About OPENSSL platform
Hi All, Could you do me a favor to know whether openssl support to run on opteron (AMD) platform? If yes, which version? And how to set configure file? Thanks and regards, Leo
openssl 0.9.4
Hi All, Could you give me quick reply that whether openssl 0.9.4 could support multi-threads application? Thanks and regards, Leo
Installation Problems
Hi, I'm new to openssl have recently downloaded openssl-0.9.8j.tar had tried installing it but encountered errors. I've also installed libiconv-1.11-sol10-sparc-local.gz gcc-3.4.6-sol10-sparc-local.gz Below are my steps: # isainfo sparcv9 sparc # uname -a SunOS training2 5.10 Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T200 # which gcc /usr/local/bin/gcc # ./Configure solaris-sparcv9-gcc # make # make install --- here encountered the following errors: cp: cannot access fipscanister.o cp: cannot access fipscanister.o.sha1 *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /tmp/openssl-0.9.8j/fips *** Error code 1 make: Fatal error: Command failed for target `install_sw' Pls advice. Any advices/suggestions would be greatly appreciated. Regards, Eileen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How to retieves the count of certificates in certificate store
Hi all, How can i retrieves the count of certificates in certificate store in LINUX? ex: CA's, self-signed etc. Any direct API is there in LINUX? -- View this message in context: http://www.nabble.com/How-to-retieves-the-count-of-certificates-in-certificate-store-tp21537046p21537046.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 0.9.4
Leo, Liangyou Wang (liangwan) schrieb: Hi All, Could you give me quick reply that whether openssl 0.9.4 could support multi-threads application? Thanks and regards, Leo Hi Leo, see http://www.openssl.org/support/faq.html#PROG1 Hope it helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
RE: openssl 0.9.4
Yes. Thank you. Regards, --Ajeet Kumar Singh _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leo, Liangyou Wang (liangwan) Sent: Monday, January 19, 2009 7:40 AM To: openssl-users@openssl.org Subject: openssl 0.9.4 Importance: High Hi All, Could you give me quick reply that whether openssl 0.9.4 could support multi-threads application? Thanks and regards, Leo image001.jpg
RE: About OPENSSL platform
Hi Wang, It will support AMD also. Openssl only depends upon OS like window, unix etc. Please check what OS you are using. Regards, --Ajeet Kumar Singh _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leo, Liangyou Wang (liangwan) Sent: Monday, January 19, 2009 6:59 AM To: openssl-users@openssl.org Subject: About OPENSSL platform Importance: High Hi All, Could you do me a favor to know whether openssl support to run on opteron (AMD) platform? If yes, which version? And how to set configure file? Thanks and regards, Leo
How to detect dead peers with DTLS?
Hi everybody, how can I detect a dead server with *DTLS*? I'm developing an application (IPFIX exporter and collector) that only *sends* data using DTLS over UDP. Imagine the collector (DTLS server) crashes and comes up again. The exporter (DTLS client) does not notice the fact that the server went down and keeps on sending data using the old pre-master secret. The only thing the server can do is to drop those packets because due to the crash he lost the pre-master secret and also the whole state that constitutes the SSL object. Please note that the underlying protocol which is UDP - as opposed to TCP - does *not* tell me that the peer died. I might get some ICMP port-unreachable messages but I don't want to rely on that. Is there some kind of Dead Peer Detection like in the IPSec/IKE protocol that allows me to verify that my peer is still alive? In case the peer died I would just backup and initiate a new DTLS connection from scratch. Also, this mechanism would be useful to keep NAT mappings alive. Please note that I can not solve this problem via the protocol that I use on top of DTLS - which is IPFIX - because IPFIX - by definition - only *sends* but does not receive data. I.e. I can not infer that the server crashed from the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one-way protocol. Thanks Daniel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 0.9.4
Yes it supports multithread applications. On Mon, Jan 19, 2009 at 7:40 AM, Leo, Liangyou Wang (liangwan) liang...@cisco.com wrote: Hi All, Could you give me quick reply that whether openssl 0.9.4 could support multi-threads application? Thanks and regards, Leo -- regards, Vineeta Kumari Software engg Mobera Systems Chandigarh
ECDSA signature verification
Hi, I'm new to OpenSSL, having just installed openssl-fips-1.2. I'm looking for some guidance in how to use OpenSSL (from the command line) to verify ECDSA signatures. In particular, I have the following questions: * is it possible to define our own curves (rather than using one of the predefined curves)? * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. Apologies for any dumb questions there - thanks in advance for any assistance! Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: reducing the size of openssl package
U should enable require Preprocessor for Encryption and Auth. Algorithm. Thank you. Regards, --Ajeet Kumar Singh Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve Bhadrani Pashyantu , Maa Kaschit Dukha Bhagh Bhavet -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of harihar Sent: Wednesday, January 07, 2009 6:35 PM To: openssl-users@openssl.org Subject: reducing the size of openssl package Does any one have an idea of how to reduce the size of openSSL package. As the package contain lot of things which r not used in my project. please reply -- View this message in context: http://www.nabble.com/reducing-the-size-of-openssl-package-tp21330938p213309 38.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to detect dead peers with DTLS?
