OpenSSL 1.0.1
Hello, is there somewhere a release schedule for version 1.0.1 published? Thanks Dirk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS object module
On 2/16/2012 10:28 PM, Alex Chen wrote: From what I saw in OpenSSL site and the user guide, the FIPS object module is only compatible with OpenSSL 0.9.8, not 1.0. Is that still valid? Does that mean if I cannot use that module to work with OpenSSL 1.0? No, that is the old FIPS module, whose certification might still be technically valid, but whose available features don't match current FIPS criteria. There is a new FIPS module, known as FIPS module 2.0, which is currently going through the certification process and will hopefully get its own certification number when/if it passes. The new module is for OpenSSL 1.0.1 or 1.0.2, which are also future/beta releases. Mr. Fowler was testing out the beta version to make sure it could build in his environment. The FIPS 140 certification number 1051 is for source code module and from what I understand it has to be build without any changes. If we need to build it in 64-bit mode, does the build script support that? How about building it on Windows? Does it also have batch file to build on Windows and for 64-bit, too? -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
On 2/16/2012 11:42 PM, David H. Lipman wrote: From: Johan Samyn johan.sa...@gmail.com 48 hours later my replies have NOT made it to Gmane. Mark: 2/16/12 @ 1742 hrs I guess that would be 2012-02-16 17:42 -0500 aka 2012-02-16 22:42 UTC? It arrived here on our European mailserver 2012-02-17 11:01:12 UTC From 2012-02-16 22:43:05 UTC to 2012-02-17 22:43:10 UTC it spent all of 5 seconds on gmane servers. From 2012-02-16 22:43:10 UTC to 2012-02-17 10:56:02 UTC it was stuck somewhere inside master.openssl.org -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
On 02/17/2012 12:29 PM, Jakob Bohm wrote: On 2/16/2012 11:42 PM, David H. Lipman wrote: From: Johan Samyn johan.sa...@gmail.com 48 hours later my replies have NOT made it to Gmane. Mark: 2/16/12 @ 1742 hrs I guess that would be 2012-02-16 17:42 -0500 aka 2012-02-16 22:42 UTC? It arrived here on our European mailserver 2012-02-17 11:01:12 UTC From 2012-02-16 22:43:05 UTC to 2012-02-17 22:43:10 UTC it spent all of 5 seconds on gmane servers. From 2012-02-16 22:43:10 UTC to 2012-02-17 10:56:02 UTC it was stuck somewhere inside master.openssl.org master.openssl.org uses anti-spam measures that may cause some short delay. Mails posted by non-subscribers or being caught in additional anti-spam measures go to the moderation queue and I am not around 24/7. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS mode and RSA_verify confusion
Thank you very much. Recoded my test app for the EVP_Verify routines, things are working as expected now. Now back to making sense of all the key format (DER,PEM,BER) options. This is new stuff for me. JH On 2/16/12, Dr. Stephen Henson st...@openssl.org wrote: On Thu, Feb 16, 2012, john hagen wrote: Can someone shed some light on the following? I'm able to 'verify' via the command line like this: # env OPENSSL_FIPS=1 ./openssl dgst -sha512 -verify pub.pem -signature format.sign format.c Verified OK Programmatically I get the following runtime error. (error:0407708E:rsa routines:RSA_verify:operation not allowed in fips mode) Is there a different routine that I should use to 'verify' an RSA signature while in FIPS mode? You need to use the EVP functions EVP_Verify*, those are used by the dgst utility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS object module
Thanks for the information Jakob. I cannot find such module from OpenSSL source download page. Alex On Feb 17, 2012, at 2:19 AM, Jakob Bohm wrote: On 2/16/2012 10:28 PM, Alex Chen wrote: From what I saw in OpenSSL site and the user guide, the FIPS object module is only compatible with OpenSSL 0.9.8, not 1.0. Is that still valid? Does that mean if I cannot use that module to work with OpenSSL 1.0? No, that is the old FIPS module, whose certification might still be technically valid, but whose available features don't match current FIPS criteria. There is a new FIPS module, known as FIPS module 2.0, which is currently going through the certification process and will hopefully get its own certification number when/if it passes. The new module is for OpenSSL 1.0.1 or 1.0.2, which are also future/beta releases. Mr. Fowler was testing out the beta version to make sure it could build in his environment. The FIPS 140 certification number 1051 is for source code module and from what I understand it has to be build without any changes. If we need to build it in 64-bit mode, does the build script support that? How about building it on Windows? Does it also have batch file to build on Windows and for 64-bit, too? -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS object module
On 02/17/2012 12:54 PM, Alex Chen wrote: Thanks for the information Jakob. I cannot find such module from OpenSSL source download page. See ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20120217.tar.gz or http://opensslfoundation.com/testing/validation-2.0/source/openssl-fips-2.0rc3.tar.gz for source to the pending 2.0 module. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: weak key check?
