fips issue with PEM_write_bio_RSAPrivateKey - Openssl

This is a discussion on fips issue with PEM_write_bio_RSAPrivateKey - Openssl ; Hi, When fips mode enabled I am running into issue with this call in my code 1) Issue:- --------------------- PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL, some_cb, NULL) When I checked the code which in turns points to int PEM_ASN1_write_bio(i2d_of_void *i2d, const ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: fips issue with PEM_write_bio_RSAPrivateKey

  1. fips issue with PEM_write_bio_RSAPrivateKey

    Hi,

    When fips mode enabled I am running into issue with this call in my code

    1)
    Issue:-
    ---------------------
    PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL, some_cb, NULL)

    When I checked the code which in turns points to

    int
    PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    ********************** char *x,const EVP_CIPHER *enc, unsigned char *kstr,
    ********************** int klen, pem_password_cb *callback, void *u)

    The source where I extracted from is
    cvs -d anonymous@cvs.openssl.org:/openssl-cvs co -r OpenSSL-fips-0_9_8-stable openssl

    2)
    In this implementation internally its using EVP_md5() which is not supported by FIPS.

    So is there a patch for this one..? or* a different* API which I could us, which is FIPS compliant.

    Thanks,
    Justin





  2. Re: fips issue with PEM_write_bio_RSAPrivateKey

    On Tue, Aug 12, 2008, Justin A wrote:

    > Hi,
    >
    > When fips mode enabled I am running into issue with this call in my code
    >
    > 1)
    > Issue:-
    > ---------------------
    > PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL, some_cb, NULL)
    >
    > When I checked the code which in turns points to
    >
    > int
    > PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    > ********************** char *x, const EVP_CIPHER *enc, unsigned char *kstr,
    > ********************** int klen, pem_password_cb *callback, void *u)
    >
    > The source where I extracted from is
    > cvs -d anonymous@cvs.openssl.org:/openssl-cvs co -r OpenSSL-fips-0_9_8-stable openssl
    >
    > 2)
    > In this implementation internally its using EVP_md5() which is not supported by FIPS.
    >
    > So is there a patch for this one..? or* a different* API which I could us, which is FIPS compliant.
    >


    OpenSSL 0.9.8 does not support FIPS mode.

    The validated 0.9.7 source and the (hopefully) soon to be validate 0.9.8-fips
    source in FIPS mode redirects such calls automatically to
    PEM_write_bio_PKCS8PrivateKey() which uses SHA1 for key derivation.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: fips issue with PEM_write_bio_RSAPrivateKey

    Thanks for the reply. Appreciated.

    Have couple of question which are bothering me.

    These are the steps I followed to build the fips . The place where I download
    ftp://ftp.openssl.org/snapshot/

    1) Download* openssl-fips-test-1.2.0.tar.gz , build it with ./config fipsoption to generate fipsld, fipscanister,..etc* and downloaded the latest* openssl-0.9.8-fips-test-SNAP-20080813.tar.gz* to build the fips capable openssl libcrypto and libssl . Are these steps right ..? which I followed through the README.

    2) I tried checking the PEM_ASN1_write_bio and even the PEM_read_bio which also uses EVP_md5() internally in 0.9.7. In which of the 0.9.7 fips capabledistribution did you mention that it uses EVP_sha1() internally..I could not find it, can you please point me to that? Is there a test website where I can download bits for 0.9.8* which as EVP_sha1() implemented..?*

    3) Lastly all the* PEM_write_bio_** routines points to this function PEM_ASN1_write_bio which uses md5() internally. Will this change to sha1() inthe coming releases of 0.9.8..? to supports fips..?

    Thanks,
    Justin
    *
    --- On Wed, 8/13/08, Dr. Stephen Henson wrote:
    From: Dr. Stephen Henson
    Subject: Re: fips issue with PEM_write_bio_RSAPrivateKey
    To: openssl-users@openssl.org
    Date: Wednesday, August 13, 2008, 3:28 AM

    On Tue, Aug 12, 2008, Justin A wrote:

    > Hi,
    >
    > When fips mode enabled I am running into issue with this call in my code
    >
    > 1)
    > Issue:-
    > ---------------------
    > PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL,

    some_cb, NULL)
    >
    > When I checked the code which in turns points to
    >
    > int
    > PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    > ********************** char *x, const EVP_CIPHER

    *enc, unsigned char *kstr,
    > ********************** int klen, pem_password_cb

    *callback, void *u)
    >
    > The source where I extracted from is
    > cvs -d anonymous@cvs.openssl.org:/openssl-cvs co -r

    OpenSSL-fips-0_9_8-stable openssl
    >
    > 2)
    > In this implementation internally its using EVP_md5() which is not

    supported by FIPS.
    >
    > So is there a patch for this one..? or* a different* API which I could

    us, which is FIPS compliant.
    >


    OpenSSL 0.9.8 does not support FIPS mode.

