There doesn't seem to be a lot of interest in this, but I figured I would see
if anyone has experienced this previously.
I have successfully compiled OpenSSL with the FIPs module: openssl-1.0.2h &
openssl-fips-2.0.12
No problem with this process everything worked as expected. I then compiled
openvpn-2.3.11 enabling fips during compile. I also added the following code
to the openvpn.c in main():
OPENSSL_config("XXXX_conf")
#ifdef OPENSSL_FIPS
if (FIPS_mode())
{
fprintf(stderr,"*** IN FIPS MODE ***\n");
}
#endif
and in the openssl.cnf added:
# Default section
XXXX_conf = XXXX_options
[ XXXX_options ]
alg_section = algs
[ algs ]
fips_mode = yes
all this worked as expected. I compiled all these on an Ubuntu 16.04 server
and a Voyage Linux client. The problem occurred when I attempted to connect
client to server. The server suffered a segmentation fault. If I go into the
openssl.cnf and set fips_mode = no then the Client seg faults. If I set both
sides to fips_mode = no then it works fine. Running openvpn in "verb 9" gives
tons of information. Here are the 10 lines prior to the fault on the server.
Thu Jul 7 22:43:36 2016 us=471157 X.X.X.X:23699 TLS: tls_process: chg=1
ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Thu Jul 7 22:43:36 2016 us=471219 X.X.X.X:23699 ACK reliable_can_send active=0
current=0 : [5]
Thu Jul 7 22:43:36 2016 us=471357 X.X.X.X:23699 Client pre_master: 2cee2278
2cf7384e 961c2f61 4e8cce25 496029e6 8e91e6d8 2b06ccba 443af910 79846b5c
b45e954e 474a8935 243d99e2
Thu Jul 7 22:43:36 2016 us=471388 X.X.X.X:23699 Client random1: d5d0840e
e429b311 d986349c cbb7da8f 15b21234 671f7edb 2b308233 7418a414
Thu Jul 7 22:43:36 2016 us=471456 X.X.X.X:23699 Client random2: d2490f44
b0b2d207 09e906ef edc2586c e9c53d85 3fcca425 91384724 5525796d
Thu Jul 7 22:43:36 2016 us=471568 X.X.X.X:23699 Server pre_master: 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
Thu Jul 7 22:43:36 2016 us=471598 X.X.X.X:23699 Server random1: a9982c01
c234cc62 10be9412 1be49509 045dc1ea a384b405 d17aeda8 4aa1f132
Thu Jul 7 22:43:36 2016 us=471681 X.X.X.X:23699 Server random2: 7d2ee9d7
94600f16 5a986080 5e23b59a ae4e2877 4354d5fa 1eb97d98 4cb8ae0c
Thu Jul 7 22:43:36 2016 us=471759 X.X.X.X:23699 tls1_P_hash sec: 2cee2278
2cf7384e 961c2f61 4e8cce25 496029e6 8e91e6d8
Thu Jul 7 22:43:36 2016 us=471877 X.X.X.X:23699 tls1_P_hash seed: 4f70656e
56504e20 6d617374 65722073 65637265 74d5d084 0ee429b3 11d98634 9ccbb7da
8f15b212 34671f7e db2b3082 337418a4 14a9982c 01c234cc 6210be94 121be495
09045dc1 eaa384b4 05d17aed a84aa1f1 32
Segmentation fault (core dumped)
And the client side seg faults at the exact same place. I can provide full
logs if anyone wants to look at them.
thanks for any help anyone can provide.
--
Peter Barton
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
