Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

2013-04-26 Thread Jakob Bohm

On 4/25/2013 1:40 PM, Cipher wrote:

Hi,
For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
configuration option to use *only* TLSv1.2 ciphers?
we are using apache/mod_ssl engine(v 2.2.16).  *SSLProtocol* directive does
not support TLSv1.1/TLSv1.2 option.



Which version of the OpenSSL library was it built with?  Anything less
than 1.0.1 will not allow TLSv1.2, and will not work with the current
FIPS-certified module 2.0.

Due to known security fixes, be sure to use Apache/mod_ssl 2.2.24 or 
later with OpenSSL 1.0.1e or later.  Apache 2.2.24 includes security

fixes, and some TLSv1.2 related fixes.

I it was built against OpenSSL library 1.0.1, you can use the
SSLCipherSuite directive to limit the set of ciphersuites that will
work.  Also note that the parser for this option in earlier OpenSSL
library 1.0.1 patch releases had bugs in the handling of TLSv1.2
related names, so be sure to use the current OpenSSL library version 1.0.1e.

According to , when
built against OpenSSL library 1.0.1e with FIPS module 2.0, mod_ssl
2.2.23 or later *does* support the specification of the TLSv1.2 protocol
in the SSLProtocol directive.

And please be sure to filter the correct aspect of your setup, as there
are 4 independent directives that affect *different* security parameters:

# Only use the cipher suites that are new for TLS version 1.2,
#regardless of their security or lack thereof.
# The value of this option is parsed by the OpenSSL library and the
#mod_ssl documentation of its possible values is hopelessly
#outdated, for instance the value "HIGH" and "MEDIUM" do not mean
#what that outdated document says.
SSLCipherSuite TLSv1.2
# Only use the version 1.2 handshake and encryption protocol, this
#does not prevent negotiating a weak encryption such as
#56 bit single DES.
# This option is new in Apache mod_ssl 2.2.23
SSLProtocol TLSv1.2
# Only use FIPS-approved algorithms in FIPS-validated implementations,
#   this is required for US Government work but prevents the use of
#   security improvements that have not made it through the bureaucracy
#   yet.
SSLFIPS on
# Prevent a traffic-analysis attack on some types of cookie-
#   authentication.  These attacks only work if they can trick the users
#   browser into repeatedly sending their secret cookie with different
#   attacker-chosen HTTP header values, thus giving different compressed
#   size depending on which letters are in common between the cookie and
#   the attackers values.  These attacks are called CRIME attacks.
# A better defense against these attacks is to cancel (server side!) the
#   validity of any authentication cookie repeatedly received with wrong
#   or modified URLs or other header parameters.
# Regardless, some security auditors currently insist that all data
#   compression of encrypted connections is disabled wholesale
#   regardless of other security measures taken against these attacks.
# This option is new in Apache mod_ssl 2.2.24
SSLCompression off



if there is no config option, which functions need to be changed to support
only TLSv1.2 in FIPS mode?(If the list is not so long)

any inputs are highly appreciated.

Thanks,



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

2013-04-26 Thread Viktor Dukhovni
On Thu, Apr 25, 2013 at 04:40:12AM -0700, Cipher wrote:

> For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
> configuration option to use *only* TLSv1.2 ciphers? 

You say ciphers here.

> we are using apache/mod_ssl engine(v 2.2.16).  *SSLProtocol* directive does
> not support TLSv1.1/TLSv1.2 option.

And then protocols here.  Which do you want, the protocol or the ciphers?

> if there is no config option, which functions need to be changed to support
> only TLSv1.2 in FIPS mode?(If the list is not so long)
> any inputs are highly appreciated.

I am not aware of any "config" option.  At runtime you can call:
SSL_CTX_set_options() with an argument of:

SSP_OP_NO_SSLv2|
SSL_OP_NO_SSLv3|
SSL_OP_NO_TLSv1|
SSL_OP_NO_TLSv1_1

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


RE: Data and Signature (envelope)

2013-04-26 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Thursday, 25 April, 2013 09:40
> To: openssl-users@openssl.org
> Subject: Re: Data and Signature (envelope)
> 
> I looked at the latest smsign.c shown below modified with a 
> large data item.
> The result is still a detached and quite small like a 
> signature. The flag changed 
> and yet nothing different. It should be quite large. 

Your code works for me, with one change to use my data file,
on (home) Vista with ShiningLight 1.0.0e and mingw gcc.

Are you by any chance also working on Windows? Remember that 
on Windows C implementations (except maybe cygwin, I'm not sure) 
open mode "r" means a text file, which is truncated at any 0x1A 
(^Z) byte. PDF's are usually compressed and compressed data is 
practically certain to contain 0x1A bytes here and there.
To handle compressed or other binary data use "rb".