Please note that I can not solve this problem via the protocol that I use on top of DTLS - which is IPFIX - because IPFIX - by definition - only *sends* but does not receive data. I.e. I can not infer that the server crashed from the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one-way protocol. Thanks Daniel You have a problem that cannot be solved in principle. If you do not allow the other side to ever send anything, then there is simply no way you can ever detect its absence. If you wish to detect the loss of the other side, the other side *must* send something. There is no other way. I suggest you either modify your protocol or layer another protocol between it and DTLS. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hashing bit-oriented data
Hello, Using the OpenSSL command line, is it possible to compute hashes of data which is not a whole number of bytes in length? For example, a block of data consisting of (say) 110 bits? Padding the data is not an option, because we need to be able to verify hashes which have been computed externally. If this is not an option from the command line, can it be achieved through use of the OpenSSL APIs? Thanks, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 0.9.4
On Mon, Jan 19, 2009, Leo, Liangyou Wang (liangwan) wrote: Hi All, Could you give me quick reply that whether openssl 0.9.4 could support multi-threads application? Yes but the use of such an ancient version of OpenSSL is STRONGLY discouraged. Several critical security fixes have been added since then. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to detect dead peers with DTLS?
Hi Daniel, why not use DTLS on top of SCTP? SCTP would check using its heartbeat mechanism whether the connection is still alive. Best regards Michael On Jan 19, 2009, at 10:47 AM, Daniel Mentz wrote: Hi everybody, how can I detect a dead server with *DTLS*? I'm developing an application (IPFIX exporter and collector) that only *sends* data using DTLS over UDP. Imagine the collector (DTLS server) crashes and comes up again. The exporter (DTLS client) does not notice the fact that the server went down and keeps on sending data using the old pre-master secret. The only thing the server can do is to drop those packets because due to the crash he lost the pre- master secret and also the whole state that constitutes the SSL object. Please note that the underlying protocol which is UDP - as opposed to TCP - does *not* tell me that the peer died. I might get some ICMP port-unreachable messages but I don't want to rely on that. Is there some kind of Dead Peer Detection like in the IPSec/IKE protocol that allows me to verify that my peer is still alive? In case the peer died I would just backup and initiate a new DTLS connection from scratch. Also, this mechanism would be useful to keep NAT mappings alive. Please note that I can not solve this problem via the protocol that I use on top of DTLS - which is IPFIX - because IPFIX - by definition - only *sends* but does not receive data. I.e. I can not infer that the server crashed from the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one- way protocol. Thanks Daniel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Installation Problems
I think you have taken bad version of openSSL
Re: How to detect dead peers with DTLS?
