Re: [openssl-users] DSA with OpenSSL-1.1

[Philip Bellino]

Well, since we will never go to 1.1, I guess we don't have to worry about it.


From: openssl-users  on behalf of Kurt 
Roeckx 
Sent: Saturday, July 2, 2016 5:53:20 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] DSA with OpenSSL-1.1

On Fri, Jul 01, 2016 at 05:17:35PM +0100, Matt Caswell wrote:
>
> "ALL:!COMPLEMENTOFDEFAULT:!eNULL"

Maybe we should use "-" instead of "!"?


Kurt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[E-Banner]


MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Looking for the Changelog in openssl-fips-2.0.12

[Philip Bellino]

Hello,
I am looking for the Changelog that explains the changes between 
openssl-fips-2.0.9 and 2.0.12.

The README.FIPS that comes with 2.0.12 points here: 
https://www.openssl.org/docs/fips  but I cannot find the changes.

Any help would be most appreciated.
Thanks,
Phil




[E-Banner]


MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Key Deriviation Function Tests for TLS

[Philip Bellino]

Hello,

In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are required 
by our testing lab to perform KDF tests for TLS (see document NIST SP800-135, 
Rev 1 section 4.2).



Could you please point us to where the source for the KDF TLS test(s) are 
available.

Thank you,
Phil Bellino


[E-Banner]


MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS test parse error?

[Philip Bellino]

One more item of note:


The code appears to be erroring out  on the keyword SEED.

Looking at the source code there appears to be no provision to accept that 
word, hence the parse error.



Hello,

We are testing our FIPS implementation which is based on openssl-1.0.2a and 
openssl-fips-2.0.9.

We are executing tests on the target machine (which doesn't support running 
perl scripts so we cannot run fipsalgtest.pl)

that are included in the openssl-fips-2.0.9/fips directory, using request files

provided by a test/validation company.



All tests seem to run fine (no errors output to screen) except for an RSA2 
KeyGen test, during which the following error text appears:



./fips_rsagtest AlgCore/KeyGen_186-3.req /tmp/KeyGen_186-3.rsp

FATAL parse error processing line 16

FATAL RSAGTEST file processing error

Any help would be most appreciated.
Thank you,
Phil


[E-Banner]http://www.mrv.com/landing/carrier-ethernet-evolution-100g-services-mrv-white-paper


MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS test parse error?

[Philip Bellino]

Hello,

We are testing our FIPS implementation which is based on openssl-1.0.2a and 
openssl-fips-2.0.9.

We are executing tests on the target machine (which doesn't support running 
perl scripts so we cannot run fipsalgtest.pl)

that are included in the openssl-fips-2.0.9/fips directory, using request files

provided by a test/validation company.



All tests seem to run fine (no errors output to screen) except for an RSA2 
KeyGen test, during which the following error text appears:



./fips_rsagtest AlgCore/KeyGen_186-3.req /tmp/KeyGen_186-3.rsp

FATAL parse error processing line 16

FATAL RSAGTEST file processing error

Any help would be most appreciated.
Thank you,
Phil


[E-Banner]http://www.mrv.com/landing/carrier-ethernet-evolution-100g-services-mrv-white-paper


MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS Validation questions

[Philip Bellino]

Hello,
We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in 
conjunction with the FIPS validation
process.
One question is whether SHA1 accepts NULL (zero-length) messages?  I couldn't 
find anything on the OpenSSL
wiki so I thought I'd ask here.
Also, another questions is whether the AES CTR counter source is internal or 
external?

Any information would be appreciated.
Thanks,
Phil




MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPs validation questions

[Philip Bellino]

Hello,

We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in 
conjunction with the FIPS validation

process.

One question is whether SHA1 accepts NULL (zero-length) messages?  I couldn't 
find anything on the OpenSSL

wiki so I thought I'd ask here.

Also, another questions is whether the AES CTR counter source is internal or 
external?



Any information would be appreciated.
Thanks,
Phil



MRV Communications is a global supplier of packet and optical solutions that 
power the world's largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.



