I'm coming close to the end of the work to get OpenSSL FIPS-140ed. So,
if people have comments/changes/concerns, they'd better get a move on
and clue me in, because once its done we can't change it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no
out affecting FIPS certification. Secondly, it means changes
required by FIPS can be isolated in the certified code. For example,
FIPS requires an approved PRNG, but I am not up for replacing OpenSSL's
PRNG with X9.17 except in FIPS mode.
> - Are both the static libraries and dynamic
After reviewing the email archives for both the developer and user
groups, I have a lot of questions:
- What platforms are being FIPS certified?
- Is it FIPS 140-2?
- What version of OpenSSL does it correspond to? 0.9.7b?
- Are both the static libraries and dynamic libraries to be certified?
If no
on their site?
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ben Laurie
Sent: Friday, September 05, 2003 2:02 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: FIPS mode
Chris Brook wrote:
> If I read your reply right, responsibility for DA
On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
> > - What version of OpenSSL does it correspond to? 0.9.7b?
>
> "Yes, and the FIPS specific routines will be carried forward in future
> OpenSSL releases. Only the "cryptographic module" containing the
> relevant cryptographic module implementations
ember 05, 2003 5:56 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: FIPS mode
Verdon Walker wrote:
> After reviewing the email archives for both the developer and user
> groups, I have a lot of questions:
Answers in quotes were written by someone else, answers not in quotes
It is unfortunate that the process could not
have been more open, but I considered the goal worth that sacrifice,
Not a problem for me. :)
This is great -- one of the most exciting things I've seen in a long time!
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology
Mathias Brossard wrote:
> On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
>
>>>- What version of OpenSSL does it correspond to? 0.9.7b?
>>
>>"Yes, and the FIPS specific routines will be carried forward in future
>>OpenSSL releases. Only the "cryptographic module" containing the
>>relevant cryptog
Chris Brook wrote:
> If I read your reply right, responsibility for DAC and Known Answer Test
> checking is the responsibility of the app developer, though you will provide
> the DAC checksum for the crypto module. Have you also included the KATs,
> since they essentially exist the OpenSSL test m
Chris Brook wrote:
> Item #2: typically FIPS-140 certified code is delivered as a binary,
> tested by a lab and checked at both source and binary level, so the
> opportunity to modify is not there (DAC test will fail). With
> OpenSSL source that's not the case unless the developer of the
> produc
On Fri, 2003-09-05 at 19:59, Ben Laurie wrote:
> Mathias Brossard wrote:
> > - Asymmetric: DSA, RSA, ECDSA
>
> Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we
> aren't doing.
It's a little disappointing that RSA is not part of the process (it is
much more common than DS
Mathias Brossard wrote:
> On Fri, 2003-09-05 at 19:59, Ben Laurie wrote:
>
>>Mathias Brossard wrote:
>>
>>>- Asymmetric: DSA, RSA, ECDSA
>>
>>Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we
>>aren't doing.
>
>
> It's a little disappointing that RSA is not part of the pr
Mathias Brossard wrote:
It's a little disappointing that RSA is not part of the process (it is
much more common than DSA). Looking at the list of validated modules
http://csrc.nist.gov/cryptval/140-1/1401val.htm I see in the field
"FIPS-approved algorithms" the value "RSA (PKCS #1, vendor
ld very much like to know
about them, since I wrote this out of my explorations for figuring out
how to use the library myself. ;) Thanks!
-Kyle H
!DRAFT! -- FIPS-140-2 certification is not yet finalized -- !DRAFT!
Using the FIPS-certified mode of OpenSSL
There are really three main steps to us
t in a message body.
>
We will be giving full details about the use of FIPS mode in due course.
At present some details are being finalized so we can't give definitive
answers about the precise procedure which must be followed.
Currently, for example, ONE specific version of OpenSSL would
yle Hamilton wrote:
>
> > Hi, I just figured I'd write something up for your perusal,
> > modification, and possible inclusion into the HOWTO list. I'm
> > attaching it as a file; if it doesn't come through, please let me
> > know, and I'll resend it in a
r than none of this is set in stone...
