.8j-pre CVS release compiled against the fipscanister from v1.2, haven't tried with the v1.2-generated library directly. The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm and that is prohibited in FIPS mode. I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? Also, how do you find out the signature algorithm used for the root CA? I don't see it listed when trying to connect using openssl s_client -connect host:port -CAfile mycafile.pem Any idea how many root CAs use MD2WithRSAEncryption or any way to work around it? It appears to be a Verisign cert ... Thanks. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL FIPS 140-2 validation
The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm and that is prohibited in FIPS mode. I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? The former. FIPS does not allow the use of algorithms not considered adequately secure. A general-purpose SSL application intended to interoperate on the Internet should not be using FIPS mode. Also, how do you find out the signature algorithm used for the root CA? I don't see it listed when trying to connect using openssl s_client -connect host:port -CAfile mycafile.pem Save the cert, and do this: openssl x509 -text MyCertFile.pem | grep Algorithm Make sure all the algorithms you see are FIPS-approved. Any idea how many root CAs use MD2WithRSAEncryption or any way to work around it? It appears to be a Verisign cert ... The workaround is not to use FIPS in an application designed to interoperate with non-FIPS applications. The public Internet infrastructure just is not FIPS. Unless you have absolutely no choice, you should not attempt strict FIPS compliance. The downsides are massive. -Brad DS __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 140-2 validation
The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm and that is prohibited in FIPS mode. I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? The former. FIPS does not allow the use of algorithms not considered adequately secure. A general-purpose SSL application intended to interoperate on the Internet should not be using FIPS mode. Thanks for the info. Our clients that would be using this probably would be segmented away from the internet anyhow and be using private circuits for direct point-to-point communication, just for my own testing I hit the issue and didn't know what to make of it. Thanks for the clarification and I'll add the info to my notes for future reference. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]