Re: [openssl-users] GCM cipher decryption

2016-07-12 Thread Michel 
Hi,

Quick answer : as you probably noticed, IV, ciphertext and tag are expected
to be distinct buffers.
Consequently, ciphertext is just ciphertext (without IV or Tag).

Regards,

Michel.

-Message d'origine-
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
c.hol...@ades.at
Envoyé : mardi 12 juillet 2016 17:48
À : openssl-users@openssl.org
Objet : [openssl-users] GCM cipher decryption

Hi!

2 questions about GCM and the following OpenSSL-Sample please.

https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti
on#Authenticated_Decryption_using_GCM_mode

and the function

int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char
*aad, int aad_len, unsigned char *tag, unsigned char *key, unsigned char
*iv, unsigned char *plaintext)

* Is ciphertext the pure ciperhtext OR
is it with IV and TAG still in the string??

* If the 2nd: The IV is expected to be in front of the ciphertext and the
TAG is expected to be past of the ciphertext - correct?
| IV | ciphertext | TAG |

thanks!
Christoph
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS canister 2.0.12 and 186-4

2016-07-12 Thread Wall, Stephen 
> Does 2.0.12 support 186-4 ?  Specifically, does it support the RSA
> requirements  ?

No.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] GCM cipher decryption

2016-07-12 Thread c.hol...@ades.at 

Hi!

2 questions about GCM and the following OpenSSL-Sample please.

https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_GCM_mode

and the function

int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char 
*aad, int aad_len, unsigned char *tag, unsigned char *key, unsigned char 
*iv, unsigned char *plaintext)



* Is ciphertext the pure ciperhtext OR
is it with IV and TAG still in the string??

* If the 2nd: The IV is expected to be in front of the ciphertext and 
the TAG is expected to be past of the ciphertext - correct?

| IV | ciphertext | TAG |

thanks!
Christoph
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS canister 2.0.12 and 186-4

2016-07-12 Thread jonetsu 
Hello,

Does 2.0.12 support 186-4 ?  Specifically, does it support the RSA requirements 
 ?

Thanks.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Facing issue while configuring SSL

2016-07-12 Thread Devendra Sengar 
Hi,

Even i tried after putting the libeay32.dll and ssleay32.dll after
downloading from the sites like https://indy.fulgan.com/SSL/
But still i am getting the same error:

SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-apr-443"]
java.lang.Exception: Unable to load certificate key conf/localhost-key.pem
(error:02001003:system library:fopen:No such process)

Even tried after putting the Apache Web server dll's just to test but that
also not work as for apache everything is working so just randomly test it.

Any other suggestion?

Thanks,
Devendra

On Tue, Jul 12, 2016 at 3:12 PM, Jakob Bohm  wrote:

> On 12/07/2016 10:55, Devendra Sengar wrote:
>
> Hi,
>
> This is regarding the configuration of Tomcat SSL using the APR library on
> Java 6.
>
> While starting the server I am getting the below error:
>
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-apr-443"]
> java.lang.Exception: Unable to load certificate key conf/localhost-key.pem
> (error:02001003:system library:fopen:No such process)
>
> Not sure if Tomcat is using OpenSSL or not...
>
> I am trying to implement SSL using independent libraries for OpenSSL,
> Tomcat Native and Apache Portable Runtime.
>
> I have downloaded precompiled versions of OpenSSL and Tomcat Native (see
> them attached). I have tried compiling the Apache Portable Runtime using
> Visual Studio (find it also attached).
>
> I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for
> Windows (using the 64-bit distro, not the installer one).
>
> We are restricted by our applicatioin to use Oracle Java 6 Updated 115
> 64-bit.
>
> That is really unfortunate, given that I don't think there
> are current security updates for Java 1.6 (maybe there is
> if you pay Oracle for an expensive license/subscription).
>
>
> The versions of the libraries I am using are the latest available online,
> again see the binaries attached.
>
> The parameters used in the server.xml file are:
>
> For Tomcat 7.0.6:
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>port="443" maxThreads="200"
>scheme="https" secure="true" SSLEnabled="true"
>SSLCertificateFile="conf/localhost-cert.pem"
>SSLCertificateKeyFile="conf/localhost-key.pem"
>SSLCertificateChainFile="conf/ca.crt"
>SSLVerifyClient="optional" SSLProtocol="TLSv1"
>SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>
>
> For Tomcat 7.0.70
>
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>port="443" maxThreads="200"
>scheme="https" secure="true" SSLEnabled="true"
>SSLCertificateFile="conf/localhost-cert.pem"
>SSLCertificateKeyFile="conf/localhost-key.pem"
>SSLCertificateChainFile="conf/ca.crt"
>SSLVerifyClient="optional" SSLProtocol="TLSv1_2"
>SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>
>
> The library files are in the tomcat bin folder as openssl.exe,
> tcnative-1.dll and libapr-1.dll.
>
> tcnative-1.dll:
> https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing
> openssl.exe:
> https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing
> libapr-1.dll:
> https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing
>
> openssl.exe is not the library, it is a command line tool for
> doing various things (such as requesting certificates, converting
> key file formats etc.)
>
> The library consists of two files with .dll file extension,
> libeay32.dll for basic crypto and ssleay32.dll for the actual
> SSL/TLS code.
>
>
> The same certificates files mentioned in the server.xml file were used and
> work in a brand new Apache web server.
>
> Please let us know your opinion of what can cause those errors?
>
> Can it be because of a APR dll not compiled properly?
>
> Any other idea?
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Facing issue while configuring SSL

