https://wiki.openssl.org/api.php?action=feedcontributions&feedformat=atom&user=TjhOpenSSLWiki - User contributions [en]2026-05-12T20:33:58ZUser contributionsMediaWiki 1.35.13https://wiki.openssl.org/index.php?title=FIPS_module_3.0&diff=2727FIPS module 3.02018-10-01T02:12:02Z<p>Tjh: remove historical information that is out of date</p>
<hr />
<div>The 3.0 FIPS module will be conceptually different to the preceeding line of ''OpenSSL FIPS Object Module'' cryptographic modules. <br />
An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad-hoc evolution of previous modules.<br />
<br />
Refer to the [https://www.openssl.org/blog/blog/2018/09/25/fips/ OpenSSL FIPS 140-2 blog].<br />
<br />
== Note ==<br />
<br />
These notes are subject to change going forward.<br />
<br />
What we won't do:<br />
<br />
1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations). <br />
<br />
2. Matching set of platforms. The initial validation will only include a very minimal platform set. <br />
<br />
3. Any substantial additions or changes to the module once the initial development is substantially complete.</div>Tjhhttps://wiki.openssl.org/index.php?title=FIPS_module_2.0&diff=2719FIPS module 2.02018-09-04T05:53:04Z<p>Tjh: </p>
<hr />
<div>The ''OpenSSL FIPS Object Module 2.0'' was first validated with FIPS 140-2 certificate [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747 #1747] in mid-2012. This 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2, and not with any other releases.<br />
<br />
There are two "clone" validations (known as "Alternative Scenario 1A" validations, also referred to as "re-brand" validations by some test labs) were obtained for the same module. The "RE" validation, [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473 #2473], was intended to be identical to #1747 while allowing the addition of new platforms. The "SE" validation, [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398 #2398], was intended for the addition of platforms requiring source code mods and thus new revisions to the module tarball. The #1747 and #2473 validations will forever remain at revision 2.0.10, while new revisions will be added to #2398 (which is at 2.0.13 as of September 2016).<br />
<br />
Note that although the paperwork for the two clone validations #2398 and #2473 was submitted at the same time, and the two sets of paperwork were precisely identical other than the respective references to "RE" versus "SE" in the module names, they were approved at different times (July and November) with different editorial modifications required by the CMVP for the Security Policy documents. Such inconsistencies are common with FIPS 140-2 validations; the outcome from one validation effort is not necessarily predictive of what will happen for subsequent similar (or even identical) attempts.<br />
<br />
In addition to the three validations of the ''OpenSSL FIPS Object Module 2.0'' obtained directly by OpenSSL, some third party vendors have obtained additional "re-brand" validations of the same cryptographic module:<br />
<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2676 #2676], Cohesity OpenSSL FIPS Object Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2631 #2631], Intel OpenSSL FIPS Object Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2575 #2575], Cellcrypt Secure Core 3 FIPS 140-2 Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2454 #2454], LogRhythm FIPS Object Module Version 6.3.4<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2454 #2422], Nimble Storage OpenSSL FIPS Object Module<br />
<br />
Note that while these clone validations have re-branded proprietary module names, they reference the original ''OpenSSL FIPS Object Module 2.0'' tarballs which are available under the open source OpenSSL license, and hence these validations can be used and cited by anyone.<br />
<br />
A list of formally tested platforms ("Operational Environments") is associated with each validation. Collectively there are over two hundred unique platforms listed across all the ''OpenSSL FIPS Object Module 2.0'' validations:<br />
<br />
{| class="wikitable"<br />
|+Unique platforms across all ''OpenSSL FIPS Object Module 2.0'' validations as of 2016-09<br />
|-<br />
|AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)<br />
|-<br />
|AcanOS 1.0 running on Intel Core i7-3612QE (x86) with AES-NI (gcc Compiler Version 4.6.2)<br />
|-<br />
|AcanOS 1.0 running on Intel Core i7-3612QE (x86) without AES-NI (gcc Compiler Version 4.6.2)<br />
|-<br />
|AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)<br />
|-<br />
|AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)<br />
|-<br />
|AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|Android 2.2 (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0)<br />
|-<br />
|Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 3.0 (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 4.0 (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)<br />
|-<br />
|Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 5.1 (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)<br />
|-<br />
|Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)<br />
|-<br />
|Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)<br />
|-<br />
|ArbOS 5.3 running on Xeon E5645 (x86) with AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|ArbOS 5.3 running on Xeon E5645 (x86) without AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)<br />
|-<br />
|CentOS 5.6 64-bit running on Intel Xeon E5-2620v3 (gcc Compiler Version 4.1.2)<br />
|-<br />
|CentOS 5.6 64-bit running on Intel Xeon E5-2690v3 (gcc Compiler Version 4.1.2)<br />
|-<br />
|DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with AES-NI (gcc Compiler Version 4.7.2)<br />
|-<br />
|DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without AES-NI (gcc Compiler Version 4.7.2)<br />
|-<br />
|DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)<br />
|-<br />
|DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13)<br />
|-<br />
|eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5- 2430L (x86) with AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.4.1)<br />
|-<br />
|FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.4.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.2 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.2 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|HP-UX 11i (32 bit) (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (64 bit) (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)<br />
|-<br />
|iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|iOS 8.1 32bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56)<br />
|-<br />
|Linux 2.6.27 (gcc Compiler Version 4.2.4)<br />
|-<br />
|Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)<br />
|-<br />
|Linux 2.6.32 (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6.33 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS300 with AES-NI<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS500 with AES-NI<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS700 with AES-NI<br />
|-<br />
|Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)<br />
|-<br />
|Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 3.10 32-bit running on Intel Atom E3845 (x86) with AES-NI (gcc Compiler Version 4.8.1)<br />
|-<br />
|Linux 3.10 32-bit running on Intel Atom E3845 (x86) without AES-NI (gcc Compiler Version 4.8.1)<br />
|-<br />
|Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 running on Intel Xeon with AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 running on Intel Xeon without AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without AES-NI<br />
|-<br />
|Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)2<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)<br />
|-<br />
|Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)<br />
|-<br />
|Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)<br />
|-<br />
|Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)<br />
|-<br />
|Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft « C/C++ Optimizing Compiler Version 16.00 for x64)<br />
|-<br />
|Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)<br />
|-<br />
|Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)<br />
|-<br />
|Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)<br />
|-<br />
|Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)<br />
|-<br />
|Microsoft Windows Server 2008 R2 running on an Intel Xeon E5-2420 (x64) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86)<br />
|-<br />
|NetBSD 5.1 (gcc Compiler Version 4.1.3)<br />
|-<br />
|NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)<br />
|-<br />
|NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)<br />
|-<br />
|OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)<br />
|-<br />
|Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 6 (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Linux 6 running on Intel Xeon 5675 without AES-NI (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)<br />
|-<br />
|Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (32 bit) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (64 bit) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with AES-NI (gcc Compiler Version 4.6.3)3<br />
|-<br />
|PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)<br />
|-<br />
|QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)<br />
|-<br />
|TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)<br />
|-<br />
|TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)4<br />
|-<br />
|Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)<br />
|-<br />
|uCLinux 0.9.29 (gcc Compiler Version 4.2.1)<br />
|-<br />
|uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)<br />
|-<br />
|Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with AES-NI (gcc Compiler Version 4.5.1)1<br />
|-<br />
|Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AESNI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.8 (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)<br />
|-<br />
|Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)<br />
|-<br />
|Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=FIPS_module_3.0&diff=2644FIPS module 3.02018-03-14T09:31:15Z<p>Tjh: Update the old plans to be something closer to what the current plans are for the next FIPS module</p>
<hr />
<div>The 3.0 FIPS module will be conceptually similar to the preceeding line of ''OpenSSL FIPS Object Module'' cryptographic modules. An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad hoc evolution of previous modules.<br />
<br />
== Note ==<br />
<br />
These notes are old and subject to change going forward.<br />
<br />
What we probably won't do:<br />
<br />
1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations). <br />
<br />
2. Matching set of platforms. The initial validation will only include a minimal platform set. <br />
<br />
3. Any substantial additions or changes to the module once the initial development is substantially complete.<br />
<br />
<br />
== Draft Technical Objectives ==<br />
<br />
<br />
An initial rough draft of requirements and goals:<br />
<br />
1) Keep it minimal and fully usable as a stand alone crypto module.<br />
<br />
2) FIPS 186-4 KeyGen.<br />
<br />
3) SP 800-56A compliance (Self-tests per I.G. 9.6).<br />
:: Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing.<br />
:: Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT.<br />
<br />
4) SP 800-56B vendor affirmation (I.G. D.4).<br />
<br />
5) SHA-3 and SHAKE.<br />
<br />
6) Automatic execution of power-on self-tests (I.G. 9.5/9.10).<br />
<br />
7) Consider any newly FIPS approved algorithms (e.g. new EC curves, Chacha/Poly)<br />
<br />
<br />
== Previous Stakeholder Requests ==<br />
<br />
Note: none of these are committed as yet.<br />
<br />
a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available.<br />
<br />
b. AES-GMAC compliance (I.G. A.5).<br />
<br />
c. AES Key Wrap Compliance to NIST SP 800-38F.<br />
<br />
d. PBKDF2 Suppport.<br />
<br />
e. Format Preserving Encrypion Support (NIST SP 800-38G)<br />
<br />
f. Addition of EC curve 25519<br />
<br />
g. Improved entropy to meet NIST SP 800-90B.<br />
<br />
h. Symmetric key wrap conformant to SP 800-38F<br />
<br />
i. SP 800-135 KDFs<br />
<br />
j. SP 800-108 KDFs<br />
<br />
k. Addition of AES XPN<br />
<br />
l. XTS-AES compliance to I.G. A.9</div>Tjhhttps://wiki.openssl.org/index.php?title=FIPS_module_2.0&diff=2625FIPS module 2.02017-12-31T03:57:22Z<p>Tjh: </p>
<hr />
<div>The ''OpenSSL FIPS Object Module 2.0'' was first validated with FIPS 140-2 certificate [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747 #1747] in mid-2013. This 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2, and not with any other releases.<br />
<br />
There are two "clone" validations (known as "Alternative Scenario 1A" validations, also referred to as "re-brand" validations by some test labs) were obtained for the same module. The "RE" validation, [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473 #2473], was intended to be identical to #1747 while allowing the addition of new platforms. The "SE" validation, [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398 #2398], was intended for the addition of platforms requiring source code mods and thus new revisions to the module tarball. The #1747 and #2473 validations will forever remain at revision 2.0.10, while new revisions will be added to #2398 (which is at 2.0.13 as of September 2016).<br />
<br />
Note that although the paperwork for the two clone validations #2398 and #2473 was submitted at the same time, and the two sets of paperwork were precisely identical other than the respective references to "RE" versus "SE" in the module names, they were approved at different times (July and November) with different editorial modifications required by the CMVP for the Security Policy documents. Such inconsistencies are common with FIPS 140-2 validations; the outcome from one validation effort is not necessarily predictive of what will happen for subsequent similar (or even identical) attempts.<br />
<br />
In addition to the three validations of the ''OpenSSL FIPS Object Module 2.0'' obtained directly by OpenSSL, some third party vendors have obtained additional "re-brand" validations of the same cryptographic module:<br />
<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2676 #2676], Cohesity OpenSSL FIPS Object Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2631 #2631], Intel OpenSSL FIPS Object Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2575 #2575], Cellcrypt Secure Core 3 FIPS 140-2 Module<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2454 #2454], LogRhythm FIPS Object Module Version 6.3.4<br />
:: [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2454 #2422], Nimble Storage OpenSSL FIPS Object Module<br />
<br />
Note that while these clone validations have re-branded proprietary module names, they reference the original ''OpenSSL FIPS Object Module 2.0'' tarballs which are available under the open source OpenSSL license, and hence these validations can be used and cited by anyone.<br />
<br />
A list of formally tested platforms ("Operational Environments") is associated with each validation. Collectively there are over two hundred unique platforms listed across all the ''OpenSSL FIPS Object Module 2.0'' validations:<br />
<br />
{| class="wikitable"<br />
|+Unique platforms across all ''OpenSSL FIPS Object Module 2.0'' validations as of 2016-09<br />
|-<br />
|AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)<br />
|-<br />
|AcanOS 1.0 running on Intel Core i7-3612QE (x86) with AES-NI (gcc Compiler Version 4.6.2)<br />
|-<br />
|AcanOS 1.0 running on Intel Core i7-3612QE (x86) without AES-NI (gcc Compiler Version 4.6.2)<br />
|-<br />
|AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)<br />
|-<br />
|AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)<br />
|-<br />
|AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)<br />
|-<br />
|Android 2.2 (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0)<br />
|-<br />
|Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 3.0 (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)<br />
|-<br />
|Android 4.0 (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3)<br />
|-<br />
|Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6)<br />
|-<br />
|Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6)<br />
|-<br />
|Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)<br />
|-<br />
|Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)<br />
|-<br />
|Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 5.1 (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)<br />
|-<br />
|Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)<br />
|-<br />
|Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)<br />
|-<br />
|Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)<br />
|-<br />
|ArbOS 5.3 running on Xeon E5645 (x86) with AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|ArbOS 5.3 running on Xeon E5645 (x86) without AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5)<br />
|-<br />
|CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)<br />
|-<br />
|CentOS 5.6 64-bit running on Intel Xeon E5-2620v3 (gcc Compiler Version 4.1.2)<br />
|-<br />
|CentOS 5.6 64-bit running on Intel Xeon E5-2690v3 (gcc Compiler Version 4.1.2)<br />
|-<br />
|DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with AES-NI (gcc Compiler Version 4.7.2)<br />
|-<br />
|DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without AES-NI (gcc Compiler Version 4.7.2)<br />
|-<br />
|DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)<br />
|-<br />
|DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13)<br />
|-<br />
|eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5- 2430L (x86) with AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.0 running on Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.3)<br />
|-<br />
|FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.4.1)<br />
|-<br />
|FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.4.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.2 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|FreeBSD 9.2 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1)<br />
|-<br />
|HP-UX 11i (32 bit) (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (64 bit) (HP C/aC++ B3910B)<br />
|-<br />
|HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)<br />
|-<br />
|iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1)<br />
|-<br />
|iOS 8.1 32bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)<br />
|-<br />
|iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56)<br />
|-<br />
|Linux 2.6.27 (gcc Compiler Version 4.2.4)<br />
|-<br />
|Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)<br />
|-<br />
|Linux 2.6.32 (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6.33 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS300 with AES-NI<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS500 with AES-NI<br />
|-<br />
|Linux 2.6 running on a Nimble Storage CS700 with AES-NI<br />
|-<br />
|Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)<br />
|-<br />
|Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)<br />
|-<br />
|Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)<br />
|-<br />
|Linux 3.10 32-bit running on Intel Atom E3845 (x86) with AES-NI (gcc Compiler Version 4.8.1)<br />
|-<br />
|Linux 3.10 32-bit running on Intel Atom E3845 (x86) without AES-NI (gcc Compiler Version 4.8.1)<br />
|-<br />
|Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 running on Intel Xeon with AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.10 running on Intel Xeon without AES-NI (gcc Compiler Version 4.8.3)<br />
|-<br />
|Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without AES-NI<br />
|-<br />
|Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)2<br />
|-<br />
|Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without AES-NI (gcc Compiler Version 4.8.0)<br />
|-<br />
|Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)<br />
|-<br />
|Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)<br />
|-<br />
|Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)<br />
|-<br />
|Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)<br />
|-<br />
|Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)<br />
|-<br />
|Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft « C/C++ Optimizing Compiler Version 16.00 for x64)<br />
|-<br />
|Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)<br />
|-<br />
|Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)<br />
|-<br />
|Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)<br />
|-<br />
|Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)<br />
|-<br />
|Microsoft Windows Server 2008 R2 running on an Intel Xeon E5-2420 (x64) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86)<br />
|-<br />
|NetBSD 5.1 (gcc Compiler Version 4.1.3)<br />
|-<br />
|NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)<br />
|-<br />
|NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)<br />
|-<br />
|OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)<br />
|-<br />
|Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2)<br />
|-<br />
|Oracle Linux 6 (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Linux 6 running on Intel Xeon 5675 without AES-NI (gcc Compiler Version 4.4.6)<br />
|-<br />
|Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)<br />
|-<br />
|Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)<br />
|-<br />
|Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (32 bit) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 (64 bit) (Sun C Version 5.12)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2)<br />
|-<br />
|PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with AES-NI (gcc Compiler Version 4.6.3)3<br />
|-<br />
|PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)<br />
|-<br />
|QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)<br />
|-<br />
|TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)<br />
|-<br />
|TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)4<br />
|-<br />
|Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)<br />
|-<br />
|Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)<br />
|-<br />
|Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)<br />
|-<br />
|uCLinux 0.9.29 (gcc Compiler Version 4.2.1)<br />
|-<br />
|uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)<br />
|-<br />
|Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with AES-NI (gcc Compiler Version 4.5.1)1<br />
|-<br />
|Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AESNI (gcc Compiler Version 4.5.1)<br />
|-<br />
|Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without AES-NI (gcc Compiler Version 4.5.1)<br />
|-<br />
|VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.8 (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)<br />
|-<br />
|VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)<br />
|-<br />
|Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)<br />
|-<br />
|Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=FIPS_module_3.0&diff=2624FIPS module 3.02017-12-31T03:55:46Z<p>Tjh: </p>
<hr />
<div>The 3.0 FIPS module will be conceptually similar to the preceeding line of ''OpenSSL FIPS Object Module'' cryptographic modules. An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad hoc evolution of previous modules.<br />
<br />
== Note ==<br />
<br />
These notes are old and subject to change going forward.<br />
<br />
<br />
== Draft Technical Objectives ==<br />
<br />
<br />
An initial rough draft of requirements and goals:<br />
<br />
1) Keep it minimal and avoid any OpenSSL dependencies at all: i.e. make it fully usable as a stand alone crypto module (the 2.0 module is awkwardly usable without OpenSSL but its OpenSSL heritage shows).<br />
<br />
2) Support compilation in various forms including as standalone ENGINE which is simply loaded into "normal" OpenSSL which then simply does all the FIPS weirdness automatically. Ideally a "FIPS capable" OpenSSL will no longer be required at all.<br />
<br />
3) Overhaul the algorithm testing code to be much cleaner and modular than the hacky stuff we've lived with so far. Allow handling of huge test vector data files by "piping" data instead of having to store the full files on the target device (which can be problematic for embedded environments).<br />
<br />
4) Consider feasibility of built in entropy sources so OpenSSL or the parent application/library aren't required to supply entropy.<br />