On Mon, Jan 19, 2009 at 10:47 AM, Daniel Mentz danie...@sent.com wrote: Please note that I can not solve this problem via the protocol that I use on [...] the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one-way protocol. Well, though I agree with David Schwartz, the key operative word in your text here is 'except' (see snippet of your text above). So the server **does** send packets in return. (Gotcha. ;-) ) Given that you have a ServerKeyExchange or some such (I don't have the protocol documents for IPFIX around here so didn't check for the feasibility of what I mention next), but the obvious hack I would come up with in such a scenario would be providing my own kind of 'keep alive'; this time in the form of periodic requesting a new ServerKey. (It would be a bit akin to SSL, where you can force a renegotiation.) The idea here is that every N minutes or so, you 'renegotiate' a keyset. That's the 'heartbeat' as when that renegotiation fails, you'll know one of your nodes went belly up. Okay, so you lost an undeterminable amount of data between previous key reneg and this one, but I'm sure one would be able to handle/hack that as well. ;-) (And when we travel down this road, we arrive at where the TCP guys already are, as you are trying to convert a fire-and-forget protocol into a guaranteed-delivery protocol. And, just in case, when you say you don't have key renegotiation options in the protocol, how do you come by a key set to start with? I call the above a 'hack' because you are basically looking at reimplementing TCP. (Plus IPFIX, but that's just too obvious, right? ;-) ) -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hashing bit-oriented data
On Mon, Jan 19, 2009 at 1:48 PM, Young, Alistair alistair.yo...@logica.com wrote: Hello, Using the OpenSSL command line, is it possible to compute hashes of data which is not a whole number of bytes in length? For example, a block of data consisting of (say) 110 bits? Padding the data is not an option, because we need to be able to verify hashes which have been computed externally. If this is not an option from the command line, can it be achieved through use of the OpenSSL APIs? Since all [supported] secure hash algorithms are byte, pardon, *word*-based, the mere definition of those algorithms precludes the possiblity of hashing 110 bit data bursts without any [bit-]padding. Here, 'word' size depends on the secure hash algorithm used. So the oversimplified answer is: no can do. Given that you don't ask whether particular bit-data-stream oriented secure hash algorithm XYZ is supported by OpenSSL, while it's not listed in the feature set, I have a question in return: are you sure you are ware what you are asking here? If yes, please specify required hash algorithm and other specifics and we might be able to help you out. -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: reducing the size of openssl package
You mean specify the various no-xyz (e.g. no-md5, etc.) options when ./config -uring the OpenSSL source tree for building? Anyway, toggling the various OPENSSL_NO_* #define's (which are all toggle-able through ./config commandline options if I am not mistaken) is the fast lane towards reducing OpenSSL footprint. (Tip: one quick win is disabling human-readable error messages by specifying no-err: through the OPENSSL_NO_ERR #define, this will cut out all the error description strings. Furthermore, check which hashes and ciphers you need/want, and which you don't, then remove the latter set through further no-... commandline options for ./config) On Mon, Jan 19, 2009 at 1:11 PM, Ajeet kumar.S ajeetkuma...@jasmin-infotech.com wrote: U should enable require Preprocessor for Encryption and Auth. Algorithm. Thank you. Regards, --Ajeet Kumar Singh Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve Bhadrani Pashyantu , Maa Kaschit Dukha Bhagh Bhavet -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of harihar Sent: Wednesday, January 07, 2009 6:35 PM To: openssl-users@openssl.org Subject: reducing the size of openssl package Does any one have an idea of how to reduce the size of openSSL package. As the package contain lot of things which r not used in my project. please reply -- View this message in context: http://www.nabble.com/reducing-the-size-of-openssl-package-tp21330938p213309 38.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Installation Problems
I had the same problem. I made a change that will make it work but it would be good if someone else could verify if the change is necessary. In the Makefile under the fips directory, where it does the cp -p of the fips modules, I had to add the prefix of $(FIPSLIBDIR) to each of the files being copied. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Eileen Tan Sent: Sunday, January 18, 2009 10:06 PM To: openssl-users@openssl.org Subject: Installation Problems Hi, I'm new to openssl have recently downloaded openssl-0.9.8j.tar had tried installing it but encountered errors. I've also installed libiconv-1.11-sol10-sparc-local.gz gcc-3.4.6-sol10-sparc-local.gz Below are my steps: # isainfo sparcv9 sparc # uname -a SunOS training2 5.10 Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T200 # which gcc /usr/local/bin/gcc # ./Configure solaris-sparcv9-gcc # make # make install --- here encountered the following errors: cp: cannot access fipscanister.o cp: cannot access fipscanister.o.sha1 *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /tmp/openssl-0.9.8j/fips *** Error code 1 make: Fatal error: Command failed for target `install_sw' Pls advice. Any advices/suggestions would be greatly appreciated. Regards, Eileen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Hashing bit-oriented data
