date:20090123

Re: ECDSA signature verification

2009-01-23 Thread Emanuele Cesena

On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote:
  * is it possible to define our own curves (rather than using
one of the predefined curves)?

if you want to play with your EC, check crypto/ec/ectest.c
if you want to add a new curve to openssl, have a look at
crypto/ec/ec_curve.c, crypto/objects/object.txt

I opened a thread in openssl-dev: Adding an EC to OpenSSL.

  * how configurable is the hashing step?  I see that there are
parameters like -ecdsa-with-SHA1 - can arbitrary hashing
functions be used?

there is only sha1. You have to add more EVP, I think...
OpenSSL 0.9.9 is required for public-key EVP.

  * where can I find some good (= simple!) documentation on using
OpenSSL for this task.  I've not had much luck finding anything
relevant in the man page.

source code? ECDSA has also doxygen comments :-)

bye!
-- 
Emanuele Cesena emanuele.ces...@gmail.com
http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: ECDSA signature verification

2009-01-23 Thread Young, Alistair

Thank you, Emanuele.

We really need to use the FIPS version of OpenSSL, so updating the code
isn't a possiblity.

However, looking into the source it looks as though all of the functions
that we need are there, so hopefully we can get the functionality we
require by writing a bit of code ourselves which links to the FIPS
library.

Regards,


Alistair. 

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena
Sent: 23 January 2009 08:24
To: openssl-users@openssl.org
Subject: Re: ECDSA signature verification

On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote:
  * is it possible to define our own curves (rather than using
one of the predefined curves)?

if you want to play with your EC, check crypto/ec/ectest.c if you want
to add a new curve to openssl, have a look at crypto/ec/ec_curve.c,
crypto/objects/object.txt

I opened a thread in openssl-dev: Adding an EC to OpenSSL.

  * how configurable is the hashing step?  I see that there are
parameters like -ecdsa-with-SHA1 - can arbitrary hashing
functions be used?

there is only sha1. You have to add more EVP, I think...
OpenSSL 0.9.9 is required for public-key EVP.

  * where can I find some good (= simple!) documentation on using
OpenSSL for this task.  I've not had much luck finding anything
relevant in the man page.

source code? ECDSA has also doxygen comments :-)

bye!
--
Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Please help Logica to respect the environment by not printing this email  /  
Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail 
/  Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei 
die Umwelt zu schuetzen  /  Por favor ajude a Logica a respeitar o ambiente não 
imprimindo este correio electrónico.



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: ECDSA signature verification

2009-01-23 Thread Young, Alistair

... though I notice that the Security Policy document does not
explicitly mention ECDSA in the table of FIPS approved algorithms.

It does mention DSA with 1024-bit keys (but has a confusing footnote
which states that DSA supports a key size of less than 1024 bits except
when not in FIPS mode - is there an extra 'not' in this statement?),
but that perhaps doesn't cover ECDSA.


Alistair.

-Original Message-
From: Young, Alistair 
Sent: 23 January 2009 10:13
To: 'openssl-users@openssl.org'
Subject: RE: ECDSA signature verification

Thank you, Emanuele.

We really need to use the FIPS version of OpenSSL, so updating the code
isn't a possiblity.

However, looking into the source it looks as though all of the functions
that we need are there, so hopefully we can get the functionality we
require by writing a bit of code ourselves which links to the FIPS
library.

Regards,


Alistair. 

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena
Sent: 23 January 2009 08:24
To: openssl-users@openssl.org
Subject: Re: ECDSA signature verification

On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote:
  * is it possible to define our own curves (rather than using
one of the predefined curves)?

if you want to play with your EC, check crypto/ec/ectest.c if you want
to add a new curve to openssl, have a look at crypto/ec/ec_curve.c,
crypto/objects/object.txt

I opened a thread in openssl-dev: Adding an EC to OpenSSL.

  * how configurable is the hashing step?  I see that there are
parameters like -ecdsa-with-SHA1 - can arbitrary hashing
functions be used?

there is only sha1. You have to add more EVP, I think...
OpenSSL 0.9.9 is required for public-key EVP.