2016-07-12 Thread Jakob Bohm 

On 12/07/2016 10:55, Devendra Sengar wrote:

Hi,

This is regarding the configuration of Tomcat SSL using the APR 
library on Java 6.


While starting the server I am getting the below error:

SEVERE: Failed to initialize end point associated with ProtocolHandler 
["http-apr-443"]
java.lang.Exception: Unable to load certificate key 
conf/localhost-key.pem (error:02001003:system library:fopen:No such 
process)



Not sure if Tomcat is using OpenSSL or not...

I am trying to implement SSL using independent libraries for OpenSSL, 
Tomcat Native and Apache Portable Runtime.


I have downloaded precompiled versions of OpenSSL and Tomcat Native 
(see them attached). I have tried compiling the Apache Portable 
Runtime using Visual Studio (find it also attached).


I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit 
for Windows (using the 64-bit distro, not the installer one).


We are restricted by our applicatioin to use Oracle Java 6 Updated 115 
64-bit.



That is really unfortunate, given that I don't think there
are current security updates for Java 1.6 (maybe there is
if you pay Oracle for an expensive license/subscription).

The versions of the libraries I am using are the latest available 
online, again see the binaries attached.


The parameters used in the server.xml file are:

For Tomcat 7.0.6:


For Tomcat 7.0.70



The library files are in the tomcat bin folder as openssl.exe, 
tcnative-1.dll and libapr-1.dll.


tcnative-1.dll: 
https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing
openssl.exe: 
https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing
libapr-1.dll: 
https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing



openssl.exe is not the library, it is a command line tool for
doing various things (such as requesting certificates, converting
key file formats etc.)

The library consists of two files with .dll file extension,
libeay32.dll for basic crypto and ssleay32.dll for the actual
SSL/TLS code.



The same certificates files mentioned in the server.xml file were used 
and work in a brand new Apache web server.


Please let us know your opinion of what can cause those errors?

Can it be because of a APR dll not compiled properly?

Any other idea?



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Difference between re-negotiate APIs

2016-07-12 Thread Mody, Darshan (Darshan) 
Hi

I find there are 2 APIs for SSL renegotiation. SSL_renegotiate and 
SSL_renegotiate_abbreviate.

What is the difference between them?

Thanks
Darshan
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Facing issue while configuring SSL

2016-07-12 Thread Devendra Sengar 
Hi,

This is regarding the configuration of Tomcat SSL using the APR library on
Java 6.

While starting the server I am getting the below error:

SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-apr-443"]
java.lang.Exception: Unable to load certificate key conf/localhost-key.pem
(error:02001003:system library:fopen:No such process)

I am trying to implement SSL using independent libraries for OpenSSL,
Tomcat Native and Apache Portable Runtime.

I have downloaded precompiled versions of OpenSSL and Tomcat Native (see
them attached). I have tried compiling the Apache Portable Runtime using
Visual Studio (find it also attached).

I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for
Windows (using the 64-bit distro, not the installer one).

We are restricted by our applicatioin to use Oracle Java 6 Updated 115
64-bit.

The versions of the libraries I am using are the latest available online,
again see the binaries attached.

The parameters used in the server.xml file are:

For Tomcat 7.0.6:


For Tomcat 7.0.70



The library files are in the tomcat bin folder as openssl.exe,
tcnative-1.dll and libapr-1.dll.

tcnative-1.dll:
https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing
openssl.exe:
https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing
libapr-1.dll:
https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing


The same certificates files mentioned in the server.xml file were used and
work in a brand new Apache web server.

Please let us know your opinion of what can cause those errors?

Can it be because of a APR dll not compiled properly?

Any other idea?

Thanks,
Devendra
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users