help,IO completion port, bio pair, handshake
hi all i'm a newbie to the openssl and plan to integrate SSL to my server. my server is developed based on IO completion port. so i want to separate the SSL engine from the socket object totally. after googled in mail list, i found it is possible by using BIO pair mechanism . after almost two weeks paining, i decide to turn to you.(i know this topic was discussed many times in the mail list,but i still cannot figure out) please help me out of it. i think i was trapped by some wrong things. to make you better understand, i wrote a simple server and past below. My idea is: 1.make the bio pair.bioInternal,bioNetwork 2.got client accept. 3.receive data from client (eg.client hello) 4.feed the data(eg.client hello) to bioNetwork 5. waiting data(eg.server hello) in bioNetwork and send back to client. 6.(repeat the step 3,4,5 until the handshake process finish) code.(writed by VS2008)--- #include openssl/ssl.h #include winsock2.h #include stdlib.h #include stdio.h int _tmain(int argc, _TCHAR* argv[]) { SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_CTX* pCTX=SSL_CTX_new(TLSv1_server_method()); /*INIT*/ { char cCurDir[255]; ::GetCurrentDirectory( 255,cCurDir ); char cTmp[1024]; sprintf( cTmp,%s\\pem\\ca.cer,cCurDir ); if(!SSL_CTX_load_verify_locations(pCTX, cTmp, NULL) ) goto bad_ssl; sprintf( cTmp,%s\\pem\\ns.cer,cCurDir ); if(!SSL_CTX_use_certificate_file(pCTX, cTmp, SSL_FILETYPE_PEM)) goto bad_ssl; sprintf( cTmp,%s\\pem\\ns.key,cCurDir ); if(!SSL_CTX_use_PrivateKey_file(pCTX, cTmp, SSL_FILETYPE_PEM)) goto bad_ssl; if (!SSL_CTX_check_private_key(pCTX)) goto bad_ssl; } SOCKET sktAccepted = INVALID_SOCKET; /*windows network*/ { WSADATA neto; if (WSAStartup(MAKEWORD(2,2), neto)!=0) goto bad_ssl; SOCKET sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sk == SOCKET_ERROR) goto bad_ssl; SOCKADDR_IN sa; sa.sin_addr.S_un.S_addr = INADDR_ANY; sa.sin_family = AF_INET; sa.sin_port = htons(8001); if(bind(sk, (SOCKADDR*)sa, sizeof(sa))== SOCKET_ERROR) goto bad_ssl; if(listen(sk,5)== SOCKET_ERROR) goto bad_ssl; sktAccepted = accept(sk, (struct sockaddr *)sa, NULL); if(sktAccepted == INVALID_SOCKET) goto bad_ssl; } //after got client accept,prepare for handshake SSL* pSSL = SSL_new( pCTX ); if( pSSL == NULL ) goto bad_ssl; BIO* pBIOnet = BIO_new( BIO_s_mem() ); BIO* pBIOint = BIO_new( BIO_s_mem() ); //BIO* pBIO_SSL = BIO_new(BIO_f_ssl()); BIO_make_bio_pair( pBIOint,pBIOnet ); //long lOptions = SSL_ctrl( pSSL, SSL_CTRL_OPTIONS, 0, 0) | SSL_OP_ALL; //SSL_ctrl(pSSL, SSL_CTRL_OPTIONS, lOptions, 0); SSL_set_accept_state( pSSL ); SSL_set_bio( pSSL,pBIOint,pBIOint ); //BIO_set_ssl( pBIO_SSL, pSSL, BIO_NOCLOSE); SSL_set_mode(pSSL, SSL_MODE_AUTO_RETRY); char cTmp[4*1024]; //waitting data from client while( true ) { //(here.always got 124 len data from client.i use client tool 'openssl s_client -connect 127.0.0.1:8001' ) int iRe = recv( sktAccepted,cTmp,4*1024,0); if( iRe == 0 || iRe == SOCKET_ERROR ) break; //data got from network. send to SSL int iWritedLen = BIO_write( pBIOnet,cTmp,iRe ); BIO_flush( pBIOnet ); if( SSL_in_init( pSSL ) ) { int iRe = SSL_accept( pSSL );// SSL_do_handshake( pSSL ); if( iRe = 0 ) { int iErrCode = SSL_get_error( pSSL,iRe ); printf(Error happen during BIO_do_handshake(..).err:%d\n,iErrCode ); switch( iErrCode ) { case SSL_ERROR_WANT_READ: {//where can i got data to feed SSL? } break; case SSL_ERROR_WANT_WRITE: break; } } //if( 0 ) { //in handshake process, after data got from network,there should be data needed sending back to client.for example.Server Hello int iPendingLen = BIO_pending( pBIOnet ); if( iPendingLen 0 ) { int iReadedDataLen = BIO_read( pBIOnet,cTmp,iPendingLen );//(the data is exactly the same with the data recived from client.??!) //send to client send( sktAccepted,cTmp,iReadedDataLen,0 ); } } } else {//handshake is done.then the data is application logic data. //got plain application data. if( BIO_pending( pBIOint ) 0 ) { //read and dealing... //(...) } } } bad_ssl: //destroy all resource... //(...) return 0; } many thanks. anakin.jin
RE: Using self-signed certificates with openssl
From: dthomp...@prinpay.com To: openssl-users@openssl.org Subject: RE: Using self-signed certificates with openssl Date: Fri, 13 May 2011 22:06:55 -0400 From: owner-openssl-us...