<br />
5) A standalone minimal FIPS module tarball that contains only the code needed to build the contents of the crypto module (only what is inside the "cryptographic module boundary", in FIPS-speak). Omit the test suite software and much of the build-time software (strong precedent says that "incore" and "fipsld" can be omitted, for instance).<br />
<br />
6) Ability to build out of the source tree.<br />
<br />
7) FIPS 186-4 KeyGen.<br />
<br />
8) SP 800-56A compliance (Self-tests per I.G. 9.6).<br />
:: Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing.<br />
:: Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT.<br />
<br />
9) SP 800-56B vendor affirmation (I.G. D.4).<br />
<br />
10) SHA-3 and SHAKE.<br />
<br />
11) Automatic execution of power-on self-tests (I.G. 9.5/9.10).<br />
<br />
12) Any allowed efficiencies in power-on self-tests.<br />
<br />
13) Alternate FIPS Approved modes of operation (turn self-tests and algorithms “off”).<br />
<br />
14) Explore possibility of validating "stitched" algorithm implementations.<br />
<br />
15) Consider any newly FIPS approved algorithms (e.g. new EC curves, Chacha/Poly)<br />
<br />
Stakeholder requests:<br />
<br />
a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available.<br />
<br />
b. AES-GMAC compliance (I.G. A.5).<br />
<br />
c. AES Key Wrap Compliance to NIST SP 800-38F.<br />
<br />
d. PBKDF2 Suppport.<br />
<br />
e. Format Preserving Encrypion Support (NIST SP 800-38G)<br />
<br />
f. Addition of EC curve 25519<br />
<br />
g. Improved entropy to meet NIST SP 800-90B.<br />
<br />
h. Symmetric key wrap conformant to SP 800-38F<br />
<br />
i. SP 800-135 KDFs<br />
<br />
j. SP 800-108 KDFs<br />
<br />
k. Addition of AES XPN<br />
<br />
l. XTS-AES compliance to I.G. A.9<br />
<br />
<br />
What we probably won't do:<br />
<br />
1. Any "light" versions of the FIPS module (i.e fewer algorithm implementations). Each such variant would require a separate FIPS 140 validation which would be cost prohibitive.<br />
<br />
2. The initial validation will only include a handful of popular platforms (e.g. Linux on x86). Each platform validation costs both time and money, with the risk of delaying the overall validation if we try to tackle too many in parallel before the validation is awarded (a lesson learned from the last open source based validation in 2012/2013). We will be able to queue up platform validations once the initial validation is formally submitted. However, checking that the new module builds and works for platforms of interest will be useful as platform portability code tweaks are usually minor.<br />
<br />
3. Make any substantial addition or changes to the module once the initial development is substantially complete (another lesson learned from the 2.0 validation).</div>Tjhhttps://wiki.openssl.org/index.php?title=FIPS_modules&diff=2623FIPS modules2017-12-31T03:54:42Z<p>Tjh: </p>
<hr />
<div>There is currently only one extant FIPS 140-2 validated cryptographic module, the ''OpenSSL FIPS Object Module 2.0''. This module is revised periodically with platform portability modifications to support additional platforms (general improvements and bugfixes, even security vulnerability mitigations, are not permitted[http://veridicalsystems.com/blog/immutability-of-fips/]). As of September 2016 the latest module revision is 2.0.13.<br />
<br />
The 2.0 module is rather confusingly covered by three very similar validations, the original #1747[http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747] and the "Alternative Scenario 1A" clone validations #2398 [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398] and #2473 [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473]. For various reasons the #1747 validation cannot be updated and it and #2473 will forever remain at revision 2.0.10. New platforms can be added to #2398 for revision 2.0.10, and new platforms and new revisions can currently be added to the #2398 validation. The choice of validation is a paperwork consideration as all three validations reference the same cryptographic module. Note there are also a number of third party clone validations that also reference exactly the same cryptographic module. Since that module is available under the OpenSSL open source license, any such validation can be cited for satisfying FIPS 140-2 validation requirements. Collectively across all such validations the 2.0 FIPS module has more than two hundred formally tested platforms (known as "Operational Environments" in FIPS-speak). More information about the 2.0 FIPS module can be found starting at [[FIPS_module_2.0]].<br />
<br />
The 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2, and no others. The extensive internal structural changes for OpenSSL 1.1 preclude the use of the 2.0 FIPS module with that release.<br />
<br />
A new validation effort is to develop and validate a new open source based cryptographic module was announced in July 2016[https://www.openssl.org/blog/blog/2016/07/20/fips/]. <br />
This new module will be usable with OpenSSL release 1.1. It will provisionally be called ''OpenSSL FIPS Object Module 3.0''. Notes and commentary can be found starting at [[FIPS_module_3.0]].</div>Tjhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=2387Main Page2016-04-17T20:08:32Z<p>Tjh: add link to binaries</p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Documentation Index|Index of all API functions]]</TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Binaries]]</TD><br />
</TR><br />
<TR><br />
<TD>[[SSL and TLS Protocols]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[1.1 API Changes]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
::[[Creating an OpenSSL Engine to use indigenous ECDH ECDSA and HASH Algorithms]]<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
:* [[Simple TLS Server]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/about/secpolicy.html OpenSSL Security Policy]<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 How to notify us of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html How to report bugs and patches, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages:<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches. Note that manual pages and the FAQ are maintained with the source code.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report (see second bullet, above) and reference the pull request. Or you can attach the patch to the ticket.<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[Developing For OpenSSL]]<br />
:* [[KnownPatches|Known patches not part of OpenSSL]]<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Code reformatting]]<br />
<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]<br />
:* [[Unit Testing]] (includes other automated testing information)</div>Tjhhttps://wiki.openssl.org/index.php?title=Related_Links&diff=1840Related Links2014-07-13T02:22:45Z<p>Tjh: correct LibreSSL to match the actual LibreSSL page - the varying cases seen elsewhere should be ignored - go with the "source". Added BoringSSL link.</p>
<hr />
<div>Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].<br />
<br />
== Open Source Cryptographic Libraries ==<br />
<br />
Products which are available under some form of Open Source license, and which may also be available under some form of commercial license.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Open Source Cryptographic Libraries<br />
|-<br />
! scope="col" width="150px" | Library<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| [http://botan.randombit.net/ Botan] || a C++ cryptography library which includes a TLS implementation<br />
|-<br />
| [https://boringssl.googlesource.com/boringssl/ BoringSSL] || a Google fork of OpenSSL ([https://www.imperialviolet.org/2014/06/20/boringssl.html Announcement ])<br />
|-<br />
| [http://www.bouncycastle.org/ Bouncy Castle] || cryptography API for Java and C# ([[Wikipedia: Bouncy Castle (cryptography)]])<br />
|-<br />
| [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ Cryptlib] || a security toolkit that allows one to easily add encryption and authentication services to software<br />
|-<br />
| [http://www.cryptopp.com/ Crypto++] || a free C++ class library of cryptographic schemes<br />