    The validated 0.9.7 source and the (hopefully) soon to be validate 0.9.8-fips
    source in FIPS mode redirects such calls automatically to
    PEM_write_bio_PKCS8PrivateKey() which uses SHA1 for key derivation.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org





  4. Re: fips issue with PEM_write_bio_RSAPrivateKey

    On Wed, Aug 13, 2008, Justin A wrote:

    > Thanks for the reply. Appreciated.
    >
    > Have couple of question which are bothering me.
    >
    > These are the steps I followed to build the fips . The place where I download
    > ftp://ftp.openssl.org/snapshot/
    >
    > 1) Download* openssl-fips-test-1.2.0.tar.gz , build it with ./config fips option to generate fipsld, fipscanister,..etc* and downloaded the latest* openssl-0.9.8-fips-test-SNAP-20080813.tar.gz* to build the fips capable openssl libcrypto and libssl . Are these steps right ..? which I followed through the README.
    >
    > 2) I tried checking the PEM_ASN1_write_bio and even the PEM_read_bio which also uses EVP_md5() internally in 0.9.7. In which of the 0.9.7 fips capable distribution did you mention that it uses EVP_sha1() internally..I could not find it, can you please point me to that? Is there a test website where I can download bits for 0.9.8* which as EVP_sha1() implemented..?*
    >
    > 3) Lastly all the* PEM_write_bio_** routines points to this function PEM_ASN1_write_bio which uses md5() internally. Will this change to sha1() in the coming releases of 0.9.8..? to supports fips..?
    >


    The PEM_ASN1_write_bio() function is only really used with encryption and
    private keys. So you need to check out PEM_write_bio_PrivateKey() et al.

    The MD5 PEM based encryption is non standard and unique to OpenSSL. It has
    been there since the SSLeay days. It is retained for compatibility.

    Instead of making up another non standard version for FIPS mode the
    standardised PKCS#8 format is used instead. In some future version of OpenSSL
    PKCS#8 will be the default private key format.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. Re: fips issue with PEM_write_bio_RSAPrivateKey



    Dr. Stephen Henson wrote:
    > On Tue, Aug 12, 2008, Justin A wrote:
    >
    >> Hi,
    >>
    >> When fips mode enabled I am running into issue with this call in my code
    >>
    >> 1)
    >> Issue:-
    >> ---------------------
    >> PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL, some_cb, NULL)
    >>
    >> When I checked the code which in turns points to
    >>
    >> int
    >> PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    >> char *x, const EVP_CIPHER *enc, unsigned char *kstr,
    >> int klen, pem_password_cb *callback, void *u)
    >>
    >> The source where I extracted from is
    >> cvs -d anonymous@cvs.openssl.org:/openssl-cvs co -r OpenSSL-fips-0_9_8-stable openssl
    >>
    >> 2)
    >> In this implementation internally its using EVP_md5() which is not supported by FIPS.
    >>
    >> So is there a patch for this one..? or a different API which I could us, which is FIPS compliant.
    >>

    >
    > OpenSSL 0.9.8 does not support FIPS mode.
    >
    > The validated 0.9.7 source and the (hopefully) soon to be validate 0.9.8-fips
    > source in FIPS mode redirects such calls automatically to
    > PEM_write_bio_PKCS8PrivateKey() which uses SHA1 for key derivation.


    Is this allowed for FIPS 140-2? The implementation guidance at
    http://csrc.nist.gov/groups/STM/cmvp...FIPS1402IG.pdf
    states on page 61 (section 7.1):

    The following key establishment methods are unacceptable:
    ...

    • Password-Based Key Establishment Methods: all password-based key establishment
    methods such as PKCS#5 are not to be used in the FIPS mode.

    My understanding (which could easily be flawed) is that PKCS#8 uses a password-based
    key derivation mechanism, and so is unacceptable for key transport.

    Tom


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread