Re: Strange OpenSSL error when my server accepts a new OpenSSL connection while existing ones are active
On Wed, Oct 09, 2013 at 10:46:35PM -0700, Jeremy Friesner wrote: With SSL sessions created via SSLv23_method(), use of this primitive will lead to the failure in question when invoked before the SSL session has switched to SSLv3, TLSv1, ? Aha! Yes, that appears to be my problem. As a simple workaround, I changed my code to call SSLv3_method() instead, and now everything is working perfectly. Thanks so much for your help! :^) A better solution is to not call SSL_pending() until the SSL handshake completes. For now you should keep track of whether SSL_accept() has completed for a given session, and refrain from SSL_pending() until then. By using SSLv3_method() you don't get to take advantage of improvements in TLSv1, TLSv1.1 or TLSv1.2. You only get SSLv3. SSLv3 is obsolete, you should be using TLS 1.0 or later. It is perhaps by now a reasonable feature request to ask the OpenSSL developers for an alternative to SSLv23_method() that also negotiates multiple protocol versions, but starts with TLSv1 as the lowest supported version. Perhaps call it TLS_method(). One gets a close approximation to this with the options SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, but as we see some subtle differences remain. Also perhaps the SSL_pending() function should not fail in such a surprising way. When called before the handshake has completed, it should perhaps simply return 0. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Strange OpenSSL error when my server accepts a new OpenSSL connection while existing ones are active
On Oct 9, 2013, at 10:59 PM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: A better solution is to not call SSL_pending() until the SSL handshake completes. For now you should keep track of whether SSL_accept() has completed for a given session, and refrain from SSL_pending() until then. Agreed, but my code never calls SSL_accept(); instead it just calls SSL_set_accept_state() during setup. Given that, I'm not sure how to detect that the handshake has completed. Is there a way to know? By using SSLv3_method() you don't get to take advantage of improvements in TLSv1, TLSv1.1 or TLSv1.2. You only get SSLv3. SSLv3 is obsolete, you should be using TLS 1.0 or later. I see. Also perhaps the SSL_pending() function should not fail in such a surprising way. When called before the handshake has completed, it should perhaps simply return 0. Agreed. I've sent a bug report to r...@openssl.org requesting that. -Jeremy__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 050 + at the beginning of verified signature
Hi I tried replacing strlen(reply) with 20 but we are getting same result as before. I am attaching reference files with this message. While trying this solution, sometimes we were getting following error as well. RSA operation error 140735121490396:error:0406706C:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data greater than mod len:rsa_eay.c:680: Can you please guide me? result.txt http://openssl.6102.n7.nabble.com/file/n46847/result.txt signature.txt http://openssl.6102.n7.nabble.com/file/n46847/signature.txt publicKey.pem http://openssl.6102.n7.nabble.com/file/n46847/publicKey.pem -- View this message in context: http://openssl.6102.n7.nabble.com/050-at-the-beginning-of-verified-signature-tp46825p46847.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
TLS 1.1 and 1.2 support in openssl-fips 1.2
Hi OpenSSL experts, I have been trying to find out whether TLS verion 1.1 and 1.2 are supported in openssl package openssl-fips 1.2. Version string in the code says only TLS 1.o is supported.#define TLS1_VERSION0x0301 But change log listed in the below link talks about TLS 1.2 also : http://www.openssl.org/news/changelog.html can somebody confirm on this ? Thanks Anil
Re: TLS 1.1 and 1.2 support in openssl-fips 1.2
On Thu, Oct 10, 2013, Anil Kumar K K wrote: Hi OpenSSL experts, I have been trying to find out whether TLS verion 1.1 and 1.2 are supported in openssl package openssl-fips 1.2. Version string in the code says only TLS 1.o is supported.#define TLS1_VERSION0x0301 But change log listed in the below link talks about TLS 1.2 also : http://www.openssl.org/news/changelog.html The fips 1.2 module works with OpenSSL 0.9.8 which only supports TLS 1.0. You need the 2.0 module which works with OpenSSL 1.0.1 and later which includes TLS 1.1 and 1.2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_Connect blocking for 25 sec for the first connection
