Hi. I'm trying to test the current CVS HEAD with FIPS_set_module_mode(1).
It's looking fairly promising to me, but I currently have one problem: While performing an SSL handshake, I get 1208113320:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:179: This sounded a bit weird to me, since I've tried my best to set up my application to use only FIPS-validated algorithms, but to no avail. I added some debugging printouts to my libcrypto, and from what I could understand, the digest in question is MD5. When I patched openssl to say MD5 was a FIPS-approved digest, it worked. The program I'm using is attached, and also output from a separate 'openssl s_client -connect -showcerts'. Does anyone have any ideas as to why MD5 appears in this handshake?
#include <stddef.h> #include <openssl/fips.h> #include <openssl/fips_rand.h> #include <openssl/rand.h> #include <openssl/err.h> #include <stdio.h> #include <string.h> #include <openssl/ssl.h> #include <sys/socket.h> #include <unistd.h> #include <fcntl.h> #include <arpa/inet.h> static int attempt_handshake(void) { SSL_CTX *ctx = SSL_CTX_new(TLSv1_client_method()); SSL *ssl; int ret; BIO *bio; if (!ctx) { ERR_print_errors_fp(stderr); return 1; } if (!SSL_CTX_set_cipher_list(ctx, "FIPS:!MD5:@STRENGTH")) { ERR_print_errors_fp(stderr); return 1; } ssl = SSL_new(ctx); if (!ssl) return 1; bio = BIO_new_connect((char*) "10.47.1.58:5061"); BIO_set_nbio(bio, 1); if (!bio) { fprintf(stderr, "Failed to open read/write BIO\n"); BIO_free(bio); SSL_free(ssl); SSL_CTX_free(ctx); return 1; } SSL_set_bio(ssl, bio, bio); while (1) { int sslerr; ret = SSL_connect(ssl); if (ret > 0) { ret = 0; fprintf(stderr, "SSL handshake completed!\n"); break; } if (ret <= 0) sslerr = SSL_get_error(ssl, ret); if (sslerr == SSL_ERROR_WANT_WRITE || sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_ACCEPT || sslerr == SSL_ERROR_WANT_CONNECT || sslerr == SSL_ERROR_NONE) { fprintf(stderr, "Handshake continue (%d, %d)\n", ret, sslerr); ERR_print_errors_fp(stderr); ret = 0; } else { fprintf(stderr, "Failed to SSL_connect()\n"); ERR_print_errors_fp(stderr); ret = 1; break; } } SSL_shutdown(ssl); SSL_free(ssl); SSL_CTX_free(ctx); return ret; } int main(void) { size_t i; unsigned char obuf[2048]; // const unsigned char key[] = { 0xab, 0xcd, 0x42, 0x12, 0x12, 0x32 }; ERR_load_crypto_strings(); SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); //FIPS_x931_set_key(key, sizeof key); //FIPS_x931_seed(key, sizeof key); //RAND_set_rand_method(FIPS_x931_method()); RAND_set_rand_method(FIPS_drbg_method()); if (!FIPS_module_mode_set(1)) { ERR_print_errors_fp(stderr); return EXIT_FAILURE; } memset(obuf, 0, sizeof obuf); for (i = 0; i < 100; ++i) { unsigned char buf[2048]; if (!RAND_pseudo_bytes(buf, sizeof buf) || memcmp(buf, obuf, sizeof obuf) == 0) { ERR_print_errors_fp(stderr); return EXIT_FAILURE; } memcpy(obuf, buf, sizeof buf); } fprintf(stderr, "Running with RAND_METHOD %p\n", RAND_get_rand_method()); fprintf(stderr, "ssleay %p, x931 %p, drbg %p\n", RAND_SSLeay(), FIPS_x931_method(), FIPS_drbg_method()); return attempt_handshake(); }
