Hello,
We are using FOM 2.0.9 for an embedded product that will go for FIPS
validation. Validation of the full product, that is. All development so far
is with 2.0.9. What would be the reasons, if any, to update to 2.0.12 before
going to the lab ?
Thanks - comments much appreciated.
--
Thanks for the explanation.
> Just link against the library produced by the FIPS capable
> OpenSSL build. If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?
The confusion came from trying to
FIPS: Need to use FIPS versions of (EVP) methods ?
In FIPS mode, is there a need to use the FIPS_* methods instead of the
regular ones once FIPS_mode_set(1) was successfully executed ? For
instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1()
? Wouldn't the FIPS version of
The current FIPS User Guide mentions:
"3.3 Creation of Shared Libraries
The FIPS Object Module is not directly usable as a shared
library, but it can be linked into an application that is a
shared library. A “FIPS compatible” OpenSSL distribution will
automatically incorporate an
Hello,
Is it normal to get a 'linker imput file unused because linking
not done' warning when compiling C code that uses OpenSSL in FIPS
mode, hence using fipsld ?
The object file is actually generated,a s well as the executable,
and it does execute in a meaningful manner.
The warning:
[...]
Hello,
Is it possible to simulate FIPS failure at run-time, at any given time ? Or
does OpenSSL have to start in failure simulation mode ? Also, is failure
simulation a standard part of a normal, non-debug, build ?
Thanks.
--
View this message in context:
Hello,
Does 2.0.12 support 186-4 ? Specifically, does it support the RSA requirements
?
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
Is there anything new regarding the prime number requirement handling for
FIPS 186-4, as far as supporting it ? I asked some time ago. Just want to
see if anything has changed, if there's anything planned. - thanks !
--
View this message in context:
Hello,
Does OpenSSL allows TLS 1.0 when running in FIPS mode ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/TLS-1-0-in-FIPS-mode-tp65343.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe:
Hello,
Using 1.0.1e running FIPS module 2.0.9, the following two
commands for querying the ciphers do not yield the same results.
There are more ciphers declared in the 'string' version.
The 'environment variable' version:
% OPENSSL_FIPS=1 openssl ciphers -v |
The 'string' version:
% openssl
> Does FIPS mode prevent use of MD5: Yes.
> Does FIPS mode prevent insecure uses of SHA-1 (a FIPS
> algorithm): No.
> Does FIPS mode prevent the SSL/TLS handshake from using 96 bit
> truncated HMAC values: Probably not.
> Does FIPS mode prevent use of the insecurely designed
> 'tls-unique'
Does this mean that running 1.01e in FIPS mode is protected regarding this
SLOTH attack ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62074.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
this means an upgrade ?)
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61769.html
Sent from the OpenSSL - User mailing list
Sorry, I forgot: What about the code itself, if we do not mind the validation
? Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61774.html
Sent
What would then be the permitting conditions to pursue a new validation ? If
you don't mind me asking. I have read several notes you have on the subject
and I agree that the whole thing is of Dedalus proportions. In a nutshell
what would be these conditions ?
Thanks, much appreciated.
--
Fair enough (in this context). But what about the code itself, is it ready
to be RSA 186-4 compliant ?
And, if we go through a validation, can OpenSSL benefit from it ?
--
View this message in context:
Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
it make functional sense using those versions to patch RSA_generate_key_ex()
(../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
Hello,
I would like to see the bug fix for RT3515 'Use 3DES in pkcs12 if built with
no-rc2' although the opnssl tree I got recently does not show it:
% git status
On branch master
Your branch is up-to-date with 'origin/master'.
% git show 92830dc1ca0bb2d12bf05a12ebb798709595fa5a
fatal: bad
Hello,
There is a thread in 2013 (30 May 03:15) in which Steve writes that OpenSSL
1.0.1 has a bug regarding the use of PKCS12 in FIPS mode since it tries to
handle a certificate using a non-FIPS component. I think I found the commit
that fixes this, although it is part of a quite huge
In the NSA page referred above, the p-384 curves are specifically mentioned
for DH. These would be the ones covered by the Suite B NSA license
sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS
in such a way that only these curves will be used ?
Regards.
