Hi. I'm trying to test the current CVS HEAD with
FIPS_set_module_mode(1).
It's looking fairly promising to me, but I currently have one problem:
While performing an SSL handshake, I get
1208113320:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled
for fips:fips_md.c:179:
This sounded a bit weird to me, since I've tried my best to set up my
application to use only FIPS-validated algorithms, but to no avail. I
added some debugging printouts to my libcrypto, and from what I could
understand, the digest in question is MD5. When I patched openssl to
say MD5 was a FIPS-approved digest, it worked.
The program I'm using is attached, and also output from a separate
'openssl s_client -connect -showcerts'.
Does anyone have any ideas as to why MD5 appears in this handshake?
#include <stddef.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <stdio.h>
#include <string.h>
#include <openssl/ssl.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <arpa/inet.h>
static int attempt_handshake(void)
{
SSL_CTX *ctx = SSL_CTX_new(TLSv1_client_method());
SSL *ssl;
int ret;
BIO *bio;
if (!ctx) {
ERR_print_errors_fp(stderr);
return 1;
}
if (!SSL_CTX_set_cipher_list(ctx, "FIPS:!MD5:@STRENGTH")) {
ERR_print_errors_fp(stderr);
return 1;
}
ssl = SSL_new(ctx);
if (!ssl)
return 1;
bio = BIO_new_connect((char*) "10.47.1.58:5061");
BIO_set_nbio(bio, 1);
if (!bio) {
fprintf(stderr, "Failed to open read/write BIO\n");
BIO_free(bio);
SSL_free(ssl);
SSL_CTX_free(ctx);
return 1;
}
SSL_set_bio(ssl, bio, bio);
while (1) {
int sslerr;
ret = SSL_connect(ssl);
if (ret > 0) {
ret = 0;
fprintf(stderr, "SSL handshake completed!\n");
break;
}
if (ret <= 0)
sslerr = SSL_get_error(ssl, ret);
if (sslerr == SSL_ERROR_WANT_WRITE || sslerr == SSL_ERROR_WANT_READ ||
sslerr == SSL_ERROR_WANT_ACCEPT || sslerr == SSL_ERROR_WANT_CONNECT
||
sslerr == SSL_ERROR_NONE) {
fprintf(stderr, "Handshake continue (%d, %d)\n", ret, sslerr);
ERR_print_errors_fp(stderr);
ret = 0;
} else {
fprintf(stderr, "Failed to SSL_connect()\n");
ERR_print_errors_fp(stderr);
ret = 1;
break;
}
}
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
return ret;
}
int main(void)
{
size_t i;
unsigned char obuf[2048];
// const unsigned char key[] = { 0xab, 0xcd, 0x42, 0x12, 0x12, 0x32 };
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
//FIPS_x931_set_key(key, sizeof key);
//FIPS_x931_seed(key, sizeof key);
//RAND_set_rand_method(FIPS_x931_method());
RAND_set_rand_method(FIPS_drbg_method());
if (!FIPS_module_mode_set(1)) {
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
memset(obuf, 0, sizeof obuf);
for (i = 0; i < 100; ++i) {
unsigned char buf[2048];
if (!RAND_pseudo_bytes(buf, sizeof buf) ||
memcmp(buf, obuf, sizeof obuf) == 0) {
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
memcpy(obuf, buf, sizeof buf);
}
fprintf(stderr, "Running with RAND_METHOD %p\n", RAND_get_rand_method());
fprintf(stderr, "ssleay %p, x931 %p, drbg %p\n", RAND_SSLeay(),
FIPS_x931_method(), FIPS_drbg_method());
return attempt_handshake();
}
