Replacement fpr FIPS_Digest

[Kory Hamzeh]

Hi,

I am working on converting this code to OpenSSL 3 for FIPS-140 KASVS ECDH 
testing:

https://github.com/majek/openssl/blob/master/fips/ecdh/fips_ecdhvs.c 


The only consequential change I made to the code was replacing the call to 
FIPS_Digest with a call to EVP_Digest when calculating the Z hash. I am loading 
the FIPS module using a configuration file and then calling property() to 
“fips=yes”.

I am only testing ECDH key gen and verification. When I run the test against 
NIST test vectors per SP800-56A, all of the verifies fail.

I am wondering if replacing FIPS_Digest with EVP_Digest is not enough? Also, 
code in the above link used a now unsupported callback function to register a 
fake entropy source. However, I don’t think entropy is at play for ECDH key 
verification.

Thanks,
Kory

Re: OpenSSL3 unloading and re-loading the FIPS provider after it enters error state

[Matt Caswell]

On 06/12/2021 15:49, Cristian Andrei Sandu wrote:

Hi guys,

Is there any way I can re-load the FIPS provider after it reached its 
error state? I’d like to do it without restarting the process. (If it 
matters, I’m already using a non-default library context with a separate 
configuration file that I load with OSSL_LIB_CTX_load_config()).


I’d like to be able to explicitly load the provider with 
OSSL_PROVIDER_load(), call OSSL_PROVIDER_self_test() with a corrupted 
test, unload the provider, re-load it and run OSSL_self_test() again 
without the previous corrupted test. (all of these without killing the 
process)


Which approach would you recommend?


In principle if you unload the provider using OSSL_PROVIDER_unload() and 
free anything you fetched from the provider as well as freeing the 
libctx using OSSL_LIB_CTX_free() - then this should result in dlclose 
being called on the fips.so file. What happens then is up to the mercy 
of the OS - but it is likely to unload the .so from the process. 
Subsequently loading it again into a new libctx should then give you a 
blank slate to start again. However this all very much depends on 
whether the fips.so does actually get removed by the OS. If it doesn't 
then it will simply remember the self test result from last time and 
will fail to start up properly - so this is probably not sufficiently 
reliable for you to depend on it.


There isn't another way of doing this AFAIK.

Matt




Thanks,

Cristian Sandu

This email message and any attachments are intended solely for the use 
of the addressees hereof.
This message and any attachments may contain information that is 
confidential, privileged and exempt from disclosure under applicable law.
If you are not the intended recipient of this message, you are 
prohibited from reading, disclosing, reproducing, distributing, 
disseminating or otherwise using this transmission.
If you have received this message in error, please promptly notify the 
sender at Ceragon by reply E-mail and immediately delete this message 
from your system.

OpenSSL3 unloading and re-loading the FIPS provider after it enters error state

[Cristian Andrei Sandu]

Hi guys,

Is there any way I can re-load the FIPS provider after it reached its error 
state? I'd like to do it without restarting the process. (If it matters, I'm 
already using a non-default library context with a separate configuration file 
that I load with OSSL_LIB_CTX_load_config()).

I'd like to be able to explicitly load the provider with OSSL_PROVIDER_load(), 
call OSSL_PROVIDER_self_test() with a corrupted test, unload the provider, 
re-load it and run OSSL_self_test() again without the previous corrupted test. 
(all of these without killing the process)
Which approach would you recommend?

Thanks,
Cristian Sandu
This email message and any attachments are intended solely for the use of the 
addressees hereof. 
This message and any attachments may contain information that is confidential, 
privileged and exempt from disclosure under applicable law.
If you are not the intended recipient of this message, you are prohibited from 
reading, disclosing, reproducing, distributing, disseminating or otherwise 
using this transmission.
If you have received this message in error, please promptly notify the sender 
at Ceragon by reply E-mail and immediately delete this message from your system.

RE: Enumerating TLS protocol versions and ciphers supported by the peer

[Michael Wojcik]

> From: Dr. Matthias St. Pierre 
> Sent: Monday, 6 December, 2021 07:53
> To: Michael Wojcik ; openssl-
> 
> 
> > "Comparable elegant" is underspecified.
> 
> (I guess, "Comparably elegant" would have been grammatically more
> correct.)

I just meant that elegance is in the eye of the beholder.

Many people might agree that having a single command line return the list of 
what suites the server supports is elegant, at least for the user. Others 
prefer the original UNIX philosophy of simpler tools which are scripted to 
perform more complex operations; that's the testssl.sh approach, and it's more 
elegant in the sense of being composed in a visible (and modifiable) way from 
smaller pieces.

A command-line option to s_client to do this sort of server profiling is 
conceivable, but it would be a significant departure from what s_client does 
now, since it would conflict with some other options and would involve making 
multiple connections. That doesn't mean it shouldn't be implemented, 
necessarily, just that it's not parallel to most of the other things s_client 
options do.

-- 
Michael Wojcik

Re: Need Replacement for Deprecated function.

