Hardware solution for asymmetric decryption.
Hi, The RSA_private_decrypt() function is proved to be costlier on my system. I will try for some hardware cards (PCI or over the network), which will help me perform asymmetric decryption in case of Premaster-decryption. I am looking at information on Thales nShield, SafeNet Luna devices. Could someone share any experience on any other products? Any pointers if Intel provides any RSA APIs which are optimized for Intel CPUs? -- Thanks, Nilesh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSA_PKCS1_PSS_PADDING and CMS_verify
I saw the message below on the mailing list. I have run into a situation where I have a CMS using the PSS padding and I wanted to see if this might be implemented by now in CMS_verify. If not, I have some experience working with the openssl source code, but some pointers would be appreciated. -- Chris Bare On Mon, Sep 12, 2011, Stef Hoeben wrote: Hi, we have an SOD (a CMS for e-passports and e-ID cards) file that we can read out and verify nicely if the signature algo is RSA_PKCS1_PADDING. But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1 dump), the verification fails. Below is a part of the stack trace, it looks like openssl still thinks the algorithm is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING: CMS_verify() { cms_signerinfo_verify() { EVP_DigestVerifyInit() { do_sigver_init() { EVP_PKEY_CTX_set_signature_md() { ... pkey_rsa_ctrl() { // type == EVP_PKEY_CTRL_DIGESTINIT EVP_DigestVerifyFinal() { ... pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) { RSA_PKEY_CTX *rctx = ctx-data; // rctx-pad_mode == RSA_PKCS1_PADDING (???) // and EVP_MD_type(rctx-md) = NID_sha256 (OK) Someone knows if the problem is with the encoding of the signature algo in the file, or with openssl itself? ... [show rest of quote http://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#] OpenSSL HEAD only supports PSS and only for certificates, not CMS. Can you include the DER format message itself instead of the ASN1 dump? This will be very useful when CMS+PSS is implemented. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.
How to remove certificate from X509_STORE?
Hi, X509_STORE_add_cert() would add a certificate to the list of trusted certificates in the ctx. What is the way to remove a certificate from this trusted store? Am not finding any function to remove the certificate. Can anyone of you suggest a way to remove the certificate from this trusted store? Or is there a way to make a already loaded certificate an untrusted one? Thank-you, Sri
Re: FIPS Capable and Linking Order of Artifacts
On 01/04/2013 03:45 AM, Jeffrey Walton wrote: Hi All, I'm wondering how the single pass linker affects symbol resolution. If I specify: fipscanister.o libcrpyto.a the linker will resolve symbols preferring the cryptography from fipscanister.o, then from libcrpyto.a. After encountering fipscanister.o, there should be no unresolved cryptography functions since fipscanister.o provides the validated cryptography. However, what happens if the linker encounters libcrypto.a first: libcrpyto.a fipscanister.o In this case, shouldn't the linker resolve cryptography symbols with libcrypto.a, which means non-validated cryptography will be linked into the final application? Well, first off you would never link against both fipscanister.o and libcrypto.a at the same time. Either the libcrypto.a is from a FIPS capable OpenSSL build, in which case it *contains* fipscanister.o, or it isn't in which case you shouldn't be trying to reference fipscanister.o at all. However, there are no symbol conflicts, as can be seen from: nm -g fipscanister.o nm -g libcrypto.a Remember that the FIPS module and OpenSSL (whether FIPS capable or not) are separate software products. Much of the source code in the FIPS module is common to OpenSSL as well, but during the build process symbols are renamed to different values to avoid the symbol conflicts you're concerned about. Historical note: earlier FIPS modules, 1.2.x and earlier, tackled that problem differently. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hardware solution for asymmetric decryption.
