Re: [openssl-users] GCM cipher decryption
Hi, Quick answer : as you probably noticed, IV, ciphertext and tag are expected to be distinct buffers. Consequently, ciphertext is just ciphertext (without IV or Tag). Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de c.hol...@ades.at Envoyé : mardi 12 juillet 2016 17:48 À : openssl-users@openssl.org Objet : [openssl-users] GCM cipher decryption Hi! 2 questions about GCM and the following OpenSSL-Sample please. https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti on#Authenticated_Decryption_using_GCM_mode and the function int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad, int aad_len, unsigned char *tag, unsigned char *key, unsigned char *iv, unsigned char *plaintext) * Is ciphertext the pure ciperhtext OR is it with IV and TAG still in the string?? * If the 2nd: The IV is expected to be in front of the ciphertext and the TAG is expected to be past of the ciphertext - correct? | IV | ciphertext | TAG | thanks! Christoph -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS canister 2.0.12 and 186-4
> Does 2.0.12 support 186-4 ? Specifically, does it support the RSA > requirements ? No. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] GCM cipher decryption
Hi! 2 questions about GCM and the following OpenSSL-Sample please. https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_GCM_mode and the function int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad, int aad_len, unsigned char *tag, unsigned char *key, unsigned char *iv, unsigned char *plaintext) * Is ciphertext the pure ciperhtext OR is it with IV and TAG still in the string?? * If the 2nd: The IV is expected to be in front of the ciphertext and the TAG is expected to be past of the ciphertext - correct? | IV | ciphertext | TAG | thanks! Christoph -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS canister 2.0.12 and 186-4
Hello, Does 2.0.12 support 186-4 ? Specifically, does it support the RSA requirements ? Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Facing issue while configuring SSL
Hi, Even i tried after putting the libeay32.dll and ssleay32.dll after downloading from the sites like https://indy.fulgan.com/SSL/ But still i am getting the same error: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"] java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process) Even tried after putting the Apache Web server dll's just to test but that also not work as for apache everything is working so just randomly test it. Any other suggestion? Thanks, Devendra On Tue, Jul 12, 2016 at 3:12 PM, Jakob Bohmwrote: > On 12/07/2016 10:55, Devendra Sengar wrote: > > Hi, > > This is regarding the configuration of Tomcat SSL using the APR library on > Java 6. > > While starting the server I am getting the below error: > > SEVERE: Failed to initialize end point associated with ProtocolHandler > ["http-apr-443"] > java.lang.Exception: Unable to load certificate key conf/localhost-key.pem > (error:02001003:system library:fopen:No such process) > > Not sure if Tomcat is using OpenSSL or not... > > I am trying to implement SSL using independent libraries for OpenSSL, > Tomcat Native and Apache Portable Runtime. > > I have downloaded precompiled versions of OpenSSL and Tomcat Native (see > them attached). I have tried compiling the Apache Portable Runtime using > Visual Studio (find it also attached). > > I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for > Windows (using the 64-bit distro, not the installer one). > > We are restricted by our applicatioin to use Oracle Java 6 Updated 115 > 64-bit. > > That is really unfortunate, given that I don't think there > are current security updates for Java 1.6 (maybe there is > if you pay Oracle for an expensive license/subscription). > > > The versions of the libraries I am using are the latest available online, > again see the binaries attached. > > The parameters used in the server.xml file are: > > For Tomcat 7.0.6: > protocol="org.apache.coyote.http11.Http11AprProtocol" >port="443" maxThreads="200" >scheme="https" secure="true" SSLEnabled="true" >SSLCertificateFile="conf/localhost-cert.pem" >SSLCertificateKeyFile="conf/localhost-key.pem" >SSLCertificateChainFile="conf/ca.crt" >SSLVerifyClient="optional" SSLProtocol="TLSv1" >SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> > > For Tomcat 7.0.70 > > protocol="org.apache.coyote.http11.Http11AprProtocol" >port="443" maxThreads="200" >scheme="https" secure="true" SSLEnabled="true" >SSLCertificateFile="conf/localhost-cert.pem" >SSLCertificateKeyFile="conf/localhost-key.pem" >SSLCertificateChainFile="conf/ca.crt" >SSLVerifyClient="optional" SSLProtocol="TLSv1_2" >SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> > > The library files are in the tomcat bin folder as openssl.exe, > tcnative-1.dll and