Re: [openssl-users] OpenSSL 1.1.0 assertion failure: ssl_free_wbio_buffer()
On 16/04/18 11:38, Matt Caswell wrote: > > > On 16/04/18 09:19, marcus.schafheu...@gmx.de wrote: >> SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished > > There should be no reason to do this. The BIO's will get freed > automatically by the SSL_free() call. > > >> Is this a faulty behavior of OpenSSL 1.1.0 or is the fault on my side? > > > This looks like a bug in OpenSSL. It should be able to tolerate passing > NULL for wbio in the SSL_set_bio call, but apparently it can't in the > case of a failed handshake. Please could you open an issue on github for > this? > > The workaround is to remove the SSL_set_bio(SSL, NULL, NULL) call. It > should not be necessary. I created a fix and some tests here: https://github.com/openssl/openssl/pull/5966 It turns out the assertion is completely bogus and can simply be removed. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL 1.1.0 assertion failure: ssl_free_wbio_buffer()
On 16/04/18 09:19, marcus.schafheu...@gmx.de wrote: > SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished There should be no reason to do this. The BIO's will get freed automatically by the SSL_free() call. > Is this a faulty behavior of OpenSSL 1.1.0 or is the fault on my side? This looks like a bug in OpenSSL. It should be able to tolerate passing NULL for wbio in the SSL_set_bio call, but apparently it can't in the case of a failed handshake. Please could you open an issue on github for this? The workaround is to remove the SSL_set_bio(SSL, NULL, NULL) call. It should not be necessary. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL 1.1.0 assertion failure: ssl_free_wbio_buffer()
Hello,
we encountered a strange behaviour of OpenSSL 1.1.0 when our test with "sslscan" provokes an unfinished
handshake. The problem exists since OpenSSL 1.1.0 - there were no problems with OpenSSL 1.0.2x.
Our asynchronous communication approach uses memory BIOs in order to read/write data from other
communication layers into the SSL object. After the read/write operations are done, the BIOs are freed.
Our example code is basically as follows:
---
err = SSL_accept (ssl);
BIO *rBIO = BIO_new(BIO_s_mem());
BIO *wBIO = BIO_new(BIO_s_mem());
SSL_set_bio(ssl, rBIO, wBIO);
// ... operate with read / write BIOs and SSL_read/SSL_write
SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished
SSL_free(ssl);
---
When calling SSL_free() after a complete handshake, everything is fine, but when calling SSL_free() after an
unfinished handshake, the assertion "assert(s->wbio != NULL);" in ssl_free_wbio_buffer() fails:
---
void ssl_free_wbio_buffer(SSL *s)
{
/* callers ensure s is never null */
if (s->bbio == NULL)
return;
s->wbio = BIO_pop(s->wbio);
assert(s->wbio != NULL); /* <- this assertion fails! */
BIO_free(s->bbio);
s->bbio = NULL;
}
---
With a complete handshake the new attribute “bbio” is freed by calling the method tls_finish_handshake(),
which itself calls ssl_free_wbio_buffer(). When the handshake is not finished successfully, the “bbio” is not freed, and
therefore when calling SSL_free() the assert in ssl_free_wbio_buffer() fails.
Is this a faulty behavior of OpenSSL 1.1.0 or is the fault on my side?
Thank you for your help!
Best regards,
Marcus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Assertion failure (FIPS mode with wpa_supplicant)
On Thu, Jul 23, 2009 at 12:27:56PM -0500, Michael Kurecka wrote: I have no problem what I have so far. It is a stripped down version with openssl FIPS. Where shall I send it? If you are willing to license the wpa_supplicant/hostapd changes under the license used in the project, please send any contribution either to the Host AP mailing list or directly to me (j...@w1.fi). By the way, I added some preliminary code for FIPS mode support into the development branch (0.7.x) of wpa_supplicant today, so you may want to take a look at those to check whether you have already done similar changes in your tree. This version is able to successfully run with OpenSSL in FIPS mode when using WPA2-Enterprise with EAP-TLS or EAP-TTLS/PAP. wpa_supplicant does not yet enforce any particular security policy for the configuration internally, but it now handles OpenSSL errors with digest/cipher operations more gracefully. Should you have additional changes for FIPS mode operations, I would be interested in getting them merged into the development tree. -- Jouni MalinenPGP id EFC895FA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
I tried
export LD_LIBRARY_PATH=/usr/local/ssl/fips
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips/bin
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips-1.0
and all three failed to avert the assertion failure. How can I be
assured that the FIPS library is being run? Self-tests seem to run and
pass when I call this function with enable set to true. I get the
response of FIPS mode enabled and FIPS_mode=1.
void enable_fips(int enable)
{
#ifdef OPENSSL_FIPS
printf(Please standby while FIPS self-tests are in progress\n);
if(FIPS_mode_set(enable))
{
printf(FIPS mode enabled\n);
}
else
{
printf(FIPS mode failed to enable\n);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
printf(FIPS mode=%d\n, FIPS_mode());
#else
printf(FIPS mode disabled\n);
#endif
}
Here is my build script which completely removes and rebuilds the
openssl libraries. What am I doing wrong that is preventing it from
creating the shared library as it should be? ldd/bin/ls does not show
the openssl.so shared file.