[Jeremy Harris]

On 05/12/2021 22:06, Viktor Dukhovni wrote:

Where is that macro defined?


 


Ah, so it is.  And "cscope -kR" is ignoring that file,
for some reason, hence lying to me.

Thanks Viktor.
--
Cheers,
  Jeremy

RE: Enumerating TLS protocol versions and ciphers supported by the peer

[Dr. Matthias St. Pierre]

> "Comparable elegant" is underspecified.

(I guess, "Comparably elegant" would have been grammatically more correct.)

> Perhaps try testssl.sh (https://testssl.sh/)? It has various options for 
> reducing the number and types of tests it runs. We've used it for
> profiling internal TLS-enabled servers.

My question was mainly for educational purpose (since the 'nmap' tool already 
satisfies my needs), but I wanted to know whether the openssl tool
can do same thing with a comparable effort. By this I mean a simple shell 
one-liner (or failing that just a few lines of shell script) utilizing `openssl 
s_client`.
Thanks for the weblink nevertheless.


Matthias



smime.p7s
Description: S/MIME cryptographic signature

RE: Enumerating TLS protocol versions and ciphers supported by the peer

[Michael Wojcik]

From: openssl-users  On Behalf Of Dr. 
Matthias St. Pierre
Sent: Monday, 6 December, 2021 07:12


> today I learned that nmap has a nice feature to enumerate the protocol 
> versions and cipher
> suites supported by the peer (see below).
> Is there a comparable elegant way to obtain the same results using the 
> `openssl s_client`
> tool?

"Comparable elegant" is underspecified.

Perhaps try testssl.sh (https://testssl.sh/)? It has various options for 
reducing the number and types of tests it runs. We've used it for profiling 
internal TLS-enabled servers.

-- 
Michael Wojcik

Enumerating TLS protocol versions and ciphers supported by the peer

[Dr. Matthias St. Pierre]

Hi all,

today I learned that nmap has a nice feature to enumerate the protocol versions 
and cipher suites supported by the peer (see below).
Is there a comparable elegant way to obtain the same results using the `openssl 
s_client` tool?

Matthias


--

$ nmap -script ssl-enum-ciphers -p 443 www.openssl.org

Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-06 15:05 CET
Nmap scan report for www.openssl.org (96.16.136.61)
Host is up (0.0041s latency).
Other addresses for www.openssl.org (not scanned): 
2a02:26f0:1700:393::c1e 2a02:26f0:1700:380::c1e
rDNS record for 96.16.136.61: a96-16-136-61.deploy.static.akamaitechnologies.com

PORTSTATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.0:
| ciphers:
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: server
|   TLSv1.1:
| ciphers:
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: server
|   TLSv1.2:
| ciphers:
|   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|   TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.10 seconds

smime.p7s
Description: S/MIME cryptographic signature

How to renew and install SSL certificate for Virtualmin/Webmin, Apache web server, Dovecot and Postfix for a company in Singapore on 6 Dec 2021 Mon

[Turritopsis Dohrnii Teo En Ming]

Subject: How to renew and install SSL certificate for
Virtualmin/Webmin, Apache web server, Dovecot and Postfix for a
company in Singapore on 6 Dec 2021 Mon

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 6 Dec 2021 Monday Singapore Time

Type of Publication: Plain Text
Document Version: 20211206.01

DETAILED INSTRUCTIONS
=

Section 1: Generate Certificate Signing Request (CSR)
=

Putty/SSH into your Linux server.

# cd /root

# mkdir teo-en-ming-6dec2021

# openssl req -new -newkey rsa:2048 -nodes -keyout 2022.key -out 2022.csr

Generating a 2048 bit RSA private key
+++
+++
writing new private key to '2022.key'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Singapore
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Teo En Ming Corporation
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, your name or your server's hostname) []:*.teo-en-ming-corp.com
Email Address []:c...@teo-en-ming-corp.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# mv 2022.* teo-en-ming-6dec2021/

# cd teo-en-ming-6dec2021/

Displaying the contents of the CSR.

# cat 2022.csr

-BEGIN CERTIFICATE REQUEST-

Blah blah blah

-END CERTIFICATE REQUEST-

IMPORTANT NOTICE


How to submit the CSR to your commercial certificate authority and how
to generate SSL server certificate is beyond the scope of this
tutorial. Instructions will be provided by your commercial certificate
authority.

Section 2: Installing SSL certificate in Virtualmin/Webmin
==

Login to Virtualmin.

Click Server Configuration > SSL Certificate

# cd /root/teo-en-ming-6dec2021

# nano 2022.crt

Paste the SSL certificate generated by your commercial certificate
authority as below.

-BEGIN CERTIFICATE-

Blah blah blah

-END CERTIFICATE-

Displaying the contents of the secret key.