If you want to see what is actually in your generated object 
take the body part (i.e. skip the S/MIME headers) and feed it 
as input to commandline asn1parse. If your contained data is 
compressed it will display as unreadable gibberish, but you 
can see something is there and get some idea how big it is.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


FIPS with openssl 1.0.1c strange error

2013-04-26 Thread Cipher
I cross compiled openssl 1.0.1c with FIPS with following commands:
For FIPS module:
./config
make

for openssl
./config fips no-asm shared
--with-fipsdir=/software/openssl/openssl-fips-2.0.2/
export FIPS_SIG=/software/openssl/openssl-fips-2.0.2/util/incore
changed fipsld line 132 to "${FIPS_SIG}" -dso "${TARGET}"
make

Everything was fine. openssl was working fine after installing in the target
machine.
I had to rebuild libcrypto for some reason. With the same options i did a
clear build and created libcrypto.so.1.0.0 .
But in the target system after installing, i get this when i run openssl.
[root@PC ~]# openssl
b69a5b834670cad92f1ecced70bc732857b3580e
[root@PC ~]# openssl ciphers
b69a5b834670cad92f1ecced70bc732857b3580e
[root@PC ~]

What does this mean?
both libcrypto.so.1.0.0 (earlier and new) are equal in size and symbols also
match.

[root@PC~]# nm -f 'sysv' *libcrypto.so.1.0.0_earler* |grep fips|grep .rodata
fips_des_sptrans|00190aa0|   R  |   
OBJECT|0800| |.rodata
fips_sha1_version   |001909e0|   R  |   
OBJECT|0030| |.rodata
fips_sha256_version |00190a20|   R  |   
OBJECT|0033| |.rodata
fips_sha512_version |00190a60|   R  |   
OBJECT|0033| |.rodata
[root@PC~]# nm -f 'sysv' *libcrypto.so.1.0.0* |grep fips|grep .rodata
fips_des_sptrans|00190aa0|   R  |   
OBJECT|0800| |.rodata
fips_sha1_version   |001909e0|   R  |   
OBJECT|0030| |.rodata
fips_sha256_version |00190a20|   R  |   
OBJECT|0033| |.rodata
fips_sha512_version |00190a60|   R  |   
OBJECT|0033| |.rodata

But diff command says they are different.

 Is this something to do with env setup? I checked both Makefiles and they
are same.

Please some one help with this. I am frustrated with this



--
View this message in context: 
http://openssl.6102.n7.nabble.com/FIPS-with-openssl-1-0-1c-strange-error-tp44927.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: X509 custom extension

2013-04-26 Thread redpath
Thanks and also the OID register.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930p44933.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: [openssl-users] X509 custom extension

2013-04-26 Thread Erwann Abalea

Bonjour,

Le 26/04/2013 15:15, redpath a écrit :

I am adding a custom extension to an x509 a png icon basically (bytes).
Since the png icon is too large to post the data I have subsituted it with
a
file called sample.txt that has a text line "This is a sample".
The code excerpt to add the extension is below.


   getdata("sample.txt",&length);  //abstracted

   nid = OBJ_create("1.03", "samplealias", "sample");


Avoid the use of existing OIDs for private purpose. 1.3 is already 
defined (/ISO/Identified-Organization).
Register for your own private OID (ask for one under the 1.3.6.1.4.1 
branch, for example), and do whatever you want in your sandbox.



   ASN1_OCTET_STRING_set(os,(unsigned char*)data,length);
   ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
  X509_add_ext(x,ret,-1);

*I have 2 Questions
(1) the x509 before adding a custom extension looks like this*

Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number: 0 (0x0)
 Signature Algorithm: sha1WithRSAEncryption
 Issuer: C=UK, CN=OpenSSL Group
 Validity
 Not Before: Apr 26 12:48:18 2013 GMT
 Not After : Apr 26 12:48:18 2014 GMT
 Subject: C=UK, CN=OpenSSL Group
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 RSA Public Key: (512 bit)
 Modulus (512 bit):
 00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94:
 a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4:
 bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90:
 2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce:
 84:43:52:74:d1
 Exponent: 65537 (0x10001)
 Signature Algorithm: sha1WithRSAEncryption
 8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c:
 53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf:
 d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e:
 01:f9:19:1b:54:89:f9:1f:b5:fa
-BEGIN CERTIFICATE-
MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw
FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy
NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf
dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG
SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/
2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g==
-END CERTIFICATE-


*After I added the extension you can see my field added and thats great*

Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number: 0 (0x0)
 Signature Algorithm: sha1WithRSAEncryption
 Issuer: C=UK, CN=OpenSSL Group
 Validity
 Not Before: Apr 26 12:49:39 2013 GMT
 Not After : Apr 26 12:49:39 2014 GMT
 Subject: C=UK, CN=OpenSSL Group
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 RSA Public Key: (512 bit)
 Modulus (512 bit):
 00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a:
 77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a:
 69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21:
 04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31:
 d4:dc:a4:3b:09
 Exponent: 65537 (0x10001)
*X509v3 extensions:
 sample:
 This is a sample
*

 Signature Algorithm: sha1WithRSAEncryption
 af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7:
 16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c:
 3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3:
 b3:6a:9d:07:21:87:32:b6:4d:4f
-BEGIN CERTIFICATE-
MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW
MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx
MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww
DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e
Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw
FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn
XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z
s2qdByGHMrZNTw==
-END CERTIFICATE-


The extension is here, it looks fine, but it's not.
The content of your extension is a simple string: "This is a 
sample\n\n", where the content of an extension is supposed to be the DER 
encoding of "something".