@openssl.org On Behalf Of Roger No-Spam Sent: Friday, 13 May, 2011 04:15 We have decided to use openssl to protect a connection in our system with TLS. Clients will be authenticated using X509 certificates. To cut a long story short, a decision has been taken to use self-signed certificates. On the server, each client's self-signed cert will be loaded by a call to SSL_CTX_load_verify_locations(). This is pretty much working as expected, To be exact: you can't be doing a load_verify_locations for each of multiple certs -- unless you do it dynamically one per SSL_accept(). To statically accept multiple certs, you can put them all in one file, or in one directory with hashlinks (or hashnames), and use that file or that directory (or possibly one of each) for load_verify_locations. We put all client's certs in one file, that is loaded by a call to SSL_CTX_load_verify_locations(). apart from one thing. If we modify the client's private key (modified a bit in the privateExponent), the TLS connection is still successfully established. I had expected the signature verification (certificate verify message) of the handshake to fail in this case. Are there any gotchas with self-signed certs? Or is there something else we have missed that explains why the signature verification is successful with the modified key? It's not the cert; the same thing happens with just keys in rsautl. OpenSSL normally stores and uses RSA privatekey in Chinese Remainder Theorem format, which is quite a bit faster. If you damage only the privateExponent 'd' it doesn't affect the private key operation. If you damage a CRT component it (silently!) falls back to modexp-d instead, so if you damage *both* a CRT component *and* d *then* you get a bad signature, and a handshake failure. I *think* this works for any bit in any CRT component, but I didn't try to work out the math (and certainly didn't test completely). Thanks, that explains it! What is your threat (model) here? If an attacker can get at your clear privatekey file, I can't imagine why they would only flip one bit; and if they can get at an encrypted privatekey file, any tampering including a bit flip should be detected and refuse to load the key at all. This was just something I quickly did as informal testing, to trigger a signature validation failure. It is not a valid test case. But the result had me worried that I had misunderstood how self-signed certs can be used in openssl. But I think everything is explained now. Thanks for your help. Regards Roger
Trouble with SSL handshake
Good Morning, My situation is very strange, i guess. At work we use a CFT server, which is very popular in Europe for File transfert between corporation, like bank. In my case one of our customer is a bank, and they want that our file transfert to be securised over SSL. CFT include SSL support based on Openssl library and internal library. My CFT server run under linux, an old debian i cannot upgrade due to operationnal environment. We need to play each other client/server role, so on both side we configured CFT with our respective Authority certificate, and created local certificate signed for the ssl connexion. when i play the role of server, and our customer play the role of client, everything runs fines and file transfert is ok. When i play the role of client, trying to connect to our customer server, it doesnt work. The handshake doesnt finish. i run an strace on my process wich manage the ssl handshake, and here is what i got : fcntl64(8, F_SETLK64, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}, 0xbfdef720) = 0 _llseek(8, 512, [512], SEEK_SET)= 0 fcntl64(8, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}, 0xbfdef6e0) = 0 read(8, \7\0\0\0\0\0\0\0\6\0\0\0REFRCA\0\0\0\0\0\0\0\0\0\0\0\0..., 512) = 512 fcntl64(8, F_SETLK64, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}, 0xbfdef6e0) = 0 _llseek(7, 32814, [32814], SEEK_SET)= 0 read(7, \0UEFRLCLUS\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 8193) = 8193 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 time([1305131804]) = 1305131804 write(1, OPNSSL.text_error(PKI2CRY:803)=e..., 98) = 98 gettimeofday({1305131804, 420297}, NULL) = 0 gettimeofday({1305131804, 420316}, NULL) = 0 semop(2031638, 0xbfdf0fc0, 1) = 0 semop(2031638, 0xbfdf0fc0, 1) = 0 msgsnd(32769, {2, \34pg\265}, 4, 0) But im unable to find to what error it is related ! that is why i write here, in case someone has an idea ! Regards. -- Carrel Dominique
Re[2]: openssl config; full form of multi-valued field
Viktor, thank you a lot for the syntax: really that manual IS misleading! Well, now I can configure good (for Microsoft) CRL distribution points: crlDistributionPoints = ca_cdp [ ca_cdp ] fullname = @ca_cdp_uries reasons = keyCompromise [ ca_cdp_uries ] URI.1 = ldap:///CN=CA,CN=IssuerW2k8,CN=CDP,CN=Public%20Key%20Services,CN=Services,etc URI.2 = http://issuerw2k8.wud.lan/CertEnroll/ROOTCA.crl (2) *** But: *** how shall I cope with Authority Info Access? Manual says: authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html I need ldap URI with commas inside. And OpenSSL refuses my both assumptions: (a) authorityInfoAccess = some_section (b) authorityInfoAccess = caIssuers;@some_other_section If there were a way to escape comma symbol in string values where sequences expected! So please, more hints.. Alexey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Why would RSA_size() crash?
