d2i_RSAPrivateKey not working with compiler optmization 01

[Jayalakshmi bhat]

Hi All,

We upgraded our device to use OpenSSL 1.1.1k from OpenSSL 1.0.2h. Device is
on an ARM processor. Embedded web server comes to ready state with compiler
optimization set to -O0.
With value -O1 we are seeing issues in d2i_RSAPrivateKey.

I wrote a sample test program as below. The test program returns output of
i2d_RSAPrivateKey as 1190 with optimization value -O0 and 1157 with
optimization value -O1.

Has anyone faced this issue? Please let me know your thoughts and inputs.

Thanks and Regards,
Jayalakshmi

#define FALSE 0
#define ERROR -1
#define SSL_MAX_KEY_LEN 16342

#include 
#include 
#include 
#include 
#include 
#include 

int decodeBase64Data(char* base64Buf, char* decodeBuf, int dataLen, int
bufLen, int  newlineFlag)
{
BIO* bioBuf = NULL;
BIO* base64BioBuf = NULL;
int returnVal = ERROR;

base64BioBuf = BIO_new(BIO_f_base64());
if (base64BioBuf == NULL)
return returnVal;

if (newlineFlag == FALSE)
BIO_set_flags(base64BioBuf, BIO_FLAGS_BASE64_NO_NL);

bioBuf = BIO_new_mem_buf(base64Buf, dataLen);
if (bioBuf == NULL)
returnVal = ERROR;
else
{
bioBuf = BIO_push(base64BioBuf, bioBuf);
if (bioBuf != NULL)
{
memset(decodeBuf, 0x0, bufLen);
dataLen = BIO_read(base64BioBuf,decodeBuf, bufLen);
returnVal = dataLen;
} else  {
returnVal = ERROR;
}
}

BIO_free_all(base64BioBuf);
return returnVal;
}


 void testCertKey()
{

int IDkeyLen;
unsigned char *certBuf  = NULL;
int certLen = 1624;
int i;
unsigned char *cert_copy= NULL;
EVP_PKEY *evp_key   = NULL;
RSA *rsa   = NULL;
unsigned char *IDkey   = (unsigned
char*)malloc(SSL_MAX_KEY_LEN);
certBuf  = (unsigned
char*)malloc(SSL_MAX_KEY_LEN);

strcpy(certBuf,"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDJgN8Eq1gAd4ev8lq/Dwz68CBYWLyVQvQcAfTgR6PTsMCUL00q3NdEBXzkPEAG/15+IEEEypjO+SgJcmaHtsDk/oP7ggrOWu/7kj+x3RNcVotvOtJK1QdXUSViOgaldoJdtKSY2Y8RPFwcMWiqMM22JYCC7JDpSbAs4MwCiixTZogtwFiXQeCG3/v/qHt1MEQ4Fv821a9RVLwZ4MooSVy5KvIxt7qOZ+NKOBzin0FS/DF/79fPcbptg56Jv0J40l2xWgiPnRCmbz4TXrrChPGgXDhA2rUNZDLW+NUl7oRbqn4FwOWHGzn6a/27xiT+wmW+A1wRTi2V+u0AmFhGK79LAgMBAAECggEANFiPFwZwAQcML6/01QdS5ul0bZ73torDIXd8prrVm0uia5xyHn1qSphmXmAsfeTfJkK4wUbkNXhSZ0nZys22BIb9wFuC9SJ4j1DpzQnSWr180XNlZ905X/yLip3qVheYPEGONMrnuKGGiChpuTSebAAIB3rvFjt3UeE//jTo2O0moBuQZXWjsk8AcynTnJAcKJqSBtCCLPyS3dIVsGoaDCsAeZKQ5ZaTLxZ9vT3KbWrJi3+whU9Cx4HXRDe910Gq3E4cXjzhlDmxOPKVlGLX2cXWN4OhtRoXu7A3kUGxG/ZXxwYoXO8M5EoBA30LbUT7XpO9Lxzx+2hEBuYSHbA0qQKBgQDxYeptkl/XRP+vPxRRXtyANqm+iTpkOILv7PBMkEgJGOA8491GiylKpnF7KEmDhS2eSpsq7sDRg9ZuhPHMwkyouojUcVHvfNdXEbC2xYz0cIvzgqRCYhhWJGATdDq3Bt80GX6RX5hRO8EhJdFqP8uIG/cd2x2C113M70vshlBpHQKBgQDVtLip//7YGmTxOKhkZMr+9Csgct18LzKqkARciRtg2rlHTUveNvLcGXkev0JNzrDc8a1U2lGbFhXr8lo3s5zRCb+0rU3LNgZPaW+a9Qm6kJwL0uP0BNfL1Go+hZSrq1LVZdyo4oRHtiiA/WCqDOxrsQH5/gqEdLCH+AFbf5XFhwKBgAncGwxQv1N2wQ7yf6z3OACQuwxKZLU1TbvpLMOj3R1qA7bZA+/evVgMRnRmZ+JUbVGa8I2nZP7p6Ldo/MuFYEZAIFi1LEihC9bFpTdCCIjvk/flbTo88YuLPtVsmP1i7XkeVXowsnMXAsOM3On/IxwzMDvq+GCg1XcKi0plDiHNAoGATCMv63lGHU4CCqMJ84Kpg/4P42apHFZgcb4Pn7xFYdNrUUjrr8bZ7aqxqU+w2rG5922vOFzz2BIdS0uz8sZuJ1eW0lMwNScRRnelCIsmpS5iOiAvkL+s9nS+SXokBqlqQJci75SMVlRCx/n913f1P0T4FE37B0ffoQGt0iB5hr8CgYA5UpOkFs8rDu0xAQCqD3I2Yg35f77ATK2F3ZWdJOi7KnO67uz39QIYHao9iwJW1u6UXgAs18DAjmdd8EQSvr1ayhdSMfFnt/AWM0QbMIOrhytEd2KD7rPPeeZSFeCACFO9tPXasTVxPmiV0YhZueMAgwnmi3CLwm3pg8PF+3T5gQ==");

IDkeyLen  = decodeBase64Data(certBuf, IDkey, certLen,
SSL_MAX_KEY_LEN, FALSE);

cert_copy = IDkey;
evp_key = d2i_AutoPrivateKey(NULL,_copy,IDkeyLen);

   if (evp_key == NULL)
{
printf("OpenSSL11k %d, %d,
%s\n",IDkeyLen,ERR_get_error(),ERR_error_string(ERR_get_error(), NULL));
}
else
{
cert_copy = IDkey;
rsa = EVP_PKEY_get1_RSA(evp_key); /*JEDI-11535 */
IDkeyLen = i2d_RSAPrivateKey(rsa,_copy);
printf("OpenSSL11k: IDkeyLen %d %d \n",IDkeyLen,__LINE__);
}
}

int main()
{
 testCertKey();
}

Getting error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

[Jayalakshmi bhat]

Hi All,

We are trying to integrate OpenSSL 1.1.1i on our device that runs on the
ARM platform. Device boots to ready
state with OpenSSL 1.1.1i. However when we try to access the device EWS, we
are getting  below error

error:0B080074:x509 certificate routines:X509_check_private_key:key values
mismatch

We have confirmed that there are no issues with certificate and private key
by checking the certificate key hashes.

Have any one encountered this issue when certificate and private key are
properly installed.

Any inputs are appreciated.

Thank you
Jayalakshmi

Compilation error using OpenSSL 1.1.1i

[Jayalakshmi bhat]

Hi All,

We are trying to compile OpenSSL 1.1.1i on our system.  It is a hybrid
system. Compiler  is arm -gcc for WinCE 6.0 and the module that compiles
openssl is on Vxworks 5.0 abstraction.
I am getting the below error. Does anyone have inputs. Any help would be
appreciated.

openssl/safestack.h(159) : error C2054: expected '(' to follow '__inline__'
openssl/safestack.h(159) : error C2085: 'sk_OPENSSL_STRING_num' : not in
formal parameter list


Regards,
Jaya

Question on RSA engine and Key strength

[Jayalakshmi bhat]

Hi All,

We are writing a RSA engine for OpenSSL  library to handle certificates up
to 4096 bytes strength. We do support certificates up to 8k.
How to we make engine to handle certificates only up to 4K and others
handled by OpenSSL itself.

Any help, inputs are appreciated.

Thanks and Regards,
Jayalakshmi

Query on engine support in OpenSSL 1.0.2h

[Jayalakshmi bhat]

Hi All,


We currently use OpenSSL 1.0.2h, we are in the process of upgrading to
OpenSSL 1.1.1. To address some legacy functionalities we are planning to
write engines for OpenSSL 1.0.2h offload crypto operation to external
components.

We have few queries regarding the same

   1. Can we offload all crypto operations (Digest, Encryption/decryption,
   RSA, ECDSA, DRBG etc) using Engines in OpenSSL 1.0.2h
   2. If not, is it must to upgrade to OpenSSL 1.1.1 to achieve the same?


Regards,
Jayalakshmi

Re: [openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build

[Jayalakshmi bhat]

Hi All,

In addition to the my previous mail, this is additional info

objdump -t libcrypto.so.1.0.0 | grep FIPS_signature
001ad8b0 l O .data  0014  FIPS_signature

readelf -a libcrypto.so.1.0.0 | grep FIPS_signature
11812: 001ad8b020 OBJECT  LOCAL  DEFAULT   23 FIPS_signature


Regards
Jayalakshmi

On Thu, May 3, 2018 at 7:39 PM, Jayalakshmi bhat <bhat.jayalaks...@gmail.com
> wrote:

> Hi All,
>
> I am building FIPS supported OpenSSL in yocto for ARM architecture. I
> tried using openssl-fips-2.0.13 and openssl-fips-2.0.4
>
>
> I am building FIPS externally with the below environmental  settings
>   
>  
> PATH=/yocto/gcc/gcc-linaro-4.9-2016.02-x86_64_arm-linux-
> gnueabihf/bin:$PATH
>
> export PATH
> export FIPS_SIG=/yocto/openssl-fips-2.0.4/util/incore
> export MACHINE=armv71
> export RELEASE=4.9.13
> export SYSTEM=Linux
> export ARCH=arm
> export CROSS_COMPILE=arm-linux-gnueabihf-
> export HOSTCC=gcc
> export FIPSDIR=/yocto/meta/recipes-connectivity/openssl/fips2.0
>
> Build commands for FIPS library
>
> ./config -mfloat-abi=hard
> make
> make install
> 
>
> Then I am building OpenSSL 1.0.2h with the below environment settings
>
> export FIPSDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0"
> export FIPSLIBDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0/lib/"
> export FIPS_SIG="/yocto/meta/recipes-connectivity/openssl/fips2.0/
> bin/incore"
>
> Build command to build OpenSSL.
>
> perl ./Configure ${EXTRA_OECONF} fips shared --with-fipsdir=${FIPSDIR}
> --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename
> ${libdir}` $target
>
> Build is successful. without any error.  But when I try executing
>
> export OPENSSL_FIPS=1
> openssl -v
>
> I am getting
>
> 3069334736:error:2D06B06F:FIPS 
> routines:FIPS_check_incore_fingerprint:fingerprint
> does not match:fips.c:244
>
> I am not understand what could be going wrong. Any help is appreciated
>
> Regards
> Jayalakshmi
>
>
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build

[Jayalakshmi bhat]

Hi All,

I am building FIPS supported OpenSSL in yocto for ARM architecture. I tried
using openssl-fips-2.0.13 and openssl-fips-2.0.4


I am building FIPS externally with the below environmental  settings
  
 
PATH=/yocto/gcc/gcc-linaro-4.9-2016.02-x86_64_arm-linux-gnueabihf/bin:$PATH

export PATH
export FIPS_SIG=/yocto/openssl-fips-2.0.4/util/incore
export MACHINE=armv71
export RELEASE=4.9.13
export SYSTEM=Linux
export ARCH=arm
export CROSS_COMPILE=arm-linux-gnueabihf-
export HOSTCC=gcc
export FIPSDIR=/yocto/meta/recipes-connectivity/openssl/fips2.0

Build commands for FIPS library

./config -mfloat-abi=hard
make
make install


Then I am building OpenSSL 1.0.2h with the below environment settings

export FIPSDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0"
export FIPSLIBDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0/lib/"
export
FIPS_SIG="/yocto/meta/recipes-connectivity/openssl/fips2.0/bin/incore"

Build command to build OpenSSL.

perl ./Configure ${EXTRA_OECONF} fips shared --with-fipsdir=${FIPSDIR}
--prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename
${libdir}` $target

Build is successful. without any error.  But when I try executing

export OPENSSL_FIPS=1
openssl -v

I am getting

3069334736:error:2D06B06F:FIPS
routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:244

I am not understand what could be going wrong. Any help is appreciated

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to make OpenSSL engine usage application specific?