I have a situation where my application is trying to open 5000 SSL connections with server, one after another, I see the very first ssl connect is blocking nearly 25seconds and times out. (Interestingly this blocking time is in proportion to the number of connections im intending to open. For eg, if im trying to open 1 connections the delay is proportionately increases approx to 40 sec for the first ssl connect that is happening) However Subsequent connections (4999 out of 5000) succeeds without any blockage and seems normal... There was a post on this long time back, however I could not able to find the resolution if any exists for the same... (http://openssl.6102.n7.nabble.com/SSL-connect-blocks-for-almost-1-minute-td12478.html) Im using version 1.0.1c of open ssl on windows 7 OS. Any clue on the above behavior? Is there any fix or workaround available to avoid the blockage Regards Arun
OpenSSL version 1.0.1c - Error: ASN1_D2I_READ_BIO:not enough data
Hi, I'm using version 1.0.1c, and I'm getting this error randomly: ASN1_D2I_READ_BIO:not enough data. I know this error is fixed in version 1.0.1a. Does it also fixed in v1.0.1c? Any suggestions about who to debug this random error? Should I down grade my OpenSSL from v1.0.1c to v1.0.1a? Thank you so much! Helen Helen Du System Analyst Information Technology Services London Health Sciences Centre 339 Windermere Road, P.O. Box 5339 London, ON Canada N6A 5A5 Tel: 519-646-6100 Ext 64675 Fax: 519-663-3654 http://www.lhsc.london.on.ca/ Partnering with you to deliver excellent care for patients through technology and innovation. This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.
Re: Hi, I need help with initialization of OpenSSL
I forgot to state the version of OpenSSL I'm using. It's 1.0.1e On Thu, Oct 10, 2013 at 6:50 PM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi, I need help with initialization of OpenSSL
Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.comwrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/
Updating key size - security related questions
Hi, I've been asking this on the OpenVPN mailinglist, but didn't get an answer so far. Therefore I hope you can help me. We use OpenVPN in our company with the default cipher suite, which should be: DHE_RSA_BF_CBC_SHA So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. We use a keysize of 1024 bit for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (OpenVPN uses the Easy RSA scripts. These scripts use a variable KEY_SIZE when the Diffie-Hellman parameter or the RSA keys ar built. This variable is set to 1024). Furthermore we use a self-signed CA. Some days ago I recommended to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our staff uses OpenVPN, they asked me, if it is possible, to not update all keys at once - but only issue user certs with 2048 from now on for new OpenVPN users (and leave the old ones in places for later update). The process of doing that should look like that: a) Change variable KEY_SIZE used in Easy RSA scripts from 1024 to 2048 (bit). b) Create new Diffie-Hellman params with the Easy RSA build-dh script (will create the params with 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs would still be signed by our self signed CA which still uses the old 1024 bit key/cert. Given that an attacker has enough computing power, he could factorize n (from the pub key in the CA cert) to get p and q. With that he would have our CA's private key, being able to create a faked server cert and sign it with the CA key. With that server certificate the attacker could launch a man in the middle attack. That would mean: Authentication via RSA would be leveraged. So my question are: I. Am I right, or is that rubbish? II. Is an attacker able to get the CA cert at all? It looks as if during TLS handshake only the User certificate and the Server certificates are transmitted, but not the CA cert. III. To complicate things a bit more: OpenVPN supports a so called tls-auth directive which takes a 160 bit key. According to the OpenVPN documentation this key is used to generate a HMAC over every packet during TLS handshake (and append it?). It looks as if this is not part of TLS itself, but a modified implementation of TLS. They say, that without the key, not even the handshake would work. So my last question is: If the CA cert, can be requested from the OpenVPN Server somehow, that wouldn't work anymore, if such a key is used. Is that correct? Thanks a lot for your help! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
(gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.comwrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/
Increasing key size from 1024 to 2048?