*But I noticed that the end data has gotten larger?

-BEGIN CERTIFICATE-
-END CERTIFICATE-*

*And of course it is much larger when using a real  PNG, very much so.. Why
is that?


I'm not sure I understand the question. You had no extension in your 
first certificate, you added an extension with 18 bytes of content, and 
are wondering if it's normal that your certificate is now bigger?
To the 18 bytes of content, you have 

X509 custom extension

2013-04-26 Thread redpath
I am adding a custom extension to an x509 a png icon basically (bytes).
Since the png icon is too large to post the data I have subsituted it with 
a
file called sample.txt that has a text line "This is a sample".
The code excerpt to add the extension is below.


  getdata("sample.txt",&length);  //abstracted

  nid = OBJ_create("1.03", "samplealias", "sample");
  ASN1_OCTET_STRING_set(os,(unsigned char*)data,length);
  ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os ); 
  X509_add_ext(x,ret,-1);

*I have 2 Questions
(1) the x509 before adding a custom extension looks like this*

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:48:18 2013 GMT
Not After : Apr 26 12:48:18 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94:
a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4:
bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90:
2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce:
84:43:52:74:d1
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c:
53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf:
d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e:
01:f9:19:1b:54:89:f9:1f:b5:fa
-BEGIN RSA PRIVATE KEY-
MIIBOgIBAAJBAN+ChcYLGFB1NWs7zC6UoLSmjiEZnijKRlS1X3XEu6IZx1HEGQ3v
zmU5D5CQKypGdvQDvqfydk0mr47OhENSdNECAwEAAQJAZH+v3ujGOgc5ycnNeXRi
/leVuNRoBTdOgHA9SBr5s1zE14gfKX40N2WpaiD5aDyNcp/CImXzPtKgIZ4NoG33
AQIhAPPOXRy6aHSqEfFodntOnrpGayn4C+Gcy5E1E5R05KRJAiEA6rBKVB/YIN3r
uUfOUbYBIgy61lhUweQvnwao6IWqvEkCIFrMFOM5DOO93rbQF6fubLCkvw4/QXWB
ZlKquKMGMYx5AiB5hJqYAH0aV45Mu397E7B2fvznK4mHc62su/gNndiP8QIhAMWa
bnLCEKDk3vZJsBXlDz0SeVvDA/+jR7hydR+BGP+g
-END RSA PRIVATE KEY-
-BEGIN CERTIFICATE-
MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw
FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy
NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf
dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG
SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/
2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g==
-END CERTIFICATE-


*After I added the extension you can see my field added and thats great*

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:49:39 2013 GMT
Not After : Apr 26 12:49:39 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a:
77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a:
69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21:
04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31:
d4:dc:a4:3b:09
Exponent: 65537 (0x10001)
*X509v3 extensions:
sample:
This is a sample
*

Signature Algorithm: sha1WithRSAEncryption
af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7:
16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c:
3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3:
b3:6a:9d:07:21:87:32:b6:4d:4f
-BEGIN RSA PRIVATE KEY-
MIIBOgIBAAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96eTj9qaba1SMKrWh7w
xI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAQJACS79w4rPsjROGLe1WaNK
76hFK5GRuK2d8M+EWczF6ADlUQaKJbc6G81v3soxNsd5If33It0AKZIrSwXKIPnb
zQIhAOtou0qNZo8cOJNLvi2pXXYAVsFap5ydGqbqHgmGcmFXAiEA4XV2yqx9yktP
NXqYiuB5ZeFXvwHqIa+eWGaVPGj6qp8CIHbTud6K+573dtNbI1c3K5cZ2rDlCsAy
STbB7IGQXQInAiEAsAGdXRdPlA86pMsyLqiS3QAQGiMKfoW1HdnngyOJHI0CIG9J
NiVAQRzi0pkBEQG23Kn9eq3m3zd1EoMpDeC+JftK
-END RSA PRIVATE KEY-
-BEGIN CERTIFICATE-
MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW
MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx
MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww
DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e
Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw
FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn
XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z
s2qdByGHMrZNTw==
-END CERTIFICATE-


*But I noticed that th

RE: Why Openssl "s_server" is allowing Session Reuse on the same tcp connection

2013-04-26 Thread sajualways

Thanks Patrick. 

But what "Use Case" does this have, where client tells the server to resume
the ssl session on the same tcp connection.

Usually a different tcp connection makes sense to reuse the session id.





--
View this message in context: 
http://openssl.6102.n7.nabble.com/Why-Openssl-s-server-is-allowing-Session-Reuse-on-the-same-tcp-connection-tp44907p44926.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org