--
View this
Sorry if this is answered elsewhere ...
Is the version control repository as well as the bug tracker of public read
access ?
Is it possible to find a specific commit in the OpenSSL repository that would
hopefully fix a single discovered/reported bug ?
We have hit the
In 1.0.1e the following is observed when using OpenSSL in FIPS mode:
% OPENSSL_FIPS=1 openssl pkcs12 -export -in
/tmp/ipsec.d/certs/192.168.11.1 -inkey
/tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out
/tmp/ipsec.d/192.168.11.1.p12 -password pass:""
Hello,
Sorry if this is a bit beside OpenSSL per se, the idea behind this post is to
perhaps have some information form the OpenSSL experience with FIPS validation.
There was so much effort put into FIPS compliance that it would not be
far-fetched to consider that there is also knowledge
> From: "Steve Marquess"
> Date: 10/21/15 14:18
> See Appendix B of the OpenSSL FIPS User Guide:
> https://openssl.org/docs/fips/UserGuide-2.0.pdf
Thanks.
> The specific algorithm tests have changed quite a bit since then
> (constant change is part of the fun), but
> From: "Salz, Rich"
> Date: 09/14/15 16:07
> Are you talking about the command-line?
Yes.
> It would be great if someone sent in a patch that standardized
> and documented exit codes, like 0 for got a "good"
> response, "1" for got a "bad" response, and 10 for got an
>
Hello,
The documentation does not seem too clear about what the behaviour exactly is
when OpenSSL deals with a broken OCSP responder. For instance, one that would
send an OK without any contents. We call openssl from an application and would
like to know what is returned in such a case, or
Thanks for your comments - much appreciated. What is exactly the poodle
patch and how doe sit come into providing some form of protection against
the BEAST attack ?
--
View this message in context:
Does this mean, since the 'no insert fragments' is part of SSL_OP_ALL, that
OpenSSL is BEAST-proof since some time regarding it's use of TLS 1.0 and SSL
3.0 ?
Thanks.
--
View this message in context:
OK. So this means that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not the
solution for the BEAST attack. Is there a solution while keeping TLS 1.0
and SSL v3.0 ?
Thanks.
--
View this message in context:
Hello,
Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL
1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as
0x0800L and several tests are made for this value in the code. The CHANGES
mentions though that this had some side effects, the
The validation is on the ARM platform using Linux 2.4. I am one of those
'unlucky' having to deal with FIPS so please pardon any silly questions.
Would this validation be limited to these two aspects ? And, is there any
money-saving advantage at using an already validated OpenSSL when the whole
Even a small convenience is still a convenience.
And eventually they add up.
Thanks for the comments - it's appreciated.
--
View this message in context:
http://openssl.6102.n7.nabble.com/SHA256-to-EVP-tp57774p57826.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
correlation to the EVP methods, let alone an
Thanks for the comments.
If you are implementing HMAC, perhaps for PBKDF2 (which does
that prehash-if-too-long), I hope you mean the code does...
Yes it does.
The man page (the one online from OpenSSL project - SHA256.html)
gives a description using SHA1() which computes a message digest.
SSLv3 in the ciphersuite definition means it can be used in
SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3,
and then again for TLS1.0, and again for TLS1.1 etc - its just
defined once and is reused across multiple protocol versions.
Yes, this is what I basically understood.
That refers to the minimum version of the ciphersuite: it
doesn't imply that it will only be used in SSLv3 (which is
disabled in FIPS mode).
Hmmm... I'm sorry but I do not really understand this. Since openssl is
run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3
ciphers
Hello,
What would be the equivalent of the SHA256() function in the EVP
class of methods ? EVP_sha256() could be it, although from the
short description in manual page it does not seemingly fit in,
returning a EVP_MD which is, if not mistaken, a env_md_st
structure.
The code I'm adapting to EVP
Hi,
... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)
https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0
Specifically:
FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0
FCS_TLSS_EXT.2.2 The TSF shall deny connections
Hello,
In FIPS mode SSL 3.0 is not allowed: that has always been the
case.