Hi all. I'm trying to use the OpenSSL crypto lib. I've generated a public/private RSA key pair. Then I wrote some code to try to encrypt an eight-byte random string. But it crashes in RSA_size(). Here's the code: BIO* bp = BIO_new_mem_buf(_publicKey, -1);// Create a new memory buffer BIO. RSA* pubKey = PEM_read_bio_RSA_PUBKEY(bp, 0, 0, 0);// And read the RSA key from it. BIO_free(bp); // Allocate a string to hold the encrypted result. unsigned char encryptedRandKey[RSA_size(pubKey)]; _pubKey is a null-terminated character string that contains the RSA public key in PEM format (including -BEGIN and so forth). RSA_size() crashes with bad access. Removing BIO_free() didn't make any difference. I also just tried assigning the value of RSA_size() to an int, and it crashed. Any ideas here? Thanks! Gavin
Re: No shared cipher error using ECDSA
Thanks Viktor, I hadn't properly understood the relationship between the certificate and the cipher, so I'll look at that now. I think I'm also confusing the OpenVPN OpenSSL relationship. OpenVPN does appear to be using TLS according to the logs, so I had tried to specify tls-cipher ECDHE-ECDSA-AES256-SHA in CLIENT.OVPN and SERVER.OVPN config files, but got the same error. Thanks for your help, you've given new ideas to research. On Fri, May 13, 2011 at 06:36:34PM +0100, Mike Bell wrote: I had originally put cipher AES-128-CBC in SERVER.OVPN CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!) I am not familiar with your VPN product, so you'll have to figure out what configuration options are applicable. If the product uses SSL cipher suites, then a cipher name is almost always a cipherlist, whose syntax is described in the ciphers(1) manpage. If on the other hand, as the protocol in question is not TLS, cipher specification uses a different syntax, then you need to figure out how to configure a cipher that is compatible with ECDSA certificates. Do not confuse a block algorithm e.g. (AES-128-CBC) with a cipher-suite, which specifies also the authentication and message digest algorithms. Generally, OpenSSL ciphersuites are defined for TLS. It is not clear how these translate to your VPN device. -- Viktor. From: Victor Duchovni victor.ducho...@morganstanley.com To: openssl-users@openssl.org openssl-users@openssl.org Sent: Friday, 13 May 2011, 17:56 Subject: Re: No shared cipher error using ECDSA On Fri, May 13, 2011 at 05:41:52PM +0100, Mike Bell wrote: However I keep getting a no shared cipher error. In my client server openssl.cnf files I've specified cipher AES-128-CBC This is not an EC cipher, and if you configure an EC cert, but specify a cipher that is one of the ones reported by openssl ciphers -v aECDSA, you get no shared cipher errors. ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1 Don't explicitly specify the cipher, just the certificates are sufficient, or specify a cipher class !eNULL:!SSLv2:aECDSA:@STRENGTH which eliminates the NULL cipher: $ openssl ciphers -v '!eNULL:!SSLv2:aECDSA:@STRENGTH' ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Application is failing with cipher or hash unavailable
Hi, After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. Google search did not help. All I could find out was, error alert is encrypted. Did not understand what condition was seen by client's openssl to throw this error and how to know the condition? Any inputs on this. Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy Sent: Thursday, 12 May, 2011 18:37 I have tried with all the ciphers. This same application works well on windows. I run my application again with s_server, but hit with the same error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable And on s_server [with -msg -debug], folwing messages are : client hello server hello SSL_accept:SSLv3 write certificate A TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED SSL_accept:failed in SSLv3 read client certificate A Both -msg and -debug should have given you (redundant) hex dumps of all messages; did you delete them? But only -state, which you didn't say you used, should give lines like 'SSL_accept:SSLv3 write server done A' . If there is no ServerKeyExchange (you didn't just delete it) then the selected suite probably uses RSA key agreement. But that doesn't help much; there are kRSA suites with all or nearly all data-ciphers and several hashes. You can decode the dump of client-hello to determine what list of suites (and compressions) the client is offering, and of server-hello to determine what the server selected. If you can install wireshark from www.wireshark.org on a personal Windows machine that sees the same network link, that can do the decode for you automatically. There may be equivalent tools for Unix, but I don't know. This mean, client and server are agreed on cipher. In what cases client verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error? It's not a matter of verifying. The client is trying to *do* setup for the selected suite, and also compression, and failing. Key setup is a slightly misleading name; it's actually setting several internal pointers as well as the actual keys, and this first step -- determining pointers effectively to code for the selected cipher, hash, and compression -- is what is failing. Most likely the client has offered a suite or compression it doesn't actually support, which it shouldn't, or some of OpenSSL's memory has been clobbered by a bug in your client. Look at the selected suite in server-hello, and compare to the build options for the build(s) you are using. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl config; full form of multi-valued field
I'd try that way: authorityInfoAccess = @aias [aias] caIssuers;URI.1=http://pervaya.ssilka/.. caIssuers;URI.2=http://vtoraya.ssilka/.. but this is just my guess... might be wrong. Alexandre Le 16/05/2011 11:52, A.B.COKO/\OB a écrit : Viktor, thank you a lot for the syntax: really that manual IS misleading! Well, now I can configure good (for Microsoft) CRL distribution points: crlDistributionPoints = ca_cdp [ ca_cdp ] fullname = @ca_cdp_uries reasons = keyCompromise [ ca_cdp_uries ] URI.1 = ldap:///CN=CA,CN=IssuerW2k8,CN=CDP,CN=Public%20Key%20Services,CN=Services,etc URI.2 = http://issuerw2k8.wud.lan/CertEnroll/ROOTCA.crl (2) *** But: *** how shall I cope with Authority Info Access? Manual says: authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html I need ldap URI with commas inside. And OpenSSL refuses my both assumptions: (a) authorityInfoAccess = some_section (b) authorityInfoAccess = caIssuers;@some_other_section If there were a way to escape comma symbol in string values where sequences expected! So please, more hints.. Alexey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Alexandre Aufrere - OpenTrust __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Check signature
Hello, I have a program, written on C++ and QT. I need to implement checking of signature in my program, so that it would do the same check, as this openssl command: openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt what is the most optimal method, I can use? What functions I must call? -- Thank you! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why would RSA_size() crash?