  * where can I find some good (= simple!) documentation on using
OpenSSL for this task.  I've not had much luck finding anything
relevant in the man page.

source code? ECDSA has also doxygen comments :-)

bye!
--
Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Please help Logica to respect the environment by not printing this email  /  
Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail 
/  Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei 
die Umwelt zu schuetzen  /  Por favor ajude a Logica a respeitar o ambiente não 
imprimindo este correio electrónico.



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

How to check Server certificate and signature?

2009-01-23 Thread Ajeet kumar.S

Dear All,

I have one doubt how to check the signature. And I saw server is sending the
server certificate, can we check this certificate or what is use of
this(certificate come from server side) certificate.

In peer verification,  at client side checking the system time, which is
lying in the range of time given in CA certificate. If we will give wrong
time(which is lying in between range of time in CA certificate ) instead of
current time of system then also it is working. So I have doubt can we
remove this issue or it will check server time also.

Please tell me. 

 

 

Thank you.

Regards,

--Ajeet  Kumar  Singh

Re: How to check Server certificate and signature?

2009-01-23 Thread Ger Hobbelt

I'm not sure what you're trying to ask/say here, but have you looked
into the OPENSSL verify callbacks?

( http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html )



On Fri, Jan 23, 2009 at 12:11 PM, Ajeet kumar.S
ajeetkuma...@jasmin-infotech.com wrote:
 Dear All,

 I have one doubt how to check the signature. And I saw server is sending the
 server certificate, can we check this certificate or what is use of
 this(certificate come from server side) certificate.

 In peer verification,  at client side checking the system time, which is
  lying in the range of time given in CA certificate. If we will give wrong
 time(which is lying in between range of time in CA certificate ) instead of
  current time of system then also it is working. So I have doubt can we
 remove this issue or it will check server time also.

 Please tell me.





 Thank you.

 Regards,

 --Ajeet  Kumar  Singh









-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--
web:http://www.hobbelt.com/
http://www.hebbut.net/
mail:   g...@hobbelt.com
mobile: +31-6-11 120 978
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Make test failed for Fips Capable openssl 9.8J

2009-01-23 Thread Dr. Stephen Henson

On Fri, Jan 23, 2009, rajan chittil wrote:

Hi ,

I have gone through security policy (
http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf) and user guide.(
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf).

I have changed the configuration option to

1. opensslfips1.2
./config fipscanisterbuild
make

2. openssl 9.8j
./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl
--with-fipslibdir=/home/rajan/openssl/opensslfips1.2/fips64/openssl-fips-1.2/fips
fips no-idea no-rc5 no-ec no-symlinks shared threads aix64-xlc_r
make
make test

But still i am getting the same error

test SSL protocol
test ssl3 is forbidden in FIPS mode
508008:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
test ssl2 is forbidden in FIPS mode
508010:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
test tls1
508012:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
make: The error code from the last command is 1.

Stop.
make: The error code from the last command is 2.

Stop.

But i have tested ./fips_test_suite it work fine

$ ./fips_test_suite
FIPS-mode test application

1. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful
2. Automatic power-up self test...successful
3. AES encryption/decryption...successful
4. RSA key generation and encryption/decryption...successful
5. DES-ECB encryption/decryption...successful
6. DSA key generation and signature validation...successful
7a. SHA-1 hash...successful
7b. SHA-256 hash...successful
7c. SHA-512 hash...successful
7d. HMAC-SHA-1 hash...successful
7e. HMAC-SHA-224 hash...successful
7f. HMAC-SHA-256 hash...successful
7g. HMAC-SHA-384 hash...successful
7h. HMAC-SHA-512 hash...successful
8. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful as expected
9. Zero-ization...
Generated 128 byte RSA private key
BN key before overwriting:
77eed34099e0d0dc56d316727fd2217c3bc0f6409bc1cd12ffdb427101218787e5bcc0013f58d1633b3f8934c1cf65a05744701fefc80dd92ac7ac4e88ff91ae18c5dda39e77257e3be162cda8f252dfca19dc3998af38b6de90c766295dfd74db93ea66333f3c91c35d8958292f205a6d89d4332f913f21fb6756179008ef29
BN key after overwriting:
5171b0a563d968222705431c1abf13bef9780e38a28817d7a36c953d18179e2330ee87d363b8154e2d268eb5aed447bd6419da455d390ce70891bf0512360721e0be0e44c32489e1c975436fa752460397a8e921a0ad64eee7200abe57c2807925edc105a5233da59dd7b4a26a675a2683d5cbee2d87f02fefbfaab5c355e264
char buffer key before overwriting:
4850f0a33aedd3af6e477f8302b10968
char buffer key after overwriting:
96a916306b46b3d4189fa6d1b04a4ed9
successful as expected

