OpenSSL-compat patches or contributions
Greetings, On the OpenSSL 1.1.0 Changes wiki there is at the bottom of the page, there is an OpenSSL-compat source code package to help migrating to OpenSSL 1.1.X and keep compatibility with 1.0.2, how can we contribute to this, as we see there seems to be missing code... Thanks, Carl
RE: OpenSSL 3.0.0 security concerns using dynamic providers
> -Original Message- > From: Matt Caswell [mailto:m...@openssl.org] > Sent: mardi 1 septembre 2020 18:57 > To: CODERE Carl-Eric ; openssl- > us...@openssl.org > Subject: Re: OpenSSL 3.0.0 security concerns using dynamic providers > > > > On 01/09/2020 03:01, CODERE Carl-Eric wrote: > > 1. Replacing the provider by a tampered provider by replacing the > > shared/dynamic library. This can partially be protected by the caller > > verifying the hash of the provider before calling it, will OpenSSL > > 3.0.0 do this, or will need to be done at integrator level? > > The OpenSSL 3.0 FIPS module checks its own integrity when it is first loaded. > This is really intended as a sanity check. It doesn't really protect against > malicious changes. > > I don't really see why you see this is a security concern. Of course, yes, if > a > malicious user was able to replace the shared/dynamic library then this > would be a serious security problem. But why is this a greater risk with > shared/dynamic libraries compared to static linking? In much the same way if > a malicious user can change the application binary then you have a security > problem. > > In other words if a malicious user has the ability to change any arbitrary > application executable or shared library then you have a security problem. > The risk doesn't really change with dynamic vs static linking. > Greetings, Thanks for the quick reply, actually from the perspective of mobile security, once the platform sandbox has been compromised, it is much easier for an attacker to replace a shared library with another one he has programmed than statically analyzing a properly stripped application to discover its cryptographic entry points and then patching it and/or hooking it (In the shared library the entry point names are clearly visible)... Hence final asset loss is the same, but the actual time to do the attack would be different. The goal is to add extra complexity for the attack, not to avoid it completely. > I supposed you could argue that the attack surface is marginally larger > because there are more places in the filesystem that you could attack. > But with any modern operating system you are going to have multiple places > in the filesystem that would be a security issue if they allowed malicious > users to make changes. Actually in the case of some application, that is the assumption, that the system is partially broken. > > You also have to ensure that you protect against malicious changes to your > "OPENSSL_MODULES" environment variable - which can be used to override > the default location to pick up provider shared objects. But again this is no > different to making sure a malicious user can't make arbitrary changes to > your "PATH". If they can change your "PATH" then this means they can cause > you to pick up a malicious application binary. Yes, sorry that context was not clearly defined, the attack scenarios that I was discussing are based on a sandbox based system such as mobile such as iOS and Android and partially UWP. Usually these platforms have restrictions on some of the environment variables usage. > > > 2. Having the provider entry points made public because they are > > dynamic will easily permit MITM attack or modification such as through > > hooking, have you thought of protection mechanisms to protect against > > this kind of attack? > > This is much the same argument as above. You are worried about a malicious > users being able to insert malicious providers into the system. If they can do > that then they don't need to do a MITM attack. > They can just replace the FIPS provider entirely with their own version. > Again this is a serious security problem - but is no greater with dynamic > linking vs static linking. > > Ultimately static linking is not designed as a security mechanism. It seems > incorrect to me to rely on it as a security control. > Matt I hope :) I have convinced you of the difference between static and dynamic linking in certain specific contexts. p.s: This email was sent through Outlook, so hopefully it will not be messed up too much with line breaks when it reaches you, sorry about this. Carl
OpenSSL 3.0.0 security concerns using dynamic providers
Greetings, We are currently investigating the usage of OpenSSL 3.0.0 on our side, especially for FIPS usage, but it seems that for OpenSSL 3.0.0 the providers, especially the FIPS provider, will be loaded dynamically, my main worry is that this will easily permit some kind of attacks on the cryptographic layer, for example: 1. Replacing the provider by a tampered provider by replacing the shared/dynamic library. This can partially be protected by the caller verifying the hash of the provider before calling it, will OpenSSL 3.0.0 do this, or will need to be done at integrator level? 2. Having the provider entry points made public because they are dynamic will easily permit MITM attack or modification such as through hooking, have you thought of protection mechanisms to protect against this kind of attack? With FIPS 2.0, from my understanding, it was statically linked, hence these risks would be lessened. Of course it required more work as it required a special linker script to add the hash value and with new NIST requirements, the FIPS mode needed to be enabled by default at premain, but my feeling as that it was more secure. Thanks for your guidance! Carl Eric Codere
Re: building OpenSSL 1.1.1 with -DPURIFY
.so.1.1) > by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766) > by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846) > by 0x5A890E: run_smtp_server (receiver.c:1367) > by 0x5A55A2: smtp_recv_thread (receiver.c:326) > by 0x73158F: generic_worker_thread (threads.c:301) > by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so) > by 0x61A502C: clone (in /usr/lib64/libc-2.17.so) > Uninitialised value was created by a stack allocation > at 0xB3E2363: sha256_block_data_order_avx2 (in > /opt/openssl/1.1.1/lib/libcrypto.so.1.1) > > > There are many, many of these errors with varying backtraces shown. > > But the common function seems to be either sha256_block_data_order_avx2 or > rand_drbg_get_nonce > I've read somewhere that compiling OpenSSL with -DPURIFY would help remove > these errors. > > However, looking at the CHANGES document which comes with the source I see > the below change in 1.1.0: > > *) Always DPURIFY. Remove the use of uninitialized memory in the > RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op. > [Emilia Käsper] > > So does this mean that -DPURIFY is enabled by default? > > If so, why am I seeing these valgrind errors? > > I've shown the output of my openssl version -a below. > > I could put in suppressions for these valgrind errors but there are so many > and affect so many areas that it would almost make my valgrind tests > useless. Sorry for it being kind of a troll, but in that matter one has to remember what someone at debian obtained when trying to satisfy valgrind with openssl. (He almost killed the PRNG, and the bug remained from september 2006 to may 2008). So only go this way being skilled and cautious... > Looking forward to any help, > > Tim > > > OpenSSL 1.1.1c 28 May 2019 > platform: linux-x86_64 > options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) > compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ > -DOPENSSL_IA32_SSE2 -DOPE > NSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM > -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM > -DVPAES_A > SM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM > -DNDEBUG > OPENSSLDIR: "/opt/openssl/1.1.1" > ENGINESDIR: "/opt/openssl/1.1.1/lib/engines-1.1" > Seeding source: os-specific > -- Eric Deplagne signature.asc Description: Digital signature
Re: Can applications built with 'FIPS Capable OpenSSL' be called as 'FIPS 140-2' certified?
Unless your product (application) is listed on the certificate, it is not FIPS 140-2 certified. Similarly, if you build your own car and drop in an OEM Ford engine, your car does not become a Ford. On Wed, 3 Jul 2019 at 13:35, Dipak B wrote: > > Hi, > > Thank you for the quick answer. > Both the questions have subtle difference. My apology they appear almost same. > > So, to clear my doubts, following is my understanding > > a) An application is FIPS 140-2 certified if and only if it links directly to > 'fipscanister.lib'. > > b) Application which links to 'libcurl.lib' and has no direct called to > OpenSSL can be called as FIPS 140-2 certified if and only if the > libcurl.lib used is generated using 'fipscanister.lib' > > > Not To be said / just repetition > Application linking with ssleay.lib from FIPS capable OpenSSL is not FIPS > 140-2 certified. > > Regards, > Deepak > > On Wed, Jul 3, 2019 at 10:37 PM Salz, Rich wrote: >> >> Didn’t you just ask this question? :) >> >> >> >> If you followed the Win32 build instructions *exactly* and you build your >> application to turn on FIPS mode and link against the canister, then yes. >> >> >> >> If you made changes to the process, then no. >> >> -- Eric Jacksch, CPP, CISM, CISSP e...@jacksch.com Twitter: @EricJacksch https://SecurityShelf.com
Re: Can applications built with 'FIPS Capable OpenSSL' be called as 'FIPS 140-2' certified?
No, strictly speaking, you cannot. Just because you use a FIPS 140-2 certified cryptographic module doesn't mean that your application is FIPS 140-2 certified. It means that your application includes (or uses) a FIPS 140-2 certified cryptographic module. Or, as it is sometimes called, "FIPS Inside". Any organization that cares will ask for the CMVP certificate number and look it up. The certificate will identify the validated configuration. On Wed, 3 Jul 2019 at 13:05, Dipak B wrote: > > Dear Experts, > > Can you please help with the following questions? > All inputs are appreciated. > > a) Can we call an Win32 application built with FIPS Capable OpenSSL as FIPS > 140-2 Certified in strict sense? > where FIPS Capable OpenSSL is OpenSSL built using the FOM (fipscanister.lib) > > I am seeking clarity although read through both Users Guide and Security > Policy. > > Thank you, > Deepak -- Eric Jacksch, CPP, CISM, CISSP e...@jacksch.com Twitter: @EricJacksch https://SecurityShelf.com
RE: Issues establising SSL connection after a wget command
Hello, Please still looking forward to a suggestion of solution on my error:1407742E issue below How can i fix this? It's not only a matter of using wget. All commands that require to ocnnect to an SSL server are failing Yhans a lot Eric On Mon, 2019-06-17 at 20:29 +, Eric Ntonfo wrote: Hello, I am running an Ubuntu 12.04 TLS server and can't use wget to download software packages The command wget http://curl.haxx.se/download/curl-7.63.0.tar.bz2 fails with the following error --2019-06-17 22:10:11-- http://curl.haxx.se/download/curl-7.63.0.tar.bz2 Resolving curl.haxx.se (curl.haxx.se)... 2a04:4e42:9::561, 151.101.38.49 Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://curl.haxx.se/download/curl-7.63.0.tar.bz2 [following] --2019-06-17 22:10:11-- https://curl.haxx.se/download/curl-7.63.0.tar.bz2 Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:443... connected. OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Unable to establish SSL connection. I am unable to fix this issue. I have upgraded from openssl 1.0.1 on my Ubuntu box to openssl 1.0.2 having heard that this latest version fix the bug But still having it. Can someone help please? Regards Eric
Issues establising SSL connection after a wget command
Hello, I am running an Ubuntu 12.04 TLS server and can't use wget to download software packages The command wget http://curl.haxx.se/download/curl-7.63.0.tar.bz2 fails with the following error --2019-06-17 22:10:11-- http://curl.haxx.se/download/curl-7.63.0.tar.bz2 Resolving curl.haxx.se (curl.haxx.se)... 2a04:4e42:9::561, 151.101.38.49 Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://curl.haxx.se/download/curl-7.63.0.tar.bz2 [following] --2019-06-17 22:10:11-- https://curl.haxx.se/download/curl-7.63.0.tar.bz2 Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:443... connected. OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Unable to establish SSL connection. I am unable to fix this issue. I have upgraded from openssl 1.0.1 on my Ubuntu box to openssl 1.0.2 having heard that this latest version fix the bug But still having it. Can someone help please? Regards Eric
[openssl-users] Kermit Project
OpenSSL Users, https://github.com/davidrg/ckwin Would there be users who would be willing to volunteer to upgrade D.R. Goodwin's ckwin code to the current OpenSSL release? It would be nice to see K95 enabled for OpenSSH, possibly also for Heimdal instead of Kerberos, and for OpenSSL. Frank da Cruz gave this comment in an e-mail last year. “So if Kermit 95 has any future, it is as an SSH client. Of course it is still useful with serial ports and modems, but that is a very small niche in the XXI Century.” https://nurmi-labs.blogspot.com/2017/08/k95.html Sincerely, Eric Lindblad -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [stunnel-users] stunnel 5.47 released
Query -- how does this relate to TLSv1.3 and the alpha version (which is not going to work with the final version -- and does not exist I think) -- and what version of openssl do you recommend? Thanks, Eric Eric S Eberhard VICS (Vertical Integrated Computer Systems) Voice: 928 567 3529 Cell: 928 301 7537 (not reliable except for text or if not home) 2933 W Middle Verde Rd Camp Verde, AZ 86322 -Original Message- From: stunnel-users [mailto:stunnel-users-boun...@stunnel.org] On Behalf Of Michal Trojnara Sent: Friday, June 22, 2018 11:10 PM To: stunnel-us...@stunnel.org; stunnel-annou...@stunnel.org; openssl-users@openssl.org Subject: [stunnel-users] stunnel 5.47 released Dear Users, I have released version 5.47 of stunnel. Version 5.47, 2018.06.23, urgency: HIGH * New features - Fast add_lock_callback for OpenSSL < 1.1.0. This largely improves performance on heavy load. - Automatic detection of Homebrew OpenSSL. - Clarified port binding error logs. - Various "make test" improvements. * Bugfixes - Fixed a crash on switching to SNI slave sections. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c4e675db996eb92beef885f72a3ed8af3c7603fea6b99d2873198dd6c0021d0b stunnel-5.47.tar.gz 985e1d65a3f4a7599cc78630960e1b2c97981f91ce6bc41f2eefcd371b4067a3 stunnel-5.47-win32-installer.exe 309cfb79329448f0c134aece0d10d0737e3728b25c288e9a76650837cd6f839c stunnel-5.47-android.zip Best regards, Mike -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Unable to select NULL or NULL-MD5
Greetings, I'm using OpenSSL for testing and recently compiled 1.1.0g and h. I'm seeing the same behaviour in both. openssl ciphers -v list the NULL ciphers, but when I try to use NULL or NULL-MD5 I get the same result: No ciphers available. I've tried several compile options to no avail. Can anyone point me in the right direction? Thanks! ./openssl s_client -connect x.x.x.x:443 -cipher NULL CONNECTED(0003) 140735917126464:error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available:ssl/statem/statem_clnt.c:800: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1522278574 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- -- Eric Jacksch, CPP, CISM, CISSP +1 613 482-7650 e...@jacksch.com Twitter: @EricJacksch https://SecurityShelf.com <https://securityshelf.com/> -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Enabling FIPS on an custom embedded system.
Hi Steve, Thanks for the quick reply. That is what I had understand from my reading but wasn't sure. My next question is about OpenSSH. There is no official support in OpenSSH for FIPS at the moment right ? Thanks Eric On Wed, Oct 26, 2016 at 5:04 PM, Steve Marquess <marqu...@openssl.com> wrote: > On 10/26/2016 04:37 PM, Eric Tremblay wrote: > > Hi all, > > > > __ __ > > > > I have built the FIPS module into our Platform but I am stuck at the > > point to enable it. > > > > __ __ > > > > We need FIPS to be enabled « Platform wide » not just for one > > application. > > > > __ __ > > > > I have read the documentation and search on the web for answer but it > > seem that I would have > > > > to modify a package or write a small application just to enable FIPS. > > > > __ __ > > > > Is there another way to enable it on startup of Linux ? or maybe > > something in OpenSSH ? > > > > __ __ > > > > I also read about the OPENSSL_Config in the User Guide but I’m not sure > > if/who and how it is called. > > > > __ __ > > > > I am working with OpenSSL 1.0.2j and FIPS 2.0.9. > > > > __ __ > > > > Thanks > > > > __ __ > > > > Eric > > > > > > > > > Hmmm ... where to start. > > First there is really no such thing as "enabling FIPS" for a platform. > The FIPS module is executable code that runs in the context of a > process, and to be righteous FIPS-wise each process (that uses > cryptography) must invoke the FIPS_mode_set() call that performs the > mandatory POST (Power Up Self Test). Note that is true even when the > FIPS module is embedded in a shared library (the "FIPS enabled" > OpenSSL), as each process using said shared library maps writable data > into its own private address space. > > So to make the sweeping claim that a "platform" is FIPS enabled, you > must make sure that *every* process for that platform enables FIPS mode > via a FIPS_mode_set() call (whether directly or indirectly). Note that > for your typical general purpose (e.g. Windows or Linux-like) operating > system that is an essentially unachievable goal, as not all of the many > crypto-using applications are readily converted to use the FIPS enabled > OpenSSL (for instance OpenSSH needs non-trivial hacks). Likewise > kernel-mode crypto can't be addressed with the OpenSSL FIPS module. > > For that reason the wise and prudent vendor does not attempt to "enable > FIPS" for an entire platform (for Level 1 validations), but rather only > makes claims about specific individual applications running on that > platform. > > In the case where all processes of interest are compatible with the FIPS > capable OpenSSL (specifically, not referencing any other crypto > implementations, or non-approved cryptographic operations), then > OPENSSL_config() can in principle be used to indirectly call > FIPS_mode_set() for each such application. That is only *after* every > such application/process has *first* been modified for compatibility > with the FIPS capable OpenSSL. Very few applications not already > designed to support the OpenSSL FIPS module will be compatible without > some degree of modification. > > -Steve M. > > -- > Steve Marquess > OpenSSL Validation Services, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@openssl.com > gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Enabling FIPS on an custom embedded system.