The API is likely to stay the same.
*What* you link to and *how* you do that may change.
There are also various other things which an application will need to do to be
compliant, it is *not* just a case of successfully entering FIPS mode.
Steve.
--
Dr Stephe
how* you do that may change.
>
> There are also various other things which an application will need to do to be
> compliant, it is *not* just a case of successfully entering FIPS mode.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP key
check via OPENSSL_ia32cap, so should work fine with or
without SSE/SSE2 support. Why fail FIPS mode unconditionally?
Thanks,
John
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hi,
My question is regarding the library in FIPS mode and the
FIPS_selftest function.
The current FIPS_selftest routine in 0.9.8k calls sha1, hmac, aes, des, rsa,
and dsa selftests. It doesn't call any sha256, 512 KAT selftests and I didn't
find these routines in the
I have a slightly non-standard (and non-security-policy-compliant)
FIPS mode setup, generated with:
cvs -d/home/kyle/openssl/repository co -rOpenSSL_FIPS_1_0 \
-d /home/kyle/openssl/work openssl
./config fips --prefix=/home/kyle
make
make test
make install
(the 'non-security-policy-comp
on a
runtime CPUID check via OPENSSL_ia32cap, so should work fine with or
without SSE/SSE2 support. Why fail FIPS mode unconditionally?
You're referring to the as-yet-to-be validated v1.2 OpenSSl FIPS Object
Module. You are correct that from a technical perspective SSE support
cou
On Tue, Oct 27, 2009, Miller, Rob (Omaha) wrote:
> Hi, My question is regarding the library in FIPS mode and the FIPS_selftest
> function. The current FIPS_selftest routine in 0.9.8k calls sha1, hmac,
> aes, des, rsa, and dsa selftests. It doesn't call any sha256, 512 KAT
>
Miller, Rob (Omaha) wrote:
Hi,
My question is regarding the library in FIPS mode and the
FIPS_selftest function.
The current FIPS_selftest routine in 0.9.8k calls sha1, hmac, aes,
des, rsa, and dsa selftests. It doesn’t call any sha256, 512 KAT
selftests and I didn’t find these routines
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dr. Stephen Henson
Sent: Tuesday, October 27, 2009 12:18 PM
To: openssl-dev@openssl.org
Subject: Re: sha256 in FIPS mode.
On Tue, Oct 27, 2009, Miller, Rob (Omaha) wrote:
> Hi, My question
Miller, Rob (Omaha) wrote:
Thanks for your answer.
I have an additional questions about the FIPS_selftest API call. The user guide
states that FIPS_selftest can be called for initiated self tests. What is the
reason that the incore fingerprint is not validated again in the FIPS_selftest
api?
Title: Disabling for FIPS mode, take 2
Based on the feedback from several of you, Steve Henson in particular,
I've had another try at a mechanism for disabling non-FIPS algorithms
in FIPS mode. Flag bits in the EVP_CIPHER and EVP_MD structures
indicate the suitability of the algorit
ct (as far as it goes) -- it should, in my view, result in a
> compilable program that can be used to verify that the library will go
> into FIPS mode. (The SP also fails to mention that you can't use the
> library in non-FIPS mode without the use of the fipsld command.)
>
The
Hi,
After building OpenSSL FIPS module in a manner required by security policy,
I tested non-supported algorithm in FIPS mode. I saw two different result
behaviours:
1. application aborts
when non-supported symmetric key encryption algorithms are invoked,
like rc2, rc4
Is this correct for openssl 0.9.8 using FIPS?
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
1 handshakes of 256 bytes done
gmake[1]: *** [test_ssl] Error 1
ithout any indication in the private key file that this is so. The result is
that private keys generated in FIPS mode can't be accessed outside FIPS mode
and vice-versa. I also suspect that the error produced by attempting to access
keys from different modes is just a decrypt failure which is
On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
[...]