The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

[Philip Bellino]

Hello,
We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have 
code that we assume needs updating,
to avoid using low level routines in FIPS. For example, our snmp v3 
implementation currently decrypts/encrypts using
AES_set_encrypt_key() and AES_cfb128_encrypt().
The old decryption routine is as follows:
BOOL/* TRUE:=ok, FALSE=error condition */
sc_aes_decrypt(SN_PRIVPROT privProto,   /* usm priv protocol type */
   UCHAR * key, /* priv key */
   UINT keylen, /* priv key length */
   UCHAR * iv,  /* iv buffer */
   UINT ivlen,  /* iv length */
   UCHAR * ciphertext,  /* encrypted buffer: the cipher text */
   UINT ctlen,  /* encrypted data length */
   UCHAR * plaintext,   /* OUT: decrypted buffer */
   int *ptlen)
{   /* IN: decrypt buf len, OUT: decrypt data */
static char fname[] = sc_aes_decrypt;
AES_KEY aes_key;
char my_iv[16];
int new_ivlen = 0;
int ret;

ret = AES_set_encrypt_key(key, (keylen * 8), aes_key);
if (ret  0) {
errorMsg(%s: call to AES_set_encrypt_key() failed (error=%d), fname,
 ret);
return FALSE;
}
memcpy(my_iv, iv, ivlen);

/*
 * Decrypt the data.
 */
AES_cfb128_encrypt(ciphertext, plaintext, ctlen,
   aes_key, my_iv, new_ivlen, AES_DECRYPT);

*ptlen = ctlen;
return TRUE;
}

AES_set_encrypt_key() is no longer useable in FIPS mode as
shown in the following code snippet from openssl-1.0.2a/crypto/aes/aes_misc.c -
/* FIPS wrapper functions to block low level AES calls in FIPS mode */
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
#ifdef OPENSSL_FIPS
fips_cipher_abort(AES);
#endif
return private_AES_set_encrypt_key(userKey, bits, key);
}

I could not find a parallel routine for AES_set_encrypt_key()  in the high 
level EVP routines.  I also looked on the Openssl wiki.
Do I need one? Does one exist?
I am attempting to replace the old code with FIPS safe EVP routines 
EVP_CIPHER_CTX_init(), EVP_DecryptInit_ex() using EVP_aes_128_cfb, 
EVP_DecryptUpdate(), EVP_DecryptFinal_ex() and EVP_CIPHER_CTX_cleanup().
The data passed into the decrypt routine
is not a fixed length (not necessarily a multiple of block size). Is that the 
correct path?
Are there any gotchas I should watch out for, for example, with padding issues? 
I am asking because my first attempt
at the new code results in a decryption error from Openssl crypto/evp/evp_enc.c 
EVP_DecryptFinal_ex() line 519
if (b  1) {
if (ctx-buf_len) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
   return (0);
}

Any help/guidance would be most appreciated.

Thank you.


Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

[Philip Bellino]

Hello,

I would like to retract my previous email on this subject.

I found the routine EVP_CIPHER_CTX_set_key_length(), and have successfully 
implemented.

I apologize for wasting anyone's time who may have read the original email.

Thanks,

Phil




From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Philip Bellino
Sent: Monday, April 06, 2015 8:03 AM
To: openssl-users@openssl.org
Subject: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

Hello,
We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have 
code that we assume needs updating,
to avoid using low level routines in FIPS. For example, our snmp v3 
implementation currently decrypts/encrypts using
AES_set_encrypt_key() and AES_cfb128_encrypt().
The old decryption routine is as follows:
BOOL/* TRUE:=ok, FALSE=error condition */
sc_aes_decrypt(SN_PRIVPROT privProto,   /* usm priv protocol type */
   UCHAR * key, /* priv key */
   UINT keylen, /* priv key length */
   UCHAR * iv,  /* iv buffer */
   UINT ivlen,  /* iv length */
   UCHAR * ciphertext,  /* encrypted buffer: the cipher text */
   UINT ctlen,  /* encrypted data length */
   UCHAR * plaintext,   /* OUT: decrypted buffer */
   int *ptlen)
{   /* IN: decrypt buf len, OUT: decrypt data */
static char fname[] = sc_aes_decrypt;
AES_KEY aes_key;
char my_iv[16];
int new_ivlen = 0;
int ret;

ret = AES_set_encrypt_key(key, (keylen * 8), aes_key);
if (ret  0) {
errorMsg(%s: call to AES_set_encrypt_key() failed (error=%d), fname,
 ret);
return FALSE;
}
memcpy(my_iv, iv, ivlen);

