Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
Even without linking the canister (not using fipsld), if I use the FIPS includes, RAND_status() fails. According to nm, the RAND_status is still redirected to FIPS_rand_status. If I use the libcrypto by itself with the native includes only and without fipsld, the PRNG seeds fine. As expected, nm reports RAND_status as the symbol, not FIPS_rand_status. I am using the same library that was compiled against the FIPS canister in both cases. Interesting to me is that in the opensslconf.h that is installed with the FIPS canister, OPENSSL_NO_SEED is defined. The problem is limited to FIPS_rand* which RAND_* is moved over with when properly FIPS linked. RAND_status() still fails before FIPS_mode_set is called. Loading the error strings at the start provided no additional output on any failure. I am really confused as the FIPS_mode_set suceeds which happens to included invoking FIPS_selftest. /dev/urandom is access for 32 bytes during the FIPS_mode_set. Thanks, Woody Dr. Stephen Henson wrote on 02/25/2012 06:24 AM: On Fri, Feb 24, 2012, gatewood_gr...@mcafee.com wrote: What is your test environment and method? We've tried this in both our embedded OS (minimized LFS style build) and OpenSUSE. Both ways the result is the same. Specificically tested on Ubuntu 64 bit VM but it should be OK on any platform where the PRNG is auto seeded. Focusing on the PRNG, We cannot get FIPS_rand_status() to report 1. Tried both on hardware and in VMs. Do you get any error print out at all? Try calling ERR_load_crypto_strings() at the start of the program instead of only after an error. If the PRNG cannot be seeded then RAND_status() should fail outside FIPS mode and RAND_bytes() should return an error too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations... signature.asc Description: OpenPGP digital signature
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: Even without linking the canister (not using fipsld), if I use the FIPS includes, RAND_status() fails. According to nm, the RAND_status is still redirected to FIPS_rand_status. Ah you're including the FIPS module header files if that happens. The function RAND_status() should stay as RAND_status() when building against the FIPS capapable OpenSSL. Try specifying the path to the FIPS capable OpenSSL header install location first so they are used in preference to the module header files. In fact you can delete everything apart from fips.h and fips_rand.h from the module install of header files. Also use the FIPSDIR environment variable instead of specifying any options fo ./config for the module, you can also use that instead of the --with-fips* options when you build the FIPS capable OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
Even if I want to run in FIPS mode the RAND_status() should remain as-was and not remapped? That asked, I rebuilt per suggestion and RAND_status() succeeds, but FIPS_rand_status() still fails as does FIPS_selftest() and FIPS_rand_bytes(). ~/ # ./fips_can_test64 RAND_status (pre FIPS mode) succeeded FIPS_mode_set succeeded FIPS_mode succeeded FIPS_selftest_drbg_all successful FIPS_rand_status failed, strength: 256 RAND_status succeeded Got 0 random bytes FIPS_selftest_rsa failed FIPS_selftest_ecdsa failed FIPS_selftest_dsa failed NotOK: selftest Thanks, Woody Dr. Stephen Henson wrote on 02/27/2012 03:04 PM: On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: Even without linking the canister (not using fipsld), if I use the FIPS includes, RAND_status() fails. According to nm, the RAND_status is still redirected to FIPS_rand_status. Ah you're including the FIPS module header files if that happens. The function RAND_status() should stay as RAND_status() when building against the FIPS capapable OpenSSL. Try specifying the path to the FIPS capable OpenSSL header install location first so they are used in preference to the module header files. In fact you can delete everything apart from fips.h and fips_rand.h from the module install of header files. Also use the FIPSDIR environment variable instead of specifying any options fo ./config for the module, you can also use that instead of the --with-fips* options when you build the FIPS capable OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations... signature.asc Description: OpenPGP digital signature
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
