Re: test/heartbleed_test.c
On 20 May 2014 06:40, The Doctor,3328-138 Ave Edmonton AB T5Y 1M4,669-2000,473-4587 doc...@doctor.nl2k.ab.ca wrote: Found that strndup would not work. I had to add #if !HAVE_STRNDUP #include stdio.h #include string.h #include sys/types.h #include malloc.h /* Find the length of STRING, but scan at most MAXLEN characters. If no '\0' terminator is found in that many characters, return MAXLEN. */ size_t strnlen (const char *string, size_t maxlen) { const char *end = memchr (string, '\0', maxlen); return end ? end - string : maxlen; } char * strndup (const char *s, size_t n) { size_t len = strnlen (s, n); char *new = malloc (len + 1); if (new == NULL) return NULL; new[len] = '\0'; return memcpy (new, s, len); } #endif Please see how you can add this. There is already a strndup replacement: BUF_strndup(). Switching to use that would be better. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: test/heartbleed_test.c
On 20 May 2014 15:17, Ken Goldman kgold...@us.ibm.com wrote: On 5/20/2014 7:24 AM, Ben Laurie wrote: There is already a strndup replacement: BUF_strndup(). Switching to use that would be better. However - if that function points to strndup, don't you still have the problem if strndup doesn't exist? It doesn't. - if that function is a reimplementation of strndup, don't you lose any optimizations that the tool chain strndup might have made? Yes, you do. I guess if anyone really cares (its not actually used much), then it would be possible to work around. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL doesn't treat RFC 3280 validations as an error?
On 13 November 2013 10:35, Igor Sverkos igor.sver...@googlemail.com wrote: According to RFC 3280, which defines X.509 certficates, these entries, if they exist, must not have an empty value. FWIW, RFC 3280 has been obsoleted by RFC 5280. I couldn't find where it said this in RFC 5280. Pointer? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: redirected input to s_client on Windows: Any trick to avoid the keypress?
On 3 October 2013 22:14, Jeff Trawick traw...@gmail.com wrote: E.g., run echo GET / | openssl s_client -connect host:port It does the handshake then stalls until you press a key (which will be left unused in the buffer when openssl exits), then it sends the input. I guess the kbhit() in the s_client code is what is waking it up. I've played around with various command-line arguments but haven't found one to bypass the issue. (Windows Server 2008R2, openssl 1.0.1e bindist) I'm guessing this is a windows bug, since it works fine for me on FreeBSD. -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: not fork-safe if pids wrap (was Re: DLL hell)
On 21 August 2013 03:19, Patrick Pelletier c...@funwithsoftware.org wrote: On 8/15/13 11:51 PM, Patrick Pelletier wrote: On Aug 15, 2013, at 10:38 PM, Nico Williams wrote: Hmm, I've only read the article linked from there: http://android-developers.**blogspot.com/2013/08/some-** securerandom-thoughts.htmlhttp://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html Yeah, that's the only place I've seen it, and then the Google+ thread I linked to is essentially the comment area for that post. We (meaning those of us commenting in the thread) haven't gotten any official answer from Google, but Nikolay Elenkov has been very helpful in reconstructing what seems to be happening. We've exchanged a few more posts this evening, and it appears that what's happening is that OpenSSL is correctly self-seeding when system_server starts, but then system_server forks (without execing) to start multiple processes, and these processes are producing the same random sequence. It's not yet entirely clear why, since the OpenSSL source code looks like it's trying to be fork-safe, but it appears that somehow in practice it's not succeeding. s/system_server/zygote/ So, it appears that the problem is that since OpenSSL merely mixes in the pid to the existing random state, once the pids wrap, you will have had two processes that have generated the exact same random sequence, since they started with the same state (before the fork) and mixed in the same thing (the pid) after the fork, resulting in the same output. (This is in contrast to the approach of comparing the old and new pids, and doing a full reseed from /dev/urandom if they differ, which is what is done by Nick Mathewson's preliminary but already excellent-looking libottery.) Nikolay Elenkov wrote a proof-of-concept that shows the pid-wrapping bug on Android, and then I took it one step further and wrote a proof-of-concept using OpenSSL in C, demonstrating that this is an underlying OpenSSL bug: https://gist.github.com/**ppelleti/6290984https://gist.github.com/ppelleti/6290984 An easy way to work around this, if you don't mind linking against pthreads, is to do this at the start of your application, after initializing OpenSSL: typedef void (*voidfunc) (void); if (ENGINE_get_default_RAND () == NULL) pthread_atfork (NULL, (voidfunc) RAND_poll, (voidfunc) RAND_poll); But, of course, this ought to eventually be fixed in OpenSSL itself. (By using the pid-comparison trick that libottery uses, rather than just mixing in the pid.) I'm happy to submit a patch, if we think there's a good chance it would be considered? Something needs to be done, but won't this re-introduce the problem of /dev/random starvation, leading to more use of /dev/urandom (on platforms where this is a problem)? Mixing in the time seems like a safer solution that should also fix the problem. Possibly only when the PID changes. --Patrick __**__**__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: weird bug
Try write_data( file_, data, strlen(data) + 1, mykey); On 16 August 2013 03:34, Ztatik Light ztatik.li...@gmail.com wrote: ps, yes, line 29 is a mistake and should read: char new_filename[strlen( filename ) + 5]; But even with that fix i get the same results On Fri, Aug 16, 2013 at 2:27 AM, Ztatik Light ztatik.li...@gmail.comwrote: maybe not - still confused On Fri, Aug 16, 2013 at 2:21 AM, Ztatik Light ztatik.li...@gmail.comwrote: strange i think it has something to do with me using rb and wb instead of r and w... On Fri, Aug 16, 2013 at 2:14 AM, Ztatik Light ztatik.li...@gmail.comwrote: So, I'm having a really weird issue... i'm trying simple file encryption/decryption with BIO_*, but if the encrypted file is in a subdirectory.. i get garbage data, I'll post the code i'm using, with a brief elaboration on how i'm using it and what behaviour i'm getting: /// /* Example of ssl read and write to a file gcc ssl_write_read.c -lssl ./a.out */ #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h int read_whole_file( char* filename, char** data ){ FILE* file = fopen( filename, rb ); fseek( file, 0, SEEK_END ); long fileSize = ftell( file ); rewind( file ); *data = malloc( fileSize ); fread( *data, fileSize, 1, file ); fclose( file ); return fileSize; } void encrypt_file( char* filename ){ char new_filename[strlen( filename + 4 )]; strcpy( new_filename, filename ); strcat( new_filename, .enc ); char* data; int fileSize = read_whole_file( filename, data ); write_data( new_filename, data, fileSize, (unsigned char*)mykey ); free( data ); } int write_data(const char *filename, char *out, int len, unsigned char *key) { int total, written; BIO *cipher, *buffer, *file; /* Create a buffered file BIO for writing */ file = BIO_new_file(filename, wb); if (!file) return 0; /* Create a buffering filter BIO to buffer writes to the file */ buffer = BIO_new(BIO_f_buffer( )); /* Create a base64 encoding filter BIO */ // b64 = BIO_new(BIO_f_base64( )); /* Create the cipher filter BIO and set the key. The last parameter of BIO_set_cipher is 1 for encryption and 0 for decryption */ cipher = BIO_new(BIO_f_cipher( )); BIO_set_cipher(cipher, EVP_des_ede3_cbc( ), key, NULL, 1); /* Assemble the BIO chain to be in the order cipher-b64-buffer-file */ // BIO_push(cipher, b64); // BIO_push(b64, buffer); BIO_push(cipher,buffer); BIO_push(buffer, file); /* This loop writes the data to the file. It checks for errors as if the underlying file were non-blocking */ for (total = 0; total len; total += written) { if ((written = BIO_write(cipher, out + total, len - total)) = 0) { if (BIO_should_retry(cipher)) { written = 0; continue; } break; } } /* Ensure all of our data is pushed all the way to the file */ BIO_flush(cipher); BIO_free_all(cipher); } BIO* decrypt_open( const char *filename, unsigned char *key ){ int total, written; BIO *cipher, *buffer, *file; //char *b = malloc(len); /* Create a buffered file BIO for reading */ file = BIO_new_file(filename, rb); if (!file) return 0; /* Create a buffering filter BIO to buffer writes to the file */ buffer = BIO_new(BIO_f_buffer( )); /* Create a base64 encoding filter BIO */ // b64 = BIO_new(BIO_f_base64( )); /* Create the cipher filter BIO and set the key. The last parameter of BIO_set_cipher is 1 for encryption and 0 for decryption */ cipher = BIO_new(BIO_f_cipher( )); BIO_set_cipher(cipher, EVP_des_ede3_cbc( ), key, NULL, 0); /* Assemble the BIO chain to be in the order cipher-b64-buffer-file */ // BIO_push(cipher, b64); // BIO_push(b64, buffer); BIO_push(cipher,buffer); BIO_push(buffer, file); return cipher; } char* decrypt_read( BIO* cipher, int len, char* b ){ int total, written; // char b[len + 1]; for (total = 0; total len; total += written) { if ((written = BIO_read(cipher, b, len - total)) = 0) { if (BIO_should_retry(cipher)) { written = 0; continue; } break; } } b[total] = '\0'; return b; } int main(void) { //chdir(subdirectory); char *file_=test.txt; char* data = howdy\n; write_data( file_, data, strlen(data), mykey); BIO* cipher = decrypt_open( file_, (unsigned char*)mykey ); char b[99]; decrypt_read( cipher, 99, b ); BIO_flush( cipher ); BIO_free_all( cipher ); printf(%s\n,b); //char* test=plain.txt; //encrypt_file(test); }
Re: RFC in OpenSSL
On 24 July 2013 08:57, Lionel Estrade lionel.estr...@myriadgroup.com wrote: Hello, I am looking for a SSL/TLS stack for a project based on CVP2 and I need to know if the following RFCs (which are required by CVP2) are fully/partially implemented in OpenSSL. RFC 4680 - TLS Handshake Messages for Supplemental Data RFC 5878 - TLS Authorization Extensions 5878 and 4680 are not consistent - I have errata against 5878. There is partial support for it, though. I expect to update it at some point. RFC - Authentication Credential Exchange Using TLS Supplemental Data The last one is still a draft, but perhaps have you foreseen to implement it in a near future. Regards, Lionel *** DISCLAIMER *** This message, including attachments, is intended solely for the addressee indicated in this message and is strictly confidential or otherwise privileged. If you are not the intended recipient (or responsible for delivery of the message to such person) : - (1) please immediately (i) notify the sender by reply email and (ii) delete this message and attachments, - (2) any use, copy or dissemination of this transmission is strictly prohibited. If you or your employer does not consent to Internet email messages of this kind, please advise Myriad Group AG by reply e-mail immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by Myriad Group AG unless otherwise indicated by an authorized representative independent of this message. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
On 18 April 2013 00:17, Jakob Bohm jb-open...@wisemo.com wrote: This sounds like a gross violation of the Postel principle. A principle that should be pretty much universally violated. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Are Openssl Random Number Generator NIST compliant ?