> OpenSSL already supports various private key formats which only use FIPS
> approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> solution is to just change the behaviour of PEM_write_PrivateKey()
On Fri, Jul 02, 2004, Jack Lloyd wrote:
> On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
>
> [...]
> > OpenSSL already supports various private key formats which only use FIPS
> > approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> > solution is to
Title: RE: Disabling for FIPS mode, take 2
On Friday, July 02, 2004 4:52 PM Dr. Stephen Henson wrote:
>> Two related patches I posted earlier are for a FIPS specific default
>> ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases
>> (pem_lib.c). Any addi
: Disabling for FIPS mode, take 2
On Fri, Jul 02, 2004, Jack Lloyd wrote:
> On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
>
> [...]
> > OpenSSL already supports various private key formats which only use FIPS
> > approved algorithms, for example PKCS#8 w
> >it doesn't need to be changed.
>
> So you're saying just have PEM_write_bio_PrivateKey drop through to
> PEM_write_bio_PKCS8PrivateKey in FIPS mode? That could work. I suppose I
> could do the same substitution at the application level as well, in lieu of
Title: RE: Disabling for FIPS mode, take 2
On Tuesday, July 06, 2004 Dr. Stephen Henson wrote:
>> I was able to convert OpenSSH PEM format keys to PKCS#8 easily enough using
>> openssl pkcs8, but how do I convert the PKCS#8 back to the original format?
>>
>
>Wel
Title: RE: Disabling for FIPS mode, take 2
On Tuesday, July 06, 2004 Dr. Stephen Henson wrote:
>> So you're saying just have PEM_write_bio_PrivateKey drop through to
>> PEM_write_bio_PKCS8PrivateKey in FIPS mode? That could work. I suppose I
>> could do the s
On Wed, Jul 07, 2004, Marquess, Steve Mr JMLFDC wrote:
> On Tuesday, July 06, 2004 Dr. Stephen Henson wrote:
>
> >> So you're saying just have PEM_write_bio_PrivateKey drop through to
> >> PEM_write_bio_PKCS8PrivateKey in FIPS mode? That could work. I sup
Title: RE: Disabling for FIPS mode, take 2
Chris Brook wrote:
>As far as I understand it, FIPS 140-2 requires that you use a FIPS approved
>RNG for generating keys (if that's what you meant below). This includes
>ANSI X9.31 and FIPS 186-2, neither of which of course ar
Title: RE: Disabling for FIPS mode, take 2
I had
heard that there were issues with the X9.31 implementation. As I said we
have got certs for both X9.31 and 186-2 so if you need anything let me
know. We could contribute the routines to OpenSSL if that would
help.
Chris
-Original
On Tue, Jul 10, 2007, Raymond Yuan wrote:
> Hi,
> After building OpenSSL FIPS module in a manner required by security
> policy, I tested non-supported algorithm in FIPS mode. I saw two different
> result behaviours:
>
> 1. application aborts
> when no
> Is this correct for openssl 0.9.8 using FIPS?
>
> test SSL protocol
> test ssl3 is forbidden in FIPS mode
> *** IN FIPS MODE ***
> Available compression methods:
> 1: zlib compression
> SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> 1 handshakes
>
> > Is this correct for openssl 0.9.8 using FIPS?
> >
> > test SSL protocol
> > test ssl3 is forbidden in FIPS mode
> > *** IN FIPS MODE ***
> > Available compression methods:
> > 1: zlib compression
> > SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES
On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
>
> TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC which
> is a problem, but the reason for not using SSLv3 is FIPS regulation.
"Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which is
carefully
d
> On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
> >
> > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
which
> > is a problem, but the reason for not using SSLv3 is FIPS regulation.
>
> "Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which
> i
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
>
>
> > On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
> > >
> > > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
> which
> > > is a problem, but the reason for not using SSLv3 is FIPS regulation.