|-<br />
| [http://www.gnutls.org/ GnuTLS] || an LGPL-licensed TLS library with substantial documentation<br />
|-<br />
| [http://www.libressl.org/ LibreSSL] || an OpenBSD fork of OpenSSL (Press coverage: [http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/ ZDNet], [http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/ Ars Technica])<br />
|-<br />
| [http://libtom.org/ LibTomCrypt] || public domain open source crypto library written in C<br />
|-<br />
| [http://www.mitls.org/wsgi miTLS] || a verified reference implementation of the TLS protocol. ([http://www.reddit.com/r/netsec/comments/1zn2d3/mitls_a_verified_reference_tls_implementation/ "reddit: miTLS - A verified reference TLS implementation"])<br />
|-<br />
| [http://nacl.cr.yp.to/ NaCl] || NaCl (pronounced "salt") is a easy-to-use high-speed software library for network communication, encryption, decryption, and signatures<br />
|-<br />
| [http://www.mozilla.org/projects/security/pki/nss/ NSS] || a set of libraries designed to support cross-platform development of security-enabled client and server applications<br />
|-<br />
| [http://polarssl.org/ PolarSSL] || an SSL library that handles the complexities of the Secure Sockets Layer (SSL) protocol for an application ([[Wikipedia: PolarSSL]])<br />
|-<br />
| [http://www.ohloh.net/projects/xyssl XySSL] || a C library providing a very small footprint crypto library and SSL implementation.<br />
|}<br />
<br />
== Open Source Products Using OpenSSL ==<br />
<br />
Products which are available under some form of Open Source License, and which may also be available under some form of commercial license.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Open Source Products Using OpenSSL<br />
|-<br />
! scope="col" width="150px" | Product<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| [http://libevent.org/ libevent] || an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]<br />
|-<br />
| [http://en.wikipedia.org/wiki/Mod_ssl mod_ssl] || SSL/TLS module for the [http://en.wikipedia.org/wiki/Apache_HTTP_Server Apache HTTP Server]<br />
|-<br />
|[https://www.stunnel.org/index.html Stunnel] || an SSL encryption wrapper between remote client and local (inetd-startable) or remote server<br />
|}<br />
<br />
== Closed Source Cryptographic Libraries ==<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Closed Source Cryptographic Libraries<br />
|-<br />
! scope="col" width="150px" | Library<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| [http://www.example.com No Entry] || This is a placeholder<br />
|}<br />
<br />
== Closed Source Products Using OpenSSL ==<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Closed Source Products Using OpenSSL<br />
|-<br />
! scope="col" width="150px" | Product<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| [http://www.example.com No Entry] || This is a placeholder<br />
|}<br />
<br />
== Books and Documentation == <br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Books and Documentation<br />
|-<br />
! scope="col" width="150px" | Title<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Comparison of TLS implementations] || Wikipedia article comparing various TLS libraries<br />
|-<br />
| [http://www.keylength.com/ keylength.com] || site which summarizes various key length recommendations<br />
|-<br />
| [https://www.feistyduck.com/books/openssl-cookbook/ OpenSSL Cookbook] || A free ebook that covers configuration and command-line usage (first<br />
published in 2013; continuously updated)<br />
|-<br />
| [http://shop.oreilly.com/product/9780596002701.do Network Security with OpenSSL] || O'Reilly book from 2002<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140605&diff=1721SECADV 201406052014-06-06T19:21:09Z<p>Tjh: </p>
<hr />
<div>= SECADV_20140605 =<br />
<br />
SSL/TLS MITM vulnerability.<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
This advisory covers multiple issues - this additional details page currently only covers one of the issues.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
|-<br />
|}<br />
<br />
== Abstract ==<br />
<br />
An attacker using a carefully crafted handshake can force the use of weak<br />
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited<br />
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and <br />
modify traffic from the attacked client and server.<br />
<br />
The attack can only be performed between a vulnerable client *and*<br />
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers<br />
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users<br />
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.<br />
:* OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.<br />
:* OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.<br />
<br />
== Detecting Vulnerability ==<br />
<br />
TODO <br />
<br />
== References ==<br />
<br />
:* [https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs Timeline] Mark J Cox<br />
:* [http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html '''How I discovered CCS Injection Vulnerability (CVE-2014-0224)'''] Masashi Kikuchi<br />
:* [https://www.imperialviolet.org/2014/06/05/earlyccs.html '''Early ChangeCipherSpec Attack'''] Adam Langley</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1720Security Advisories2014-06-06T19:20:39Z<p>Tjh: </p>
<hr />
<div>When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you would like advanced notice of vulnerabilities before they are released to the general public, then please join [http://oss-security.openwall.org/wiki/mailing-lists/distros Operating system distribution security contact lists] at OpenWall's OSS Security.<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
| [[SECADV_20140605]]<br />
|-<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_20140407]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140605&diff=1699SECADV 201406052014-06-05T23:31:43Z<p>Tjh: Created page with "= SECADV_20140605 = SSL/TLS MITM vulnerability. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected c…"</p>
<hr />
<div>= SECADV_20140605 =<br />
<br />
SSL/TLS MITM vulnerability.<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
This advisory covers multiple issues - this additional details page currently only covers one of the issues.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
|-<br />
|}<br />
<br />
== Abstract ==<br />
<br />
An attacker using a carefully crafted handshake can force the use of weak<br />
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited<br />
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and <br />
modify traffic from the attacked client and server.<br />
<br />
The attack can only be performed between a vulnerable client *and*<br />
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers<br />
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users<br />
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.<br />
:* OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.<br />
:* OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.<br />
<br />
== Detecting Vulnerability ==<br />
<br />
TODO <br />
<br />
== References ==<br />
<br />
:* [https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs Timeline] Mark J Cox<br />
:* [http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html '''How I discovered CCS Injection Vulnerability (CVE-2014-0224)'''] Masashi Kikuchi<br />
:* [https://www.imperialviolet.org/2014/06/05/earlyccs.html '''Early ChangeCipherSpec Attack'''] Adam Langley</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1698SECADV 201404072014-06-05T23:30:13Z<p>Tjh: correct page name</p>
<hr />
<div>= SECADV_20140407 =<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
|}<br />
<br />
== Abstract ==<br />
<br />
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)<br />
by sending invalid requests which are incorrectly processed.<br />
<br />
The memory returned may contain sensitive information such as the private key, account names and/or passwords.<br />
<br />
== Technical Details ==<br />
<br />
Either party in an SSL/TLS channel can request a heartbeat response from the peer. <br />
This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* Upgrade to OpenSSL 1.0.1g. <br />