On 6 March 2013 03:55, Nayna Jain naynj...@in.ibm.com wrote: Hi all, Are RAND_seed(), RAND_add() NIST SP 800-151A compliant ? 800-151 does not appear to exist, got a link? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to specify an architecture for Configure?
On 20 January 2013 00:09, Jeffrey Walton noloa...@gmail.com wrote: Hi All, How does one specify and architecture for Configure? I don't think there is an approved way to do it in general. Probably you have to edit Configure to specify a new target. However, your problem appears to be that you can';t put CFLAGS= on the command line - you need to set it in the environment (i.e. Configure is not make!). openssl-1.0.1-stable-SNAP-20130119$ ./Configure linux-generic32 -no-sslv2 -no-sslv3 -no-comp -no-dso -no-hw --openssldir=/usr/local/ssl/linux-x86 CFLAGS=-march=i686 target already defined - linux-generic32 (offending arg: CFLAGS=-march=i686) openssl-1.0.1-stable-SNAP-20130119$ Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On 19 January 2013 16:31, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jan 19, 2013 at 9:17 AM, Ben Laurie b...@links.org wrote: On 26 December 2012 20:07, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote: On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org (http://xorg.freedesktop.org/releases/individual/util/). It would not build due to missing dependencies. Ad infinitum. $ port search makedepend makedepend @1.0.4 (x11, devel) Create dependencies in makefiles Ah, thanks Ben. I did not think to try MacPorts. BTW, commit a6bbbf2ff5580addb917a8b4f1160f90af91d268, when I push it, fixes this to use clang instead of makdepend (in master, I may update other branches, too). Thanks Ben. Let me know if you would like me to test it on modern Mac OS X, including iOS cross compile environment before you commit. I didn't make the corresponding change for cross compiles since I don't do those, though it should be trivial, I guess - do they also use cc? My eventual desire is to have configure targets for iphoneos, iphonesimulator, and macosx that use SYSROOT. The darwin targets will not be touched. I can then package the libraries, the headers and their tools (incore) into a Framework, and stop fighting Xcode and its Build Settings (including the cursed User Paths and System Paths). Its not so much me - its more for the organizations I work with. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On 26 December 2012 20:07, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote: On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org (http://xorg.freedesktop.org/releases/individual/util/). It would not build due to missing dependencies. Ad infinitum. $ port search makedepend makedepend @1.0.4 (x11, devel) Create dependencies in makefiles Ah, thanks Ben. I did not think to try MacPorts. BTW, commit a6bbbf2ff5580addb917a8b4f1160f90af91d268, when I push it, fixes this to use clang instead of makdepend (in master, I may update other branches, too). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL infrastructure changes
The sharp-eyed will have already noticed we're moving to git. Well, it looks like that's actually happened now. We're also shifting pretty much everything to new infrastructure. So, there may be outages, unexpected changes and general weirdness for a little while. We'll let you know when we're done. In the meantime, you can check out the git repo like this: git clone git://openssl.net/openssl Please let us know if you see anything weird. Happy New Year! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hardware solution for asymmetric decryption.
On Fri, Jan 4, 2013 at 9:58 AM, Tayade, Nilesh nilesh.tay...@netscout.com wrote: Hi, The RSA_private_decrypt() function is proved to be costlier on my system. I will try for some hardware cards (PCI or over the network), which will help me perform asymmetric decryption in case of Premaster-decryption. I am looking at information on Thales nShield, SafeNet Luna devices. Could someone share any experience on any other products? Any pointers if Intel provides any RSA APIs which are optimized for Intel CPUs? In my experience the best value for money, by far, is more CPUs. OpenSSL is already pretty highly optimised for Intel CPUs (assuming you configure the build correctly). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Conditionally Patching output of Makefile from Configure?
On Wed, Jan 2, 2013 at 8:34 AM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Dec 31, 2012 at 7:00 AM, Ben Laurie b...@links.org wrote: On Mon, Dec 31, 2012 at 11:39 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote: On 30-12-2012 21:01, Jeffrey Walton wrote: Configure should test `makeddepend`. If 'makedepend' succeeds, do nothing. If 'makedepend' fails, it should patch the resulting Makefile with MAKEDEPEND=$(CC) -M' on Apple platforms. That's the behavior I am looking for. and the Makefile.org are available online for inspection. http://cvs.openssl.org/fileview?f=openssl/Configurev=1.621.2.37.2.32.2.11 http://cvs.openssl.org/fileview?f=openssl/Makefile.orgv=1.295.2.10.2.11.2.3 According to my reading of Configure (in 1.0.1 at least) it should already change makedepend to $cc, which should be specified by the platform. Not sure why it appears not to! I'm in a cross-compile environment. Perhaps its due to grepping for ^gcc, while OS X will have llvm-gcc? Its just speculation since I did not see that in 'config' and 'Configure' when I looked. The relevant line is: s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq gcc; __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Conditionally Patching output of Makefile from Configure?
On Mon, Dec 31, 2012 at 11:39 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote: On 30-12-2012 21:01, Jeffrey Walton wrote: Hi All, While working on Apple with Mac OS X and iOS, I found I needed to patch OpenSSL 1.0.1c's Makefile. Makefile.org has the following line, and it was copied directly into Makefile by Configure: MAKEDEPPROG=makedepend When the Configure target is iphoneos (cross), iphonesimulator (cross), or macosx (native), I need a different statement: MAKEDEPPROG=$(CC) -M I've looked at Configure, but I have no clue on the best way to handle the support/additions needed. Can anyone offer some advice? I have found the script build.sh from https://github.com/st3fan/ios-openssl to work nicely for iOS builds of 1.0.1c with no patching of openssl. (Admitted, I did adapt the script for our environment) Thanks Jakob. I got to rest up last night and my mind is fresh (for what that's worth). So here's a more concise request. Keep in mind that Configure is a PERL script, and I have no practical PERL experience. Configure should test `makeddepend`. If 'makedepend' succeeds, do nothing. If 'makedepend' fails, it should patch the resulting Makefile with MAKEDEPEND=$(CC) -M' on Apple platforms. That's the behavior I am looking for. and the Makefile.org are available online for inspection. http://cvs.openssl.org/fileview?f=openssl/Configurev=1.621.2.37.2.32.2.11 http://cvs.openssl.org/fileview?f=openssl/Makefile.orgv=1.295.2.10.2.11.2.3 According to my reading of Configure (in 1.0.1 at least) it should already change makedepend to $cc, which should be specified by the platform. Not sure why it appears not to! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org (http://xorg.freedesktop.org/releases/individual/util/). It would not build due to missing dependencies. Ad infinitum. $ port search makedepend makedepend @1.0.4 (x11, devel) Create dependencies in makefiles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: I can't believe how much this sucks
On Tue, Nov 13, 2012 at 6:34 PM, Sanford Staab sanfo...@gmail.com wrote: I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing from the docs with INCOMPLETE everywhere. (see this link for one of the 900k+ hits on a google search of “openssl+docs+suck” for how much hell you guys are putting people through trying to figure out this tool) openssl is used all over the world by tons of people (so I feel dumb having problems here – but I know from Google I am not alone.) but it is just unbelievable to me that the docs remain so terse and useless for so many years. I have sent email to this alias previously asking how I can help with this. It seems to me there should be an openssl docs forum where content from this eventually finds its way into the online docs themselves. A tool is only as good as people are able to use it. So let me get specific here – one simple specific question (of many that I have) that has me clueless: The command of: openssl s_client -connect www.pawnmasterpro.com:443 -CApath ssl\certs -cert ssl\certs\client_1.crt -key ssl\keys\client_1.key -pass file:ssl\keys\Client_1_pwd.txt results in output containing: No client certificate CA names sent This seems straightforward: the client expects a list of acceptable CAs for the client certificate it should send. It got none. I suspect the reason is that you haven't required client verification in the context in which Apache is answering - it seems to be only enabled for certain URLs... from the docs for the s_client command, –cert option says: -cert certname The certificate to use, if one is requested by the server. The default is not to use a certificate. My guess from this is that this command is referring to the CLIENT SSL certificate - no? If my assumption is correct, then why am I getting this error? Or is this a notification of something normal and I should be looking elsewhere? I have checked the Apache httpd-ssl.cnf file I am using and verified that all the certificate related parts are filled in and I have verified the integrity of all the certificates referenced by it. I have been able to do straight one-way SSL with the server as well with both IE and Chrome browsers. Two-way SSL fails with the server logs indicating that the client “refused” the connection. I am using a self-signed CA which was used to sign the server certificate__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DES3 encryption with padding
On Wed, Oct 17, 2012 at 9:52 AM, Brent Evans brentevan...@gmail.com wrote: Hi, I'm currently trying to use the openSSL library to perform DES3 encryption on a string. The result from this encryption then has a base64 operation performed on it, before this is passed to a Java application to decode the base64 and unencrypt it. In the implementation below PKCS#5 padding is applied to the string before it is encrypted. The strange thing at the moment as that the DES3 encryption is returning extra, 'unexpected' data. This results in the base64 returning an incorrect result, however if I only base64 up until the first line termination (\n) then the base64 operation will return the correct string, with the Java application then successfully unbasing and decoding it. Any ideas? Yeah. You pass outtext to the string constructor. Where do you think the NUL terminator will be? Also - why are you using ECB mode? Not generally a good idea. std::string encrypt(const std::string plainText) { int dif = 8 - (plainText.length() % 8); int length = (plainText.length() + dif); char *outtext = new char[length]; // pad the string so that it conforms to PKCS#5 char padChar = static_castunsigned char(dif); std::string padStr; padStr.assign(dif, padChar); std::string unencryptedStr = plainText; unencryptedStr += padStr; DES_key_schedule ksched1; DES_key_schedule ksched2; DES_key_schedule ksched3; DES_set_key((DES_cblock *)abcdefgh, ksched1); DES_set_key((DES_cblock *)ijklmnop, ksched2); DES_set_key((DES_cblock *)qrstuvwx, ksched3); for (int i = 0; i length; i += 8) { DES_ecb3_encrypt((DES_cblock *)(unencryptedStr.c_str() + i), (DES_cblock *)(outtext + i), ksched1, ksched2, ksched3, DES_ENCRYPT); } std::string result = std::string(outtext); return result; } Thanks, Brent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills charl...@mcn.org wrote: I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? Comments? You don't say what you're trying to achieve! But whatever it is, none of the above makes a lot of sense - anyone can make a cert with whatever subject and alternate names they want... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL on beagleboard
