Private Key Format Different in FIPS Mode
We are using OpenSSL version 0.9.8l And what we find is that the DSA private key formats are different in FIPS and non-FIPS mode In FIPS mode it starts with -BEGIN PRIVATE KEY- Whereas in non-FIPS mode it starts with -BEGIN DSA PRIVATE KEY- I understand that this is expected since the traditional format relies on MD5 which is prohibited in FIPS mode However for our application to work with the SSH keys we would need it in the traditional format in FIPS mode Is there a way to override this default behavior and still be able to generate the keys in the traditional format. Any pointers would be greatly appreciated. Thanks, Anamitra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Private Key Format Different in FIPS Mode
Also I found that this works fine with openssl 1.0.1 Where keys are generated in FIPS mode with the following line. Can someone let me know why this change in behavior between 0.9.8l and 1.0.1? -BEGIN DSA PRIVATE KEY- Thanks, Anamitra On 6/12/13 12:01 PM, Anamitra Dutta Majumdar (anmajumd) anmaj...@cisco.com wrote: We are using OpenSSL version 0.9.8l And what we find is that the DSA private key formats are different in FIPS and non-FIPS mode In FIPS mode it starts with -BEGIN PRIVATE KEY- Whereas in non-FIPS mode it starts with -BEGIN DSA PRIVATE KEY- I understand that this is expected since the traditional format relies on MD5 which is prohibited in FIPS mode However for our application to work with the SSH keys we would need it in the traditional format in FIPS mode Is there a way to override this default behavior and still be able to generate the keys in the traditional format. Any pointers would be greatly appreciated. Thanks, Anamitra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12 keystore creation failing in fips mode
Hello Steve , Thanks for your response. Is there a corresponding API where we can impose this descert option? -Anamitra On 5/29/13 6:15 PM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, May 29, 2013, Anamitra Dutta Majumdar (anmajumd) wrote: We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1 and it fails with the following error 9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export -in tomcat.pem -inkey ../keys/tomcat_priv.pem -out tomcat.keystore Enter Export Password: Verifying - Enter Export Password: 4151633544:error:060A60A3:digital envelope routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:142: 4151633544:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:205: 4151633544:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 4151633544:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:175: 4151633544:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:202: The same command works in FIPS mode. So I have the following questions 1. Is there a way to work around issue and still be able to create pkcs12 format keystore in FIPS mode. 2. This command worked in earlier version of openssl like 0.9.8l in FIPS mode. What has changed in 1.0.1 That it has stopped working in FIPS mode. Any pointers will be appreciated. That's a bug in 1.0.1 in that it tries to use an unapproved algorithm in FIPS mode. Workaround: use the -descert option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS12 keystore creation failing in fips mode
We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1 and it fails with the following error 9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export -in tomcat.pem -inkey ../keys/tomcat_priv.pem -out tomcat.keystore Enter Export Password: Verifying - Enter Export Password: 4151633544:error:060A60A3:digital envelope routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:142: 4151633544:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:205: 4151633544:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 4151633544:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:175: 4151633544:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:202: The same command works in FIPS mode. So I have the following questions 1. Is there a way to work around issue and still be able to create pkcs12 format keystore in FIPS mode. 2. This command worked in earlier version of openssl like 0.9.8l in FIPS mode. What has changed in 1.0.1 That it has stopped working in FIPS mode. Any pointers will be appreciated. Thanks, Anamitra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 ERROR
We are getting the following error in the syslogs secure:Nov 9 19:32:04 cls2-pub authpriv 3 sshd[9526]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 when we connect between two servers using ssh key based authentication. This issue happens only in FIPS mode and not in non FIPS mode. What is the root cause for this and what is the workaround. Any pointers would be appreciated. Thanks, Anamitra
Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
Hi Dave, This is a close box without a server operator. Is there a way to determine why the cert chain was Disliked. Thanks, Anamitra On 10/26/12 3:14 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar (anmajumd) Sent: Thursday, 25 October, 2012 02:48 We are getting the following error when running the s_client. We are on openssl 0.9.8l What could be the possible cause of this error snip 4955:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: s3_pkt.c:1065:SSL alert number 42 4955:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure: s3_pkt.c:530: The server doesn't like the client certificate (chain) you sent. It didn't use one of the more specific alert codes to say what it disliked. Either ask the server operator(s) what it disliked, or if they have a stated policy about what certs they accept, examine your cert chain and compare to that policy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
TLS handshake failure
One of our customers is trying to setup a TLS for SIP trunk. Self-signed certificates (2048 bit) non encrypted configuration on SIP trunk work but a CA signed certificate does not. Going by this SSL/TLS detail example http://technet.microsoft.com/en-us/library/cc785811%28WS.10%29.aspxhttp:// technet.microsoft.com/en-us/library/cc785811%28WS.10%29.aspx as a reference for a SSL/TLS handshake protocol - We see the following. Packet Capture (20110721-141405_packet.pcap): Packet # - SSL/TLS Message 1116 - Client Hello 1122 - Server Hello 1628 - Server Certificate 1658 - Client Certificate 1659 - Client Key Exchange ... It stops here. In the CUBE debugs (putty.log): *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate is verified *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate validated without revocation check *Jul 21 12:39:23.782: CRYPTO_PKI: chain cert was anchored to trustpoint DODCA21, and chain validation result was: CRYPTO_VALID_CERT_WITH_WARNING *Jul 21 12:39:23.782: CRYPTO_PKI: Validation TP is DODCA21 *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate validation succeeded *Jul 21 12:39:23.782: SSL_accept:SSLv3 read client certificate A *Jul 21 12:39:23.782: TLS 1.0 Handshake [length 0106], ClientKeyExchange *Jul 21 12:39:23.782: 10 00 01 02 01 00 09 FB B7 04 A8 F4 D7 52 C8 C7 *Jul 21 12:39:23.782: 14 13 55 62 05 68 31 45 0B 75 60 C4 80 66 65 AD *Jul 21 12:39:23.782: 59 28 79 10 22 D7 C3 C5 C6 3D D0 8A 1E E8 59 56 *Jul 21 12:39:23.782: 5F 93 B9 32 D9 0B 73 F8 1A 7B B4 0E 3F B5 44 2B *Jul 21 12:39:23.782: C4 A9 C9 16 9C 5A F9 F6 F5 5F 75 5C FF 51 9B 25 *Jul 21 12:39:23.782: 67 55 22 72 A1 22 F7 D9 0B 3D 3C 34 AA D4 F9 00 *Jul 21 12:39:23.782: E8 1D 73 23 9F 41 C5 1D CE 0D B3 D4 00 8A 75 E3 *Jul 21 12:39:23.782: 1D 91 A2 BF 87 40 9E 04 4F 48 E1 A7 65 3E 14 66 *Jul 21 12:39:23.782: D0 3A 54 59 7D 4A 09 6E 01 44 E1 75 C0 2D 84 9E *Jul 21 12:39:23.782: AD 23 F0 73 F0 57 BA 80 10 45 FC E9 F6 5F 86 4F *Jul 21 12:39:23.782: 8D 43 11 3F 11 23 EC 4E CA 81 75 05 A0 E4 FD D8 *Jul 21 12:39:23.782: 56 46 98 76 6F D2 F3 3D B3 9C 5E 10 34 ED 38 45 *Jul 21 12:39:23.782: 90 1F 4B D2 97 42 5B 61 D3 F0 F2 D0 EE 56 9E 80 *Jul 21 12:39:23.782: F0 FC D6 E8 F9 2C 9B D0 33 53 0E 6C 41 5A E8 79 *Jul 21 12:39:23.782: 84 47 84 7B C0 C8 21 CA 64 D5 23 40 55 EF 01 50 *Jul 21 12:39:23.782: B2 53 D4 0B 87 27 AA 60 D0 1B 6D 19 A7 0D D5 C0 *Jul 21 12:39:23.782: B3 AA 61 0D DE 80 *Jul 21 12:39:23.782: *Jul 21 12:39:23.930: SSL_accept:SSLv3 read client key exchange A *Jul 21 12:40:21.694: SSL_accept:failed in SSLv3 read certificate verify A Everything looks good up to the Client Key Exchange but the CUBE stops at the Client Certificate Verify. We are unable to determine why this is the case. Any pointers on how to further debug this would be greatly appreciated.. Thanks Anamitra
Why is bf_cbc allowed in FIPS mode !
We are preparing for a FIPS review with our lab. We have found that there is a piece of code that initializes the encryption context for bf_cbc which works perfectly fine in FIPS mode. Specifically this is the code snippet I am referring to EVP_EncryptInit(ctx, EVP_bf_cbc(), key, iv); out = (char*) malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)); for (index = 0; index inlen / 50; index++) { EVP_EncryptUpdate(ctx, out[outlen], temp, input[outlen], 50); outlen += temp; } Our application binary containing the above code is linked dynamically to fips capable OpenSSL library Any idea why this is working fine in the fips mode without issues. On the other using bf from the openssl command line fails with fips error as expected. A prompt response will be appreciated... Thanks Anamitra
Re: Why is bf_cbc allowed in FIPS mode !