/*
 * Decrypt the data.
 */
AES_cfb128_encrypt(ciphertext, plaintext, ctlen,
   aes_key, my_iv, new_ivlen, AES_DECRYPT);

*ptlen = ctlen;
return TRUE;
}

AES_set_encrypt_key() is no longer useable in FIPS mode as
shown in the following code snippet from openssl-1.0.2a/crypto/aes/aes_misc.c -
/* FIPS wrapper functions to block low level AES calls in FIPS mode */
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
#ifdef OPENSSL_FIPS
fips_cipher_abort(AES);
#endif
return private_AES_set_encrypt_key(userKey, bits, key);
}

I could not find a parallel routine for AES_set_encrypt_key()  in the high 
level EVP routines.  I also looked on the Openssl wiki.
Do I need one? Does one exist?
I am attempting to replace the old code with FIPS safe EVP routines 
EVP_CIPHER_CTX_init(), EVP_DecryptInit_ex() using EVP_aes_128_cfb, 
EVP_DecryptUpdate(), EVP_DecryptFinal_ex() and EVP_CIPHER_CTX_cleanup().
The data passed into the decrypt routine
is not a fixed length (not necessarily a multiple of block size). Is that the 
correct path?
Are there any gotchas I should watch out for, for example, with padding issues? 
I am asking because my first attempt
at the new code results in a decryption error from Openssl crypto/evp/evp_enc.c 
EVP_DecryptFinal_ex() line 519
if (b  1) {
if (ctx-buf_len) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
   return (0);
}

Any help/guidance would be most appreciated.

Thank you.


Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com

[MRV-email]


[Image removed by sender. 
E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions

[Philip Bellino]

Michel,
Thank you very much for your email.
The example given in your email works out fine if the encryption and decryption 
are performed in the same routine.
The problem we are having is that we perform the encryption and then at some in 
the future we need to do the decryption.
At that point, we do not have the clear text password available nor do we know 
the length that was the result of the previous
encryption so we don't have the correct encrypted length value to pass to the 
decryption routine.
Some passwords have encrypted results that have nulls embedded in them, so 
strlen() cannot be used on the
encrypted result  to get its length.

Have you come across a situation such as this or is there something else you 
can suggest to me?

Thanks,
Phil


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Michel
Sent: Thursday, March 26, 2015 6:02 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and 
OpenSSL_add_all_ciphers questions

Hi Phil,

 ... or is the encrypted length put into the encrypted information so an EVP 
 call is available to retrieve it?
It is NOT the case.

May not be the answer you expected :
The encrypted length is length of clear text + size of 1 cipher block  if 
padding is enabled.
https://www.openssl.org/docs/crypto/EVP_EncryptInit.html

 is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the 
 corresponding EVP_cleanup call necessary for each encrypt and  decrypt ?
NO, and It should NOT, especially in multi-threaded applications  :
A typical application will call OpenSSL_add_all_algorithms() initially and 
EVP_cleanup() before exiting.
https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html

Also : 
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

Hope this helps,

Regards,

Michel.

De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de 
Philip Bellino
Envoyé : jeudi 26 mars 2015 15:53
À : openssl-users@openssl.orgmailto:openssl-users@openssl.org
Objet : [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and 
OpenSSL_add_all_ciphers questions

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
with cipher des_ede3_cbc as follows:

encrypt routines:
EVP_CIPHER_CTX_init
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_cleanup

decrypt routines:
EVP_CIPHER_CTX_init
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal_ex
EVP_CIPHER_CTX_cleanup

similar to examples found here:
http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES

Passwords are encrypted and stored when created, and decrypted
at a later time to compare against the password
given upon login. None of the examples show determining the length
of the encrypted information via an EVP call in order to pass
that information to the decryption routines. Should I assume it
is incumbent upon the coder to store the encrypted length when
storing the encrypted password, for retrieval later? Or is the encrypted
length put into the encrypted information so an EVP call is available to
retrieve it? I believe from all the information I see that it is the former.