On Fri, Aug 24, 2012 at 2:18 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Aug 23, 2012 at 9:06 PM, Paulo Roberto bad_boy_...@hotmail.com wrote: Hello, I am using the package libssl-dev on ubuntu in my beagleboard xm, and I have to run two C algorithms using the openSSL library.. Although I can't compile using the command: gcc test.c -lssl -o test. It seems the compiler isn't recognizing the -lssl command. You really need to show the error, I doubt it is not recognizing it. Does someone know how to solve this? Do I have to set some path, or something like that? You might do, use -L for this. You specify linker commands (such as libraries) at the very end of the compiler drive command. From the g++ man pages (around line 25): ...the placement of the -l option is significant. Significant relative to .o and other libraries, not to the output file, so this should make no difference. gcc test.c -o test -lssl You might also want to add -Wl,-Bstatic unless you want to do the shared object thing. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL DES generates '\n' in encrypted code
On Tue, Aug 21, 2012 at 2:14 PM, Charles Mills charl...@mcn.org wrote: Actually, there IS *almost* a general solution to this problem. The input consists of characters from some set of 'n' characters. (Perhaps 'n' is 94 -- 0x21 through 0x7e inclusive -- but it does not matter.) You need to pack those characters with maximum density. It's conceptually the easiest if 'n' is 64, but basically you convert each character to an integer from 0 to 'n', and multiply the first character's value times the second's times the third's, etc., until you have done all 24. You have a problem dealing with the leftover bits when you overflow whatever size integer your system supports, but it is a solvable problem. (Perhaps OpenSSL BN will help with this; I don't know.) Now you end up with a string of somewhat less than 24 bytes: 18 if 'n' is 6, 20 if n is 94. (Actually 19.2 bytes, which is going to be the problem.) Encrypt the 20 bytes (into 20 bytes). Now reverse the process: divide the result by 'n' and represent the remainder as one of your 'n' legal characters; repeat until you have converted the whole string. Unfortunately, because of that leftover .8 byte you are going to end up with 25 characters. *Almost* a solution. If you can figure out a way to encrypt 19.2 bytes into 19.2 bytes rather than 20 you have it solved. Doesn't CFB mode work at the bit level? Also, CTR mode can be used for partial bytes. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECC and OpenSSL version
On Tue, May 22, 2012 at 9:55 AM, Simner, John john.sim...@siemens-enterprise.com wrote: Dear all, I am working on an embedded product which currently uses OpenSSL 0.9.8w with FIPS support. I'm curious: what product is this? I had a quick poke around and couldn't find any mention of OpenSSL on Siemen's websites... We have received a request to support ECC and in particular the following cipher suites for ECC certification TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA. I can see from the header files for OpenSSL 0.9.8, the ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) have been defined so potentially could be used. However, from the OpenSSL change log, I can see there were many improvements/enhancements for ECC from 0.9.8n to 1.0.0. Have there been any improvements/enhancements on 0.9.8? As the embedded product must support FIPS, does anybody know whether OpenSSL 0.9.8 has sufficient functionality to pass ECC certification with these cipher suites? Or will I have to upgrade to OpenSSL 1.0.0 and wait for FIPS certification on OpenSSL 1.0.0 to be complete? Thank you for your assistance and I look forward to your responses. Thanks.. John John Simner BSc(Hons) MSc CEng. MIET Software Engineer Siemens Enterprise Communications Limited Tel: + 44 (0) 1908 817378 Please Note New Telephone number from 11/09/10: + 44 (0) 1908 817378 Email: john.sim...@siemens-enterprise.com www.siemens.co.uk/enterprise Communication for the open minded Siemens Enterprise Communications Limited. Registered office: Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Help me find the SSL wrapper/another solution
demos/state_machine demos/tunala On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote: Hello, I have to write non blocking SSL/TLS server based on the OpenSSL library. I couldn't find any example/tutorial with this. Please write me where can I find some client/server examples or simple OpenSSL wrapper that make me able to do it. Is it possible to use SSL_read/ SSL_write functions as non blocking functions? I found some examples based on BIO - do really have to do it this way? My problem is I have to kill thread that operate with several SSL connections gently without and the thread Can't be blocked by any function. Thank you very much for help and best regards, Marcin Glogowski Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna ul. Marszałkowska 78/80 / 00-517 Warszawa wpisana w Rejestrze Przedsiębiorców prowadzonym przez Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem: KRS 048901 / NIP 526-10-26-828 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w całości__ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Looking for (easy) help.
On Sat, May 12, 2012 at 12:15 AM, scott...@csweber.com wrote: Ahhh! So, a 15 byte block (or ends with a 15 byte after multiples of 16 bytes) would use a 0x01 in the last position...? And a whole multiple of 16 blocks would have an extra block filled with 0x0f's...? 0x10, actually. My initial testing now looks like I can get it to work. Thanks! -Scott Weber Original Message Subject: RE: Looking for (easy) help. From: Dave Thompson dthomp...@prinpay.com Date: Fri, May 11, 2012 3:45 pm To: openssl-users@openssl.org From: owner-openssl-us...@openssl.org On Behalf Of scott...@csweber.com Sent: Friday, 11 May, 2012 17:09 I manually padded the input in the C code with spaces. Then I manually padded the input file with spaces. Now both cleartexts are exactly 16 bytes long. The output from the openssl executable is now 32 bytes...? Where did it decide to do that? So, what do I decide how to pad? How far out do I pad it? The padding most cryptography uses and openssl commandline (and EVP_*) does is NOT spaces, it is a count of unused octets repeated. It was popularized by PKCS#5, see RFC 2898 6.1.1-2. Because the padding is always nonempty to avoid ambiguity, if the cleartext is an exact multiple of the blocksize, padding adds an extra block (and unpadding removes it). Marek showed you an example, although it's ambiguous because by coincidence his last plaintext byte was 0a (newline) and his padding bytes were also 0a (16-6=10). When you call AES_* (or DES_* etc) directly, you must add the padding on encrypt and remove it on decrypt yourself. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: McAfee Claims TLS Vulnerability
On Mon, Apr 30, 2012 at 12:45 PM, Dr. Stephen Henson st...@openssl.org wrote: On Sun, Apr 29, 2012, Mike Hoy wrote: We use McAfee to scan our website for vulnerabilities. They claim the following: Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available. I ran #openssl version and it says we are using OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. Do we need to upgrade our OpenSSL to upgrade our TLS/SSL server? Sorry if the question is way off-base but I am not a system administrator normally. This is new to me. We use CentOS and #yum install openssl claims it is already at the higest version. Any suggestions appreciated. FYI: this is most likely the BEAST attack it is referring to. BEAST only applies to CBC... Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: McAfee Claims TLS Vulnerability
On Mon, Apr 30, 2012 at 5:23 PM, Paul Suhler paul.suh...@quantum.com wrote: Perhaps it's related to CVE-2011-4576: https://kc.mcafee.com/corporate/index?page=contentid=KB75138actp=LIST and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Presumably - you'd hope that McAfee had the time/energy/skill to actually understand the issue, rather than just transcribe the CVE report... But apparently not. Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com Preserving the World's Most Important Data. Yours.T -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie Sent: Monday, April 30, 2012 1:32 AM To: openssl-users@openssl.org Subject: Re: McAfee Claims TLS Vulnerability On Sun, Apr 29, 2012 at 10:40 PM, Mike Hoy mho...@gmail.com wrote: We use McAfee to scan our website for vulnerabilities. They claim the following: Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available. What kind of crazy advice is this? -- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: McAfee Claims TLS Vulnerability
On Sun, Apr 29, 2012 at 10:40 PM, Mike Hoy mho...@gmail.com wrote: We use McAfee to scan our website for vulnerabilities. They claim the following: Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers. Apply patches if available. What kind of crazy advice is this? I ran #openssl version and it says we are using OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. Do we need to upgrade our OpenSSL to upgrade our TLS/SSL server? Sorry if the question is way off-base but I am not a system administrator normally. This is new to me. We use CentOS and #yum install openssl claims it is already at the higest version. Any suggestions appreciated. Thanks, -- Mike Hoy __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On Thu, Mar 29, 2012 at 5:40 AM, Prashanth kumar N prashanth.kuma...@gmail.com wrote: Thanks Ken for pointing out the mistake... after changing to AES_Decrypt(), it worked but i still see issue when i print the decrypted output as it has extra non-ascii characters in it. Below is the input unsigned char text[]=test12345678abc2; After decryption, i get the following string: Decrypted o/p: test12345678abc2Ȳu�z�B��� ��A��S�� You didn't encrypt the terminating NUL, so the decrypt is unterminated... Few questions... 1. If we use AES, will decrypted files have same number of bytes as encrypted file? (I assume it should be same) 2. When i did Google and found few examples on AES using CBC mode, many of them add extra buffer while decrypting ie., sample eg: unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; 10 unsigned char iv[] = {1,2,3,4,5,6,7,8}; 11 unsigned char outbuf[1024]; 12 unsigned char decrebuf[1024]; 13 int outlen,outlen2, tmplen; 14 unsigned char text[]=test12345678abc2; 15 char outfile[]= encfile; if(!EVP_EncryptUpdate(ctx, outbuf, outlen, intext, strlen(intext))) 26 { 27 /* Error */ 28printf(\n Error:EVP_EncryptUpdate ); 29return 0; 30} 31 32if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, tmplen)) 33 { 34 /* Error */ 35 printf(\n Error: EVP_EncryptFinal_ex); 36 return 0; 37 } EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); 45 46 if(!EVP_DecryptUpdate(ctx, decrebuf, outlen2, outbuf, outlen)) 47 { 48 printf(\n Error : EVP_DecryptUpdate); 49 return 0; 50 } EVP_DecryptFinal_ex(ctx, decrebuf + outlen2, tmplen ) Here i see even thought decrebuf is 1024, we still offset it by outlen and pass the address to Decrytpion function? 3. Why is it like we have to choose 1024 as array size... when i know my encryption text is only 16bytes. Any reasons? -Prashanth On Wed, Mar 28, 2012 at 7:29 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/28/2012 3:01 AM, Prashanth kumar N wrote: Here is the modified program [snip] 18 AES_KEY ectx; 19 AES_KEY dectx; 20 21 AES_set_encrypt_key(key, 256, ectx); 22 AES_encrypt(text, out, ectx); 23 24 printf(encryp data = %s\n, out); 25 26 AES_set_encrypt_key(key, 256, dectx); AES_set_decrypt_key() 27 AES_decrypt(out, decout, dectx); __**__** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On Tue, Mar 27, 2012 at 8:26 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. I also use the low level APIs, just because they were easier to find and understand in the source. I hope you both know what you're doing - using low-level APIs directly is unlikely to result in a secure construction unless you do.