:** This is the recommended option from the OpenSSL team.<br />
:* Rebuild your affected OpenSSL release with the heartbeat feature disabled<br />
:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS<br />
:* Block the heartbeat processing in your application code<br />
:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat<br />
<br />
== Detecting Vulnerability ==<br />
<br />
:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling<br />
::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.<br />
:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich<br />
::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.<br />
:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])<br />
::* Regression / Unit Test Suite<br />
:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]<br />
:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] <br />
::* Standalone Python script to detect if a server is vulnerable. <br />
<br />
== References ==<br />
<br />
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]<br />
:* [https://gist.github.com/epixoip/10570627 '''Cloudflare Challenge Writeup'''] Jeremi M Gosney<br />
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]<br />
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox<br />
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald<br />
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1697Security Advisories2014-06-05T23:29:37Z<p>Tjh: correct linked page name</p>
<hr />
<div>When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
| [[SECADV_20140605]]<br />
|-<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_20140407]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_2014047&diff=1696SECADV 20140472014-06-05T23:29:06Z<p>Tjh: moved SECADV 2014047 to SECADV 20140407:&#32;get the name right</p>
<hr />
<div>#REDIRECT [[SECADV 20140407]]</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1695SECADV 201404072014-06-05T23:29:06Z<p>Tjh: moved SECADV 2014047 to SECADV 20140407:&#32;get the name right</p>
<hr />
<div>= SECADV_2014047 =<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
|}<br />
<br />
== Abstract ==<br />
<br />
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)<br />
by sending invalid requests which are incorrectly processed.<br />
<br />
The memory returned may contain sensitive information such as the private key, account names and/or passwords.<br />
<br />
== Technical Details ==<br />
<br />
Either party in an SSL/TLS channel can request a heartbeat response from the peer. <br />
This means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* Upgrade to OpenSSL 1.0.1g. <br />
:** This is the recommended option from the OpenSSL team.<br />
:* Rebuild your affected OpenSSL release with the heartbeat feature disabled<br />
:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS<br />
:* Block the heartbeat processing in your application code<br />
:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat<br />
<br />
== Detecting Vulnerability ==<br />
<br />
:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling<br />
::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.<br />
:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich<br />
::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.<br />
:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])<br />
::* Regression / Unit Test Suite<br />
:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]<br />
:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] <br />
::* Standalone Python script to detect if a server is vulnerable. <br />
<br />
== References ==<br />
<br />
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]<br />
:* [https://gist.github.com/epixoip/10570627 '''Cloudflare Challenge Writeup'''] Jeremi M Gosney<br />
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]<br />
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox<br />
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald<br />
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1694Security Advisories2014-06-05T23:20:59Z<p>Tjh: </p>
<hr />
<div>When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
| [[SECADV_20140605]]<br />
|-<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1693Security Advisories2014-06-05T23:19:52Z<p>Tjh: </p>
<hr />
<div>When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 05-Jun-2014 <br />
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_201400605] <br />
| SSL/TLS MITM vulnerability (and others)<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] <br />
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g<br />
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h<br />
| [[SECADV_20140605]]<br />
|-<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=KnownPatches&diff=1638KnownPatches2014-04-30T10:15:54Z<p>Tjh: place to note references to other patches which are not in RT so there is a common location to go when looking for such things</p>
<hr />
<div>A list of patches not contained in the OpenSSL source tree.<br />
<br />
:* https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch<br />
::* UEFI related patches</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1637Security Advisories2014-04-30T10:13:37Z<p>Tjh: </p>
<hr />
<div>When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=1636Main Page2014-04-30T10:12:39Z<p>Tjh: Added link to Known Patches</p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches<br />
:::* Note that manual pages and the FAQ are maintained with the source code.<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report for the issue and reference the pull request<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[KnownPatches|Known patches not part of OpenSSL]]<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]</div>Tjhhttps://wiki.openssl.org/index.php?title=Defect_and_Feature_Review_Process&diff=1635Defect and Feature Review Process2014-04-30T00:08:03Z<p>Tjh: added not to use PR#NNNN format and to include git pull URL ... that way automation scripts can pick things up quickly</p>
<hr />
<div>THIS IS A PROPOSED PROCESS<br />
<br />
==Principles==<br />
<br />
* Start looking at the newest tickets in RT first and work backwards in time. This is on the basis that the newest tickets are likely to still be present and most relevant. As we go back in time we will see more and more which are no longer relevant - we will start hitting the law of diminishing returns.<br />
<br />
* Older tickets can be looked at on an ad-hoc basis if a person doing triage identifies them (probably on the basis of some post to the dev list) as being important<br />
<br />
* Any new RT tickets coming in should get the very highest priority. We can only start to make progress if the problem doesn't continue to grow.<br />
<br />
==Triage==<br />
<br />
New tickets start off in the "New" status. Someone assigned to triage duty will do a first pass assessment about what the ticket is about.<br />
<br />
1) The person triaging the report assigns a severity:<br />
<br />
* Wishlist - For all feature requests<br />
* Blocker - Liable to cause inability to use an important feature for a large number of users<br />
* Critical - Liable to cause inability to use an important feature for a small number of users<br />
* Normal - the default level. Something doesn't work right<br />
* Nice to have - a minor defect which does not affect the fundamental use of OpenSSL or where there are simple work arounds<br />
<br />
And gives it a status of one of:<br />
<br />
* Resolved (the report has already been dealt with)<br />
* Rejected (the report is incorrect, not relevant or is not appropriate. Can also be used for defects that will not be fixed, or feature requests that will not be implemented)<br />
* Open (the report appears to be sane from reading it and requires further investigation)<br />
<br />
The triage person classifies the ticket by area and assigns it to a subsystem. Some example subsystems are:<br />
* Doc - For all documentation<br />
* Apps - All the command line apps<br />
* TLS/SSL - Anything related to libssl<br />
* Build - Anything related to compilation & installation<br />
* Other - Anything that doesn't fit neatly into any other category<br />
<br />