Please confirm this for me.

Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)
and the corresponding EVP_cleanup call necessary for each encrypt and
decrypt? My encryption and decryption seem to be working without calling
those routines but after seeing them used (for examples in test/evp_test.c), I 
don't understand why.

Any insight that can be shared would be most appreciated.
Thank you.

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com

[MRV-email]


[Image supprimée par l'expéditeur. 
E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

[Philip Bellino]

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
with cipher des_ede3_cbc as follows:

encrypt routines:
EVP_CIPHER_CTX_init
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_cleanup

decrypt routines:
EVP_CIPHER_CTX_init
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal_ex
EVP_CIPHER_CTX_cleanup

similar to examples found here:
http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES

Passwords are encrypted and stored when created, and decrypted
at a later time to compare against the password
given upon login. None of the examples show determining the length
of the encrypted information via an EVP call in order to pass
that information to the decryption routines. Should I assume it
is incumbent upon the coder to store the encrypted length when
storing the encrypted password, for retrieval later? Or is the encrypted
length put into the encrypted information so an EVP call is available to
retrieve it? I believe from all the information I see that it is the former.

Please confirm this for me.

Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)
and the corresponding EVP_cleanup call necessary for each encrypt and
decrypt? My encryption and decryption seem to be working without calling
those routines but after seeing them used (for examples in test/evp_test.c), I 
don't understand why.

Any insight that can be shared would be most appreciated.
Thank you.

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] AES CBC approved encryption algorithm/option in FIPS

[Philip Bellino]

Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?

If AES CBC Encryption is considered vulnerable to an attacker with the 
capability to inject arbitrary traffic into the plain-text stream, then why is 
it listed as an approved algorithm/option in table 4A on page 14 of the OpenSSL 
Security Policy:  http://openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf

I am just looking for a clarification.
Thanks,
Phil

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]
-209

[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] HMAC-SHA1-96 in FIPS

[Philip Bellino]

Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question.

In the FIPS-198-1 document, Chapter 5 discusses truncation with MACs.

http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf


I believe HMAC-SHA1-96 falls under this category, but I do not see its 
specifically  listed in Table 4a(Approved Algorithms) of the OpenSSL FIPS 140-2 
Security Policy document.

Is it considered approved for use with FIPs?

Thanks,
Phil
Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] make depend error in openssl-1.0.2/crypto

[Philip Bellino]

Hello,
We  built OpenSSL-1.0.1j (and OpenSSL-fips-2.0.7) within my PowerPC-target 
build environment and have been using it successfully.
We now have upgraded to use OpenSSL-1.0.2  (and OpenSSL-fips-2.0.9).
It cannot successfully build because of the following error (which occurs 
identically 16 times) from within the crypto directory:

making depend in crypto...
make[3]: Entering directory `openssl-1.0.2/crypto'
command line:16:10: ISO C requires whitespace after the macro name


Was there something that changed between 1.0.1j and 1.0.2 that might cause this?
If not, can you shed any light on why it is happening?
Thanks,
Phil


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS JCE cryptographic modules usage with Openssl-1.0.1j and openssl-fips-2.0.7

[Philip Bellino]

Hello,
I apologize if this is not the correct forum for my questions, so here goes.


1.   Are the RSA JSafeJCE and the IBM' IBMJESFIPS cryptographic modules 
being used widely against Openssl in FIPS mode?


2.   If so, have these modules kept pace with the latest Openssl FIPS 
implementation.

Thank you.




Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Differences between openssl-fips-2.0.7 and 2.0.8

[Philip Bellino]

Hello,
I am currently using openssl-fips-2.0.7 and I noticed that 2.0.8 is available 
on the website.
Neither distribution contain a changelog, so I was wondering what changes were 
made to 2.0.8.
Thanks,
Phil

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

RE: Query: Disabling SSLv3

[Philip Bellino]

Jeffrey,
May I ask why you included no-ssl2 as an option to config?
Is only adding no-ssl3 not sufficient enough to fully disable SSLv3?