[Jayalakshmi bhat]

Hello All,

We have 2 RSA OpenSSL engines in our product. Both the engines performs
same RSA encyrpt/decrypt operations. For easy explaination I am naming
engines as

1. RSA smart card  engine
2. RSA TPM engine

Engine usage is application specific.There are couple of applications
dependent on RSA TPM  engine. And are few applications dependent on RSA
smart card engine.
We wanted to know if there are any APIs provided by OpenSSL to make the
engine usage application specific? Is there any way we can make OpenSSL
chose specific engine for
specific application.

Regards
Jayalakshmi.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] AES-CTR-256 test suite for FIPS

[Jayalakshmi bhat]

Hi All,

We are using DRBG using AES-CTR-256 in FIPS mode. I could find test
suite/file that takes CAVP test request and generating the response for
DRBG using AES-CTR-256.

However I am not finding any test suite/file that validates AES-CTR
128/192/256 bits. Please can any one let me know while test suite/file to
validate AES-CTR.

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Jayalakshmi bhat]

Hi All,

Thanks for the inputs, This gives me a good understanding on these ciphers
usage.

Thanks and Regards
Jayalakshmi

On Thu, Dec 7, 2017 at 10:31 PM, Jakob Bohm  wrote:

> On 07/12/2017 15:05, Michael Wojcik wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>>> Of Jakob Bohm
>>> Sent: Thursday, December 07, 2017 08:41
>>> To: openssl-users@openssl.org
>>>
>>> And I would still say that "consult a lawyer" is a useless answer,
>>> especially as most OpenSSL users will be in the same legal situation,
>>> and lawyers opinions on patent matters are frequently found by courts
>>> to be wrong anyway.
>>>
>> Well, I suppose we'll have to disagree on that point. Speaking
>> hypothetically, if I were the product owner for a commercial software
>> product that used OpenSSL, I would most certainly be raising the question
>> with corporate counsel.
>>
>> This is a complex and fraught area, and the OpenSSL Foundation is not
>> able (and I'm sure not inclined to try) to indemnify OpenSSL users against
>> infringement claims. To a large extent it doesn't matter what they say. A
>> license file in the OpenSSL distribution is not likely to discourage an IP
>> owner from claiming infringement if they're so inclined. At that point
>> "local" lawyers will be involved whether you like it or not.
>>
> Of cause OpenSSL cannot indemnify users.  This is why my actual
> questions to the OpenSSL project were mostly about what 3rd party
> assurances that the project had received and could pass on.  For
> example written patent license statements by Sun/Oracle (in
> conjunction with their 2002 ECC contribution), waivers by
> CertiCom etc.
>
> Even if some companies will want to run everything by their
> corporate council, corporate council can make much more useful
> statements if they can start from some legal documents and
> statements rather than having the lawyers try to pour over C
> code and published patents.
>
> I also don't believe that "most OpenSSL users will be in the same legal
>> situation". Here again, patent law is complicated. And more importantly,
>> well-heeled users are much more likely targets of actual infringement
>> claims, which is a very different situation indeed.
>>
>> Point is, that in this global world, most producers are potentially
> exposed in lots of "foreign" jurisdictions, and most corporate
> counsel, while potentially well-heeled in general patent law, are
> unlikely to have specific knowledge of the various patents, licenses
> and waivers applicable to ECC crypto.
>
> Being able to say "we only ship to customers in China and outer Mongolia,
> and under those local laws there is no risk" is a lot rarer than "we ship
> globally except a few problematic destinations, we don't want to be
> hauled to the Eastern district of Texas by Certicom, so we want to
> know if we have contractual assurances that Certicom is OK with using
> OpenSSL builds that have the ECC code enabled"
>
> That latter situation happens to also be the situation of the OpenSSL
> project itself, except the degree of being a litigation magnet, thus the
> likelihood that the project has obtained some legal documents that can
> be passed on, making no independent promises other than those being true
> and accurate copies of documents signed by their outside authors.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

[Jayalakshmi bhat]

Hi Rich,

Thanks for the reply. We are planning to use  DHE_RSA based ciphers.

Regards
Jaya

On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:

> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connection are vulnerable to another.
>
>
>
> Why are you using DH?  Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

[Jayalakshmi bhat]

Hi Michael,

Thanks for very detailed answers. This will surely help me to investigate
further.

Regards
Jaya

On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:

> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Salz, Rich via openssl-users
> > Sent: Wednesday, December 06, 2017 08:50
>
> > You can re-use the keys, but then you get no forward secrecy, and
> sessions generated with one connection are
> > vulnerable to another.
>
> If you reuse keys, yes; but you still get PFS if you only reuse the same
> group and generate ephemeral keys (assuming sufficient group strength,
> where "sufficient" depends on the size of the group and its value to
> well-resourced attackers). I thought that was what the original poster was
> asking about.
>
> > Why are you using DH?  Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
>
> Interop would be the usual reason. And since supporting DHE properly is a
> small fixed cost (generate a group or pick one from RFC 7919, hard-code it,
> and set it in each SSL_CTX), you might as well do it, no?
>
> But I agree that the ECDHE suites are generally preferable when the client
> supports them. I know there's some NSA FUD around ECC since they pulled it
> from the Suite B recommendations in 2015.[1] I still think the published
> evidence supports using ECC, though. On the other hand, and per today's
> other thread on the subject, there may be legal concerns around the use of
> ECC.
>
>
> [1] Matt Green has a nice discussion of this, including a link to the
> great paper Koblitz and Menezes wrote about it, here: https://blog.
> cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Jayalakshmi bhat]

Hi Michael

Thanks for the input.

Regards
Jaya

On Wed, Dec 6, 2017 at 7:21 PM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:

> This probably should just have gone to openssl-users. Please don't copy
> every question to openssl-dev.
>
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Jayalakshmi bhat
> > Sent: Wednesday, December 06, 2017 01:07
>
> > Does it mean to use ECC ciphers from OpenSSL does the end user needs to
> get the license from Citricom?
>
> Consult a lawyer. Opinions on this topic differ wildly, it has a long and
> vexed history, and legal advice from random people on the Internet isn't
> worth what you pay for it.
>
> Certicom was purchased by Blackberry years ago; they are the current
> holder of the ECC patents obtained by Certicom, to the best of my knowledge.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] A question DH parameter generation and usage

[Jayalakshmi bhat]

Hi Jakob and Paul,

Thank you so much for the reply. We have the RSA certificates. I wanted to
understand how generally DH parameters are generated. Thanks for the
detailed answers.

Regards
Jayalakshmi

On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:

> On 06/12/2017 07:02, Jayalakshmi bhat wrote:
>
>> Hi,
>>
>> We are planning to use DHE_RSA TLS ciphers into our product. I have few
>> questions on using DH parameter. We would like to use DH-2048.
>>
>> our product includes both TLS client and server applications. Thus any
>> time there will be considerable number of active connectioons.
>>
>> I believe we can use same DH parameter for all the server connections. Is
>> my understanding correct? Is there any risk in using same parameter for all
>> the server connections.
>>
>> Another question is what is guidelines/document should be followed to
>> derive DH parameter.
>>
>> Any input is appreciated.
>>
>>
>> In TLS and SSL 3 (current versions, not sure about GoogleTLS 1.3),
> DHE parameters are chosen exclusively by the server, so most rules
> will be about servers.
>
> Current best practice on clients is to reject parameters of less
> than 1000 bits, parameters with fewer bits than they pretend (e.g.
> parameters claiming to be 1024 bits, but the most significant 32
> bits are all 0, making them really less than 993 bits), parameters
> that are glaringly non-prime (e.g. even numbers) and parameters
> that cause the DHE calculation to result in an unreasonably number
> such as 1 (indicating rigged parameters).  I hope that OpenSSL
> client code already does such checks by default, otherwise someone
> should point out how to make it do so.
>
> Current best practice on servers is to use DHE parameters such as
> those generated by openssl dhparam, or the equivalent API function.
>
> Current best practice on general purpose servers is to use at least
> 2048 bit DH parameters except when talking to clients that can't do
> that, such as the TLS code in Oracle Java 6.  Going above 2048 bits
> is good, but some common clients don't work significantly above
> that number (for example, some versions of the Mozilla NSS code
> have a built in maximum of 2236 bits).
>
> Current best practice on servers is to use DHE parameters that are
> used by few other servers, at least in a given timespan.  Thus for
> servers that will be deployed in small numbers, just generate your
> own parameters at build time using
>openssl dhparam -C  > dh.inc
> then include dh.inc in your source code.  For servers that will
> be deployed in large numbers, load the dh parameters from files in
> the format generated by
>   openssl dhparam  > dh.pem
> and include scripts or other code that will replace the file
> contents daily or weekly (overwriting the old parameters only after
> the new ones are ready).  The exim mail server does this if you
> follow the instructions.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Jayalakshmi bhat]

Hi,

I have a question on ECC ciphers implementaion in OpenSSL. I do see
README.ECC file in FIPS certfied OpenSSL crypto library. That says  The
OpenSSL Software Foundation has executed a sublicense agreement
entitled "Elliptic Curve Cryptography Patent License Agreement" with the
National Security Agency/ Central Security Service Commercial Solutions
Center (NCSC) dated 2010-11-04.

However OpenSSL library does not include this file. Does it mean to use ECC
ciphers from OpenSSL does the end user needs to get the license from
Citricom?

Thanks and Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] A question DH parameter generation and usage

[Jayalakshmi bhat]

Hi,

We are planning to use DHE_RSA TLS ciphers into our product. I have few
questions on using DH parameter. We would like to use DH-2048.

our product includes both TLS client and server applications. Thus any time
there will be considerable number of active connectioons.

I believe we can use same DH parameter for all the server connections. Is
my understanding correct? Is there any risk in using same parameter for all
the server connections.

Another question is what is guidelines/document should be followed to
derive DH parameter.

Any input is appreciated.

Thanks and Regards
Jayalakshmi.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Wanted details on ./config or Configure options

[Jayalakshmi bhat]

Hi Rich,

I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware
support. I tried using the options mentioned for 1.0.1e which I have
explained in the previous mail.
They dont seems to work for 1.0.2h. Hence I wanted to know what would be
the best way to remove the unsupported hardware
like aep, chill, cswift etc from compilation.

Regards
Jayalakshmi



On Thu, Nov 2, 2017 at 4:38 PM, Jayalakshmi bhat <bhat.jayalaks...@gmail.com
> wrote:

> Hi Matt,
>
> Thanks for the reply. We dont want to turn off the engine fully. We have
> TPM chip, that is part of OpenSSL. I just want to turn off default
> available hardware using
>
> no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-
> cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padl
> ock no-hw-sureware no-hw-ubsec no-hw-zencod.
>
> However as of now using the above values with ./Configure is not turning
> off the compilation of the other hardware components.
>
> Regards
> Jaya
>
> On Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <m...@openssl.org> wrote:
>
>>
>>
>> On 02/11/17 07:07, Jayalakshmi bhat wrote:
>> > Hi Matt,
>> >
>> > Thanks a lot for the response. Sorry for the delayed reply. I was out of
>> > office for a while. This helped me.  However I am not seeing option to
>> > remove unwanted engine files to go away from compilation. OpenSSL 1.01x
>> > method
>> > (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-
>> hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padl
>> ock no-hw-sureware no-hw-ubsec no-hw-zencod)
>> > does not seems to work. Is there any way to do it?
>>
>> Hmmm - that looks like a possible bug to me. I think that should work
>> (Richard Levitte may be able to comment).
>>
>> You can also use no-engine which switches off engine support altogether
>>
>> Matt
>>
>> >
>> >
>> > Regards
>> > Jayalakshmi
>> >
>> > On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <m...@openssl.org
>> > <mailto:m...@openssl.org>> wrote:
>> >
>> >
>> >
>> > On 25/10/17 18:02, Jayalakshmi bhat wrote:
>> > > Hi Matt,
>> > >
>> > > Thanks a lot. This helps me. I had seen different options for
>> OpenSSL
>> > > 1.0.1e versions. Hence had some confusions.
>> > > Does this means, options specified here only can be used for
>> OpenSSL
>> > > 1.0.2x releases.
>> >
>> > The INSTALL file is specific to a release. Many options are
>> applicable
>> > to both 1.0.1 and 1.0.2 but there may be some differences. We did
>> quite
>> > a bit of work on the INSTALL file in the latest 1.1.0 release to
>> make
>> > sure all options were documented properly. That happened after the
>> 1.0.2
>> > release so it could be the case that there are some options that are
>> > undocumented in 1.0.2.
>> >
>> > Matt
>> >
>> > >
>> > > Regards
>> > > Jayalakshmi
>> > >
>> > > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <m...@openssl.org
>> <mailto:m...@openssl.org>
>> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>> wrote:
>> > >
>> > >
>> > >
>> > > On 24/10/17 07:06, Jayalakshmi bhat wrote:
>> > > > Hi All,
>> > > >
>> > > > I am looking for details on options used to disable or
>> remove unwanted
>> > > > ciphers, components while openssl building. This is for
>> OpenSSL 1.0.2h.
>> > > > I am seeing many things on internet. But most of them have
>> minimum
>> > > > explanation, please can you tell me is there any link that
>> I can refer.
>> > >
>> > > Have you looked in INSTALL?
>> > >
>> > > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stabl
>> e/INSTALL
>> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab
>> le/INSTALL>
>> > > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab
>> le/INSTALL
>> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stab
>> le/INSTALL>>
>> > >
>> > > Matt
>> > >
>> > > --
>> > > openssl-users mailing list
>> > > To unsubscribe:
>> > > https://mta.openssl.org/mailman/listinfo/openssl-users
>> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
>> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
>> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>> > >
>> > >
>> > >
>> > >
>> > --
>> > openssl-users mailing list
>> > To unsubscribe:
>> > https://mta.openssl.org/mailman/listinfo/openssl-users
>> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
>> >
>> >
>> >
>> >
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Wanted details on ./config or Configure options

[Jayalakshmi bhat]

Hi Matt,

Thanks for the reply. We dont want to turn off the engine fully. We have
TPM chip, that is part of OpenSSL. I just want to turn off default
available hardware using

no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil
no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-
padlock no-hw-sureware no-hw-ubsec no-hw-zencod.

However as of now using the above values with ./Configure is not turning
off the compilation of the other hardware components.

Regards
Jaya

On Thu, Nov 2, 2017 at 3:56 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 02/11/17 07:07, Jayalakshmi bhat wrote:
> > Hi Matt,
> >
> > Thanks a lot for the response. Sorry for the delayed reply. I was out of
> > office for a while. This helped me.  However I am not seeing option to
> > remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> > method
> > (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil
> no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-
> padlock no-hw-sureware no-hw-ubsec no-hw-zencod)
> > does not seems to work. Is there any way to do it?
>
> Hmmm - that looks like a possible bug to me. I think that should work
> (Richard Levitte may be able to comment).
>
> You can also use no-engine which switches off engine support altogether
>
> Matt
>
> >
> >
> > Regards
> > Jayalakshmi
> >
> > On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <m...@openssl.org
> > <mailto:m...@openssl.org>> wrote:
> >
> >
> >
> > On 25/10/17 18:02, Jayalakshmi bhat wrote:
> > > Hi Matt,
> > >
> > > Thanks a lot. This helps me. I had seen different options for
> OpenSSL
> > > 1.0.1e versions. Hence had some confusions.
> > > Does this means, options specified here only can be used for
> OpenSSL
> > > 1.0.2x releases.
> >
> > The INSTALL file is specific to a release. Many options are
> applicable
> > to both 1.0.1 and 1.0.2 but there may be some differences. We did
> quite
> > a bit of work on the INSTALL file in the latest 1.1.0 release to make
> > sure all options were documented properly. That happened after the
> 1.0.2
> > release so it could be the case that there are some options that are
> > undocumented in 1.0.2.
> >
> > Matt
> >
> >     >
> > > Regards
> > > Jayalakshmi
> > >
> > > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <m...@openssl.org
> <mailto:m...@openssl.org>
> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>> wrote:
> > >
> > >
> > >
> > > On 24/10/17 07:06, Jayalakshmi bhat wrote:
> > > > Hi All,
> > > >
> > > > I am looking for details on options used to disable or
> remove unwanted
> > > > ciphers, components while openssl building. This is for
> OpenSSL 1.0.2h.
> > > > I am seeing many things on internet. But most of them have
> minimum
> > > > explanation, please can you tell me is there any link that I
> can refer.
> > >
> > > Have you looked in INSTALL?
> > >
> > > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-
> stable/INSTALL
> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-
> stable/INSTALL>
> > > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-
> stable/INSTALL
> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-
> stable/INSTALL>>
> > >
> > > Matt
> > >
> > > --
> > > openssl-users mailing list
> > > To unsubscribe:
> > > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > > <https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> > >
> > >
> > >
> > >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Wanted details on ./config or Configure options

[Jayalakshmi bhat]

Hi Matt,

Thanks a lot for the response. Sorry for the delayed reply. I was out of
office for a while. This helped me.  However I am not seeing option to
remove unwanted engine files to go away from compilation. OpenSSL 1.01x
method (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift
no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-padlock no-hw-sureware
no-hw-ubsec no-hw-zencod) does not seems to work. Is there any way to do it?


Regards
Jayalakshmi

On Thu, Oct 26, 2017 at 4:09 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 25/10/17 18:02, Jayalakshmi bhat wrote:
> > Hi Matt,
> >
> > Thanks a lot. This helps me. I had seen different options for OpenSSL
> > 1.0.1e versions. Hence had some confusions.
> > Does this means, options specified here only can be used for OpenSSL
> > 1.0.2x releases.
>
> The INSTALL file is specific to a release. Many options are applicable
> to both 1.0.1 and 1.0.2 but there may be some differences. We did quite
> a bit of work on the INSTALL file in the latest 1.1.0 release to make
> sure all options were documented properly. That happened after the 1.0.2
> release so it could be the case that there are some options that are
> undocumented in 1.0.2.
>
> Matt
>
> >
> > Regards
> > Jayalakshmi
> >
> > On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <m...@openssl.org
> > <mailto:m...@openssl.org>> wrote:
> >
> >
> >
> > On 24/10/17 07:06, Jayalakshmi bhat wrote:
> > > Hi All,
> > >
> > > I am looking for details on options used to disable or remove
> unwanted
> > > ciphers, components while openssl building. This is for OpenSSL
> 1.0.2h.
> > > I am seeing many things on internet. But most of them have minimum
> > > explanation, please can you tell me is there any link that I can
> refer.
> >
> > Have you looked in INSTALL?
> >
> > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
> > <https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-
> stable/INSTALL>
> >
> > Matt
> >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL engine and TPM usage.

[Jayalakshmi bhat]

Hi All,

Our device uses TPM to protect certificate private keys. We have written
engine interface to integrate TPM functionality into OpenSSL. Thus TPM gets
loaded as an engine instance.
Also we have mapped RSA operations to TPM APIS as  like
encryption/decryption etc.

Now we are into few issues. there are few applications that wants to use
application specific identity certificate. In such cases RSA APIs should
not get mapped to TPM APIs.

I wanted to know when we use engine instance for encyrption/decryption
operation, can it be done selectively?

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Wanted details on ./config or Configure options

[Jayalakshmi bhat]

Hi Matt,

Thanks a lot. This helps me. I had seen different options for OpenSSL
1.0.1e versions. Hence had some confusions.
Does this means, options specified here only can be used for OpenSSL 1.0.2x
releases.

Regards
Jayalakshmi

On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 24/10/17 07:06, Jayalakshmi bhat wrote:
> > Hi All,
> >
> > I am looking for details on options used to disable or remove unwanted
> > ciphers, components while openssl building. This is for OpenSSL 1.0.2h.
> > I am seeing many things on internet. But most of them have minimum
> > explanation, please can you tell me is there any link that I can refer.
>
> Have you looked in INSTALL?
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL
>
> Matt
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Wanted details on ./config or Configure options

[Jayalakshmi bhat]

Hi All,

I am looking for details on options used to disable or remove unwanted
ciphers, components while openssl building. This is for OpenSSL 1.0.2h. I
am seeing many things on internet. But most of them have minimum
explanation, please can you tell me is there any link that I can refer.

Regards
Jaya
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] how to compile out selected ciphers

[Jayalakshmi bhat]

Hi All,

I am trying to build openssl. As part of that I want to remove some ciphers
like md4, rc5 etc.

I tried ./config no-md5, no-rc5 and ./Configure no-md5, no-rc5. In both the
case MD4 and RC5 directories are still getting compiled.

Please can you let me know what could be going wrong.

Regards
Jaya
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL FIPS CAVP tests throws an error iob_func while linking

[Jayalakshmi bhat]

Hi All,

I am trying to build CAVP test executable for WinCE. Most of the executable
are built except 1-2. I am facing iob_func unresolved error.

Every thing seems to be proper. Any idea or help is well appreciated.

Regards
Jaya
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS CAVP tests for WinCE.

[Jayalakshmi bhat]

Hi All,

I am using OpenSSL-FIPS-2.0.4 library on ARM7 + WinCE 6.0 with "user
affirm" the validation for Y per I.G. G.5.

We want to run latest CAVP test suites. We have built the  *build_algvs and
other executable* for the above product/build environment.
However when we are trying to execute the executable with  req file and
resp file parameters,  example  fips_drbgvs CTR_DRBG.req CTR_DRBG.resp
we end up in receiving error "error opening the input file".

Later we found that WinCE environment cannot read simple character file
name, it needs some windows specific conversion like WideCharToMultiByte.

We have the below questions,

1. Is there any way to build the test suites on  WinCE environment. User
guide says it is incomplete?
2. As these are test files, is it OK to modify them?


Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.1 release timeframe

[Jayalakshmi bhat]

Hi Matt,

I do understand. Thanks a lot for the reply.

Regards
Jayalakshmi

On Thu, May 18, 2017 at 2:47 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 18/05/17 06:32, Jayalakshmi bhat wrote:
> > Please can any one let me know the release date or time line for OpenSSL
> > 1.1.1?
>
> We have not set a date as yet. At the very least we will not be able to
> release until the IETF takes TLSv1.3 out of draft status - which is not
> in our control.
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL 1.1.1 release timeframe

[Jayalakshmi bhat]

Hi All,

Please can any one let me know the release date or time line for OpenSSL
1.1.1?

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL DRBG in FIPS mode confusion.

[Jayalakshmi bhat]

Hi All,

OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have
question associated with this.

1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES *using a derivation
function*
2. Where as the document
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf
 mentions "no derivation function" in one place and in another sections
mentions both
*Section 4 Modes of Operation and Cryptographic Functionality*
Random Number  Generation;[SP 800­90] DRBG5
Hash DRBG
Symmetric key  generationPrediction resistance
  HMAC DRBG, no reseed
   supported for all variations
  CTR DRBG (AES), no derivation function
*Section 6 Self­test *
DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function

Please can any one let me know what is the default behavior? Is there any
way to toggle between using and not using derivation function.

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Certificates generated using 3k/4k CSR generated with OpenSSL fails on Windows 2008R2

[Jayalakshmi bhat]

Hi All,

I am generating 1k/2k/3k/4k CSR's on our device using OpenSSL library. I am
generating these CSR on our device. We have windows 2008 R2 servers and I
am signing these CSR using certificate authority on windows server.  I am
 setting only client and server authentication bits in the CSR since these
are simple end entity certificates. Once certificates are generated , I am
 able to install the certificates on our device.

These certificates are working well with 802.1x (EAP-TLS) setup on the same
windows 2008 R2 server. However when I was trying to test IPsec with
certificate based authentication, authentication is failing.Enabling the
IPsec event viewer shows error in accepting the certificate and generates a
?invalid signature? message which looks to be generic. Failures are seen
only with 3k and 4k certificates.

Later I  refered to a link http://blog.gentilkiwi.com/tag/bag-attributes
added
 -LMK -CSP "xxx" -name options, certificate worked well. I wanted to know
is any one having similar experience with 3k and 4k ID certificates that
does not have these fields on windows system.

Any help is appreciated.

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,

1. With compiler optimization disabled, OpenSSL 1.0.2d function worked as
it is.
2. Looks like in the below functions, typecast to unsigned char to is not
going well when compiler optimization is enabled. Hence functions are
modified to assign the return value to a volatile unsigned char and then
return the volatile value. Things worked fine.

static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_is_zero_8(unsigned int a)
static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_eq_int_8(int a, int b)
static inline unsigned char constant_time_select_8(unsigned char mask,

Matt, Jakob, Andy your explanations were really useful to route cause the
issue to compiler specific. Thanks every one for the valuable time and
fruitful discussion.