Hi all, I have built the FIPS module into our Platform but I am stuck at the point to enable it. We need FIPS to be enabled « Platform wide » not just for one application. I have read the documentation and search on the web for answer but it seem that I would have to modify a package or write a small application just to enable FIPS. Is there another way to enable it on startup of Linux ? or maybe something in OpenSSH ? I also read about the OPENSSL_Config in the User Guide but I’m not sure if/who and how it is called. I am working with OpenSSL 1.0.2j and FIPS 2.0.9. Thanks Eric -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] BN_mod_inverse:no inverse when calling OCSP_basic_sign
Version: openssl 1.0.1u OS: RHEL 6.5 Arch: x86_64 GNU/Linux I'm getting a critical error when openssl try to sign the basic response. The overall basic response itself seems fine since openssl can still decode the response if i use -no_signature_verify... Without it, i get: Response Verify Failure 140479349708456:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:186: 140479349708456:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218: 140479349708456:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: Any hint on troubleshooting this would be great. Here is how I call the OCSP_basic_sign: OCSP_BASICRESP *bresp; X509 *signer; EVP_PKEY *key; ... OCSP_basic_sign(bresp, signer, key, EVP_sha1(), NULL, 0); But getting the following error internally from OCSP_basic_sign: OPENSSL ERROR: error:0306E06C:bignum routines:BN_mod_inverse:no inverse OPENSSL ERROR: error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib Running it through dbg, it failed at ASN1_item_sign_ctx In crypto/asn1/a_sign.c 303if (!EVP_DigestSignUpdate(ctx, buf_in, inl) 304|| !EVP_DigestSignFinal(ctx, buf_out, )) { 305outl = 0; 306ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); 307goto err; 308} (gdb) print inl $1 = 284 (gdb) print outl $2 = 256 (gdb) print *ctx $4 = {digest = 0x7fb2ecf12b80, engine = 0x0, flags = 0, md_data = 0x7fb2ef1629d0, pctx = 0x7fb2ef162970, update = 0x7fb2ecc2515a } (gdb) print *ctx->digest $5 = {type = 64, pkey_type = 65, md_size = 20, flags = 12, init = 0x7fb2ecc2513c , update = 0x7fb2ecc2515a , final = 0x7fb2ecc2518b , copy = 0, cleanup = 0, sign = 0x7fb2ecbf0c70 , verify = 0x7fb2ecbf1568 , required_pkey_type = {6, 19, 0, 0, 0}, block_size = 64, ctx_size = 104, md_ctrl = 0} -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Example on SSL_SESSION_set_ex_data?
Thanks Rich and Michael. That was it, I was under the impression that these set functions would behave like those i2d function that would put the actual data inside... as I don't want to deal with the deallocation later (as I am modifying apache's mod_ssl). This seems to work as I can immediately read it back (before I couldn't) with get_ex_data. Do I still need to call SSL_set_session to put the updated session back in the SSL? According to the documentation: "If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session." > > BLAH b; > > b.blah = 12345; > > > > SSL_SESSION *session = SSL_get_session(ssl); > > SSL_SESSION_set_ex_data(session, my_data_idx, ); > > SSL_set_session(ssl, sess); > > Is "b" a stack variable? You should malloc it. > > -- > Senior Architect, Akamai Technologies > IM: richs...@jabber.at Twitter: RichSalz > > -- > > > (Top-posting because Outlook still can't handle HTML email correctly.) > > Unless I'm missing something, you're using the OpenSSL functions correctly > - though I admit I just looked at them here and didn't check the > documentation or my own use of them. Perhaps you're not using C correctly. > > We can't tell what the storage class of "b" is, because we don't have > context. Is it static or automatic? If it's automatic, then as soon as it > goes out of scope, bang - the pointer you've stored is invalid. > > The pointer you store should be to an object of static or dynamic storage > class. Static doesn't generally make sense, unless your sessions need to be > associated with one of a handful of objects that don't change after > creation. More typically you'd use a dynamic object. For example: > > static const BLAH blah0 = {0}; > BLAH *bp = malloc(sizeof *bp); > if (! bp) { error handling } > *bp = blah0; > bp->b = 12345; > ... > SSL_SESSION_set_ex_data(session, my_data_idx, bp); > > If you're using C++, of course, you'd want to create an object instance > using operator new, rather than calling malloc. But the principle remains > the same - don't use a pointer to an object which will be invalidated when > it goes out of scope. > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Example on SSL_SESSION_set_ex_data?
Can someone give an example on how to use the SSL_SESSION_set_ex_data? I'm trying to set custom information in apache mod_ssl and after trying many different ways, but can't get it to stick... struct st_blah_t { int blah; } BLAH; my_data_idx = SSL_SESSION_get_ex_new_index(0, "BLAH", NULL, NULL, NULL); BLAH b; b.blah = 12345; SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_set_ex_data(session, my_data_idx, ); SSL_set_session(ssl, sess); Am I using the functions right? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER
What is the most appropriate way to programmatically get the following information about an SSL_CIPHER? Currently, we need to read: * Which cipher algorithm is being used * Which key exchange algorithm is being used * Which MAC hash algorithm is being used The way we've currently been doing this is by looking at the SSL_CIPHER's algorithm_enc, algorithm_mkey, and algorithm_mac fields. But since there is no public header that contains the enum values, we've copied the values out of ssl/ssl_locl.h into our own code. This is problematic, since these values have recently changed with https://github.com/openssl/openssl/commit/bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb For example: -# define SSL_kDHE0x0008U +# define SSL_kDHE0x0002U One option we've discussed is to compare strings returned from SSL_CIPHER_get_name, or SSL_CIPHER_description, but this seems less than ideal. Is there a better way to programmatically get this information? Thanks in advance, Eric Erhardt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing
Via our nginx config, we've been supporting TLSv1 with the following ciphers: AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5 On Thu Jan 15 2015 at 9:00:36 AM Eric R. erafal...@gmail.com wrote: Thanks Matt. Would you have any guess as to why this is happening so frequently all of a sudden and disrupting traffic? It seems strange that it's so intermittent and only some users have the problem repeat for them. On Thu Jan 15 2015 at 6:30:56 AM Matt Caswell m...@openssl.org wrote: On 15/01/15 05:03, Eric R. wrote: For the past week I've been noticing many entries like this in our nginx error logs: SSL_do_handshake() failed (SSL: error:1408A0D7:SSL routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL handshaking What does the error required cipher missing mean exactly? Some of our users reported that their browser gave them an SSL connection error and then it went away. Others can no longer connect to our site at all. I've had a look at the OpenSSL source code and I think the error is related to checking that the server still supports the last cipher a session used. Is this correct? The only change I can think of that may affect our list of available ciphers was an update to the latest version of OpenSSL that CentOS 5 provided back in November. That was two months ago though, and other than that I can't think of what could be causing this. It means that an attempt is being made to resume a session, however the list of ciphers that the client is sending in the ClientHello does not include the cipher that was negotiated in the original session. Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing
Thanks Matt. Would you have any guess as to why this is happening so frequently all of a sudden and disrupting traffic? It seems strange that it's so intermittent and only some users have the problem repeat for them. On Thu Jan 15 2015 at 6:30:56 AM Matt Caswell m...@openssl.org wrote: On 15/01/15 05:03, Eric R. wrote: For the past week I've been noticing many entries like this in our nginx error logs: SSL_do_handshake() failed (SSL: error:1408A0D7:SSL routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL handshaking What does the error required cipher missing mean exactly? Some of our users reported that their browser gave them an SSL connection error and then it went away. Others can no longer connect to our site at all. I've had a look at the OpenSSL source code and I think the error is related to checking that the server still supports the last cipher a session used. Is this correct? The only change I can think of that may affect our list of available ciphers was an update to the latest version of OpenSSL that CentOS 5 provided back in November. That was two months ago though, and other than that I can't think of what could be causing this. It means that an attempt is being made to resume a session, however the list of ciphers that the client is sending in the ClientHello does not include the cipher that was negotiated in the original session. Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing
For the past week I've been noticing many entries like this in our nginx error logs: SSL_do_handshake() failed (SSL: error:1408A0D7:SSL routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL handshaking What does the error required cipher missing mean exactly? Some of our users reported that their browser gave them an SSL connection error and then it went away. Others can no longer connect to our site at all. I've had a look at the OpenSSL source code and I think the error is related to checking that the server still supports the last cipher a session used. Is this correct? The only change I can think of that may affect our list of available ciphers was an update to the latest version of OpenSSL that CentOS 5 provided back in November. That was two months ago though, and other than that I can't think of what could be causing this. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Can we have a PyOpenSSL 0.15?
All, My team is considering a port to Python 3 from Python 2.7. One issue we see is that we cant run a flask server with ssl. I am seeing that the fix is in this pull request: https://github.com/pyca/pyopenssl/pull/78/commits Which has already been merged. Is a new version of PyOpenSSL coming that contains this pull request? Thanks, Eric Chazan
Looking for C developer for network client
Anyone interested in helping to rewrite a small networking module for an openssl network client? Current design is migrating toward single thread non blocking. Help handling errors, session caching and general correctness needed. Thanks. Eric. e...@shufro.com
Proper use of non-blocking sockets, ideas for application design.
Hello. I am looking for advice for designing the transmit/receive network module of my application using openSSL. I originally designed the application using two threads, a transmit thread and a receive thread. These threads relied on a single BIO that was set for blocking more that would connect to the server and remain connected as long as possible. If a disconnection was detected, it would reconnect. However, this design has some drawbacks. From what I've read, despite having implemented the locking mechanism for the library, I now realize that a single BIO within an application is not thread safe. This may be an underlying cause of communication failures that crops up after long periods of run-time. It's hard to predict when a failure will occur, but it seems as though neither thread makes progress when it happens. My receiver thread was responsible for keeping the connection and reading data from the BIO. The transmitter would continue to try and transmit data received in a posix mqueue when the socket while connected. Is there a better pattern to use? From what I have read, I could switch to a single thread and create an underlying non-blocking socket that is bound to an SSL. I could also read transmit data from the existing queue, but set it for non-blocking. However, the details of how the library works in non-blocking more are still a bit fuzzy. When WANT_READ is returned, does this mean one should select on write and perform whichever operation (read or write) caused the error? If WANT_WRITE is returned, should I select on read and perform the previous operation? Can someone please outline clearly what steps to take for each return value for both read/write operations. Perhaps there is an opportunity to improve the OpenSSL documentation since I see questions like this in the mailing list frequently. Thank you in advance. --Eric
Re: x509v3 Extension: X509v3 Name Constraints?
Hello. I am looking for advice for designing the transmit/receive network module of my application using openSSL. I originally designed the application using two threads, a transmit thread and a receive thread. These threads relied on a single BIO that was set for blocking more that would connect to the server and remain connected as long as possible. If a disconnection was detected, it would reconnect. However, this design has some drawbacks. From what I've read, despite having implemented the locking mechanism for the library, I now realize that a single BIO within an application is not thread safe. This may be an underlying cause of communication failures that crops up after long periods of run-time. It's hard to predict when a failure will occur, but it seems as though neither thread makes progress when it happens. My receiver thread was responsible for keeping the connection and reading data from the BIO. The transmitter would continue to try and transmit data received in a posix mqueue when the socket while connected. Is there a better pattern to use? From what I have read, I could switch to a single thread and create an underlying non-blocking socket that is bound to an SSL. I could also read transmit data from the existing queue, but set it for non-blocking. However, the details of how the library works in non-blocking more are still a bit fuzzy. When WANT_READ is returned, does this mean one should select on write and perform whichever operation (read or write) caused the error? If WANT_WRITE is returned, should I select on read and perform the previous operation? Can someone please outline clearly what steps to take for each return value for both read/write operations. Perhaps there is an opportunity to improve the OpenSSL documentation since I see questions like this in the mailing list frequently. Thank you in advance. --Eric On Thu, Jul 17, 2014 at 1:57 PM, Walter H. walte...@mathemainzel.info wrote: Hello, does anybody know what to write in the extension config to get this X509v3 Name Constraints as the attached certificate (intel-ca.pem, intel-ca.text)? Thanks. -- Greetings, Walter
Re: What to do so the C implementation of sha1_block_data_order is taken.
Dear Steve, Thanks. It works. I also see how it works. Eric J. On Thu, Jan 9, 2014 at 5:37 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Jan 09, 2014, Eric J. Van der Velden wrote: There is a asm and a C implementation of sha1_block_data_order, in sha256-x86_64.s and in sha1dgst.c When I do, $ gdb openssl (gdb) r dgst -sha1 data.txt I see that the asm implementation is taken. What do I have to do so the C implementation is taken? Configure OpenSSL with no-asm. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
What to do so the C implementation of sha1_block_data_order is taken.
There is a asm and a C implementation of sha1_block_data_order, in sha256-x86_64.s and in sha1dgst.c When I do, $ gdb openssl (gdb) r dgst -sha1 data.txt I see that the asm implementation is taken. What do I have to do so the C implementation is taken? Thanks, Eric J.
Re: Increasing key size from 1024 to 2048?
Just curious -- what line of work is your company in? If you were CIA or NASA or something I'd see the need. If you are just a business -- wow! E On 10/10/2013 1:37 AM, int0...@safe-mail.net wrote: Hi, I've been asking this on the OpenVPN mailinglist, but didn't get an answer so far. Therefore I hope you can help me. We use OpenVPN in our company with the default cipher suite, which should be: DHE_RSA_BF_CBC_SHA So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. We use a keysize of 1024 bit for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (OpenVPN uses the Easy RSA scripts. These scripts use a variable KEY_SIZE when the Diffie-Hellman parameter or the RSA keys ar built. This variable is set to 1024). Furthermore we use a self-signed CA. Some days ago I recommended to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our staff uses OpenVPN, they asked me, if it is possible, to not update all keys at once - but only issue user certs with 2048 from now on for new OpenVPN users (and leave the old ones in places for later update). The process of doing that should look like that: a) Change variable KEY_SIZE used in Easy RSA scripts from 1024 to 2048 (bit). b) Create new Diffie-Hellman params with the Easy RSA build-dh script (will create the params with 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs would still be signed by our self signed CA which still uses the old 1024 bit key/cert. Given that an attacker has enough computing power, he could factorize n (from the pub key in the CA cert) to get p and q. With that he would have our CA's private key, being able to create a faked server cert and sign it with the CA key. With that server certificate the attacker could launch a man in the middle attack. That would mean: Authentication via RSA would be leveraged. So my question are: I. Am I right, or is that rubbish? II. Is an attacker able to get the CA cert at all? It looks as if during TLS handshake only the User certificate and the Server certificates are transmitted, but not the CA cert. III. To complicate things a bit more: OpenVPN supports a so called tls-auth directive which takes a 160 bit key. According to the OpenVPN documentation this key is used to generate a HMAC over every packet during TLS handshake (and append it?). It looks as if this is not part of TLS itself, but a modified implementation of TLS. They say, that without the key, not even the handshake would work. So my last question is: If the CA cert, can be requested from the OpenVPN Server somehow, that wouldn't work anymore, if such a key is used. Is that correct? Thanks a lot for your help! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Eric S. Eberhard VICS 2933 W Middle Verde Road Camp Verde, AZ 86322 928-567-3727 work 928-301-7537 cell http://www.vicsmba.com/index.html (our work) http://www.vicsmba.com/ourpics/index.html (fun pictures)
Re: simple file encrypt/decrypt
That is a very broad question. Here is an example in PHP: http://www.w3schools.com/php/func_string_sha1.asp On Sat, Aug 17, 2013 at 7:15 AM, Ztatik Light ztatik.li...@gmail.comwrote: anyone have simple code for encrypting/decrypting a file with a specified key using a specified cipher ? i'm getting really weird bugs with my code, i can provide a properly encrypted file to test with
How to extend key usage
I am a relative OpenSSL newbie, and I have had a task assigned to me which entails some SSL knowledge. My task is to take existing code, and add to it one of the capabilities in the table. I have a X509V3_CTX struct and it has been passed to X509V3_set_ctx(). I suspect the next step involves X509V3_add_value() but am not sure of that, nor of the exact procedure. Can anyone talk me through this? If I add (say) clientAuth through this method, is it going to work? Thanks Eric Value Meaning - --- serverAuth SSL/TLS Web Server Authentication. clientAuth SSL/TLS Web Client Authentication. codeSigning Code signing. emailProtection E-mail Protection (S/MIME). timeStamping Trusted Timestamping msCodeInd Microsoft Individual Code Signing (authenticode) msCodeCom Microsoft Commercial Code Signing (authenticode) msCTLSign Microsoft Trust List Signing msSGC Microsoft Server Gated Crypto msEFS Microsoft Encrypted File System nsSGC Netscape Server Gated Crypto __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
can't redirect console log during windows build
I have openSSL set up as a dependency for other projects that I'm building. It builds with the following commands: call perl Configure VC-WIN64A no-zlib no-shared --prefix=. call ms\do_win64a nmake -f ms\nt.mak This works fine, but only if I'm physically at the command prompt. If I attempt to redirect the output to a file, the build fails. The error is due to crypto/x86_64cpuid.pl. It looks like it's trying to create a file, but the file doesn't get generated, so when that file is referenced it throws an error. In line 11 of this file it attempts to open STDOUT, so I'm thinking that the redirection of the console log is causing this line to break, and the file to not get generated. Anyone else run into this and have a workaround? Eric Lordahl MANDIANT Software Engineer 2318 Mill Road Suite 500 Alexandria, VA 22314 703.224.2976 t 703.683.2891 f 703.615.8793 m mailto:eric.lord...@mandiant.com eric.lord...@mandiant.com www.mandiant.com smime.p7s Description: S/MIME cryptographic signature
Re: strong TLS connections