All tests completed with 0 errors

$ ./fips_test_suite aes
FIPS-mode test application

AES encryption/decryption with corrupted KAT...
ERROR:2d06e065:lib=45,func=110,reason=101:file=fips_aes_selftest.c:line=98:
Power-up self test failed
$ ./fips_test_suite sha1
FIPS-mode test application

SHA-1 hash with corrupted KAT...
ERROR:2d073065:lib=45,func=115,reason=101:file=fips_sha1_selftest.c:line=90:
Power-up self test failed

This things work fine.

Can You please tell me where i am going wrong.

Try building without the shared option and see if that works. Also make sure
the system type is consistent between the two builds... in the FIPS directory
do:

./config -t

and ensure you use that type for the 0.9.8j build.

RE: How to check Server certificate and signature?

2009-01-23 Thread Ajeet kumar.S

Dear All,

Thank you Ger Hobbelt for your help.

I want to validate only the signature of the server certificate.

For example in peer verification, ssl will check time of client
system(6:28PM 23 Jan 2009) to Ca root certificate validity time  after
client hello process.

 

Validity

Not Before: Aug  1 00:00:00 1996 GMT  

Not After : Dec 31 23:59:59 2020 GMT  If in our application code
I don't want to validate with system Time To validity period of time(Not
Before and Not After).

I want to validate to  signature of the server certificate.

Can I validate to signature of server certificate.

Please reply me.

Thank you.

 

Regards,

 

--Ajeet  Kumar  Singh

Re: Make test failed for Fips Capable openssl 9.8J

2009-01-23 Thread rajan chittil

I have done as you told but still no success

In the openssl fips 1.2 ,

# ./config -t
Operating system: 00C3E1AD4C00-ibm-aix
Configuring for aix64-cc
/usr/bin/perl ./Configure aix64-cc

same option i have given in openssl 9.8j

./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl
--with-fipslibdir=/home/joshi/openssl-fips-1.2/fips fips no-idea no-rc5
no-ec no-symlinks threads aix64-cc

when i done this export OPENSSL_FIPS=1

# ../apps/openssl
495854:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:

Please Help

Rajan

On Fri, Jan 23, 2009 at 5:44 PM, Dr. Stephen Henson st...@openssl.orgwrote:

On Fri, Jan 23, 2009, rajan chittil wrote:

Hi ,

I have gone through security policy (
http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf) and user
guide.(
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf).

I have changed the configuration option to

1. opensslfips1.2
./config fipscanisterbuild
make

2. openssl 9.8j
./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl

--with-fipslibdir=/home/rajan/openssl/opensslfips1.2/fips64/openssl-fips-1.2/fips
fips no-idea no-rc5 no-ec no-symlinks shared threads aix64-xlc_r
make
make test

But still i am getting the same error

Stop.
make: The error code from the last command is 2.

Stop.

But i have tested ./fips_test_suite it work fine

$ ./fips_test_suite
FIPS-mode test application

77eed34099e0d0dc56d316727fd2217c3bc0f6409bc1cd12ffdb427101218787e5bcc0013f58d1633b3f8934c1cf65a05744701fefc80dd92ac7ac4e88ff91ae18c5dda39e77257e3be162cda8f252dfca19dc3998af38b6de90c766295dfd74db93ea66333f3c91c35d8958292f205a6d89d4332f913f21fb6756179008ef29
BN key after overwriting:

5171b0a563d968222705431c1abf13bef9780e38a28817d7a36c953d18179e2330ee87d363b8154e2d268eb5aed447bd6419da455d390ce70891bf0512360721e0be0e44c32489e1c975436fa752460397a8e921a0ad64eee7200abe57c2807925edc105a5233da59dd7b4a26a675a2683d5cbee2d87f02fefbfaab5c355e264
char buffer key before overwriting:
4850f0a33aedd3af6e477f8302b10968
char buffer key after overwriting:
96a916306b46b3d4189fa6d1b04a4ed9
successful as expected

All tests completed with 0 errors

$ ./fips_test_suite aes
FIPS-mode test application

AES encryption/decryption with corrupted KAT...