Regards
Jaya






On Sun, Dec 13, 2015 at 11:13 AM, Jayalakshmi bhat <
bhat.jayalaks...@gmail.com> wrote:

> Hi All,
>
>
>
> Thanks for all the responses. As mentioned by Matt in the discussion
> thread,constant_time_msb performs the copy the msb of the input to all of
> the other bits so the return value should either be one of 0x or
> 0x.
>
>
>
> I found another interesting thing,constant_time_msb worked as it is
> without any changes, after I added a printf in constant_time_is_zero_8 test
> routine to print the return value. I added the printf just before comparing
> the return value with the expected value.
>
>
>
> I have confirmed the failures by removing the printf and printing any
> thing else other than the returned value.
>
>
>
> Now based on the discussions here and print results I am thinking, after
> constant_time_msb operation probably overflow bit is set in case of
> 0x. And it is not cleared before comparing, hence compare fails.
> When I add a printf to print the return value probably overflow flag got
> cleared and things worked.
>
>
>
> I am planning to attach the debugger to check the flags. I will get back
> with debugger results.
>
>
>
> I have attached the test file.
>
>
>
> Regards
>
> Jaya
>
>
>
> On Fri, Dec 11, 2015 at 11:30 AM, Jeffrey Walton <noloa...@gmail.com>
> wrote:
>
>> > 3. The compiler wasn't written by a fanatic who put
>> >   the "right shift of negative signed values is
>> >   undefined" rule above common sense.
>> >
>> > This is only implementation-defined behavior, not undefined behavior.
>> It is
>> > not permitted to crash the system or launch the missiles.  (n1256.pdf
>> 6.5.7
>> > paragraph 5.)
>>
>> The potential problem with implementation defined is its not
>> guaranteed to produce consistent results. Different compilers or
>> different versions of the same compiler may arrive at different
>> results.
>>
>> In this light, the crash might be welcomed to make it easy to find the
>> trouble spot :)
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,



Thanks for all the responses. As mentioned by Matt in the discussion
thread,constant_time_msb performs the copy the msb of the input to all of
the other bits so the return value should either be one of 0x or
0x.



I found another interesting thing,constant_time_msb worked as it is without
any changes, after I added a printf in constant_time_is_zero_8 test routine
to print the return value. I added the printf just before comparing the
return value with the expected value.



I have confirmed the failures by removing the printf and printing any thing
else other than the returned value.



Now based on the discussions here and print results I am thinking, after
constant_time_msb operation probably overflow bit is set in case of
0x. And it is not cleared before comparing, hence compare fails.
When I add a printf to print the return value probably overflow flag got
cleared and things worked.



I am planning to attach the debugger to check the flags. I will get back
with debugger results.



I have attached the test file.



Regards

Jaya



On Fri, Dec 11, 2015 at 11:30 AM, Jeffrey Walton  wrote:

> > 3. The compiler wasn't written by a fanatic who put
> >   the "right shift of negative signed values is
> >   undefined" rule above common sense.
> >
> > This is only implementation-defined behavior, not undefined behavior.
> It is
> > not permitted to crash the system or launch the missiles.  (n1256.pdf
> 6.5.7
> > paragraph 5.)
>
> The potential problem with implementation defined is its not
> guaranteed to produce consistent results. Different compilers or
> different versions of the same compiler may arrive at different
> results.
>
> In this light, the crash might be welcomed to make it easy to find the
> trouble spot :)
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


constant_time_test.7z
Description: Binary data
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Matt,

Thanks for the patch. Unfortunately patch did not work. I continued
debugging and found that issue was in constant_time_msb.

static inline unsigned int constant_time_msb(unsigned int a) {
-*return 0 - (a >> (sizeof(a) * 8 - 1));*
+ return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1;
}

Changed constant_time_msb implementation as shown above. All the tests
passed. I have attached the dis-assembly of the code for both successful
case and failure case.  This was requested by Jakob.

Regards
Jaya

On Thu, Dec 10, 2015 at 2:48 AM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 09/12/15 23:13, Benjamin Kaduk wrote:
> > On 12/09/2015 05:04 PM, Matt Caswell wrote:
> >>
> >> On 09/12/15 11:44, Jayalakshmi bhat wrote:
> >>> Hi Matt,
> >>>
> >>> I could build and execute the constant_time_test. I have attached the
> .c
> >>> file and test results. 34 tests have failed. All failures are
> >>> around constant_time_eq_8. This is the function I had mentioned in the
> >>> earlier mails.
> >> Not quite all. There is also a failure right at the beginning of your
> >> log in constant_time_is_zero_8. Although it looks very similar to the
> >> constant_time_eq_8 failure.
> >>
> >> As to the failure it is very strange. This is the function doing the
> test:
> >>
> >>  int test_binary_op_8(unsigned
> >> char (*op) (unsigned int a, unsigned int b),
> >> const char *op_name, unsigned int a,
> >> unsigned int b, int is_true)
> >> {
> >> unsigned char c = op(a, b);
> >> if (is_true && c != CONSTTIME_TRUE_8) {
> >> printf( "Test failed for %s(%du, %du): expected %u "
> >> "(TRUE), got %u at line %d\n", op_name, a, b,
> >> CONSTTIME_TRUE_8, c,__LINE__);
> >> return 1;
> >> } else if (!is_true && c != CONSTTIME_FALSE_8) {
> >> printf( "Test failed for  %s(%du, %du): expected %u "
> >> "(FALSE), got %u at line %d\n", op_name, a, b,
> >> CONSTTIME_FALSE_8, c,__LINE__);
> >> return 1;
> >> }
> >>  printf( "Test passed for %s(%du, %du): expected %u got %u at line
> %d
> >> with %s\n", op_name, a, b, CONSTTIME_TRUE_8,
> >> c,__LINE__,is_true?"TRUE":"FALSE");
> >> return 0;
> >> }
> >>
> >>
> >> and the output we see in the log file is:
> >>
> >> Test failed for constant_time_eq_8(0u, 0u): expected 255 (TRUE), got
> >> 4294967295 at line 85
> >>
> >> That big number in the output is actually 0x7FFF in hex. The
> >> variable that it is printing here is "c" which is declared as an
> >> "unsigned char".
> >>
> >> Please someone correct me if I'm wrong but doesn't the C spec guarantee
> >> that a "char" is 8 bits? In which case how can the value of "c" be
> >> greater than 255?
> >
> > C does not make such a guarantee, though recent-ish POSIX does.  (This
> > system is a windows one, thought, right?)
> >
> > In any case, due to C's type promotion rules, it's very difficult to
> > actually use types narrower than 'int', since integers get auto-promoted
> > to int at integer conversion time.  This has extra-fun interactions with
> > varargs functions, depending on the platform ABI in use.  (Always cast
> > NULL to a pointer type when passing to a varargs function; this does
> > cause real bugs.)  Since c is unsigned, it is odd to see it get promoted
> > to (int)-1, since C type conversions are supposed to be
> > value-preserving, but it is certainly possible that the windows ABI is
> > doing something I don't expect.  Adjusting things so that the format
> > specifier and the type passed to printf match (whether by casting c to
> > int or qualifying the format specifier) might help.
>
> Thanks Ben.
>
> It's not 100% clear to me that we are dealing with a system where a char
> has more than 8 bits, but it certainly seems like a plausible
> explanation for what is going on. Especially when you look at the
> implementation of constant_time_eq_8:
>
> static inline unsigned char constant_time_eq_8(unsigned int a, unsigned
> int b)
> {
> return (unsigned char)(constant_time_eq(a, b));
> }
>
> The function "constant_time_eq" here returns an "unsigned int". The
> whole purpose of "constant_time_eq_8" is to provide a convenience
> function to create an 8 bit mask. If the number of bits in an unsigned
> char > 8 then this code is going to fail!
>
> Jaya - please could you try the attached patch to see if that resolves
> the problem. Please try re-executing both your SSL/TLS tests and the
> constant_time test. Let me know how you get on.
>
> Thanks
>
> Matt
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>


changes.7z
Description: Binary data
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Jakob,

Here are more details,

OS   WinCE 6.0
CPU ARMARCH4.
Family  ARM
Compiler   ARM CC
VersionMicrosoft (R) C/C++ Optimizing Compiler Version 14.01.60511 for
ARM

Regards
Jaya

On Fri, Dec 4, 2015 at 5:35 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:

> For clarity, which version of WinCE, and which CPU (Arm,
> MIPS, PPC, x86, SH3, SH4, ...)?
>
> Which Microsoft Compiler version (EVC3, EVC4, one of the
> Visual Studio projects, 3rd party compiler) and which
> exact compiler version (reported by running the compiler
> executable (named according to CPU) with no arguments.
>
> I ask because your proposed fix may be affected by compiler and/or CPU
> quirks.
>
> On 04/12/2015 12:31, Jayalakshmi bhat wrote:
>
> Hi Matt,
>
> Thanks a lot for the response.
>
> Is your application a client or a server? Are both ends using OpenSSL 1.0.2d?
> If not, what is the other end using?
> >>Our device has both TLS client,server apps. As client, device
> communicates with radius server, LDAP server etc.As server device is
> accessed using various web browsers.
> Hence both the end will not be OpenSSL 1.0.2d.
>
> How exactly are you doing that? Which specific cipher are you seeing fail?
> >> We have provided user option to select TLS protocol versions similar to
> the browsers. Depending upon the user configurations we set the protocol
> flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
> context using SSL_CTX_clear_options/SSL_CTX_set_options.
> >> We have provided user option to chose ciphers as well.
> All these are in the application space,no changes have been done and they
> have been working good with OpenSSL 1.0.1c. Only the library is upgraded to
> OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers and with
> both the ciphers issue is seen.
>
> Are you able to provide a packet capture?
> >> Please find the attached traces for server mode.
> What O/S is this on?
> >>This is built for WinCE and Vxworks
>
> Regards
> Jaya
>
>
>
> On Fri, Dec 4, 2015 at 3:02 PM, Matt Caswell <m...@openssl.org> wrote:
>
>> Hello Jaya
>>
>> We're going to need some more information. There isn't a generic problem
>> with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
>> there is something specific about your environment that is causing the
>> issue. Comments inserted below.
>>
>> On 04/12/15 06:53, Jayalakshmi bhat wrote:
>> > Hi All,
>> >
>> >
>> >
>> > Recently we have ported OpenSSL 1.0.2d. Everything works perfect except
>> > the below explained issue.
>>
>> Is your application a client or a server? Are both ends using OpenSSL
>> 1.0.2d? If not, what is the other end using?
>>
>>
>> > When we enable only TLS 1.0 protocol and select CBC ciphers,
>>
>> How exactly are you doing that? Which specific cipher are you seeing fail?
>>
>>
>> > Now my question is whatever I did is it correct?
>>
>> That would not be a recommended solution
>>
>> > Or Do need to replace
>> > complete s3_cbc.c with OpenSSL 1.0.1e?
>>
>> No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.
>>
>> Some other questions:
>>
>> Are you able to provide a packet capture?
>> How did you build OpenSSL...i.e. what "Configure" options did you use?
>> What O/S is this on?
>>
>> Matt
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,

Is there inputs or suggestions.