#! /bin/sh
cd /usr/src
# Remove current directories
echo Removing current directories
rm -r -d openssl
rm -r -d openssl-fips
rm -r -d /usr/local/ssl
# Unpack FIPS OpenSSL
tar -xzvf openssl-fips-1.2.tar.gz
mv openssl-fips-1.2 openssl-fips
# Unpack versioned OpenSSL
tar -xzvf openssl-0.9.8k.tar.gz
mv openssl-0.9.8k openssl
# Build and install FIPS object module
cd openssl-fips
./config fipscanisterbuild no-asm
make
make install
# Build and install versioned OpenSSL
cd ../openssl
./config fips shared
make
make install
# Testing OpenSSL
cd test
./fips_test_suite
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Assertion failure
On Mon, Jul 27, 2009, Michael Kurecka wrote: I tried export LD_LIBRARY_PATH=/usr/local/ssl/fips and export LD_LIBRARY_PATH=/usr/local/ssl/fips/bin and export LD_LIBRARY_PATH=/usr/local/ssl/fips-1.0 You need to set that to a directory that contains libssl.so.0.9.8 that is FIPS capable (run the nm test on it to be sure). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
That seemed to work using export LD_LIBRARY_PATH=/usr/local/ssl/fips/lib I'm not getting the assertion failure but I am now getting a segmentation fault in memcpy () from /lib/libc.so.6 which I need to look into. Back to my previous question of -- Is my script wrong or am I doing something wrong that is causing openssl to not create the static library? wpa_supplicant config file is set for openssl usage as: OPENSSL_FIPS=1 OPENSSLDIR = /usr/local/ssl/fips OPENSSLSRCDIR = /usr/src/openssl LIBCRYPTO = $(OPENSSLDIR)/lib/libcrypto.a CFLAGS += -I$(OPENSSLDIR)/include LIBS += -L$(OPENSSLSRCDIR) LIBS += -L$(OPENSSLDIR) LIBS += -L/usr/lib __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
Failed again with a different error: make[1]: Entering directory `/usr/src/openssl/crypto' ( echo #ifndef MK1MF_BUILD; \ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ echo ' #define CFLAGS gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM'; \ echo ' #define PLATFORM debug-linux-elf-noefence'; \ echo #define DATE \`LC_ALL=C LC_TIME=C date`\; \ echo '#endif' ) buildinf.h gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o cryptlib.o cryptlib.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o dyn_lck.o dyn_lck.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mem.o mem.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mem_clr.o mem_clr.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mem_dbg.o mem_dbg.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o cversion.o cversion.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o ex_data.o ex_data.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o tmdiff.o tmdiff.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o cpt_err.o cpt_err.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o ebcdic.o ebcdic.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o uid.o uid.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o o_time.o o_time.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o o_str.o o_str.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o o_dir.o o_dir.c gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
Re: Assertion failure
Dr. Henson,
I tried the change for MD5 you mentioned of using the EVP interface,
but it isn't working as I am getting the forbidden algorithm error. Below
is the new code. The init is passing but it is failing on the update. I
noticed that the flag is cleared after the init so I set the
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag again before update but it still fails.
EVP_MD_CTX ctx;
size_t i;
unsigned int mac_len;
// We are bypassing the OpenSSL FIPS EVP code since MD5 is not FIPS approved
// but this is only for RADIUS authentication which is approved and therefore
// acceptable.
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit(ctx, EVP_md5());
for(i = 0; i num_elem; i++)
{
EVP_DigestUpdate(ctx, addr[i], len[i]);
}
EVP_DigestFinal(ctx, mac, mac_len);
Re: Assertion failure
On Fri, Jul 24, 2009, Michael Kurecka wrote:
Dr. Henson,
I tried the change for MD5 you mentioned of using the EVP interface,
but it isn't working as I am getting the forbidden algorithm error. Below
is the new code. The init is passing but it is failing on the update. I
noticed that the flag is cleared after the init so I set the
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag again before update but it still fails.
EVP_MD_CTX ctx;
size_t i;
unsigned int mac_len;
// We are bypassing the OpenSSL FIPS EVP code since MD5 is not FIPS
approved
// but this is only for RADIUS authentication which is approved and
therefore
// acceptable.
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit(ctx, EVP_md5());
for(i = 0; i num_elem; i++)
{
EVP_DigestUpdate(ctx, addr[i], len[i]);
}
EVP_DigestFinal(ctx, mac, mac_len);
Ah, don't use EVP_DigestInit() that's deprecated and resets flags. Instead use
EVP_MD_CTX_init(), then EVP_DigestInit_ex(). You also need to call
EVP_DigestFinal_ex() and EVP_MD_CTX_cleanup().
See the example at:
http://www.openssl.org/docs/crypto/EVP_DigestInit.html
except you need to set the flags after EVP_MD_CTX_init().