I'm trying to use the OpenSSL crypto lib. I've generated a public/private RSA key pair. Then I wrote some code to try to encrypt an eight-byte random string. But it crashes in RSA_size(). Here's the code: BIO* bp = BIO_new_mem_buf(_publicKey, -1);// Create a new memory buffer BIO. RSA* pubKey = PEM_read_bio_RSA_PUBKEY(bp, 0, 0, 0);// And read the RSA key from it. BIO_free(bp); Are you checking the pointer pubKey after PEM_read_bio_RSA_PUBKEY? If it is NULL, RSA_size will die. // Allocate a string to hold the encrypted result. unsigned char encryptedRandKey[RSA_size(pubKey)]; John __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
R: Why would RSA_size() crash?
Is pubKey a valid pointer after PEM_read_bio_RSA_PUBKEY? If it is NULL there is an error in PEM data. Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di G S Inviato: lunedì 16 maggio 2011 12:13 A: openssl-users@openssl.org Oggetto: Why would RSA_size() crash? Hi all. I'm trying to use the OpenSSL crypto lib. I've generated a public/private RSA key pair. Then I wrote some code to try to encrypt an eight-byte random string. But it crashes in RSA_size(). Here's the code: BIO* bp = BIO_new_mem_buf(_publicKey, -1);// Create a new memory buffer BIO. RSA* pubKey = PEM_read_bio_RSA_PUBKEY(bp, 0, 0, 0);// And read the RSA key from it. BIO_free(bp); // Allocate a string to hold the encrypted result. unsigned char encryptedRandKey[RSA_size(pubKey)]; _pubKey is a null-terminated character string that contains the RSA public key in PEM format (including -BEGIN and so forth). RSA_size() crashes with bad access. Removing BIO_free() didn't make any difference. I also just tried assigning the value of RSA_size() to an int, and it crashed. Any ideas here? Thanks! Gavin
check RSA signature
Hello, I have a program, written on C++ and QT. I need to implement checking of file signature in my program, so that it would do the same check, as this openssl command: openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt Can i do it, calling some QT methods? If no, are there some methods in QT, which allow to check any signatures? -- Thank you! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re[2]: openssl config; full form of multi-valued field
Alexandre, you've got it!!! Monday, May 16, 2011, 3:07:54 PM, you wrote: AA I'd try that way: AA authorityInfoAccess = @aias AA [aias] AA caIssuers;URI.1=http://pervaya.ssilka/.. AA caIssuers;URI.2=http://vtoraya.ssilka/.. (3) So maybe you know how to deal with unknown (to ssl) extentions? For example: MS revocation lists have 1.3.6.1.4.1.311.21.14 - CRL_SELF_CDP Its structure is much the same as crlDistributionPoints (I even inserted row format data, successfully). 0:d=0 hl=3 l= 180 cons: SEQUENCE 3:d=1 hl=3 l= 177 cons: SEQUENCE 6:d=2 hl=3 l= 174 cons: cont [ 0 ] 9:d=3 hl=3 l= 171 cons: cont [ 0 ] 12:d=4 hl=3 l= 168 prim: cont [ 6 ] I tried: 1.3.6.1.4.1.311.21.14 = ASN1:SEQUENCE:crl_self [ crl_self ] URI.1 = UTF8:ldap:///CN=CA,CN=IssuerW2k8,CN=CDP,CN=Public URI.2 = UTF8:http://issuerw2k8.wud.lan/CertEnroll/RootCA.crl or 1.3.6.1.4.1.311.21.14 = ASN1:SEQUENCE:crl_self [ crl_self ] fullname = SEQUENCE:crl_self_2 [ crl_self_2 ] URI.1 = UTF8:ldap:///CN=CA,CN=IssuerW2k8,CN=CDP, URI.2 = UTF8:http://issuerw2k8.wud.lan/CertEnroll/RootCA.crl Inner content differs, software do not recognize such object. Your general advice: Can one construct an object for openssl.conf just looking at its DER (or parsed) content, such as above?? Thanks in advance, Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why would RSA_size() crash?
Duh, thanks to the people who pointed out that the pointer returned by PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use Xcode, which refuses to show any local variables and GDB claims they don't exist). The question now is why it's null, since I know the string itself is populated. It may be that newlines are getting stripped somehow. I store all of the key text in a database and return it to the app as an XML element. Dumping the element to the console shows newlines, but a printf of the character string I use as the BIO source does not show newlines.
Re: Why would RSA_size() crash?