Our monolithic program (which runs in well under a meg including the program and all memory it uses) is monitored for correct hash (an algorithm we have to give a 21 byte hash total of files for which I have never seen two different files with the same hash) from an off-site program AND onsite cron processes. It also has calls within itself to validate it has not been de-compiled and modified. It has timing alerts that make using gdb/dbx with break points virtually impossible. It is also tied to the serial number of the AIX box or network card address on others. If even one byte does not match what was sent, email alerts are sent, the program is removed (after document user ids dates and times), the port is disabled, and so forth. Nothing is impenetrable, but an ordinary patching is not going to do the job. Secondly, dynamic libraries if shared by say 10 programs could be modified for some purpose OTHER than my program. They may be debugging their software, and hence write a log file of data, not realizing that they are logging my raw credit card data. My software then becomes non-compliant due to the innocent actions of others. Or their software may require a certain version that has a vulnerability that I can't live with. And I don't want to have to monitor this. Third, I certify my software with the static link. I know -- and the PCI compliance auditors know -- that it is compliant. If I have no control over dynamic libraries I have no way of KNOWING I am compliant in that environment. Neither does the customer or the auditor. Stray debug logging is, in fact, one of the primary causes of non-PCI compliance. Fourth, I use different compiler switches than the open source (different thread choices, different one-char default behavior, etc). How that works without a static link is an open question (and there are many other issues). The point of a static link is that ... it is static. You know what your program will do and you know how it will behave and you have tested, certified, and deployed in that manner. It is easy to validate that it has not been harassed. The point of a dynamic link is to allow O/S updates that fix perceived bugs/holes. In some situations this may not be a good thing (like say in my stray debug example). And usually not relevant. I might be using only one particular encryption. The fixes might be for others. And ... as usual with all software, sometimes fixes also have unintended consequences. I still think that the highest security is achieved with a static link. The easiest to keep current and updated is obviously the dynamic link. So that balance should be what decides. E At 12:13 PM 10/30/2011, you wrote: There are taste issues on this -- but you may be happier with a static link. It will load a giga-blip faster too with static link, and you won't even notice :-) A lot will depend on what your software is and how much of it. We have thousands of customers. We do credit cards which requires certification and you cannot (should not) allow the customer to change your software by installing a dynamic library. In fact, what if they built themselves their own libraries that wrote the unencrypted text out to a file? Then they could steal credit card numbers. BAD BAD BAD. It is a security hole to allow dynamic libraries because you have no control on what is really there. If the code is running at the customer site, you have no control over it, whether it's static or dynamic linked. It might be a giga-blip easier for your customer/attacker to patch a dll, put it's still trivial to patch your monolithic program. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com For pictures: http://www.vicsmba.com/ourpics/index.html (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: writing an SSH server
Thank you! Thank is great info for me if I ever need SSH (meaning SSL with the protocol). It may also help the original person as he may be able to solve his problem using inetd and openssh ... which is easy and reliable and works great if you have remotely reasonable traffic. Also, way less coding :-) Eric At 05:59 AM 10/28/2011, Jakob Bohm wrote: On 10/28/2011 2:08 AM, Eric S. Eberhard wrote: I end up using SSL because, weirdly, credit card companies and shipping companies (I do business software), and so forth, all use SSL -- almost always HTTPS -- and I don't have a call for a protocol. It would be REALLY cool if you could make a wrapper on stunnel to handle the H protocol portion as I could certainly use it. The H parts are not in openssl because they are in the openssh addon to openssl. There is such a wrapper, it is the SSH command itself from openssh (which uses openssl for crypto). There is also another such wrapper for Windows, it is called plink from the putty product (also open source). Either can be invoked with options to act similar to openssl stunnel (passing standard input to the other end and passing the other ends output to standard out). Both also support a different SSH tunneling mechanism for passing through TCP connections in parallel to its main connection. All the tunneled TCP connections are transmitted inside the same encrypted TCP connection as the main connection. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com For pictures: http://www.vicsmba.com/ourpics/index.html (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: strong TLS connections
I have an easy solution I use because not only do you have the problem with admins not having the library installed, you have the problem of them having the wrong version installed for something they need. Your app or theirs won't work. Or yours will, and they update openssl and it no longer does. And some places with strict security policies won't let you install things like openssl (but if they want your app they have to install it!). I simply build the static libraries and link them in. This means nothing need exist on the target machine and that you have a more stable product because you have tested against the library version you have static linked. You could argue it makes the program bigger and my answer is -- say what? My iPod could handle my entire business suite and data (for disk space, not actually running) -- so who cares. I have found this is often the easiest way to go. I also make a small wrapper that only builds certs from openssl and uses a different name, again making it appear to be my software. I also allow them to use a Web interface to my site to make a cert and download it. Eric At 11:09 AM 10/28/2011, Kristen J. Webb wrote: After all my wrangling, I'm leaning towards just using client certs. Is it a reasonable assumption that on UNIX'es these days I can expect to find libssl.so AND the openssl command line? If not, is it reasonable to assume that A sysadmin will install openssl to get my app to work? Otherwise, it would seem that something as easy and well documented as creating a CSR could be a lot more coding... Many thanks for all the useful comments! Kris On 10/27/11 7:20 AM, Michael S. Zick wrote: On Wed October 26 2011, Kristen J. Webb wrote: Having an app that can use certs, it appears, is nothing compared with how to deploy it and manage those certs ;) A general truism not specific to certs. Recognizing (or implementing) a need for trust is one thing; Determining (or establishing) what is to be trusted is quite another. Consider: Your roof leaks. Its easy to find a contractor who claims they will fix it. Its an entirely different matter to find one you can __trust__ to do the job correctly and to your satisfaction. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Mr. Kristen J. Webb Teradactyl LLC. PHONE: 1-505-242-1091 EMAIL: kw...@teradactyl.com VISIT: http://www.teradactyl.com Home of the True incremental Backup System __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com For pictures: http://www.vicsmba.com/ourpics/index.html (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: strong TLS connections
Kristen, Your points are all good. However, I have found the compatibility not good with customer installed versions versus my own. One of the problems, for example, could be that openssl compiles with a certain type of threads, not the same as your application. Same with semaphores and who knows what else. It could be many features like that. It could be changes in product I have found. Also, if they install in a different location than you, the header of your program will not find it (which can be solved with links on the user's system, sometimes). Sometimes the user installs a version with other dependencies (for example I use libxml2 but not the libzip ... and when a customer put the libzip version in, my application had problems). So then what I was doing was putting my versions of the dynamic libraries in my own location /usr/local/application_name/lib And linking that way and installing that way. But then when the security changes came ... I had to again install something and I realized it was easier to just install the static linked software. You also get tighter testing because it will force you to get the latest version, compile it, link it, test it, then install it. I do a LOT of cross-platform (AIX, Linux, OS/X, SCO, HP/UX, Windows, etc) work and have found that I am always safer linking exactly what I want and releasing that. I guess I feel I have more control over quality this way. BUT THIS IS JUST A DUMB OPINION -- most people disagree. I have found in practice that the dream of the O/S level updates magically making security updates work for your software is a dream that is more nightmare than pleasant. But that is just me. There are others who do agree, I am not alone, but I would guess a minority. As for the export question -- if they are not allowed certain things they are not allowed. Depending on your application, it may be OK. So if you require the illegal export of strong encryption and you install or ask them to install, you and they are in trouble. If your application is, say, a credit card application -- and it is static linked and can ONLY be used to process credit cards (and you let them generate keys through you) you are in fact able to export without legal complication. I export, had legal advise. I am not sure what you mean by the GNU licensing conflict. You are still only charging for your application, whether you static or dynamic link. I do always include the proper copyright files and put them in /usr/local/lib ... even though my link is static. I checked this as well. I will tell you that both my legal checks were cursory but I am confident they were sufficient. If you are really worried, check with a lawyer. On the GNU I think it is pretty much a matter of the intent of the license anyway. If you disclose it's use, include the proper copyright/license files, and don't charge for it, I think you are fine. There are taste issues on this -- but you may be happier with a static link. It will load a giga-blip faster too with static link, and you won't even notice :-) A lot will depend on what your software is and how much of it. We have thousands of customers. We do credit cards which requires certification and you cannot (should not) allow the customer to change your software by installing a dynamic library. In fact, what if they built themselves their own libraries that wrote the unencrypted text out to a file? Then they could steal credit card numbers. BAD BAD BAD. It is a security hole to allow dynamic libraries because you have no control on what is really there. You cannot look at a customer or credit card auditor and say with a straight face that you control the encryption and there is no security leak. If you statically link something in and certify it ... it is what is is. Under current credit card rules you may do minor updates just by notifying them -- so if you find a security patch that applies to your application (most don't for me) then you download, link statically, report to everyone who needs to know, and install your app again. Eric At 12:13 PM 10/28/2011, Kristen J. Webb wrote: On 10/28/11 12:39 PM, Eric S. Eberhard wrote: I have an easy solution I use because not only do you have the problem with admins not having the library installed, you have the problem of them having the wrong version installed for something they need. Your app or theirs won't work. Or yours will, and they update openssl and it no longer does. And some places with strict security policies won't let you install things like openssl (but if they want your app they have to install it!). I simply build the static libraries and link them in. This means nothing need exist on the target machine and that you have a more stable product because you have tested against the library version you have static linked. You could argue it makes the program bigger and my answer
Re: writing an SSH server
I believe the last function, the write, is missing a return false with the error message? Writing servers is VERY difficult to make 100% reliable, good logging, etc. I have many years experience and still avoid it when I can. You need to understand blocking and non-blocking calls, your network, etc. If you are on Unix -- use inetd if your volume is not too high. By too high I have productions systems with 10,000 connections continually with averaging 1,000 new connections per second. On inetd under AIX. In the old days of slow hardware people complained about the performance because it does have to create a new process. However your code becomes simple -- read/write to stdin/stdout. No need to open, accept, poll, close, or otherwise deal with sockets. Which then brings up stunnel ... and another performance barrier I supposed by throwing in another program. However -- I have easily used it for credit cards, UPS, USPS, Fedex, 10s of companies more obscure, Web interfaces, secure telnet, HTTPS, etc. On a modern machine you are unlikely, unless really resource strained, to care about the over head -- and you would have no programming to do at all. If stunnel is too limited, I'd still consider inetd. NOTE -- pretty much all code you write to work under inetd can later be transferred to a standalone server program. So you are wasting little time trying it. I actually have a generic server program I start with whenever I need a server (it's in C) that runs either under inetd or standalone. In practice I always use inetd -- it is dead reliable and if it is not working, Unix is not working. I am sure someone will disagree based on resource/performance reasons. You will have to judge that ... and like I said, trying it in inetd is not wasted time. If you are on Windows ignore this :-) Eric E At 01:48 PM 10/27/2011, David Durham wrote: Hi all, I'm new to C++ and libssl, but nevertheless trying to write an SSH server. I have gone through tutorials and believe I have a working server that initializes and SSL context, binds and listens on a TCP socket, and accepts a connection. Using a debugger I see that if I try to ssh myserver -p myport, the process hangs on the call to SSL_accept. I figure this is because the ssh client needs to do something before calling SSL_connect. I don't need authentication, I just want to use ssh kind of like a secure telnet. Here's my code, any advice is appreciated: bool SecureServer::Start () { SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); if (SSL_CTX_use_certificate_file(ctx, conf/ssl/server.crt, SSL_FILETYPE_PEM) = 0) { Error(failed to load server cert); return false; } if (SSL_CTX_use_PrivateKey_file(ctx, conf/ssl/server.key, SSL_FILETYPE_PEM) = 0) { Error(failed to load server private key); return false; } SSL *ssl = SSL_new(ctx); SocketType listen_sock = socket(AF_INET, SOCK_STREAM, 0); if (listen_sock = 0) { Error(failed creating socket); return false; } sockaddr_in sa_serv, sa_cli; sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons(2002); /* Server Port number */ if (bind(listen_sock, (struct sockaddr*) ((sa_serv)), sizeof(sa_serv)) 0) { Error(bind failed); return false; } /* Receive a TCP connection. */ if (listen(listen_sock, 5) 0) { Error(listen failed); return false; } socklen_t clientLen = sizeof(sa_cli); SocketType sock = accept(listen_sock, (struct sockaddr*) ((sa_cli)), clientLen); printf(Connection from %x, port %x\n, sa_cli.sin_addr.s_addr, sa_cli.sin_port); SSL_set_fd(ssl, sock); if (SSL_accept(ssl) = 0) { Error(SSL handshake failed); return false; } char *message = Hello SSL; if (SSL_write(ssl, message, sizeof(message)) = 0) { Error(error on ssl write); } return true; } Thanks, Dave __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com For pictures: http://www.vicsmba.com/ourpics/index.html (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: writing an SSH server
I end up using SSL because, weirdly, credit card companies and shipping companies (I do business software), and so forth, all use SSL -- almost always HTTPS -- and I don't have a call for a protocol. It would be REALLY cool if you could make a wrapper on stunnel to handle the H protocol portion as I could certainly use it. As you pointed out there are two things -- the protocol and the encryption, there was third I was trying to address and that is the whole problem of running your own server under Unix ... that you can skip. When then open source code breaks out the connection from the protocol is another matter ... they may be mixing them. I actually was just trying to suggest there might be easier ways (and maybe I am wrong) -- I try to help new people and I usually come up with odd solutions that is theory many people say are slow when in practice make no difference. And, I am not sure, but below that routine may be an actual Unix accept and then you have those issues of blocking and non-blocking that become a pain and are not required. Anyway you can easily ignore me or if you need anything, glad to help. If you make an SSH server that runs in inetd I'd love to have it, and if you extend stunnel to do this (I think that would work) then you could add to the stunnel project which is cool (I have added very minor things to many open source programs, even libxml2 and so forth). Also, if you need anything on old-fashioned C, I do breath that :-) E At 02:55 PM 10/27/2011, you wrote: From: owner-openssl-us...@openssl.org On Behalf Of David Durham Sent: Thursday, 27 October, 2011 16:48 I'm new to C++ and libssl, but nevertheless trying to write an SSH server. I have gone through tutorials and believe I have a working server that initializes and SSL context, binds and listens on a TCP socket, and accepts a connection. Using a debugger I see that if I try to ssh myserver -p myport, the process hangs on the call to SSL_accept. I figure this is because the ssh client needs to do something before calling SSL_connect. I don't need authentication, I just want to use ssh kind of like a secure telnet. snip SSH and SSL are different protocols, even though there is only one letter difference in the acronym. See RFCs 4250-6. The underlying *crypto* primitives are mostly the same, and the widely-used openssh implementation uses the libcrypto part of OpenSSL, but the protocol part of openssh is entirely different from the libssl part of OpenSSL (including SSL_accept). AFAIK SSH always formally authenticates the server, although in practice this is usually done by accepting the server's key the first time manually, which people are supposed to think about but don't, and thereafter checking it is the same. Similarly I believe it always formally authenticates the client, but that can be e.g. anybody/dontcare. If you just want confidentiality with truly no authentication, SSL/TLS (and OpenSSL) can do that with the anonymous-DH and anonymous-ECDH suites. I assume you understand and accept the vulnerabilities you are creating by not authenticating. Also: You didn't show your Error() routine (method?). I hope it displays the OpenSSL error stack in some suitable way; that information is very often vital in debugging errors. And: char *message = Hello SSL; if (SSL_write(ssl, message, sizeof(message)) = 0) is a very basic (but all too common) C bug. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com For pictures: http://www.vicsmba.com/ourpics/index.html (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Strange ca command behavior
Hi, I'm currently in the process of creating a basic CA using the command-line openssl tool, and I'm currenly metting a strange behavior of the command. When I use : openssl ca -config $dossier/$config -policy policy_match -out $dossier/subca/$filename.crt -days 3650 -infiles $dossier/requests/$filename.csr But finally say no when openssl asks me weither I want to sign the certificate or not, if I say no, the .crt file is generated anyway but is obviously invalid : [rootca@ca:~]$ openssl x509 -in subca/my_certificate.crt -noout -text unable to load certificate 18660:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE I took a look at the OpenSSL documentation but couldn't find why I meet this behaviour. Any highlights on this ? -- Eric Viseur
Re: Which openssl.cnf?
I don't know this syntax ie: # openssl strace openssl:Error: 'strace' is an invalid command. Standard commands asn1parse caciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engineerrstr gendh gendsagenpkey genrsa nseq ocsp passwdpkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautls_client s_server s_timesess_id smime speed spkac tsverifyversion x509 Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64bf bf-cbcbf-cfbbf-ecbbf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbcrc2-64-cbcrc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40seed seed-cbc seed-cfb seed-ecb seed-ofb On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland chighl...@gmail.com wrote: strace will show all of the syscalls executed by the application, including opening files. /s/ Adam On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig erau...@gmail.com wrote: Background: I have the problem in which there are multiple versions of openssl.cnf on my Linux (Ubuntu 11.04) installation. I had some problems with the default openssl-0.9.8. So I installed OpenSSL (1.0.0d 8 Feb 2011). I also have Zend Server CE (+zend framework +mysql etc) installed which is intended for the local intranet. The problem is that when attempting to load a secure page: there is no handshake (Firefox: ssl_error_rx_record_too_long) With regards to openssl: Is there a command that will show which openssl.cnf that it is reading from? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Which openssl.cnf?