ERROR:2d06e065:lib=45,func=110,reason=101:file=fips_aes_selftest.c:line=98:
Power-up self test failed
$ ./fips_test_suite sha1
FIPS-mode test application

SHA-1 hash with corrupted KAT...

ERROR:2d073065:lib=45,func=115,reason=101:file=fips_sha1_selftest.c:line=90:
Power-up self test failed

This things work fine.

Can You please tell me where i am going wrong.

Try building without the shared option and see if that works. Also make
sure
the system type is consistent between the two builds... in the FIPS
directory
do:

./config -t

and ensure you use that type for the 0.9.8j build.

RE: ECDSA signature verification

2009-01-23 Thread Emanuele Cesena

On Fri, 2009-01-23 at 10:13 +, Young, Alistair wrote:
 We really need to use the FIPS version of OpenSSL, so updating the code
 isn't a possiblity.
 
ah ok, so maybe you can just skip EVP.

bye!
-- 
Emanuele Cesena emanuele.ces...@gmail.com
http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ECDSA signature verification

2009-01-23 Thread Dr. Stephen Henson

On Fri, Jan 23, 2009, Young, Alistair wrote:

 ... though I notice that the Security Policy document does not
 explicitly mention ECDSA in the table of FIPS approved algorithms.
 
 It does mention DSA with 1024-bit keys (but has a confusing footnote
 which states that DSA supports a key size of less than 1024 bits except
 when not in FIPS mode - is there an extra 'not' in this statement?),
 but that perhaps doesn't cover ECDSA.
 

That is correct, ECDSA is not an approved algorithm in FIPS mode.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-fips 1.2 questions

2009-01-23 Thread Michal Trojnara


Steve Marquess marqu...@oss-institute.org wrote:
 Stunnel has official FIPS mode support.

I'm working on some fixes to cleanly compile stunnel with openssl-fips 1.2.
 Unfortunately it looks like fipsld is no longer installed during the
openssl-fips installation process.  Can you confirm it?  Is there a
recommended way to find fipsld in ./configure script?

TIA,
Michal Trojnara
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to check Server certificate and signature?

2009-01-23 Thread Ger Hobbelt

Okay, so if I get this right, you're saying you want to verify the
server certificate BUT you do NOT want to check it's activation date /
expiry date (i.e. the time range over which the certificate is valid)?

I'll forego the very bad security implications of such a wish (those
time ranges are there for a reason, after all), you can do such a
thing by providing your own certificate validation callback which does
forego the time checks.

You can register such a callback using the methods I mentioned before.

For an example verify callback, see the OpenSSL apps/verify.c source
code (this is off the top of my head; I may be wrong with the
filename, but the apps/ directory contains several sample applications
which showcase server- and client-cert verify callbacks; search the
apps/*.c code for places where those registration methods are called
and you'll be able to track down the verify callbacks from there.


I'll see if I can provide a little more detail this evening, but that
depends very much on what others have planned for me once I get home
;-)


Anyway, cave canem: from what I read in your request you are treading
dangerous security ground.

So far,

Ger




On Fri, Jan 23, 2009 at 2:07 PM, Ajeet kumar.S
ajeetkuma...@jasmin-infotech.com wrote:
 Dear Ger Hobbelt,
 Thank you for your help and Time.
 I want to validate only the signature of the server certificate.
 For example in peer verification, ssl will check time of client
 system(6:28PM 23 Jan 2009) to Ca root certificate validity time  after
 client hello process.

 Validity
Not Before: Aug  1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
  If in our application code I don't want to validate with system Time
 To validity period of time(Not Before and Not After).
 I want to validate to  signature of the server certificate.
 Can I validate to signature of server certificate.
 Please reply me.
 Thank you.

