fips mode and key management

[Roumen Petrov]

Hello,

Recently I note that when build is in FIPS_MODE some functionality is 
lost. For instance RSA_{g|s}et_ex_data is not available.


Reading the code I expect that in FIPS mode use of external keys is 
forbidden.

Remark: ex_data is used to store reference information for external keys.

Please confirm that in FIPS mode we could use external keys?


Regards
Roumen Petrov

P.S. If is not allowed this regression to previous FIPS 
releases(validations).
Neither OpenSSL nor Red Hat nor Solaris FIPS validation forbid use of 
"external" keys.

Re: crypt(3)

[Roumen Petrov]

Dr Paul Dale wrote:

In the deprecation efforts for 3.0, I’ve hit something in the DES code that I’d 
appreciate input on.

There are two functions (DES_crypt and DES_fcrypt) which implement the old 
crypt(3) password algorithm.  Once these are deprecated, they will no longer be 
reachable via EVP.  The confounding point is that they aren’t quite DES — close 
but not identical.  I would be surprised if they aren’t still in use for 
/etc/passwd files on old and/or embedded systems.

[SNIP]

Thoughts?  Other alternatives?


Linux and BSD crypt(3) manual pages refer to crypt library.  Also 
crypt(3) is not only for DES. It has more features. Why to use OpenSSL 
functions then?


Also OpenSSL build now does not remove deprecated function. So package 
manages could decide API level compatibility and in addition to remove 
or not deprecated functions.


Regards,
Roumen Petrov

Re: Removing function names from errors (PR 9058)

[Roumen Petrov]

Richard Levitte wrote:

On Thu, 13 Jun 2019 20:23:05 +0200,
Roumen Petrov wrote:

Hello,

First I did not understand what is wrong to use function or
reasons. All of them are subject to particular "library".

We didn't say anything against reason codes.  As a matter of fact, I
do find those useful.  Function codes, on the other hand, are unstable
and thereby quite useless, at least for figuring out errors.
I'm not aware of OpenSSL documentation that describes reason codes as 
stable (fixed).
If code is rewritten not only functions are changed. More or less 
reasons are changed as well.




To parse openssl error code in an application code is bad practice.

Is it?  Would you say it's bad practice to look at errno codes too?

No as already in one of my post I wrote that  errsrt utility is very useful.
Bad practice is to check that reason code encoded into 'error' code has 
value of A or B.






Error *text* is a different matter.


Richard Levitte wrote:

On Thu, 13 Jun 2019 12:01:46 +0200,
Matt Caswell wrote:

   The
additional information you're talking about is something we currently
provide the ERR_add_error_data() function for, and that together with
the reason text (derived from the reason code) is the data the end
user can reasonably get.  It's up to whoever writes the error raising
code to provide enough useful information.

Yes, although in practice we don't currently do this (we very rarely add
additional explanatory text). Not sure if that is a problem with the API, our
coding standards, or our culture.

This is partly historical...  ERR_add_error_data() has been around
since the beginning of time, and it looks to me like it was designed
in a time where varargs hadn't universally caught on yet (yes, there
was a time before varargs, and it's appropriate to call that "the
stone age").

But developer could  format "extra message" for instance :
     NSSerr(NSS_F_RSA_SIGN, NSS_R_UNSUPPORTED_NID);
     {/*add extra error message data*/
     char msgstr[10];
     BIO_snprintf(msgstr, sizeof(msgstr), "%d", dtype);
     ERR_add_error_data(2, "NID=", msgstr);
     }

I'll counter with a (yet fictitious):

 ERR_raise_error(NSS_R_UNSUPPORED_NID, "NID=%d", dtype);

Reason code could be shared between functions :
$ grep CAPI_R_FILE_OPEN_ERROR *.c
e_capi.c:    CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
e_capi.c:    CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
e_capi_err.c:    {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open 
error"},