Thanks, For context: something like #strace -o strace_openssl_output.txt openssl version followed by: emacs strace_openssl_output.txt On Fri, Aug 12, 2011 at 2:57 PM, Gayathri Sundar suraj...@gmail.com wrote: strace is a unix command wherein u need to attach the process which is linking with ur openssl library. It would tell the path from which all the libraries are loaded (for that process) along with a ton of other info. You would need to search the output of strace manually to figure out ur library path. On Fri, Aug 12, 2011 at 1:46 PM, Eric Raunig erau...@gmail.com wrote: I don't know this syntax ie: # openssl strace openssl:Error: 'strace' is an invalid command. Standard commands asn1parse caciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engineerrstr gendh gendsagenpkey genrsa nseq ocsp passwdpkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautls_client s_server s_timesess_id smime speed spkac tsverifyversion x509 Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64bf bf-cbcbf-cfbbf-ecbbf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbcrc2-64-cbcrc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40seed seed-cbc seed-cfb seed-ecb seed-ofb On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland chighl...@gmail.comwrote: strace will show all of the syscalls executed by the application, including opening files. /s/ Adam On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig erau...@gmail.com wrote: Background: I have the problem in which there are multiple versions of openssl.cnf on my Linux (Ubuntu 11.04) installation. I had some problems with the default openssl-0.9.8. So I installed OpenSSL (1.0.0d 8 Feb 2011). I also have Zend Server CE (+zend framework +mysql etc) installed which is intended for the local intranet. The problem is that when attempting to load a secure page: there is no handshake (Firefox: ssl_error_rx_record_too_long) With regards to openssl: Is there a command that will show which openssl.cnf that it is reading from? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Problems with certificates validity dates
Hi list, I'm currently setting up a small PKI using Bash scripts calling OpenSSL and Apache. However, whatever days of validity I put on the command line, it remains to it's default, 365 days. - On the CSR generation side, i'm using the following command : $openssl req -config $dossier/$config -new -newkey rsa:4096 -subj $subject -nodes -keyout $dossier/test/$filename.key -out $dossier/test/$filename.csr In the OpenSSL conf used on this side : default_days= 3650 - On the CS validation side, I use the following command : $openssl ca -config $dossier/$config -policy policy_match -out $dossier/subca/$filename.crt -infiles $dossier/requests/$filename.csr -days 3650 Still, I get the following output when OpenSSL asks me if I want to confirm the certificate validation : Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jun 28 14:53:37 2011 GMT Not After : Jun 27 14:53:37 2012 GMT Subject: countryName = *** stateOrProvinceName = *** organizationName = *** organizationalUnitName= *** commonName= *** emailAddress = *** X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: Object Signing Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: DA:55:28:C2:BF:03:F4:C9:2F:E5:00:13:F3:8B:0D:39:72:61:6B:EA X509v3 Authority Key Identifier: keyid:CF:01:8E:EF:EF:65:44:08:77:61:69:96:73:CA:83:8F:56:6A:55:E5 Certificate is to be certified until Jun 27 14:53:37 2012 GMT (365 days) And I just can't seem to understand why. Any ideas guys ? Eric
Re: Question regarding to memory leak
As a general comment not all memory leaks reported by these tools are a bad thing. I often write code that has these type of leaks on purpose for performance reasons. For example a function that is called often and malloc's memory ... rather than malloc and free each time (causing context switching and generally slow) I just make the pointer static and a size variable static. I use the pointer until it is too small, then I realloc to a larger size. In modern systems often the leak is worth the performance gain. I run on IBM AIX. Having said that, I have not dug in to your specifics which may just be bugs, an error with the tool, or deliberate. Eric At 11:58 AM 6/24/2011, Yan, Bob wrote: Hi, I have used IBM purify to check my test program which invokes openssl library. There are some memory leaks reported by Purify, please see below. Could somebody point to me from which function those leaks were generated, and how to avoid those leaks? Thanks, Bob MLK: 1104 bytes leaked in 46 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] ASN1_STRING_type_new [libcrypto.so.1.0.0] ASN1_primitive_new [libcrypto.so.1.0.0] asn1_item_ex_combine_new [libcrypto.so.1.0.0] asn1_item_ex_combine_new [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] Block of 24 bytes (46 times); last block at 0x2c0f7218 MLK: 836 bytes leaked in 2 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] asn1_enc_save [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] asn1_template_ex_d2i [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] ASN1_item_d2i [libcrypto.so.1.0.0] Block of 432 bytes at 0x2c093668 Block of 404 bytes at 0x2c009d58 MLK: 800 bytes leaked in 20 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] ASN1_OBJECT_new [libcrypto.so.1.0.0] c2i_ASN1_OBJECT [libcrypto.so.1.0.0] asn1_ex_c2i[libcrypto.so.1.0.0] asn1_d2i_ex_primitive [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] Block of 40 bytes (20 times); last block at 0x2c097a78 MLK: 600 bytes leaked in 15 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] asn1_item_ex_combine_new [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] asn1_template_ex_d2i [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] Block of 40 bytes (15 times); last block at 0x2c0f6e98 MLK: 376 bytes leaked in 33 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] ASN1_STRING_set [libcrypto.so.1.0.0] asn1_ex_c2i[libcrypto.so.1.0.0] asn1_d2i_ex_primitive [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] asn1_template_ex_d2i [libcrypto.so.1.0.0] Block of 14 bytes (21 times); last block at 0x2c0f7168 Block of 12 bytes (2 times); last block at 0x2c096828 Block of 11 bytes (2 times); last block at 0x2c096338 Block of 5 bytes (6 times); last block at 0x2c0976f8 Block of 3 bytes (2 times); last block at 0x2c095e58 . . . Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http
RE: Using PCKS Padding in OpenSSL
Actually the 2.0 specs don't allow disk storage at all for magstripe -- you can keep cardholder data until auth. Since 1.2 specs are not required until 1/1/12 and 2.0 another year ... I was pointing more to the future (and had our software certified for 2.0 as 1.2 is only good until 2013 and 2.0 is good till 2016 and I wanted to avoid another audit so soon). Not knowing the nature of the data and network setup makes it hard to answer definitively but if it is going to be lying around, encrypting it first is, as I said, a good idea in many cases. E At 08:36 PM 6/7/2011, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Eric S. Eberhard Sent: Tuesday, 07 June, 2011 15:21 I would point out in that last approach -- encrypting and sending un secure (which is a good idea in many cases) does have a few considerations. If the data is sensitive (like magnetic strip data from a credit card) this is completely NOT ALLOWED. PCI and PA-DSS won't allow it to hit the disk. If you do hit the disk and you care about security on either end, you also need a secure delete snip To be exact, PCI DSS (and therefore PA-DSS) prohibits storing magstripe, CVV2 and PIN after authorization (even if encrypted). Authorization should always be real-time and thus there should be no good reason to store on disk during auth, but it isn't specifically prohibited. If you do store it, yes you will then need to wipe it. But this is not specific to my last approach. The OP's question seemed to be about files, and storing this data in a clear file securely transferred with FTPS, SFTP, or such would be even worse. At 08:44 PM 6/6/2011, Dave Thompson wrote: Another approach is to secure the files themselves, rather than just the transfer. That is, encrypt and perhaps sign the files when (or before) they are placed on the sending system(s), transfer them using plain FTP or HTTP or other, and decrypt and perhaps verify them on the receiving system(s). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using PCKS Padding in OpenSSL
I would point out in that last approach -- encrypting and sending un secure (which is a good idea in many cases) does have a few considerations. If the data is sensitive (like magnetic strip data from a credit card) this is completely NOT ALLOWED. PCI and PA-DSS won't allow it to hit the disk. If you do hit the disk and you care about security on either end, you also need a secure delete program. Simply deleting a file does not remove the data from the disk. It takes about 5 lines of C to make a secure delete which if anyone likes I can give them. Eric At 08:44 PM 6/6/2011, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of greenelephant Sent: Sunday, 05 June, 2011 05:20 Thanks for the reply Dave. I am grateful for your advice. I am a novice as you have probably gathered. If I am not wrong in my judgement you seem to have some expertise on cryptology. Some, not a whole lot. I have stated SSL in my first post that I would like help with as you know. But with your expertise is there a better solution to use except SSL in terms of security using openssl? SSL/TLS (preferably the newest version supported, today usually TLS 1.1 or maybe 1.2) is a good general solution for security of Internet endpoint communication (particularly, but not only, web traffic using HTTPS). OpenSSL is a good implementation of SSL/TLS, plus some related (crypto) functionality, but not the only one; any other conforming and well-tested implementation available to you should be fine. For examples, Java includes its own SSL/TLS implementation (for Java), and I understand dot-NET does (for C#, VB, etc.) There are other protocols that may be better in specific situations (e.g. SSH as below) or necessary (e.g. IPsec and DNSsec are done at a level below where SSL can work). Also is SSL an ideal security solution for secured FTP transmissions using the openssl module to enable me to subvert any efforts to sabotage or breach security perpetrated by intruders or hackers using the methods of attacks (side channeling for instance) previously mentioned? FTP over SSL (FTPS) is a secure means of file transfer, if supported by both your server(s) and your client(s), which in my experience is not very common. When it is supported, the server and client code determines what module is used; it might be OpenSSL or something else. Another good and in my experience more common method of securing file transfer is SFTP, part of the SSH protocol suite. The crypto used in SSH is generally similar (though not identical) to SSL/TLS, and in fact the most widespread implementation OpenSSH uses libcrypto from OpenSSL, but the trust model is different (simpler). Instead of creating and verifying certificates, SSH requires you to manually verify a key fingerprint on the first connection between a given client and server (or else manually pre-transfer the encoded publickey). This isn't very good for communications with strangers (like sites you found on Google), but works okay for people that already have some contact (like your friends, customers of your company, etc). Another approach is to secure the files themselves, rather than just the transfer. That is, encrypt and perhaps sign the files when (or before) they are placed on the sending system(s), transfer them using plain FTP or HTTP or other, and decrypt and perhaps verify them on the receiving system(s). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
The way I do things like this is to slightly modify OpenSSL (and keep track of the mods!) 1) Hunt down the socket code 2) Set a new variable, a pointer to a function (for each function you replace) (fptr in my example) 3) rename the routine to release_function 4) make a new function() which has the exact same args and a few lines of code int function() { If (!fptr) fptr = (int(*)())(release_function); return(*ftpr()); } In my code I put in the initialization routine: extern int (*fptr)(); fptr = (int(*)())(my_function); Note that is pseudo code and needs fleshing out. This is because often these functions are VERY tightly coupled including handshaking and things I don't really understand -- so I replace a low-level routine I do understand. And with new releases it only takes moments to re-do the 3-4 functions I do this with. It means that the OpenSSL code will still work as intended in all cases except where you chose to override. Using function pointers does have weird/odd/goofy syntax but works well. I primarily use this to override error logging as I have my own logging functions and I need to use syslog() for the version 1.2 PCI/PA-DSS compliance. I have also replaced low-level TCP code on occasion. In fact I would argue that all the logging functions should be released with this capability built in as that is one area I think a lot of people would like to customize, and if there is any interest I will modify the code and send it through channels to be included. Error handling is tightly coupled -- everywhere -- in the code, so my system makes using my own logging very easy. Eric At 07:22 AM 6/1/2011, Victor Duchovni wrote: On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote: I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff man BIO_new_bio_pair Look at the example. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
Depends exactly what the person wants to do and also if he wants to use existing code and if he is familiar with the bio pairs. My point was not specific to his needs as there was not a lot of detail, only that making changes to the code is better and easier when you override functions -- such as I must do with the error handling (and anyone else writing PCI compliant code BTW -- MUST MUST -- do). In the old days I was stupid and inserted my code in to open source code ... making updates a nightmare. This externalizes changes and makes updates a cinch. Eric At 11:09 AM 6/1/2011, Victor Duchovni wrote: On Wed, Jun 01, 2011 at 10:56:47AM -0700, Eric S. Eberhard wrote: The way I do things like this is to slightly modify OpenSSL (and keep track of the mods!) Completely unnecessary, OpenSSL supports custom I/O layers via BIO pairs. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Trying to get URI of CRL from certificate extension
Does fail mean? Core dump? Whether it does or not, it us generally good practice to make sure those pointers are not null unless you are certain the functions can never return a bad value. Also, for debugging, if you break it down then you can get the individual results with print statements and see what is failing. Finally as a general comment on coding -- statements like that val= generally have two effects: 1) the outcome can be confusing. I once had two programmers working for me with a complex statement like that (setting things, calling things, etc, all on one line) and precedence and all kinds of things came up ... so they were arguing over various possible results. I told them the most likely result of a programmer leaving me code that two smart programmers have to argue over it's meaning is termination of employment :-) Make code human readable by the dumbest programmers (like perhaps your boss ;-) ) 2) It is less efficient. Depending on the platform, can be considerably. Compilers try to optimize. If the statement is really complex it does not optimize the line. Processors read ahead and execute statements when the situation makes it possible (AIX does this very well) ... again, too complex, it cannot do that. As an aside, those that read ahead always assume a test evaluates to true, so all conditional statements should have the most likely code first. Of course, this assumes performance is that important. Rough code should be: if (!meth-d2i) /* error handling */ if (!meth-i2v) /* error handling */ ptr = d2i(0, data, ext-value-length); printf(ptr1=%x\r\n); if (!ptr) /* or some other illegal value if int or ??? */ /* error handling */ ptr = i2v(meth, meth-ptr, 0); printf(ptr2=%x\r\n); if (!ptr) /* or some other illegal value */ /* error handling */ val = meth-ptr; Of course I don't really know if those are pointers or what so very rough. They could be int or whatever, but the above code allows you to print the intermediate values. And likely has mistakes since I slapped it out. My point is reducing the number of lines with compound statements is harder for humans and computers to understand and leaves you no easy way to check intermediate values and debug. Eric At 11:57 PM 5/26/2011, you wrote: Hi, I am trying to get URI of the CRL from certificate extension using below function: static char *get_distribution_point(X509 *cert) { int extcount, i, j; const char*extstr; CONF_VALUE*nval; unsigned char *data; X509_EXTENSION*ext; X509V3_EXT_METHOD *meth; STACK_OF(CONF_VALUE) *val; if ((extcount = X509_get_ext_count(cert)) 0) { for (i = 0; i extcount; i++) { ext = X509_get_ext(cert, i); extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext))); if (strcasecmp(extstr, crlDistributionPoints)) continue; if (!(meth = X509V3_EXT_get(ext))) break; data = ext-value-data; val = meth-i2v(meth, meth-d2i(0, data, ext-value-length), 0); for (j = 0; j sk_CONF_VALUE_num(val); j++) { nval = sk_CONF_VALUE_value(val, j); if (!strcasecmp(nval-name, URI)) return strdup(nval-value); } } } return 0; } Above function fails at val = meth-i2v(meth, meth-d2i(0, data, ext-value-length), 0); Any suggestions ? Please help Thanks Regards, Akash Deo Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Download fips 1.2.3
winzip will open tar files ... E At 01:20 PM 5/24/2011, you wrote: On 05/24/11 12:53 PM, Kyle Hamilton wrote: I don't think that Solaris's tar hits the bug every time. Do you think Oracle (nee Sun) would ship something that failed 100% of the time instead of 0.1% of the time? bug? no, this is not a bug. native posix tar doesn't read gzip files, gzip does. gnu tar munged gzip into tar to create a hybrid. gunzip -c filename.tar.gz | tar xvf - or gunzip filename.tar.gz tar xvf filename.tar works just great on Solaris and any other Unix platform. -- john r pierceN 37, W 123 santa cruz ca mid-left coast __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Download fips 1.2.3
If you tried to open it in Winzip (which can open tar files and tar.gz files) you can see if it is the Solaris or the file. To have Winzip do the tar.gz rename it to simply .tgz ... You could always transfer it from your PC if you do it this way -- if you are running Samba on the Solaris it is trivial. Eric At 02:55 PM 5/24/2011, you wrote: From: John R Pierce Sent: Tuesday, May 24, 2011 9:20 PM On 05/24/11 12:53 PM, Kyle Hamilton wrote: I don't think that Solaris's tar hits the bug every time. Do you think Oracle (nee Sun) would ship something that failed 100% of the time instead of 0.1% of the time? bug? no, this is not a bug. native posix tar doesn't read gzip files, gzip does. gnu tar munged gzip into tar to create a hybrid. gunzip -c filename.tar.gz | tar xvf - or gunzip filename.tar.gz tar xvf filename.tar works just great on Solaris and any other Unix platform. ... except when it doesn't, such as in the case in question.__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Download fips 1.2.3
You need to: gunzip openssl-fips-1.2.3.tar.gz That will create openssl-fips-1.2.3.tar Then tar -xvf openssl-fips-1.2.3.tar Eric At 03:11 PM 5/23/2011, Ruiyuan Jiang wrote: Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to tar xvf on my Solaris 10 SPARC, the source had error message unexpected EOF. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Download fips 1.2.3
Oh -- if you like being efficient and not wasting disk space this works nicely: gunzip -c openssl-fips-1.2.3.tar.gz | tar xvf - This will uncompress on the fly and leave the compressed file. At 03:21 PM 5/23/2011, Eric S. Eberhard wrote: You need to: gunzip openssl-fips-1.2.3.tar.gz That will create openssl-fips-1.2.3.tar Then tar -xvf openssl-fips-1.2.3.tar Eric At 03:11 PM 5/23/2011, Ruiyuan Jiang wrote: Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to tar xvf on my Solaris 10 SPARC, the source had error message unexpected EOF. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Communication using BIO
You might also consider using stunnel which works perfectly and is easy to use in many cases and unless your volume is silly-high has plenty of performance to run in inetd mode which is very reliable. stunnel is based on openssl. It also makes your app independent of SSL changes which I like. Eric At 03:47 PM 5/23/2011, Wim Lewis wrote: On 23 May 2011, at 1:29 PM, Harshvir Sidhu wrote: Anyone any comments on this. Is openssl appropriate choice for my case? As I understand it you want OpenSSL to handle the protocol and encryption, but you don't want OpenSSL to do any network I/O itself: you want to do that (via the C# sockets class). An example of using OpenSSL in this way is in demos/state_machine/state_machine.c in the OpenSSL distribution. As David Schwartz says, the important thing is not to assume that reads and writes of your data correspond directly to reads and writes on the socket. SSL may need to perform multiple reads and writes before you see any data (for example, during a handshake or renegotiation). state_machine.c uses memory BIOs to buffer data going in and out of SSL. I think a better way to do it in current versions of OpenSSL is to make your own, nonblocking BIO which calls into your C# code as needed. But I could be wrong. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Download fips 1.2.3
Try this -- you may have a space problem. gunzip -c openssl-fips-1.2.3.tar.gz | tar xvf - (this uncompresses on the fly) You also might have had a space problem when you downloaded and the file is not complete, check the number of bytes against the ftp severver. Last, you may have accidently downloaded in ASCII mode instead of binary, which makes a mess of the file. Given that EOF seems to be the problem, I suspect download or gunzip space problems. May also want to try another mirror? Eric At 03:27 PM 5/23/2011, Ruiyuan Jiang wrote: Hi, Eric That is what I did exactly and failed on tar xvf and I don't have problem with 1.2.2. Ryan -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Eric S. Eberhard Sent: Monday, May 23, 2011 6:22 PM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: Re: Download fips 1.2.3 You need to: gunzip openssl-fips-1.2.3.tar.gz That will create openssl-fips-1.2.3.tar Then tar -xvf openssl-fips-1.2.3.tar Eric At 03:11 PM 5/23/2011, Ruiyuan Jiang wrote: Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to tar xvf on my Solaris 10 SPARC, the source had error message unexpected EOF. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List
Re: SSL Communication using BIO