Hi, I've been asking this on the OpenVPN mailinglist, but didn't get an answer so far. Therefore I hope you can help me. We use OpenVPN in our company with the default cipher suite, which should be: DHE_RSA_BF_CBC_SHA So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. We use a keysize of 1024 bit for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (OpenVPN uses the Easy RSA scripts. These scripts use a variable KEY_SIZE when the Diffie-Hellman parameter or the RSA keys ar built. This variable is set to 1024). Furthermore we use a self-signed CA. Some days ago I recommended to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our staff uses OpenVPN, they asked me, if it is possible, to not update all keys at once - but only issue user certs with 2048 from now on for new OpenVPN users (and leave the old ones in places for later update). The process of doing that should look like that: a) Change variable KEY_SIZE used in Easy RSA scripts from 1024 to 2048 (bit). b) Create new Diffie-Hellman params with the Easy RSA build-dh script (will create the params with 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs would still be signed by our self signed CA which still uses the old 1024 bit key/cert. Given that an attacker has enough computing power, he could factorize n (from the pub key in the CA cert) to get p and q. With that he would have our CA's private key, being able to create a faked server cert and sign it with the CA key. With that server certificate the attacker could launch a man in the middle attack. That would mean: Authentication via RSA would be leveraged. So my question are: I. Am I right, or is that rubbish? II. Is an attacker able to get the CA cert at all? It looks as if during TLS handshake only the User certificate and the Server certificates are transmitted, but not the CA cert. III. To complicate things a bit more: OpenVPN supports a so called tls-auth directive which takes a 160 bit key. According to the OpenVPN documentation this key is used to generate a HMAC over every packet during TLS handshake (and append it?). It looks as if this is not part of TLS itself, but a modified implementation of TLS. They say, that without the key, not even the handshake would work. So my last question is: If the CA cert, can be requested from the OpenVPN Server somehow, that wouldn't work anymore, if such a key is used. Is that correct? Thanks a lot for your help! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Updating key size - security related questions
Bonjour, Le 10/10/2013 18:29, int0...@safe-mail.net a écrit : Hi, I've been asking this on the OpenVPN mailinglist, but didn't get an answer so far. Therefore I hope you can help me. We use OpenVPN in our company with the default cipher suite, which should be: DHE_RSA_BF_CBC_SHA So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. Make sure you don't encrypt more than 2^35 bytes with the same BF key. Otherwise, you have an additional problem. We use a keysize of 1024 bit for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (OpenVPN uses the Easy RSA scripts. These scripts use a variable KEY_SIZE when the Diffie-Hellman parameter or the RSA keys ar built. This variable is set to 1024). Furthermore we use a self-signed CA. Some days ago I recommended to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our staff uses OpenVPN, they asked me, if it is possible, to not update all keys at once - but only issue user certs with 2048 from now on for new OpenVPN users (and leave the old ones in places for later update). The process of doing that should look like that: a) Change variable KEY_SIZE used in Easy RSA scripts from 1024 to 2048 (bit). b) Create new Diffie-Hellman params with the Easy RSA build-dh script (will create the params with 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs would still be signed by our self signed CA which still uses the old 1024 bit key/cert. Given that an attacker has enough computing power, he could factorize n (from the pub key in the CA cert) to get p and q. With that he would have our CA's private key, being able to create a faked server cert and sign it with the CA key. With that server certificate the attacker could launch a man in the middle attack. That would mean: Authentication via RSA would be leveraged. As in broken? Yes. So my question are: I. Am I right, or is that rubbish? You're right. On the other side, how powerful are your opponents? 