[openssl-users] FIPS_module_version_text()
Is this function available to call in OpenSSL 1.0.1? I'm trying to call it from my application running a FIPS capable version of OpenSSL (everything else works, turning FIPS on, etc), but I include fips.h but I get a compile error saying the function was not declared. I did find something in the CVS repository that says it was added to 1.1.0: http://marc.info/?l=openssl-cvsm=130982270901165 I feel like I'm missing something obvious... ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Common method executed in case of error
From: Dr. Stephen Henson st...@openssl.org Date: 03/10/15 20:04 I mean you could add a callback to FIPS_mode_set using FIPS_post_set_callback: see the fips_test_suite.c application for an example. The supplied callback is called during each POST, continuous RNG and pairwise consistency checks. The op value is set to FIPS_POST_FAIL if any test fails. This is basically what was also suggested by Henrik in a related thread recently, which I understood being implemented in an application. The variation here would be that the callback is part of the library, located in FIPS_mode_set() in o_fips.c, with the callback itself being defined elsewhere in the same file. A potentially useful case for some applications that do not need to be further modified would be for the library to automatically know that it has to run in FIPS mode. Eg. to automatically call FIPS_mode_set() at load time, based on a env. var. or some other external sign. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Dynamic link openssl with Visual Studio
On 3/12/2015 9:34 AM, Ken Goldman wrote: On 3/11/2015 1:39 PM, Serj Rakitov wrote: 11.03.2015, 20:22, Ken Goldman kgold...@us.ibm.com: I would like to use the Shining Light precompiled openssl binaries within Visual Studio. I think you must simply build static or dynamic libraries(as you need) with Visual C++ yourself. And they will work. Shining Light provides the dynamic libraries for gcc and Visual Studio. I presume that they work or someone would have reported a bug. I'd rather not go through that process again. I'd like some advice on how to use what they already provide. Install the full version, which comes with .h and .lib files. Write C/C++ code as one does to use third-party libraries. Make sure the correct .lib files are included in the project's linker settings (e.g. if you build with /MD, then use the MD versions). -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS mode uses /dev/urandom ?
Well... I'm just trying, for the test, to do something like: debian:~/openssl# strace -xe trace=file,read,write,close /usr/local/ssl/bin/openssl rand 10 [...] open(/dev/urandom, O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3 read(3, \xa9\xea\xf3\x6e\x08\x14\xe7\xeb\x11\x9c\x72\x64\x69\x54\x0d\x96\x43\x34\x68\x25\xe3\x45\x8b\xe8\xe6\x36\xde\x9b\x33\x3a\x6a\xe2, 32) = 32 close(3)= 0 I know that it will have poor performance, and in fact I don't want to do this... but we're going to pass SP800 56b and they are asking us to use blocking to be sure that the entropy generated before the openssl seed is enough (256 entropy bits). My understanding of how OpenSSL seeds DRBGs is as follows: When initialization function is called, first the non-approved hash-based DRBG that is part of the baseline library is seeded. This DRBG is seeded according to library's settings (in e_os.h DEVRANDOM), and it defaults to /dev/urandom. After that approved FIPS-mode DRBG with 256-bit AES-CTR is seeded by calling the bytes() method. This way, output of the first non-approved DRBG is used to seed FIPS-mode DRBG. This is why module settings (e_os.h DEVRANDOM) are ignored. So, I'm not sure if I'm thinking it fine, or if I could change e_os.h to do that and still being FIPS certified, or... Alberto. 2015-03-11 21:10 GMT+01:00 Tom Francis thomas.francis...@pobox.com: On Mar 11, 2015, at 11:40 AM, Alberto Roman Linacero aro...@alienvault.com wrote: Dear all, I'm doing an strace to the FIPS validated version of openssl, and I'm seeing that is uses /dev/urandom. I thought that the FIPS validated module always use /dev/random, isn't this the case, or am I doing something wrong?. If it uses /dev/urandom, is it possible/advisable to change it to /dev/random (how?), and still the module being FIPS validated? It would depend on what code is reading from /dev/urandom. If it’s the FIPS Object Module that’s doing the reading, then no, absolutely not. If it’s the FIPS-capable OpenSSL that reads from /dev/urandom, you can probably change it. But I’m curious as to why you would want to do this. Most systems with /dev/random and /dev/urandom are similar to Linux, in that /dev/urandom is the preferred source for “random data”, including when seeding a PRNG (which is how it’s used by OpenSSL). And because /dev/random can block, you might have ridiculously poor performance (and worse, it’ll be unpredictably poor performance, i.e. sometimes it’ll work great, and other times it’ll be horrible, and you never which you’ll get). This page, http://www.2uo.de/myths-about-urandom/ , is specific to Linux, but at a high-level, It’s also true for AIX, HP-UX, Solaris, FreeBSD, and NetBSD (OpenBSD is more complex). I’m not about other UNIX-like systems, as I stopped using those before any of them ever provided such devices. :) TOM Thanks for your help in advance and best regards, Alberto. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Alberto Román Engineering team http://www.alienvault.com Mobile: +34 605804179 Phone: + 91 5151344 Email: aro...@alienvault.com ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS mode uses /dev/urandom ?