 Regards,

 --Ajeet  Kumar  Singh



 -Original Message-
 From: owner-openssl-us...@openssl.org
 [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ger Hobbelt
 Sent: Friday, January 23, 2009 5:04 PM
 To: openssl-users@openssl.org
 Subject: Re: How to check Server certificate and signature?

 I'm not sure what you're trying to ask/say here, but have you looked
 into the OPENSSL verify callbacks?

 ( http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html )



 On Fri, Jan 23, 2009 at 12:11 PM, Ajeet kumar.S
 ajeetkuma...@jasmin-infotech.com wrote:
 Dear All,

 I have one doubt how to check the signature. And I saw server is sending
 the
 server certificate, can we check this certificate or what is use of
 this(certificate come from server side) certificate.

 In peer verification,  at client side checking the system time, which is
  lying in the range of time given in CA certificate. If we will give wrong
 time(which is lying in between range of time in CA certificate ) instead
 of
  current time of system then also it is working. So I have doubt can we
 remove this issue or it will check server time also.

 Please tell me.





 Thank you.

 Regards,

 --Ajeet  Kumar  Singh









 --
 Met vriendelijke groeten / Best regards,

 Ger Hobbelt

 --
 web:http://www.hobbelt.com/
http://www.hebbut.net/
 mail:   g...@hobbelt.com
 mobile: +31-6-11 120 978
 --
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org






-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--
web:http://www.hobbelt.com/
http://www.hebbut.net/
mail:   g...@hobbelt.com
mobile: +31-6-11 120 978
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: force 32-bit fips

2009-01-23 Thread David Schwartz


 All,
 
 I am trying to build OpenSSL-fips-1.2 on a Solaris 10 machine 
 with Sun Studio 8 and force it to build 32-bit objects.  Is there 
 a way I can do that without changing the makefile and thus 
 violating the fips validation?

I'm not specifically familiar with 64-bit Solaris, but I know that 64-bit Linux 
has a way to set its 'personality' to 32-bit and cause automatic detection 
schemes to see it as a 32-bit machine.

But if you really need FIPS, you shouldn't screw around. Build it on a 32-bit 
machine if it's going to be used on a 32-bit machine.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: ECDSA signature verification

2009-01-23 Thread Young, Alistair

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: 23 January 2009 13:07
To: openssl-users@openssl.org
Subject: Re: ECDSA signature verification

 On Fri, Jan 23, 2009, Young, Alistair wrote:

  ... though I notice that the Security Policy document does not 
  explicitly mention ECDSA in the table of FIPS approved algorithms.

  It does mention DSA with 1024-bit keys (but has a confusing footnote

  which states that DSA supports a key size of less than 1024 bits 
  except when not in FIPS mode - is there an extra 'not' in this 
  statement?), but that perhaps doesn't cover ECDSA.

 That is correct, ECDSA is not an approved algorithm in FIPS mode.

 Steve.

Thanks for confirming this for me, Steve.

Off the top of your head, are you aware of any ECDSA implementations
which have been FIPS validated?

Alistair.

Please help Logica to respect the environment by not printing this email  /  
Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail 
/  Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei 
die Umwelt zu schuetzen  /  Por favor ajude a Logica a respeitar o ambiente não 
imprimindo este correio electrónico.

This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-fips 1.2 questions

2009-01-23 Thread joshi chandran

I have doubt regarding fips .

If i have an application which enter into the fips mode , will that make
crypto lib into the fips mode and rest of the application will also be in
fips mode . in other word whether fips mode is at system level or
application level.


Thanks
Joshi
On Fri, Jan 23, 2009 at 7:24 PM, Michal Trojnara 
michal.trojn...@mobi-com.net wrote:


 Steve Marquess marqu...@oss-institute.org wrote:
  Stunnel has official FIPS mode support.

 I'm working on some fixes to cleanly compile stunnel with openssl-fips 1.2.
  Unfortunately it looks like fipsld is no longer installed during the
 openssl-fips installation process.  Can you confirm it?  Is there a
 recommended way to find fipsld in ./configure script?