or ... keep it simple and at least consider using stunnel. I have a LOT of applications using openssl, 3/4 I just use stunnel and forget about it. For a few when I need to do crazy things, I code and link in to my application. But you can save a lot of trouble with stunnel, at least as a first step (proof of concept). BTW, I also use the Windows version which you can download with an installer and it works great as well. E At 04:12 PM 5/23/2011, Gayathri Sundar wrote: actually I would seriously recommend you read the OpenSSL book written by Eric Rescorla, it discusses all the use cases of openssl, BIO, async/sync usages..so that you get an idea of how OpenSSL itself works. On Mon, May 23, 2011 at 6:02 PM, Neo Liu mailto:diablo...@gmail.comdiablo...@gmail.com wrote: I think you can read this article and it will be help. http://www.lenholgate.com/blog/2002/11/using-openssl-with-asynchronous-sockets.htmlhttp://www.lenholgate.com/blog/2002/11/using-openssl-with-asynchronous-sockets.html On Mon, May 23, 2011 at 4:59 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: David, So are you suggesting that i change the approach in my Code. My application is for Windows and in Managed C++. In that i am using Callback function for receive, when the callback function is called, and when i call SSL_read in that, it hangs at recv call in the OpenSSL code, my assumption is that data was already read from socket, when callback was called. Another thing i would like to mention is I am using Sockets Managed Class, not the native sockets. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA
A very simple one -- tax the time stamp register or the 4 byte cycles since 1970, and concatenate the process id (which is unique for a long time). The same process id cannot get either of those two numbers in two calls to be the same. Eric At 10:24 AM 5/19/2011, you wrote: On Thu May 19 2011, Tim Watts wrote: I think I might add some randomness into mine - seems easy enough. I won't pretend I fully understand why - mostly because I wasn't clear why the serial is important. If your CPU has a 'time stamp register' (cycle counts since power-up) - You can grab those contents as your counter (usually 8 bytes worth). Since this counter advances rapidly (GHz range today) it is unlikely you will ever have two machines, or two serial number creations, that strike at the same clock cycle since power-up. (Thats a pretty small target to hit.) Usually that will cost you one or two machine cycles to read the counter. Relatively fast way to get an 8 byte number I haven't used before. Concantinate that with 8 bytes of something else of your choice that doesn't vary with the clock cycles since power up. If truly paranoid - 'whiten' with the hash function of your choice. (or with AES as in another post here - many machines can do AES in hardware.) Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Clients glomming onto a listener
I have found that fork() on modern machines as a negligible affect on performance and in fact I almost always use inetd instead of writing my own servers, mainly because it is dead reliable, easier to code, and again seems to have negligible affect on performance. One would have to do millions upon millions of connects to notice or care. Having said that, I use AIX mostly, and that performs better under load than Linux on Intel, and even Linux on the IBM p series platform. I would do it cheap and easy and worry about performance after-the-fact. Eric At 04:46 PM 5/10/2011, you wrote: On 10 May 2011, at 4:13 PM, David Schwartz wrote: On 5/10/2011 2:10 AM, John Hollingum wrote: Pretty much immediately after the accept the program forks a handler, but the rogue clients must be glomming onto the main process before the SSL negotiation is complete. Calling 'fork' with an accepted SSL connection has all kinds of known issues. The fundamental problem is that there are many operations that must occur both before and after the 'fork', for different reasons, and obviously can't do both. You could accept just the TCP connection in the main process and do all of the SSL handshake in the forked process (I think IO::Socket::SSL-start_SSL() is what you want for that) --- this would not be a high-performance approach (no SSL session cache, fork overhead) but if it's fast enough it's fast enough. It's possible to use openssl in a non-blocking, event-driven manner but I don't think Perl's SSL modules expose enough of the openssl API to do that. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Clients glomming onto a listener
I was not trying to compare O/S, only point out that my experience is more out of the AIX world than Linux world. I also want to point out again what I was saying ... you don't need to make a server and you don't need to fork() and all kinds of complicated stuff if you write it for inetd. You don't even need to write socket code (stdin/stdout read/write is all you need). The O/S will create the processes and clean them up on disconnects and so forth. Unless you are super performance limited, this is the best way to go because it always works and is always reliable (if inetd fails to function on a Unix O/S then the machine is essentially toast anyway). In addition it is more easily portable if you care about porting to more than one Unix. Using select is not always supported, socket flags not always the same, etc. All a non-issue under inetd. Eric At 08:57 AM 5/11/2011, you wrote: On Wed, May 11, 2011 at 08:39:49AM -0700, Eric S. Eberhard wrote: I have found that fork() on modern machines as a negligible affect on performance and in fact I almost always use inetd instead of writing my own servers, mainly because it is dead reliable, easier to code, and again seems to have negligible affect on performance. One would have to do millions upon millions of connects to notice or care. Having said that, I use AIX mostly, and that performs better under load than Linux on Intel, and even Linux on the IBM p series platform. I would do it cheap and easy and worry about performance after-the-fact. Eric Let's not start an OS A is better than OS B discussion here. You can safely fork single-threaded OpenSSL servers right after accept(3), and handle the SSL connection in a child. This makes the memory-resident session cache ineffective, but you can use callbacks to implement an external (Berkeley DB similar or shared memory, ...) session cache. Forking after SSL_accept() is tricky, since your parent process will have partial SSL connections in progress for other clients when a given handshake completes (event-based connection management) or will serialize all handshakes, but as you've observed that's not a good option. So, my suggestion is that a forking server is fine, just use an external session cache. The Postfix SMTP server is an example of this model. There before the TLS handshake, we also have an SMTP STARTTLS handshake, but that does not alter the analysis in any substantive way, just a few more packets to exchange before the TLS connection is ready. Note, Postfix is pre-forking, rather than forking, so there is a pool of processes, that serially accept connections, but this too does not impact the design analysis. - You can use a single process with event-based I/O. - You can use multiple threads in a single process. - You can fork after accept(2) and use an external session cache - You can pre-fork and handle clients serially one per process, with re-use of processes for another client after a client hangs-up. This too requires an external session cache. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Clients glomming onto a listener
Performance is related to the application. For example, a system that accepts 10 SSL connects per year has different requirements than one that accepts 1000 per second. Obviously there is a middle ground. My point is that theoretical performance differences are very real in the later case, and of no consequence in the first case. Cost of software development and upkeep and system management is much lower using say inetd and not bothering to make a server. I have systems with thousands of SSL connections per minute, holding 500-1000 at a time, going through inetd on a modest AIX box and have zero performance issue. Don't even notice they are there and they take low single digits of CPU usage combined. Depending on the application, usage, hardware, cost of software development, cost of software upkeep, simplicity in system management -- the answer to what is the best way is different. I often find people ignoring that simple concept and developing very complex software to be theoretically faster ... only to end up with complex and buggy code that is hard to manage in an environment where the extra performance was not needed. One has to also consider the cost to develop and manage. So there is no right or wrong answer, I am trying to get the programmer to think ... does he really need, in his case, blistering performance? Can he do it with a simple inetd module (which later could be the core for his own server)? Does he want it up quick and easy with no real management issues? I am only spurring thought, not telling anyone what is right or wrong in their case :-) E At 10:10 AM 5/11/2011, you wrote: Eric, you must be really kidding this time :), servers with this architecture are susceptible to dos and what not..am sure for embedded systems where memory is a big limiting factor the best would be async design, also code becomes easily portable in future. On Wed, May 11, 2011 at 10:39 AM, Eric S. Eberhard mailto:fl...@vicsmba.comfl...@vicsmba.com wrote: I have found that fork() on modern machines as a negligible affect on performance and in fact I almost always use inetd instead of writing my own servers, mainly because it is dead reliable, easier to code, and again seems to have negligible affect on performance. One would have to do millions upon millions of connects to notice or care. Having said that, I use AIX mostly, and that performs better under load than Linux on Intel, and even Linux on the IBM p series platform. I would do it cheap and easy and worry about performance after-the-fact. Eric At 04:46 PM 5/10/2011, you wrote: On 10 May 2011, at 4:13 PM, David Schwartz wrote: On 5/10/2011 2:10 AM, John Hollingum wrote: Pretty much immediately after the accept the program forks a handler, but the rogue clients must be glomming onto the main process before the SSL negotiation is complete. Calling 'fork' with an accepted SSL connection has all kinds of known issues. The fundamental problem is that there are many operations that must occur both before and after the 'fork', for different reasons, and obviously can't do both. You could accept just the TCP connection in the main process and do all of the SSL handshake in the forked process (I think IO::Socket::SSL-start_SSL() is what you want for that) --- this would not be a high-performance approach (no SSL session cache, fork overhead) but if it's fast enough it's fast enough. It's possible to use openssl in a non-blocking, event-driven manner but I don't think Perl's SSL modules expose enough of the openssl API to do that. __ OpenSSL Project http://www.openssl.orghttp://www.openssl.org User Support Mailing List mailto:openssl-users@openssl.orgopenssl-users@openssl.org Automated List Manager mailto:majord...@openssl.orgmajord...@openssl.org Eric S. Eberhard tel:%28928%29%20567-3727(928) 567-3727 Voice tel:%28928%29%20567-6122(928) 567-6122 Fax tel:%28928%29%20301-7537(928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.comhttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcfhttp://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id
Re: Multiple connection from 1 client
Harsh, I would take up his offer of help. Socket control over multiple sockets is tricky code and very specific to what you are trying to do. My environment is single threaded and does similar things to yours -- but as Gayathri said, there are many details and exceptions and although with some online help or books I am sure with enough time you could do it (took me forever the first time) I suspect that this offer is as good as they get. I am not jobless (lucky me) so I can't put in the time he can. Gayathri -- would you be interested in pure C coding on a contract basis (intermittent, not really a job, more like occasional tasks) -- the code we write runs on AIX, Linux, OS/X, SCO, HP/UX, Centos, etc. so it is a little tricky to make work. If you have interest let me know your rates and real email and so forth. Thanks, Eric At 08:33 PM 5/6/2011, you wrote: Harsh., If u have any specific doubts in writing this asynchronous state machine email me privately at suraj...@gmail.com. I am pretty much jobless right now and can spend some time on this. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks, I will give this a try. // Harshvir On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote: Change the sockets. This is what I use: int setblock(fd, mode) int fd; int mode; /* True - blocking, False - non blocking */ { int flags; int prevmode; flags = fcntl(fd, F_GETFL, 0); prevmode = !(flags O_NDELAY); if (mode) flags = ~O_NDELAY; /* turn blocking on */ else flags |= O_NDELAY; /* turn blocking off */ fcntl(fd, F_SETFL, flags); return prevmode; } Since it returns the existing mode you can use as such: prevmode = setblock(fd,0) /* turn of blocking */ /* do your thing */ (void)setblock(fd,prevmode);/* restore to original condition */ At 04:15 PM 5/6/2011, you wrote: Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. __ OpenSSL Project
Re: Multiple connection from 1 client
And I cannot imagine a case where a blocking FD is useful except it is lazier to code that way. You need to use non-blocking. E At 04:03 PM 5/6/2011, you wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell mailto:jfarr...@pillardata.comjfarr...@pillardata.com wrote: From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.htmlhttp://www.catb.org/~esr/faqs/smart-questions.html Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Change the sockets. This is what I use: int setblock(fd, mode) int fd; int mode; /* True - blocking, False - non blocking */ { int flags; int prevmode; flags = fcntl(fd, F_GETFL, 0); prevmode = !(flags O_NDELAY); if (mode) flags = ~O_NDELAY; /* turn blocking on */ else flags |= O_NDELAY; /* turn blocking off */ fcntl(fd, F_SETFL, flags); return prevmode; } Since it returns the existing mode you can use as such: prevmode = setblock(fd,0) /* turn of blocking */ /* do your thing */ (void)setblock(fd,prevmode);/* restore to original condition */ At 04:15 PM 5/6/2011, you wrote: Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell mailto:jfarr...@pillardata.comjfarr...@pillardata.com wrote: From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.htmlhttp://www.catb.org/~esr/faqs/smart-questions.html Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures
Re: slow https conenctions
I suspect client behavior is incorrect. It could have to do with 1.1 HTTP, especially if client is PHP (because of 100 continue problems). There are several other documented delays including a 15 second default keep alive. There is also a cURL problem that can cause this on the client side. http://curl.haxx.se/mail/curlphp-2005-01/0011.html http://php.net/manual/en/function.file-get-contents.php Eric At 03:06 AM 4/26/2011, Matthew Fletcher wrote: Hi, I've come to this list in search of help with slow https conenctions (via the subversion, apache and finally mod_ssl lits). There is a 15 second ish delay whenever a client connects using https, i've tracked this down in the logs to the snippet shown. -- snip -- [Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits) [Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows) -- end -- But i really dont know how to get any further. This machine is pretty powerful, quad 3ghz xeon etc. Full log from startup bellow,.. any help / ideas much appreciated. [Thu Apr 21 11:21:16 2011] [info] Init: Initializing (virtual) servers for SSL [Thu Apr 21 11:21:16 2011] [info] Configuring server for SSL protocol [Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv3, TLSv1) [Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(661): Configuring permitted SSL ciphers [ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM] [Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(420): Configuring TLS extension handling [Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(792): Configuring RSA server certificate [Thu Apr 21 11:21:16 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(831): Configuring RSA server private key [Thu Apr 21 11:21:16 2011] [info] mod_ssl/2.2.17 compiled against Server: Apache/2.2.17, Library: OpenSSL/0.9.8r [Thu Apr 21 11:21:16 2011] [notice] Child 3268: Child process is running [Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(408): Child 3268: Retrieved our scoreboard from the parent. [Thu Apr 21 11:21:16 2011] [info] Parent: Duplicating socket 276 and sending it to child process 3268 [Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(605): Parent: Sent 1 listeners to child 3268 [Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(564): Child 3268: retrieved 1 listeners from parent [Thu Apr 21 11:21:16 2011] [notice] Child 3268: Acquired the start mutex. [Thu Apr 21 11:21:16 2011] [notice] Child 3268: Starting 64 worker threads. [Thu Apr 21 11:21:16 2011] [notice] Child 3268: Listening on port 443. [Thu Apr 21 11:21:49 2011] [info] [client 127.0.0.1] Connection to child 0 established (server pl161.serck-uk.internal:443) [Thu Apr 21 11:21:49 2011] [info] Seeding PRNG with 144 bytes of entropy [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 11/11 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows) [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-+ [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | : 16 03 01 00 df 01 00 00-db 03 01 ... | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-+ [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 217/217 bytes from BIO#c99cd0 [mem: ca14bb] (BIO dump follows) [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-+ [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | : 4d b0 05 3d 24 b5 92 40-cb c0 c7 84 df 99 b8 2f M..=$..@.../ | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 1c 49 78 19 74 74 b3 0d-3f 89 d3 3d 7a 90 7c 50 .Ix.tt..?..=z.|P | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 00 00 5c c0 14 c0 0a 00-39 00 38 00 88 00 87 c0 ..\\.9.8. | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 0f c0 05 00 35 00 84 c0-12 c0 08 00 16 00 13 c0 5... | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: 0d c0 03 00 0a c0 13 c0-09 00 33 00 32 00 9a 00 ..3.2... | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: 99 00 45 00 44 c0 0e c0-04 00 2f 00 96 00 41 00 ..E.D./...A. | [Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 07 c0 11 c0 07 c0 0c c0-02 00 05 00 04 00 15 00 | [Thu Apr 21 11:21:49 2011] [debug
Re: [PATCH] conversion to EBCDIC
You might find this useful: http://cprogramminglanguage.net/ascii-ebcdic-conversion-functions.aspx Eric At 07:08 AM 4/22/2011, you wrote: Hi, I am working on a MAINFRAME. The encoding page is EBCDIC and not ASCII, so i have to do some conversion to support openssl on a mainframe. I am not familiar to use this method to open patch so it may be confusing. Here is one patch like you ask with the diff tools : diff -r crypto/x509/x509_vfy.c openssl-work/x509_vfy.c 8c8 * --- * 15c15 * --- * 22c22 * --- * 37c37 * 4. If you include any Windows specific code (or a derivative thereof) from --- * 4. If you include any Windows specific code (or a derivative thereof) from 40c40 * --- --- * 52c52 * --- * 256c256 if ((ok = 0) !! X509_cmp(x, xtmp)) --- if ((ok = 0) !! X509_cmp(x, xtmp)) 266c266 else --- else 1108c1108 * will be duplicated by the parent, but this will rarely be used in --- * will be duplicated by the parent, but this will rarely be used in 1307c1307 ok = get_crl_sk(ctx, crl, dcrl, --- ok = get_crl_sk(ctx, crl, dcrl, 1455c1455 1455c1455 * a certificate was revoked. This has since been changed since --- * a certificate was revoked. This has since been changed since 1681a1682,1684 £ifdef CHARSET_EBCDIC char v_eÝ14~,*v; £endif 1682a1686 1688a1693,1698 £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, str, i 14 ? i : 14); v = v_eÝ0~; memcpy(str,v,i); £endif 1704c1714 é --- é 1738a1749,1754 £ifdef CHARSET_EBCDIC £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, buff2, atm.length 14 ? atm.length : 14); v = v_eÝ0~; memcpy(buff2,v,atm.length); £endif Regards = Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie. = This message and any attachments (the message) are confidential, intended solely for the addressees, and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. = Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Custom Optimization flags
In real life I have found various optimizations to cause more trouble than not, and to not really change real-world performance. Unless you are in a hard loop encrypting/decrypting I don't think anyone will notice. I do 10s of thousands of encryption/decryption calls each day and they add no noticeable change to performance. If it becomes a hassle, my advise, don't bother. Eric At 11:24 PM 4/14/2011, you wrote: Hey guys, I've got a couple of quick questions regarding building openSSL with custom compiler optimization flags. I'm attempting to optimize the builds of some select OS components specifically for the Intel Atom under Linux, (I'm using the 2.6.37 kernel, glibc 2.13, binutils 2.21, gcc 4.5.2; my toolchain has been optimized mostly with the CFLAGS='-O3 -fomit-frame-pointer -march=atom -mtune=atom') and am wondering the following: * How sensitive is it that the openSSL testsuite (make test) will detect incorrect aggressive compiler optimizations? My guess as to an answer is 'very', given the size of the testsuite, and the sensitivity to incorrect data that the crypto problem-space exhibits. * Can the openSSL build system detect the specific x86 extensions that a given processor supports, and include the relevant asm code? (This may be done at run-time dynamically instead, but how does the library know what the fastest code path should be?) * Does OpenSSL 1.0.0d have a code-path for the Atom? * Does anyone else have any experience involving tuning OpenSSL for the Atom? If so, I'd like to hear the specifics of your results in optimizing for this processor. If you have had any experience, I'd encourage you to share your results either on-list or privately. * (probably more of a question for the dev list): openssl does not have a parallel-build-safe build system... Is there a way to benchmark multi-threaded processors multi-core processors using the test-suite that makes use of every possible execution path? This would be a remarkably useful (synthetic) benchmark for real-world crypto performance on various architectures. Provided that I had a bit of direction and support, I'd be willing to add it to the test suite in small patches. I *would* need to know more than I currently know about crypto though :) For those wondering, this is the compile line I'm using with gcc 4.5.2: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN \ -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -march=atom \ -mtune=atom -fomit-frame-pointer -pipe -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM For those wondering, I'm seeing test suite run-times of about 2 + 1/4 minutes to run using single-thread execution on an atom. Thanks for your help, John __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
EVP_BytesToKey Key length of 56?