Thanks,
Phil

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jeffrey Walton
Sent: Wednesday, November 05, 2014 12:45 AM
To: OpenSSL Users List
Subject: Re: Query: Disabling SSLv3

 We are upgrading to OpenSSL 0.9.8zc on FreeBSD based OS to mitigate
 POODLE risk.
 Could you please answer our following query, Definition of a function
 ssl23_get_client_method() in C file 'openssl-0.9.8zc/ssl/s23_clnt.c'
 shows,
  #ifndef OPENSSL_NO_SSL3
   if (ver == SSL3_VERSION)
return(SSLv3_client_method());
  #endif

 So does this mean, 0.9.8zc needs to be built with -DOPENSSL_NO_SSL3 to
 block downgrading to SSLv3 in SSLv23_* functions ?

If you want to disable SSLv3 at configure time, then:

./config no-ssl2 no-ssl3 ...

The configure option will define OPENSSL_NO_SSL3.

See 
http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
for more on the options.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

hearbeat_test in openssl-1.0.1j

[Philip Bellino]

Hello,
Using  an FC core Linux 2.6.x i686 system.

In openssl-1.0.1h, we were able to build/execute the heartbeat_test as is.

In Openssl-1.0.1j, we are now required to add a Configure option 
enable-unit-test to use the heartbeat_test.

Also, the  heartbeat_test executable in 1.0.1h was 14K in size and in 
1.0.1j(with enable-unit-test), the executable is now 1.6M in size.

May I ask why this was done this way for 1.0.1j?  I didn't see anything in the 
CHANGES file for it.

Thanks,
Phil



Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

RE: Make depend issue in Openssl-1.0.1j/ssl

[Philip Bellino]

Jay,
Thank you very much.  Your email helped me solve my issue.

Thanks again,
Phil

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jay Foster
Sent: Thursday, October 30, 2014 4:21 PM
To: openssl-users@openssl.org
Subject: Re: Make depend issue in Openssl-1.0.1j/ssl

I ran into this as well, but fixed it.  The issue for me was my build 
environment was for a cross compilation.  It had some extra compiler/linker 
options that caused the  compiler to search the sysroot path header files 
before the ones specified by -Ipath statements.  The result was the compiler 
was using the OpenSSL header files from my tool chain instead of the ones in 
the (latest) source.  The tool chain had the previous version installed, so was 
missing the TLS_MAX_VERSION definition.

Normally, -Ipath include directives will get searched first, before any 
normal system search paths.  This will get the correct header files from the 
source tree.  If you do something like '-nostdinc -I${SYSROOT}/usr/include 
-Ipath', then the reverse will happen.  Ref 
https://gcc.gnu.org/onlinedocs/cpp/Search-Path.html.

Jay
On 10/30/2014 12:40 PM, Philip Bellino wrote:
Hello,
I am running in the following issue when I do a make depend (after the 
./config shared no-ssl3):


making depend in ssl...

make[3]: Entering directory '.../openssl-1.0.1j/ssl'

s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond 
TLS1_2_VERSION.

d1_lib.c:274:4: #error Code needs update for DTLS_method() support beyond 
DTLS1_VERSION.

make[3]: *** [depend] Error 1



In  ssl/s3_lib.c, there is a new case statement in openssl-1.0.1j:



   case SSL_CTRL_CHECK_PROTO_VERSION:

 /* For library-internal use; checks that the current protocol

  * is the highest enabled version (according to

s-ctx-method,

  * as version negotiation may have changed s-method). */

 if (s-version == s-ctx-method-version)

 return 1;

 /* Apparently we're using a version-flexible SSL_METHOD

  * (not at its highest protocol version). */

 if (s-ctx-method-version == SSLv23_method()-version)