You don't even need to modify e_os.h. You can just pass in a new value for DEVRANDOM using the gcc -D compiler option. For instance, maybe you have a hardware device mapped to a Linux device file called /dev/entropy1. You can override DEVRANDOM to use this device without modifying any OpenSSL code. On 03/12/2015 12:06 PM, Alberto Roman Linacero wrote: Well... I'm just trying, for the test, to do something like: debian:~/openssl# strace -xe trace=file,read,write,close /usr/local/ssl/bin/openssl rand 10 [...] open(/dev/urandom, O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3 read(3, \xa9\xea\xf3\x6e\x08\x14\xe7\xeb\x11\x9c\x72\x64\x69\x54\x0d\x96\x43\x34\x68\x25\xe3\x45\x8b\xe8\xe6\x36\xde\x9b\x33\x3a\x6a\xe2, 32) = 32 close(3)= 0 I know that it will have poor performance, and in fact I don't want to do this... but we're going to pass SP800 56b and they are asking us to use blocking to be sure that the entropy generated before the openssl seed is enough (256 entropy bits). My understanding of how OpenSSL seeds DRBGs is as follows: When initialization function is called, first the non-approved hash-based DRBG that is part of the baseline library is seeded. This DRBG is seeded according to library's settings (in e_os.h DEVRANDOM), and it defaults to /dev/urandom. After that approved FIPS-mode DRBG with 256-bit AES-CTR is seeded by calling the bytes() method. This way, output of the first non-approved DRBG is used to seed FIPS-mode DRBG. This is why module settings (e_os.h DEVRANDOM) are ignored. So, I'm not sure if I'm thinking it fine, or if I could change e_os.h to do that and still being FIPS certified, or... Alberto. 2015-03-11 21:10 GMT+01:00 Tom Francis thomas.francis...@pobox.com: On Mar 11, 2015, at 11:40 AM, Alberto Roman Linacero aro...@alienvault.com wrote: Dear all, I'm doing an strace to the FIPS validated version of openssl, and I'm seeing that is uses /dev/urandom. I thought that the FIPS validated module always use /dev/random, isn't this the case, or am I doing something wrong?. If it uses /dev/urandom, is it possible/advisable to change it to /dev/random (how?), and still the module being FIPS validated? It would depend on what code is reading from /dev/urandom. If it’s the FIPS Object Module that’s doing the reading, then no, absolutely not. If it’s the FIPS-capable OpenSSL that reads from /dev/urandom, you can probably change it. But I’m curious as to why you would want to do this. Most systems with /dev/random and /dev/urandom are similar to Linux, in that /dev/urandom is the preferred source for “random data”, including when seeding a PRNG (which is how it’s used by OpenSSL). And because /dev/random can block, you might have ridiculously poor performance (and worse, it’ll be unpredictably poor performance, i.e. sometimes it’ll work great, and other times it’ll be horrible, and you never which you’ll get). This page, http://www.2uo.de/myths-about-urandom/ , is specific to Linux, but at a high-level, It’s also true for AIX, HP-UX, Solaris, FreeBSD, and NetBSD (OpenBSD is more complex). I’m not about other UNIX-like systems, as I stopped using those before any of them ever provided such devices. :) TOM Thanks for your help in advance and best regards, Alberto. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to make a rehandshake(renegotiation)?
Hi, I managed to do a renegotiation. My mistake was that I start renegotiation when not all data were received or sended. Probably there was a situation when not all packets(records) were processed and i got a error: unexpected record or bad length. Really only one function SSL_renegotiate and flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION are quite enough. Seems to be all others was for old OpenSLL versions. Only one question remain, it's opposite to the first one: if i want don't use renegotiation at all, how to disable it? I see that insecure renegotiation can be disabled by: SSL_CTX_clear_options(ctx,SSL_OP_LEGACY_SERVER_CONNECT) that is enabled by default. But what about secure renegotiation? Is it possible to disable it at all for client and server. So, Server rejects queries on secure renegotiation from client and client rejects queries on secure renegotiation from server. Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Dynamic link openssl with Visual Studio
On 3/11/2015 1:39 PM, Serj Rakitov wrote: 11.03.2015, 20:22, Ken Goldman kgold...@us.ibm.com: I would like to use the Shining Light precompiled openssl binaries within Visual Studio. I think you must simply build static or dynamic libraries(as you need) with Visual C++ yourself. And they will work. Shining Light provides the dynamic libraries for gcc and Visual Studio. I presume that they work or someone would have reported a bug. I'd rather not go through that process again. I'd like some advice on how to use what they already provide. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] HMAC-SHA1-96 in FIPS
Hello, I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question. In the FIPS-198-1 document, Chapter 5 discusses truncation with MACs. http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf I believe HMAC-SHA1-96 falls under this category, but I do not see its specifically listed in Table 4a(Approved Algorithms) of the OpenSSL FIPS 140-2 Security Policy document. Is it considered approved for use with FIPs? Thanks, Phil Phil Bellino Principal Software Engineer | MRV Communications Inc. 300 Apollo Drive | Chelmsford, MA 01824 Phone: 978-674-6870 | Fax: 978-674-6799 www.mrv.com [MRV-email] [E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users