Thanks and Regards
Jaya

On Fri, Dec 4, 2015 at 11:37 AM, Jayalakshmi bhat <
bhat.jayalaks...@gmail.com> wrote:

> Hi Matt,
>
> s3_cbc.c uses the function constant_time_eq_8. I pulled only this
> function definition from OpenSSL 1.0.1e into OpenSSL 1.0.2d. I renamed
> this function as constant_time_eq_8_local and used it in s3_cbc.c instead
> of constant_time_eq_8. This renaming was just to avoid
> multiple definitions.
>
> OpenSSL 1.0.1e has the function constant_time_eq_8 defined as below:
>
> *#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >>
> (sizeof(int)*8-1) ) )#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned
> char)(DUPLICATE_MSB_TO_ALL(x)))*
>
> *static unsigned char constant_time_eq_8(unsigned a, unsigned b)*
> * {*
> * unsigned c = a ^ b;*
> * c--;*
> * return DUPLICATE_MSB_TO_ALL_8(c);*
> * }*
>
> OpenSSL 1.0.2d has the function constant_time_eq_8 defined as below.
>
> static inline unsigned int constant_time_msb(unsigned int a)
> {
> return 0 - (a >> (sizeof(a) * 8 - 1));
> }
>
> static inline unsigned int constant_time_is_zero(unsigned int a)
> {
> return constant_time_msb(~a & (a - 1));
> }
>
> static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
> {
> return constant_time_is_zero(a ^ b);
> }
>
> static inline unsigned char constant_time_eq_8(unsigned int a, unsigned
> int b)
> {
> return (unsigned char)(constant_time_eq(a, b));
> }
>
>
> Regards
> Jaya
>
> On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <m...@openssl.org> wrote:
>
>>
>>
>> On 04/12/15 11:31, Jayalakshmi bhat wrote:
>> > Hi Matt,
>> >
>> > Thanks a lot for the response.
>> >
>> > Is your application a client or a server? Are both ends using
>> > OpenSSL 1.0.2d? If not, what is the other end using?
>> >>>Our device has both TLS client,server apps. As client, device
>> communicates with radius server, LDAP server etc.As
>> > server device is accessed using various web browsers.
>> > Hence both the end will not be OpenSSL 1.0.2d.
>> >
>> > How exactly are you doing that? Which specific cipher are you seeing
>> fail?
>> >>> We have provided user option to select TLS protocol versions similar
>> to the browsers. Depending upon the user configurations we set the protocol
>> flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
>> context using SSL_CTX_clear_options/SSL_CTX_set_options.
>> >>> We have provided user option to chose ciphers as well.
>> > All these are in the application space,no changes have been done and
>> > they have been working good with OpenSSL 1.0.1c. Only the library is
>> > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers
>> > and with both the ciphers issue is seen.
>> >
>> > Are you able to provide a packet capture?
>> >>> Please find the attached traces for server mode.
>> > What O/S is this on?
>> >>>This is built for WinCE and Vxworks
>>
>> Thanks. Please could you also send the exact patch that you applied that
>> resolved the issue?
>>
>> Matt
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Matt,

Thanks a lot for the response.

Is your application a client or a server? Are both ends using OpenSSL 1.0.2d?
If not, what is the other end using?
>>Our device has both TLS client,server apps. As client, device
communicates with radius server, LDAP server etc.As server device is
accessed using various web browsers.
Hence both the end will not be OpenSSL 1.0.2d.

How exactly are you doing that? Which specific cipher are you seeing fail?
>> We have provided user option to select TLS protocol versions similar to
the browsers. Depending upon the user configurations we set the protocol
flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
context using SSL_CTX_clear_options/SSL_CTX_set_options.
>> We have provided user option to chose ciphers as well.
All these are in the application space,no changes have been done and they
have been working good with OpenSSL 1.0.1c. Only the library is upgraded to
OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers and with both
the ciphers issue is seen.

Are you able to provide a packet capture?
>> Please find the attached traces for server mode.
What O/S is this on?
>>This is built for WinCE and Vxworks

Regards
Jaya



On Fri, Dec 4, 2015 at 3:02 PM, Matt Caswell <m...@openssl.org> wrote:

> Hello Jaya
>
> We're going to need some more information. There isn't a generic problem
> with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
> there is something specific about your environment that is causing the
> issue. Comments inserted below.
>
> On 04/12/15 06:53, Jayalakshmi bhat wrote:
> > Hi All,
> >
> >
> >
> > Recently we have ported OpenSSL 1.0.2d. Everything works perfect except
> > the below explained issue.
>
> Is your application a client or a server? Are both ends using OpenSSL
> 1.0.2d? If not, what is the other end using?
>
>
> > When we enable only TLS 1.0 protocol and select CBC ciphers,
>
> How exactly are you doing that? Which specific cipher are you seeing fail?
>
>
> > Now my question is whatever I did is it correct?
>
> That would not be a recommended solution
>
> > Or Do need to replace
> > complete s3_cbc.c with OpenSSL 1.0.1e?
>
> No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.
>
> Some other questions:
>
> Are you able to provide a packet capture?
> How did you build OpenSSL...i.e. what "Configure" options did you use?
> What O/S is this on?
>
> Matt
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


server.pcapng
Description: Binary data
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Matt,

I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation
available in OpenSSL 1.0.1e. Things worked fine.

Regards
Jaya

On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 04/12/15 11:31, Jayalakshmi bhat wrote:
> > Hi Matt,
> >
> > Thanks a lot for the response.
> >
> > Is your application a client or a server? Are both ends using
> > OpenSSL 1.0.2d? If not, what is the other end using?
> >>>Our device has both TLS client,server apps. As client, device
> communicates with radius server, LDAP server etc.As
> > server device is accessed using various web browsers.
> > Hence both the end will not be OpenSSL 1.0.2d.
> >
> > How exactly are you doing that? Which specific cipher are you seeing
> fail?
> >>> We have provided user option to select TLS protocol versions similar
> to the browsers. Depending upon the user configurations we set the protocol
> flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
> context using SSL_CTX_clear_options/SSL_CTX_set_options.
> >>> We have provided user option to chose ciphers as well.
> > All these are in the application space,no changes have been done and
> > they have been working good with OpenSSL 1.0.1c. Only the library is
> > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers
> > and with both the ciphers issue is seen.
> >
> > Are you able to provide a packet capture?
> >>> Please find the attached traces for server mode.
> > What O/S is this on?
> >>>This is built for WinCE and Vxworks
>
> Thanks. Please could you also send the exact patch that you applied that
> resolved the issue?
>
> Matt
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Matt,

s3_cbc.c uses the function constant_time_eq_8. I pulled only this
function definition from OpenSSL 1.0.1e into OpenSSL 1.0.2d. I renamed this
function as constant_time_eq_8_local and used it in s3_cbc.c instead of
constant_time_eq_8. This renaming was just to avoid multiple definitions.

OpenSSL 1.0.1e has the function constant_time_eq_8 defined as below:

*#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >>
(sizeof(int)*8-1) ) )#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned
char)(DUPLICATE_MSB_TO_ALL(x)))*

*static unsigned char constant_time_eq_8(unsigned a, unsigned b)*
* {*
* unsigned c = a ^ b;*
* c--;*
* return DUPLICATE_MSB_TO_ALL_8(c);*
* }*

OpenSSL 1.0.2d has the function constant_time_eq_8 defined as below.

static inline unsigned int constant_time_msb(unsigned int a)
{
return 0 - (a >> (sizeof(a) * 8 - 1));
}

static inline unsigned int constant_time_is_zero(unsigned int a)
{
return constant_time_msb(~a & (a - 1));
}

static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
{
return constant_time_is_zero(a ^ b);
}

static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int
b)
{
return (unsigned char)(constant_time_eq(a, b));
}


Regards
Jaya

On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 04/12/15 11:31, Jayalakshmi bhat wrote:
> > Hi Matt,
> >
> > Thanks a lot for the response.
> >
> > Is your application a client or a server? Are both ends using
> > OpenSSL 1.0.2d? If not, what is the other end using?
> >>>Our device has both TLS client,server apps. As client, device
> communicates with radius server, LDAP server etc.As
> > server device is accessed using various web browsers.
> > Hence both the end will not be OpenSSL 1.0.2d.
> >
> > How exactly are you doing that? Which specific cipher are you seeing
> fail?
> >>> We have provided user option to select TLS protocol versions similar
> to the browsers. Depending upon the user configurations we set the protocol
> flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
> context using SSL_CTX_clear_options/SSL_CTX_set_options.
> >>> We have provided user option to chose ciphers as well.
> > All these are in the application space,no changes have been done and
> > they have been working good with OpenSSL 1.0.1c. Only the library is
> > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers
> > and with both the ciphers issue is seen.
> >
> > Are you able to provide a packet capture?
> >>> Please find the attached traces for server mode.
> > What O/S is this on?
> >>>This is built for WinCE and Vxworks
>
> Thanks. Please could you also send the exact patch that you applied that
> resolved the issue?
>
> Matt
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi Jakob

CPU is ARMARCH4. WinCE version is 6.0. I will get the compiler details
shortly.

Regards
Jaya

On Fri, Dec 4, 2015 at 6:05 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:

> For clarity, which version of WinCE, and which CPU (Arm,
> MIPS, PPC, x86, SH3, SH4, ...)?
>
> Which Microsoft Compiler version (EVC3, EVC4, one of the
> Visual Studio projects, 3rd party compiler) and which
> exact compiler version (reported by running the compiler
> executable (named according to CPU) with no arguments.
>
> I ask because your proposed fix may be affected by compiler and/or CPU
> quirks.
>
> On 04/12/2015 12:31, Jayalakshmi bhat wrote:
>
> Hi Matt,
>
> Thanks a lot for the response.
>
> Is your application a client or a server? Are both ends using OpenSSL 1.0.2d?
> If not, what is the other end using?
> >>Our device has both TLS client,server apps. As client, device
> communicates with radius server, LDAP server etc.As server device is
> accessed using various web browsers.
> Hence both the end will not be OpenSSL 1.0.2d.
>
> How exactly are you doing that? Which specific cipher are you seeing fail?
> >> We have provided user option to select TLS protocol versions similar to
> the browsers. Depending upon the user configurations we set the protocol
> flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
> context using SSL_CTX_clear_options/SSL_CTX_set_options.
> >> We have provided user option to chose ciphers as well.
> All these are in the application space,no changes have been done and they
> have been working good with OpenSSL 1.0.1c. Only the library is upgraded to
> OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers and with
> both the ciphers issue is seen.
>
> Are you able to provide a packet capture?
> >> Please find the attached traces for server mode.
> What O/S is this on?
> >>This is built for WinCE and Vxworks
>
> Regards
> Jaya
>
>
>
> On Fri, Dec 4, 2015 at 3:02 PM, Matt Caswell <m...@openssl.org> wrote:
>
>> Hello Jaya
>>
>> We're going to need some more information. There isn't a generic problem
>> with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
>> there is something specific about your environment that is causing the
>> issue. Comments inserted below.
>>
>> On 04/12/15 06:53, Jayalakshmi bhat wrote:
>> > Hi All,
>> >
>> >
>> >
>> > Recently we have ported OpenSSL 1.0.2d. Everything works perfect except
>> > the below explained issue.
>>
>> Is your application a client or a server? Are both ends using OpenSSL
>> 1.0.2d? If not, what is the other end using?
>>
>>
>> > When we enable only TLS 1.0 protocol and select CBC ciphers,
>>
>> How exactly are you doing that? Which specific cipher are you seeing fail?
>>
>>
>> > Now my question is whatever I did is it correct?
>>
>> That would not be a recommended solution
>>
>> > Or Do need to replace
>> > complete s3_cbc.c with OpenSSL 1.0.1e?
>>
>> No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.
>>
>> Some other questions:
>>
>> Are you able to provide a packet capture?
>> How did you build OpenSSL...i.e. what "Configure" options did you use?
>> What O/S is this on?
>>
>> Matt
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,



Recently we have ported OpenSSL 1.0.2d. Everything works perfect except the
below explained issue.



When we enable only TLS 1.0 protocol and select CBC ciphers, TLS handshake
fails with the error "bad record mac".



Error is in function static int ssl3_get_record(SSL *s). Error happens at



if (i < 0 || mac == NULL

   || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0).





CRYPTO_memcmp is failing. I debugged further.



I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation
available in OpenSSL 1.0.1e. Things worked fine.



OpenSSL 1.0.2d has this implementation in constant_time_locl.h. OpenSSL
1.0.1e has this implementation local to s3_cbc.c



Now my question is whatever I did is it correct? Or Do need to replace
complete s3_cbc.c with OpenSSL 1.0.1e?




Regards

Jaya
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates

[Jayalakshmi bhat]

Hi Matt,

Thank you for the response. I have attached the certificates details. My
apology I am not supposed to share the certificates. We are not using
X509_VERIFY_PARAM_xxx
API's. We are using 4 certificates with the device.

1. Root CA- Baltimore CyberTrust Root
2. Intermediate CA-1 - Microsoft Internet Authority
3. Intermediate CA-2 - Microsoft IT SSL SHA2
4. ID certificate - *.sharepoint.com

Intermediate CAs are issued by the above Root CA. Issue is seen when all 4
certificates are installed. Error happens with the intermediate CA-2.
check_trust returns X509_TRUST_UNTRUSTED. However if I do not install
intermediate CA-2 things works fine.

Any help is well appreciated.