NSS engine has similar case:
$ grep NSS_R_MISSING_PVTKEY *.c
e_nss_dsa.c:    NSSerr(NSS_F_DSA_DO_SIGN, NSS_R_MISSING_PVTKEY);
e_nss_ec.c:    NSSerr(NSS_F_ECDSA_DO_SIGN, NSS_R_MISSING_PVTKEY);
e_nss_err.c:#define NSS_R_MISSING_PVTKEY 133
e_nss_err.c:    { ERR_REASON(NSS_R_MISSING_PVTKEY)  , 
"Missing private key" },

e_nss_key.c:    NSSerr(NSS_F_LOAD_KEY, NSS_R_MISSING_PVTKEY);
e_nss_rsa.c:    NSSerr(NSS_F_RSA_PRIV_DEC, NSS_R_MISSING_PVTKEY);
e_nss_rsa.c:    NSSerr(NSS_F_RSA_SIGN, NSS_R_MISSING_PVTKEY);



or if you want to add information that helps debugging:

 ERR_raise_error_debug(NSS_R_UNSUPPORED_NID,
   __FILE__, __LINE__, __FUNC__, "$Format:%H",
   "NID=%d", dtype);


This look like complete different solution. __FILE__ exposes some 
'private'  information (build related) and is some cases is not acceptable .
__FUNC__ does not look portable  - __func__ vs __FUNCTION__ vs "not 
defined".


Also going into this direction question is why to use "reason code".
Functionality similar to errno, sys_errlist  is also outdated.



(since this is just an idea so far, it's perfectly possible to throw
in a library code as well, but like I said already, dynamic library
codes have their own issue)

I know which I find easier to write.


There is no reason OpenSSL code to use ERR_add_error_data as usually
library packs whole functionality.

That's not really true, there are places where OpenSSL code does use
ERR_add_error_data(), and for good reason.

Hmm, you cut my note for externals like IO CAPI ;)

  BIO_lookup and friends add
the extra resolver error on error, the CONF code adds information on
exactly what value causes a configuration file parsing error, the DSO
code adds information on exactly what file it attempted to load (full
path if possible), etc etc etc...  those are things that can't be part
of the error code.

Cheers,
Richard



Roumen

Re: Removing function names from errors (PR 9058)

[Roumen Petrov]

Hi Viktor,

Viktor Dukhovni wrote:

On Wed, Jun 12, 2019 at 10:02:25AM +0100, Matt Caswell wrote:


OTOH I do find them quite helpful from a debugging perspective, e.g. when people
send in questions along the lines of "I got this error what does it mean/how do
I fix it" - although what is actually useful is usually the function name rather
than the function code itself.

Indeed what's needed is the function name.  The numeric code is far
less important.  On the error consumer side, the idiom I'm familiar
with is:

 while ((err = ERR_get_error_line_data(, , , )) != 0) {
 ERR_error_string_n(err, buffer, sizeof(buffer));
 if (flags & ERR_TXT_STRING)
 printf("...: %s:%s:%d:%s", buffer, file, line, data);
 else
 printf("...: %s:%s:%d", buffer, file, line);
 }

this makes no explicit reference to function numbers, returning the
appropriate strings.  So any change is likely limited to error
producers.

Actually err encodes library, function and reason.



On the producer side, my ssl_dane library (used in Exim for example),
does depend on the function ordinal API:

 https://github.com/vdukhovni/ssl_dane/blob/master/danessl.c#L52-L118
 https://github.com/vdukhovni/ssl_dane/blob/master/danessl.c#L52-L118

Why you tables with functions and reasons does not use ERR_PACK ?



so that would need to change (or be longer supported) if the function
ordinals are replaced by strings, or otherwise change.

Re: Removing function names from errors (PR 9058)

[Roumen Petrov]

Richard Levitte wrote:

Many of us, both past and present, have looked at the error reporting
code and wante to change it somehow.  There's currently a PR, 9058,
which covers one aspect, the function name indicator.
There is a lot of situation where application logs debug information. 
Adding details for openssl errors is very useful to find reason for 
failure based only of logs provided by user.


Recently an user report to me that it uses application with openssl 
version, a but based on openssl error information I found that its 
actual version is a+2 - function code does not exist in (a).  As result 
is was more easy to find what could be reason for errors.


From my point of view current errstr utility is quite useful to find 
failed function. Error information could be enhanced. I cannot see 
reasons to strip it down.


Regards,
Roumen