On Feb 16, 2012, at 9:22 AM, Kenneth Goldman wrote: Many laptops and desktops and some servers now come with a TPM chip, a free source of hardware random numbers. Even aside from TPM or other HSMs, hardware random number generators have been a common feature of PC motherboard chipsets for a decade or so. I assume, perhaps optimistically, that the /dev/?random devices that modern OSs provide make use of these RNGs as well as other system entropy sources (interrupt timing and so on). It sounds like most of the low-entropy keys discovered by Lenstra+co belong not to desktop/server machines but to embedded devices such as firewalls or VPN boxes; it's easy to imagine that such a device, without a hardware RNG and generating its secret key immediately after its first boot, fresh from factory initialization, could have a hard time getting enough entropy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
possible memleak
Hi, I'm experiencing a memory leak in my server code using openssl 1.0.0g when a client with a self-signed cert tries to connect and is refused. Valgrind's massif traces this back to ssl3_get_client_certificate() at s3_srvr.c:2956, such as the following: | -10.77% (4,116,792B) 0x5364BC3: asn1_item_ex_combine_new (tasn_new.c:191) | | -08.39% (3,206,136B) 0x5367605: ASN1_item_ex_d2i (tasn_dec.c:400) | | | -05.81% (2,219,640B) 0x5367B3F: asn1_template_noexp_d2i (tasn_dec.c:706) | | | | -04.47% (1,707,408B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | -04.47% (1,707,408B) 0x536773B: ASN1_item_ex_d2i (tasn_dec.c:195) | | | | | -04.47% (1,707,408B) 0x5367B3F: asn1_template_noexp_d2i (tasn_dec.c:706) | | | | | -04.47% (1,707,408B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | -04.47% (1,707,408B) 0x536773B: ASN1_item_ex_d2i (tasn_dec.c:195) | | | | | -04.47% (1,707,408B) 0x53607D3: x509_name_ex_d2i (x_name.c:186) | | | | | -04.47% (1,707,408B) 0x5367051: ASN1_item_ex_d2i (tasn_dec.c:239) | | | | | -04.47% (1,707,264B) 0x5367C8F: asn1_template_noexp_d2i (tasn_dec.c:746) | | | | | | -03.57% (1,365,984B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | | | -03.57% (1,365,984B) 0x5367342: ASN1_item_ex_d2i (tasn_dec.c:448) | | | | | | | -03.57% (1,365,984B) 0x5367C8F: asn1_template_noexp_d2i (tasn_dec.c:746) | | | | | | | -03.57% (1,365,984B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | | | -03.57% (1,365,984B) 0x5367342: ASN1_item_ex_d2i (tasn_dec.c:448) | | | | | | | -03.57% (1,365,984B) 0x5368022: ASN1_item_d2i (tasn_dec.c:136) | | | | | | | -03.57% (1,364,544B) 0x587AF12: ssl3_get_client_certificate (s3_srvr.c:2956) | | | | | | | | -03.57% (1,364,544B) 0x587C206: ssl3_accept (s3_srvr.c:519) | | | | | | | | -03.57% (1,364,544B) 0x5885D80: ssl3_read_bytes (s3_pkt.c:941) | | | | | | | | -03.57% (1,364,544B) 0x5882AC8: ssl3_read (s3_lib.c:3274) After the disconnection I'm calling SSL_free() and SSL_CTX_free() but it looks like the X509 structures allocated by ssl3_get_client_certificate() are still leaked. Do I need to call something in addition in order to have this freed? Otherwise I suspect that this is a leak in openssl. Regards, Botond __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS fingerprint in .data not .rodata