On Fri, Jan 4, 2013 at 9:58 AM, Tayade, Nilesh nilesh.tay...@netscout.com wrote: Hi, The RSA_private_decrypt() function is proved to be costlier on my system. I will try for some hardware cards (PCI or over the network), which will help me perform asymmetric decryption in case of Premaster-decryption. I am looking at information on Thales nShield, SafeNet Luna devices. Could someone share any experience on any other products? Any pointers if Intel provides any RSA APIs which are optimized for Intel CPUs? In my experience the best value for money, by far, is more CPUs. OpenSSL is already pretty highly optimised for Intel CPUs (assuming you configure the build correctly). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AES CBC Padding question
Hi, I am experiencing an issue that has to do with the PKCS padding. I am using AES with CBC mode. When padding is enabled and the plain text buffer is size a multiple of the block size, the call to 'EVP_EncryptFinal_ex()' adds an entire extra block to the cipher text. If the input is a multiple of the block size, then why is padding still being added? - Roar
Re: FIPS Capable and Linking Order of Artifacts
On Fri, Jan 4, 2013 at 10:56 AM, Steve Marquess marqu...@opensslfoundation.com wrote: On 01/04/2013 03:45 AM, Jeffrey Walton wrote: Hi All, I'm wondering how the single pass linker affects symbol resolution. If I specify: fipscanister.o libcrpyto.a the linker will resolve symbols preferring the cryptography from fipscanister.o, then from libcrpyto.a. After encountering fipscanister.o, there should be no unresolved cryptography functions since fipscanister.o provides the validated cryptography. However, what happens if the linker encounters libcrypto.a first: libcrpyto.a fipscanister.o In this case, shouldn't the linker resolve cryptography symbols with libcrypto.a, which means non-validated cryptography will be linked into the final application? Well, first off you would never link against both fipscanister.o and libcrypto.a at the same time. OK, so I'm clear here. I've built and installed the Canister. I have also built and installed the Capable. In my final application, I always link against libcrypto.a. Period. I never link against fipscanister.o. Period. Either the libcrypto.a is from a FIPS capable OpenSSL build, in which case it *contains* fipscanister.o, or it isn't in which case you shouldn't be trying to reference fipscanister.o at all. Oh, I was not aware of that. I will have to go back through the User Guide and see where I went wrong. Or is final application linking covered in the Security Policy? However, there are no symbol conflicts, as can be seen from: nm -g fipscanister.o nm -g libcrypto.a Ah right. I should have probably done that last night. Well, first off you would never link against both fipscanister.o and libcrypto.a at the same time. Let's revisit this now. fipscanister.o is an artifact from The FIPS Object Module process. It is installed in /usr/local/ssl/platform/lib (by default). If its not intended to be used, why is it present? Remember that the FIPS module and OpenSSL (whether FIPS capable or not) are separate software products. Yes, I am clear on that. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS Capable and Linking Order of Artifacts
On Fri, Jan 4, 2013 at 11:21 AM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Jan 4, 2013 at 10:56 AM, Steve Marquess marqu...@opensslfoundation.com wrote: On 01/04/2013 03:45 AM, Jeffrey Walton wrote: Either the libcrypto.a is from a FIPS capable OpenSSL build, in which case it *contains* fipscanister.o, or it isn't in which case you shouldn't be trying to reference fipscanister.o at all. Oh, I was not aware of that. I will have to go back through the User Guide and see where I went wrong. Or is final application linking covered in the Security Policy? OK. So here is the point of confusion for me. 2.5 Relationship to the OpenSSL API, page 19 of the User Guide: Applications linked with the FIPS Object Module and with the separate OpenSSL libraries can use both the FIPS validated cryptographic functions of the FIPS Object Module and the high level functions of OpenSSL. The FIPS Object Module is embodied in fipscanister.o. After building and installing the Canister, there is no libcrypto.a. Hence, to create an application with validated cryptography (i.e., use the FIPS Object Module), I must link against fipscanister.o. I link to libcrypto.a afterwards out of habit, and to ensure I do not have link errors due to missing symbols. I presumed the OpenSSL library (capable or not) had situational awareness and would just do the right thing. The above made sense to me because the Capable library: (1) the application can use validated crypto if FIPS_mode_set returned success; or (2) the application can being operated in non-validated mode (i.e.. fallback to vanilla libcrypto.a). From the outside, I don't care how OpenSSL does it since its a black box. For completeness, I never build FIPS Capable OpenSSL for Linux or Windows. On Windows, I use CAPI or Crypto++ or Certicom. For Linux, I have never had a need. Its always mobile, and its always a cross environment. I don't recall thoroughly reading 5.3.1 or 5.3.2 since I have no need and my linking always worked (building is much more difficult). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS Capable and Linking Order of Artifacts