 TIA,
Michal Trojnara
  __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org




-- 
Regards
Joshi Chandran

Re: DTLS server implementation experiences and documentation

2009-01-23 Thread Wes Hardaker

 On Thu, 22 Jan 2009 06:10:36 +0100, Robin Seggelmann 
 seggelm...@fh-muenster.de said:

RS As a workaround you can use connected UDP sockets. Just use accept()
RS and connect() as you would with TCP connections and create new BIO and
RS SSL objects for every connection. I have tested that and it works
RS pretty well so far.

And that prevents OpenSSL from reading too much data from the socket?
If so, that's certainly a good thing.
-- 
In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find.  -- Terry Pratchett
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

certificate verification failed for postfix relayhost

2009-01-23 Thread gabrix

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi list !
I run debian lenny/sid and postfix is my MTA .
My relayhost uses a selfsigned CA certificate which i have imported as
/etc/ssl/certs/myisp.crt and linked as
/usr/share/ca-certificate/myisp.pem and in postfix as
/etc/postfix/CA/myisp.pem
In postfix configuration i have:
smtpd_tls_CApath = /etc/postfix/CA/
and i have my selfsigned CA cert on itself in
/etc/postfic/ssl/cacert.pem , after this i'm still getting these
warnings in mail.log:

 Jan 10 00:41:58 mail postfix/smtp[10404]: certificate verification failed for 
 smtp.myisp[111.222.222.999]:587: untrusted issuer /C=NO/O=MyISP/CN=MyISP 
 Certification Authority/emailaddress...@myisp

Should i stick both cerificates on one big file.pem in postfix like

 smtpd_tls_CAfile = /etc/postfix/ssl/file.pem   

or there is another way to make postfix successfully verify my isp CA ?

Thanks !
Gab



- --
sec   1024D/80231A90 2008-07-01
  Key fingerprint = 54AC C632 B35E FB9B 6D9F  108D DBE6 5425 8023 1A90
uid  Gabriele Lost Adm (Chiave ufficiale
Gabrix.ath.cx,ok?) ad...@gabrix.ath.cx
uid  [jpeg image of size 2989]
ssb   4096g/550632FD 2008-07-01
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkl5cRMACgkQ2+ZUJYAjGpDLmQCfX9GPFsow5gI2m+h3YwwfskG4
Z7cAoLf5ZMCPKG8ETMXnYejPpIGPGPLI
=FA3Y
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

controlling re-negotiation on TLS client

2009-01-23 Thread Jiri Klimes

Hello,

I develop an application with TLS client functionality. I use 
SSL_set_connect_state() to put openssl to client mode.
Is there any possibility how to reject re-negotiation request from server.
Now SSL_read() handles re-negotiation transparently and accept that. I'd like 
to have more control over re-negotiations.

Thanks in advance for your advices.

Regards,
Jirka


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Errors when compiling on AIX

2009-01-23 Thread bking

Hello,

I'm receiving the following error when compiling on AIX with XLC using the 
openssl-SNAP-20090123.  I receive the same error when compiling 64bit.

cc -I.. -I../.. -I../asn1 -I../evp -I../../include 
-DOPENSSL_THREADS -qt
hreaded -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro 
-qroco
nst -DSHA1_ASM -DSHA256_ASM -DAES_ASM -c bn_nist.c^M
bn_nist.c, line 390.9: 1506-1300 (W) The subscript -6 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 390.9: 1506-1300 (W) The subscript -5 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 392.9: 1506-1300 (W) The subscript -6 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 392.9: 1506-1300 (W) The subscript -5 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 484.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 484.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 484.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 486.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 486.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 486.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 486.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 490.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 490.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 490.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 490.9: 1506-1300 (W) The subscript -7 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 587.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 587.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 587.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 589.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 589.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 589.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 589.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 607.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 607.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 607.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 613.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 613.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 613.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 616.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 616.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 619.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line 622.9: 1506-1300 (W) The subscript -8 is less than zero. 
The s
ubscript of an array should be greater than or equal to zero.^M
bn_nist.c, line

Re: certificate verification failed for postfix relayhost

2009-01-23 Thread Victor Duchovni

On Fri, Jan 23, 2009 at 08:26:12AM +0100, gabrix wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512
 
 Hi list !
 I run debian lenny/sid and postfix is my MTA .
 My relayhost uses a selfsigned CA certificate which i have imported as
 /etc/ssl/certs/myisp.crt and linked as
 /usr/share/ca-certificate/myisp.pem and in postfix as
 /etc/postfix/CA/myisp.pem
 In postfix configuration i have:
 smtpd_tls_CApath = /etc/postfix/CA/

Did you run the OpenSSL c_rehash(1) utility?

 and i have my selfsigned CA cert on itself in
 /etc/postfic/ssl/cacert.pem , after this i'm still getting these
 warnings in mail.log:
 
  Jan 10 00:41:58 mail postfix/smtp[10404]: certificate verification failed 
  for smtp.myisp[111.222.222.999]:587: untrusted issuer 
  /C=NO/O=MyISP/CN=MyISP Certification Authority/emailaddress...@myisp
 
 Should i stick both cerificates on one big file.pem in postfix like
 
  smtpd_tls_CAfile = /etc/postfix/ssl/file.pem   

That would work.

 or there is another way to make postfix successfully verify my isp CA ?

Or use c_rehash(1), but be aware that it is not atomic and CA certs
may briefly disappear while c_rehash(1) is running. It is possible to fix
the c_rehash(1) Perl script to be atomic, but nobody has done that yet...

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Make test failed for Fips Capable openssl 9.8J

2009-01-23 Thread mail1957

Dr. Stephen Henson st...@openssl.org wrote:
On Fri, Jan 23, 2009, rajan chittil wrote:

Hi ,

I have gone through security policy (
http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf) and user guide.(
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf).

I have changed the configuration option to

1. opensslfips1.2
./config fipscanisterbuild
make

But still i am getting the same error

Stop.
make: The error code from the last command is 2.

Stop.

But i have tested ./fips_test_suite it work fine

$ ./fips_test_suite
FIPS-mode test application

All tests completed with 0 errors

$ ./fips_test_suite aes
FIPS-mode test application

SHA-1 hash with corrupted KAT...
ERROR:2d073065:lib=45,func=115,reason=101:file=fips_sha1_selftest.c:line=90:
Power-up self test failed

This things work fine.

Can You please tell me where i am going wrong.

Try building without the shared option and see if that works. Also make sure
the system type is consistent between the two builds... in the FIPS directory
do:

./config -t

and ensure you use that type for the 0.9.8j build.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
;-)HOWDY COWBOYS COWGIRLS
i get all your e-mail all the time every day, i develo web ages, excuse my
daughters com uter it doesnt have the letter thats missing, anyway
i must get at least12 mails a day about your develo ing secure info and netsca
e develo ment. sssi etc. dont send them
anymore, i know you use lists, take my adress off. thanx from bob in the usa!
and GOD bless all!

Re: DTLS server implementation experiences and documentation

2009-01-23 Thread Georges Le grand

 Hello David,

I wonder if you could give out a reference on how to establish a VPN using
DTLS or to tell how to do so.

Kind regards,
GLG

On Thu, Jan 22, 2009 at 7:47 AM, David Woodhouse dw...@infradead.org
wrote:

On Thu, 2009-01-22 at 06:10 +0100, Robin Seggelmann wrote:

 To avoid getting into trouble with already fixed bugs you should apply
 the patches I sent to the dev list. I'll set up a website with a patch
 collection and some instructions soon.

Is there anyone who actually cares about DTLS and getting patches
applied?

I've had patches to make OpenSSL capable of talking to production
servers out there in the wild, which use the OpenSSL-specific pre-RFC
version of DTLS and I've been able to write a complete VPN client
along with NetworkManager support, and get it into Linux distributions,
in the time it's taken to get the patch into OpenSSL... and I'm still
waiting...

It's getting to the point where I wonder if it would be quicker and
easier just to reimplement DTLS in GNUTLS and use that.

Re: no shared cipher error

2009-01-23 Thread Dan Arcari

Thanks everyone for the help, I think I am getting closer. All of the SSL
has been removed from the listener (makes much more sense to me now), and
the Init routine has had CRYPTO_malloc_init() and
ENGINE_load_builtin_engines() added (it already had the other basic
routines).

When I use my client to connect to s_server, everything works. When I try to
use s_client to connect to my server, I get a few errors:

verify error:num=18:self signed certificate

9083:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure...

This is happening on the SSL_accept, everything up until that point seems to
be OK. Both sides are using TLS1.

