Re: DTLS PSK in FIPS mode
Steve, thanks for getting back! Since I could not reproduce this using s_client and s_server I set out to take the code I am using into a sample project. Doing so I believe I have found the issue, SSL_CTX_set_cipher(ctx, SSL_TXT_PSK) returns an error (SSL routines:SSL_CTX_set_cipher_list:no cipher match) if I have called FIPS_mode_set(1) first. My original code did not check the return value of SSL_CTX_set_cipher so that may very well be the cause of the subsequent crash. Now my question becomes why I cannot select SSL_TXT_PSK when in FIPS mode? Best regards, Fredrik On Sun, Nov 3, 2013 at 4:15 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Fri, Oct 25, 2013, Fredrik Jansson wrote: I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)). Can you reproduce this using s_client and s_server? If so can you give details of the command lines you used? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS PSK in FIPS mode
On Mon, Nov 04, 2013, Fredrik Jansson wrote: Steve, thanks for getting back! Since I could not reproduce this using s_client and s_server I set out to take the code I am using into a sample project. Doing so I believe I have found the issue, SSL_CTX_set_cipher(ctx, SSL_TXT_PSK) returns an error (SSL routines:SSL_CTX_set_cipher_list:no cipher match) if I have called FIPS_mode_set(1) first. My original code did not check the return value of SSL_CTX_set_cipher so that may very well be the cause of the subsequent crash. Now my question becomes why I cannot select SSL_TXT_PSK when in FIPS mode? The ciphersuites supported in FIPS mode are restricted to those which use approved algorithms. PSK at present is not listed though there isn't really any reason why it can't be included in future. To test this add the flag SSL_FIPS to the relevant ciphersuits in s3_lib.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS PSK in FIPS mode
Thanks, that did it! To try to understand the implications of this, if I add SSL_FIPS to TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, am I violating the security policy? AES 128/256 CBC and SHA are approved algorithms(?). Best regards, Fredrik On Mon, Nov 4, 2013 at 2:31 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Nov 04, 2013, Fredrik Jansson wrote: Steve, thanks for getting back! Since I could not reproduce this using s_client and s_server I set out to take the code I am using into a sample project. Doing so I believe I have found the issue, SSL_CTX_set_cipher(ctx, SSL_TXT_PSK) returns an error (SSL routines:SSL_CTX_set_cipher_list:no cipher match) if I have called FIPS_mode_set(1) first. My original code did not check the return value of SSL_CTX_set_cipher so that may very well be the cause of the subsequent crash. Now my question becomes why I cannot select SSL_TXT_PSK when in FIPS mode? The ciphersuites supported in FIPS mode are restricted to those which use approved algorithms. PSK at present is not listed though there isn't really any reason why it can't be included in future. To test this add the flag SSL_FIPS to the relevant ciphersuits in s3_lib.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS PSK in FIPS mode
On Mon, Nov 04, 2013, Fredrik Jansson wrote: Thanks, that did it! To try to understand the implications of this, if I add SSL_FIPS to TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, am I violating the security policy? AES 128/256 CBC and SHA are approved algorithms(?). The security policy means you cannot modify any code in the validated module source, it does not apply to the FIPS capable OpenSSL which is effectively an application of the FIPS module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS PSK in FIPS mode
Awesome, thank you! Can you please help me close bug 3152? I will put in a change request to have TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA enabled in FIPS mode. Best regards, Fredrik On Mon, Nov 4, 2013 at 3:37 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Nov 04, 2013, Fredrik Jansson wrote: Thanks, that did it! To try to understand the implications of this, if I add SSL_FIPS to TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, am I violating the security policy? AES 128/256 CBC and SHA are approved algorithms(?). The security policy means you cannot modify any code in the validated module source, it does not apply to the FIPS capable OpenSSL which is effectively an application of the FIPS module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS PSK in FIPS mode