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Assertion failure
On Fri, Jul 24, 2009, Michael Kurecka wrote: Failed again with a different error: Erk, OK. I'd suggest starting with linux-generic32 and deleting -fomit-frame-pointer and -O3 from Makefile and adding -g Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
I finally succeeded in adding debug to openssl, but it doesn't seem to be working completely. I was able to set the breakpoint at the point you mentioned Dr. Henson but I'm not sure how that will tell me what is being called. I am not able to break on ssl3_init_finished_mac, ssl3_connect or SSL_connect for some reason. Here is the trace and let me know what I should do from here. Breakpoint 2, EVP_DigestInit_ex (ctx=0xb712c, type=0x40188908, impl=0x0) at digest.c:292 292 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); (gdb) bt #0 EVP_DigestInit_ex (ctx=0xb712c, type=0x40188908, impl=0x0) at digest.c:292 #1 0x4003ff70 in ssl3_init_finished_mac () from /usr/lib/libssl.so.0.9.8 #2 0x4003e534 in ssl3_connect () from /usr/lib/libssl.so.0.9.8 #3 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8 #4 0x00075150 in tls_connection_handshake (ssl_ctx=value optimized out, conn=0xb6dd0, in_data=0xb8e08 \224á,@\224á,@\020, in_len=0, out_len=0xb6cf0, appl_data=0xbecf5218, appl_data_len=0xbecf5214) at ../src/crypto/tls_openssl.c:1797 #5 0x00072724 in eap_peer_tls_process_helper (sm=0xacd90, data=0xb6ce8, eap_type=EAP_TYPE_PEAP, peap_version=0, id=72 'H', in_data=0x0, in_len=537578896, out_data=0xbecf5264) at ../src/eap_peer/eap_tls_common.c:463 #6 0x0006bdcc in eap_peap_process (sm=0xacd90, priv=0xb6ce8, ret=0xbecf5298, reqData=0xb6cd0) at ../src/eap_peer/eap_peap.c:1076 #7 0x0007076c in sm_EAP_METHOD_Enter (sm=0xacd90, global=value optimized out) at ../src/eap_peer/eap.c:368 #8 0x00070ca4 in eap_peer_sm_step (sm=0xacd90) at ../src/eap_peer/eap.c:698 #9 0x0006e448 in eapol_sm_step (sm=0xacc68) at ../src/eapol_supp/eapol_supp_sm.c:900 #10 0x0006f428 in eapol_sm_rx_eapol (sm=0xacc68, src=value optimized out, buf=0xbecf5364 \001, len=value optimized out) at ../src/eapol_supp/eapol_supp_sm.c:1216 #11 0x0008430c in wpa_supplicant_rx_eapol (ctx=0xac448, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
On Fri, Jul 24, 2009, Michael Kurecka wrote: I finally succeeded in adding debug to openssl, but it doesn't seem to be working completely. I was able to set the breakpoint at the point you mentioned Dr. Henson but I'm not sure how that will tell me what is being called. I am not able to break on ssl3_init_finished_mac, ssl3_connect or SSL_connect for some reason. Here is the trace and let me know what I should do from here. Breakpoint 2, EVP_DigestInit_ex (ctx=0xb712c, type=0x40188908, impl=0x0) at digest.c:292 292 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); (gdb) bt #0 EVP_DigestInit_ex (ctx=0xb712c, type=0x40188908, impl=0x0) at digest.c:292 #1 0x4003ff70 in ssl3_init_finished_mac () from /usr/lib/libssl.so.0.9.8 #2 0x4003e534 in ssl3_connect () from /usr/lib/libssl.so.0.9.8 #3 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8 #4 0x00075150 in tls_connection_handshake (ssl_ctx=value optimized out, conn=0xb6dd0, in_data=0xb8e08 \224á,@\224á,@\020, in_len=0, out_len=0xb6cf0, appl_data=0xbecf5218, appl_data_len=0xbecf5214) at ../src/crypto/tls_openssl.c:1797 That does help. It looks like you are using the standard libssl from whatever linux distro you have and not one designed to use a FIPS capable OpenSSL. As a result it wont set the flags that make MD5 usable and you get that error. You need to make sure you are using libssl from 0.9.8k and not the earlier system one. You can check that libssl is FIPS capable by doing something like this: nm -D /usr/lib/libssl.so.0.9.8 | grep FIPS_mode If you see something like: U FIPS_mode is is FIPS capable, if you see nothing it is not. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
I did not see anything which I assume means I am using the standard libssl. How do I correct this? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
On Fri, Jul 24, 2009, Michael Kurecka wrote: I did not see anything which I assume means I am using the standard libssl. How do I correct this? Well it is part of the link process when you build the application. It needs to link and use the version of libssl in the 0.9.8k distribution and not the system one. You could set LD_LIBRARY_PATH to point to whatever directory it is in for example. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
On Wed, Jul 22, 2009, David Schwartz wrote: Michael Kurecka wrote: Thank you for your help that is definitely a point in the right direction; however, it leaves me more baffled. I found the only SSL_CTX_new function that is in the code and it is being passed the TLSv1_method not an SSLv*_method which is what it should be according to your statement. So what else could cause it to call a different method? Is there an attribute of the SSL_CTX structure that I could display to see what version is going to be called that I could use to help trace the problem? Most likely, you're getting a connection from a non-FIPS endpoint that's forcing you to use a protocol that's not FIPS compliant. I'm not sure why you're seeing what you're seeing though -- it should just have reported that it was unable to negotiate compatible protocols (assuming the other end was not capable of TLSv1). Yes in FIPS mode non-compliant ciphersuites are disabled and so should never be seen. If there is some way to use them which is triggering this in unmodified OpenSSL 0.9.8k I'd like to know what it is as that's a bug which should be fixed. My guess is that the wpa_supplicant stuff is being called at this point and it is that which is using MD5. My earlier post describing how to set breakpoints at the relevant position should enable you to track it down, but you might also have to disable the FIPS integrity check when you do that as setting a breakpoint may cause it to fail. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
David Schwartz wrote: Most likely, you're getting a connection from a non-FIPS endpoint that's forcing you to use a protocol that's not FIPS compliant. I'm not sure why you're seeing what you're seeing though -- it should just have reported that it was unable to negotiate compatible protocols (assuming the other end was not capable of TLSv1). It may help to set SSL_OP_NO_SSLv2 and SSL_OP_NOSSLv3. I believe these options are being set. The following code is being called after the TLSv1_method() and before the assertion with the SSL_OP_NO_COMPRESSION not being set. options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE; #ifdef SSL_OP_NO_COMPRESSION options |= SSL_OP_NO_COMPRESSION; #endif SSL_set_options(conn-ssl, options); Maybe you're setting FIPS mode too late and incompatible algorithms have already been added? FIPS is being enabled in the first line of the code Dr. Steve: How do I enable debug? I want to make sure I have it set right as it takes a while to rebuild.
RE: Assertion failure
Dr. Steve: How do I enable debug? I want to make sure I have it set right as it takes a while to rebuild.
RE: Assertion failure
If you look at the Configure script you will see different debug options
that the developers have setup. Search the Configure file for lines
with 'debug-' in them. You can adjust the Configure script to setup
your own as well, just follow the pattern. There are quite a few
different configs available. I've listed a couple below along with one
I setup for my testing recently.