libapr-1.dll. > > tcnative-1.dll: > https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing > openssl.exe: > https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing > libapr-1.dll: > https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing > > openssl.exe is not the library, it is a command line tool for > doing various things (such as requesting certificates, converting > key file formats etc.) > > The library consists of two files with .dll file extension, > libeay32.dll for basic crypto and ssleay32.dll for the actual > SSL/TLS code. > > > The same certificates files mentioned in the server.xml file were used and > work in a brand new Apache web server. > > Please let us know your opinion of what can cause those errors? > > Can it be because of a APR dll not compiled properly? > > Any other idea? > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Facing issue while configuring SSL
On 12/07/2016 10:55, Devendra Sengar wrote: Hi, This is regarding the configuration of Tomcat SSL using the APR library on Java 6. While starting the server I am getting the below error: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"] java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process) Not sure if Tomcat is using OpenSSL or not... I am trying to implement SSL using independent libraries for OpenSSL, Tomcat Native and Apache Portable Runtime. I have downloaded precompiled versions of OpenSSL and Tomcat Native (see them attached). I have tried compiling the Apache Portable Runtime using Visual Studio (find it also attached). I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using the 64-bit distro, not the installer one). We are restricted by our applicatioin to use Oracle Java 6 Updated 115 64-bit. That is really unfortunate, given that I don't think there are current security updates for Java 1.6 (maybe there is if you pay Oracle for an expensive license/subscription). The versions of the libraries I am using are the latest available online, again see the binaries attached. The parameters used in the server.xml file are: For Tomcat 7.0.6: For Tomcat 7.0.70 The library files are in the tomcat bin folder as openssl.exe, tcnative-1.dll and libapr-1.dll. tcnative-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing openssl.exe: https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing libapr-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing openssl.exe is not the library, it is a command line tool for doing various things (such as requesting certificates, converting key file formats etc.) The library consists of two files with .dll file extension, libeay32.dll for basic crypto and ssleay32.dll for the actual SSL/TLS code. The same certificates files mentioned in the server.xml file were used and work in a brand new Apache web server. Please let us know your opinion of what can cause those errors? Can it be because of a APR dll not compiled properly? Any other idea? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Difference between re-negotiate APIs
Hi I find there are 2 APIs for SSL renegotiation. SSL_renegotiate and SSL_renegotiate_abbreviate. What is the difference between them? Thanks Darshan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Facing issue while configuring SSL
Hi, This is regarding the configuration of Tomcat SSL using the APR library on Java 6. While starting the server I am getting the below error: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"] java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process) I am trying to implement SSL using independent libraries for OpenSSL, Tomcat Native and Apache Portable Runtime. I have downloaded precompiled versions of OpenSSL and Tomcat Native (see them attached). I have tried compiling the Apache Portable Runtime using Visual Studio (find it also attached). I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using the 64-bit distro, not the installer one). We are restricted by our applicatioin to use Oracle Java 6 Updated 115 64-bit. The versions of the libraries I am using are the latest available online, again see the binaries attached. The parameters used in the server.xml file are: For Tomcat 7.0.6: For Tomcat 7.0.70 The library files are in the tomcat bin folder as openssl.exe, tcnative-1.dll and libapr-1.dll. tcnative-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing openssl.exe: https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing libapr-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing The same certificates files mentioned in the server.xml file were used and work in a brand new Apache web server. Please let us know your opinion of what can cause those errors? Can it be because of a APR dll not compiled properly? Any other idea? Thanks, Devendra -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users