Duh, thanks to the people who pointed out that the pointer returned by PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use Xcode, which refuses to show any local variables and GDB claims they don't exist). This is probably the optimizer, try compiling with -O0 -g3 (and make sure you/the linker aren't stripping symbols) Pretty much always a good idea when developing. John The question now is why it's null, since I know the string itself is populated. It may be that newlines are getting stripped somehow. I store all of the key text in a database and return it to the app as an XML element. Dumping the element to the console shows newlines, but a printf of the character string I use as the BIO source does not show newlines. --485b397dd4e3cb172604a364d672 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Duh, thanks to the people who pointed out that the pointer returned by PEM_= read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use Xc= ode, which refuses to show any local variables and GDB claims they don#39;= t exist).br brThe question now is why it#39;s null, since I know the string itself i= s populated.=A0 It may be that newlines are getting stripped somehow.=A0 I = store all of the key text in a database and return it to the app as an XML = element.=A0 Dumping the element to the console shows newlines, but a printf= of the character string I use as the BIO source does not show newlines.br= --485b397dd4e3cb172604a364d672-- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Cert Renewal issue + CAcert.org
I am learning various sites and blogs to make it clear, but, it's yet unclear to me! I think, you may help me if you want and that will be a big favor for me. What I am trying to do is: I am trying to renew cert of one server which was certified by CAcert.org. What I am trying to follow is: 1. Generate Private key: with openssl genrsa -des3 -out myserv.key 2048 2. Remove passphrase from key: 3. Generate CSR: with openssl req -new -key myserv.key -out myserv.csr 4. Submit this csr into 3rd party 5. get the certificate and SAVE IT AS MYSERV.CRT ( am I correct here? ) 6. Concatenation CRT+PRIVATE KEY and SAVE THE CONCATENATION AS PEM FORMAT 7. RE-ENCODE PEM INTO PKCS12 8. Create JKS 9. Now what? how can I install JKS for tomcat and apache? what do you suggest me to do? any link? Can you please help me regarding this? -- Best, Zico
Re: Application is failing with cipher or hash unavailable
You could hack ur client and server to use cipher null and see the alert in clear..most,y should be digest failure. On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote: Hi, After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. Google search did not help. All I could find out was, error alert is encrypted. Did not understand what condition was seen by client's openssl to throw this error and how to know the condition? Any inputs on this. Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy Sent: Thursday, 12 May, 2011 18:37 I have tried with all the ciphers. This same application works well on windows. I run my application again with s_server, but hit with the same error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable And on s_server [with -msg -debug], folwing messages are : client hello server hello SSL_accept:SSLv3 write certificate A TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED SSL_accept:failed in SSLv3 read client certificate A Both -msg and -debug should have given you (redundant) hex dumps of all messages; did you delete them? But only -state, which you didn't say you used, should give lines like 'SSL_accept:SSLv3 write server done A' . If there is no ServerKeyExchange (you didn't just delete it) then the selected suite probably uses RSA key agreement. But that doesn't help much; there are kRSA suites with all or nearly all data-ciphers and several hashes. You can decode the dump of client-hello to determine what list of suites (and compressions) the client is offering, and of server-hello to determine what the server selected. If you can install wireshark from www.wireshark.org on a personal Windows machine that sees the same network link, that can do the decode for you automatically. There may be equivalent tools for Unix, but I don't know. This mean, client and server are agreed on cipher. In what cases client verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error? It's not a matter of verifying. The client is trying to *do* setup for the selected suite, and also compression, and failing. Key setup is a slightly misleading name; it's actually setting several internal pointers as well as the actual keys, and this first step -- determining pointers effectively to code for the selected cipher, hash, and compression -- is what is failing. Most likely the client has offered a suite or compression it doesn't actually support, which it shouldn't, or some of OpenSSL's memory has been clobbered by a bug in your client. Look at the selected suite in server-hello, and compare to the build options for the build(s) you are using. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to disable SSL/TLS Renegotiation
Hi Bob, Your question is of interest to me because I had posted a question about renegotiation too and got no response yet: I have a client and server that communicate with PSK-AES128-CBC-SHA. In making openssl I selected no-tlsext. What I see is that client initiates legacy renegotiation and server supports and accepts it. I did not set the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. Would you think this is expected? Wouldn't it be better for the server to reject this legacy renegotiation? Re your point 1: Sure it can happen if you are the server and the client starts renegotiation, or if you are the client and the server starts renegotiation. Additionally, there is some code in bio_ssl.c which triggers renegotiation after timeout or amount of data received, but you can probably disable these conditions, or not use bio_ssl.c at all. Re your point 2: to the best of my knowledge - No. Note that renegotiation will behave differently if you build openssl with/without tls-extension. Without extension, you get legacy renegotiation. With extensions you get support of the renegotiation_info extension. My inputs above are based on 1.0.0d only. I am not an openssl expert, so please don't assume that all I have said above is proven. Regards Alon From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Yan, Bob Sent: Tuesday, March 08, 2011 1:07 AM To: openssl-users@openssl.org Subject: How to disable SSL/TLS Renegotiation I have two questions regarding to SSL/TLS Renegotiation: 1) Can SSL/TLS Renegotiation happen automatically during the normal SSL_read and SSL_write operation on a SSL connection? Basically if the application doesn't invoke the SSL_renegotiate function, can SSL/TLS Renegotiation still happen automatically on a SSL connection? 2) Can the SSL/TLS Renegotiation be disabled? Such as if the peer requests the SSL/TLS renegotiation, the SSL_read or SSL_write will return an error but not SSL_ERROR_WANT_READ/WRITE? Thanks Bob
Re: Why would RSA_size() crash?
On Mon, May 16, 2011 at 6:53 AM, John Hascall j...@iastate.edu wrote: (sadly I have to use Xcode, which refuses to show any local variables and GDB claims they don't exist). This is probably the optimizer, try compiling with -O0 -g3 Thanks, John, I am building Debug. I verified that -O0 is being used, however -g3 does not appear in the transcript. What does that option do?
Re: Why would RSA_size() crash?