% openssl version
OpenSSL 1.0.1f 6 Jan 2014
% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
ECDHE-RSA-AES256-SHASSLv3
ECDHE-ECDSA-AES256-SHA SSLv3
DHE-RSA-AES256-SHA SSLv3
DHE-DSS-AES256-SHA SSLv3
What is the security risk?
Management ? :)
--
View this message in context:
http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57670.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
It can be indeed easy to find out about companies in Hartford, CT but, I
still do not see any threat to any existing product. 'Having problems with
OpenSSL' is not good enough.
In any case, when concerned, do like many people and use a pseudo from
another mailing system. Employees will not gain
From: Steve Marquess marqu...@openssl.com
Date: 04/14/15 09:31
and note that of the 101 platforms (OEs) appearing there, most of
those operating systems are neither CC certified nor have any other FIPS
140-2 validated crypto. Keep in mind that at Level 1 the validation
applies to the
Salz, Rich wrote
As the old joke goes, if you have to ask, you can't afford it.
Well, exploration can be free. I noticed that Strongswan uses a plug-in
architecture for crypto that seemingly allows the use of OpenSSL instead of
the kernel for crypto operations, for use under FIPS. Does anyone
Thanks for all the comments, they're much appreciated. It is a Debian
system, so there is no Red Hat FIPS validation (or SuSE which also has one I
think) or validated components that can be used.
If I may, I'd like to ask about including the Linux kernel in the
validation. Now, including glibc2
Thanks for the comments - much appreciated.
The following question might be on the naive side of things, but then I'm
all new to this. Since crypt() in glibc2 supports SHA-256 and SHA-512 for
password, and assuming that these two are FIPS compatible, what would be the
(financial) overhead of
Hello,
As part of development, still using the fips_hmac test code, this time on a
target unit using 1.0.1e, the following errors are shown at the console:
3069614096:error:2D088086:FIPS
routines:FIPS_selftest_x931:selftest
failed:fips_rand_selftest.c:171:
3069614096:error:2D082086:FIPS
From: jonetsu jone...@teksavvy.com
Date: 03/26/15 11:11
Is FIPS_mode_set(1) taking care of setting up a default DRBG ?
Yes. It does. When using post_cb() from fips_test_suite.c in for instance the
fips_hmac.c demo, with only but a FIPS_mode_set(1) call, it is reported that
the four
Hello,
Is FIPS_mode_set(1) taking care of setting up a default DRBG ? Would a
subsequent call to RAND_pseudo_bytes() for instance be using the default DRBG (
256-bit CTR AES ?) There are quite a few DRBG-related FIPS methods described in
the User Guide, and one that is called
Hello,
When an application does not define OPENSSL_DRBG_DEFAULT_TYPE nor
OPENSSL_DRBG_DEFAULT_FLAGS nor any compilation options (if applicable), is the
default DRBG the 256 bit CTR AES (+ deviation function) in FIPS mode ?
Regards.
___
Hello,
This is not about OpenSSL, although from experience, maybe some know the
answer. Does anyone know if actual documentation exists for the Linux kernel
FIPS mode apart from the source itself ? There is nothing in Documentation/ as
per 3.18.2. - thanks.
Regards.
From: Steve Marquess marqu...@openssl.com
Date: 03/24/15 12:38
No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early
2014) for use as-is in doing copycat validations. Some non-trivial code
hacks will be necessary.
We'll do a new open source based validation to
From: Steve Marquess marqu...@openssl.com
Date: 03/24/15 09:22
At the time that validation was obtained the four (at the time) DRBGs
were specified by SP800-90. That document was subsequently reissued in
several pieces; the current SP800-90A now contains the specifications
for the three
Hello,
Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the
OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So
the certifications were made for SP 800-90, is that right ?
Also, does it depend on the application to choose which DRBG and
From: Dr. Stephen Henson st...@openssl.org
Date: 03/20/15 12:48
OPENSSL_FIPS=1 openssl ciphers -v
openssl ciphers -v FIPS
Thanks, this works great, on the workstation where I have installed at default
development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.
However, we
Hello,
I have the impression that the 'ciphers -v' option to openssl, when OpenSSL
is compiled in FIPS mode, lists more than FIPS-only. There are RC5 and RC4 in
there, for instance. Is there a specific openssl command that will list only
the ones that are FIPS-allowed ?