[14:13:52][hgb@prentice:/data/revo/main]1086 openssl s_client -connect
10.47.1.58:5061 -showcerts -tls1
CONNECTED(00000003)
depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN =
rdvcs1.rd.tandberg.com, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN =
rdvcs1.rd.tandberg.com, emailAddress = [email protected]
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN =
rdvcs1.rd.tandberg.com, emailAddress = [email protected]
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG
ASA/OU=R&D/CN=rdvcs1.rd.tandberg.com/[email protected]
i:/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/CN=TAA ROOT
CA/[email protected]
-----BEGIN CERTIFICATE-----
MIICjjCCAk2gAwIBAgIBDDAJBgcqhkjOOAQDMIGDMQswCQYDVQQGEwJOTzERMA8G
A1UECBMIQWtlcnNodXMxEDAOBgNVBAcTB0x5c2FrZXIxFTATBgNVBAoTDFRBTkRC
RVJHIEFTQTEUMBIGA1UEAxMLVEFBIFJPT1QgQ0ExIjAgBgkqhkiG9w0BCQEWE3Jv
b3RjYUB0YW5kYmVyZy5jb20wHhcNMDkxMDE1MTAwNDA4WhcNMTExMDA1MTAwNDA4
WjCBoDELMAkGA1UEBhMCTk8xETAPBgNVBAgTCEFrZXJzaHVzMRAwDgYDVQQHEwdM
eXNha2VyMRUwEwYDVQQKEwxUQU5EQkVSRyBBU0ExDDAKBgNVBAsMA1ImRDEfMB0G
A1UEAxMWcmR2Y3MxLnJkLnRhbmRiZXJnLmNvbTEmMCQGCSqGSIb3DQEJARYXc3Vw
cG9ydC5yZEB0YW5kYmVyZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALhe1Bx3FuwQv5QAcGIYgZc9FuvKw8C9F+qkZHNX1vICsAIwinGiMcsTtOkgdyNf
tLHrmMNSdn5bDB23ps5rwf5/13FwLKjyOaj2OUGQcxdo7FTrO8NP+L9/0hTgFP3P
GY0IKPSJubR+jmfa7z8Zk5vVfgB6Z2GQ7/KNOlk5Eq+PAgMBAAGjTTBLMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFLg4Tr40OAytalWLy2LuTBS1M1lVMB8GA1UdIwQYMBaA
FM777zPJF/Z2wP/jIOQLwfUuqJCLMAkGByqGSM44BAMDMAAwLQIVAMtCEFoTc2Uc
bYFxPh47rvTbPWwEAhRh2OPy/m2aupYi6wBncTeYh1OTUA==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG
ASA/OU=R&D/CN=rdvcs1.rd.tandberg.com/[email protected]
issuer=/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/CN=TAA ROOT
CA/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 1376 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 405D34C8E1474AD4BD5135F69D9062D0615073659709A5B2BEFDBEFCF9D979BC
Session-ID-ctx:
Master-Key:
1E692119137F295DA415E0F343DC5555BB7680A7A95A6A758F021182FE59A8997D7C7EAD2C1364F3B67FE5A2C29550EB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 5c 3b 19 52 16 dd 3c d2-5e 56 b8 66 17 d8 cd cc \;.R..<.^V.f....
0010 - 1b 1a 45 00 a1 8b a0 dc-37 c1 46 ff 77 b1 2a 8f ..E.....7.F.w.*.
0020 - ae 55 a4 68 5b c0 f0 73-6b 93 42 b9 6e 3c f3 c7 .U.h[..sk.B.n<..
0030 - 22 a9 1e 19 a1 b5 75 b6-d5 0f a2 65 56 13 b1 c3 ".....u....eV...
0040 - f8 f3 2d 7f 7b d3 2e 78-a9 3f 6e d8 54 78 98 e6 ..-.{..x.?n.Tx..
0050 - ce 49 0c cd 8e a4 ce 98-36 7a 19 92 9d a1 37 a7 .I......6z....7.
0060 - 14 d7 ab 60 a7 e7 e0 da-b3 de aa 9c 78 64 f9 c8 ...`........xd..
0070 - 76 9d d1 23 57 d7 5d 09-58 1d 78 33 9d f8 20 4b v..#W.].X.x3.. K
0080 - 53 06 49 50 46 d6 23 ac-bd b1 70 1f d2 41 fe 2c S.IPF.#...p..A.,
0090 - 32 27 81 b2 e4 09 32 53-e7 6c cc 79 37 d9 5e 89 2'....2S.l.y7.^.
Start Time: 1305548036
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
--
Henrik Grindal Bakken <[email protected]>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52