Regards
Jayalakshmi

On Mon, Nov 16, 2015 at 2:52 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 16/11/15 06:52, Jayalakshmi bhat wrote:
> > Hi Victor,
> >
> > Thanks a lot for details explanation.
> >
> > Our device acts as TLS/SSL client.  The device receives chain of
> > certificates as part of SSL handshake, when it is trying to get
> > connected to TLS/SSL server like sharepoint 365.
> >
> > While validating the certificate chain from server, "*check_trust"
> > *fails with X509_V_ERR_CERT_UNTRUSTED.
> >
> > This had been working fine with OpenSSL 1.0.1c.
> >
> > When I checked the code execution, check_trust was not being called  in
> > OpenSSL 1.0.1c as "if (param->trust > 0)" was not satisfied.
> >
> > That is why I wanted to know is it mandatory for the applications to
> > set X509_VERIFY_PARAM in X509_STORE_CTX
>
>
> Are you able to share the certificates that the server provides you
> with? Also the root certificate you are using.
>
> It is not mandatory to set X509_VERIFY_PARAMs (but typically you at
> least want to verify the hostname through a call to
> "X509_VERIFY_PARAM_set1_host"). Are you currently do anything like this?
>
> Matt
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
ID CERTIFICATE
Version 3 
Serial Number   4F 5D 8E A9 00 01 00 00 D8 6F  
Signature Algorithm sha1RSA 
Issuer  DC=com
DC=microsoft
DC=corp
DC=redmond
CN=MSIT Machine Auth CA 2
Valid From  4/14/2014 10:01:07 PM UTC 
Valid To4/13/2016 10:01:07 PM UTC 
Subject C=US
S=WA
L=Redmond
O=Microsoft
CN=*.sharepoint.com
Public Key 
Public Key AlgorithmRSA 
Public Key Length   2048 bits 
Exponent65537 (10001) 
Extensions 
Authority Key IdentifierKeyID=EB DB 11 5E F8 09 9E D8 D6 62 9C 
FD 62 9D E3 84 4A 28 E1 27  
Subject Key Identifier  F5 D0 5C 03 01 C3 D9 31 56 24 3F BF 26 
4F 04 A7 D8 3C B3 CE  
Basic Constraints  
Key Usage   Data Encipherment (b0), Digital 
Signature, Key Encipherment (a0) 
Extended Key Usage  Client Authentication, Server 
Authentication 
Additional Extensions   Subject Alternative Name, CRL 
Distribution Points 
Subject Alternative Name*.sharepoint.com
*.sharepoint.apac.microsoftonline.com
*.sharepoint.emea.microsoftonline.com
*.sharepoint.microsoftonline.com
Thumbprint  3D A0 FF 58 AF 96 A0 BE 01 BB 7E 05 65 
7C D7 89 27 F9 52 98  

INTERMEDIATE CA-1

Version 3 
Serial Number   07 27 6F AE  
Signature Algorithm sha1RSA 
Issuer  C=IE
O=Baltimore
OU=CyberTrust
CN=Baltimore CyberTrust Root
 
Valid From  4/25/2012 5:41:36 PM UTC 
Valid To4/25/2020 5:40:55 PM UTC 
Subject CN=Microsoft Internet Authority
Public Key 
Public Key AlgorithmRSA 
Public Key Length   4096 bits 
Exponent65537 (10001) 
Extensions 
Authority Key IdentifierKeyID=E5 9D 59 30 82 47 58 CC AC FA 08 
54 36 8

[openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates

[Jayalakshmi bhat]

Hi All,

In earlier version of OpenSSL  (i.e OpenSSL 1.0.1c)  X509_verify_cert had a
check * if (params->trust >0)* before invoking check_trust function.

This has been removed in OpenSSL 1.0.2d. Does it mean applications are
expected to set the X509_VERIFY_PARAM properly?

Our application works fine in OpenSSL 1.0.1c. In OpenSSL 1.0.2d app fails
with X509_TRUST_UNTRUSTED error. I added the check *if (params->trust
>0) *before invoking
the check_trust API and functionality worked fine.

Any help on this well appreciated.

Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates

[Jayalakshmi bhat]

Hi Viktor,

Thank you for the response.

This is the code snippet from OpenSSL 1.0.2d.

int X509_verify_cert(X509_STORE_CTX *ctx) {

   
   
   

/* we now have our chain, lets check it... */
i = check_trust(ctx);

/* If explicitly rejected error */
if (i == X509_TRUST_REJECTED)
goto end;
}

This is code snippet from OpenSSL 1.0.1c

int X509_verify_cert(X509_STORE_CTX *ctx) {

   
   
   
 /* The chain extensions are OK: check trust */

*if (param->trust > 0)* ok = check_trust(ctx);
}

I am talking about "*if (param->trust > 0)" *that seems to removed in
OpenSSL 1.0.2d.

Regards
Jayalakshmi


On Mon, Nov 16, 2015 at 1:26 AM, Viktor Dukhovni <openssl-us...@dukhovni.org
> wrote:

> On Sun, Nov 15, 2015 at 07:00:06PM +0530, Jayalakshmi bhat wrote:
>
> > In earlier version of OpenSSL  (i.e OpenSSL 1.0.1c)  X509_verify_cert
> had a
> > check * if (params->trust >0)* before invoking check_trust function.
>
> The OpenSSL source code is available via git:
>
> https://github.com/openssl/openssl.git
>
> The branch containing 1.0.2c and 1.0.2d is "OpenSSL_1_0_2-stable".
>
> Can you point to the commit that makes the change in question?
>
> > This has been removed in OpenSSL 1.0.2d. Does it mean applications are
> > expected to set the X509_VERIFY_PARAM properly?
>
> I don't see any changes that match your description.
>
> --
> Viktor.
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates

[Jayalakshmi bhat]

Hi Victor,

Thanks a lot for details explanation.

Our device acts as TLS/SSL client.  The device receives chain of
certificates as part of SSL handshake, when it is trying to get connected
to TLS/SSL server like sharepoint 365.

While validating the certificate chain from server, "*check_trust" *fails
with X509_V_ERR_CERT_UNTRUSTED.

This had been working fine with OpenSSL 1.0.1c.

When I checked the code execution, check_trust was not being called  in
OpenSSL 1.0.1c as "if (param->trust > 0)" was not satisfied.

That is why I wanted to know is it mandatory for the applications to
set X509_VERIFY_PARAM in X509_STORE_CTX

Regards
Jayalakshmi




On Mon, Nov 16, 2015 at 11:40 AM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:

>
> > On Nov 16, 2015, at 12:14 AM, Jayalakshmi bhat <
> bhat.jayalaks...@gmail.com> wrote:
> >
> > This is code snippet from OpenSSL 1.0.1c
> >
> > int X509_verify_cert(X509_STORE_CTX *ctx) {
> >
> >
> >
> >
> >  /* The chain extensions are OK: check trust */
> >
> >   if (param->trust > 0) ok = check_trust(ctx);
> > }
> >
> > I am talking about "if (param->trust > 0)" that seems to removed in
> OpenSSL 1.0.2d.
>
> Well this code was removed in 1.0.2d, rather the code in question was
> removed via
>
> commit d65b8b2162f33ac0d53dace588a0847ed827626c
> Author: Ben Laurie <b...@openssl.org>
> Date:   Fri Dec 14 12:53:53 2012 +
>
> Backport OCSP fixes.
>
> More than 2 years before the first OpenSSL 1.0.2 release:
>
> commit 4ac0329582829f5378d8078c8d314ad37db87736
> Author: Matt Caswell <m...@openssl.org>
> Date:   Thu Jan 22 16:12:26 2015 +
>
> Prepare for 1.0.2 release
>
> Reviewed-by: Stephen Henson <st...@openssl.org>
>
> http://openssl.org/news/newslog.html
>
> DateItem
> 09-Jul-2015 Security Advisory: one security fix
> 09-Jul-2015 OpenSSL 1.0.2d is now available, including bug and
> security fixes
> 09-Jul-2015 OpenSSL 1.0.1p is now available, including bug and
> security fixes
> 06-Jul-2015 OpenSSL 1.0.2d and 1.0.1p security releases due 9th July
> 2015
> 12-Jun-2015 New releases to resolve ABI compatibility problems:
> 12-Jun-2015 OpenSSL 1.0.2c is now available, including bug fixes
> 12-Jun-2015 OpenSSL 1.0.1o is now available, including bug fixes
> 11-Jun-2015 Security Advisory: five security fixes
> 11-Jun-2015 OpenSSL 1.0.2b is now available, including bug and
> security fixes
> 11-Jun-2015 OpenSSL 1.0.1n is now available, including bug and
> security fixes
> 11-Jun-2015 OpenSSL 1.0.0s is now available, including bug and
> security fixes
> 11-Jun-2015 OpenSSL 0.9.8zg is now available, including bug and
> security fixes
> 19-Mar-2015 Security Advisory: twelve security fixes
> 19-Mar-2015 OpenSSL 1.0.2a is now available, including bug and
> security fixes
> 19-Mar-2015 OpenSSL 1.0.1m is now available, including bug and
> security fixes
> 19-Mar-2015 OpenSSL 1.0.0r is now available, including bug and
> security fixes
> 19-Mar-2015 OpenSSL 0.9.8zf is now available, including bug and
> security fixes
> 22-Jan-2015 OpenSSL 1.0.2 is now available, a major release
>
> You should probably explain what you're doing, and in what way OpenSSL
> 1.0.2
> (all upstream versions) is not working the way you expect.
>
> --
> Viktor.
>
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates

[Jayalakshmi bhat]

Hi Victor,

First thing kindly note that I am talking about *OpenSSL-1.0.1c* not about
OpenSSL 1.0.2c.

So far we were using *OpenSSL-1.0.1c* and server validation was working
fine. Recently we upgraded the OpenSSL library to *OpenSSL-1.0.2d. *

Also we have not done any modification to the SSL client application that
is using the OpenSSL library.

We started seeing server certificate validation failures only for chain of
certificate i.e.  roota->intermediate ca->id certificate.

We are not seeing any issues when only rootca->cerificate is used.


Regards
Jayalakshmi




Regards
Jayalakshmi


On Mon, Nov 16, 2015 at 12:35 PM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:

> On Mon, Nov 16, 2015 at 01:10:19AM -0500, Viktor Dukhovni wrote:
>
> > > You should probably explain what you're doing, and in what way OpenSSL
> 1.0.2
> > > (all upstream versions) is not working the way you expect.
>
> On Mon, Nov 16, 2015 at 12:22:48PM +0530, Jayalakshmi bhat wrote:
>
> > Our device acts as TLS/SSL client.  The device receives chain of
> > certificates as part of SSL handshake, when it is trying to get connected
> > to TLS/SSL server like sharepoint 365.
>
> This is not a plausibly detailed explanation of how you're using
> OpenSSL in your device.
>
> > While validating the certificate chain from server, "*check_trust" *fails
> > with X509_V_ERR_CERT_UNTRUSTED.
>
> OpenSSL 1.0.2 is broadly used, with no similar problem reports.
> You're probably doing something atypical, and need to explain in
> technical detail how you're configuring certificate verification.
>
> > This had been working fine with OpenSSL 1.0.1c.
>
> You can download http://openssl.org/source/old/1.0.2/openssl-1.0.2c.tar.gz
> for yourself and check that the code you claim to make the difference
> is simply not there.  If 1.0.2c is working and 1.0.2d is not, either
> you're using a modified 1.0.2c (seek support from whoever made the
> changes) or the problem lies elsewhere.
>
> > When I checked the code execution, check_trust was not being called  in
> > OpenSSL 1.0.1c as "if (param->trust > 0)" was not satisfied.
>
> This is simply irrelevant, the change in question predates the
> 1.0.2 base version.
>
> > That is why I wanted to know is it mandatory for the applications to
> > set X509_VERIFY_PARAM in X509_STORE_CTX
>
> The question has a false premise and so makes no sense.  Rather
> you need to forget about (param->trust) and focus on why your
> application is failing to verify the peer certificate.
>
> --
> Viktor.
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CBC mode is not working in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,

I have ported OpenSSL 1.0.2d on our product. After that CBC mode is not
working. Handshakes are failing with bad mac alert failure. When I checked
the code mac retrieved from ssl3_cbc_copy_mac does not match with the
calculated mac.

Any help on this is appreciated.

Thanks and Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CBC mode does not work on OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,

I have ported OpenSSL 1.0.2d on out device. When I am using any cipher
(AES,3DES) in CBC mode  I am ending with the
result SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC in SSL_F_SSL3_GET_RECORD
function.

TLS 1.2 with working fine with AES_GCM ciphers.