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ger Hobbelt Sent: 19 January 2009 14:00 To: openssl-users@openssl.org Subject: Re: Hashing bit-oriented data On Mon, Jan 19, 2009 at 1:48 PM, Young, Alistair alistair.yo...@logica.com wrote: Hello, Using the OpenSSL command line, is it possible to compute hashes of data which is not a whole number of bytes in length? For example, a block of data consisting of (say) 110 bits? ... snip ... Since all [supported] secure hash algorithms are byte, pardon, *word*-based, the mere definition of those algorithms precludes the possiblity of hashing 110 bit data bursts without any [bit-]padding. Here, 'word' size depends on the secure hash algorithm used. So the oversimplified answer is: no can do. Given that you don't ask whether particular bit-data-stream oriented secure hash algorithm XYZ is supported by OpenSSL, while it's not listed in the feature set, I have a question in return: are you sure you are ware what you are asking here? If yes, please specify required hash algorithm and other specifics and we might be able to help you out. Hi Ger - many thanks for the reply. My experience in this area is limited - so I may well be asking a silly question! :) My understanding, however, is that the hashing algorithms (I am specifically thinking of SHA-256) do not place any restrictions on the length of the data being hashed. For example, the pseudocode for SHA-256 given at http://en.wikipedia.org/wiki/SHA_hash_functions states that the first steps are: * append bit '1' to the message * append k bits '0' to the message until the length of the message is congruent to 448 (mod 512) * append length (before pre-processing) in bits as a 64-bit integer There appears to be nothing intrinsically byte- or word-based about that logic. So, to take my 110-bit message example, I would hope to be able to pass this in and have the hashing logic append a '1', then 337 '0's, and then the number 110 as a 64-bit integer. This then gives 512-bits (16*32-bit words) for the main hashing algorithm to work with. Am I missing a subtle point somewhere? Cheers, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
Hi All, Will the Openssl community will release all the openssl with fips support ie next release of openssl will support fips capability? Thanks Joshi Chandran On Mon, Jan 12, 2009 at 7:23 PM, Steve Marquess marqu...@oss-institute.orgwrote: PGNet wrote: On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Me too. I embarked on this FIPS validation adventure some six years ago because my DoD client at the time wanted a FIPS validated OpenSSH. I wrote a patch several years ago but didn't push it at the time because the first OpenSSL FIPS Object Module validation was still pending, and encountering some significant opposition that took all my attention. Now the OpenSSH patch is not a priority for any of my clients and I don't have the spare time to pursue it. I'd love to see someone else follow it through. To my knowledge Stunnel is the first application to formally support the FIPS object Module. I've been told ProFTP has baselined support as well. I've heard privately from many people who have done local mods of various applications, but have been disappointed in how slowly this support is appearing publicly. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... I could point you to my original very dated patch but I know there are some more recent updates. Check the OpenSSH mail archives. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance Very typical for DoD. The mandates for *procurement* of validated software are (increasingly) enforced, but there doesn't seem to be any effective push to actually *use* a runtime FIPS mode. That lack of pressure plus the interoperability issues that FIPS mode can cause means program managers have zero incentive to actually run anything in FIPS mode. It's a paper chase. My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Please consider posting your patches to the OpenSSH lists... -Steve M. -- Steve Marquess Open Source Software Institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards Joshi Chandran
Re: Installation Problems