Ah, I see the g3 option generates extra debugging info. I'll give it a shot. I have a bug open with Apple about this anyway. It has proven to be very hard to pin down. Restarting Xcode will usually eliminate the problem and let you step through code... ONCE. If you want to do it again, you have to quit Xcode, reload the project, and go. Infuriating. And often it will afflict some files but not others. I checked the currently troublesome one to make sure it was -O0.
Re: Cert Renewal issue + CAcert.org
Java has tools to create the key pairs and the CSR; you are not required to do this with OpenSSL. I provided some links below that have some commands. https://www.digicert.com/easy-csr/keytool.htm http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/ In the end the process is similar to: 1. Create keystore and create new CSR within it. 2. Send CSR 3. Get back the response 4. import response into the keystore As for Apache/Tomcat, that I have no direct experience doing, but it should be no more than adding a module and making a few config tweaks. Thanks, -Eduardo From: Zico Sent: Monday, May 16, 2011 10:16 AM To: openssl-users@openssl.org Subject: Cert Renewal issue + CAcert.org I am learning various sites and blogs to make it clear, but, it's yet unclear to me! I think, you may help me if you want and that will be a big favor for me. What I am trying to do is: I am trying to renew cert of one server which was certified by CAcert.org. What I am trying to follow is: 1. Generate Private key: with openssl genrsa -des3 -out myserv.key 2048 2. Remove passphrase from key: 3. Generate CSR: with openssl req -new -key myserv.key -out myserv.csr 4. Submit this csr into 3rd party 5. get the certificate and SAVE IT AS MYSERV.CRT ( am I correct here? ) 6. Concatenation CRT+PRIVATE KEY and SAVE THE CONCATENATION AS PEM FORMAT 7. RE-ENCODE PEM INTO PKCS12 8. Create JKS 9. Now what? how can I install JKS for tomcat and apache? what do you suggest me to do? any link? Can you please help me regarding this? -- Best, Zico
Re: Cert Renewal issue + CAcert.org
On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro eduardo.nava...@live.comwrote: 4. import response into the keystore Thanks Eduardo for your nice and very very effective email. But, I am having problem with this number 4. What I need to do here actually? Do i need to install this? Or.. do I need to replace ( just rename the old one with the new one) it and do some configuration in tomcat ? What do you say? -- Best, Zico
RE: Cert Renewal issue + CAcert.org
Use the same tool from the JDK, keytool.exe. Your response should be nothing more than a certificate, the private key that is associated to that certificate had an alias , which you to specify during the import process. Sent from my Windows Phone From: ZicoSent: Monday, May 16, 2011 11:40 AMTo: openssl-users@openssl.orgSubject: Re: Cert Renewal issue + CAcert.org On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro eduardo.nava...@live.comwrote: 4. import response into the keystore Thanks Eduardo for your nice and very very effective email. But, I am having problem with this number 4. What I need to do here actually? Do i need to install this? Or.. do I need to replace ( just rename the old one with the new one) it and do some configuration in tomcat ? What do you say? -- Best, Zico __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: No shared cipher error using ECDSA
On Mon, May 16, 2011 at 11:56:41AM +0100, Mike Bell wrote: Thanks Viktor, I hadn't properly understood the relationship between the certificate and the cipher, so I'll look at that now. I think I'm also confusing the OpenVPN? OpenSSL relationship. OpenVPN does appear to be using TLS according to the logs, so I had tried to specify tls-cipher ECDHE-ECDSA-AES256-SHA in CLIENT.OVPN and SERVER.OVPN config files, but got the same error. Are you sure that the OpenSSL version used by OpenSSL supports EC ciphersuites? Generally, you need OpenSSL 1.0.0 for that. Partial support for EC was available in 0.9.8, and no EC support is present in 0.9.7. To enable EECDH key-exchange, the server may need to specify a curve, which OpenVPN may not be doing. I don't believe that the curve from the certificate is used by default when no curve is specified explicitly via SSL_CTX_set_tmp_ecdh() and no callback is specified via SSL_CTX_set_tmp_ecdh_callback(). Thus code not explicitly designed to use ECDSA ciphers may not work when configured to use only ECDSA. It will only use any non-ECDSA ciphers allowed. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Application is failing with cipher or hash unavailable
Alert 21 seems to be decryption failure. Sent from my iPad On May 16, 2011, at 6:12 AM, pradeepreddy pradeepreddy@gmail.com wrote: Hi, After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. Google search did not help. All I could find out was, error alert is encrypted. Did not understand what condition was seen by client's openssl to throw this error and how to know the condition? Any inputs on this. Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy Sent: Thursday, 12 May, 2011 18:37 I have tried with all the ciphers. This same application works well on windows. I run my application again with s_server, but hit with the same error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable And on s_server [with -msg -debug], folwing messages are : client hello server hello SSL_accept:SSLv3 write certificate A TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED SSL_accept:failed in SSLv3 read client certificate A Both -msg and -debug should have given you (redundant) hex dumps of all messages; did you delete them? But only -state, which you didn't say you used, should give lines like 'SSL_accept:SSLv3 write server done A' . If there is no ServerKeyExchange (you didn't just delete it) then the selected suite probably uses RSA key agreement. But that doesn't help much; there are kRSA suites with all or nearly all data-ciphers and several hashes. You can decode the dump of client-hello to determine what list of suites (and compressions) the client is offering, and of server-hello to determine what the server selected. If you can install wireshark from www.wireshark.org on a personal Windows machine that sees the same network link, that can do the decode for you automatically. There may be equivalent tools for Unix, but I don't know. This mean, client and server are agreed on cipher. In what cases client verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error? It's not a matter of verifying. The client is trying to *do* setup for the selected suite, and also compression, and failing. Key setup is a slightly misleading name; it's actually setting several internal pointers as well as the actual keys, and this first step -- determining pointers effectively to code for the selected cipher, hash, and compression -- is what is failing. Most likely the client has offered a suite or compression it doesn't actually support, which it shouldn't, or some of OpenSSL's memory has been clobbered by a bug in your client. Look at the selected suite in server-hello, and compare to the build options for the build(s) you are using. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Cross-compile openssl-fips-1.2.2 for arm-linux
Hi, I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux x86-host system. The compilation goes through, but the tests fail to run on the target with errors as shown below. 1. This is how I compiled the library. # setting environment variables; export CROSS_COMPILE=/usr/bin/armv4-uclibc- export HOSTCC=/usr/lib/ccache/gcc export FIPS-SIG=/home/test/openssl-fips-1.2.2/incore2 ./Configure linux-generic32 fipscanisterbuild NOTE: Since the Configure did not allow me to choose ARCH as linux-arm I choose linux-generic32 make Compilation completes without errors. 2. Run tests on the target # ./fips_shatest ERROR:2d06906e:lib=45,func=105,reason=110:file=fips.c:line=238: # ./fips_dsatest ERROR:2d06906e:lib=45,func=105,reason=110:file=fips.c:line=238: Can anyone please tell me if there is anything wrong in the steps that I followed to compile openssl-fips module. Thanks, Basker -- View this message in context: http://old.nabble.com/Cross-compile-openssl-fips-1.2.2-for-arm-linux-tp31632691p31632691.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cross-compile openssl-fips-1.2.2 for arm-linux
On Mon, May 16, 2011, openssl-fips-1.2.2 wrote: Hi, I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux x86-host system. The compilation goes through, but the tests fail to run on the target with errors as shown below. 1. This is how I compiled the library. # setting environment variables; export CROSS_COMPILE=/usr/bin/armv4-uclibc- export HOSTCC=/usr/lib/ccache/gcc export FIPS-SIG=/home/test/openssl-fips-1.2.2/incore2 ./Configure linux-generic32 fipscanisterbuild NOTE: Since the Configure did not allow me to choose ARCH as linux-arm I choose linux-generic32 make Compilation completes without errors. 2. Run tests on the target # ./fips_shatest ERROR:2d06906e:lib=45,func=105,reason=110:file=fips.c:line=238: # ./fips_dsatest ERROR:2d06906e:lib=45,func=105,reason=110:file=fips.c:line=238: Can anyone please tell me if there is anything wrong in the steps that I followed to compile openssl-fips module. The incore2 script only works with the unvalidated FIPS 2.0 module. You need the original incore script for the 1.2.2 module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: check RSA signature
On Mon, May 16, 2011 at 8:51 AM, Sergey sh0...@gmail.com wrote: Hello, I have a program, written on C++ and QT. I need to implement checking of file signature in my program, so that it would do the same check, as this openssl command: openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt Checking the on-disk file is a weaker assurance than in-memory code and data. Verifying in-memory code an data can be a bit more difficult since you will need to work against an executable format - for example, PE/PE+ and ELF32/ELF64. From experience, both formats are very workable. On the Windows platform, I generally prefer to use Code Signing for the on-disk verification, and custom checks for in-memory assurances. For Linux, I use both - on startup I check the on-disk image, and intermittently check in-memory code and data to detect tampering. Can i do it, calling some QT methods? If no, are there some methods in QT, which allow to check any signatures? You will have to code it yourself using C/C++. The framework (Qt, GNOME, etc) really does not matter much. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why would RSA_size() crash?
OK, this is perplexing. I have a PEM-format RSA key in a character string called _publicKey, with newlines between the header, key data, and trailer. Like this: -BEGIN PUBLIC KEY MCwwHRTJKoZIhvcNAQEBBQADGwAwGAIRALPMoZzXMLIKhidteVfdR28CAwEAAQ== -END PUBLIC KEY- But PEM_read_bio_RSA_PUBKEY is still returning NULL, as in this: BIO* bp = BIO_new_mem_buf(_publicKey, -1); // Create a new memory buffer BIO. RSA* pubKey = 0; if(bp) { pubKey = PEM_read_bio_RSA_PUBKEY(bp, 0, 0, 0); // And read the RSA key from it. BIO_free(bp); } Does anybody see anything I'm doing wrong? I verified that the key string matches what's in the PEM file that was generated on the command line. Thanks!
Re: Why would RSA_size() crash?
A follow-up: After seeing an example, I tried printing the result of ERR_reason_error_string(ERR_get_error()). It's null.
Re: Why would RSA_size() crash?