Is it possible to build a debuggable version of the canister (eg does not fail the fingerprint test)? Thanks, Woody Dr. Stephen Henson wrote on 02/27/2012 03:04 PM: On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: Even without linking the canister (not using fipsld), if I use the FIPS includes, RAND_status() fails. According to nm, the RAND_status is still redirected to FIPS_rand_status. Ah you're including the FIPS module header files if that happens. The function RAND_status() should stay as RAND_status() when building against the FIPS capapable OpenSSL. Try specifying the path to the FIPS capable OpenSSL header install location first so they are used in preference to the module header files. In fact you can delete everything apart from fips.h and fips_rand.h from the module install of header files. Also use the FIPSDIR environment variable instead of specifying any options fo ./config for the module, you can also use that instead of the --with-fips* options when you build the FIPS capable OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations... signature.asc Description: OpenPGP digital signature
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
On Fri, Feb 24, 2012, gatewood_gr...@mcafee.com wrote: What is your test environment and method? We've tried this in both our embedded OS (minimized LFS style build) and OpenSUSE. Both ways the result is the same. Specificically tested on Ubuntu 64 bit VM but it should be OK on any platform where the PRNG is auto seeded. Focusing on the PRNG, We cannot get FIPS_rand_status() to report 1. Tried both on hardware and in VMs. Do you get any error print out at all? Try calling ERR_load_crypto_strings() at the start of the program instead of only after an error. If the PRNG cannot be seeded then RAND_status() should fail outside FIPS mode and RAND_bytes() should return an error too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
What is your test environment and method? We've tried this in both our embedded OS (minimized LFS style build) and OpenSUSE. Both ways the result is the same. Focusing on the PRNG, We cannot get FIPS_rand_status() to report 1. Tried both on hardware and in VMs. Moved to the 20120222 snapshots. # cd openssl-fips-2.0-test-20120222/ # ./config --prefix=/usr/local/ssl32 # make # make install # rm -f /usr/local/ssl32/include/opensslv.h ###version conflict### # cd ../openssl-1.0.1-stable-SNAP-20120222/ # ./config --prefix=/usr --libdir=/usr/lib \ -m32 shared zlib-dynamic fips \ --with-fipsdir=/usr/local/ssl32 \ --with-fipslibdir=/usr/local/ssl32/lib # make depend # make # make test # make install # cd ../ # FIPSLD_CC='gcc -m32' /usr/local/ssl32/bin/fipsld fips_can_test.c \ -lcrypto -o fips_can_test32 -I/usr/local/ssl32/include # ./fips_can_test32 FIPS_mode_set succeeded FIPS_mode succeeded FIPS_rand_status failed, strength: 256 RAND_status failed Got 0 random bytes FIPS_selftest_rsa failed FIPS_selftest_ecdsa failed FIPS_selftest_dsa failed NotOK: selftest # 32 or 64 bit, the result is the same. Thanks, Woody Dr. Stephen Henson wrote on 02/18/2012 11:04 AM: On Fri, Feb 17, 2012, gatewood_gr...@mcafee.com wrote: Tested with snapshots 20120216 After compiling openssl-fips-2.0 I get a working fips_test_suite. I compile openssl-1.0.1 and then link a simple a simple application (we'll can fips_can_test, see below). compiling like so: CC=/usr/local/ssl32/bin/fipsld FIPSLD_CC=gcc -m32 /usr/local/ssl32/bin/fipsld fips_can_test.c \ -L /usr/lib -lcrypto -o fips_can_test32 -I/usr/include -I/usr/local/ssl32/include Hmm... works fine here. The only thing I can immediately think of is that the PRNG seeding doesn't function correctly. Those specific tests require the PRNG (DRBG in this case) to produce random data for the operation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations... #include stdio.h #include assert.h #include ctype.h #include string.h #include stdlib.h #include openssl/err.h #include openssl/fips.h #include openssl/rand.h int main(){ int strength; int randbts; unsigned char buf[40]; if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); fprintf(stderr,NotOK: FIPS_mode_set\n); exit(1); } else { fprintf(stderr,FIPS_mode_set succeeded\n); } if (!FIPS_mode()) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); fprintf(stderr,NotOk: FIPS_mode check failed.