1024 bits factorization isn't an easy task, it requires a large amount of money. Large isn't a precise number, for sure; I'd place the lower limit at 1M$. But don't trust me. II. Is an attacker able to get the CA cert at all? It looks as if during TLS handshake only the User certificate and the Server certificates are transmitted, but not the CA cert. A public key isn't designed to be kept private. Given some certificates signed by the same private key, the modulus of the signer key can be guessed. Consider your CA modulus to be public. III. To complicate things a bit more: OpenVPN supports a so called tls-auth directive which takes a 160 bit key. According to the OpenVPN documentation this key is used to generate a HMAC over every packet during TLS handshake (and append it?). It looks as if this is not part of TLS itself, but a modified implementation of TLS. They say, that without the key, not even the handshake would work. So my last question is: If the CA cert, can be requested from the OpenVPN Server somehow, that wouldn't work anymore, if such a key is used. Is that correct? It depends on how this key is used. I don't have any opinion on this point. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
SOLVED: The very basic thing that get's the whole thing broken seems to be VERY BASIC understanding of C. I did cut out only the initialization code in a separate program and it worked fine. Somewhere in the program before the initialization of openssl I'm having pointer problems of some sort. Thanks very much for the quick reply and sorry for rising any false alarms... On Thu, Oct 10, 2013 at 8:02 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.com wrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
Just to clear everything and finish up. I had global int variable named read... On Thu, Oct 10, 2013 at 8:33 PM, Angelin Lalev lalev.ange...@gmail.com wrote: SOLVED: The very basic thing that get's the whole thing broken seems to be VERY BASIC understanding of C. I did cut out only the initialization code in a separate program and it worked fine. Somewhere in the program before the initialization of openssl I'm having pointer problems of some sort. Thanks very much for the quick reply and sorry for rising any false alarms... On Thu, Oct 10, 2013 at 8:02 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.com wrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Increasing key size from 1024 to 2048?
Just curious -- what line of work is your company in? If you were CIA or NASA or something I'd see the need. If you are just a business -- wow! E On 10/10/2013 1:37 AM, int0...@safe-mail.net wrote: Hi, I've been asking this on the OpenVPN mailinglist, but didn't get an answer so far. Therefore I hope you can help me. We use OpenVPN in our company with the default cipher suite, which should be: DHE_RSA_BF_CBC_SHA So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. We use a keysize of 1024 bit for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (OpenVPN uses the Easy RSA scripts. These scripts use a variable KEY_SIZE when the Diffie-Hellman parameter or the RSA keys ar built. This variable is set to 1024). Furthermore we use a self-signed CA. Some days ago I recommended to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our staff uses OpenVPN, they asked me, if it is possible, to not update all keys at once - but only issue user certs with 2048 from now on for new OpenVPN users (and leave the old ones in places for later update). The process of doing that should look like that: a) Change variable KEY_SIZE used in Easy RSA scripts from 1024 to 2048 (bit). b) Create new Diffie-Hellman params with the Easy RSA build-dh script (will create the params with 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs would still be signed by our self signed CA which still uses the old 1024 bit key/cert. Given that an attacker has enough computing power, he could factorize n (from the pub key in the CA cert) to get p and q. With that he would have our CA's private key, being able to create a faked server cert and sign it with the CA key. With that server certificate the attacker could launch a man in the middle attack. That would mean: Authentication via RSA would be leveraged. So my question are: I. Am I right, or is that rubbish? II. Is an attacker able to get the CA cert at all? It looks as if during TLS handshake only the User certificate and the Server certificates are transmitted, but not the CA cert. III. To complicate things a bit more: OpenVPN supports a so called tls-auth directive which takes a 160 bit key. According to the OpenVPN documentation this key is used to generate a HMAC over every packet during TLS handshake (and append it?). It looks as if this is not part of TLS itself, but a modified implementation of TLS. They say, that without the key, not even the handshake would work. So my last question is: If the CA cert, can be requested from the OpenVPN Server somehow, that wouldn't work anymore, if such a key is used. Is that correct? Thanks a lot for your help! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Eric S. Eberhard VICS 2933 W Middle Verde Road Camp Verde, AZ 86322 928-567-3727 work 928-301-7537 cell http://www.vicsmba.com/index.html (our work) http://www.vicsmba.com/ourpics/index.html (fun pictures)
Abort after free() of non-allocated pointer
Hello! Am i right here? It's actually hard to believe the error is on the OpenSSL side, and i definetely should look deeper before sending this, but on the other hand this is so deep down in the OpenSSL code... ?0[steffen@sherwood src]$ openssl version OpenSSL 1.0.1e 11 Feb 2013 ?0[steffen@sherwood src]$ otool -L ~/usr/bin/s-nail /Users/steffen/usr/bin/s-nail: /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0) /Users/steffen/usr/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) /Users/steffen/usr/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0) /Users/steffen/usr/lib/libidn.11.dylib (compatibility version 18.0.0, current version 18.10.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 125.2.11) ?0[steffen@sherwood src]$ ll ~/usr/lib/*ssl* 4 lrwxrwxr-x 1 steffen staff 18 15 Feb 2013 /Users/steffen/usr/lib/libssl.dylib@ - libssl.1.0.0.dylib 596 -rw-r--r-- 1 steffen staff 609480 15 Feb 2013 /Users/steffen/usr/lib/libssl.a 444 -r-xr-xr-x 1 steffen staff 452952 15 Feb 2013 /Users/steffen/usr/lib/libssl.1.0.0.dylib* ... T1135 OK Returned to authenticated state. (Success) T1136 LOGOUT * BYE LOGOUT Requested s-nail(20015) malloc: *** error for object 0x1004beb00: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug Program received signal SIGABRT, Aborted. 0x7fff824df0b6 in __kill () (gdb) bt #0 0x7fff824df0b6 in __kill () #1 0x7fff8257f9f6 in abort () #2 0x7fff82497195 in free () #3 0x0001000f61f5 in CRYPTO_free () #4 0x00010019bcdc in ASN1_primitive_free () #5 0x00010019c0bc in ASN1_template_free () #6 0x00010019bfbf in asn1_item_combine_free () #7 0x00010019c0bc in ASN1_template_free () #8 0x00010019bfbf in asn1_item_combine_free () #9 0x00010019c0f7 in ASN1_item_free () #10 0x0001000b7b80 in SSL_SESSION_free () #11 0x0001000b49e5 in SSL_free () #12 0x000100014519 in sclose () - #ifdef HAVE_OPENSSL if (sp-s_use_ssl) { sp-s_use_ssl = 0; SSL_shutdown(sp-s_ssl); SSL_free(sp-s_ssl); sp-s_ssl = NULL; SSL_CTX_free(sp-s_ctx); sp-s_ctx = NULL; } #endif - #13 0x00010001c46e in imap_exit () #14 0x00010001bd10 in imap_quit () warning: Could not open object file: /Users/steffen/src/nail.git/quit.o: No such file or directory warning: Couldn't open object file '/Users/steffen/src/nail.git/quit.o' #15 0x00010003daed in quit () #16 0x0001000274ea in setfile () #17 0x0001cd90 in cfile () #18 0x000100028fb8 in execute () #19 0x0001000286ed in commands () #20 0x00010002fd6b in main () (gdb) ? I hate debuggers and thus i am somewhat lost at this point, but if there is something i can do, please let me know. Thank you and ciao, --steffen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Broken implementation of OpenSSL
Hello, I was following a HOWTO document: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3 In the last step, I should have a control panel application (ISPConfig 3) launching when accessed with https://www.example.com:8080 but instead, I get a connection refused. So I decided to use wget to help diagnose the issue. I had some success with wget, but only when using --no-check-certificate. Here are a few cases: wget https://www.example.com:8080 --2013-10-10 13:50:06-- https://www.example.com:8080/ Resolving www.example.com (www.example.com)... 