We are on version 0.9.8l of OpenSSL with FIPS module version 1.2 if that is what you are asking. Thanks Anamitra On 6/10/11 4:37 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Jun 10, 2011, anmajumd wrote: We are preparing for a FIPS review with our lab. We have found that there is a piece of code that initializes the encryption context for bf_cbc which works perfectly fine in FIPS mode. Specifically this is the code snippet I am referring to EVP_EncryptInit(ctx, EVP_bf_cbc(), key, iv); out = (char*) malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)); for (index = 0; index inlen / 50; index++) { EVP_EncryptUpdate(ctx, out[outlen], temp, input[outlen], 50); outlen += temp; } Our application binary containing the above code is linked dynamically to fips capable OpenSSL library Any idea why this is working fine in the fips mode without issues. On the other using bf from the openssl command line fails with fips error as expected. Which version of OpenSSL and which module? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why is bf_cbc allowed in FIPS mode !
The return value is 1 which is a success. Thanks Anamitra On 6/10/11 4:44 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Jun 10, 2011, anmajumd wrote: We are on version 0.9.8l of OpenSSL with FIPS module version 1.2 if that is what you are asking. Check the return value of EVP_EncryptInit(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSH key verification fails in FIPS mode with 0.9.8q + FIPS
We recently built FIPS compliant openssl 0.9.8q. Earlier we were using 0.9.8l . With ssh binaries linked to FIPS compliant OpenSSL 0.9.8q, when running the OpenSSH client, connection setup fails during verification of the server key. We did not not run into this SSH issue with 0.9.8l. Has anything changed between 0.9.8l and 0.9.8q that would cause this? The call to OpenSSL that ultimately fails is RSA_public_decrypt(). Has it somehow been tightened up . Below is the snippet of SSH debug logs debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'vos-cm130' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug2: bits set: 1020/2048 bad decrypted len: 0 != 20 + 15 debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key Any help would be greatly appreciated. Thanks Anamitra
Re: OpenSSH key verification fails in FIPS mode with 0.9.8q + FIPS
Thanks for your prompt response . Do you have the name of the patch to share with us? Thanks Anamitra On 2/23/11 1:42 PM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, Feb 23, 2011, anmajumd wrote: We recently built FIPS compliant openssl 0.9.8q. Earlier we were using 0.9.8l . With ssh binaries linked to FIPS compliant OpenSSL 0.9.8q, when running the OpenSSH client, connection setup fails during verification of the server key. We did not not run into this SSH issue with 0.9.8l. Has anything changed between 0.9.8l and 0.9.8q that would cause this? The call to OpenSSL that ultimately fails is RSA_public_decrypt(). Has it somehow been tightened up . Yes, you aren't allowed to call RSA_public_decrypt() directly in FIPS mode: instead you have to use the EVP interface for EVP_Verify*(). There is a patch which changes the ssh code to use EVP instead (while still being compatible with other versions of OpenSSL). Due to a bug the restriction wasn't enforced in some versions of OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL fails to load private key in FIPS mode
Call to PEM_read_bio_PrivateKey function returns the following SSL Error in FIPS mode. error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled for fips error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt error:0906A065:PEM routines:PEM_do_header:bad decrypt PEM_read_bio_PrivateKey would read the header in the private key and retrieve the encryption cipher, then it would try to generate the key using EVP_BytesToKey by passing MD5 as its second parameter. Since MD5 is hard-coded as the second parameter, any key file containing a header which specifies an encryption cipher would fail to be loaded in FIPS mode since MD5 is not allowed in FIPS mode. Is this a known issue that has been resolved in a later release of OpenSSL.? Thanks Anamitra
Issues with c_rehash utility in FIPS mode
We are trying to generate the hash of the subject name in certificates in fips mode by using the ³openssl x509 hash² command. Apparently this utility uses md5 algorithm to calculate the hash of the subject name and therefore this operation is not allowed in FIPS mode. My question is , is there any flag that can be set in the environment or the OpenSSL config file that would allow subject name hash operation in FIPS mode? I know there is a flag that can be used programatically - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW). But I am concerned about using the OpenSSL binary and allow the hash operation by it in FIPS mode. What would be the way to achieve that? Thanks Anamitra
RE: known answer test and alogorithm test for Diffie-Hellman?
Have not seen a response to this. The FIPS_selftest() API does not perform any selt-tests on diffie-Hellman algorithm. Is it because it is a non-approved security function in the FIPS module? Do we need self tests on DH if DH key exchange is used by SSH in the system running in FIPS mode? Thanks Anamitra From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nikitha Sent: Wednesday, April 07, 2010 10:23 AM To: openssl-users Subject: known answer test and alogorithm test for Diffie-Hellman? Hi All, I'm a novice user to openssl libraries. Could you plz point me to the source/test suite available for known answer test of FIPS 140-2 level 2 complaint Diffie-Hellman module? Thanks, Nikitha