Has any one faced this issue?. Any help is appreciated.

Thanks and Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Help needed on FIPS error 0409A09E:lib(4):func(154):reason(158).

[Jayalakshmi bhat]

Hello all,

I have a question on FIPS. We have OpenSSL FIPS module integrated with our
product. We have an option to enable/disable FIPS at run time.  We are
executing the following openSSL API's every time when FIPS status changes.

{
We have mapped OpenSSL crypto locks to mutex intenally. Hence we delete it
and create it every time when FIPS status changes.
ERR_free_strings()
ERR_remove_state(0);
EVP_cleanup();
SSL_library_init()
SSLeay_add_all_algorithms()
}

Without executing this we are hitting the error,
error:0409A09E:lib(4):func(154):reason(158). I wanted to know if our
approach is correct?

Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Help needed on FIPS error 0409A09E:lib(4):func(154):reason(158).

[Jayalakshmi bhat]

Hi Tom,

Thanks  a lot for clarifying the doubt.

Regards
Jayalakshmi

On Thu, Sep 10, 2015 at 8:44 AM, Tom Francis <thomas.francis...@pobox.com>
wrote:

>
> > On Sep 10, 2015, at 8:44 AM, Jayalakshmi bhat <
> bhat.jayalaks...@gmail.com> wrote:
> >
> > Hello all,
> >
> > I have a question on FIPS. We have OpenSSL FIPS module integrated with
> our product. We have an option to enable/disable FIPS at run time.  We are
> executing the following openSSL API's every time when FIPS status changes.
>
> Typically, this is not allowed; you must restart your application in order
> to switch in or out of FIPS approved mode.  Your customer’s auditor (or
> your auditor) may believe differently, but my former employer had auditors
> make it very clear that an application must never switch into or out of
> FIPS approved mode without restarting the application (and most of the
> auditors wanted us to require the user to reboot their entire system to
> make the switch; fortunately they were willing to allow the application
> with just an extra note recommending the user reboot after modifying the
> setting).
>
> > {
> >   We have mapped OpenSSL crypto locks to mutex intenally. Hence we
> delete it and create it every time when FIPS status changes.
> >   ERR_free_strings()
> >   ERR_remove_state(0);
> >   EVP_cleanup();
> >   SSL_library_init()
> >   SSLeay_add_all_algorithms()
> > }
> >
> > Without executing this we are hitting the error,
> error:0409A09E:lib(4):func(154):reason(158). I wanted to know if our
> approach is correct?
>
> IIRC you should be able to switch in and out of FIPS appoved mode by
> simply calling FIPS_mode_set() with the appropriate argument.  I know this
> worked with the FIPS 1.2 module, but I never bothered to try it with the
> 2.0 module (see above about allowed uses).  I wouldn’t recommend trying to
> uninitialize and re-initialize OpenSSL, though — while probably safe, it
> seems like a bad idea.  If this is a long-running program that can do
> multiple things at a time, it’s definitely a bad idea to allow a toggle
> like that — someone might’ve started a task, then turned on FIPS approved
> mode — if the task hasn’t done anything with OpenSSL yet, it’ll probably be
> done with FIPS approved mode, but was that the user’s intent?  I’d
> recommend that when a user changes the setting, you store the setting and
> inform the user that the new setting will take affect only after restarting
> the application.
>
> I really doubt you’ll be allowed to switch FIPS approved mode on and off
> with just a simple toggle (even if it works technically).
>
>
> > Regards
> > Jayalakshmi
> > ___
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] question on Alternative chains certificate forgery (CVE-2015-1793)

[Jayalakshmi bhat]

Hi All,

Does *a**lternative chains certificate forgery** issue* affects the
OpenSSL stacks earlier than 1.0.1n releases Why I am asking this
question is affected code seems to be available in earlier versions as
well.


Thanks and Regards

Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Help needed on FIPS error 0409A09E:lib(4):func(154):reason(158)

[Jayalakshmi bhat]

Hi Steve,

Thanks a lot for the response. We are not using SSL 3.0. It is completely
disabled in the stack. This issue is happening in TLS 1.0/ TLS 1.2 both.
We are using OpenSSL 1.0.1c. I did not try using s_client.

However I found the issue is fixed with the latest release of OpenSSL
1.0.2d. API's changed are EVP_MD_flags from evp_lib.c
and pkey_fips_check_ctx from rsa_pmeth.c

Regards
Jayalakshmi

On Fri, Jul 17, 2015 at 4:20 AM, Dr. Stephen Henson st...@openssl.org
wrote:

 On Thu, Jul 16, 2015, Jayalakshmi bhat wrote:

  Hi All,
 
  I am using OpenSSL library for a SSL client performing mutual
  authentication. RSA certificate used is signed with SHA512 digest. When I
  switch to FIPS mode and perform re-authentication, I am hitting an
  error :0409A09E:lib(4):func(154):reason(158). Cipher used is AES128-SHA.
 
  Can any one tell me what could be the possible issue?
 

 A bit more information would be helpful. When you say SSL client do you
 mean
 using SSL v3.0 or TLS? SSL 3.0 isn't allowed in FIPS mode but I'd expect a
 different error.

 Which version of OpenSSL are you using? Can you reproduce the error using
 s_client?

 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Help needed on FIPS error 0409A09E:lib(4):func(154):reason(158)

[Jayalakshmi bhat]

Hi All,

I am using OpenSSL library for a SSL client performing mutual
authentication. RSA certificate used is signed with SHA512 digest. When I
switch to FIPS mode and perform re-authentication, I am hitting an
error :0409A09E:lib(4):func(154):reason(158). Cipher used is AES128-SHA.

Can any one tell me what could be the possible issue?

Thanks and Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] a question on SSL_MAX_BUF_FREELIST_LEN_DEFAULT

[Jayalakshmi bhat]

Hi All,

We are using OpenSSL on a multihome device. Device has 4 interfaces. Each
network interface creates one SSL context (SSL_CTX)  and supports 16
connections. As per OpenSSL implementation Each SSL context can maintain a
free buffer list of 32. And this retained till SSL context (SSL_CTX) is
deleted.

I wanted to know is there any reason behind defining  #define
SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 . Can I reduce it to say 4 or some
smaller value.

Also can I use OpenSSL_malloc/OpenSSL_free instead of
freelist_extract/freelist_insert in
 ssl3_setup_read_buffer/ssl3_setup_write_buffer. Are there any side effects?

Any help is appreciated. Thanks in advance.

Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Encryption and Decryption using ECC based certificate private/public key pair

[Jayalakshmi bhat]

Hi Jeff,

Thanks a lot for the detailed explanation. Since I have a requirement to
use the certificate public/private keys for encryption/decryption I believe
I should be able to use  ECDHE based approach.

Regards
Jayalakshmi

On Sun, Apr 26, 2015 at 11:41 PM, Jeffrey Walton noloa...@gmail.com wrote:

 On Mon, Apr 27, 2015 at 12:54 AM, Jayalakshmi bhat
 bhat.jayalaks...@gmail.com wrote:
  Hello All,
 
  I am working on a project where there is need to encrypt and decrypt
 certain
  data using certificate public/private key pair. So far we were using RSA
  based certificates. OpenSSL provides good number of API's for RSA based
  encryption/decryption operation.
 
  Now we are planning to support ECDSA based certificates also. I am not
 able
  to find any encryption/decryption API's in EC context.
 
  I wanted to know are there any encryption/decryption API's using ECDSA
 based
  public/private key pair. Or is there any sample code I can look into.
 ECDSA is a signing algorithm used for authentication. If you want to
 encrypt/decrypt, then you need something else.

 In the case of SSL/TLS, the something else is ECDHE. A shared secret
 drops out of the ECDHE key exchange, and that's used to key a channel
 for bulk encryption. The ECDSA signature authenticates ECDHE
 parameters so you know they are authentic (i.e., from the party who
 you expect, and not an adversary).

 In addition to ECDHE, another choice is the MQV family of key
 exchanges. Its a family now because MQV leaked some information about
 the private exponent, so Krawczyk provided Hashed MQV (HMWV). HMQV
 was later improved by Sarr, Elbaz–Vincent, and Bajard with Fully
 Hashed MQV (FHMQV).

 As far as encryption systems outside of SSL/TLS, check out Elliptic
 Curve Integrated Encryption Scheme (ECIES). You can do bulk encryption
 and decryption with it also. But it does not use an ECDSA key per se;
 rather, its just a ecPublicKey ASN.1 type.

 ECIES a Diffie-Hellman based integrated scheme that combines a Key
 Encapsulation Mechanism (KEM) with a Data Encapsulation Mechanism
 (DEM). The output is a 3-tuple {K,C,T}, where K is a encrypted shared
 secret (lots of hand waiving), C is the cipher text and T is an
 authentication tag. In ECIES, K is really half of a ECDHE exchange
 with an ephemeral key. To recover the encrypted shared secret, the
 person doing the decryption uses their long term static key to perform
 the other half of the key exchange, and that's the shared secret. The
 shared secret is then digested with a KDF and used to key a stream
 cipher and a HMAC.

 Jeff
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Encryption and Decryption using ECC based certificate private/public key pair

[Jayalakshmi bhat]

Hello All,

I am working on a project where there is need to encrypt and decrypt
certain data using certificate public/private key pair. So far we were
using RSA based certificates. OpenSSL provides good number of API's for RSA
based encryption/decryption operation.

Now we are planning to support ECDSA based certificates also. I am not able
to find any encryption/decryption API's in EC context.

I wanted to know are there any encryption/decryption API's using ECDSA
based public/private key pair. Or is there any sample code I can look into.

Thanks and Regards
Jayalakshmi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: OpenSSL engine support in OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi Kyle,

Thanks a lot for detailed explaination, it helped me lots.

Regards
Jayalakshmi

On Sun, Jul 6, 2014 at 2:44 AM, Kyle Hamilton aerow...@gmail.com wrote:


 On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:
  Thanks a lot for the explanation. We have range of products that
  provides network connectivity.
 
  1.  On these  we would be using TPM to provide additional security.
 
  2.  On the products that are bit slow in software cryptographic
  operation, we also would be using hardware acceleration chips, that
  would do crypto operations.

 I'm going to guess that you are grouping these into class 1 (related
 to the TPM) and class 2 (related to offloading).  Since you already
 have a thread for class 1, I'll only respond to your class 2
 questions here.

 For background, FIPS is basically a specific mode of operation for US
 Federal agencies, and is targeted specifically to Federal procurement
 mandates.  In government systems which are actually required to use FIPS
 mode, you are not allowed to use any crypto services (whether from
 OpenSSL or from any other device) that don't use an approved FIPS mode
 of operation.  No other people actually *need* FIPS mode.  (I tend to
 use it whenever I can because it tends to reduce crypto container
 information leakage, and also makes it more likely that the cryptography
 is correct and interoperable.)

  In this post I wanted to know to support an hardware accelerator that
  supports FIPS enabled algorithms implemented apart from supporting the
  hardware from OpenSSL side, do we need to make changes in FIPS module
  as well.

 If I understand you correctly, you wish to alter the FIPS canister to
 offload time-consuming operations to hardware acceleration.  If this
 understanding is correct, I must regretfully inform you that it cannot
 legitimately be done.  Oh, sure, you can technically do it -- but it
 would be a modification of the black box, and require a new
 validation.  (I don't believe that such an implementation could in fact
 be validated, though I could be wrong.  I am not an expert.  But even if
 it can be, it cannot be validated with a private-label validation and
 would cost upwards of $200,000 to validate.)

 Remember, the FIPS canister *as written* is the only way to legitimately
 have FIPS mode from OpenSSL.  Once FIPS mode is set, only cryptographic
 operations which are provided by the FIPS canister can be performed, and
 only by the unmodified code within the FIPS canister.  It cannot be
 offloaded, because the FIPS canister cannot be modified to perform the
 offloading.  Also, by offloading, you change the boundaries of the
 cryptographic provider to include additional, unverified, and quite
 possibly incorrect functionality.

 To see the requirements of FIPS 140-2, I recommend you download the five
 pieces of the specification itself from
 http://csrc.nist.gov/publications/PubsFIPS.html .  It is written in
 bureaucratese, and you'll likely need several servings of alcohol to get
 through it.  You should also read FIPS 200, which describes the minimum
 security requirements for federal information and the systems used to
 process federal information.  You'll probably want to budget several
 servings of alcohol for this one, too.  Once you read these, you'll have
 a much stronger understanding of how incredibly foreign the US federal
 government's policy on cryptography is to the rest of society.