76.10.x.x Connecting to www.example.com (www.example.com)|76.10.x.x|:8080... failed: Connection refused. wget https://localhost:8080 --2013-10-10 13:50:56-- https://localhost:8080/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:8080... connected. ERROR: cannot verify localhost's certificate, issued by `/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd': Self-signed certificate encountered. ERROR: certificate common name `' doesn't match requested host name `localhost'. To connect to localhost insecurely, use `--no-check-certificate'. wget --no-check-certificate https://localhost:8080 --2013-10-10 13:51:39-- https://localhost:8080/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:8080... connected. WARNING: cannot verify localhost's certificate, issued by `/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd': Self-signed certificate encountered. WARNING: certificate common name `' doesn't match requested host name `localhost'. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.html' 2013-10-10 13:51:39 (9.65 MB/s) - `index.html' saved [9199] I have a feeling that this would be an 'easy' problem. I don't have skill in how SSL operates or how it is expected to behave This is very similar to a thread I posted on the forum for ISPConfig. I came here since this community has expertise in encryption problems. The link to my question at ISPConfig's forum is here: http://www.howtoforge.com/forums/showthread.php?p=303779 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Broken implementation of OpenSSL
I may have figured it out (it's been a 3 hour ordeal so far.) I was using netcat to test 443 using LAN and WAN machines, and all was going well. At some point a few minutes ago, I realized that this software uses port 8080, not the standard 443. I think maybe it's time to jump in a freezing river or something like that. Well, hopefully that was the problem. I can't change the router settings until late tonight. Tim Legg - Original Message - From: Tim Legg Sent: 10/10/13 05:24 PM To: openssl-users@openssl.org Subject: Broken implementation of OpenSSL Hello, I was following a HOWTO document: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3 In the last step, I should have a control panel application (ISPConfig 3) launching when accessed with https://www.example.com:8080 but instead, I get a connection refused. So I decided to use wget to help diagnose the issue. I had some success with wget, but only when using --no-check-certificate. Here are a few cases: wget https://www.example.com:8080 --2013-10-10 13:50:06-- https://www.example.com:8080/ Resolving www.example.com (www.example.com)... 76.10.x.x Connecting to www.example.com (www.example.com)|76.10.x.x|:8080... failed: Connection refused. wget https://localhost:8080 --2013-10-10 13:50:56-- https://localhost:8080/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:8080... connected. ERROR: cannot verify localhost's certificate, issued by `/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd': Sel f-signed certificate encountered. ERROR: certificate common name `' doesn't match requested host name `localhost'. To connect to localhost insecurely, use `--no-check-certificate'. wget --no-check-certificate https://localhost:8080 --2013-10-10 13:51:39-- https://localhost:8080/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:8080... connected. WARNING: cannot verify localhost's certificate, issued by `/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd': Self-signed certificate encountered. WARNING: certificate common name `' doesn't match requested host name `localhost'. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.html' 2013-10-10 13:51:39 (9.65 MB/s) - `index.html' saved [9199] I have a feeling that this would be an 'easy' problem. I don't have skill in how SSL operates or how it is expected to behave This is very similar to a thread I posted on the forum for ISPConfig. I came here since this community has expertise in encryption problems. The link to my question at ISPConfig's forum is here: http://www.howtoforge.com/forums/showthread.php?p=303779 __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
How does one use fipstests.sh to generate scripts for use with Windows CE [OpenSSL FIPS]
I see that there is a -win32 command line value. But I would have thought that should not necessarily be the same as what one uses for Windows-CE. I've tried a few thing at random, I was hoping for someone who had done this before to show me the way? -Ike- John Eichenberger Principal Engineer: Sustaining Engineering: Intermec 425.265.2108 john.eichenber...@intermec.com This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited.