I am working with a legacy app and need to use OpenSSL to decrypt Blowfish-cbc. The library in question (http://search.cpan.org/~lds/Crypt-CBC-2.30/CBC.pm) uses a 56 byte key size while OpenSSL defaults to a 16 byte key size. I think part of my problem is that EVP_BytesToKey only returns a 16 byte key. Is there any way to change the key size to 56 bytes? I've included my 16 byte code below. char *decrypt_bf(unsigned char *coded,int coded_len,unsigned char *keystr,int keystr_len) { //Make sure to #include openssl/evp.h //compile with -lcrypto if using gcc char buffer[1024]; unsigned char key[16]; unsigned char iv[8]; unsigned char salt[8]; int i; int plainlen; int finallen; memcpy(salt,coded+8,8); fprintf(stderr,salt=); for (i=0; i8; i++) fprintf(stderr,%02X,salt[i]); fprintf(stderr,\n); EVP_BytesToKey(EVP_bf_cbc(),EVP_md5(),salt,keystr,keystr_len,1,key,iv); EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); EVP_DecryptInit(ctx,EVP_bf_cbc(),key,iv); EVP_CIPHER_CTX_set_key_length(ctx,16); fprintf(stderr,IV=); for (i=0; i8; i++) fprintf(stderr,%02X,iv[i]); fprintf(stderr,\n); fprintf(stderr,KEY=); for (i=0; i16; i++) fprintf(stderr,%02X,key[i]); fprintf(stderr,\n); EVP_DecryptInit(ctx,NULL,key,NULL); EVP_DecryptUpdate(ctx,buffer,plainlen,coded+16,coded_len-16); EVP_DecryptFinal(ctx,buffer+plainlen,finallen); char *retval=(char *)malloc(finallen+1); retval[finallen]='\0'; memcpy(retval,buffer,finallen); EVP_CIPHER_CTX_cleanup(ctx); return retval; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Compiling Openssl-0.9.8m
Hello, I am having an issue compiling OpenSSL 0.9.8m on my: vSphere powered Sun Solaris 10 x86 currently with Openssl 0.9.7d. When running ./config I get no errors. When running make, make test and make install I get no errors. However, when running /usr/local/ssl/openssl version I get a return of openssl 0.9.7d rather than 0.9.8m. I have used different options on the ./config line, e.g. shared, no-shared with mixed results. Using no-shared returns errors from make. Using shared or not using an option I have no problems. I am leaning towards a library issue but I can't prove it out right. The reason I say library is that when I attempt to compile BIND, the entire reason behind the upgrades, I can compile it as long as I use ./configure --with-libtool --withno-openssl --enable-thread. Unfortunately without openssl I don't get to use DNSSEC, the entire reason for upgrading BIND so we can make a DNS box out of it, not to mention those nasty IAVA's. Eric R. Jones SRF JRMC Yokosuka 315-243-4196 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Question on Next Version of OpenSSL (0.9.8m)
Does anyone have any idea on whether the next version of OpenSSL is going to be released in the next couple of months? Or even better if someone has an anticipated date of the next release? I am trying to decide if I need to use version 0.9.8k, or if I should wait until 0.9.8m. With Renegotiation out of 0.9.8l, I cannot use that version. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
certificate for multi domain on a web server with one ip address
Hi, I created certificates for two domains for example : example1.com and example2.com, these domain are located on a web server with one ip address. each domain has a vitual in http.conf . I configed ssl.cnf for these two domain. I set virtuals for each one. when I restart httpd it has the warning that these domains have overlap. and when I open browser It could make ssl only for the first virtual in ssl.cnf and for the second one has error of certificate.
trouble with Aix
Hello I have a trouble with opennsl to encrypt (in aes128) files ( 80Mb). My encrypt file have just 192 octets. Have you this problem ? Have you an idea? It is very urgent Best regards Eric Larrouy
Re: OpenSSL support for RFC2898 / PBKDF2
On Wed, Sep 03, 2008 at 04:16:57PM +0200, Graham Leggett wrote: Does openssl support RFC2898 Not in 0.9.8.x. You have to write it yourself. -- Eric Murray Sr. Security Architect SafeNet www.ingrian.com www.safenet-inc.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Issue with Java vs. C signing
Hi, I'm new to coding encryption, so I apologize in advance if this is obvious. I am trying to create a signature in a C++ program and I need to generate the same signature as a Java program we've already coded. The Java call is like this: Cipher cipher = Cipher.getInstance(RSA/NONE/PKCS1PADDING, ...); and we're using BouncyCastle as the provider. In the C++ program, I tried to pass RSA_PKCS1_PADDING as the type to rsa_sign, but I'm not getting the same signature. The Java and C++ are both using the same private PEM key. I'd appreciate any help you all can give. Thanks, Eric Eric Manzon IBM Certified I/T Specialist IBM Account Support Team, Qualex 3414 North Duke Street Durham, NC 27704 919-382-2342 [EMAIL PROTECTED]
Generating certificates from IIS certificate requests
I have an IIS (.NET 2.0) server from which I generated a certificate request using the standard wizard. I am now trying to use OpenSSL to generate a certificate from that certificate request. I tried just generating another certificate but IIS caught the mismatch and will not install the certificate itself. So, How do I respond to the IIS-generated certificate request with OpenSSL? Eric Chamberlain VentriPoint, Inc. | www.ventripoint.com | Software Engineer Helping heart care through innovative diagnostic solutions attachment: winmail.dat
Cannot install via Cygwin
I am trying to build and install openssl via Cygwin. I followed the instructions and I only hit a bump when I attempt make install During which I get a boatload of errors. The last few lines of output were: /SSL_want.3man3 : No such file or directoryl/ssl/man/man3 /: No such file or directoryocal/ssl/man/man3 /SSL_write.3an3 : No such file or directoryl/ssl/man/man3 /: No such file or directoryocal/ssl/man/man3 /d2i_SSL_SESSION.3 : No such file or directoryl/ssl/man/man3 /: No such file or directoryocal/ssl/man/man3 /ssl.3ling man3 : No such file or directoryl/ssl/man/man3 /: No such file or directoryocal/ssl/man/man3 make: *** [install_docs] Error 1 There is no definitive error reported but openssl is not known within my Cygwin shell afterwards. Help! I have no clue as to the work-around here. Eric Chamberlain VentriPoint, Inc. | www.ventripoint.com | Software Engineer Helping heart care through innovative diagnostic solutions attachment: winmail.dat
Install Error OpenSSL-0.9.8h
Greetings, I am receiving the following errors when attempting to install OpenSSL-0.9.8h on SuSE Linux Enterprise 9. However, there was no issue with make and make test. Please advise, Thanks, -Eric ;., SSL.3 = ssl.3 making install in crypto... make[1]: Entering directory `/usr/local/src/openssl-0.9.8h/crypto' cp: cannot create regular file `usr/local/include/openssl/crypto.h': No such file or directory chmod: cannot access `usr/local/include/openssl/crypto.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/tmdiff.h': No such file or directory chmod: cannot access `usr/local/include/openssl/tmdiff.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/ opensslv.h': No such file or directory chmod: cannot access `usr/local/include/openssl/opensslv.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/ opensslconf.h': No such file or directory chmod: cannot access `usr/local/include/openssl/opensslconf.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/ebcdic.h': No such file or directory chmod: cannot access `usr/local/include/openssl/ebcdic.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/ symhacks.h': No such file or directory chmod: cannot access `usr/local/include/openssl/symhacks.h': No such file or directory cp: cannot create regular file `usr/local/include/openssl/ ossl_typ.h': No such file or directory chmod: cannot access `usr/local/include/openssl/ossl_typ.h': No such file or directory make[1]: *** [install] Error 1 make[1]: Leaving directory `/usr/local/src/openssl-0.9.8h/crypto' make: *** [install_sw] Error 1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl usage
Hi, I was wondering if you could either send me or point me in the right direction to a help file directed towards using the openssl dlls' in practical ftp situations involving ssl and tls. I'm not sure really where to start, but I know that I need to know what functions to call from the dlls, and at what appropriate time to call the specific functions during the ftp sessions from a client's perspective. Thanks! Eric
UserPrincipalName
Hi. Does anybody have an example of parsing an X509 certificate structure to pull out the UserPrincipalName from the Subject Alternative Name attribute? If I understand correctly I would need to make some calls to V3_alt.c (???). I could use some assistance on how to make the necessary calls to this routine in order to pull out just the UPN value. Any help would be appreciated thanks. Eric Johnson Nortel Networks Sustaining Engineer [EMAIL PROTECTED]
Option to clear (set to midnight) the time part of notBefore and notAfter fields
Hi. Annoyed by having the time part of notBefore and notAfter fields set to the time I run the command, I hacked a -cleartime option to openssl x509 and openssl req -x509. I attach the patch against the files from debian etch's openssl 0.9.8c-4. Cheers. -- Eric Deplagne --- x509.c.orig 2007-08-20 18:30:37.0 +0200 +++ x509.c 2007-08-21 17:11:17.0 +0200 @@ -121,6 +121,7 @@ -addreject arg - reject certificate for a given purpose\n, -setalias arg - set certificate alias\n, -days arg - How long till expiry of a signed certificate - def 30 days\n, + -cleartime - Set the notBefore and notAfter fields to midnight, the considered day\n, -checkend arg - check whether the cert expires in the next arg seconds\n, exit 1 if so, 0 if not\n, -signkey arg- self sign cert with arg\n, @@ -147,11 +148,11 @@ }; static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); -static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, +static int sign (X509 *x, EVP_PKEY *pkey,int days,int cleartime,int clrext, const EVP_MD *digest, CONF *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days, int clrext, CONF *conf, char *section, + int create,int days,int cleartime, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; @@ -181,7 +182,7 @@ int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; - int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; + int x509req=0,days=DEF_DAYS,cleartime=0,modulus=0,pubkey=0; int pprint = 0; const char **pp; X509_STORE *ctx=NULL; @@ -270,6 +271,8 @@ goto bad; } } + else if (strcmp(*argv,-cleartime) == 0) + cleartime=++num; else if (strcmp(*argv,-passin) == 0) { if (--argc 1) goto bad; @@ -537,6 +540,7 @@ EVP_PKEY *pkey; X509_CINF *ci; BIO *in; + time_t t=0; if (!sign_flag !CA_flag) { @@ -621,8 +625,14 @@ if (!X509_set_issuer_name(x,req-req_info-subject)) goto end; if (!X509_set_subject_name(x,req-req_info-subject)) goto end; - X509_gmtime_adj(X509_get_notBefore(x),0); - X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); + if(cleartime) + { + t=time(NULL); + t-=t%(60*60*24); + } + + X509_time_adj(X509_get_notBefore(x),0,t); + X509_time_adj(X509_get_notAfter(x),(long)60*60*24*days,t); pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x,pkey); @@ -922,7 +932,7 @@ #endif assert(need_rand); -if (!sign(x,Upkey,days,clrext,digest, +if (!sign(x,Upkey,days,cleartime,clrext,digest, extconf, extsect)) goto end; } else if (CA_flag == i) @@ -947,7 +957,7 @@ assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, - CApkey, CAserial,CA_createserial,days, clrext, + CApkey, CAserial,CA_createserial,days,cleartime, clrext, extconf, extsect, sno)) goto end; } @@ -1119,12 +1129,13 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno) + int days, int cleartime, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno) { int ret=0; ASN1_INTEGER *bs=NULL; X509_STORE_CTX xsc; EVP_PKEY *upkey; + time_t t=0; upkey = X509_get_pubkey(xca); EVP_PKEY_copy_parameters(upkey,pkey); @@ -1156,11 +1167,17 @@ if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; if (!X509_set_serialNumber(x,bs)) goto end; - if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) + if(cleartime) + { + t=time(NULL); + t-=t%(60*60*24); + } + + if (X509_time_adj(X509_get_notBefore(x),0L,t) == NULL) goto end; /* hardwired expired */ - if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) + if (X509_time_adj(X509_get_notAfter(x),(long)60*60*24*days,t) == NULL) goto end; if (clrext) @@ -1219,11 +1236,12 @@ } /* self sign */ -static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, +static int sign(X509 *x, EVP_PKEY *pkey, int days, int cleartime, int clrext, const EVP_MD *digest, CONF *conf, char *section) { EVP_PKEY *pktmp; + time_t t=0; pktmp = X509_get_pubkey(x); EVP_PKEY_copy_parameters(pktmp,pkey); @@ -1231,13 +1249,20 @@ EVP_PKEY_free(pktmp); if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err; - if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err; + + if(cleartime) + { + t=time(NULL); + t-=t%(60*60*24); + } + + if (X509_time_adj(X509_get_notBefore(x),0,t) == NULL) goto err; /* Lets just make it 12:00am GMT, Jan 1 1970
Question re: V3_alt.c in 9.7d
Hi. I need to pull out the subject alternative name from the certificate and than grab the 'otherName' type. When I look at V3_alt.c in 9.7d I'm walking away with the impression that it isn't supported. Can somebody confirm if this is the case or not? And if so is there a version of OpenSSL where this is supported? Thanks. Eric Johnson Nortel Networks Sustaining Engineer [EMAIL PROTECTED]
RE: Question re: V3_alt.c in 9.7d
Thank you. I'll give those a shot. Eric Johnson Nortel Networks Sustaining Engineer [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Thursday, August 02, 2007 11:23 AM To: openssl-users@openssl.org Subject: Re: Question re: V3_alt.c in 9.7d On Thu, Aug 02, 2007 at 09:48:39AM -0400, Eric Johnson wrote: Hi. I need to pull out the subject alternative name from the certificate and than grab the 'otherName' type. When I look at V3_alt.c in 9.7d I'm walking away with the impression that it isn't supported. Can somebody confirm if this is the case or not? And if so is there a version of OpenSSL where this is supported? Thanks. You should be using 0.9.7l or 0.9.8e, there are known issues with prior releases. The subjectAltName components are processed via: STACK_OF(GENERAL_NAME) *gens; int i, r; gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); for (i = 0, r = sk_GENERAL_NAME_num(gens); i r; ++i) { const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); switch (gn-type) { case GEN_OTHERNAME: /* Do something with: gn-d.othername-value; gn-d.othername-type_id; */ case GEN_EMAIL: ... case GEN_DNS: ... case GEN_X400: ... case GEN_DIRNAME: ... case GEN_EDIPARTY: ... case GEN_URI: ... case GEN_IPADD: ... case GEN_RID: ... default: ... } } -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Dont Hate Me
you're officially on my spam list. There's an appropriate forum to discuss your political views. On 7/18/07, edf green [EMAIL PROTECTED] wrote: But seriously.. RON PAUL 2008! www.ronpaul2008.com I go out on a limb here to spread the message, as i've never done it before, and i hope you all can forgive me. It's just that i've never seen a candidate that has made me or my colleagues so passionate about government, reform, and the chance to restore to America what it has been void of so long. Watch any of the following videos to see what i'm talking about. http://www.ronpaul2008.com/videos/2007-06-13-colbert-report/ http://www.ronpaul2008.com/videos/2007-06-04-daily-show/ http://www.youtube.com/watch?v=WUYDt7kC3Z0 http://www.youtube.com/watch?v=EF37-9OGblwmode=relatedsearch= etc etc etc.. If you would like to see america in the hands of a man who'd like to restore us to our former glory, spread the message.. go out on a limb, even at the risk of being removed from the openssl mailing list. Haha.. again.. sorry but my heart tells me i had to ~Jason P.S. OpenSSL rocks
RE: SSL Scaling Question
Hi Tim. Thanks for the response. I would be fetching static content so hopefully that should make things easier. I know the number of connections that should be supported. I just need to make sure that the SSL Accelerator can achieve the intended target. I have two issues that I am faced with 1) Verifying if the max number of connections can be reached without the use of any load balancers and 2) the number of servers that would be needed to support the max number of connections. II can introduce load balancers but prefer not to at this point in time. I just need to isolate the test results with\without the load balancers in place. In your experience, if I needed to reach 50,000 connections (for example) would you think one server would be enough to handle it? Or would I need multiple servers (and load balancers)? Regardless, I can try one server and if it doesn't yield the required results I can keep adding servers until I get there. Would you happen to know what metrics can be used to determine if another server is needed or not? Thanks a lot for all your help. Hope everything is well. Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 1:23 PM To: openssl-users@openssl.org Subject: RE: SSL Scaling Question If all you are going to do to test the accelerator/server combination is fetch some static content, then your job is fairly easy: Load-test the server using HTTP connections fetching the static content, until you either reach a server bottleneck (CPU/Memory/IO) or achieve your max number of connections. Increase the number of servers (with the appropriate load balancer) as needed until you can support the required number of connections. Then insert your SSL hardware, and generate the load using HTTPS. You should observe an increase in transaction times since the load generators have to do the crypto processing in software. In fact, you may end up needing more generators to compensate for that additional workload. That's a pretty simplified approach, but should serve to get you started. It's been my experience that in real-world usage, the limits encountered at first are more related to the web server and any application server/middleware, primarily in the ability to handle lots of simultaneous sessions and maintain persistence data for all of them. The crypto processing on the accelerators is rarely a performance issue unless you are talking about very static HTML content. Best wishes from another Nortel employee, Timothy M. Metzinger, CISSP, PMP Northop Grumman Information Technologies/Nortel Government Solutions Department of the Treasury Office of the Chief Information Officer HR Connect Program Office 202-622-0579(voice) HR Connect: Connecting people, performance, and technology -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Johnson Sent: Tuesday, February 13, 2007 11:59 AM To: openssl-users@openssl.org Subject: SSL Scaling Question Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the appropriate number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server should be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED]