Regards.
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local
From: Dr. Stephen Henson st...@openssl.org
Date: 03/17/15 12:28
What are the two platforms? That is what does:
First of all, I'm very, very sorry to have posted duplicates of the question.
The web-access email client is, was, a bit on the fuzzy side, stalling and
reporting errors.
It
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local
Hello,
There is a problem with compiling the openssl-1.0.1e.tar.gz
sources against the FIPS 2.0 canister.
On my machine the following is declared global:
000dd3c0 T private_AES_set_decrypt_key
000dd0f0 T private_AES_set_encrypt_key
On another machine, they are declared local
Hello,
An application that needs converting to FIPS is currently using
AES_ctr128_encrypt(). That function calls in turn
CRYPTO_ctr128_encrypt() which then does some internal
computations. They are not documented in the 'full list of
crypto APIs'. What would be the FIPS-compatible EVP
Hello,
The licenses, patents for ECC was noticed. In short, if we do not care about
this in the sense of not willing to be in any patent infringement situation
down the road, the -ecb archive should be used, is that right ? Also, there is
a mention of a NSA-PLA.pdf agreemnet statement.
From: Dr. Stephen Henson st...@openssl.org
Date: 03/10/15 20:04
I mean you could add a callback to FIPS_mode_set using
FIPS_post_set_callback: see the fips_test_suite.c application
for an example. The supplied callback is called during each
POST, continuous RNG and pairwise consistency
Hello,
Is there a method that is always in the path of execution when a crypto error
occurs ? The reason for asking is that I would like to very slightly modify
the OpenSSL FIPS version so that it will write a file in tmpfs when an error
occurs. That place will be observed by another app
From: Steve Marquess marqu...@openssl.com
Date: 03/10/15 08:56
Hello,
Thanks for your reply.
You're talking about a Level 2 validation (or higher)? You most
definitely do *not* want to include the OS or applications in the
cryptographic module boundary for Level 1.
It's a level 2.
Is there a method that is always in the path of execution when a crypto error
occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to
create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on
From: Dr. Stephen Henson st...@openssl.org
Date: 03/10/15 10:21
Although you cannot modify the FIPS module itself without voiding the
validation you *can* change the FIPS capable OpenSSL.
You might (for example) change FIPS_mode_set() to always add a callback
which logs any errors.
I
Hello,
I tried a simple test to see if FIPS mode would fail, using the example given
in the FIPS user guide 2.0. The test consisted of replacing the /dev/random
and /dev/urandom with /dev/zero. I would have expected that no source of
randomness would make the tests ran at the call of
Hello,
To grasp how FIPS methods are called, and following one method
as an example, HMAC_Update() in hmac.c, we can see that if FIPS
mode is active then FIPS_hmac_update() will be called. This is
fine although searching the sources for the physical definiton of
FIPS_hmac_update() does not
On Feb 19, 2015 10:50am Henrik Grindal Bakken wrote:
I'm not sure it will be called on every conceivable error in
the FIPS module, but what I do in similar situations is
something like this:
static int post_cb(int op, int id, int subid, void *ex)
{
if (op == FIPS_POST_FAIL)
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Date: 02/19/15 11:34
Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
The low level cipher and digest APIs cannot be used in FIPS mode: you have to
use EVP.
That's quite an important
-Original Message-
From: Salz, Rich rs...@akamai.com
To: openssl-users@openssl.org
Date: 02/19/15 07:43
Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
For that matter and in a general sense, so far I've seen that many
encryption
methods do not
-Original Message-
From: Marcus Meissner meiss...@suse.de
To: openssl-users@openssl.org
Date: 02/19/15 08:07
Subject: Re: [openssl-users] OpenSSL FIPS mode system integration
Well, the writing is that the crypto module must stop operating
on error.
We solved this by
Steve Marquess marqu...@openssl.comwrote on 01/27/15 09:18:
Thank you (and Tom) for your comments - much appreciated.
Tom Francis nailed the answer to this one. We did design the FIPS module
+ FIPS capable OpenSSL combination to make it possible to have a
system wide FIPS mode capability, but
74 matches
Mail list logo