Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
On Fri, Feb 24, 2012, gatewood_gr...@mcafee.com wrote: What is your test environment and method? We've tried this in both our embedded OS (minimized LFS style build) and OpenSUSE. Both ways the result is the same. Specificically tested on Ubuntu 64 bit VM but it should be OK on any platform where the PRNG is auto seeded. Focusing on the PRNG, We cannot get FIPS_rand_status() to report 1. Tried both on hardware and in VMs. Do you get any error print out at all? Try calling ERR_load_crypto_strings() at the start of the program instead of only after an error. If the PRNG cannot be seeded then RAND_status() should fail outside FIPS mode and RAND_bytes() should return an error too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Resources for certificates using OpenSSL (newbie)
On Fri February 24 2012, Edward Ned Harvey wrote: From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Michael S. Zick You must be new to mailing lists also. Start your own thread, they are cheap here, don't hijack another topic. Mike, How do you call that a thread hijack? New subject, new thread id... I don't see how it was a thread hijack. Message-ID: 817758c77a9ffe44a792884b9c02ae86092d8...@mbx206.aafes.com References: caaxgndcjyayb7fxpsbaodz05ujma4nek-kqj0zj1zxgmkab...@mail.gmail.com 4f466b81.5030...@wisemo.com caaxgndd+ddb3tzmfmj4jvr5jxa99aiwv_8bovg5bj8zjc0x...@mail.gmail.com In-Reply-To: caaxgndd+ddb3tzmfmj4jvr5jxa99aiwv_8bovg5bj8zjc0x...@mail.gmail.com Hector, I wish I had a good resource to send your way. My experience has been like this: Years ago when I didn't know anything about generating or installing certs, I just found some random webpages about how to generate self-signed certs and I copied them brainlessly, but gained some familiarity. Later I wanted to have trusted signed certs, so I paid for services such as godaddy and thawte, and brainlessly followed their instructions, but gained further experience. More recently, I'm a fan of startssl.com. Often when I do this sort of stuff, the instructions written by whoever are slightly too specific, or the starting point or resources available to you at the time are slightly different. The industry keeps evolving a little bit. Targets move. For example, in a cisco ASA, last year I generated a csr, and got it signed. This year I went to regenerate and renew, but I found the ASA is only capable of signing using md5sum, which is no longer acceptable by the certificate authority, so even though I'm doing precisely the same task as I did 1 year ago, I can't follow the same process anymore. Hopefully someone can refer you to a good introductory set of materials, but I think most likely, you'll find too often something isn't written precisely for what you need, or something else has changed. I suggest you basically just start experimenting and learning. Ask questions here when you get stuck. The more exposure you give yourself, the better you'll learn. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Deadlock in RAND_poll's Heap32First call
MSDN says To enumerate the heap or module states for all processes, specify TH32CS_SNAPALL and set *th32ProcessID* to zero. So it presumably does the heap and module walk for all processes and not only for the current process. Do you think *CreateToolhelp32Snapshot's* lock on the read-only snapshot could be a possible culprit? I am now thinking about removing the calls to Heap32First and Heap32Next in rand_win.c and look for alternate sources of entropy. Thanks for you help. Regards Sandeep On Sat, Feb 25, 2012 at 2:38 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 2/24/2012 2:14 PM, sandeep kiran p wrote: You mentioned that OpenSSL is holding a snapshot lock in rand_win.c. I couldn't find anything like that in that file. Can you specifically point me to the code that you are referring to? I would also like to get an opinion on possible workarounds that I can enforce to avoid the deadlock. In OpenSSL 1.0.0 it is line 486 which says module_next (handle = snap(TH32CS_SNAPALL,0)) where snap is a pointer to KERNEL32.**CreateToolhelp32Snapshot() 1. Can I remove the heap traversal routines Heap32First and Heap32Next? Will it badly affect the PRNG output later on? It depends how good the other sources of random numbers are, more below. 2. Can I replace Heap32First and Heap32Next calls with any other sources of entropy? What if I make a call to CryptGenRandom again in place of the heap traversal routines? Calling CryptGenRandom() twice isn't going to help much. If CryptGenRandom() is as good as it is supposed to be, the other entropy sources are not really needed. But if CryptGenRandom() is somehow broken or untrustworthy, calling it a million times wouldn't help. Anyway, I have my doubts about the value of using the local heap walking functions as a source of entropy, as they reflect only the state of your own process. Pretending that the address and size of each malloc()-ed memory block in your process contributes 3 to 5 bytes of additional entropy (which is what the comments say) is wildly optimistic and quite unrealistic. In a long-running web browser or a similarly long running web server, the net total of the memory layout effects of thousands of semi-chaotic previous network requests and user actions might contribute a total of 10 to 50 bits of entropy. But in a typical freshly started process, the layout is going to be pretty deterministic (if the OS uses address layout randomization, it probably does so based on entropy sources already incorporated into its standard random source, i.e. CryptGenRandom() on Windows). 