On Mon, Jan 19, 2009, Blasdel, Jerry wrote: I had the same problem. I made a change that will make it work but it would be good if someone else could verify if the change is necessary. In the Makefile under the fips directory, where it does the cp -p of the fips modules, I had to add the prefix of $(FIPSLIBDIR) to each of the files being copied. I've committed a fix for this see: http://cvs.openssl.org/chngview?cn=17796 in the case of non-fips builds it removes fips from the DIRS line in Makefile so nothing at all is done in the fips directory. For some reason my platform gives the error messages but doesn't halt the build. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
It has already been released. Pick up the openssl-fips-1.2.tar.gz distribution, and the openssl-0.9.8j.tar.gz distribution. Also be aware that you MUST configure the openssl-fips package *EXACTLY* as described in the Security Policy. I am not going to try to reiterate the rules here, nor the commands you have to type. http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf There is also a User Guide available, but anything that it contains that conflicts with the Security Policy is wrong. http://openssl.org/docs/fips/UserGuide-1.2.pdf After you build and install the openssl-fips package, then you can configure openssl-0.9.8j. Use the 'fips' option to ./config. (If you're looking for absolutely every version of OpenSSL that's released to have FIPS validation, you're not going to get it. The process for validation is expensive, on the order of $200,000 for each validation; the OpenSSL team members are already donating their time to the project and most likely don't have the cash to donate to the cause. As well, the vendor (for validation purposes) is the Open Source Software Institute, which does not directly manage the OpenSSL programmers or development effort. As well, it's taken on average over a year for each validation. This is why there's a separate tarball just for the FIPS-validated module; when in FIPS mode, all cryptography done by the library is redirected to be performed by the code in the module.) -Kyle H On Mon, Jan 19, 2009 at 8:34 AM, joshi chandran joshichandran...@gmail.com wrote: Hi All, Will the Openssl community will release all the openssl with fips support ie next release of openssl will support fips capability? Thanks Joshi Chandran On Mon, Jan 12, 2009 at 7:23 PM, Steve Marquess marqu...@oss-institute.org wrote: PGNet wrote: On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Me too. I embarked on this FIPS validation adventure some six years ago because my DoD client at the time wanted a FIPS validated OpenSSH. I wrote a patch several years ago but didn't push it at the time because the first OpenSSL FIPS Object Module validation was still pending, and encountering some significant opposition that took all my attention. Now the OpenSSH patch is not a priority for any of my clients and I don't have the spare time to pursue it. I'd love to see someone else follow it through. To my knowledge Stunnel is the first application to formally support the FIPS object Module. I've been told ProFTP has baselined support as well. I've heard privately from many people who have done local mods of various applications, but have been disappointed in how slowly this support is appearing publicly. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... I could point you to my original very dated patch but I know there are some more recent updates. Check the OpenSSH mail archives. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance Very typical for DoD. The mandates for *procurement* of validated software are (increasingly) enforced, but there doesn't seem to be any effective push to actually *use* a runtime FIPS mode. That lack of pressure plus the interoperability issues that FIPS mode can cause means program managers have zero incentive to actually run anything in FIPS mode. It's a paper chase. My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Please consider posting your patches to the OpenSSH lists... -Steve M. -- Steve Marquess Open Source Software Institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards Joshi Chandran __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Importing OpenSSL CRL into Windows 2003 error
A native Windows CRL includes the following additional extensions : Authority Key Identifier CA Version Next CRL Publish I was able to add Authority Key Identifier and CA Version via the new_oids section: msCAVersion=1.3.6.1.4.1.311.21.1 msCRLNextPublish=1.3.6.1.4.1.311.21.4 I also added the following to the crl_ext section: authorityKeyIdentifier=keyid:always,issuer:always msCAVersion=DER:02:01:00 ** Notice I was not able to add the msCRLNextPublish oid because I don't know how. I get this error, when trying to importing this CRL into Windows 2003: A required CRL extension is missing CertUtil: -dsPublish command FAILED: 0x80070490 (WIN32: 1168) CertUtil: Element not found. So I assume this means I need the CRL Next Publish oid somehow... Or I have something messed up above. Please help - DAVID BLAINE, GCIA , CISSP GDLS-C Lead Information Risk Manager (LIRM) CSC 6000 E. 17 Mile Rd. Sterling Heights MI 48313 GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | dblai...@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
Re: How to detect dead peers with DTLS?
