Re: DES-only OpenSSL version: technical aspects
Fred, You're welcome. Best of luck with your Canadian government, er, friends. ;-) Ger BTW: nitpicking my own text there: it was restricted to 56 bits tops back then. Irrelevant though. On Tue, Aug 19, 2008 at 2:53 PM, Fred Picher [EMAIL PROTECTED] wrote: --- On Fri, 8/15/08, Ger Hobbelt [EMAIL PROTECTED] wrote: Ahh... This brings back memories... I had to do the same 'selective compilation' back before 2000 when the USA would prohibit cipher export at 128 bit and beyond unless you had a specific license. Ger, Many thanks for taking the time to reply in such details. Lutz's solution works, but when searching for text in the object -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version: technical aspects
--- On Fri, 8/15/08, Ger Hobbelt [EMAIL PROTECTED] wrote: Ahh... This brings back memories... I had to do the same 'selective compilation' back before 2000 when the USA would prohibit cipher export at 128 bit and beyond unless you had a specific license. Ger, Many thanks for taking the time to reply in such details. Lutz's solution works, but when searching for text in the object files, some restricted keywords would still be shown such as: strings /usr/lib/libcrypto.so.0.9.8 |grep aes -i|less AES-128-ECB aes-128-ecb AES-128-CBC aes-128-cbc AES-128-OFB aes-128-ofb [... etc ...] Your solution of commenting out every bit (pun intended I guess) of restricted crypto functionality instead of commenting out the ciphers only might be the way to get rid of all references. Thanks again for your time - it's appreciated. Cheers. __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version: technical aspects
On Fri, Aug 15, 2008 at 5:11 PM, Fred Picher [EMAIL PROTECTED] wrote: [...] If this is not sufficient you may check out ssl/sslv3.c etc and actually remove the ciphers you don't want to support in your libssl from the registration tables. As a test, I've commented out every cipher definition in ssl/s3_lib.c, like this example: [...] Now, 3DES might by somehow dynamically added to the list when DES is present. That could make sense and would mean that the actual DES-specific code would have to be modified to separate 3DES. [...] Ahh... This brings back memories... I had to do the same 'selective compilation' back before 2000 when the USA would prohibit cipher export at 128 bit and beyond unless you had a specific license. I know (but can't quote chapter and verse) that those restrictions have been 'lessened' in that the max. allowable number of bits and type of ciphers has been increased. Unless you are exporting to Mr. Bush's axis-of-evil states and other friendly neighbours that are currently frowned upon by the administration. Anyway, what I did back then is track down all the 'undesirable' code in the crypto/*/ directories and add a few lines in each along the lines of: #if 0 ... #endif around all the code (des3 is a prime example and the cipher is implemented in easily located functions which you can disable this way). When done, recompile and let the linker errors (error 666: missing function you just #if-nulled :-() guide you to the code using these functions and 'strip out' those bits as well using the #if 0 ... #endif approach (tip: a bit more typing but way safer than /* ... */ commenting code as the latter will be screwed up when you wish to strip code containing comments itself!). IIRC most of the use of the ciphers is regulated through neat objects. Why this approach: just commenting out those ciphers in that list will not withstand a code review by government officials (something I had to cope with back then; anal retentiveness has its uses sometimes) as, without those extra #if 0...#endif additions, you will find that several bits and pieces of 'restricted software weaponry' may still show up in the final compiled binary. Which was highly illegal back then, even if that code was proven to be essentially 'dead code'. Hence the only way to placate government was to brutally strip the offending crypto source code lines and then make the remaining OPenSSL code and makefile cope with this. The #if 0 ... #endif approach was accepted (as we used a special preprocessor which produced a 'restricted code base' from this by simply discarding all #if 0-ed code lines.) This may sound like a daunting task, but back then (was it 0.9.5?) it was rather easy and I think it still is. Machines are faster now so your 'make - fix' cycle will be even faster. Except for 3DES (which sits in the /DES/ subdir, but in separate source files), each cipher has it's own subdir so that makes things rather elegant: slap-bang #if 0/#endif around each of those .c sources in there and you're good to go for an initial round of make-check linker errors-fix code. My guestimate is you need around 4 rounds if you tackle all ciphers in one go. Just my 0.02 USD. PS: of course, a nice 'feature' added to your work would be to use a makefile-provided #define, say -DCUSTOM_ALLOW_GOOD_CRYPTO and use #if defined(CUSTOM_ALLOW_GOOD_CRYPTO) ... #endif instead of that overly rude #if 0 ... #endif -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: DES-only OpenSSL version