./Configure debug-linux-elf
make clean make
Example configs
debug-linux-elf,gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG
-DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486
-Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MA
JOR).\$(SHLIB_MINOR),
debug-linux-elf-noefence,gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG
-DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486
-Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MA
JOR).\$(SHLIB_MINOR),
Here's a debug config I've used, which allows me to use gdb but doesn't
spit out a ton of excess information I didn't need.
debug-simplified,gcc:-DL_ENDIAN -DTERMIO -g -march=i686
-Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MA
JOR).\$(SHLIB_MINOR),
--Will
Dr. Steve:
How do I enable debug? I want to make sure I have it set right
as it takes a while to rebuild.
Re: Assertion failure
Dr Henson wrote: No that wont bypass the MD5 check. You can use EVP and set the flag EVP_MD_CTX_NON_FIPS_ALLOW if you really want to do that... I do need to bypass MD5 because MD5 for RADIUS is FIPS compliant, but I can't find the EVP_MD_CTX_NON_FIPS_ALLOW flag anywhere. Where is the flag and how is it set?
Re: Assertion failure
On Thu, Jul 23, 2009, Michael Kurecka wrote: Dr Henson wrote: No that wont bypass the MD5 check. You can use EVP and set the flag EVP_MD_CTX_NON_FIPS_ALLOW if you really want to do that... I do need to bypass MD5 because MD5 for RADIUS is FIPS compliant, but I can't find the EVP_MD_CTX_NON_FIPS_ALLOW flag anywhere. Where is the flag and how is it set? Ooops, the flag name is EVP_MD_CTX_FLAG_NON_FIPS_ALLOW and you can set it with: EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); this must be set *before* you call EVP_DigestInit*(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
On Thu, Jul 23, 2009, Michael Kurecka wrote: Dr. Steve: How do I enable debug? I want to make sure I have it set right as it takes a while to rebuild. I'd recommend using OpenSSL 0.9.8k throughout for that you should be able to use: ./config -d fipscanisterbuild BLOODY BIG SODDING ENORMOUS DISCLAIMER FOR ANYONE READING THIS OUT CONTEXT: the resulting libraries are *NOT* validated but the aim here is for debugging so that doesn't matter. When you want validated versions you use the correct libraries and build procedure. If that doesn't work you might need to use a generic debug platform like debug-linux-elf e.g.: perl Configure debug-linux-elf fipscanisterbuild Note that running under a debugger will most likely cause the signature integrity test to fail. You may well need to disable that by removing the call to FIPS_check_incore_fingerprint(). Big disclaimer above applies to this too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
Just to be clear
my current config is:
./config fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config fips (in the 0.9.8k directory)
make
I attempted:
./config -d fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config -d fips (in the 0.9.8k directory)
make
but it said that debug-linux-generic32 was not supported so I figure this is
what I should try:
./Configure debug-linux-elf fipscanisterbuild no-asm (in the FIPS 1.2
directory)
make
./config debug-linux-elf fips (in the 0.9.8k directory)
make
and comment out this code in fips.c (do I do that both the fips module 1.2
and 0.9.8k or one or the other)
if(!FIPS_check_incore_fingerprint())
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
Is that right?
Re: Assertion failure
On Thu, Jul 23, 2009 at 12:51:53PM +0200, Dr. Stephen Henson wrote: Yes in FIPS mode non-compliant ciphersuites are disabled and so should never be seen. If there is some way to use them which is triggering this in unmodified OpenSSL 0.9.8k I'd like to know what it is as that's a bug which should be fixed. I have not seen the wpa_supplicant changes in question (but would be interested in them if the author would be willing to open source them), so I cannot be sure on what is happening here, but this sounds like non-TLS use of MD5 for some other WPA use case (e.g., EAPOL-Key integrity check when using TKIP). EAP-TLS (and PEAP/TTLS/FAST for that matter) do not allow SSLv2 or SSLv3 to be used and wpa_supplicant enables only TLSv1 for them. As far as the non-TLS options are concerned, I would suggest using WPA2 with CCMP in order to get rid of some MD5 uses. I would be surprised if you could make the end pass whatever criteria FIPS has unless you do this. -- Jouni MalinenPGP id EFC895FA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
On Thu, Jul 23, 2009, Michael Kurecka wrote:
Just to be clear
my current config is:
./config fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config fips (in the 0.9.8k directory)
make
I attempted:
./config -d fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config -d fips (in the 0.9.8k directory)
make
but it said that debug-linux-generic32 was not supported so I figure this is
what I should try:
./Configure debug-linux-elf fipscanisterbuild no-asm (in the FIPS 1.2
directory)
make
./config debug-linux-elf fips (in the 0.9.8k directory)
make
You don't need to bother with the 1.2 tarball for this. Since the result isn't
validated you might as well use 0.9.8k for everything: it's one less OpenSSL
distro to compile up.
I'd suggest:
./Configure debug-linux-elf-noefence fipscanisterbuild
You can add no-asm if you wish too.
[AGAIN FOR SOMEONE READING THIS OUT OF CONTEXT: this is being done for debug
purposes and will NOT result in a validated module(*)]
and comment out this code in fips.c (do I do that both the fips module 1.2
and 0.9.8k or one or the other)
if(!FIPS_check_incore_fingerprint())
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
Is that right?
Just 0.9.8k as the 1.2 tarball isn't being used at all for this.
Steve.
* If anyone thinks this is paranoid you should see some of the stuff that gets
adopted all over the place. I'm still expecting some cookbook somewhere to
snip this, the disclaimer and my name and claim it is the definitive thing
to do.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Assertion failure
Jouni,
I have no problem what I have so far. It is a stripped down version with
openssl FIPS. Where shall I send it?
Dr. Henson:
I did the ./Configure debug-linux-elf-noefence fipscanisterbuild as you
mentioned and that worked OK but I got the following error when I ran make.