Thank you all for your answers. I think I will go for the hack that misuses re-negotiation as a kind of heartbeat, keep alive or echo request. I tried to avoid this hack at first because it is a computational burden. AFAIK re-negotiation means restarting from scratch which means that expensive public key operations have to be performed. @Michael: Using DTLS on top of SCTP is high on my TODO list. I would be glad if you could help me with this. I'll get back to you with more questions regarding this. I've heard that I'll need your patches for OpenSSL and FreeBSD to make it work. Btw, does OpenSSL support renegotiation when using DTLS? It failed when I tried it with s_client and s_server. I learned from some forum that there's a bug regarding an incorrect message sequence number. Robin Seggelmann provided a patch which has not been merged into the upstream version. Is this still the current status? @Ger: I disagree with you on the fact that I'm trying to convert DTLS into TCP. If I understand Nagendra's Paper correctly DTLS strives to be some kind of secure UDP. Quote: DTLS is explicitly designed to be as compatible as possible with existing datagram communication systems,... ... This property allows applications to simply replace each datagram socket with a secure datagram socket managed by DTLS. DTLS semantics should mimic UDP semantics thus allowing DTLS implementations to mimic the UDP API. end quote I do accept the fact that there might be a loss of datagrams. But when I send out a packet I want to be sure that there's at least a chance that it might reach the receiver. If the receiver crashes and comes up again there's no chance that a packet might ever be decrypted due to the lost state (pre-master secret etc.) in the receiver process. Also, IKE (IPSec) is somewhat similar to DTLS in a sense that it is also unreliable and IKE *does* feature Dead Peer Detection. I'm trying to implement IPFIX according to RFC 5101 which makes support of DTLS on top of UDP mandatory for transmitting IPFIX messages. That's why I'm surprised that there's no simple solution to this problem. Thanks Daniel Ger Hobbelt wrote: On Mon, Jan 19, 2009 at 10:47 AM, Daniel Mentz danie...@sent.com wrote: Please note that I can not solve this problem via the protocol that I use on [...] the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one-way protocol. Well, though I agree with David Schwartz, the key operative word in your text here is 'except' (see snippet of your text above). So the server **does** send packets in return. (Gotcha. ;-) ) Given that you have a ServerKeyExchange or some such (I don't have the protocol documents for IPFIX around here so didn't check for the feasibility of what I mention next), but the obvious hack I would come up with in such a scenario would be providing my own kind of 'keep alive'; this time in the form of periodic requesting a new ServerKey. (It would be a bit akin to SSL, where you can force a renegotiation.) The idea here is that every N minutes or so, you 'renegotiate' a keyset. That's the 'heartbeat' as when that renegotiation fails, you'll know one of your nodes went belly up. Okay, so you lost an undeterminable amount of data between previous key reneg and this one, but I'm sure one would be able to handle/hack that as well. ;-) (And when we travel down this road, we arrive at where the TCP guys already are, as you are trying to convert a fire-and-forget protocol into a guaranteed-delivery protocol. And, just in case, when you say you don't have key renegotiation options in the protocol, how do you come by a key set to start with? I call the above a 'hack' because you are basically looking at reimplementing TCP. (Plus IPFIX, but that's just too obvious, right? ;-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to detect dead peers with DTLS?
Hi Daniel, comments in-line. Best regards Michael On Jan 19, 2009, at 10:54 PM, Daniel Mentz wrote: Thank you all for your answers. I think I will go for the hack that misuses re-negotiation as a kind of heartbeat, keep alive or echo request. I tried to avoid this hack at first because it is a computational burden. AFAIK re-negotiation means restarting from scratch which means that expensive public key operations have to be performed. @Michael: Using DTLS on top of SCTP is high on my TODO list. I would be glad if you could help me with this. I'll get back to you with more questions regarding this. I've heard that I'll need your patches for OpenSSL and FreeBSD to make it work. OK. Btw, does OpenSSL support renegotiation when using DTLS? It failed when I tried it with s_client and s_server. I learned from some forum that there's a bug regarding an incorrect message sequence number. Robin Seggelmann provided a patch which has not been merged into the upstream version. Is this still the current status? As far as I know yes. Robin has tested renegotiations with DTLS/UDP. We have a couple of patches for DTLS/UDP. However, they have not been integrated. The patches for DTLS/SCTP require the DTLS/UDP patches... @Ger: I disagree with you on the fact that I'm trying to convert DTLS into TCP. If I understand Nagendra's Paper correctly DTLS strives to be some kind of secure UDP. Quote: DTLS is explicitly designed to be as compatible as possible with existing datagram communication systems,... ... This