 {

#if TLS_MAX_VERSION != TLS1_2_VERSION

#  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.

#endif

 if (!(s-options  SSL_OP_NO_TLSv1_2))

 return s-version == TLS1_2_VERSION;

 if (!(s-options  SSL_OP_NO_TLSv1_1))

 return s-version == TLS1_1_VERSION;

 if (!(s-options  SSL_OP_NO_TLSv1))

 return s-version == TLS1_VERSION;

 if (!(s-options  SSL_OP_NO_SSLv3))

 return s-version == SSL3_VERSION;

 if (!(s-options  SSL_OP_NO_SSLv2))

 return s-version == SSL2_VERSION;

 }

 return 0; /* Unexpected state; fail closed

--



A grep -ri TLS_MAX_VERSION *



include/openssl/tls1.h:#define TLS_MAX_VERSIONTLS1_2_VERSION

ssl/s23_clnt.c:/* ensure that TLS_MAX_VERSION is up-to-date */

ssl/s23_clnt.c:OPENSSL_assert(s-version = TLS_MAX_VERSION);

ssl/s3_lib.c:#if TLS_MAX_VERSION != TLS1_2_VERSION

ssl/tls1.h:#define TLS_MAX_VERSIONTLS1_2_VERSION



and a  grep -ri  DTLS_MAX_VERSION  *



include/openssl/dtls1.h:#define DTLS_MAX_VERSIONDTLS1_VERSION

ssl/dtls1.h:#define DTLS_MAX_VERSIONDTLS1_VERSION

ssl/d1_lib.c:#if DTLS_MAX_VERSION != DTLS1_VERSION

ssl/d1_lib.c:return s-version == DTLS_MAX_VERSION;


This leads me to believe that the code should never have the above error 
conditions occur, but in fact it is.

Any help would be most appreciated and I apologize if I am missing something in 
my analysis.
Thanks,
Phil
Phil Bellino
Principal Software Engineer| MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com



[MRV-email]


[Image removed by sender. 
E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products

Make depend issue in Openssl-1.0.1j/ssl

[Philip Bellino]

Hello,
I am running in the following issue when I do a make depend (after the 
./config shared no-ssl3):


making depend in ssl...

make[3]: Entering directory '.../openssl-1.0.1j/ssl'

s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond 
TLS1_2_VERSION.

d1_lib.c:274:4: #error Code needs update for DTLS_method() support beyond 
DTLS1_VERSION.

make[3]: *** [depend] Error 1



In  ssl/s3_lib.c, there is a new case statement in openssl-1.0.1j:



   case SSL_CTRL_CHECK_PROTO_VERSION:

 /* For library-internal use; checks that the current protocol

  * is the highest enabled version (according to

s-ctx-method,

  * as version negotiation may have changed s-method). */

 if (s-version == s-ctx-method-version)

 return 1;

 /* Apparently we're using a version-flexible SSL_METHOD

  * (not at its highest protocol version). */

 if (s-ctx-method-version == SSLv23_method()-version)

 {

#if TLS_MAX_VERSION != TLS1_2_VERSION

#  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.

#endif

 if (!(s-options  SSL_OP_NO_TLSv1_2))

 return s-version == TLS1_2_VERSION;

 if (!(s-options  SSL_OP_NO_TLSv1_1))

 return s-version == TLS1_1_VERSION;

 if (!(s-options  SSL_OP_NO_TLSv1))

 return s-version == TLS1_VERSION;

 if (!(s-options  SSL_OP_NO_SSLv3))

 return s-version == SSL3_VERSION;

 if (!(s-options  SSL_OP_NO_SSLv2))

 return s-version == SSL2_VERSION;

 }

 return 0; /* Unexpected state; fail closed

--



A grep -ri TLS_MAX_VERSION *



include/openssl/tls1.h:#define TLS_MAX_VERSIONTLS1_2_VERSION

ssl/s23_clnt.c:/* ensure that TLS_MAX_VERSION is up-to-date */

ssl/s23_clnt.c:OPENSSL_assert(s-version = TLS_MAX_VERSION);

ssl/s3_lib.c:#if TLS_MAX_VERSION != TLS1_2_VERSION

ssl/tls1.h:#define TLS_MAX_VERSIONTLS1_2_VERSION



and a  grep -ri  DTLS_MAX_VERSION  *



include/openssl/dtls1.h:#define DTLS_MAX_VERSIONDTLS1_VERSION

ssl/dtls1.h:#define DTLS_MAX_VERSIONDTLS1_VERSION

ssl/d1_lib.c:#if DTLS_MAX_VERSION != DTLS1_VERSION

ssl/d1_lib.c:return s-version == DTLS_MAX_VERSION;


This leads me to believe that the code should never have the above error 
conditions occur, but in fact it is.