# cat 2022.key

-BEGIN PRIVATE KEY-

Blah blah blah

-END PRIVATE KEY-

# cd /root/teo-en-ming-6dec2021/

# cp 2022.* /home/teo-en-ming-corp

Click Server Configuration > SSL Certificate > Update Certificate and Key

New certificate details
=

Signed SSL certificate:

Click File on server: /home/teo-en-ming-corp/2022.crt

Matching private key:

File on server: /home/teo-en-ming-corp/2022.key

Private key password: Click "None needed"

Click "Install Now"

Section 3: Installing SSL Certificate on Apache Web Server
===

After you have performed the steps in Section 2 above, the SSL
certificate for Apache web server will be also renewed automatically
as well.

Section 4: Installing SSL Certificate on Dovecot IMAP and POP3
Incoming Mail Server


# cat /home/teo-en-ming-corp/intermediate_domain_ca.crt

-BEGIN CERTIFICATE-
MIIETTCCAzWgAwIBAgILBAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV

Re: Need Replacement for Deprecated function

[Matt Caswell]

On 06/12/2021 12:26, Shivakumar Poojari wrote:

Hi All,

We are upgrading our code to openssl 3.0.

Need Replacement for below Deprecated function.

DSE:
DES_set_key();
DES_ecb_encrypt();

AES:
AES_set_encrypt_key();
AES_set_decrypt_key();
AES_wrap_key();
AES_unwrap_key();--- perivously i upgraded AES function with EVP related 
function but wrap/unwraper is something new.




All the DES and AES functions are just replaced by the EVP functions. 
From the migration guide:


"Low-level encryption functions such as AES_encrypt(3) and 
AES_decrypt(3) have been informally discouraged from use for a long 
time. Applications should instead use the high level EVP APIs 
EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3), and EVP_EncryptFinal_ex(3) 
or EVP_DecryptInit_ex(3), EVP_DecryptUpdate(3) and EVP_DecryptFinal_ex(3)."



The wrap/unwrap functionality is the same but you use the "wrap" ciphers:

https://www.openssl.org/docs/man3.0/man7/EVP_CIPHER-AES.html

The following "wrap" ciphers are supported:

"AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP", "AES-128-WRAP-PAD", 
"AES-192-WRAP-PAD", "AES-256-WRAP-PAD", "AES-128-WRAP-INV", 
"AES-192-WRAP-INV", "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", 
"AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV"




DH:
DH_new();
DH_set0_pqg();
DH_generate_key();
DH_get0_key();
DH_free();
DH_set0_key();
DH_size();
DH_compute_key();


All the DH functions are replaced by the EVP key exchange functionality.

In particular see this page:

https://www.openssl.org/docs/man3.0/man7/EVP_KEYEXCH-DH.html

and

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_derive.html




HMAC:
HMAC_CTX_new();compiler suggestion EVP_MAC_CTX_new();
HMAC_Init_ex();
HMAC_CTX_free();compiler suggestion EVP_MAC_CTX_free();
HMAC_Update();compiler suggestion EVP_MAC_update();
HMAC_Final();compiler suggestion EVP_MAC_final();


Use the EVP_MAC functions. In particular see:

https://www.openssl.org/docs/man3.0/man3/EVP_MAC.html

and

https://www.openssl.org/docs/man3.0/man7/EVP_MAC-HMAC.html

Matt




I'm not able to find proper replacement, Please help me out

Thanks,
Shiva Kumar

Notice: This e-mail together with any attachments may contain 
information of Ribbon Communications Inc. and its Affiliates that is 
confidential and/or proprietary for the sole use of the intended 
recipient. Any review, disclosure, reliance or distribution by others or 
forwarding without express permission is strictly prohibited. If you are 
not the intended recipient, please notify the sender immediately and 
then delete all copies, including any attachments.

Need Replacement for Deprecated function

[Shivakumar Poojari]

Hi All,

We are upgrading our code to openssl 3.0.

Need Replacement for below Deprecated function.

DSE:
DES_set_key();
DES_ecb_encrypt();

AES:
AES_set_encrypt_key();
AES_set_decrypt_key();
AES_wrap_key();
AES_unwrap_key();--- perivously i upgraded AES function with EVP related 
function but wrap/unwraper is something new.

DH:
DH_new();
DH_set0_pqg();
DH_generate_key();
DH_get0_key();
DH_free();
DH_set0_key();
DH_size();
DH_compute_key();

HMAC:
HMAC_CTX_new();compiler suggestion EVP_MAC_CTX_new();
HMAC_Init_ex();
HMAC_CTX_free();compiler suggestion EVP_MAC_CTX_free();
HMAC_Update();compiler suggestion EVP_MAC_update();
HMAC_Final();compiler suggestion EVP_MAC_final();

I'm not able to find proper replacement, Please help me out

Thanks,
Shiva Kumar

Notice: This e-mail together with any attachments may contain information of 
Ribbon Communications Inc. and its Affiliates that is confidential and/or 
proprietary for the sole use of the intended recipient. Any review, disclosure, 
reliance or distribution by others or forwarding without express permission is 
strictly prohibited. If you are not the intended recipient, please notify the 
sender immediately and then delete all copies, including any attachments.