Finally the triager person should determine how quickly this ticket should be resolved by setting the Milestone release that it should be targeted for.<br />
<br />
==Report Confirmation and Approval==<br />
<br />
Someone reviewing open tickets will take ownership of one of them (keeping in mind the principles stated above). It is assumed that people will review tickets associated with the sub-systems that they have most expertise in:<br />
<br />
2) A defect owner will pick up Open tickets and mark them as "owned" by them. They then attempt to recreate the bug (if appropriate). The status is then updated to be either:<br />
<br />
* Confirmed - [NOTE THIS STATUS DOES NOT CURRENTLY EXIST - USE THE OPEN STATUS AND CREATE A COMMENT STATING THAT THE DEFECT IS CONFIRMED FOR NOW]<br />
* Rejected (it could be reopened if the initial person reporting the defect provides further information)<br />
<br />
3) Review or create patch<br />
<br />
3a) If the bug is confirmed and a patch has been supplied then the owner:<br />
* Verifies that the patch fixes the issue<br />
* Sanity check the patch to make sure it looks reasonable<br />
* If all is ok the owner should also check that the patch can be applied to all relevant branches<br />
* If not the owner can either port the patch themselves to all branches, or request that the submitter do it<br />
* Once all of this is done the owner loads the patch into their github repository and creates a pull request (including the '''RT number''' in the request with a comment of PR#NNNN)<br />
* Once the pull request is created, add a comment to the ticket with the pull request details in the form of the URL(s)<br />
<br />
The status is updated to either:<br />
* Stalled (the patch is not suitable, appropriate, or available for all branches. Again this could be reopened if the original poster submits a revised patch)<br />
* Approved (the patch is in github for all branches and appears sane - it is ready for the dev team to review) [NOTE THIS STATUS DOES NOT CURRENTLY EXIST - USE THE OPEN STATUS AND CREATE A COMMENT STATING THAT THE DEFECT IS CONFIRMED FOR NOW]<br />
<br />
3b) If the bug is confirmed and no patch is available then the same process as above applies, but the owner creates the patch themselves.<br />
<br />
4) The dev team only look at Approved RT tickets and verify that they are happy with the patch before committing it.<br />
<br />
The status is updated to either:<br />
* Rejected (as above)<br />
* Resolved</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1625SECADV 201404072014-04-27T04:21:25Z<p>Tjh: </p>
<hr />
<div>= SECADV_2014047 =<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
|}<br />
<br />
== Abstract ==<br />
<br />
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)<br />
by sending invalid requests which are incorrectly processed.<br />
<br />
The memory returned may contain sensitive information such as the private key, account names and/or passwords.<br />
<br />
== Technical Details ==<br />
<br />
Either party in an SSL/TLS channel can request a heartbeat response from the peer. <br />
This means a client and send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* Upgrade to OpenSSL 1.0.1g. <br />
:** This is the recommended option from the OpenSSL team.<br />
:* Rebuild your affected OpenSSL release with the heartbeat feature disabled<br />
:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS<br />
:* Block the heartbeat processing in your application code<br />
:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat<br />
<br />
== Detecting Vulnerability ==<br />
<br />
:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling<br />
::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.<br />
:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich<br />
::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.<br />
:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])<br />
::* Regression / Unit Test Suite<br />
:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]<br />
:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] <br />
::* Standalone Python script to detect if a server is vulnerable. <br />
<br />
== References ==<br />
<br />
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]<br />
:* [https://gist.github.com/epixoip/10570627 '''Cloudfare Challenge Writeup'''] Jeremi M Gosney<br />
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]<br />
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox<br />
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald<br />
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div>Tjhhttps://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1624SECADV 201404072014-04-27T04:20:43Z<p>Tjh: Initial list of useful links and summary details for heartbeat advisory</p>
<hr />
<div>= SECADV_2014047 =<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|}<br />
<br />
== Abstract ==<br />
<br />
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)<br />
by sending invalid requests which are incorrectly processed.<br />
<br />
The memory returned may contain sensitive information such as the private key, account names and/or passwords.<br />
<br />
== Technical Details ==<br />
<br />
Either party in an SSL/TLS channel can request a heartbeat response from the peer. <br />
This means a client and send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* Upgrade to OpenSSL 1.0.1g. <br />
:** This is the recommended option from the OpenSSL team.<br />
:* Rebuild your affected OpenSSL release with the heartbeat feature disabled<br />
:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS<br />
:* Block the heartbeat processing in your application code<br />
:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat<br />
<br />
== Detecting Vulnerability ==<br />
<br />
:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling<br />
::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.<br />
:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich<br />
::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.<br />
:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])<br />
::* Regression / Unit Test Suite<br />
:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]<br />
:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] <br />
::* Standalone Python script to detect if a server is vulnerable. <br />
<br />
== References ==<br />
<br />
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]<br />
:* [https://gist.github.com/epixoip/10570627 '''Cloudfare Challenge Writeup'''] Jeremi M Gosney<br />
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]<br />
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox<br />
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald<br />
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div>Tjhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=1623Main Page2014-04-27T03:00:46Z<p>Tjh: Add link to official vulnerabilities list and wiki additional information page</p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches<br />
:::* Note that manual pages and the FAQ are maintained with the source code.<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report for the issue and reference the pull request<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]</div>Tjhhttps://wiki.openssl.org/index.php?title=Security_Advisories&diff=1622Security Advisories2014-04-27T02:01:06Z<p>Tjh: Page of references to additional information related to a security advisory</p>
<hr />
<div>= Security Advisories =<br />
<br />
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. <br />
<br />
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List].<br />
<br />
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org]<br />
<br />
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Security Advisories Additional Information<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
! scope="col" class="unsortable" | Additional Information<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|-<br />
|-<br />
|}</div>Tjhhttps://wiki.openssl.org/index.php?title=Related_Links&diff=260Related Links2013-03-12T19:27:05Z<p>Tjh: /* Open Source Products Using OpenSSL */</p>
<hr />
<div>Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].<br />
<br />
== Open Source Cryptographic Libraries ==<br />