-Original Message- From: Fred Picher [EMAIL PROTECTED] Sent: Aug 14, 2008 11:18 AM Unfortunately this is seemingly the case, as told by actual gouvernement reps. Fred, I'm sorry I'm not of any help on the technical side, but I would strongly advise you to heavily discount what gouvernement reps tell you verbally, because they are often wrong and will almost always err on the side of imposing greater restrictions than are actually required. Hey, I'm not a right-wing anti-government yahoo. I'm just stating this as a matter of fact, from common sense and personal experience. Before doing all this hacking to OpenSSL, ask this rep for a reference to the relevant section and paragraph number of the relevant regulation or statute, look it up and read it for yourself. If this rep cannot give you the reference, it's a good indication that their advice is probably wrong. Jerry __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version
Kyle Hamilton wrote: Well, the question becomes: Which government are you trying to work around the restrictions of? OpenSSL is open-source. In the United States, while it may fall under the export class EI on the CCR, it also falls under export exemption TSU (see http://www.access.gpo.gov/bis/ear/txt/740.txt (section 740.13(e)(1)) and http://www.access.gpo.gov/bis/ear/txt/734.txt (section 734.3(b)(3))). OpenSSL is not US-origin (it is Australia- and United Kingdom-origin), and every new release has had the notification requirement (734.3(e)(3)) met by the release manager. The US was, for a long time, considered the most hard-nosed of the governments as related to cryptography. This changed in 2000. Finally we don't know what the actual circumstances are and it may well be that export restrictions apply. Please note that even though OpenSSL itself is open source it my be incorporated by static linking into an application that is not open source (the OpenSSL license does allow that) or it may be used on an (embedded) appliance. In both cases the export control regulations have to be considered for the final product not for the base technology. Been there, seen that. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version
--- On Fri, 8/15/08, Kyle Hamilton [EMAIL PROTECTED] wrote: Thanks for your comments. Well, the question becomes: Which government are you trying to work around the restrictions of? OpenSSL is open-source. In this very specific case: the Canadian gouvernment. The whole thing does not look good if you ask me. But then, I'm not in a position (nor have all the time it'd take) to actually go to the bottom of this. So I have to put some faith (or a proper substitute of) in what I'm told, notably that there were serious talks with gov't reps, and that scavengers - er, I meant lawyers - have given some advice. Nevertheless the whole thing smells funny. But if products have to be sold, then they have to 'comply'. Even if the full source code with full crypto of the exact same package is found on any Debian server in both source and binary formats... in Canada. If anyone Canadian have a different, business-practical view on this regarding OpenSSL, please do comment. Cheers. __ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca.toolbar.yahoo.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: DES-only OpenSSL version
If you are looking to export crypto from Canada then the rules are common to all NATO countries and are set out in the Wassenaar Arrangement http://www.wassenaar.org/controllists/index.html Crypto is covered in Category 5 - Part 2. You need to have an export permit or and export exemption in order to export crypto. The Canadian Government Export and Import Controls branch http://www.dfait-maeci.gc.ca/eicb/menu-en.asp provides the details on how to apply. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fred Picher Sent: August 18, 2008 2:22 PM To: openssl-users@openssl.org Subject: Re: DES-only OpenSSL version --- On Fri, 8/15/08, Kyle Hamilton [EMAIL PROTECTED] wrote: Thanks for your comments. Well, the question becomes: Which government are you trying to work around the restrictions of? OpenSSL is open-source. In this very specific case: the Canadian gouvernment. The whole thing does not look good if you ask me. But then, I'm not in a position (nor have all the time it'd take) to actually go to the bottom of this. So I have to put some faith (or a proper substitute of) in what I'm told, notably that there were serious talks with gov't reps, and that scavengers - er, I meant lawyers - have given some advice. Nevertheless the whole thing smells funny. But if products have to be sold, then they have to 'comply'. Even if the full source code with full crypto of the exact same package is found on any Debian server in both source and binary formats... in Canada. If anyone Canadian have a different, business-practical view on this regarding OpenSSL, please do comment. Cheers. __ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca.toolbar.yahoo.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version: technical aspects
Hello, Thanks for your reply. If this is not sufficient you may check out ssl/sslv3.c etc and actually remove the ciphers you don't want to support in your libssl from the registration tables. As a test, I've commented out every cipher definition in ssl/s3_lib.c, like this example: The list is: OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ [...] } And a typical commented entry is: /* Cipher 05 */ /* { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, */ None are left uncommented. But still, after make clean, Configure, make depend, make and installation, the system reports: openssl ciphers -v DES-CBC3-MD5SSLv2 Kx=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Enc=RC4(128) Mac=MD5 DES-CBC-MD5 SSLv2 Kx=RSA Enc=DES(56) Mac=MD5 EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Enc=RC4(40) Mac=MD5 export Which is much less than before but, where are these coming from since eveything is commented out ? I do not mind that much the low encryption ciphers, but the first three are a bother. I can add more of the low encryption ciphers by uncommenting their respective declaration, but I cannot get rid of the first three. Now, 3DES might by somehow dynamically added to the list when DES is present. That could make sense and would mean that the actual DES-specific code would have to be modified to separate 3DES. Would that be also the case for the two high-crypto RC2 and RC4 ? Can they be variations added dynamically to the cipher list and not have a proper static definition in ssl/s3_lib.c ? Any suggestions/hints/comments are very much appreciated. Cheers. __ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca.toolbar.yahoo.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version: technical aspects
Fred Picher wrote: Hello, Thanks for your reply. If this is not sufficient you may check out ssl/sslv3.c etc and actually remove the ciphers you don't want to support in your libssl from the registration tables. As a test, I've commented out every cipher definition in ssl/s3_lib.c, like this example: The list is: OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ [...] } And a typical commented entry is: /* Cipher 05 */ /* { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, */ None are left uncommented. But still, after make clean, Configure, make depend, make and installation, the system reports: openssl ciphers -v DES-CBC3-MD5SSLv2 Kx=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Enc=RC4(128) Mac=MD5 DES-CBC-MD5 SSLv2 Kx=RSA Enc=DES(56) Mac=MD5 EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Enc=RC4(40) Mac=MD5 export Which is much less than before but, where are these coming from since eveything is commented out ? I do not mind that much the low encryption ciphers, but the first three are a bother. I can add more of the low encryption ciphers by uncommenting their respective declaration, but I cannot get rid of the first three. Now, 3DES might by somehow dynamically added to the list when DES is present. That could make sense and would mean that the actual DES-specific code would have to be modified to separate 3DES. Would that be also the case for the two high-crypto RC2 and RC4 ? Can they be variations added dynamically to the cipher list and not have a proper static definition in ssl/s3_lib.c You did not read the fine print :-) The ciphers listed apply to SSLv2 second column of the output above. Hence you have to edit ssl/s2_lib.c as well (that was the etc :-) Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version
I suspect your 'actual government reps' are actually either misinformed or willfully misleading you (or perhaps incompetent). Consult a lawyer who practices in this area. I am unaware of any restrictions, except to countries labeled as supporters of terrorism. Best regards. Fred Picher wrote: Hi, Unfortunately this is seemingly the case, as told by actual gouvernement reps. Cheers. --- On Wed, 8/13/08, David Schwartz [EMAIL PROTECTED] wrote: From: David Schwartz [EMAIL PROTECTED] Subject: RE: DES-only OpenSSL version To: openssl-users@openssl.org Received: Wednesday, August 13, 2008, 10:18 PM Fred Picher: For export regulations compliance I must dumb down OpenSSL to use only DES. And that's only DES, no 3DES ! So I got it down to: Are you sure you aren't trying to comply with ancient regulations that no longer apply? It's been years since anyone I know of has had to dumb their products down that far. The United States has largely accepted that if US firms can't export strong crypto, the 'bad guys' will just use crypto from other nations or open source products. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version
Well, the question becomes: Which government are you trying to work around the restrictions of? OpenSSL is open-source. In the United States, while it may fall under the export class EI on the CCR, it also falls under export exemption TSU (see http://www.access.gpo.gov/bis/ear/txt/740.txt (section 740.13(e)(1)) and http://www.access.gpo.gov/bis/ear/txt/734.txt (section 734.3(b)(3))). OpenSSL is not US-origin (it is Australia- and United Kingdom-origin), and every new release has had the notification requirement (734.3(e)(3)) met by the release manager. The US was, for a long time, considered the most hard-nosed of the governments as related to cryptography. This changed in 2000. -Kyle H On Thu, Aug 14, 2008 at 8:18 AM, Fred Picher [EMAIL PROTECTED] wrote: Hi, Unfortunately this is seemingly the case, as told by actual gouvernement reps. Cheers. --- On Wed, 8/13/08, David Schwartz [EMAIL PROTECTED] wrote: From: David Schwartz [EMAIL PROTECTED] Subject: RE: DES-only OpenSSL version To: openssl-users@openssl.org Received: Wednesday, August 13, 2008, 10:18 PM Fred Picher: For export regulations compliance I must dumb down OpenSSL to use only DES. And that's only DES, no 3DES ! So I got it down to: Are you sure you aren't trying to comply with ancient regulations that no longer apply? It's been years since anyone I know of has had to dumb their products down that far. The United States has largely accepted that if US firms can't export strong crypto, the 'bad guys' will just use crypto from other nations or open source products. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: DES-only OpenSSL version
Hi, Unfortunately this is seemingly the case, as told by actual gouvernement reps. Cheers. --- On Wed, 8/13/08, David Schwartz [EMAIL PROTECTED] wrote: From: David Schwartz [EMAIL PROTECTED] Subject: RE: DES-only OpenSSL version To: openssl-users@openssl.org Received: Wednesday, August 13, 2008, 10:18 PM Fred Picher: For export regulations compliance I must dumb down OpenSSL to use only DES. And that's only DES, no 3DES ! So I got it down to: Are you sure you aren't trying to comply with ancient regulations that no longer apply? It's been years since anyone I know of has had to dumb their products down that far. The United States has largely accepted that if US firms can't export strong crypto, the 'bad guys' will just use crypto from other nations or open source products. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES-only OpenSSL version: technical aspects
Fred Picher wrote: Hello all, I'd like to get all of the ciphers that are tagged 'export' as well as the 56-bit ones that are not. Eg.: (list somewhat shortened in width) EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56) EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56) DES-CBC-SHA SSLv3 Kx=RSA Enc=DES(56) DES-CBC-MD5 SSLv2 Kx=RSA Enc=DES(56) EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Enc=DES(40) export EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Enc=DES(40) export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Enc=DES(40) export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Enc=RC2(40) export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Enc=RC2(40) export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Enc=RC4(40) export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Enc=RC4(40) export I've tried using these names for Configure, as in: ../Configure no-DHE-RSA-AES256-SHA no-AES256-SHA no-EDH-RSA-DES-CBC3-SHA no-DES-CBC3-SHA (...) but that results in syntax errors such as: .../../include/openssl/opensslconf.h:75:31: error: missing ')' after defined .../../include/openssl/opensslconf.h:75:32: error: missing binary operator before token SHA Which are due to the presence of dashes in defines such as: openssl/opensslconf.h if defined(OPENSSL_NO_AES128-SHA) if defined(OPENSSL_NO_DHE-RSA-AES128-SHA) So on so forth. So, that's seemingly not the way to call ./Configure with the 'no-' option. Then I tried using: ../Configure no-aes no-rsa no-dss no-rc4 no-rc2 This works, but gives only these two ciphers: openssl ciphers -v EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56) EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Enc=DES(40) export What I'm trying to find is how to precisely have all of the 'export' ciphers along with the 56-bit ones not tagged as exportable. What would be the proper way to use the Configure 'no-' option to achieve this ? Thanks again for any suggestions/hints/comments ! The OpenSSL configuration tools do not support such limitation. libcrypto does not support any limitation at all beyond removing algorithms with the side effects you already noted. RC4 is a 128bit algorithm. Its 40bit incarnation just uses 88 known bits to fill the key. You could adjust the ciphers supported by your own software by selecting only the export ciphers openssl ciphers -v EXP see man SSL_CTX_set_cipher_list. If this is not sufficient you may check out ssl/sslv3.c etc and actually remove the ciphers you don't want to support in your libssl from the registration tables. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: DES-only OpenSSL version
Fred Picher: For export regulations compliance I must dumb down OpenSSL to use only DES. And that's only DES, no 3DES ! So I got it down to: Are you sure you aren't trying to comply with ancient regulations that no longer apply? It's been years since anyone I know of has had to dumb their products down that far. The United States has largely accepted that if US firms can't export strong crypto, the 'bad guys' will just use crypto from other nations or open source products. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]