property allows applications to simply replace each datagram socket with a secure datagram socket managed by DTLS. DTLS semantics should mimic UDP semantics thus allowing DTLS implementations to mimic the UDP API. end quote I do accept the fact that there might be a loss of datagrams. But when I send out a packet I want to be sure that there's at least a chance that it might reach the receiver. If the receiver crashes and comes up again there's no chance that a packet might ever be decrypted due to the lost state (pre-master secret etc.) in the receiver process. Also, IKE (IPSec) is somewhat similar to DTLS in a sense that it is also unreliable and IKE *does* feature Dead Peer Detection. I'm trying to implement IPFIX according to RFC 5101 which makes support of DTLS on top of UDP mandatory for transmitting IPFIX messages. That's why I'm surprised that there's no simple solution to this problem. Thanks Daniel Ger Hobbelt wrote: On Mon, Jan 19, 2009 at 10:47 AM, Daniel Mentz danie...@sent.com wrote: Please note that I can not solve this problem via the protocol that I use on [...] the fact the he does not send any data because he does not send data anyway (except Handshake messages like ServerHello, ServerKeyExchange, etc.). I guess IPFIX is a one-way protocol. Well, though I agree with David Schwartz, the key operative word in your text here is 'except' (see snippet of your text above). So the server **does** send packets in return. (Gotcha. ;-) ) Given that you have a ServerKeyExchange or some such (I don't have the protocol documents for IPFIX around here so didn't check for the feasibility of what I mention next), but the obvious hack I would come up with in such a scenario would be providing my own kind of 'keep alive'; this time in the form of periodic requesting a new ServerKey. (It would be a bit akin to SSL, where you can force a renegotiation.) The idea here is that every N minutes or so, you 'renegotiate' a keyset. That's the 'heartbeat' as when that renegotiation fails, you'll know one of your nodes went belly up. Okay, so you lost an undeterminable amount of data between previous key reneg and this one, but I'm sure one would be able to handle/hack that as well. ;-) (And when we travel down this road, we arrive at where the TCP guys already are, as you are trying to convert a fire-and-forget protocol into a guaranteed-delivery protocol. And, just in case, when you say you don't have key renegotiation options in the protocol, how do you come by a key set to start with? I call the above a 'hack' because you are basically looking at reimplementing TCP. (Plus IPFIX, but that's just too obvious, right? ;-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Format of index.txt file
Hi all, I need to know the format of the index.txt file, becuase I have to write on it from a python script. I was googling about it, but I don't find too much information. The only things I found was that: Field1 Field2 Field3 Field4 Field5 TYPE EXPDATE SERIAL Unkown Unkown The fields 4 and 5 I don't know what they are. Also I found that type ares: V - Valid E - Expired R - Revoked So I guess that the field EXPDATE is valid only for the Valid type? So when the database say Revokde, the EXPDATE is the revoked time ? and when is Expired ? Thanks a lot if somebody can ask me some of the questions. I really appreciate. Regards, Andres. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Format of index.txt file
It's true that it's not very well documented. The source gives some hints, though. apps/apps.h: #define DB_type 0 #define DB_exp_date 1 #define DB_rev_date 2 #define DB_serial 3 /* index - unique */ #define DB_file 4 #define DB_name 5 /* index - unique when active and not disabled */ Those are the field numbers. DB_rev_date is a field that's filled in when the certificate is revoked. DB_exp_date is simply a copy of the certificate's expiration date (ValidBefore). DB_name is a copy of the certificate's subjet. The only field that's truly unknown is DB_file. As far as I can see from the source, it's never filled with anything else. The reason it exists mostly lies in historical fog, unless someone who was more active back when this was invented has further information. Cheers, Richard In message 20090120022428.gb8...@atlantis on Tue, 20 Jan 2009 00:24:28 -0200, Andres Moreira elkpich...@gmail.com said: elkpichico Hi all, elkpichico I need to know the format of the index.txt file, becuase I have to elkpichico write on it from a python script. I was googling about it, but I don't elkpichico find too much information. elkpichico The only things I found was that: elkpichico elkpichicoField1 Field2 Field3 Field4 Field5 elkpichicoTYPE EXPDATE SERIAL Unkown Unkown elkpichico elkpichico The fields 4 and 5 I don't know what they are. elkpichico elkpichico Also I found that type ares: elkpichico V - Valid elkpichico E - Expired elkpichico R - Revoked elkpichico elkpichico So I guess that the field EXPDATE is valid only for the Valid type? elkpichico So when the database say Revokde, the EXPDATE is the revoked time ? elkpichico and when is Expired ? elkpichico elkpichico Thanks a lot if somebody can ask me some of the questions. elkpichico I really appreciate. elkpichico elkpichico Regards, elkpichico Andres. -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org