#make
if [ -n libcrypto ]; then \
EXCL_OBJ='ax86-elf.o bn86-elf.o co86-elf.o dx86-elf.o
yx86-elf.o x86cpuid-elf.o sx86-elf.o s512sse2-elf.o
../crypto/aes/aes_cfb.o ../crypto/aes/aes_ecb.o
../crypto/aes/aes_ofb.o ../crypto/bn/bn_add.o ../crypto/bn/bn_blind.o
../crypto/bn/bn_ctx.o ../crypto/bn/bn_div.o ../crypto/bn/bn_exp2.o
../crypto/bn/bn_exp.o ../crypto/bn/bn_gcd.o ../crypto/bn/bn_lib.o
../crypto/bn/bn_mod.o ../crypto/bn/bn_mont.o ../crypto/bn/bn_mul.o
../crypto/bn/bn_prime.o ../crypto/bn/bn_rand.o ../crypto/bn/bn_recp.o
../crypto/bn/bn_shift.o ../crypto/bn/bn_sqr.o ../crypto/bn/bn_word.o
../crypto/bn/bn_x931p.o ../crypto/buffer/buf_str.o
../crypto/cryptlib.o ../crypto/des/cfb64ede.o ../crypto/des/cfb64enc.o
../crypto/des/cfb_enc.o ../crypto/des/ecb3_enc.o
../crypto/des/ecb_enc.o ../crypto/des/ofb64ede.o
../crypto/des/ofb64enc.o ../crypto/des/fcrypt.o
../crypto/des/set_key.o ../crypto/dsa/dsa_utl.o
../crypto/dsa/dsa_sign.o ../crypto/dsa/dsa_vrf.o ../crypto/err/err.o
../crypto/evp/digest.o ../crypto/evp/enc_min.o ../crypto/evp/e_aes.o
../crypto/evp/e_des3.o ../crypto/evp/p_sign.o ../crypto/evp/p_verify.o
../crypto/mem_clr.o ../crypto/mem.o ../crypto/rand/md_rand.o
../crypto/rand/rand_egd.o ../crypto/rand/randfile.o
../crypto/rand/rand_lib.o ../crypto/rand/rand_os2.o
../crypto/rand/rand_unix.o ../crypto/rand/rand_win.o
../crypto/rsa/rsa_lib.o ../crypto/rsa/rsa_none.o
../crypto/rsa/rsa_oaep.o ../crypto/rsa/rsa_pk1.o
../crypto/rsa/rsa_pss.o ../crypto/rsa/rsa_ssl.o
../crypto/rsa/rsa_x931.o ../crypto/sha/sha1dgst.o
../crypto/sha/sha256.o ../crypto/sha/sha512.o ../crypto/uid.o' ;
export EXCL_OBJ ; \
ARX='/usr/bin/perl ${TOP}/util/arx.pl ar r' ; \
else \
ARX='ar r' ; \
fi ; export ARX ; \
dir=crypto; target=all; if echo crypto fips ssl
engines apps test tools | grep $dir /dev/null 2/dev/null; then
if [ -d $dir ]; then ( [ $target != all -a -z libcrypto ]
FIPSCANLIB=/dev/null; cd $dir echo making $target in $dir...
TOP= unset TOP ${LIB+LIB} ${LIBS+LIBS} ${INCLUDE+INCLUDE}
${INCLUDES+INCLUDES} ${DIR+DIR} ${DIRS+DIRS} ${SRC+SRC}
${LIBSRC+LIBSRC} ${LIBOBJ+LIBOBJ} ${ALL+ALL} ${EXHEADER+EXHEADER}
${HEADER+HEADER} ${GENERAL+GENERAL} ${CFLAGS+CFLAGS}
${ASFLAGS+ASFLAGS} ${AFLAGS+AFLAGS} ${LDCMD+LDCMD} ${LDFLAGS+LDFLAGS}
${SHAREDCMD+SHAREDCMD} ${SHAREDFLAGS+SHAREDFLAGS}
${SHARED_LIB+SHARED_LIB} ${LIBEXTRAS+LIBEXTRAS} make -e
PLATFORM='debug-linux-elf-noefence' PROCESSOR='' CC='gcc' CFLAG='-fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG
-DL_ENDIAN -DTERMIO -g -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS
-DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM'
AS='gcc' ASFLAG='-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG
-DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -c' AR='ar r' PERL='/usr/bin/perl'
RANLIB='/usr/bin/ranlib' SDIRS='objects md2 md4 md5 sha hmac ripemd
des aes rc2 rc4 idea bf cast bn ec rsa dsa ecdsa dh ecdh dso engine
buffer bio stack lhash rand err evp asn1 pem x509 x509v3 conf txt_db
pkcs7 pkcs12 comp ocsp ui krb5 store pqueue'
LIBRPATH='/usr/local/ssl/fips/lib' INSTALL_PREFIX=''
INSTALLTOP='/usr/local/ssl/fips' OPENSSLDIR='/usr/local/ssl/fips'
MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD gcc'
DEPFLAG='-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_CAMELLIA
-DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5
-DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED' MAKEDEPPROG='gcc'
SHARED_LDFLAGS='' KRB5_INCLUDES='' LIBKRB5='' EXE_EXT='' SHARED_LIBS='
libcrypto.so.0.9.8 libssl.so.0.9.8' SHLIB_EXT='.so.0.9.8'
SHLIB_TARGET='linux-shared' PEX_LIBS='' EX_LIBS='-ldl'
CPUID_OBJ='x86cpuid-elf.o' BN_ASM='bn86-elf.o co86-elf.o '
DES_ENC='dx86-elf.o yx86-elf.o' AES_ASM_OBJ='ax86-elf.o'
BF_ENC='bx86-elf.o' CAST_ENC='c_enc.o' RC4_ENC='rx86-elf.o rc4_skey.o'
RC5_ENC='r586-elf.o' SHA1_ASM_OBJ='sx86-elf.o s512sse2-elf.o'
MD5_ASM_OBJ='mx86-elf.o' RMD160_ASM_OBJ='rm86-elf.o' FIPSLIBDIR=''
FIPSCANLIB=${FIPSCANLIB:-libcrypto} FIPSCANISTERINTERNAL='y'
FIPS_EX_OBJ='../crypto/aes/aes_cfb.o ../crypto/aes/aes_ecb.o
../crypto/aes/aes_ofb.o ../crypto/bn/bn_add.o ../crypto/bn/bn_blind.o
../crypto/bn/bn_ctx.o ../crypto/bn/bn_div.o ../crypto/bn/bn_exp2.o