Re: weak key check?
On Tue, Feb 21, 2012 at 5:47 PM, Chris Dodd d...@csl.sri.com wrote: On 02/19/2012 07:36 PM, anthony berglas wrote: Exactly. So you need about 112 bits of entropy / Pass Phrase to generate a good 2048 bit key. Remember that the vast majority of 2048 bit numbers are not valid key pairs. My question is, has this been done, or would it be easy to do given the existing structure. No, this is NOT true. While it is the case that a good 2048 bit RSA key gives you only about 112 bits of security, its not at all clear that you can generate such a good key from less than 2048 bits of entropy. Indeed, from the recently published Lenstra/Hughes attack, its clear that using 112 bits of entropy to generate an RSA key (of any length) cannot possibly give you more that 56 bits of security, and probably far less. Surely not. What is the attack, given my 112 bits of entropy and my single RSA key generated from it, that reduces security down to 56 bits? An upper bound for the amount of entropy used by the colliding devices could be derived, though. Very crudely, 2.3% of self-signed certs were colliding. So, it takes about 44 certs to produce a collision, so the total entropy is ~44^2 = ~2^11. In fact, I'm sure the pool for potential collisions is actually smaller, so we can be reasonably confident the devices had significantly less than 11 bits of entropy. That seems like a curable problem!!! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: weak key check?
On Tue, Feb 21, 2012 at 7:04 PM, Ben Laurie b...@links.org wrote: On Tue, Feb 21, 2012 at 5:47 PM, Chris Dodd d...@csl.sri.com wrote: On 02/19/2012 07:36 PM, anthony berglas wrote: Exactly. So you need about 112 bits of entropy / Pass Phrase to generate a good 2048 bit key. Remember that the vast majority of 2048 bit numbers are not valid key pairs. My question is, has this been done, or would it be easy to do given the existing structure. No, this is NOT true. While it is the case that a good 2048 bit RSA key gives you only about 112 bits of security, its not at all clear that you can generate such a good key from less than 2048 bits of entropy. Indeed, from the recently published Lenstra/Hughes attack, its clear that using 112 bits of entropy to generate an RSA key (of any length) cannot possibly give you more that 56 bits of security, and probably far less. Surely not. What is the attack, given my 112 bits of entropy and my single RSA key generated from it, that reduces security down to 56 bits? An upper bound for the amount of entropy used by the colliding devices could be derived, though. Very crudely, 2.3% of self-signed certs were colliding. So, it takes about 44 certs to produce a collision, so the total entropy is ~44^2 = ~2^11. In fact, I'm sure the pool for potential collisions is actually smaller, so we can be reasonably confident the devices had significantly less than 11 bits of entropy. Sigh. Sorry, this is not an upper bound - the 2.3% approximation yields a lower bound. So, bad calculation. I'm sure it can be done better, though! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question on OpenSSL encryption
On Sat, Jan 7, 2012 at 4:12 PM, Manish Jain invalid.poin...@gmail.com wrote: Hello Michael/Anyone Else, Can you be kind enough to please point me to some place/URL where I can get a bit more information about how the key is negotiated upon ? I have gone through a a couple of write-ups on OpenSSL which throw light upon everything else except for this vital piece of information. http://en.wikipedia.org/wiki/Transport_Layer_Security Thanks Regards Manish Jain On 07-Jan-12 19:23, Michael S. Zick wrote: On Sat January 7 2012, Manish Jain wrote: Hi, I am new to OpenSSL and am trying to prepare some illustrative documentation on how it works. AFAIK, OpenSSL uses the concept of a pair of keys per host : one is a private key which is never communicated to any other host, and the other is a public key which is transmitted to the peer (the other party). The client uses the public key of the server (contained in the server's certificate) to encrypt its communication, which can only be decrypted with the server's private key. Please correct me if I am wrong. That is the essence of what happens and by that the client knows that it is communicating with the server it intended to reach (authentication). Now the question is : when the server sends data to the client, what key does it use for encryption ? The general answer is: The client and server establish a shared key for that propose early in the protocol. Does the client communicate its public key to the server (at some initial stage) which the server uses for encryption ? If the communications set up between the two requires client authentication. In many cases the client remains a stranger to the server (un-authenticated). If yes, what if the client does not have a pair of public/private keys ? The usual case for public web browsing using https and some other protocols. The client remains a stranger to the server. The question arises because it does not seem logical that the server would its private key for encrypting data to be sent to the client. Else, snoopers who might have picked the public key could decrypt the data too. There is an early stage in nearly all protocols, called: key agreement where the client and server agree on a key without exchanging any of the 'private' information that it is based on. Any help on clearing up the above points would be greatly appreciated. My comments above are at a very general level. If the process was as simple as my answers, OpenSSL would not be as large a body of code as it is. ;-) Mike Thank you Regards Manish Jain invalid.poin...@gmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS 1.0 cracked...
On Fri, Sep 23, 2011 at 4:54 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Sep 23, 2011, Jakob Bohm wrote: Is openssl running out of bit values for SSL_OP_ constants? Well more ran out of contants. When a new flag was needed for TLS v1.2 all 32 bits were used but fortunately two ancient ones were never used by anything AFAIK so could be reassigned. There is one left now. It will need redoing at some point so more flags are available. Splitting it up into separate fields for bug workaround and protocol selection options is one possibility. Sounds like that last bit needs to be reserved for enable all future SSL_OP_ALL options. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS 1.0 cracked...
On Wed, Sep 21, 2011 at 3:48 PM, Thomas J. Hruska shineli...@shininglightpro.com wrote: The Register published an article yesterday that some people here might be interested in on TLS 1.0 being cracked: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ The Register points their Finger of Blame right at OpenSSL. Where are their patches? Of course, a lot of places then blew this out of proportion with headlines along the lines of, ZOMG! HTTPS/SSL Intertubes Hacked! i can haz your internets?!?! Right now, no one really knows anything about the research that is supposedly going to be published on Friday. -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Auto Reply: Various postings on the openssl mail list.
The offender was removed from the list earlier today :-) On Wed, Sep 14, 2011 at 3:41 PM, Jakob Bohm jb-open...@wisemo.com wrote: WARNING: The automatic vacation response mail system used by your coworker Mr. Lau is spamming a public mailing lists with its automatic responses. You may want to stop that software from running until it is fixed! On 9/14/2011 11:35 AM, wellen@oracle.com wrote: I am on off from work on 09/14. I will get back to your questions and concerns when I am back. If this is a critical issue, please contact Antonia Garcia [antonia.gar...@oracle.com] for immediate assistance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: r.e testing beta
Rodney Thayer wrote: I've tried one of the 0.9.8 snapshots and make test is failing, after running for an enormous amount of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz) Two questions: 1. what's the output supposed to look like, these days? Specifically, is it supposed to run a long time? I've had some incidents where a fresh build seems to get into a loop for make test. Unfortunately, every time I've considered nailing it down, its gone away. I haven't reported it yet, for lack of any concrete information. But if I'm not the only one... -- ApacheCon Europe http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding OpenSSL
Richard Levitte - VMS Whacker wrote: This kind of question should go to openssl-users@openssl.org, which is why I only send the response there. I'm surprised you bothered, given that he spammed every email address he could find. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Dual 64 32 libraries
Medi Montaseri wrote: ThanksI was particularly interested in FreeBSD amd64 which currently Configure does not support. I have since found that FreeBSD.org has a patch and they claim that OpenSSL code maintainers have been notified but openssl community has not included that on their recent releases. If anyone knows how to communicate that with OpenSSL maintainers, let me know or inform them please. Add it to the bug tracking system. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL (or alike) over UDP
Peter 'Luna' Runestig wrote: On Fri, 14 Jan 2005 21:10 pm, Eduardo Pérez wrote: Do you know if it's possible to use SSL (or some other protocol) over UDP running totally in user space. The OpenVPN project http://openvpn.net/ runs OpenSSL over UDP, works great. No, it doesn't. It uses SSL do bootstrap UDP connections. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Writing to a mem BIO instead of using SSL_Write
Henry Su wrote: Try to find some source code for EAP-TTLS or EAP-PEAP, these use mem BIO and SSL. You can try to read some source code FreeRadius or Open.1X. Good luck. Or mod_ssl in Apache 2. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Steps to use RSA for SSL
Joseph Bruni wrote: On Apr 11, 2004, at 1:44 PM, Garrett Kajmowicz wrote: They don't do quite the same thing. RSAPrivateKey_dup() et al. do not accept a const RSA*, they accept a RSA*. The i2d function, however, does accept a const RSA*, so I've resorted to that pair. I believe that the inconsistent use or lack of const is due to laziness of the programmers. I too hope that the project will mature in a number of ways: 1) proper declarations (const) 2) proper and complete documentation (elimination of broken symlinks in the man directories) 3) Removal of C preprocessor for generation of functions and types 4) Use of autoconf in a way that is consistent I'm seeing a number of companies aligning themselves with CDSA rather than OpenSSL. This includes funding. OpenSSL is a great library once you figure out how things work, but it's a steep learning curve. The lack of documentation is a huge issue. http://www.opengroup.org/security/l2-cdsa.htm So where are your patches, you lazy programmer? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FIPS mode
Steven Reddie wrote: Hi Steve, I take it that dynamically linking the FIPS OpenSSL into an executable means that the FIPS certification is void for that application. So as you have stated, static linking is required. However, if I'm producing a security library that uses OpenSSL and I statically link the FIPS OpenSSL into that security library but applications dynamically link against my security library what does this mean as far as the FIPS certification is concerned? IMO, if you can implement a check that the DSO matches the one you linked against (and that that matches the one compiled from the FIPS certified source), then you are FIPS compliant - however, we do not provide that facility out-of-the-box. We should, perhaps, modify the security policy to this effect. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Regarding all the spam...
Boyle Owen wrote: -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED] I disagree. I've lost the thread... You want to limit posting to subscribers only or you don't? I don't. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Regarding all the spam...