\n); exit(1); } else { fprintf(stderr,FIPS_mode succeeded\n); } strength = FIPS_rand_strength(); if (FIPS_rand_status() != 1) fprintf(stderr,FIPS_rand_status failed, strength: %i\n,strength); if (RAND_status() == 1) { fprintf(stderr,RAND_status succeeded\n); } else { fprintf(stderr,RAND_status failed\n); } memset(buf, '\0', sizeof(buf)); randbts = FIPS_rand_bytes(buf,20); fprintf(stderr,Got %i random bytes\n,randbts); fips_post_begin(); if(!FIPS_check_incore_fingerprint()) fprintf(stderr,FIPS_check_incore_fingerprint failed\n); if (!FIPS_selftest_drbg()) fprintf(stderr,FIPS_selftest_drbg failed\n); if (!FIPS_selftest_x931()) fprintf(stderr,FIPS_selftest_x931 failed\n); if (!FIPS_selftest_sha1()) fprintf(stderr,FIPS_selftest_sha1 failed\n); if (!FIPS_selftest_hmac()) fprintf(stderr,FIPS_selftest_hmac failed\n); if (!FIPS_selftest_cmac()) fprintf(stderr,FIPS_selftest_cmac failed\n); if (!FIPS_selftest_aes()) fprintf(stderr,FIPS_selftest_aes failed\n); if (!FIPS_selftest_aes_ccm()) fprintf(stderr,FIPS_selftest_aes_ccm failed\n); if (!FIPS_selftest_aes_gcm()) fprintf(stderr,FIPS_selftest_aes_gcm failed\n); if (!FIPS_selftest_aes_xts()) fprintf(stderr,FIPS_selftest_aes_xts failed\n); if (!FIPS_selftest_des()) fprintf(stderr,FIPS_selftest_des failed\n); if (!FIPS_selftest_rsa()) fprintf(stderr,FIPS_selftest_rsa failed\n); if (!FIPS_selftest_ecdsa()) fprintf(stderr,FIPS_selftest_ecdsa failed\n); if (!FIPS_selftest_dsa()) fprintf(stderr,FIPS_selftest_dsa failed\n); if (!FIPS_selftest_ecdh()) fprintf(stderr,FIPS_selftest_ecdh failed\n); fips_post_end(); if (!FIPS_selftest()) {
Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
Tested with snapshots 20120216 After compiling openssl-fips-2.0 I get a working fips_test_suite. I compile openssl-1.0.1 and then link a simple a simple application (we'll can fips_can_test, see below). compiling like so: CC=/usr/local/ssl32/bin/fipsld FIPSLD_CC=gcc -m32 /usr/local/ssl32/bin/fipsld fips_can_test.c \ -L /usr/lib -lcrypto -o fips_can_test32 -I/usr/include -I/usr/local/ssl32/include I get a failure when calling FIPS_selftest(). I pulled the code that is the FIPS_selftest and upon breaking out the tests, specifically RSA, ECDSA and DSA fail (reason not stated). The call to FIPS_mode_set(1) and FIPS_mode() both succeed. FIPS_mode_set appears to internally call FIPS_selftest() which must pass for the FIPS_mode_set(1) to succeed. I am confused as to why I cannot call FIPS_selftest() at will with success. The UserGuide says I should be able to call this anytime although the example of entering FIPS mode does not suggest calling it as a verification method. Thanks, Woody ---begin--- #include stdio.h #include assert.h #include ctype.h #include string.h #include stdlib.h #include openssl/err.h #include openssl/fips.h int main(){ if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); printf(NotOK: FIPS_mode_set\n); exit(1); } if (!FIPS_mode()) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); printf(NotOk: FIPS_mode check failed.); exit(1); } fips_post_begin(); if(!FIPS_check_incore_fingerprint()) fprintf(stderr,FIPS_check_incore_fingerprint failed\n); if (!FIPS_selftest_drbg()) fprintf(stderr,FIPS_selftest_drbg failed\n); if (!FIPS_selftest_x931()) fprintf(stderr,FIPS_selftest_x931 failed\n); if (!FIPS_selftest_sha1()) fprintf(stderr,FIPS_selftest_sha1 failed\n); if (!FIPS_selftest_hmac()) fprintf(stderr,FIPS_selftest_hmac failed\n); if (!FIPS_selftest_cmac()) fprintf(stderr,FIPS_selftest_cmac failed\n); if (!FIPS_selftest_aes()) fprintf(stderr,FIPS_selftest_aes failed\n); if (!FIPS_selftest_aes_ccm()) fprintf(stderr,FIPS_selftest_aes_ccm failed\n); if (!FIPS_selftest_aes_gcm()) fprintf(stderr,FIPS_selftest_aes_gcm failed\n); if (!FIPS_selftest_aes_xts()) fprintf(stderr,FIPS_selftest_aes_xts failed\n); if (!FIPS_selftest_des()) fprintf(stderr,FIPS_selftest_des failed\n); if (!FIPS_selftest_rsa()) fprintf(stderr,FIPS_selftest_rsa failed\n); if (!FIPS_selftest_ecdsa()) fprintf(stderr,FIPS_selftest_ecdsa failed\n); if (!FIPS_selftest_dsa()) fprintf(stderr,FIPS_selftest_dsa failed\n); if (!FIPS_selftest_ecdh()) fprintf(stderr,FIPS_selftest_ecdh failed\n); fips_post_end(); if (!FIPS_selftest()) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); printf(NotOK: selftest\n); exit(1); } printf(Ok\n); exit(0); } ---end--- -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)
On Fri, Feb 17, 2012, gatewood_gr...@mcafee.com wrote: Tested with snapshots 20120216 After compiling openssl-fips-2.0 I get a working fips_test_suite. I compile openssl-1.0.1 and then link a simple a simple application (we'll can fips_can_test, see below). compiling like so: CC=/usr/local/ssl32/bin/fipsld FIPSLD_CC=gcc -m32 /usr/local/ssl32/bin/fipsld fips_can_test.c \ -L /usr/lib -lcrypto -o fips_can_test32 -I/usr/include -I/usr/local/ssl32/include Hmm... works fine here. The only thing I can immediately think of is that the PRNG seeding doesn't function correctly. Those specific tests require the PRNG (DRBG in this case) to produce random data for the operation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org