On Fri, Oct 25, 2013, Fredrik Jansson wrote: I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)). Can you reproduce this using s_client and s_server? If so can you give details of the command lines you used? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
DTLS PSK in FIPS mode
Hi! I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)). If I do, I get crashes as below where p =0; Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffddffb700 (LWP 15278)] 0x7752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at d1_pkt.c:680 680*p == SSL3_MT_CLIENT_HELLO) (gdb) bt #0 0x7752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at d1_pkt.c:680 #1 0x7752ef7f in dtls1_read_bytes (s=0x7fffc8000c00, type=22, buf=0x7fffddffa990 \300\251\377\335\377\177, len=12, peek=0) at d1_pkt.c:838 #2 0x775327cd in dtls1_get_message_fragment (s=0x7fffc8000c00, st1=8465, stn=8466, max=16384, ok=0x7fffddffaa44) at d1_both.c:788 #3 0x77531699 in dtls1_get_message (s=0x7fffc8000c00, st1=8465, stn=8466, mt=1, max=16384, ok=0x7fffddffaa44) at d1_both.c:436 #4 0x77503a53 in ssl3_get_client_hello (s=0x7fffc8000c00) at s3_srvr.c:941 #5 0x7752712c in dtls1_accept (s=0x7fffc8000c00) at d1_srvr.c:298 #6 0x77536e85 in SSL_accept (s=0x7fffc8000c00) at ssl_lib.c:940 #7 0x7752dd38 in dtls1_listen (s=0x7fffc8000c00, client=0x7fffddffacf0) at d1_lib.c:477 #8 0x7752d715 in dtls1_ctrl (s=0x7fffc8000c00, cmd=75, larg=0, parg=0x7fffddffacf0) at d1_lib.c:263 #9 0x77537422 in SSL_ctrl (s=0x7fffc8000c00, cmd=75, larg=0, parg=0x7fffddffacf0) at ssl_lib.c:1106 #10 0x009b64a9 in (anonymous namespace)::listenThread (serverAddr=...) at /home/frja/srv_trunk/src/product/service/dtls/unix/dtlsserver.cpp:586 This is only a problem when combining PSK and FIPS, if I do either FIPS or PSK it works. Can anyone please help me out? Fredrik
Re: DTLS PSK in FIPS mode
Hi again,
in d1_pkt.c:574
(s-rstate != SSL_ST_READ_BODY) || (s-packet_length
DTLS1_RT_HEADER_LENGTH)) seems to be false at times. When the program
reaches *p == SSL3_MT_CLIENT_HELLO further down it fails (since p is
initialized to NULL).
if I add
if (NULL == p) {
p = s-packet;
}
before *p == SSL3_MT_CLIENT_HELLO, it works.
Should I report a bug?
Fredrik
On Fri, Oct 25, 2013 at 2:03 PM, Fredrik Jansson
fredrik.jansson...@gmail.com wrote:
Hi!
I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works
well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)).
If I do, I get crashes as below where p =0;
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffddffb700 (LWP 15278)]
0x7752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at d1_pkt.c:680
680*p == SSL3_MT_CLIENT_HELLO)
(gdb) bt
#0 0x7752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at
d1_pkt.c:680
#1 0x7752ef7f in dtls1_read_bytes (s=0x7fffc8000c00, type=22,
buf=0x7fffddffa990 \300\251\377\335\377\177, len=12, peek=0) at
d1_pkt.c:838
#2 0x775327cd in dtls1_get_message_fragment (s=0x7fffc8000c00,
st1=8465, stn=8466, max=16384, ok=0x7fffddffaa44) at d1_both.c:788
#3 0x77531699 in dtls1_get_message (s=0x7fffc8000c00, st1=8465,
stn=8466, mt=1, max=16384, ok=0x7fffddffaa44) at d1_both.c:436
#4 0x77503a53 in ssl3_get_client_hello (s=0x7fffc8000c00) at
s3_srvr.c:941
#5 0x7752712c in dtls1_accept (s=0x7fffc8000c00) at d1_srvr.c:298
#6 0x77536e85 in SSL_accept (s=0x7fffc8000c00) at ssl_lib.c:940
#7 0x7752dd38 in dtls1_listen (s=0x7fffc8000c00,
client=0x7fffddffacf0) at d1_lib.c:477
#8 0x7752d715 in dtls1_ctrl (s=0x7fffc8000c00, cmd=75, larg=0,
parg=0x7fffddffacf0) at d1_lib.c:263
#9 0x77537422 in SSL_ctrl (s=0x7fffc8000c00, cmd=75, larg=0,
parg=0x7fffddffacf0) at ssl_lib.c:1106
#10 0x009b64a9 in (anonymous namespace)::listenThread
(serverAddr=...) at
/home/frja/srv_trunk/src/product/service/dtls/unix/dtlsserver.cpp:586
This is only a problem when combining PSK and FIPS, if I do either FIPS or
PSK it works.
Can anyone please help me out?
Fredrik