On 01/04/2013 11:36 AM, Jeffrey Walton wrote: ... OK. So here is the point of confusion for me. 2.5 Relationship to the OpenSSL API, page 19 of the User Guide: Applications linked with the FIPS Object Module and with the separate OpenSSL libraries can use both the FIPS validated cryptographic functions of the FIPS Object Module and the high level functions of OpenSSL. The FIPS Object Module is embodied in fipscanister.o. After building and installing the Canister, there is no libcrypto.a. Libcrypto comes from OpenSSL which is a separate software product. OpenSSL FIPS Object Module != OpenSSL The FIPS module is distributed as openssl-fips-2.0.N.tar.gz. OpenSSL is distributed as openssl-1.0.Nx.tar.gz. Separate source distributions, separate products. When you build OpenSSL with the fips build time option you end up with what we call a FIPS capable OpenSSL, meaning libraries that behave as always by default but which contain embedded within them the FIPS module. FIPS mode can be optionally enabled at runtime. Note the FIPS module itself, as is true in general for Level 1 software validations, is not a full featured application library. It contains only the cryptographic implementations relevant to FIPS 140-2. With very rare exceptions the application developer will not use the FIPS module directly, and will instead utilize the FIPS capable OpenSSL. Note that if you have a well behaved application that currently uses OpenSSL, you can replace that OpenSSL instance with a FIPS capable one and the application will continue to work as before. Add a FIPS_mode_set() call to that application, or use OPENSSL_config() with appropriate openssl.cnf parameters, and that application is now running in FIPS mode, with no or minimal source code changes. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS Capable and Linking Order of Artifacts
On 01/04/2013 11:21 AM, Jeffrey Walton wrote: ... In my final application, I always link against libcrypto.a. Period. I never link against fipscanister.o. Period. That is as it should be. In general the application developer should not be referencing fipscanister.o, only the sysadmin building and installing the OpenSSL libraries. The exceptions we've seen are some very specialized and limited embedded devices performing limited cryptographic functions, where the pain of coding to the naked FIPS module interface was justified. For the typical general purpose computer there is nothing to be gained, and much to be lost, by attempting to reference the FIPS module directly. If its not intended to be used, why is it present? So that you can build the FIPS capable OpenSSL. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips
I'm still having the same original fingerprint error when I start Apache. [Fri Jan 04 20:22:27.251329 2013] [ssl:emerg] [pid 27764:tid 1] AH01885: FIPS mode failed [Fri Jan 04 20:22:27.251488 2013] [ssl:emerg] [pid 27764:tid 1] SSL Library Error: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match [Fri Jan 04 20:22:27.251497 2013] [ssl:emerg] [pid 27764:tid 1] AH02312: Fatal error initialising mod_ssl, exiting. Are there tests that I can run against my OpenSSL that shows if it was built correctly to handle FIPS mode? Thanks in advance. This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Steve Marquess marqu...@opensslfoundation.com To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/18/2012 09:21 AM Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips On 12/18/2012 08:57 AM, Jerry Blasdel wrote: Steve, That was a typing error. I verified that I am building: Extracting OpenSSL Fips source... openssl-fips-2.0.1/... Extracting OpenSSL source... openssl-1.0.1c/ACKNOWLEDGMENTS... What steps can I take to help identify the problem with my FIPS capable built OpenSSL? Well, start at the beginning. Have you tried building the FIPS capable OpenSSL per section 4.2 and the examples in the User Guide? Also see the example at: http://opensslfoundation.com/fips/2.0/platforms/linux-native/Makefile which should work in any Linux or Linux-like system (just do make). -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com