../crypto/bn/bn_exp.o ../crypto/bn/bn_gcd.o ../crypto/bn/bn_lib.o
../crypto/bn/bn_mod.o ../crypto/bn/bn_mont.o ../crypto/bn/bn_mul.o
../crypto/bn/bn_prime.o ../crypto/bn/bn_rand.o ../crypto/bn/bn_recp.o
Re: Assertion failure
On Thu, Jul 23, 2009, Michael Kurecka wrote: Dr. Henson: I did the ./Configure debug-linux-elf-noefence fipscanisterbuild as you mentioned and that worked OK but I got the following error when I ran make. Argh... don't have a debug configuration for that platform. Try deleting the -march= option from Makefile. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
What determines which SSL version is used? Is it the CTX object, a configuration setting, etc.? I've tried tracing the code on the OpenSSL side but it has me baffled even with a stack trace I'm having trouble understanding its path. I would appreciate any help you can give on the issue. It's controlled by three things, but the one that's probably important for you is what '*_method' function you call to pass to SSL_CTX_new. You want one of the TLS*_method calls. You probably have one of the SSLv*_method calls now. Thank you for your help that is definitely a point in the right direction; however, it leaves me more baffled. I found the only SSL_CTX_new function that is in the code and it is being passed the TLSv1_method not an SSLv*_method which is what it should be according to your statement. So what else could cause it to call a different method? Is there an attribute of the SSL_CTX structure that I could display to see what version is going to be called that I could use to help trace the problem?
Re: Assertion failure
On Fri, Jul 17, 2009, Michael Kurecka wrote:
I am trying to run wpa_supplicant in FIPS mode. The stack trace of the
failure is below. I'm assuming that an algorithm not supported by FIPS
is being used but I'm not sure which one since I thought I removed
them all. I replaced SHA-1 with
EVP_MD_CTX ctx;
size_t i;
unsigned int mac_len;
EVP_DigestInit(ctx, EVP_sha1());
for(i = 0; i num_elem; i++)
{
EVP_DigestUpdate(ctx, addr[i], len[i]);
}
EVP_DigestFinal(ctx, mac, mac_len);
and MD5 with
MD5_CTX ctx;
size_t i;
MD5_Init(ctx);
for(i = 0; i num_elem; i++)
{
MD5_Update(ctx, addr[i], len[i]);
}
MD5_Final(mac, ctx);
which I thought allowed me to bypass the FIPS check. I don't think the MD5
function is even called so I want to know at least if there is a way to
determine what cipher is being called that is failing and any additional
clues would be also appreciated.
No that wont bypass the MD5 check. You can use EVP and set the flag
EVP_MD_CTX_NON_FIPS_ALLOW if you really want to do that...
digest.c(151): OpenSSL internal error, assertion failed: Digest update
previous FIPS forbidden algorithm error ignored
Breakpoint 1, 0x401d48fc in abort () from /lib/libc.so.6
(gdb) bt
#0 0x401d48fc in abort () from /lib/libc.so.6
#1 0x0001c088 in OpenSSLDie ()
#2 0x0001f970 in bad_update ()
#3 0x0001f830 in EVP_DigestUpdate ()
#4 0x4003ffa8 in ssl3_finish_mac () from /usr/lib/libssl.so.0.9.8
#5 0x400432e0 in ssl3_do_write () from /usr/lib/libssl.so.0.9.8
#6 0x4003e6b8 in ssl3_connect () from /usr/lib/libssl.so.0.9.8
#7 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8
#8 0x000526c0 in tls_connection_handshake (ssl_ctx=value optimized
out, conn=0x94e68, in_data=0x970d0 \224,@\224,@\020, in_len=0,
out_len=0x94d88, appl_data=0xbed1f218, appl_data_len=0xbed1f214) at
../src/crypto/tls_openssl.c:1792
#9 0x0004fcac in eap_peer_tls_process_helper (sm=0x8ad90,
data=0x94d80, eap_type=EAP_TYPE_PEAP, peap_version=0, id=98 'b',
in_data=0x0, in_len=537439632, out_data=0xbed1f264) at
../src/eap_peer/eap_tls_common.c:463
#10 0x00049354 in eap_peap_process (sm=0x8ad90, priv=0x94d80,
ret=0xbed1f298, reqData=0x94d68) at ../src/eap_peer/eap_peap.c:1076
#11 0x0004dcf4 in sm_EAP_METHOD_Enter (sm=0x8ad90, global=value
optimized out) at ../src/eap_peer/eap.c:368
#12 0x0004e22c in eap_peer_sm_step (sm=0x8ad90) at ../src/eap_peer/eap.c:698
#13 0x0004b9d0 in eapol_sm_step (sm=0x8ac68) at
../src/eapol_supp/eapol_supp_sm.c:900
No proper debugging symbols in the shared library AFAICS.