Rich Salz wrote: I think I misunderstood that question. I honestly don't know what we would lose. Maybe a sense of openness. In the past -- at least, say, 2-3 years ago -- we had a couple of anonymous posters who made very worthwhile contributions. Haven't seen that recently. Also, it used to be in the spirit of crypto open source (cypherpunkcs, etc) to allow anon posting because of the whoele ethos thing. Probably not worth supporting any more. I disagree. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: questions about PGP keys used to sign openssl tar balls
Jin Zhao wrote: Looks like openssl tar balls are signed with a different PGP key for each source tar ball. For example, openssl-0.9.7b.tar.gz was signed using a key with key id E06D2CB1 and openssl-0.9.7c.tar.gz was signed with key id 49A563D9. My question is why not sign the released tar ball using the shared OpenSSL Team Security Key instead of a developer's key? Because role keys suck. Or should the user import all developers PGP key to make the integrity check work? Yes. I use openssl in my daily job and really love it's power. However, if all the newly released tar ball can be signed with the same shared team PGP key, it will be easier for the user to do the integrity check. http://keyman.aldigital.co.uk/ (and no, OpenSSL doesn't use it, but it should). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hardware crypto speed anyone?
Rich Salz wrote: we got ahold of an AEP1000 crypto accelerator for testing purposes. I am stumped. The numbers look horrible. The openssl speed program is not good for testing anything other than the openssl software implementations. It does a repeated single-threaded call to RSA_sign, etc. With hardware crypto, your CPU spends most of its time waiting for data to flow to/from the device (e.g., across the PCI bus). Try running 10 speed tests simultaneously in the background, or write a multi-threaded test, etc. Speed already does multithreaded (-multi n) - I wrote it when I had to test a multi-pipe crypto board. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FIPS Certification
Tal Mozes wrote: Hi, I just ran into this article (http://www.gcn.com/vol1_no1/daily-updates/24504-1.html) which title is OpenSSL gets FIPS certification. There was also a link to the article on the last SANS NewsBites (Vol.5 Num.52, see http://portal.sans.org/). From what I read in the websites of NIST and OSSI, this rumour is greatly exaggerated. Could you give me an authoritative answer? We are in the process of getting certification. The process is not yet complete. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: reversing md5, sha
Rich Salz wrote: reversible compression hash alogorithms out there? I'm not a mathematical cryptographer, but that phrase sounds like an implausability to me. It is, of course, trivial to prove that anything with arbitrary length input and fixed length output is not reversible. I missed the rest of this discussion though :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FIPS mode
Mathias Brossard wrote: On Fri, 2003-09-05 at 19:59, Ben Laurie wrote: Mathias Brossard wrote: - Asymmetric: DSA, RSA, ECDSA Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we aren't doing. It's a little disappointing that RSA is not part of the process (it is much more common than DSA). Looking at the list of validated modules http://csrc.nist.gov/cryptval/140-1/1401val.htm I see in the field FIPS-approved algorithms the value RSA (PKCS #1, vendor affirmed). Will you as a 'vendor' claim that OpenSSL is compliant with RSA PKCS#1 ? Yes. As a side note it seems that since 09/05/2003, Crypto++ is on the list FIPS 140-2 Level 1 with certificate #343. So I've heard. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FIPS mode
Mathias Brossard wrote: On Fri, 2003-09-05 at 11:55, Ben Laurie wrote: - What version of OpenSSL does it correspond to? 0.9.7b? Yes, and the FIPS specific routines will be carried forward in future OpenSSL releases. Only the cryptographic module containing the relevant cryptographic module implementations is certified, not the larger OpenSSL distribution which can change without affecting the certification. Out of curiosity, which cryptographic module are certified ? None, yet, but those that we are shooting for are... A quick google, tells me the list of approved security functions should be approximately: - Symmetric: AES, DES, 3DES, Skipjack AES, DES, 3DES (2 and 3-key modes). - Asymmetric: DSA, RSA, ECDSA Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we aren't doing. - Message Authentication: DES MAC, Triple DES MAC Nope. - Hash: SHA-1 Yep. - Keyed Hash: HMAC Nope. - RNG: FIPS 186-2 (Appendix 3.1 3.2), ANSI X9.31 and ANSI X9.62 X9.17. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FIPS mode
Chris Brook wrote: If I read your reply right, responsibility for DAC and Known Answer Test checking is the responsibility of the app developer, though you will provide the DAC checksum for the crypto module. Have you also included the KATs, since they essentially exist the OpenSSL test modules? _Everything_ is included. Since OpenSSL is providing source code (which presumably includes the DAC checksum generation code), what's to prevent a user modifying the crypto code and regenerating the checksum? Nothing. What's to prevent you claiming you're using FIPS-140 certified stuff and not doing so? Nothing. That's not the way it works. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
FIPS mode
I'm coming close to the end of the work to get OpenSSL FIPS-140ed. So, if people have comments/changes/concerns, they'd better get a move on and clue me in, because once its done we can't change it. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ADVISORY] Timing Attack on OpenSSL
I expect a release to follow shortly. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff OpenSSL v0.9.7a and 0.9.6i vulnerability Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. The enclosed patch switches blinding on by default. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). This problem affects many applications using OpenSSL, in particular, almost all SSL-enabled Apaches. You should rebuild and reinstall OpenSSL, and all affected applications. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0147 to this issue. We strongly advise upgrading OpenSSL in all cases, as a precaution. Index: crypto/rsa/rsa_eay.c === RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v retrieving revision 1.28.2.3 diff -u -r1.28.2.3 rsa_eay.c --- crypto/rsa/rsa_eay.c30 Jan 2003 17:37:46 - 1.28.2.3 +++ crypto/rsa/rsa_eay.c16 Mar 2003 10:34:13 - @@ -195,6 +195,25 @@ return(r); } +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + int ret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa-blinding == NULL) + ret = RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +#define BLINDING_HELPER(rsa, ctx, err_instr) \ + do { \ + if(((rsa)-flags RSA_FLAG_BLINDING) \ + ((rsa)-blinding == NULL) \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ + } while(0) + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -239,8 +258,8 @@ goto err; } - if ((rsa-flags RSA_FLAG_BLINDING) (rsa-blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx, goto err;); + if (rsa-flags RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(f,rsa-blinding,ctx)) goto err; @@ -318,8 +337,8 @@ goto err; } - if ((rsa-flags RSA_FLAG_BLINDING) (rsa-blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx, goto err;); + if (rsa-flags RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(f,rsa-blinding,ctx)) goto err; Index: crypto/rsa/rsa_lib.c === RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v retrieving revision 1.30.2.2 diff -u -r1.30.2.2 rsa_lib.c --- crypto/rsa/rsa_lib.c30 Jan 2003 17:37:46 - 1.30.2.2 +++ crypto/rsa/rsa_lib.c16 Mar 2003 10:34:13 - @@ -72,7 +72,13 @@ RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + +#ifndef OPENSSL_NO_FORCE_RSA_BLINDING + r-flags|=RSA_FLAG_BLINDING; +#endif + + return r; } void RSA_set_default_method(const RSA_METHOD *meth)
Re: Slapper denial-of-service problem - why isn't this fixed?
Joe Rhett wrote: So, say you have a server which listens on both port 443 for SSL and 80 for HTTP, does access on port 80 get blocked at the same time as access on port 443 gets blocked. Yes. Not 'blocked' -- TCP connects happen, but the server doesn't reply for up to the Timeout period. It you telnet to it by hand during the attack you can wait for 3 minutes and get the response. FYI, in the ssl_error_log you get multiples of these: [15/Dec/2002 13:23:18 28357] [error] SSL handshake failed (server synergy.isite.net:443, client 61.133.84.147) (OpenSSL library error follows) [15/Dec/2002 13:23:18 28357] [error] OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [Hint: speaking not SSL to HTTPS port!?] Only 1 or sometimes 2 per site. In the main error log you get [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out Note that these servers are all very lightly loaded. They normally only clear 3% utilization during backups. We had these exact same symptoms on a server we had just put into production, which had only a single live site (with no content yet!) on it. This isn't a blast-DoS, as the total requests are identical with the number of sites on each server plus normal traffic. The fact that there are at least 25 timeouts on the same address suggests that your claim that there is only one hit per vhost is inaccurate. Are you _sure_ it isn't just using up all the available children (btw, on any heavily loaded site I've ever had to deal with, I've set the timeout _much_ lower than 3 minutes!). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: nonces?
Rich Salz wrote: Or use the trick we created for Identrus: make the nonce be the hash of the document that made you first do the OCSP query. That doesn't prevent a replay attack, in general, of course. If the document isn't public, then it's as good as arbitrary random bytes. If the document *is* public, then it would be interesting to analyze what replay would really mean given the timestamps within the OCSP message itself. I was unclear - I meant as a general technique it doesn't - it may well be that it does given the properties of certain protocols, though unless you are guaranteed to answer the same at all points in the future, I don't see how the timestamp helps. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL Security Altert - Remote Buffer Overflows
OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 == A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS. Vulnerabilities --- All four of these are potentially remotely exploitable. 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4. In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them. Who is affected? Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable. SSLeay is probably also affected. Recommendations --- Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS. A patch for 0.9.7 is available from the OpenSSL website (http://www.openssl.org/). Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos. Client should be disabled altogether until the patches are applied. Known Exploits -- There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code. References -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657 Acknowledgements The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. The patch and advisory were prepared by Ben Laurie. Advisory 2 == Vulnerabilities --- The ASN1 parser can be confused by supplying it with certain invalid encodings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue. Who is affected? Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations --- Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL. Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL. Exploits There are no known exploits for this vulnerability. References -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 Acknowledgements This vulnerability was discovered by Adi Stav [EMAIL PROTECTED] and James Yonan [EMAIL PROTECTED] independently. The patch is partly based on a version by Adi Stav. The patch and advisory were prepared by Dr. Stephen Henson. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff Index: CHANGES === RCS file: /e/openssl/cvs/openssl/CHANGES,v retrieving revision 1.618.2.158 diff -u -r1.618.2.158 CHANGES --- CHANGES 2002/05/09 22:40:31 1.618.2.158 +++ CHANGES 2002/07/30 09:14:15 @@ -2,6 +2,35 @@ OpenSSL CHANGES ___ + Changes in security patch + +Changes marked (CHATS) were sponsored by the Defense Advanced +Research Projects Agency (DARPA) and Air Force Research Laboratory, +Air Force Materiel Command, USAF, under agreement number +F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject
Re: Speaking of shared secrets
Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 11:43:04 +0300, Vadim Fedukovich [EMAIL PROTECTED] said: vf please consider to include this code into distribution Thanks and forgive me for being a nuisance... Errr... a) This should be on openssl-dev b) its still GPLed - what did I miss? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Global PKI on DNS?