On Mon, May 16, 2011 at 9:53 AM, John Hascall j...@iastate.edu wrote: Duh, thanks to the people who pointed out that the pointer returned by PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use Xcode, which refuses to show any local variables and GDB claims they don't exist). This is probably the optimizer, try compiling with -O0 -g3 (and make sure you/the linker aren't stripping symbols) Pretty much always a good idea when developing. Don't forget to define DEBUG and NDEBUG for debug and release. And for debug builds, -Wall -Wextra goes a long way (it beats checking boxes). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Application is failing with cipher or hash unavailable
From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar Sent: Monday, 16 May, 2011 16:06 Alert 21 seems to be decryption failure. Alert description aka alert code 21, yes. But OP says he is getting an encrypted alert, apparently in wireshark, which then can't and doesn't decode Description. It shows *content*type 21 =(any)alert, also protocolver and length, because only record header is in clear. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Application is failing with cipher or hash unavailable
From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar Sent: Monday, 16 May, 2011 10:18 You could hack ur client and server to use cipher null and see the alert in clear..most,y should be digest failure. If you mean MAC failure (actually MAC-or-decryption-failure, since they were combined to avoid possibly helping an attacker), that should *never* happen unless there is a bug at either peer or actual tampering in the communication channel. It could also be close-notify. That's the only alert that should normally occur after handshake. On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote: After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. As shown by wireshark, I assume. Immediately after Finished (which wireshark is only able to shows as 'encrypted handshake message' 'contenttype:22')? Or after more data? Or a time delay (maybe timeout)? Yes, alerts are encrypted once handshake is completed. Aside from using a null cipher as suggested above, so the encrypted alert (and any other data) is readable: - does either your client or server or both log or display anything about the error? - if not, can you substitute s_server for the real server? It does display/log any error alert. But this will only work if the client is spontaneously sending the alert without waiting for or needing any data the real server sends. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Application is failing with cipher or hash unavailable
Am not sure what the poster of this msg is actually doing, but I faced a similar problem when I was trying to achieve SSL from kernel, I had to work on sk_buff chains and fragmented SSL Records, and during my development, I got a lot of error alerts of 21 as some boundary conditions were not met. I am sure here they are trying to process SSL from kernel and not using openssl from userland..there is no other reason as to why this alert has to come. thanks --Gayathri On Mon, May 16, 2011 at 8:12 PM, Dave Thompson dthomp...@prinpay.comwrote: From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar Sent: Monday, 16 May, 2011 10:18 You could hack ur client and server to use cipher null and see the alert in clear..most,y should be digest failure. If you mean MAC failure (actually MAC-or-decryption-failure, since they were combined to avoid possibly helping an attacker), that should *never* happen unless there is a bug at either peer or actual tampering in the communication channel. It could also be close-notify. That's the only alert that should normally occur after handshake. On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote: After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. As shown by wireshark, I assume. Immediately after Finished (which wireshark is only able to shows as 'encrypted handshake message' 'contenttype:22')? Or after more data? Or a time delay (maybe timeout)? Yes, alerts are encrypted once handshake is completed. Aside from using a null cipher as suggested above, so the encrypted alert (and any other data) is readable: - does either your client or server or both log or display anything about the error? - if not, can you substitute s_server for the real server? It does display/log any error alert. But this will only work if the client is spontaneously sending the alert without waiting for or needing any data the real server sends. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Replace renewed intermediate certificate in the keystore chain: in Java
From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan Sent: Monday, 16 May, 2011 00:13 Not sure why I mixed up the order earlier but this procedure works. If the old leaf is first in the .pem file followed by the new intermediate and the old root the intermediate is renewed successfully. I have to use the already existing chain alias. (To be exact: the alias for the existing *privatekey* entry, which *includes* the chain.) I think this is what should have worked for you too ? Yes that did work for me, and now for you. Another way that works and I prefer is old leaf plus new intermediate and NO root, because as I explained there's no benefit to having the root in the privatekey entry. But you were already using with-root, and I guess you want to continue doing so, and it does no harm. snip earlier __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why would RSA_size() crash?
On Mon, May 16, 2011, G S wrote: A follow-up: After seeing an example, I tried printing the result of ERR_reason_error_string(ERR_get_error()). It's null. ERR_print_errors_fp(stderr) might be more useful: see FAQ. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading
16 May 2011 Monday 7:28 P.M. Singapore Time For Immediate Release SINGAPORE, SINGAPORE - Singapore Citizen Mr. Teo En Ming (Zhang Enming) would like to report first hand account of mind intrusion and mind reading. I have been hearing voices for quite some time now but I have not been able to identify the persons physically. A number of un-identified persons have intruded into my mind and they are able to read my thoughts. I could not explain the mechanism by which these un-identified persons have been reading my mind at the moment but there is definitely a scientific explanation for it. I know very clearly that I am not suffering from schizophrenia at all. I am fully aware that no common man would believe me except the select few scientific researchers working in top secret government projects and the human guinea pigs who are being experimented on. One of the possibilities is that I have a microchip implanted into my brain, possibly when I was an infant. It may take a few years, a few decades, or even a few centuries before mind reading is finally brought to light before the general public. I would like to invite neuroscientists, engineers and physicists to speak on the scientific explanation behind mind intrusion and mind reading. Please remember what Singapore Citizen Mr. Teo En Ming (Zhang Enming) have said. Mark my words. You will know the truth in future. It is no longer a conspiracy theory. I can affirm that it (mind intrusion and mind reading) is indeed happening to me. Yours truly, Singapore Citizen Mr. Teo En Ming (Zhang Enming) Dip(Mechatronics)(Singapore Polytechnic) BEng(Hons)(Mechanical Engineering)(National University of Singapore) Singapore Identity Card No/NRIC: S78*6*2*H Toa Payoh Lorong 5, Singapore Mobile Phone: +65-8369-2618 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Why would RSA_size() crash?
Thanks to those who answered. It was a simple goof using std::string's substr() method; I was treating the second parameter as the end position rather than the character count, thus lopping off some essential characters and causing the failure. It works now.