3. Any other possible ways out? Thanks, Sandeep On Thu, Feb 23, 2012 at 10:08 PM, Jakob Bohm jb-open...@wisemo.commailto: jb-open...@wisemo.com** wrote: From the evidence given, I would *almost* certainly characterize this as a deadlock bug in ntdll.dll, the deepest, most trusted user mode component of Windows! Specifically, nothing should allow regular user code such as OpenSSL to hold onto NT internal critical sections while not running inside NTDLL, and NTDLL should be designed not to deadlock against itself. There is one other possibility though: The OpenSSL code in rand_win.c holds on to a snapshot lock on some of the heap data while walking it. It may be doing this in a way not permitted by the rules that are presumed by the deadlock avoidance design of the speed critical heap locking code. On 2/23/2012 2:11 PM, sandeep kiran p wrote: Hi, OpenSSL Version: 0.9.8o OS : Windows Server 2008 R2 SP1 I am seeing a deadlock in a windows application between two threads, one thread calling Heap32First from OpenSSL's RAND_poll and the other that allocates memory over the heap. Here is the relevant stack trace from both the threads involved in deadlock. Thread 523 ntdll!ZwWaitForSingleObject+a ntdll!**RtlpWaitOnCriticalSection+e8 ntdll!RtlEnterCriticalSection+**d1 ntdll!RtlpAllocateHeap+18a6 ntdll!RtlAllocateHeap+16c ntdll!RtlpAllocateUserBlock+**145 ntdll!**RtlpLowFragHeapAllocFromContex**t+4e7 ntdll!RtlAllocateHeap+e4 ntdll!**RtlInitializeCriticalSectionEx**+d2 ntdll!**RtlpActivateLowFragmentationHe**ap+181 ntdll!**RtlpPerformHeapMaintenance+27 ntdll!RtlpAllocateHeap+1819 ntdll!RtlAllocateHeap+16c Thread 454 - ntdll!NtWaitForSingleObject+**0xa ntdll!**RtlpWaitOnCriticalSection+0xe8 ntdll!RtlEnterCriticalSection+**0xd1 ntdll!RtlLockHeap+0x3b ntdll!**RtlpQueryExtendedHeapInformati**on+0xf4 ntdll!RtlQueryHeapInformation+**0x3c ntdll!**RtlQueryProcessHeapInformation**+0x3ad ntdll!**RtlQueryProcessDebugInformatio**n+0x3b0 kernel32!Heap32First+0x71
Windows 7/IE8 CAC enabled sites
Hello- We have a Apache 2.2.22/ OpenSSL 1.0.0g/ PHP 5.3.10 CAC-enabled website on a government location. We have a few users with Windows 7/IE8 who used to be able to access the site but were unable to after a Microsoft patch (KB2585542 http://support.microsoft.com/kb/2643584 )was pushed. The server has the following configuration: SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM SSLHonorCipherOrder on My understanding is that the server should listen for either SSLv3 or TLSv1 protocols. I've been working with a Windows7/ IE8 box to troubleshoot the situation. It seems I can access the Apache site if SSL 3.0 only is enabled in the browser. If TLS 1.0 is enabled, the browser will prompt for a client certificate but will error out Internet explorer cannot display the webpage before prompting the user for their PIN. TLS 1.0 needs to be enabled in the browser as other (IIS) sites are TLS only. Can you offer any insight as to why our Apache site is accessible with only SSL 3.0 enabled in the browser If you need more information on the issue, please let me know. Thank you. Curtis N. Tammany
compiling openssl fips mode for iphone
Hi, Has anyone had any tips/background knowledge regarding compiling openssl fips mode for iphone (both simulator and device)? I am pretty much trying to do the same thing as posted here (http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/f36ea1cb9d6381b/4503d0a0d8b7606f?lnk=gstq=iphone#4503d0a0d8b7606f), but this post doesn't have any reply to it. What can be done so that Xcode on Mac can use fipsld? Any help is appreciated. -Fred This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. If you have received this email in error please delete it and notify the system administrator at administra...@antennasoftware.com
Re: Windows 7/IE8 CAC enabled sites
On Fri, Feb 24, 2012, Tammany, Curtis wrote: Hello- We have a Apache 2.2.22/ OpenSSL 1.0.0g/ PHP 5.3.10 CAC-enabled website on a government location. We have a few users with Windows 7/IE8 who used to be able to access the site but were unable to after a Microsoft patch (KB2585542 http://support.microsoft.com/kb/2643584 )was pushed. The server has the following configuration: SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM SSLHonorCipherOrder on My understanding is that the server should listen for either SSLv3 or TLSv1 protocols. I've been working with a Windows7/ IE8 box to troubleshoot the situation. It seems I can access the Apache site if SSL 3.0 only is enabled in the browser. If TLS 1.0 is enabled, the browser will prompt for a client certificate but will error out Internet explorer cannot display the webpage before prompting the user for their PIN. TLS 1.0 needs to be enabled in the browser as other (IIS) sites are TLS only. Can you offer any insight as to why our Apache site is accessible with only SSL 3.0 enabled in the browser If you need more information on the issue, please let me know. Check to see if there is a corresponding error message in the server log. If possible try to reproduce with the s_server utility. I've an idea what this might be. Try disabling RSA key exchange ciphersuites on the server too (adding :!kRSA to SSLCipherSuite) and see if that resolves the problem. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AW: Windows 7/IE8 CAC enabled sites