Thanks Harvey, This seems to have worked as far as getting the .rodata section used. This is what I see now: 001b5740 g O .rodata0010 FIPS_rodata_start 001b5750 l O .rodata0011 FIPS_hmac_key 001b57bc g O .rodata0036 FIPS_bn_version 001c1e08 g O .rodata0010 FIPS_rodata_end 001fb1cc g O .data 0014 FIPS_signature My problem now is that when I build an executable (I'm using the simple hmac.c example in the user guide, with the Makefile modified to use a shared library) that uses the shared libcrypto.so, and run it on my target, it just spits out a hash value, no matter what options I give it. For example: # ./hmac 334286d0c4ca79f97921fa782c7269e972e0a420 Before I used the suggested -f options, this app at least worked for non-fips and gave me an error when enabling fips mode. Now I don't understand what it is doing, but I think it is trying to tell me something!! I've tried messing around with different INCORE_ADJUST values, but that does not seem to make any difference. I don't really understand how incore2 is supposed to work: it calculates a lot of stuff and dumps out values but never appears to modify the executable or library. I've also tried static linking of libcrypto.a into the executable - same result. Help appreciated! Kevin On Thu, Feb 16, 2012 at 4:47 PM, Harvey Shepherd harvey.sheph...@aviatnet.com wrote: Hi Kevin, I encountered this problem when compiling the 1.2.3 FIPS object module some time ago, with exactly the same compiler. After some experimentation I managed to get it to embed the fingerprint correctly using the following compiler options: -fno-common -fdata-sections -ffunction-sections I also needed to change the INCORE_ADJUST setting to an 8 byte offset for my processor as follows: diff --git a/current/appfs/openssl-fips/incore b/current/appfs/openssl-fips/incore index 07df989..61f68b9 100755 (executable) --- a/current/appfs/openssl-fips/incore +++ b/current/appfs/openssl-fips/incore @@ -6,6 +6,7 @@ DEBUG= +CROSS_COMPILE=ppc_8xx- OBJCOPY=${CROSS_COMPILE}objcopy OBJDUMP=${CROSS_COMPILE}objdump @@ -58,6 +59,7 @@ if [ -z $INCORE_ADJUST ]; then elf64-x86-64) INCORE_ADJUST=4;; #elf32-littlearm|elf32-little|elf32-bigarm) INCORE_ADJUST=-36;; elf32-littlearm|elf32-little|elf32-bigarm) INCORE_ADJUST=-8;; +elf32-powerpc) INCORE_ADJUST=8;; esac fi I'm not really an expert in this area, but it worked for me, so give it a try. Regards, Harvey I am building a cross-compiled FIPS-capable libcrypto.so with the 1.0.1beta OpenSSL and 2.0 FIPS Object Module. The build is being done on a linux (CentOS) host for a PowerPC target running netbsd 1.6.2 (yes, I know, its old). gcc being used: $ ${CROSS_COMPILE}gcc -v gcc version 2.95.3 20010315 (release) (NetBSD nb3) (yes, I know, also old) I can successfully build fipscontainer.o, and then build fips_algvs, which runs successfuly on the target system. This made me think that the fingerprint was working correctly... Later (when building libcrypto.so) I realized I was using the native incore script instead of the cross-compile incore script. I switched to the cross-compile incore script, but that failed to embed a fingerprint in the (FIPS-capable) libcrypto.so. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: weak key check?