 And remember: for US federal procurement, these are law, and the law
 cannot be ignored or violated just because it would make things faster
 or easier.  US government doesn't really care about how long it takes,
 US government cares that it is done correctly.

 -Kyle H

  Both posts looks similar. I apologize  I should have clearly mentioned
  these 2 posts are in different contexts.
 
  Thanks a lot.
 
  Regards
  Jayalakshmi

Re: OpenSSL engine support in OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi Jakob,

Thank you very much for detailed and helpful explanation.

Regards
Jayalakshmi

On Sun, Jul 6, 2014 at 9:32 PM, Jakob Bohm jb-open...@wisemo.com wrote:

 On 7/6/2014 10:44 AM, Kyle Hamilton wrote:


 On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:

 Thanks a lot for the explanation. We have range of products that
 provides network connectivity.

 1.  On these  we would be using TPM to provide additional security.

 2.  On the products that are bit slow in software cryptographic
 operation, we also would be using hardware acceleration chips, that
 would do crypto operations.


 I'm going to guess that you are grouping these into class 1 (related
 to the TPM) and class 2 (related to offloading).  Since you already
 have a thread for class 1, I'll only respond to your class 2
 questions here.

 For background, FIPS is basically a specific mode of operation for US
 Federal agencies, and is targeted specifically to Federal procurement
 mandates.  In government systems which are actually required to use FIPS
 mode, you are not allowed to use any crypto services (whether from
 OpenSSL or from any other device) that don't use an approved FIPS mode
 of operation.  No other people actually *need* FIPS mode.  (I tend to
 use it whenever I can because it tends to reduce crypto container
 information leakage, and also makes it more likely that the cryptography
 is correct and interoperable.)

 (In the case of OpenSSL, this actually wins you very little).

 Let me try to approach this from a different angle.

 LEGALLY:

 If you have the luxury of having more than one FIPS validated device
 available to you, you probably (ask a lawyer to be absolutely sure),
 can use all of them together.  However to claim FIPS compliance of the
 resulting application, you must not do any cryptography outside those
 devices, and it must be impossible for the FIPS-mode variant of your
 application to fall back to any non-validated implementations in case
 of errors etc.  Additionally you may or may not (really ask a lawyer)
 be legally (not technically) required to treat any keys, passwords
 etc. handed from one device to another AS IF those keys were traveling
 over an insecure connection even though they never leave your process
 address space on an EAL-whatever-level certified operating system on an
 EAL-whatever-level certified computer.

 TECHNICALLY:

 If you want to combine the use of multiple FIPS validated devices,
 one of which happens to be the OpenSSL FIPS cannister, and another
 one a piece of hardware accessed using an OpenSSL Engine, it is an
 open technical question if the FIPS-enabled OpenSSL (which is legally
 outside both devices and /can/ be changed) will correctly combine use
 of the OpenSSL FIPS canister with the ENGINE for accessing the hardware
 device, or if it will somehow fail to do so.

 For instance I am unsure what happens if the ENGINE plugin for the
 FIPS validated hardware device calls back to OpenSSL for cryptographic
 operations outside the scope of that device (it might do that because
 that piece of hardware is also used outside USGov and the ENGINE code
 was written for that case).  Will OpenSSL pass the calls to the FIPS
 canister (if in FIPS mode) or use the non-validated software
 implementations?

 I am also unsure if the FIPS-enabled OpenSSL library allows use of
 Engines when (runtime) configured in FIPS mode?

 Finally /if/ it is legally required to go through additional
 gymnastics when transporting parameters from one FIPS device to
 another, I am unsure if the FIPS-enabled OpenSSL library will do so
 when the transport is internal to OpenSSL and its ENGINE plugins.




 To see the requirements of FIPS 140-2, I recommend you download the five
 pieces of the specification itself from
 http://csrc.nist.gov/publications/PubsFIPS.html .  It is written in
 bureaucratese, and you'll likely need several servings of alcohol to get
 through it.  You should also read FIPS 200, which describes the minimum
 security requirements for federal information and the systems used to
 process federal information.  You'll probably want to budget several
 servings of alcohol for this one, too.  Once you read these, you'll have
 a much stronger understanding of how incredibly foreign the US federal
 government's policy on cryptography is to the rest of society.

 And remember: for US federal procurement, these are law, and the law
 cannot be ignored or violated just because it would make things faster
 or easier.  US government doesn't really care about how long it takes,
 US government cares that it is done correctly.

 -Kyle H

 Both posts looks similar. I apologize  I should have clearly mentioned
 these 2 posts are in different contexts.

 Thanks a lot.

 Regards
 Jayalakshmi





 Enjoy

 Jakob
 --
 Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
 Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
 This public discussion message is non-binding and may contain errors

OpenSSL engine support in OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi All,

We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.

I welcome all valuable inputs.

Regards
Jayalakshmi.

Re: OpenSSL engine support in OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi Steve,

Thanks a lot for the explanation. We have range of products that provides
network connectivity.

1.  On these  we would be using TPM to provide additional security.

2.  On the products that are bit slow in software cryptographic operation,
we also would be using hardware acceleration chips, that would do crypto
operations.


In my previous post related to TPM like how to deal with Non-FIPS compliant
TPM chips, does it need any change in FIPS module size etc?

In this post I wanted to know to support an hardware accelerator that
supports FIPS enabled algorithms implemented apart from supporting the
hardware from OpenSSL side, do we need to make changes in FIPS module as
well.

Both posts looks similar. I apologize  I should have clearly mentioned
these 2 posts are in different contexts.

Thanks a lot.

Regards
Jayalakshmi


On Sat, Jul 5, 2014 at 10:46 PM, Dr. Stephen Henson st...@openssl.org
wrote:

 On Sat, Jul 05, 2014, Jayalakshmi bhat wrote:

  Hi All,
 
  We want to support a hardware accelerator on our device. We are using
  OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
  engine support in OpenSSL FIPS Object module.
 

 If you literally mean adding ENGINE support to the OpenSSL FIPS Object
 module
 then you can but it would IMHO be a pointless exercise. The ENGINE code was
 stripped out to keep the number of dependencies down in the module.

 If you mean add ENGINE support to the FIPS capable OpenSSL then you don't
 need
 to as ENGINE support is already there.

 I suggest you explain exactly what you want to do.

 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

TPM support with OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi All,

We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
product.  Recently we have added TPM support.  TPM chip is not FIPS
compliant. Hence in FIPS mode none of the SSL applications are working.

I wanted inputs on the following questions. I would be grateful to receive
any help.

1. According to FIPS user guide *OpenSSL FIPS 140-2 User Guide : 2.6.2
Algorithms Available in FIPS Mode, *with the current TPM chip we cannot
make the device FIPS complaint. Is my understanding correct?

2. Say if we move to FIPS compliant TPM chip, do we have to add engine
support in OpenSSL FIPS object Module?

3. What are the alternative methods to support TPM in FIPS mode.


Thanks and Regards
Jayalakshmi

Re: TPM support with OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi Steve,

Thank you very much for the response. I have one more question. In order
use a FIPS 140-2 certified TPM hardware in OpenSSL FIPS enabled
environment, do I have to add engine support in OpenSSL FIPS Object Module
and go for private label?

Regards
Jayalakshmi


On Fri, Jul 4, 2014 at 8:36 PM, Steve Marquess 
marqu...@opensslfoundation.com wrote:

 On 07/04/2014 10:44 AM, Dr. Stephen Henson wrote:
  On Fri, Jul 04, 2014, Jayalakshmi bhat wrote:
 
  Hi All,
 
  We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
  product.  Recently we have added TPM support.  TPM chip is not FIPS
  compliant. Hence in FIPS mode none of the SSL applications are working.
 
  I wanted inputs on the following questions. I would be grateful to
 receive
  any help.
 
  1. According to FIPS user guide *OpenSSL FIPS 140-2 User Guide : 2.6.2
  Algorithms Available in FIPS Mode, *with the current TPM chip we cannot
  make the device FIPS complaint. Is my understanding correct?
 
 
  If the TPM chip is not FIPS compliant then nothing you can do will
 change that.

 Keep in mind that at Level 1 it isn't the device that is FIPS 140-2
 validated, but rather the cryptography that it uses (in the form of one
 or more FIPS 140-2 validated cryptographic modules).

 You meet the USG/DoD procurement requirements for FIPS 140-2 validated
 crypto when *all* of the crypto your device/product/application uses is
 FIPS 140-2 validated.

 As a *practical* matter you may gain some advantage with *some* USG/DoD
 customers if only *some* of the crypto used by your
 device/product/application is validated, but you aren't truly in
 compliance with those procurement requirements and don't want to
 represent yourself as such.

 Note that this partial use of validated crypto does appear to be rather
 common, albeit improper. For instance, any vendor who ships a turnkey
 product based on Linux or Android is probably not using FIPS 140-2
 validated crypto exclusively as there are (at present) no open source
 based validated implementations of kernel crypto as used by the kernel
 itself and by protocols like IPsec. So you really need to let your
 marketing and senior management folks make the call.

 -Steve M.

 --
 Steve Marquess
 OpenSSL Software Foundation, Inc.
 1829 Mount Ephraim Road
 Adamstown, MD  21710
 USA
 +1 877 673 6775 s/b
 +1 301 874 2571 direct
 marqu...@opensslfoundation.com
 marqu...@openssl.com
 gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Re: TPM support with OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Hi Steve,

Thanks a lot for the reply. I have one more question. In order use a FIPS
140-2 certified TPM hardware in OpenSSL FIPS enabled environment, do I have
to add engine support in OpenSSL FIPS Object Module and go for private
label?

Regards
Jayalakshmi


On Fri, Jul 4, 2014 at 8:14 PM, Dr. Stephen Henson st...@openssl.org
wrote:

 On Fri, Jul 04, 2014, Jayalakshmi bhat wrote:

  Hi All,
 
  We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
  product.  Recently we have added TPM support.  TPM chip is not FIPS
  compliant. Hence in FIPS mode none of the SSL applications are working.
 
  I wanted inputs on the following questions. I would be grateful to
 receive
  any help.
 
  1. According to FIPS user guide *OpenSSL FIPS 140-2 User Guide : 2.6.2
  Algorithms Available in FIPS Mode, *with the current TPM chip we cannot
  make the device FIPS complaint. Is my understanding correct?
 

 If the TPM chip is not FIPS compliant then nothing you can do will change
 that.

 If you consider it acceptable to use non-FIPS compliant algorithms in FIPS
 mode then there are ways to override the non-FIPS algorithm blocking. In
 the
 case of private keys you can set appropriate flags for example.

 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Re: TPM support with OpenSSL FIPS Object Module

[Jayalakshmi bhat]

Thanks a lot Steve for the quick response.


On Fri, Jul 4, 2014 at 10:21 PM, Steve Marquess 
marqu...@opensslfoundation.com wrote:

 On 07/04/2014 12:06 PM, Jayalakshmi bhat wrote:
  Hi Steve,
 
  Thank you very much for the response. I have one more question. In order
  use a FIPS 140-2 certified TPM hardware in OpenSSL FIPS enabled
  environment, do I have to add engine support in OpenSSL FIPS Object
 Module
  and go for private label?

 I don't know enough about TPM to say for sure. If you have to make *any*
 changes to the FIPS module code (which is likely) then you would need a
 new validation (e.g. a private label one). That gets you into a new
 level of hurt as the #1747 module (the OpenSSL FIPS Object Module v2.0)
 is no longer usable as-is for copycat validations.

 -Steve M.

 --
 Steve Marquess
 OpenSSL Software Foundation, Inc.
 1829 Mount Ephraim Road
 Adamstown, MD  21710
 USA
 +1 877 673 6775 s/b
 +1 301 874 2571 direct
 marqu...@opensslfoundation.com
 marqu...@openssl.com
 gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

FIPS support on a multi-home device

[Jayalakshmi bhat]

Hi All,

We have a product that has 2 network interfaces i.e. wired and wireless.
Both interfaces uses separate OpenSSL library. However FIPS validated
OpenSSL crypto module is common for both interfaces as shown below.




FIPS validated openSSL crypto module

|---|

|
|

   \|/
\|/

 -
  ---

 OpenSSL library for
  OpenSSL library for

 wired interface
 wireless interface

  
 --

My questions are as below

1. I don't support FIPS on wireless interface, still can I call my device
as FIPS compliance?
2. Is FIPS device specific?
3. Is it ok to use 2 FIPS crypto module to enable FIPS on both wired and
wireless.

Regards
Jayalakshmi