Bill Sommerfeld wrote: As others have pointed out, the DNS already has the capability to store certs. So you could use the DNS as a publication method. But is this the only thing a PKI needs? How would one revolke a cert that was in the DNS? How can you update -every- cached copy of the cert in question? you don't need to. there are in general two options for this sort of thing: 1) short lived certs 2) CRL's published at regular intervals. both involve a regularly-signed short-lived objects. Errr - OCSP? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: libssl.so: undefined symbol: sk_X509_NAME_value
[EMAIL PROTECTED] wrote: I have, for two days, been banging my head on trying to install this apache server with mod_ssl. I keep having problems. I have tried absolutely everything I can think of to try to fix this. I have searched all of the postings and tried their solutions. Nothing works. Here is my OS ... Linux host_name_omitted 2.2.16-22smp #1 SMP Tue Aug 22 16:39:21 EDT 2000 i686 unknown Here is the error ... /apachectl startssl Syntax error on line 243 of /usr/local/share/apachessl/conf/httpd.conf: Cannot load /usr/local/share/apachessl/libexec/libssl.so into server: /usr/local/share/apachessl/libexec/libssl.so: undefined symbol: sk_X509_NAME_value ./apachectl startssl: httpd could not be started Here was my install process ... gtar xzvf src/openssl-0.9.6b.tar.gz gtar xzvf src/apache_1.3.20.tar.gz gtar xzvf src/mod_ssl-2.8.4-1.3.20.tar.gz gtar xzvf src/mod_auth_ldap.tar.gz gtar xzvf src/mod_put.tar.gz 1. install openssl # cd src/openssl-0.9.6b # ./config # make # make install 2. Add authmodldap to the apache src # cp -pr modauthldap apache_1.3.20/src/modules/ldap 3. configure mod_ssl # ./configure --with-apache=/usr/src/apache_1.3.20/ --prefix=/usr/local/share/apachessl 4. configure apache ( include modauthldap, mod_put, mod_ssl ) # SSL_BASE=/usr/local/ssl ./configure --enable-module=ssl --enable-rule=EAPI --prefix=/usr/local/share/apachessl --enable-shared=max --enable-module=all --add-module=../mod_put-1.3/mod_put.c --activate-module=src/modules/ldap/mod_auth_ldap.c # make # make certificate TYPE=test # make install 5. Edit /usr/local/share/apachessl/conf/httpd.conf 6. Should be done now start by using /usr/local/share/apachessl/bin/apachectl startssl This is where it totally bombs on me. I even tried Upgrading with APXS # ./configure --with-apxs=/usr/local/share/apachessl/bin/apxs --with-ssl=/usr/local/ssl This still didn't work. Ah, didn't work, eh? That'll be because something went wrong. Or, to put it another way - details! Cheers, Ben. -- http://www.apache-ssl.org/ben.html There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Exportable cipher suite
Patrick Li wrote: Thanks for the information. Does that mean there is no longer restrictions on using any of the cipher suites specified by TLS or SSL outside of the US? There never were restrictions on _using_ them, only on exporting. Sorry for a simple question. But is it still the case that only Canada and US are allowed to use browers with 128 bit encryption strength? That has never been the case. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: echoping 4.1 released : a tool to test SSL servers
[EMAIL PROTECTED] wrote: -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED]] Sent: 14 February 2001 13:25 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: echoping 4.1 released : a tool to test SSL servers [EMAIL PROTECTED] wrote: This is just the kind of thing I'm looking for for testing SSL acceleration cards. By testing on the actual server I can see the raw performance increase without having to factor in network latency. Snag is you have to factor in the effects of session caching, which means that a simple test like this may not give an indicative result. Cheers, Ben. Thanks Ben for cheering me up. Perhaps If I have a machine that can change it's IP number constantly I could get round it. Or perhaps not. Maybe I could disable session caching altogether. This is only a development machine anyway (and has been trashed many times). That wasn't exactly what I meant: in a live server you do less RSA and more symmetric because of session caching. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: BN_mod_inverse problem
Joseph Ashwood wrote: I've found a problem with BN_mod_inverse, in particular when it is called many times in quick succession when verifying DSA signatures. Originally this showed up when use DSA_do_verify, so I wrote my own, and I've isolated the problem as being in BN_mod_inverse. It seems to only occur on about 0.2 % of the data sets, and I've only verified it when running in fast succession (several a second) on a Pentium III @ 750 MHz running windows2000, I've found a dataset of 2 where the second fails verification while the first succeeds regardless of the order of the two of them. Has anyone else experienced this or closely related problems? Is there a known workaround? Nope - do you have a test program for this problem? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Rainbow Cryptoswift cards - information
[EMAIL PROTECTED] wrote: Further to my previous message, I have not only received my Cryptoswift card, but I actually have it working. I'm seeing a speed improvement of around 20x on a Dual Pentium 166. Hmmm ... so we can expect about 3x on a single P3/1GHz. How much do these things cost? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Troubles in re-connect
Lutz Jaenicke wrote: On Sun, Jan 21, 2001 at 07:03:07PM -0500, Greg Stark wrote: sorry for the misinformation. I misunderstood a thread I had read in the archives. Just out of curiousity, what do the following functions do: SSL_CTX_set_session_cache_mode( ); SSL_CTX_sess_set_cache_size ( ); SSL_CTX_set_timeout ( ); I did not express myself correctly: Automatic session reuse is not possible with OpenSSL. The original poster did mention client use and this should have correctly been for the client side: Automatic session reuse _for_the_client_side_ is not possible with OpenSSL. Please excuse, I have been lazy when typing... On the server side, a session cache is automatically maintained (unless explicitly switched off) with parameters influenced by the functions you mention. Note that this cache only works if the server is a single process - Apache-SSL has to maintain its own inter-process cache, for example. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Distributed session caching
Shridhar Bhat wrote: Hi, We are trying to deploy multiple SSL-based servers in a cluster. We want to share the session cache of each of these servers so that connections from same client (with session id reuse) can be handled by any server in the same cluster. The scheme is simple: Each server maintains its local cache and also replicates the session in a central server. Whenver a request for session-id reuse comes in and the server doesn't find the id in its local cache, it refers to the central server. Would this scheme work and be worth implementing? What could be the possible bottlenecks in it? The most attractive benefit I see is that any server could go down without forcing its clients to renegotiate the session. Also, the load balancer need not bother about the 'sticky connections'. I would greatly appreciate any suggestions/comments on this. Comment: the central store is a single point of failure. Suggestion: Splash! (and, if you are using Apache-SSL, splashcache) - this is a distributed masterless database designed for precisely this kind of thing, with no single points of failure. http://anoncvs.aldigital.co.uk/splash/ BTW, Apache-SSL's gcache mechanism already implements what you are describing. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: BN_rand question
Marco Russo wrote: - Original Message - From: "Ben Laurie" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 17, 2001 7:18 PM Subject: Re: BN_rand question Marco Russo wrote: I need to generate a random polynomial in Zp, with p very large (1024-2048 bits). Sorry for my math...:-(, but I think that with your method the problem is that the numbers in [0, p-1] are equally likely only if (2^(n - 1))mod p = 0, where n is the number of bits in input to BN_rand (there are 2^(n-1) numbers of n bits, from 10...00 to 11...11). Finding an n such that (2^(n - 1))mod p = 0 is really hard Another way could be to fill an array A of bits. What??? That's what BN_rand already does! Ah ..ok! I thought that the MSD of the number generatated form BN_rand was 1:-(! Only if you ask for it to be. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: BN_rand question
Marco Russo wrote: I need to generate a random polynomial in Zp, with p very large (1024-2048 bits). Sorry for my math...:-(, but I think that with your method the problem is that the numbers in [0, p-1] are equally likely only if (2^(n - 1))mod p = 0, where n is the number of bits in input to BN_rand (there are 2^(n-1) numbers of n bits, from 10...00 to 11...11). Finding an n such that (2^(n - 1))mod p = 0 is really hard Another way could be to fill an array A of bits. What??? That's what BN_rand already does! for(i = 0; inumbits(p);i++){ if (result of BN_rand is an odd num.) A[i]=1; else A[i]=0; if( number in A p){ Clearly this can only be true when i == numbits(p)-1. A[j]=0 for each i=j=numbits(p); break; } } What about this method? I think it's too expansive... That introduces bias by folding the numbers above p (which there are less than p of). A right thing to do is to simply choose a new random number if you exceed p. This introduces no bias. Or choose a random number with numbits(p)+k in, multiply by p, stretch to 2*numbits(p)+k and choose the top numbits(p) bits. Which would introduce almost no bias. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Looking for an HTTPS client for NT C/C++
David Schwartz wrote: David Schwartz wrote: That is not a restriction on the right to "copy, distribute or modify", now is it? Yes, it is. All it restricts is your ability to advertise: i.e. if you advertise yourself, you must also advertise us. A bit like a GPL for the PR space :-) Umm, no. That makes no sense. If I say, "If you wish to do X, you must agree to do Y if you do Z" that is a restriction on your ability to do X. If you didn't do X, you could do Y without doing Z. If you do X, you cannot do Y without doing Z. The restriction on your ability to advertise is one you must accept if you wish to distribute the code. So it's a restriction on your ability to distribute the code, namely that you must accept the advertising restriction. I've just reread your original post, and I see you are arguing that you cannot distribute a combined work under the GPL. This is, of course, true. However, the _question_ was "[is it] possible to include BSD licensed code in a product, that is released under the GPL." This question is somewhat ambiguous, but I took it to mean "can I release some code under GPL that links to OpenSSL and include OpenSSL in the tarball" - and the answer is "yes", IMO. I'm not convinced by your argument that accepting the advertising restriction restricts your ability to distribute the code, since you are always free to accept the advertising restriction, and hence can always distribute the code. But this is not relevant to the question, anyway. Finally, I should point out, once more, that we (that is, the OpenSSL team) _cannot_ change Eric's licence, so we can _do nothing_ about advertising clauses. Hence, it would make sense for the community to find ways to live with this instead of attempting to apply pressure on us to fix the unfixable. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Looking for an HTTPS client for NT C/C++