Taking a different slant, is it possible to provide the Entropy using a pass phrase. So a given pass phrase will always generate the same key pair. This means that for simple applications no key store is required. Much like password based (symmetric) encryption. Any ideas as to how hard that would be to do with Open SSL? Has anyone else done it? Anthony 2012/2/17 Richard Könning richard.koenn...@ts.fujitsu.com Am 16.02.2012 12:17, schrieb Jakob Bohm: 2. Creating primes starts with high quality random numbers, such that there are a gigantic number of possible primes. If done correctly (like in current OpenSSL versions), the chance of choosing the same prime as somebody else is extremely low (again, I hope someone else on this list can come up with the numbers for general enlightenment). Well, seeding the PRNG correctly seems not to be a trivial task, see e.g. http://eprint.iacr.org/2012/**064.pdfhttp://eprint.iacr.org/2012/064.pdfand https://freedom-to-tinker.com/**blog/nadiah/new-research-** theres-no-need-panic-over-**factorable-keys-just-mind-**your-ps-and-qshttps://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs . Ciao, Richard __**__**__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Dr Anthony Berglas, anth...@berglas.org Mobile: +61 4 4838 8874 Just because it is possible to push twigs along the ground with ones nose does not necessarily mean that that is the best way to collect firewood.
Re:possible memleak
I think you may call the function [X509 *SSL_get_peer_certificate(const SSL *s)] to get a peer's certificate, but you have freed this certificate.SSL_get_peer_certificate will increase the reference count of this certificate and finally you will find that you haven't freed this certificate's memory.Call X509_free after you have used the certificate that ssl feeds. At 2012-02-18 05:25:55,Botond Botyanszki b...@siliconium.net wrote: Hi, I'm experiencing a memory leak in my server code using openssl 1.0.0g when a client with a self-signed cert tries to connect and is refused. Valgrind's massif traces this back to ssl3_get_client_certificate() at s3_srvr.c:2956, such as the following: | -10.77% (4,116,792B) 0x5364BC3: asn1_item_ex_combine_new (tasn_new.c:191) | | -08.39% (3,206,136B) 0x5367605: ASN1_item_ex_d2i (tasn_dec.c:400) | | | -05.81% (2,219,640B) 0x5367B3F: asn1_template_noexp_d2i (tasn_dec.c:706) | | | | -04.47% (1,707,408B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | -04.47% (1,707,408B) 0x536773B: ASN1_item_ex_d2i (tasn_dec.c:195) | | | | | -04.47% (1,707,408B) 0x5367B3F: asn1_template_noexp_d2i (tasn_dec.c:706) | | | | | -04.47% (1,707,408B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | -04.47% (1,707,408B) 0x536773B: ASN1_item_ex_d2i (tasn_dec.c:195) | | | | | -04.47% (1,707,408B) 0x53607D3: x509_name_ex_d2i (x_name.c:186) | | | | | -04.47% (1,707,408B) 0x5367051: ASN1_item_ex_d2i (tasn_dec.c:239) | | | | | -04.47% (1,707,264B) 0x5367C8F: asn1_template_noexp_d2i (tasn_dec.c:746) | | | | | | -03.57% (1,365,984B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | | | -03.57% (1,365,984B) 0x5367342: ASN1_item_ex_d2i (tasn_dec.c:448) | | | | | | | -03.57% (1,365,984B) 0x5367C8F: asn1_template_noexp_d2i (tasn_dec.c:746) | | | | | | | -03.57% (1,365,984B) 0x5367EEA: asn1_template_ex_d2i (tasn_dec.c:607) | | | | | | | -03.57% (1,365,984B) 0x5367342: ASN1_item_ex_d2i (tasn_dec.c:448) | | | | | | | -03.57% (1,365,984B) 0x5368022: ASN1_item_d2i (tasn_dec.c:136) | | | | | | | -03.57% (1,364,544B) 0x587AF12: ssl3_get_client_certificate (s3_srvr.c:2956) | | | | | | | | -03.57% (1,364,544B) 0x587C206: ssl3_accept (s3_srvr.c:519) | | | | | | | | -03.57% (1,364,544B) 0x5885D80: ssl3_read_bytes (s3_pkt.c:941) | | | | | | | | -03.57% (1,364,544B) 0x5882AC8: ssl3_read (s3_lib.c:3274) After the disconnection I'm calling SSL_free() and SSL_CTX_free() but it looks like the X509 structures allocated by ssl3_get_client_certificate() are still leaked. Do I need to call something in addition in order to have this freed? Otherwise I suspect that this is a leak in openssl. Regards, Botond __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org