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
>
>
> "Not Exactly"? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which
> is IMHO very cleaver as it requires both HASH functions to be broken. But,
> the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The
> spe
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all algorithms
and when in FIPS mode it disables the use of non-approved algorithms.
A single
On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote:
> The Doctor wrote:
>> That being said, how do you get openssl to compile with FIPS
>> and be backwards compatable at the same time?
>
> That is what the FIPS mode is for - the library built supports all
> alg
On Mon, Sep 22, 2008, The Doctor wrote:
>
>
> Apart from me, anyone else tried the fipdso in their configuration
> as extensively as I have?
>
The fipsdso option isn't terribly useful for most users. To use it you need
a corresponding binary validated shared library installed.
If you want t
On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> On Mon, Sep 22, 2008, The Doctor wrote:
>
> >
> >
> > Apart from me, anyone else tried the fipdso in their configuration
> > as extensively as I have?
> >
>
> The fipsdso option isn't terribly useful for most users. To use
On Tue, Sep 23, 2008, The Doctor wrote:
> On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> > On Mon, Sep 22, 2008, The Doctor wrote:
> >
> > >
> > >
> > > Apart from me, anyone else tried the fipdso in their configuration
> > > as extensively as I have?
> > >
> >
> > The
On Tue, Sep 23, 2008 at 06:46:31PM +0200, Dr. Stephen Henson wrote:
> On Tue, Sep 23, 2008, The Doctor wrote:
>
> > On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> > > On Mon, Sep 22, 2008, The Doctor wrote:
> > >
> > > >
> > > >
> > > > Apart from me, anyone else tried th
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it disables the use of non-approved
algorithms
David Jacobson wrote:
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it disables the use of non
On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote:
> David Jacobson wrote:
>> Tim Hudson wrote:
>>> The Doctor wrote:
>>>> That being said, how do you get openssl to compile with FIPS
>>>> and be backwards compatable at the same time?
>&
The Doctor wrote:
...
Note also that due to an implementation quirk you need to clear the
currently set RNG when switching back into FIPS mode.
It is not an implementation quirk, it is a requirement of FIPS 140. FIPS
140 requires that when switching modes all keys and "critical sec
The Doctor wrote:
On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote:
David Jacobson wrote:
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the
Is it intended that it is not possible to re-enter FIPS mode via
FIPS_mode_set(1) after previouly calling FIPS_mode_set(1) then
FIPS_mode_set(0)? If you do so, the RAND_bytes() call at fips.c line 307
fails. It seem the sequence of events is this:
1. FIPS_mode_set(1), RAND_set_rand_method
Hi,
I am an Openssl newby. Recently I am trying to build FIPS module and
FIPS capable lib on a Linux system.
I notice that all the fips_xxxtest programs at link time all go through
fipsld and linked with a digest. I expect
the same thing with application "openssl", but I don't see it happens
According to Dr. Henson, this is a known problem and can be fixed by:
RAND_set_rand_method(NULL);
when calling FIPS_mode_set(0);
Ken
John Firebaugh <[EMAIL PROTECTED]> wrote: Is it intended that it is not
possible to re-enter FIPS mode via
FIPS_mode_set(1) after previouly c
Because the 'fipsld' script isn't actually necessary to pass FIPS
validation. The steps that that script does are necessary to maintain
validation, but they can be done by anything (once the FIPS canister
is created, anyway). Try setting "OPENSSL_FIPS=1" in your
environment, and make sure that th
ere is no fingerprint, but it seems to pass FIPS_mode_set
> without problem?
>
The openssl utility doesn't enter FIPS mode unless the environment variable
OPENSSL_FIPS=1 .
Now the reason this works is because in shared library builds the openssl
utility is linked to the openssl shared libra
but it seems to pass FIPS_mode_set
without problem?
The openssl utility doesn't enter FIPS mode unless the environment variable
OPENSSL_FIPS=1 .
Now the reason this works is because in shared library builds the openssl
utility is linked to the openssl shared library and *that* has the fin
65 matches
Mail list logo