Re: 050 + at the beginning of verified signature
From: owner-openssl-us...@openssl.org on behalf of aqueelmirza aqueelmi...@gmail.com Sent: Thursday, October 10, 2013 06:43 I tried replacing strlen(reply) with 20 but we are getting same result as before. Yes, a sha1 hash should be 20 bytes, but see below. I am attaching reference files with this message. While trying this solution, sometimes we were getting following error as well. RSA operation error 140735121490396:error:0406706C:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data greater than mod len:rsa_eay.c:680: Can you please guide me? That means there's something very wrong with your signature value, or you've got keys of different lengths confused. If you are only using one key, make sure the signature is the correct size (128 bytes for the key and data you linked) and byte for byte the same as when generated. Are you copying it as binary? If not, as your use of suffix .txt suggests, many methods for copying text change some bytes in some cases. result.txt http://openssl.6102.n7.nabble.com/file/n46847/result.txt signature.txt http://openssl.6102.n7.nabble.com/file/n46847/signature.txt publicKey.pem http://openssl.6102.n7.nabble.com/file/n46847/publicKey.pem me:~/ossx/play $ od -t x1 result.txt 000 30 26 30 09 06 05 2b 0e 03 02 0b 05 00 04 19 54 020 6f 70 20 6f 66 20 74 68 65 20 6d 6f 72 6e 69 6e 040 67 20 74 6f 20 79 6f 75 050 me:~/ossx/play $ openssl asn1parse -inform der result.txt 0:d=0 hl=2 l= 38 cons: SEQUENCE 2:d=1 hl=2 l= 9 cons: SEQUENCE 4:d=2 hl=2 l= 5 prim: OBJECT:rsaSignature 11:d=2 hl=2 l= 0 prim: NULL 13:d=1 hl=2 l= 25 prim: OCTET STRING :Top of the morning to you That is the usual encoding for an RSA signature on something that is not a SHA1 hash: definitely wrong length, and happens to be valid text which a hash value will only once in a zillion years. Except I don't understand why you got 1.3.14.3.2.11 rsaSignature; NID_sha1 should be 1.3.14.3.2.26 . I get ..26 for a simple test program also for dgst -sign and pkeyutl -sign -pkeyopt digest: using sha1 (in 1.0.1e, but it doesn't look like this has changed in many years). Before (or instead of) signing, please try char buf [40]; /* or some other buffer if handy */ nid = OBJ_sn2nid (SHA1); OBJ_obj2txt (buf,sizeof buf, OBJ_nid2obj(nid),1); fprintf (stderr, const %d check %d is oid %s\n, NID_sha1, nid, buf); Looking back I see you called RSA_sign on something you say is 'sha1 hashed data'. You actually passed a 19-char text string, not any SHA1 hash. Check your hashing logic. But OpenSSL doesn't verify the length here and it just signs your text as if it were a hash. The standard (PKCS1) sequence for RSA signing is: 1 hash the data (SHA-1, MD-5, SHA-256, etc); 2 encode the hash with an 'algorithm identifier' in ASN.1 (since these hashes have no parameters, and produce fixed length results, this amounts to adding a fixed header); 3 pad the result to the size of the RSA key/modulus (classically by what is often still called PKCS1 padding but can be distinguished as PKCS1v1.5 or type1, or PSS also in PKCS1); 4 the mathematical RSA operation, modexp with private exponent. RSA_sign does 2 through 4, assuming you did 1, but you actually didn't. EVP_[Digest]Sign* does all of 1 through 4, handling the hash for you. Verification is basically the reverse: 4 RSA modexp with public exponent 3 check and remove padding 2 (check and) extract signer's hash from ASN.1 1 compare signer's hash to recomputed hash rsautl -verify, in spite of the name, does only 4 and 3, not 2 or 1. You can do 2 yourself, but easier to use pkeyutl -verifyrecover -inkey $keyfile -pkeyopt digest:sha1 which does 4 through 2. Or use dgst -verify or in code EVP_[Digest]Verify* to do everything, but only if you actually signed a hash. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org