Any help would be most appreciated and I apologize if I am missing something in 
my analysis.
Thanks,
Phil
Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com


[MRV-email]


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.

openssl-fips-2.0.7/test make errors

[Philip Bellino]

Hello,
I am attempting to use the tests provided in the 'test' directory of the
openssl-fips-2.0.7 software. I am under the impression that I should be able to 
build these tests, transport them to our target hardware and execute them in 
order to test our port of the openssl and fips software.  'make build_tests'
produces
the following error:

make[1]: Entering directory
`/home/test/apps/openssl-fips-2.0.7/test'
/opt/asp/buildroot-2.6.19.2/build_powerpc/staging_dir/bin/powerpc-linux-uclibc-gcc
-I.. -I../include  -I../fips -DOPENSSL_FIPSCANISTER -fPIC -DOPENSSL_PIC 
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H 
-I/home/nnichols/trunk/Asp0-1/apps/include -isystem 
/home/nnichols/trunk/Asp0-1/linux/include -DCONFIG_MRV -DLX -DB_ENDIAN
-DTERMIO -O3 -fomit-frame-pointer -mcpu=860 -Wall   -c -o fips_shatest.o
fips_shatest.c
make[2]: Entering directory
`/home/test/apps/openssl-fips-2.0.7/test'
../fips/fipsld: line 185: ./fips_shatest: cannot execute binary file
make[2]: *** [link_app.gnu] Error 126

Even though the above error is produced, the fips_shatest.o file is created 
as well as the fips_shatest executable, but the make stops with the above 
error, handling only that one file rather than the list of all fips_*.c files 
(19 in total, I believe) before erroring out.

Any help would be most appreciated.
Thanks,
Phil


[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Openssl-1.0.1h/test ssltest

[Philip Bellino]

Hello,

I am attempting to use the tests provided in the 'test' directory of the 
openssl-1.0.1h software. I have successfully built and ran the tests on our 
target hardware. There is one test in particular, ssltest, that appears to 
have a multitude of optional arguments/options that could be provided, though I 
am currently not using any. Does anyone have experience or can you point me to 
documentation (above and beyond the 'usage' output) that would help me select 
the proper options to use for optimal and complete testing?

Thanks,
Phil

[E-Banner]http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture


The contents of this message, together with any attachments, are intended only 
for the use of the person(s) to whom they are addressed and may contain 
confidential and/or privileged information. If you are not the intended 
recipient, immediately advise the sender, delete this message and any 
attachments and note that any distribution, or copying of this message, or any 
attachment, is prohibited.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Broken getaddrinfo

[Philip Bellino]

Hello,
I previously emailed this issue to the
([EMAIL PROTECTED]) and was told to email openssl
instead, so here goes:

Linux 2.6.22.9
Openssl-0.9.8e
Ipsec-tools-0.7

When I run the configure script for ipsec-tools-0.7 as follows:

./configure -with-openssl=/usr/local/ssl  -enable-ipv6  produces the
following error:

I get this error:

checking getaddrinfo bug... buggy
configure: error: Broken getaddrinfo() is no longer supported.
Aborting

Without the -with-openssl=/usr/local/ssl switch,  I do not get the
above errors and the configure script finishes properly.

Has anyone seen this and is there a resolution or a workaround that I
can use?
Thanks,
Phil Bellino


Phil Bellino
Software Engineer
MRV Communications, Inc.
295 Foster Street
Littleton, MA. 01460
Phone: 978-952-4807
Fax: 978-952-5444
Email: [EMAIL PROTECTED] 
 http://www.mrv.com/