SSL Scaling Question
Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the appropriate number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server should be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED]
Either a bug or a misunderstanding or Spyders in the code
I am trying to do encryption using the evp APIs. For testing I am using AES-128-ECB as the cypher. I have no problem encrypting and decrypting, rather I am having problems with the sizes of the buffers. My program is largely the same as evp_test.c function test1 with the release /openssl-0.9.8c/test, however this program does not handle the padding -- all the test cases have even block-count bytes and the padding is turned off. I removed the call to turn off the padding in my program. My program is also like a sample program I found on-line which handles the padding the same as I do: http://tldp.org/LDP/LG/issue87/vinayak.html When encrypting a string of 37 bytes and passing as such: if (!EVP_EncryptUpdate(ctx,out,outl,plaintext,37)) { outl becomes 48 at this point (which is the expected size since this alogrithm appears to block at 16 bytes). However, the next call as such: if (!EVP_EncryptFinal(ctx,out+outl,outl2)) { this sets outl2 to 16 ... meaning it padded one more additional block. If I send decrypt 64 bytes it gives the desired answer (e.g. my text is what I expect it to be). This is what I send: if (!EVP_DecryptUpdate(ctx,out,outl,ciphertext,64)) { outl is set to 48 (I would really like it to be 37 ...) if (!EVP_DecryptFinal(ctx,out+outl,outl2)) { outl2 is set to zero ... It would seem that the first encrypt SHOULD set 32, the final encrypt should set 16 and the final result should then be 48 bytes. It would also seem that the first decrypt should set 32, the final decrypt should set 5, and the final result should be 37 bytes. At a bare minimum, it would seem that the total from the two encrypt statements should be 48 and the total from the two decrypt statement should be 37 or 48, depending on your taste, but I find 37 more useful. Last, I should not have to store 64 bytes of encrypted data to successfully encrypt and decrypt 37 bytes of data. I have noticed that if I simply don't do the final calls for both encrypt and decrypt that everything appears to work on the encrypt and I save 48 bytes ... but when I decrypt it I only get back 32 bytes. And if I do a final decrypt on data that did not have a final encrypt I get an error. I suspect I am missing something because using openssl to encrypt the bytes from a file and in to a file yields a 64 byte file ... just like my program :-) But I don't understand why. 1) Should I always count on up to 2 extra blocks (1 for the remainder if any, one for no reason I can tell)? 2) When decrypting, is there a way to find out the original size (in my case 37)? 3) Am I missing something or is there a bug around here? 4) If I am going to handle large files that require multiple calls to the Encrypt routines, I presume I would turn the padding off until the very last block of data? Same with decrypt? My goal would be to be able to encrypt a file and get the exact same results as command line openssl. And the reverse. Thanks, Eric This email sent by: Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax 928-301-7537 -- you may call any time day or night, I turn it off when I sleep :-) Please try to use a land line first (reception often poor). Note the change in the domain from vicspdi.com to vicsmba.com For Metropolis support and VICS MBA Support http://www.vicsmba.com Completely updated web site of personal pictures with many new pictures! Includes horses, dogs, Corvairs, and more. http://www.vicsmba.com/ourpics/index.html Corvair pictures including the Judson setup on our 62 Sedan and lots of pictures of Cheryl's 62 Monza Wagon and our 62 Spyder convertible. http://www.vicsmba.com/ourpics/corvairs.html My younger brother Martin has started a very serious car company. A hot rod (very fast) electric roadster is the first offering. The chassis is built by Lotus to their specs. Check it out: http://www.teslamotors.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Either a bug or a misunderstanding or Spyders in the code
Kyle, Thank you ... I thought I was missing something (actually the behavior told me what you told me, I just wanted to confirm it was correct). I won't actually use ECB, it was randomly selected from the test file ... A follow-up then ... if I have 37 bytes I would call Update twice and Final once? If I have 32 bytes I would call Update once and Final once? Or two Updates? Is there a call to get the block size, or is that always 16? (I know it is in the ctx but I was hoping to get it sooner than that). Thank you again! Eric At 06:27 PM 10/13/2006, you wrote: OpenSSL does not store the plaintext size in block protocol usage. That's an application-layer issue. ECB mode, by the way, is REALLY discouraged. Padding doesn't come into play until the second-to-last and last blocks. You should get 16*(3 blocks of data +1 block for the EncryptFinal()) == 64 bytes. If you're writing less than a multiple of the block size, you should call EncryptFinal() on that write, not follow it up. This is arguably a bug in the block logic (the expected behavior you seem to want would be: you should get 32 bytes from the write of 37 bytes, with the final 5 bytes stored in a buffer until you call EncryptFinal, which would pad to the appropriate block length and then finish the encryption), but I'm not certain it should be changed -- SSL and TLS have a need for an application data flush feature that forces data to be flushed without the encryption state being reset. Every EncryptFinal() ciphertext block that you get from it, though, is going to be the same (at least in ECB mode). Personally, I regard the fact that OpenSSL supports ECB mode without a Configure option (or at least a warning when it's used) a bug. So, to answer your questions in order: 1) The second-to-last block is not an extra block. It contains application data. I believe that you can expect to get that last block. 2) No. 3) I think you're missing something. 4) Padding doesn't happen until a short block occurs anyway, so turning padding off until the final block won't change anything. Look at the source code to the command-line utility to see what it does, if you want to get identical results. Cheers, -Kyle H On 10/13/06, Eric S. Eberhard [EMAIL PROTECTED] wrote: I am trying to do encryption using the evp APIs. For testing I am using AES-128-ECB as the cypher. I have no problem encrypting and decrypting, rather I am having problems with the sizes of the buffers. When encrypting a string of 37 bytes and passing as such: if (!EVP_EncryptUpdate(ctx,out,outl,plaintext,37)) { outl becomes 48 at this point (which is the expected size since this alogrithm appears to block at 16 bytes). However, the next call as such: if (!EVP_EncryptFinal(ctx,out+outl,outl2)) { this sets outl2 to 16 ... meaning it padded one more additional block. If I send decrypt 64 bytes it gives the desired answer (e.g. my text is what I expect it to be). This is what I send: if (!EVP_DecryptUpdate(ctx,out,outl,ciphertext,64)) { outl is set to 48 (I would really like it to be 37 ...) if (!EVP_DecryptFinal(ctx,out+outl,outl2)) { [...] 1) Should I always count on up to 2 extra blocks (1 for the remainder if any, one for no reason I can tell)? 2) When decrypting, is there a way to find out the original size (in my case 37)? 3) Am I missing something or is there a bug around here? 4) If I am going to handle large files that require multiple calls to the Encrypt routines, I presume I would turn the padding off until the very last block of data? Same with decrypt? My goal would be to be able to encrypt a file and get the exact same results as command line openssl. And the reverse. Thanks, Eric __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email sent by: Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax 928-301-7537 -- you may call any time day or night, I turn it off when I sleep :-) Please try to use a land line first (reception often poor). Note the change in the domain from vicspdi.com to vicsmba.com For Metropolis support and VICS MBA Support http://www.vicsmba.com Completely updated web site of personal pictures with many new pictures! Includes horses, dogs, Corvairs, and more. http://www.vicsmba.com/ourpics/index.html Corvair pictures including the Judson setup on our 62 Sedan and lots of pictures of Cheryl's 62 Monza Wagon and our 62 Spyder convertible. http://www.vicsmba.com/ourpics/corvairs.html My younger brother Martin has started a very serious car company. A hot rod (very fast) electric roadster is the first offering. The chassis is built by Lotus to their specs. Check it out: http://www.teslamotors.com
FW: question about libcurl.net
How do I do the same thing using the dll / library? Thanks Eric I am attempting to use the library with a SSL Certificate. Will it work or what do I need to do to get it to work. This library has a very simple interface, thanks for the hard effort. The parameters for curl would be as follows: cURL -E [certificate] [Certificate File]:[Certificate Password] -F orgid=[orgid] School Code or Program Number -F batchid=[batchid] Unique batch ID -F userid=[userid] Authorized SEVIS user ID -F [EMAIL PROTECTED] XML Data Document https://[url]/action/batchUpload SEVIS batch Upload URL
Installing OpenSSL on HPUX 10.2
Hi, I'm getting errors when installing OpenSSL on a HPUX 10.2 box. This is info about box: HP-UX i3107spw B.10.20 A 9000/847 I ran ./config and this is output: $ ./config Operating system: 9000/847-hp-hpux1x Configuring for hpux-parisc-cc elif [ 528 -ge 523 ]; then # PA-RISC 1.0 CPU OUT=hpux-parisc-cc-cc target already defined - hpux-parisc-cc (offending arg: elif) Then make These are the errors: $ make making all in crypto... /opt/ansic/bin/cc -I. -I.. -I../include -O -c cryptlib.c cpp: cryptlib.c, line 170: warning 2013: Unknown preprocessing directive. cc: ../include/openssl/stack.h, line 73: warning 5: const will become a keyword. cc: ../include/openssl/stack.h, line 73: error 1000: Unexpected symbol: char. cc: ../include/openssl/stack.h, line 73: warning 5: const will become a keyword. cc: ../include/openssl/stack.h, line 73: warning 5: const will become a keyword. cc: error 2017: Cannot recover from earlier errors, terminating. *** Error exit code 1 Stop. *** Error exit code 1 Stop. $ Does anyone have any ideas? Thanks, Martin Riewski (719)548-6831 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
I am having a hard time getting SSL_Accept to work with a non blocking socket
Hi there, I am pulling my hair out trying to get SSL_accept to work with a non blocking socket. When I make a call to SSL_accept and then perform an SSL_get_error. I get the error SSL_ERROR_WANT_READ. At this point what should I do. Currently I am doing the following: while (((rc = SSL_accept(ssl)) = 0) ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE))) {} but I never get out of this loop. I am also using select to obtain read events for this socket. In the case mentioned above do I need to check select for a read event prior to calling retrying SSL_accept. HELP MUCH APPRECIATED! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: asn.1 recursive type and choice
Thank you Stephen for your reply. As expected in your answer, I have used ASN1_DECLARE_ITEM(TA) just before ASN1_CHOICE(TA). Now, it compiles. I believe to understant why this structure is ambiguous. Only, I need this field f2. If I write: TA ::= CHOICE { f1 SET OF TA, f2 [10] TA, f3 INTEGER } 1 struct _ta_st TA; 2 3 struct _ta_st { 4int type; 5union { 6 STACK_OF(TA) *f1; 7 TA *f2; 8 ASN1_INTEGER *f3; 9} value; 10 }; 11 12 ASN1_DECLARE_ITEM(TA) 13 ASN1_CHOICE(TA) = { 14 ASN1_SET_OF(TA, value.f1, TA), 15 ASN1_EXP(TA, value.f2, TA, 10), 16 ASN1_SIMPLE(TA, value.f3, ASN1_INTEGER) 17 } ASN1_CHOICE_END(TA) I think that the ambiquity is not present any more. Is it correct ? I will see how it works with ASN1_DECLARE_ITEM(TA). It compiles and the structure seems to be correctely initialised. Thank you very much. Eric __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
asn.1 choice decoding problem
Hello everyone. I would like to implement these types with openssl/asn.1: 1 H ::= [APPLICATION 0] INTEGER 2 3 I ::= [APPLICATION 1] OCTET STRING 4 5 G ::= CHOICE { 6 g_1 H, 7 g_2 I } To do so, I have created a test program (at the end of this message). Now, all functions but d2i_G are correct. I wanted to solve this problem by myself, so I have read some files of openssl to understand, principally tasn_dec.c. When a CHOICE (G) is encourted in SN1_item_ex_d2i, the attribute OPTIONAL is set to every sub types because only one of them is needed but not all of them. Let us admit that the encapsulated type is H. Then, ASN1_item_ex_d2i is called recursively. During the test of H, which is Primitive (I think), the test : if ((tag != -1) || opt) { seems to block the d2i_G function. CHOICE is a 'simple' structure, so I must have made a mistake. Could you please have a look to my program? Thanks, Eric Here are the output and the test program: - 60:0110 3:0011 2:0010 1:0001 7b:0011 Error - #include string.h #include openssl/asn1.h #include openssl/asn1t.h #define H_BODY ASN1_INTEGER #define I_BODY ASN1_OCTET_STRING typedef struct _G { int type; union { H_BODY *g_1; I_BODY *g_2; } value; } G; #define G_1 0 #define G_2 1 ASN1_ITEM_TEMPLATE(I) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, I, I_BODY) ASN1_ITEM_TEMPLATE_END(I) ASN1_ITEM_TEMPLATE(H) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 0, H, H_BODY) ASN1_ITEM_TEMPLATE_END(H) ASN1_CHOICE(G) = { ASN1_SIMPLE(G, value.g_1, H), ASN1_SIMPLE(G, value.g_2, I) } ASN1_CHOICE_END(G) IMPLEMENT_ASN1_FUNCTIONS(G) void hex2bin(int bin, char *str) { unsigned int mask; mask = 0x80; while (mask) { if (bin mask) *str = '1'; else *str = '0'; str++; mask = 1; } *str = 0; } int main(void) { unsigned char *buffer; unsigned char string[8]; int j; int i; G *f; G *g; g = G_new(); g-type = G_1; g-value.g_1 = ASN1_INTEGER_new(); ASN1_INTEGER_set(g-value.g_1, 123); buffer = NULL; i = i2d_G(g, buffer); for (j = 0; j i; j++) { int n = buffer[j] 0xFF; if (j % 4 == 0) { printf(\n); } hex2bin(n, string); printf(%2x:%s , n, string); } printf(\n); f = d2i_G(NULL, buffer, i); if (f == NULL) { printf(Error\n); } else { G_free(g); } return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
asn.1 recursive type and choice
Hello, I would like to use openssl/asn1 with these types: TA ::= CHOICE { f1 SET OF TA, f2 TA, f3 INTEGER } TB ::= SEQUENCE { f1 INTEGER, f2 CHOICE { f2_1 INTEGER, f2_2 BOOLEAN } } I have two problems but I don't have found any responses on Internet. 1) The definition of TA is recursive: it refers itself. If I write: 1 typedef struct _ta_st TA; 2 3 struct _ta_st { 4int type; 5union { 6 STACK_OF(TA) *f1; 7 TA *f2; 8 ASN1_INTEGER *f3; 9} value; 10 }; 11 12 ASN1_CHOICE(TA) = { 13 ASN1_SET_OF(TA, value.f1, TA), 14 ASN1_SIMPLE(TA, value.f2, TA), 15 ASN1_SIMPLE(TA, value.f3, ASN1_INTEGER) 16 } ASN1_CHOICE_END(TA) the lines 13 and 14 do not pass the compilation. The problem is that the field item of the structure ASN1_TEMPLATE_st, on line 13, refers to ASN1_ITEM_ref(TA) == TA_it. However, TA_it is created only on line 16. With cpp: const static ASN1_TEMPLATE TA_ch_tt[] = { { ((0x1 1)), (0), ((size_t) ((TA *)0)-value.f1), value.f1, ((TA_it)) }, { (0), (0), ((size_t) ((TA *)0)-value.f2), value.f2, ((TA_it)) }, { (0), (0), ((size_t) ((TA *)0)-value.f3), value.f3, ((ASN1_INTEGER_it)) } } ; const ASN1_ITEM TA_it = { 0x2, ((size_t) ((TA *)0)-type) , TA_ch_tt, sizeof(TA_ch_tt) / sizeof(ASN1_TEMPLATE), ((void *)0), sizeof(TA), TA }; Maybe would I use ASN1_OBJECT instead ? For exemple: 13 ASN1_SET_OF(TA, value.f1, ASN1_OBJECT), 14 ASN1_SIMPLE(TA, value.f2, ASN1_OBJECT), But, I am not sure that it is a good solution. Could you help me to resolve this problem ? 2) For the definition of TB, I think that there are two solutions: 2_1) Creating two structure: TB_CHOICE and TB. TB_CHOICE is declared in the same way as TA. Then, TB just refers to ASN1_INTEGER and TB_CHOICE. 2_2) Creating only one structure containing an ASN1_INTEGER and an union. Then using ASN1_ADB to inform the structure ASN1_TEMPLATE. I think the two solutions are corrects. Could you tell me, please, which one is the best ? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL_ERROR_SSL while SSL_read from version (TLS1_VERSION)
HI, Recently we encounter SSL_ERROR_SSL error on client side. Our application code(initialization, handshaking, read and write) is common for sslv2 and sslv3. It happens when we turn on sslv3. But when we turn off sslv3 but using sslv2, the problem goes away. The following are the setup we are using. freebsd 4.9 and freebsd 5.3 For freebsd 5.3, we use openssl-0.9.7d_1.tbz we are using TLS1_VERSION for ssl client and ssl server. The messages we send and read are fairly small. It is less 1K. When we send messages fast from ssl client to ssl server, on the ssl client side sometimes we get SSL_ERROR_SSL(read:1) reason='error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry'. When we turn of sslv3 dynamically and using sslv2, everything goes fine. We suspect something like 1. Is there any initialization, handshaking, read and write interfaces that we should call differently between sslv2 and sslv3? 2. Has anyone seen this behavior. The following is the struct ssl_st content at the moment the ssl client encounter SSL_ERROR_SSL. (gdb) print *sinfo-ssl $1 = {version = 769, type = 4096, method = 0x28367d80, rbio = 0x83bb700, wbio = 0x83bb700, bbio = 0x0, rwstate = 3, in_handshake = 0, handshake_func = 0x2834a5e0 ssl3_connect, server = 0, new_session = 0, quiet_shutdown = 0, shutdown = 0, state = 3, rstate = 240, init_buf = 0x0, init_msg = 0x8498004, init_num = 0, init_off = 0, packet = 0x8493000 \027\003\001, packet_length = 0, s2 = 0x0, s3 = 0x83fdc00, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit = 0, purpose = 0, trust = 0, cipher_list = 0x0, cipher_list_by_id = 0x0, enc_read_ctx = 0x84a6700, read_hash = 0x2844b520, expand = 0x0, enc_write_ctx = 0x84a6500, write_hash = 0x2844b520, compress = 0x0, cert = 0x83bdf00, sid_ctx_length = 0, sid_ctx = '\0' repeats 31 times, session = 0x83f6e00, generate_session_id = 0, verify_mode = 0, verify_depth = -1, verify_callback = 0, info_callback = 0, error = 0, error_code = 0, ctx = 0x83f9200, debug = 0, verify_result = 20, ex_data = { sk = 0x0, dummy = 0}, client_CA = 0x0, references = 1, options = 0, mode = 0, max_cert_list = 102400, first_packet = 0, client_version = 769} Thanks -Eric