Hi, we had to reduce the ciphers on our servers to the really limited set of KRB5-RC4-MD5 KRB5-RC4-SHA ADH-RC4-MD5 RC4-SHA to work around this really annoying windows update. Gerfried On Fri, Feb 24, 2012, Tammany, Curtis wrote: Hello- We have a Apache 2.2.22/ OpenSSL 1.0.0g/ PHP 5.3.10 CAC-enabled website on a government location. We have a few users with Windows 7/IE8 who used to be able to access the site but were unable to after a Microsoft patch (KB2585542 http://support.microsoft.com/kb/2643584 )was pushed. The server has the following configuration: SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM SSLHonorCipherOrder on My understanding is that the server should listen for either SSLv3 or TLSv1 protocols. I've been working with a Windows7/ IE8 box to troubleshoot the situation. It seems I can access the Apache site if SSL 3.0 only is enabled in the browser. If TLS 1.0 is enabled, the browser will prompt for a client certificate but will error out Internet explorer cannot display the webpage before prompting the user for their PIN. TLS 1.0 needs to be enabled in the browser as other (IIS) sites are TLS only. Can you offer any insight as to why our Apache site is accessible with only SSL 3.0 enabled in the browser If you need more information on the issue, please let me know. Check to see if there is a corresponding error message in the server log. If possible try to reproduce with the s_server utility. I've an idea what this might be. Try disabling RSA key exchange ciphersuites on the server too (adding :!kRSA to SSLCipherSuite) and see if that resolves the problem. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Windows 7/IE8 CAC enabled sites
On Sat, Feb 25, 2012, Klein, Gerfried wrote: Hi, we had to reduce the ciphers on our servers to the really limited set of KRB5-RC4-MD5 KRB5-RC4-SHA ADH-RC4-MD5 RC4-SHA to work around this really annoying windows update. I'd like to try and trace the cause of this and see if a workaround can be developed. Are you also enabling client authentication using CAC cards? Do you get an error message in the logs? Can you reproduce this with s_server? If so what error message does it output? I've not managed to reproduce this using built in client auth and Windows 7 with that update. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Decrypt PKCS7 enveloped message with CL interface
Hi, I received a PKCS7 message with enveloped data (:pkcs7-envelopedData) and looking for a way to decrypt the content (PKCS10 CSR) only with the CLI. Is this possible with openssl? I tried several things with the help of the asn1parse command but did not find the solution :-( My message looks like this: 0:d=0 hl=4 l=1837 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-signedData 15:d=1 hl=4 l=1822 cons: cont [ 0 ] 19:d=2 hl=4 l=1818 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim:INTEGER :01 26:d=3 hl=2 l= 11 cons:SET 28:d=4 hl=2 l= 9 cons: SEQUENCE 30:d=5 hl=2 l= 5 prim: OBJECT:sha1 37:d=5 hl=2 l= 0 prim: NULL 39:d=3 hl=4 l= 874 cons:SEQUENCE 43:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 54:d=4 hl=4 l= 859 cons: cont [ 0 ] 58:d=5 hl=4 l= 855 prim: OCTET STRING [HEX DUMP]:308006092A864886F70D010703A08030800201003182011530820111020100307A306D310B3009060355040613024445310B30090603550408130242573112301006035504071309537475747467617274310F300D060355040A1306616C746573743112301006035504031309616C746573742043413118301606092A864886F70D0109011609646440616C2E636F6D020900BA26D09581993A43300D06092A864886F70D01010105000481807706AE3BA87B001D34C5B59CA756ED21BE95B406E9AED1D1320F0B2B6B9EB32414A8F4CB15FEE5A2ACA376A0134CCD5 and when I go deeper into the data with openssl asn1parse -in iphone-pkcs7.pem -strparse 58 -out envelopeddata : 0:d=0 hl=2 l=inf cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 13:d=1 hl=2 l=inf cons: cont [ 0 ] 15:d=2 hl=2 l=inf cons: SEQUENCE 17:d=3 hl=2 l= 1 prim: INTEGER :00 20:d=3 hl=4 l= 277 cons: SET 24:d=4 hl=4 l= 273 cons: SEQUENCE 28:d=5 hl=2 l= 1 prim: INTEGER :00 31:d=5 hl=2 l= 122 cons: SEQUENCE 33:d=6 hl=2 l= 109 cons: SEQUENCE 35:d=7 hl=2 l= 11 cons: SET 37:d=8 hl=2 l= 9 cons: SEQUENCE 39:d=9 hl=2 l= 3 prim: OBJECT:countryName I can see the evenlopedData. Thanks Dirk
Re: Decrypt PKCS7 enveloped message with CL interface
On Sun, Feb 26, 2012, Dirk Eisenberg wrote: Hi, I received a PKCS7 message with enveloped data (:pkcs7-envelopedData) and looking for a way to decrypt the content (PKCS10 CSR) only with the CLI. Is this possible with openssl? I tried several things with the help of the asn1parse command but did not find the solution :-( Use the smime or cms commands. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org