The actual assertion failure is caused by ignoring an earlier error. Look in
crypto/evp/digest.c and you will see the line:
EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
Stick a breakpoint in there and you should be able to see which algorithm is
being used and where.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Assertion failure
Michael Kurecka wrote: Thank you for your help that is definitely a point in the right direction; however, it leaves me more baffled. I found the only SSL_CTX_new function that is in the code and it is being passed the TLSv1_method not an SSLv*_method which is what it should be according to your statement. So what else could cause it to call a different method? Is there an attribute of the SSL_CTX structure that I could display to see what version is going to be called that I could use to help trace the problem? Most likely, you're getting a connection from a non-FIPS endpoint that's forcing you to use a protocol that's not FIPS compliant. I'm not sure why you're seeing what you're seeing though -- it should just have reported that it was unable to negotiate compatible protocols (assuming the other end was not capable of TLSv1). It may help to set SSL_OP_NO_SSLv2 and SSL_OP_NOSSLv3. Maybe you're setting FIPS mode too late and incompatible algorithms have already been added? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
Thank you David for your bluntness. Trust me, I'm aware of how significant making wpa_supplicant FIPSable is. I've been working on it for several months. Over the past few months I've been in the process of removing non-compliant code, updating MD5 to SHA-1, etc. I'm close for the AP side with hostapd and have pulled out a lot from wpa_supplicant until this latest issue I seemed to be doing OK. You mentioned that SSL v3 uses MD5 but I read that was the difference between v2 and v3 is that v3 went to SHA-1. Does v3 have a mixture of the two? What determines which SSL version is used? Is it the CTX object, a configuration setting, etc.? I've tried tracing the code on the OpenSSL side but it has me baffled even with a stack trace I'm having trouble understanding its path. I would appreciate any help you can give on the issue. On Mon, Jul 20, 2009 at 10:03 PM, David Schwartz dav...@webmaster.comwrote: Michael Kurecka: How do I disable SSLv3 so that I can use FIPS? Sorry to be blunt, but you don't. A FIPS wpa_supplicant is a significant task, you can't just flip a few switches and make one appear. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Assertion failure
I'm not going to comment on David's assertion's or anything about wpa_supplicants, but lets take a step back: SSL is NOT allowed in FIPS 140-2 compliant modes; TLS 1.0 IS allowed in FIPS 140-2 when using FIPS-approved security functions (see the FIPS 140-2 implementation guide). TLS 1.0 is sometimes referred to as SSL 3.1, but stick to TLS nomenclature - safer! TLS 1.0 DOES use MD5 and SHA-1 in combination, and - despite MD5 not being allowed by the FIPS 140-2 standard - it is allowed in this case because the combined 'strength of the two, when used in unison, is not less than SHA-1 itself. I can't remember the technical explanation, but its around somewhere. I would suspect (not know) that OpenSSL uses the MD5 code directly in TLS rather than through the EVP interface, as it should fail using this code path if FIPS is enabled. If you use OpenSSL in FIPS-enabled mode, you will only be allowed to use TLS and FIPS-allowed cipher suites - that's all you need to know most of the time. Carl On Tue 21/07/09 1:06 PM , Michael Kurecka wpi.open...@gmail.com sent: Thank you David for your bluntness. Trust me, I'm aware of how significant making wpa_supplicant FIPSable is. I've been working on it for several months. Over the past few months I've been in the process of removing non-compliant code, updating MD5 to SHA-1, etc. I'm close for the AP side with hostapd and have pulled out a lot from wpa_supplicant until this latest issue I seemed to be doing OK. You mentioned that SSL v3 uses MD5 but I read that was the difference between v2 and v3 is that v3 went to SHA-1. Does v3 have a mixture of the two? What determines which SSL version is used? Is it the CTX object, a configuration setting, etc.? I've tried tracing the code on the OpenSSL side but it has me baffled even with a stack trace I'm having trouble understanding its path. I would appreciate any help you can give on the issue. On Mon, Jul 20, 2009 at 10:03 PM, David Schwartz dav...@webmaster.com wrote: Michael Kurecka: How do I disable SSLv3 so that I can use FIPS? Sorry to be blunt, but you don't. A FIPS wpa_supplicant is a significant task, you can't just flip a few switches and make one appear. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Assertion failure
On Tue, Jul 21, 2009, carlyo...@keycomm.co.uk wrote: TLS 1.0 DOES use MD5 and SHA-1 in combination, and - despite MD5 not being allowed by the FIPS 140-2 standard - it is allowed in this case because the combined 'strength of the two, when used in unison, is not less than SHA-1 itself. I can't remember the technical explanation, but its around somewhere. I would suspect (not know) that OpenSSL uses the MD5 code directly in TLS rather than through the EVP interface, as it should fail using this code path if FIPS is enabled. To avoid issues with applications accidentally using non-FIPS algorithms in FIPS mode the EVP and low level interfaces generate errors if an attempt is made to use them. In the case of EVP you get errors when you try to initialise the context. Since some applications might blindly ignore the initialisation error (you'd normally never get an error with a software only interface) the context is initialised so that any attempt to use the context produces a hard assertion failure when you call *update(). The low level interfaces often don't return values and their use directly in applications has been discouraged for many years. In those cases you just get the assertion failure. There are some cases where an application can decide that the use of the non-FIPS algorithm is permissible in FIPS mode, in that case they can set a flag in the context structure and the use will be allowed. The TLS code uses that to allow MD5. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Assertion failure