64-bit vs. 32-bit speed for SHA-1
Does anyone have solid numbers on the perfomance of OpenSSL's SHA-1 on 32-bit vs. 64-bit platforms? Thanks, -Ekr __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is it legal to distribute the client certificates from Netscape with a comme
I want to do a commercial client application capable to handle https (that is the only purpose to include openssl) and I was wondering if it is legal to distribute the file that contains the certificates that were bundled with Netscape. I am not a lawyer. Not only am I also not a lawyer, I also don't play one on TV. In fact, I can pretty much do without TV entirely. Actyally, can a company X generate their own certificates to be used with openssl instead of those? I noticed there are some utilities in openssl to generate certificates. Netscape and others have compiled a list of root CA's that they trust. If you can get your users to add you to their root CA list, you can be a CA. This can work for a closed application. But I certainly would not add your certificate to my browser root certificate list. Doing so would let you impersonate anyone - my bank, broker, etc. You're going to have a good deal of trouble getting anyone to take your own root/trusted certificates seriously in any sort of production application. Anyone who appreciates what this can open you up to won't do it. But that leaves the other five (or seven, or nine) nines of the population, unfortunately... I'll pass on the spoofing opportunities here, as that can depends on a bazillion of other factors. That is, unless you can compromise the client in almost any fashion, then it can be done in about a bazillion ways... :-) As far as the (re)distribution question has goes, what you probably cannot do without permission is to redistribute the actual *package* of certificates that Netscape has put together for the purpose of embedding in their browser. Since the overwhelming majority (if not 100%) of those certificates individually are not the property of Netscape, if you reassembled them into your own package, that might legally be sufficient. After all, the issuers of these certs (and a number of other wannabes, I suspect) want them distributed as widely as possible for any reasonable purpose. Alternatively, you could either manually publish a procedure on how to export the certs out of Netscape and import them into your application, or suck them out yourself with a program. I believe that Netscape has a toolkit and APIs to deal with their certificate stores. I'm not sure what you're up to, but you could always ask Netscape if you can redistribute their bundle. But corporate lawyers are loathe to allow anything for anyone outside the company unless you're to be taken very seriously. If Mozilla's are good enough, you're likely to have more success with them, I'd suspect. But that hurdle might only be 15' high instead of 18'... Of course, you could always read the license to see what's allowed Nah :-) -e __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RPM build errors on RH9
While trying to build openssl rpm on RH9 (rpmbuild -bb and rpmbuild-ba) I receive these messages: error: File not found: /var/tmp/openssl-0.9.7e-root/var/ssl/lib Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.50330 + umask 022 + cd /usr/src/redhat/BUILD + cd openssl-0.9.7e + DOCDIR=/var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-0.9.7e + export DOCDIR + rm -rf /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-0.9.7e + /bin/mkdir -p /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-0.9.7e + cp -pr CHANGES CHANGES.SSLeay LICENSE NEWS README /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-0.9.7e + exit 0 Processing files: openssl-devel-0.9.7e-1 Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.50330 + umask 022 + cd /usr/src/redhat/BUILD + cd openssl-0.9.7e + DOCDIR=/var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-devel-0.9.7e + export DOCDIR + rm -rf /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-devel-0.9.7e + /bin/mkdir -p /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-devel-0.9.7e + cp -pr CHANGES CHANGES.SSLeay LICENSE NEWS README /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-devel-0.9.7e + exit 0 Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Requires: openssl Processing files: openssl-doc-0.9.7e-1 Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.50330 + umask 022 + cd /usr/src/redhat/BUILD + cd openssl-0.9.7e + DOCDIR=/var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-doc-0.9.7e + export DOCDIR + rm -rf /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-doc-0.9.7e + /bin/mkdir -p /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-doc-0.9.7e + cp -pr CHANGES CHANGES.SSLeay LICENSE NEWS README /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-doc-0.9.7e + cp -pr doc /var/tmp/openssl-0.9.7e-root/usr/share/doc/openssl-doc-0.9.7e + exit 0 Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Requires: openssl Processing files: openssl-debuginfo-0.9.7e-1 Provides: libcrypto.so.0.9.7.debug libssl.so.0.9.7.debug Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 RPM build errors: File not found: /var/tmp/openssl-0.9.7e-root/var/ssl/lib And, I am using rpm4.2. What do I need to fix to make this work? Thanks eric __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Is there a sample valid input and output for sha message digest?
When I attempt to get a SHA message digest value for a specific string using Java and Openssl, I get a different value. I was hoping that I could use Openssl to validate the Java result, but have not gotten them to agree. It does work for md5... Here is an example. For the sample string: ABCDFGHIJK md5 hash Java: 64:46:e8:25:e0:d9:f6:37:9d:02:67:e0:5c:d8:ac:0d Openssl: 64:46:e8:25:e0:d9:f6:37:9d:02:67:e0:5c:d8:ac:0d sha hash: Java: 6d:f4:55:0f:f1:8b:28:e8:d3:19:78:77:59:cd:55:8f:95:54:63:b5 Openssl: f5:b0:a4:7e:b1:5b:c6:d1:c7:6f:79:84:b3:27:8e:d0:70:63:23:f5 Does anyone know of a document has examples of sha hashes given input, that I can use to validate my code? Eric Meyer __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is there a sample valid input and output for sha message digest?
Thank you! That was exactly it. In in Java the string SHA refers to SHA1. In OpenSSL SHA refers to SHA0. Eric On Oct 1, 2004, at 3:50 PM, David Schwartz wrote: When I attempt to get a SHA message digest value for a specific string using Java and Openssl, I get a different value. I was hoping that I could use Openssl to validate the Java result, but have not gotten them to agree. It does work for md5... Here is an example. For the sample string: ABCDFGHIJK md5 hash Java: 64:46:e8:25:e0:d9:f6:37:9d:02:67:e0:5c:d8:ac:0d Openssl: 64:46:e8:25:e0:d9:f6:37:9d:02:67:e0:5c:d8:ac:0d sha hash: Java: 6d:f4:55:0f:f1:8b:28:e8:d3:19:78:77:59:cd:55:8f:95:54:63:b5 Openssl: f5:b0:a4:7e:b1:5b:c6:d1:c7:6f:79:84:b3:27:8e:d0:70:63:23:f5 Does anyone know of a document has examples of sha hashes given input, that I can use to validate my code? What algorithm are you using? The term sha hash could refer to any number of related algorithms. My bet is that you are using two different such algorithms, like SHA1 in Java and SHA0 in OpenSSL, or something similar. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: storing PEM encoded certs in database
The PEM format is already Base64. Also, your sample includes characters that are invalid for a Base64 encoded data, which is explicitly 7 bit safe, so would not include an accented character. It looks like your null byte is in the wrong place. It probably should have come after the = sign. Eric On Sep 7, 2004, at 1:12 PM, Smith Baylor wrote: Hi, I am using C as the programming language and MySQL as the db. unsigned char *cert_data; Instead of storing in PEM format directly, I am storing it in base64 format - I believe this is more safer - feel free to prove me otherwise. Once I store the cert_data value, I also pad this with '\0' - string terminator. I get something like this at the end of the encoding: TGZ3am0wTDNjeTN3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 7HZm which the db insert or update commands don't like. /Shivaram - Original Message - From: Carlos Roberto Zainos H [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 12:36:44 -0500 (CDT) Subject: Re: storing PEM encoded certs in database To: [EMAIL PROTECTED] Hi I'm not an expert, but I think that could be some different depending on the DBMS and the driver connection being used. For example, I'm using Oracle DB 10g with ODBC based client connection to the DB. I'm storing PEM certificates making a copy of it to a buffer and then storing it into the DB via INSERT with the apropiate convertions: unsigned char cert[2*1024]; BIO *buf; buf = BIO_new (BIO_s_mem()); res = PEM_write_bio_X509(buf, xreq);//xreq is the X509 cert longitud = sizeof(cert); res = BIO_read(buf, cert, (int)longitud); cert[res]='\0'; //executing the INSERT via exec_sql_comm(sentence) function, where sentence = insert into certificados (estadocer,fechacaducidad,numserie,certificado) values ('V',to_date('%s','-MM-DD HH24:MI:SS'),'%i','%s'),fecha_cad, num_serie, cert) Holpe this helps. Zainos Smith Baylor [EMAIL PROTECTED] wrote: Do You Yahoo!? Yahoo! Net: La mejor conexin a internet y 25MB extra a tu correo por $100 al mes. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: making and signing new certificates
Carlos, Thank you very much for the links. The link http://www2.psy.uq.edu.au/~ftp/Crypto/certs.html is exactly what I was looking for. Thanks again Eric On Sep 2, 2004, at 11:36 AM, Carlos Roberto Zainos H wrote: Eric Meyer [EMAIL PROTECTED] wrote:-- Hi Eric Yes, You are right, the openssl documents are not well detailed and, in some cases, out-to-date; also sometimes, ,just like you, I feel a little confused an desperate but this makes you self learning about the library (crypto lib,in my particular case). So, I recommends you some really useful links: http://www.columbia.edu/~ariel/ssleay/ - the base library, I think http://www2.psy.uq.edu.au/~ftp/Crypto/ - some FAQ's http://www2.psy.uq.edu.au/~ftp/Crypto/ssl.html -Programmer reference http://www.opensslbook.com/code.html And of course this mailing list .. There are some recommendations and security standars to verify a CSR, to create and sign a new certificate, you must read them and select the proper according to your needs and/or to your system or organization policies. Follows my certification process protocol: X509 *x=NULL, *xreq=NULL, **b=NULL; X509_REQ *req=NULL, **sr=NULL; ASN1_GENERALIZEDTIME *N_after_gmt=NULL, **out_asn=NULL; BIO *in=NULL, *incer=NULL, *buf=NULL; - Receive the CSR (in my case by socket connection) or read this from a file. - Decode the CSR: buf = BIO_new (BIO_s_mem()); in = BIO_new_mem_buf(mensaje, strlen(mensaje)); req = PEM_read_bio_X509_REQ(in, sr, NULL, NULL); - Retrieve and Decode the signer cert: incer = BIO_new_mem_buf(cert, strlen((const char*)cert)); x = PEM_read_bio_X509(incer, b, NULL, NULL); - verify the CSR with the signer pubkey: if (X509_REQ_verify (req, X509_get_pubkey(x)) != 1) { // Error code } - Create and fill the new cert: xreq = X509_new(); X509_set_version(xreq,VERSION); ASN1_INTEGER_set(X509_get_serialNumber(xreq), num_serie); X509_gmtime_adj(X509_get_notBefore(xreq),0); X509_gmtime_adj(X509_get_notAfter(xreq),(long)60*60*24*DAYS); X509_set_issuer_name(xreq,CA_subject); X509_NAME_add_entry_by_txt(X509_get_subject_name(xreq), CN, MBSTRING_ASC, The Common Name, -1, -1, 0); X509_NAME_add_entry_by_txt(X509_get_subject_name(xreq), OU, MBSTRING_ASC, The OU, -1, -1, 0); X509_NAME_add_entry_by_txt(X509_get_subject_name(xreq), O, MBSTRING_ASC,The ORG, -1, -1, 0); X509_NAME_add_entry_by_txt(X509_get_subject_name(xreq), C, MBSTRING_ASC, The country, -1, -1, 0); // The client public key X509_set_pubkey(xreq, X509_REQ_get_pubkey(req)); // X509v3 Extensions res=add_ext(xac, xreq, NID_basic_constraints, your options); res=add_ext(xac, xreq, NID_key_usage, your options key usage); res=add_ext(xac, xreq, NID_ext_key_usage, the extend key usage); res=add_ext(xac, xreq, NID_subject_key_identifier, Your choice); res=add_ext(xac, xreq, NID_authority_key_identifier, your choice); res=add_ext(xac, xreq, NID_issuer_alt_name, some stuff ); res=add_ext(xac, xreq, NID_netscape_cert_type, some stuff); res=add_ext(xac, xreq, NID_netscape_comment, some stuff); / / signing the new cert X509_sign (xreq, dec_key_ac, EVP_sha1()); // write out in some format (PEM or DER) res = PEM_write_bio_X509(buf, xreq); This is a wide vision of my CertSign protocol, there are some things that are not mentioned here like the CDP (CRL Distribution Point), a suitable guideline is the PKI Forum and the IETF PKI Work group. Hope this helps Best regards Zainos Do You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is server can only accept ssl clients to the limit of 64 on same port, can I enlarge the number, Urgent! Thanks!
Hi Edward, Steve, Problem solved, thank you! :) Is there any magic numbers like this in socket or openssl libraries, more thanks! Regards Eric - Original Message - From: Edward Chan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 27, 2004 5:29 AM Subject: RE: Is server can only accept ssl clients to the limit of 64 on same port, can I enlarge the number, Urgent! Thanks! I'm not sure why the SSL_accept() is blocking, but on Windows, 64 does seem to be a magic number for things such as select(). FD_SETSIZE is defined to 64 in one of the windows header files. I guess if you want a higher limit, you have to redefine it to something bigger at compile time. Not sure if this is the problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Thursday, August 26, 2004 9:20 AM To: [EMAIL PROTECTED] Subject: Re: Is server can only accept ssl clients to the limit of 64 on same port, can I enlarge the number, Urgent! Thanks! On Thu, Aug 26, 2004, Eric Lai wrote: Hi Steve, Thank for your reply! Let me explain my problem: If I tried to connect 100 SSL client to my server, only 64 clients can connected, the other 36 clients remain in SSL Accepting state (or SSL Accept got blocking). When I diconnect 1 of the connected client, 1 of the SSL Accepting client will then connected, and still remain 35 clients accepting. When I disconnect more client, the connected clients always be 64. My server always listen to one port say 8080. My logic flow is: Server Init: SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); method = SSLv23_server_method(); server_ctx = SSL_CTX_new(method); SSL_CTX_set_mode(server_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_cipher_list(server_ctx, ALL:MEDIUM:!HIGH:!LOW:!IDEA); SSL_CTX_use_certificate_file(server_ctx, cert_file, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(server_ctx, key_file, SSL_FILETYPE_PEM); Server Accept: (the sockets are set to non-blocking mode) client_socket = accept(..); client_ssl = SSL_new(server_ctx); SSL_set_fd(client_ssl, client_socket); SSL_accept(client_ssl); // - then got blocking after 64 clients (loop SSL_accept() for each client until connected state is detected) What's wrong in my logic? Any more initialization missing? And how to connect more clients, thank you! I wonder if this is a restriction on the platform you are using, such as a file descriptor limit or a problem with select() [see recent thread]. Are you attempting to communicate with all clients in the same process? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
I have a situation where an application may switch from reading to writing and back again at random. Do I need a ctx context each for decryption / encryption, or can I use the same ctx in sequence on the file? When switching from reading to writing (and vice versa), do I need to detect this change and call EVP_CipherInit_ex to alter the context ctx accordingly? Furthermore, do I need to call EVP_CipherFinal before the call to EVP_CipherInit to finalize the ctx for the prior mode? My next question involves the encryption of very short strings (less than the cipher block size)... does the ctx buffer these short strings until either another call to the Update function fills out the block and/or the Final function is called? I will have unpredictable string lengths being encrypted, and I do not want to introduce padding into the middle of the encrypted files. Thanks for your help... - Eric Morris NC State University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
Dr. Henson, Can you interleave encryption and decryption without repeated calls to EVP_CipherInit and/or EVP_CipherFinal? If not, which calls are required between encryption calls and decryption calls? Thanks for the help - Eric Morris Dr. Stephen Henson wrote: On Thu, Apr 22, 2004, Eric Morris wrote: I have a situation where an application may switch from reading to writing and back again at random. Do I need a ctx context each for decryption / encryption, or can I use the same ctx in sequence on the file? When switching from reading to writing (and vice versa), do I need to detect this change and call EVP_CipherInit_ex to alter the context ctx accordingly? Furthermore, do I need to call EVP_CipherFinal before the call to EVP_CipherInit to finalize the ctx for the prior mode? My next question involves the encryption of very short strings (less than the cipher block size)... does the ctx buffer these short strings until either another call to the Update function fills out the block and/or the Final function is called? I will have unpredictable string lengths being encrypted, and I do not want to introduce padding into the middle of the encrypted files. It would be best to have two contexts. Any partial block is buffered when you call EVP_CipherUpdate(). The data is written out when a full block is received. Padding only occurs when you call EVP_CipherFinal(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]