Bernard Dautrevaux wrote: -Original Message- From: David Schwartz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 29, 2000 12:26 PM To: [EMAIL PROTECTED] Subject: RE: Looking for an HTTPS client for NT C/C++ Ben Laurie wrote: I'm not convinced by your argument that accepting the advertising restriction restricts your ability to distribute the code, since you are always free to accept the advertising restriction, and hence can always distribute the code. But this is not relevant to the question, anyway. That doesn't make sense. That's like saying that if you have to pay me $1,000 to use your car, that doesn't restrict your ability to use your car, since you can always pay me the money and hence you can always use it. Obviously, any restriction (by definition) restricts your ability by imposing conditions upon you that wouldn't be there without the restriction. Finally, I should point out, once more, that we (that is, the OpenSSL team) _cannot_ change Eric's licence, so we can _do nothing_ about advertising clauses. Hence, it would make sense for the community to find ways to live with this instead of attempting to apply pressure on us to fix the unfixable. I appreciate that. I certainly am not trying to put any pressure on anybody. If, however, others do wish to apply pressure, they should apply the pressure to the entity with the ability to remedy this situation. That would be the FSF, who could release a new version of the GPL that was compatible with the OpenSSL library's license. The new license would immediately take affect on all past and future GPLed code and permit the incorporation of OpenSSL into all past and future GPLed projects. I'm a bit afraid that FSF (i.e. rms) has already STRONGLY stated that the GPL is and would remain incompatible with ANY other open source license, except the GPL :-); The only solution, wrt GPL, is to structure your application so that it CAN be used without openSSL; THEN releasing your code under the GPL will not contaminate openSSL with the GPL. Surely that doesn't have to be the case - simply packaging it without OpenSSL will do, won't it? This is another example of the "better is the ennemy of good" (I don't know if you say that in English; it's a well-known French saying: "Le mieux est l'ennemi du bien"). GPL by wanting to force people to stay in the open source world is in fact restricting people from living in it. My own NSH opinion is that you probably coudl release your code under the openSSL, or BSD, license; if you want to , you may then add a clause saying that people distributing your code should provide the source code used to create the executable code, with the right to redistribute it, as long as it can be rebuilt against the standard openSSL code, or distribute th echange they've made to openSSL to allow building this application. However IANAL and frankly I would personally NOT go in this direction and would release my code under the openSSL license :-) Quite. Just my .02$ Bernard PS: Although always attracting people, I'm not sure this GPL-compatibility issue should be discussed at length once more. Perhaps a entry in a FAQ could just summarize the issue (with mention of the definitive and authoritative optinion of RMS) with indication to people willing to release their work under an open-source license to try to avoid th eGPL wich is marginaly NOT open-source. RMS's opinion is not definitive - the opinion of a court will be, should it ever come to that. Until then its all just opinion. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Looking for an HTTPS client for NT C/C++
Shridhar Bhat wrote: [EMAIL PROTECTED] wrote: On 24 Nov, Jean-Marc Desperrier wrote: Shridhar, a tool that incorporates OpenSSL code can hardly be released as GPL, because OpenSSL itself is not GPL. As I understand the BSD license, BSD licensed code can be rereleased under the GPL. See drivers/scsi/ncr53c8xx.c in the Linux kernel. This code was BSD licensed, it originates from FreeBSD, was ported to Linux and rereleased under the GPL. Umm. Changing the licence without the consent of the copyright holder is illegal. It might be a good idea to take the license of the recent release of Echohttpd as a model. :-) The license text in echohttpd is stolen from NetBSD, my preferred operating system. So you can say that the license of echohttpd is the BSD license. [looking in to the original 4.4BSD-Alpha source code in the TUHS archive, finding usr/src/etc/COPYRIGHT] Yes. This is _the_ BSD license that was used by the CSRG at Berkley. I have registered and got the project approved at SourceForge.net. While registering the project I chose the License as GPL. Now, after recent mails to this thread, I have a question. Can I release my code which uses OpenSSL under GPL or not? Yes. And if I can not, then is there a way for me to change the license at sourceforge? Or, do I need to register my project under a new name and license? As I understand the OpenSSL license, I can not re-distribute *OpenSSL* code under GPL but I don't see any restriction on the code which *uses* openssl library. That's correct. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Looking for an HTTPS client for NT C/C++
John Casu wrote: For example, mod_ssl is released under the GPL, and links with openSSL and Apache. Actually, I believe mod_ssl is BSD-licenced, as is Apache-SSL. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compilation Problem on True64 V4.0f(!)
Richard Levitte - VMS Whacker wrote: From: Achim Spangler [EMAIL PROTECTED] spangler The error message is as follows: spangler cc -I.. -I../../include -std1 -tune host -O4 -readonly_strings -c spangler bss_fd.c spangler cc: Error: /usr/include/sys/signal.h, line 486: In the declaration of spangler "__P_C", a function cannot return a function type. (badreturntype) spangler extern int __P_C(sigwait) __((const sigset_t *set, int *sig)); spangler ---^ spangler cc: Warning: /usr/include/sys/signal.h, line 486: In the declaration of spangler "__P_C", a function declarator has an identifier list but is not part of spangler a function definition. Extraneous parameter names are ignored. spangler (funcidlis) spangler extern int __P_C(sigwait) __((const sigset_t *set, int *sig)); spangler ---^ spangler *** Exit 1 That looks very much like a Compaq poopoo... I would guess that the __P_C thingy is a macro that they didn't get quite right. I'd guess they are expecting something else to get included first. I'd check, but Compaq never did give me a Tru64 upgrade :-( Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Found a bug in the OpsnSSH configuration script
Richard Levitte - VMS Whacker wrote: [I'm cc:ing [EMAIL PROTECTED], because questions about this are getting there over and over...] There's a problem that several people who installed OpenSSL to be able to uyse OpenSSH have faced: Could not find working SSLeay / OpenSSL libraries, please install I don't recall how SSLeay was installed, but for OpenSSL, there's a glitch in the way it tries to find the libraries. The following fix works for me: Its looking for an uninstalled version, handy for developers, not so handy for users. Ideally it should try both. Cheers, Ben. --- configure.in.orig Thu Mar 23 18:56:58 2000 +++ configure.inThu Mar 23 18:55:05 2000 @@ -152,10 +152,10 @@ AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do if test ! -z "$ssldir" ; then - LIBS="$saved_LIBS -L$ssldir" + LIBS="$saved_LIBS -L$ssldir/lib" CFLAGS="$CFLAGS -I$ssldir/include" if test "x$need_dash_r" = "x1" ; then - LIBS="$LIBS -R$ssldir" + LIBS="$LIBS -R$ssldir/lib" fi fi LIBS="$LIBS -lcrypto" --- configure.orig Thu Mar 23 18:55:02 2000 +++ configure Thu Mar 23 18:57:08 2000 @@ -1890,10 +1890,10 @@ echo "configure:1891: checking for OpenSSL/SSLeay directory" 5 for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do if test ! -z "$ssldir" ; then - LIBS="$saved_LIBS -L$ssldir" + LIBS="$saved_LIBS -L$ssldir/lib" CFLAGS="$CFLAGS -I$ssldir/include" if test "x$need_dash_r" = "x1" ; then - LIBS="$LIBS -R$ssldir" + LIBS="$LIBS -R$ssldir/lib" fi fi LIBS="$LIBS -lcrypto" -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- http://www.apache-ssl.org/ben.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Found a bug in the OpsnSSH configuration script
Richard Levitte - VMS Whacker wrote: ben I don't recall how SSLeay was installed, but for OpenSSL, there's a ben glitch in the way it tries to find the libraries. The following fix ben works for me: ben ben Its looking for an uninstalled version, handy for developers, not so ben handy for users. Ideally it should try both. In that list of directories? I'm baffled... ben for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do I expect you'll find that "" or $tryssldir is the relevant one. :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How do I generate 56 bit DES keys?
"Wilder, John" wrote: The openssl has utilities to generate DSA and RSA encrypted keys. Is there anyway to generate 56bit DES keys? If not by openssl, how? Just pick a random number. Cheers, Ben. -- http://www.apache-ssl.org/ben.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Accessing a Smart Card through Browser
Hakan Lindh wrote: Look at Arcot Systems, Inc. for a smart-card solution without the physical smart card www.arcot.com I've heard some pretty bloody stupid things in my time, but this really does take the biscuit. -- SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Coming to ApacheCon? http://ApacheCon.Com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA flier?
Does anyone have a copy of the RSA flier going about with a picture of a car on the front, in which the scurrilous claim that free software is not supported or maintained is made? I had one, but its, err, in use by the ASA. :-) Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: error C2197: 'void (__cdecl *)(void)' : too many actualparameters: problems compile the following code using ms visual c v6
Jeffrey Altman wrote: Richard Levitte - VMS Whacker [EMAIL PROTECTED] ,in message 2202220 [EMAIL PROTECTED], wrote: I think the real problem is that an attempt is made to compile stack.c as a C++ file, not a C one. What should be done is to tell the compiler that it shouldn't use C++ semantics... #include it within an extern "C" { } ? I'm not sure if that's going to be effective. I guess it's just an error to try to compile C with a C++ compiler. You don't try to compile pascal with a fortran compiler, eh? The Visual C++ compiler does not compile a .c file with C++ semantics unless a special command line switch is thrown. stack.c is being compiled as a ANSI C program. The compiler is correct. void (*func)() means void (*func)(void) in ANSI C. func(foo); calls func() with a single parameter which is one more parameter than the function pointer is declared to accept. Not according to KR Ed. 2 - they say that void (*func)() is equivalent to void (*func)(...). Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Bug report: primality testing algorithm.
"Paulo S. L. M. Barreto" wrote: Greetings. I'm implementing elliptic curve software on top of OpenSSL Bignum library. When testing it on NIST's standard curves, I found a problem that seems not to be in my code: Bignum reports that NIST's 384-bit prime is not prime! I've checked the value with MIRACL and Java (which in turn uses Colin Plumb's Bnlib), and both say that P384 is indeed prime, as expected. If anyone would like to check it, here's a test program that reveals the error: The short answer, amazingly, is that BN_div() is broken! A quick fix is to set the "#if 0" to "#if 1" at the top of crypto/bn/bn_div.c. In a way, I'm glad this bug was there, coz it made me (finally) figure out the prime testing. It uses Fermat's test, which seems a little strange to me, since it is known to fail to diagnose some composite numbers. It also uses a home-brewed mod_exp function (essentially, that's what witness() is) which is, presumably, slower than the "real" thing. Anyway, I'm too tired now to diagnose BN_div(), I'm going back to bed. I suspect we should switch to Miller-Rabin or some other popular prime tester, though. Not that that will fix this bug. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL and SET
Radovan Semancik wrote: hello! I'm interested in SET (Secure Electronic Transactions) protocol support in OpenSSL. Is there such a best? Is there plan to add SET implementation to OpenSSL? Is there any other open SET implementations? No, no and not as far as I know. I'm vaguely interested in the idea, though. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL 3.0 and TLS 1.0: differences?