[14:13:52][hgb@prentice:/data/revo/main]1086 openssl s_client -connect 10.47.1.58:5061 -showcerts -tls1 CONNECTED(00000003) depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN = rdvcs1.rd.tandberg.com, emailAddress = support...@tandberg.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN = rdvcs1.rd.tandberg.com, emailAddress = support...@tandberg.com verify error:num=27:certificate not trusted verify return:1 depth=0 C = NO, ST = Akershus, L = Lysaker, O = TANDBERG ASA, OU = R&D, CN = rdvcs1.rd.tandberg.com, emailAddress = support...@tandberg.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/OU=R&D/CN=rdvcs1.rd.tandberg.com/emailAddress=support...@tandberg.com i:/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/CN=TAA ROOT CA/emailAddress=roo...@tandberg.com -----BEGIN CERTIFICATE----- MIICjjCCAk2gAwIBAgIBDDAJBgcqhkjOOAQDMIGDMQswCQYDVQQGEwJOTzERMA8G A1UECBMIQWtlcnNodXMxEDAOBgNVBAcTB0x5c2FrZXIxFTATBgNVBAoTDFRBTkRC RVJHIEFTQTEUMBIGA1UEAxMLVEFBIFJPT1QgQ0ExIjAgBgkqhkiG9w0BCQEWE3Jv b3RjYUB0YW5kYmVyZy5jb20wHhcNMDkxMDE1MTAwNDA4WhcNMTExMDA1MTAwNDA4 WjCBoDELMAkGA1UEBhMCTk8xETAPBgNVBAgTCEFrZXJzaHVzMRAwDgYDVQQHEwdM eXNha2VyMRUwEwYDVQQKEwxUQU5EQkVSRyBBU0ExDDAKBgNVBAsMA1ImRDEfMB0G A1UEAxMWcmR2Y3MxLnJkLnRhbmRiZXJnLmNvbTEmMCQGCSqGSIb3DQEJARYXc3Vw cG9ydC5yZEB0YW5kYmVyZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB ALhe1Bx3FuwQv5QAcGIYgZc9FuvKw8C9F+qkZHNX1vICsAIwinGiMcsTtOkgdyNf tLHrmMNSdn5bDB23ps5rwf5/13FwLKjyOaj2OUGQcxdo7FTrO8NP+L9/0hTgFP3P GY0IKPSJubR+jmfa7z8Zk5vVfgB6Z2GQ7/KNOlk5Eq+PAgMBAAGjTTBLMAkGA1Ud EwQCMAAwHQYDVR0OBBYEFLg4Tr40OAytalWLy2LuTBS1M1lVMB8GA1UdIwQYMBaA FM777zPJF/Z2wP/jIOQLwfUuqJCLMAkGByqGSM44BAMDMAAwLQIVAMtCEFoTc2Uc bYFxPh47rvTbPWwEAhRh2OPy/m2aupYi6wBncTeYh1OTUA== -----END CERTIFICATE----- --- Server certificate subject=/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/OU=R&D/CN=rdvcs1.rd.tandberg.com/emailAddress=support...@tandberg.com issuer=/C=NO/ST=Akershus/L=Lysaker/O=TANDBERG ASA/CN=TAA ROOT CA/emailAddress=roo...@tandberg.com --- No client certificate CA names sent --- SSL handshake has read 1376 bytes and written 311 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 405D34C8E1474AD4BD5135F69D9062D0615073659709A5B2BEFDBEFCF9D979BC Session-ID-ctx: Master-Key: 1E692119137F295DA415E0F343DC5555BB7680A7A95A6A758F021182FE59A8997D7C7EAD2C1364F3B67FE5A2C29550EB Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 5c 3b 19 52 16 dd 3c d2-5e 56 b8 66 17 d8 cd cc \;.R..<.^V.f.... 0010 - 1b 1a 45 00 a1 8b a0 dc-37 c1 46 ff 77 b1 2a 8f ..E.....7.F.w.*. 0020 - ae 55 a4 68 5b c0 f0 73-6b 93 42 b9 6e 3c f3 c7 .U.h[..sk.B.n<.. 0030 - 22 a9 1e 19 a1 b5 75 b6-d5 0f a2 65 56 13 b1 c3 ".....u....eV... 0040 - f8 f3 2d 7f 7b d3 2e 78-a9 3f 6e d8 54 78 98 e6 ..-.{..x.?n.Tx.. 0050 - ce 49 0c cd 8e a4 ce 98-36 7a 19 92 9d a1 37 a7 .I......6z....7. 0060 - 14 d7 ab 60 a7 e7 e0 da-b3 de aa 9c 78 64 f9 c8 ...`........xd.. 0070 - 76 9d d1 23 57 d7 5d 09-58 1d 78 33 9d f8 20 4b v..#W.].X.x3.. K 0080 - 53 06 49 50 46 d6 23 ac-bd b1 70 1f d2 41 fe 2c S.IPF.#...p..A., 0090 - 32 27 81 b2 e4 09 32 53-e7 6c cc 79 37 d9 5e 89 2'....2S.l.y7.^. Start Time: 1305548036 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) ---
-- Henrik Grindal Bakken <h...@ifi.uio.no> PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52