Products which are available under some form of Open Source license, and which may also be available under some form of commercial license.<br />
* [http://botan.randombit.net/ Botan] - a C++ cryptography library which includes a TLS implementation<br />
* [http://www.bouncycastle.org/ Bouncy Castle] - cryptography API for Java and C#<br />
* [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ Cryptlib] - a security toolkit that allows one to easily add encryption and authentication services to software<br />
* [http://www.cryptopp.com/ Crypto++] - a free C++ class library of cryptographic schemes<br />
* [http://www.gnutls.org/ GnuTLS] - an LGPL-licensed TLS library with substantial documentation<br />
* [http://libtom.org/ LibTomCrypt] - public domain open source crypto library written in C<br />
* [http://nacl.cr.yp.to/ NaCl] - NaCl (pronounced "salt") is a easy-to-use high-speed software library for network communication, encryption, decryption, and signatures<br />
* [http://www.mozilla.org/projects/security/pki/nss/ NSS] - a set of libraries designed to support cross-platform development of security-enabled client and server applications.<br />
<br />
== Open Source Products Using OpenSSL ==<br />
Products which are available under some form of Open Source License, and which may also be available under some form of commercial license.<br />
* [http://libevent.org/ libevent] - an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]<br />
* [http://en.wikipedia.org/wiki/Mod_ssl mod_ssl] - SSL/TLS module for the [http://en.wikipedia.org/wiki/Apache_HTTP_Server Apache HTTP Server]<br />
* [https://www.stunnel.org/index.html Stunnel] - an SSL encryption wrapper between remote client and local (inetd-startable) or remote server<br />
<br />
== Closed Source Cryptographic Libraries ==<br />
<br />
== Closed Source Products Using OpenSSL ==<br />
<br />
== Other == <br />
<br />
* [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Wikipedia article comparing various TLS libraries]</div>Tjhhttps://wiki.openssl.org/index.php?title=Related_Links&diff=259Related Links2013-03-12T19:23:53Z<p>Tjh: /* Open Source Products Using OpenSSL */</p>
<hr />
<div>Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].<br />
<br />
== Open Source Cryptographic Libraries ==<br />
Products which are available under some form of Open Source license, and which may also be available under some form of commercial license.<br />
* [http://botan.randombit.net/ Botan] - a C++ cryptography library which includes a TLS implementation<br />
* [http://www.bouncycastle.org/ Bouncy Castle] - cryptography API for Java and C#<br />
* [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ Cryptlib] - a security toolkit that allows one to easily add encryption and authentication services to software<br />
* [http://www.cryptopp.com/ Crypto++] - a free C++ class library of cryptographic schemes<br />
* [http://www.gnutls.org/ GnuTLS] - an LGPL-licensed TLS library with substantial documentation<br />
* [http://libtom.org/ LibTomCrypt] - public domain open source crypto library written in C<br />
* [http://nacl.cr.yp.to/ NaCl] - NaCl (pronounced "salt") is a easy-to-use high-speed software library for network communication, encryption, decryption, and signatures<br />
* [http://www.mozilla.org/projects/security/pki/nss/ NSS] - a set of libraries designed to support cross-platform development of security-enabled client and server applications.<br />
<br />
== Open Source Products Using OpenSSL ==<br />
Products which are available under some form of Open Source License, and which may also be available under some form of commercial license.<br />
* [https://www.stunnel.org/index.html Stunnel] - an SSL encryption wrapper between remote client and local (inetd-startable) or remote server<br />
* [http://libevent.org/ libevent] - an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]<br />
* [http://en.wikipedia.org/wiki/Mod_ssl mod_ssl] - SSL/TLS module for the [http://en.wikipedia.org/wiki/Apache_HTTP_Server Apache HTTP Server]<br />
<br />
== Closed Source Cryptographic Libraries ==<br />
<br />
== Closed Source Products Using OpenSSL ==<br />
<br />
== Other == <br />
<br />
* [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Wikipedia article comparing various TLS libraries]</div>Tjhhttps://wiki.openssl.org/index.php?title=Related_Links&diff=253Related Links2013-03-12T01:34:26Z<p>Tjh: </p>
<hr />
<div>Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].<br />
<br />
== Noncommercial Cryptographic Libraries ==<br />
* [http://botan.randombit.net/ Botan] - a C++ cryptography library which includes a TLS implementation<br />
* [http://www.bouncycastle.org/ Bouncy Castle] - cryptography API for Java and C#<br />
* [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ Cryptlib] - a security toolkit that allows one to easily add encryption and authentication services to software<br />
* [http://www.cryptopp.com/ Crypto++] - a free C++ class library of cryptographic schemes<br />
* [http://www.gnutls.org/ GnuTLS] - an LGPL-licensed TLS library with substantial documentation<br />
* [http://libtom.org/ LibTomCrypt] - public domain open source crypto library written in C<br />
* [http://nacl.cr.yp.to/ NaCl] - NaCl (pronounced "salt") is a easy-to-use high-speed software library for network communication, encryption, decryption, and signatures<br />
* [http://www.mozilla.org/projects/security/pki/nss/ NSS] - a set of libraries designed to support cross-platform development of security-enabled client and server applications.<br />
<br />
== Noncommercial Products Using OpenSSL ==<br />
* [https://www.stunnel.org/index.html Stunnel] - an SSL encryption wrapper between remote client and local (inetd-startable) or remote server<br />
* [http://libevent.org/ libevent] - an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]<br />
<br />
== Commercial Cryptographic Libraries ==<br />
<br />
== Commercial Products Using OpenSSL ==<br />
<br />
== Other == <br />
<br />
* [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Wikipedia article comparing various TLS libraries]</div>Tjhhttps://wiki.openssl.org/index.php?title=Related_Links&diff=240Related Links2013-03-11T23:46:47Z<p>Tjh: /* Noncommercial Cryptographic Libraries */</p>
<hr />
<div>Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].<br />
<br />
== Noncommercial Cryptographic Libraries ==<br />
* [http://www.bouncycastle.org/ Bouncy Castle] - cryptography API for Java and C#<br />
* [http://www.mozilla.org/projects/security/pki/nss/ NSS] - a set of libraries designed to support cross-platform development of security-enabled client and server applications.<br />
* [http://www.gnutls.org/ GnuTLS] - an LGPL-licensed TLS library with substantial documentation<br />
* [http://botan.randombit.net/ Botan] - a C++ cryptography library which includes a TLS implementation<br />
* [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Wikipedia article comparing various TLS libraries]<br />
<br />
== Noncommercial Products Using OpenSSL ==<br />
* [https://www.stunnel.org/index.html Stunnel] - an SSL encryption wrapper between remote client and local (inetd-startable) or remote server<br />
* [http://libevent.org/ libevent] - an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]<br />
<br />
== Commercial Cryptographic Libraries ==<br />
<br />
== Commercial Products Using OpenSSL ==</div>Tjhhttps://wiki.openssl.org/index.php?title=Commercial_Product_Disclaimer&diff=226Commercial Product Disclaimer2013-03-09T20:17:54Z<p>Tjh: </p>
<hr />
<div>Mention of commercial or proprietary products or services in this wiki should not be construed as endorsement by the OpenSSL Software Foundation, the OpenSSL project, or the OpenSSLWiki community.<br />
<br />
Reference to such products and services is permissible when restricted to factually verifiable information appropriate in the current context. Citations to independent sources is usually appropriate. Vendors claims should be specifically identified with "According to [vendor name]..." or similar qualifications and should be specific and relevant to the immediate topic of discussion.<br />
<br />
Advertising spam will simply be removed without warning.</div>Tjh