M wrote: [Perhaps I ought to know this already, but...] RFC 2246 says "The differences between [TLS 1.0] and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to SSL 3.0)". To an unpractised eye, not used to the line-by-line collation of long texts, the two specifications seem pretty well identical. What *are* the important differences? The hashes used for secret generation (and perhaps checking message content, I forget now) are radically different. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: out of memory error with netscape/openssl
jackie wrote: Will you tell me what fields I must fill in my certificate that are different from client certificate or normal certificate? There aren't any that are different, but leaving any blank makes Netscape throw hissy fits. Cheers, Ben. Ben Laurie wrote: a) Use the latest release. b) Fill in _all_ the fields in your server certificate. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Millenium and 37 bug
Rodney Thayer wrote: you should be able to go to at least 2049, as the PKIX limit is around 2050. I know some vendors have tested this. PKIX is not limited to 2050, it simply changes format at that point. The problem is, presumably, that the date calculation is not carried out in an appropriate size of number. Cheers, Ben. At 06:28 PM 1/3/00 +, Andrew Cooke wrote: Hi, Not really a open-ssl bug, but it's interesting and I'm curious to hear how people will be dealing with it: has anyone tried to make a certificate that lasts for the next century? We tried (just because we were fed up with test certificates expiring) and found that we couldn't get past 2037, presumably because that's when "unix time" runs out of bits (although this was on NT). Presumably the fix is to link against a library which has t_time defined as something larger (or at least unsigned) - does such a library exist? As CRLs and certificate chaining become more popular, it seems, to me, that having long-lasting certificates will be more important - so I don't think ignoring the problem is the best solution Andrew __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is it legal?
Michael Sierchio wrote: Ben Laurie wrote: Permit me to quote from RFC 2246 (TLS): The Internet Standards Process as defined in RFC 2026 requests that a statement be obtained from a Patent holder indicating that a license will be made available to applicants under reasonable terms and conditions. An excellent example of the wry, understated humor we've come to expect from the English. Why, thankyou. Perhaps I should explain the subtext for those who are not RFC scholars. There is no such statement from RSA in RFC 2246, though I do vaguely recall them making some sort of commitment on the WG mailing list. I am making enquiries as to why there is this strange omission. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is it legal?
Vin McLellan wrote: I also believe in SW patents, .. but the current farce with RSA, even you have to admit, is stupid! Why cannot developers purchase a license (I do not call $100,000 a license fee for ANYONE)? Why has RSA abandoned RSAREF? 1. People who own something (and a patent is an property ownership grant) don't have to let anyone, who demands access to it, actually get direct access to it. Permit me to quote from RFC 2246 (TLS): The Internet Standards Process as defined in RFC 2026 requests that a statement be obtained from a Patent holder indicating that a license will be made available to applicants under reasonable terms and conditions. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL compiling problem on OpenBSD
Michal Otoupalik wrote: Hi, I have tried to compile OpenSSL 0.9.4 on OpenBSD and when compilation was in directory crypto/comp then it stopped with error: +gcc -shared -o libcrypto.so.1 -Wl,-S,-soname=libcrypto.so.1 -Wl,--whole-archive libcrypto.a ld: No reference to __DYNAMIC Does anybody know how fix this problem? No, but I've had it with other packages on OpenBSD, and very irritating it is, too. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate question
Michael Robinson wrote: Patrik Carlsson [EMAIL PROTECTED] writes: You could remove your key passphrase - but it's not recommended for obvious security reasons! Everyone says that, but I've never seen anyone elucidate on the so-called "obvious" reasons. The key file is protected by root-read-only permissions. Only someone with root access can read the file. If someone has root access, they can gcore your running daemon and extract your private key from the core dump with just a little more work. From my point of view, the key passphrase gives people a false sense of security (as well as added inconvenience). Exactly, and this is why Apache-SSL does not support any mechanism for automating passphrases - we recommend you remove them altogether and protect your machine with your life (or at least your money). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL and non-repudiation
Maurice klein Gebbinck wrote: Hi all, This weekend I read the SSL spec and I am wondering about the following. Suppose I am a the owner of an e-shop and I have a secure webserver. In order to make sure that all product orders I get are for real, I require that clients present a valid certificate during the SSL handshake. However, since after the handshake SSL switches to an encryption method based on symmetric keys (right?), it makes no sense to store the encrypted order of a client in a database, because the client can always argue that I made up the encrypted order myself (which I can since I know the symmetric key). The only thing the client cannot deny is that he has made a secure connection with my webserver, but apart from that nothing can be proven. Is this right, and if yes, is there a way within SSL (openssl) to provide non-repudiation? It sounds right to me, and certainly SSL was not intended to provide non-repudiation as a service. I'd say, therefore, that if you want non-repudiation, you'd need to add it on top of SSL. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL and Mac OS and export fun
Rich Salz wrote: To the best of my recollection, the following is a direct quote from one of the NSA folks: ... we call that crypto-with-a-hole and we don't allow that to be exported Hmm ... thought it was the DoC that wrote the export rules. :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compiling OpenSSL without 3DES
Nicolas Roumiantzeff wrote: Could you describe this "meet-in-the-middle" attack on the 3-DES? OK, well, it's a known-plaintext attack. You encrypt the known plaintext with all 2^56 possible keys for the first step, and store the results. You then decrypt the ciphertext with all 2^112 possible keys for the last two steps and compare to your stored results. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compiling OpenSSL without 3DES
Bruno Treguier wrote: Ben: Is that true keylength or effective keylength? 3DES has an effective keylength of 112 bits. Well, first of all I have to present my apologies to the list for my double posting the other day. Seems that I slipped on the "send" key before finalizing my message... Now, about the effective key length vs true key length, my intention here is not to start a "holy war" about this particular problem which is far beyond my understanding (I'm in no way a cryptography specialist), but what I've read about it (several times, and from several sources, one of which being the excellent cryptography FAQ from RSA labs) is that this 3DES "weakness" is theoretical, and that to reduce the effective key length to 112 bits, and be able to conduct a known plaintext attack against it, you have to be able to store 2^56 bits (which is about 8192 _terabytes_) of data... Anyway, French laws aren't that specific. All they talk about is a "key length", so even if you're right, Ben, I don't want to get into trouble just because a pen pusher will have made the wrong assumption. ;-) That's up to you, but I don't know _anyone_ who thinks that 3DES is more than 128 bit, in any meaningful sense. Well, not anyone who knows what they're talking about, anyway. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Mapping Certs to local account names: is there a standard practice?
Jeffrey Altman wrote: What is the purpose of global CAs such as Verisign if I can't trust the certificates to identify an end user? That is indeed the question. At least the part before the "if" :) At least now you can have a single value (subject,issuer,serial#) to map "global identity" (sic) into local credentials. If you think that any random cert signed by any random CA can be trusted by your local programs. In many cases globally-scalable identities have to be mapped down into a smaller ID space -- e.g., a 32bit Unix userid. There's no magic bullet here. /r$ I'm not looking for a magic bullet. What I am looking for is a method to package and distribute clients and servers that will work out of the box. And the answer is, that if you want to do client auth with PKI then you can't. You need to modify the code to support whatever local system is in use for certificate to ID mapping. That's simply not true. There's plenty of other ways to do it (e.g. trust certain CAs, or add attributes to the certs). What this says to me is that Client Auth should not be a part of SSL/TLS and that the client auth protocol should be built on a higher layer. Whether that client authentication layer be PKI based or something like Kerberos, Secure Remote Password, SecureID, OTP, or something else. What it says to me is that client auth is non-trivial and has to be handled in a way appropriate to the environment. Sometimes what TLS/SSL provides is sufficient. Sometimes it needs supplementing. Sometimes it isn't the right thing at all. Moving it to a higher layer removes the possibility of using the first two, which really is a step backwards. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with ssl
Roddy Strachan wrote: Hi, I managed to get a certificate up and running, but whilst running with apache-ssl, i get : [Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(355): Random input /dev/urandom(1024) - 1112 [Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(928): Generating 512 bit key [Thu Nov 11 11:18:51 1999] [debug] apache_ssl.c(272): SSL_accept returned 0 [Thu Nov 11 11:18:51 1999] [debug] apache_ssl.c(276): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate ANy ideas, in the web browser it says The security library has experienced an out of memory error. Please try to reconnect. That usually happens when you've left some fields blank in the server cert. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [Fwd: Could not read server certificate (-8174)]
Gustavo Pérez wrote: Subject: Could not read server certificate (-8174) Date: Wed, 27 Oct 1999 12:12:27 +0200 From: Gustavo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Please, find bellow the error we have as soon as we try to start NetScape Enterprise Server v3.6 once we have installed a Verisign Trial server certificate. server(root):start-admin Key File Password: Could not read server certificate (-8174) Could you please tell us what kind of error is It is a Netscape error. and how we can fix it up? Ask Netscape? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Did it! Now, just a quick question about SSLRequire directory ...
John Farrell wrote: Yes, I noticed the existence of SSLRequireSSL, but eschewed it because the documentation suggests that it has a granularity of: directory, whereas I believe there should be a way to specify SSL _only_ for even a specific file, which may be in a directory that is not SSL _only_ ... This is entirely the wrong list for this discussion. However, stuff that has a granularity of directory can be made to apply to a single file, with the Files... or FilesMatch... directives. Anyway, if you want to continue, I suggest you go to the appropriate list (i.e Apache-SSL or mod_ssl, depending). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RNGs - Use input from your sound card!
CJ Holmes wrote: Eh? You can already point OpenSSL at a file and tell it to read bytes. What's the problem? Ben, I am talking about functionality beyond pointing OpenSSL at a file. OpenSSL ought to include the code to generate that file using a sound card or other device/scheme, and ought to trigger refreshing the file automatically at certain intervals depending on usage. Wouldn´t you agree? Well, not everyone *has* a sound card, and of those who do not everyone has the *same* sound card. So hardware-dependent code in OpenSSL might not be such a great idea because it isn't portable. Having said that, I think the basic point is a good one. Currently OpenSSL uses time(NULL) at various points to add "entropy" to the PRNG. For *nix systems there's a couple of instances of using inode data as seed as well. This data was then severly hashed and mixed and hashed again. Then the SSL PRNG gets the same data and remixes/rehashes it all again. I would certainly like to see more thought put into the seed generation - but for reasons of portability I think this isn't as easy as it sounds. Different OSes and hardware provide different opportunities for "noise". But the hooks are there to grab any source of entropy you deem fit and add them to the RNG. Exactly. The fundamental point that OpenSSL should have a pool of entropy which it attempts to fill with an appropriate amount of the stuff at appropriate moments is a good one. Not sure how easy it is to do, though. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RNGs - Use input from your sound card!
Terrell Larson wrote: Would it make any sense to build a card? Somebody already has, but I keep forgetting who. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: open source COMMUNITY?
Paul Khavkine wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL is a continuatin of SSLeay project done initially in australia It is an SSL developpement toolkit NOT an apache module. If you want to get a SSL module for apache go to: http://www.modssl.org or http://www.apache-ssl.org, of course. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Y2K Compliance
Trickett Mark wrote: Please could you help we are urgently upgrading several and we are having trouble locating any Y2K compliance information for the following products :- Openssl - 1.03 That'll be because there isn't any. There isn't a version 1.03, either. netssl - 0.9.1c What is netssl? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]