Michael Kurecka wrote: Thank you David for your bluntness. Trust me, I'm aware of how significant making wpa_supplicant FIPSable is. I've been working on it for several months. Over the past few months I've been in the process of removing non-compliant code, updating MD5 to SHA-1, etc. I'm close for the AP side with hostapd and have pulled out a lot from wpa_supplicant until this latest issue I seemed to be doing OK. Sorry, I didn't know that. You mentioned that SSL v3 uses MD5 but I read that was the difference between v2 and v3 is that v3 went to SHA-1. Does v3 have a mixture of the two? Yes. TLS does as well, however, TLS does not rely on MD5 for any of its security properties, so it's allowed. You actually can use MD5 in a FIPS-compliant application so long as you don't derive any of your security properties from it. (If you think about it, XOR is not a good encryption algorithm, but it'd be awfully hard to write *any* application without using XOR for anything, ever.) What determines which SSL version is used? Is it the CTX object, a configuration setting, etc.? I've tried tracing the code on the OpenSSL side but it has me baffled even with a stack trace I'm having trouble understanding its path. I would appreciate any help you can give on the issue. It's controlled by three things, but the one that's probably important for you is what '*_method' function you call to pass to SSL_CTX_new. You want one of the TLS*_method calls. You probably have one of the SSLv*_method calls now. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Assertion failure
How do I disable SSLv3 so that I can use FIPS? On Fri, Jul 17, 2009 at 4:22 PM, David Schwartz dav...@webmaster.comwrote: Michael Kurecka: I am trying to run wpa_supplicant in FIPS mode. Why? I don't think the MD5 function is even called MD5 is part of SSLv3. #6 0x4003e6b8 in ssl3_connect () from /usr/lib/libssl.so.0.9.8#7 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8#8 0x000526c0 in tls_connection_handshake (ssl_ctx=value optimized out, conn=0x94e68, in_data=0x970d0 \224,@\224,@\020, in_len=0, out_len=0x94d88, appl_data=0xbed1f218, appl_data_len=0xbed1f214) at ../src/crypto/tls_openssl.c:1792 #9 0x0004fcac in eap_peer_tls_process_helper (sm=0x8ad90, data=0x94d80, eap_type=EAP_TYPE_PEAP, peap_version=0, id=98 'b', in_data=0x0, in_len=537439632, out_data=0xbed1f264) at ../src/eap_peer/eap_tls_common.c:463 You need to disable SSLv3 if you want to use FIPS mode. SSLv3 relies on MD5 for some of its security properties, and that's a no-no in FIPS mode. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Assertion failure
Michael Kurecka: How do I disable SSLv3 so that I can use FIPS? Sorry to be blunt, but you don't. A FIPS wpa_supplicant is a significant task, you can't just flip a few switches and make one appear. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Assertion failure
I am trying to run wpa_supplicant in FIPS mode. The stack trace of the
failure is below. I'm assuming that an algorithm not supported by FIPS
is being used but I'm not sure which one since I thought I removed
them all. I replaced SHA-1 with
EVP_MD_CTX ctx;
size_t i;
unsigned int mac_len;
EVP_DigestInit(ctx, EVP_sha1());
for(i = 0; i num_elem; i++)
{
EVP_DigestUpdate(ctx, addr[i], len[i]);
}
EVP_DigestFinal(ctx, mac, mac_len);
and MD5 with
MD5_CTX ctx;
size_t i;
MD5_Init(ctx);
for(i = 0; i num_elem; i++)
{
MD5_Update(ctx, addr[i], len[i]);
}
MD5_Final(mac, ctx);
which I thought allowed me to bypass the FIPS check. I don't think the MD5
function is even called so I want to know at least if there is a way to
determine what cipher is being called that is failing and any additional
clues would be also appreciated.
digest.c(151): OpenSSL internal error, assertion failed: Digest update
previous FIPS forbidden algorithm error ignored
Breakpoint 1, 0x401d48fc in abort () from /lib/libc.so.6
(gdb) bt
#0 0x401d48fc in abort () from /lib/libc.so.6
#1 0x0001c088 in OpenSSLDie ()
#2 0x0001f970 in bad_update ()
#3 0x0001f830 in EVP_DigestUpdate ()
#4 0x4003ffa8 in ssl3_finish_mac () from /usr/lib/libssl.so.0.9.8
#5 0x400432e0 in ssl3_do_write () from /usr/lib/libssl.so.0.9.8
#6 0x4003e6b8 in ssl3_connect () from /usr/lib/libssl.so.0.9.8
#7 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8
#8 0x000526c0 in tls_connection_handshake (ssl_ctx=value optimized
out, conn=0x94e68, in_data=0x970d0 \224,@\224,@\020, in_len=0,
out_len=0x94d88, appl_data=0xbed1f218, appl_data_len=0xbed1f214) at
../src/crypto/tls_openssl.c:1792
#9 0x0004fcac in eap_peer_tls_process_helper (sm=0x8ad90,
data=0x94d80, eap_type=EAP_TYPE_PEAP, peap_version=0, id=98 'b',
in_data=0x0, in_len=537439632, out_data=0xbed1f264) at
../src/eap_peer/eap_tls_common.c:463
#10 0x00049354 in eap_peap_process (sm=0x8ad90, priv=0x94d80,
ret=0xbed1f298, reqData=0x94d68) at ../src/eap_peer/eap_peap.c:1076
#11 0x0004dcf4 in sm_EAP_METHOD_Enter (sm=0x8ad90, global=value
optimized out) at ../src/eap_peer/eap.c:368
#12 0x0004e22c in eap_peer_sm_step (sm=0x8ad90) at ../src/eap_peer/eap.c:698
#13 0x0004b9d0 in eapol_sm_step (sm=0x8ac68) at
../src/eapol_supp/eapol_supp_sm.c:900
RE: Assertion failure
Michael Kurecka: I am trying to run wpa_supplicant in FIPS mode. Why? I don't think the MD5 function is even called MD5 is part of SSLv3. #6 0x4003e6b8 in ssl3_connect () from /usr/lib/libssl.so.0.9.8#7 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8#8 0x000526c0 in tls_connection_handshake (ssl_ctx=value optimized out, conn=0x94e68, in_data=0x970d0 \224,@\224,@\020, in_len=0, out_len=0x94d88, appl_data=0xbed1f218, appl_data_len=0xbed1f214) at ../src/crypto/tls_openssl.c:1792 #9 0x0004fcac in eap_peer_tls_process_helper (sm=0x8ad90, data=0x94d80, eap_type=EAP_TYPE_PEAP, peap_version=0, id=98 'b', in_data=0x0, in_len=537439632, out_data=0xbed1f264) at ../src/eap_peer/eap_tls_common.c:463 You need to disable SSLv3 if you want to use FIPS mode. SSLv3 relies on MD5 for some of its security properties, and that's a no-no in FIPS mode. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