The certificate and key were just generated for testing purposes, we'll be
using something else in production but I don't have access to all that right
now. I believe I should be able to get this working with just the
quick/dirty key and cert.

Any insight is appreciated.

Thanks

On Thu, Jan 22, 2009 at 7:07 PM, Victor Duchovni 
victor.ducho...@morganstanley.com wrote:

 On Thu, Jan 22, 2009 at 08:51:20PM -0500, Dave Thompson wrote:

  Except as noted above, this sounds reasonable. I assume you realize
  that ALL includes, and could possibly negotiate, some weak ciphers;
  but since you're explicitly adding eNULL you apparently don't care.
  It certainly should be able to negotiate SOMETHING.

 Also, before 0.9.9, ALL may not be properly ordered by default, it
 really is safer to use:

a...@strength

 if one wants to use aNULL ciphers whenever mutually acceptable (i.e.
 nobody is checking certificates anyway), then:

aNULL:ALL:@STRENGTH

 is needed to put the aNULL (aka ADH) ciphers first (within each bit
 strength category).

 --
Viktor.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

RE: generating private and public key with alias

2009-01-23 Thread Dave Thompson

 From: Miguel [mailto:m...@moviquity.com]
 Sent: Friday, 23 January, 2009 02:40
 To: dave.thomp...@princetonpayments.com
 Subject: RE: generating private and public key with alias

It's better to reply on the list so that others can check me; added back.

 so to generate the CA private Key, can I do it like this way?

 prviate:
 openssl dsaparam -genkey 1024 -out dsaprivatekey.pem

Yes. (Assuming you want a new 1024-bit DSA key in a new group.)

 public:

 openssl req -new -x509 -days 1001 -key dsaprivatekey.pem -out ca.cert 

 although, if this is a self signed certificate, which one would be the public?

I'm not sure what your question is here. The publickey is 
_generated_ with the privatekey, as part of the keypair.
This step creates a certificate _containing_ the publickey.
A certificate always contains a public key (for some entity), 
and often is itself published e.g. put on a directory server.
Whether a certificate is selfsigned affects whether/how the relier 
decides to trust it, but not the fact it contains the publickey.

Note that both openssl by default and keytool generate certificates 
that are NOT flagged as CA certs (in BasicConstraints, or KeyUsage). 
If you use this certkey in openssl ca to sign a child cert 
and then (attempt to) use it, _some_ verifiers may reject 
on the ground that the parent cert is not a valid CA cert.  
If your verifier is picky, you need to create the CA (selfsigned) cert 
using openssl req with a config file specifying the needed extensions; 
the distributed (and hopefully installed on your system) openssl.cnf 
is a good starting point and guide.

 and, how is the similar way to get the public and private key using keytool?

At least as of recent Java (JRE) versions,
keytool -genkeypair [-keyalg DSA -validity d -alias n -keystore f -storepass p]
generates BOTH a DSA-1024 keypair AND a selfsigned cert for it 
(in one command) and puts them in the keystore under the alias.

You can get a copy of the cert out (to a file, or stdout) with 
keytool -exportcert [-file f -alias n -keystore f -storepass p] .
The default format is DER, which openssl can handle if you tell it,
but a human cannot easily recognize; use -rfc to get PEM format,
which is easier to look at, safer to transport in some situations,
and the default for openssl. If you really want the publickey alone
(not contained in a cert), openssl can extract it from the cert with
openssl x509 -in cert [-inform DER] -noout -pubkey [  key.pem ]

I believe the only way to get out the privatekey with keytool 
is to create a pkcs12-type keystore (separate from your normal one)
and import the desired entry into that.  But on my system at present 
this creates a p12 that neither openssl pkcs12 or keytool can recover
-- at least not the shrouded-keybag portion, which is the important one.
I may have a bad version of something but don't have time to investigate.

I don't know of any standard/builtin Java utility that does CA 
functionality, i.e. uses a keycert to generate/sign child certs,
so having a CA keycert in the Java keystore may be worthless.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Make test failed for Fips Capable openssl 9.8J

2009-01-23 Thread rajan chittil

I have used aix64-cc compiler to build openssl fips 1.2 But since we have
GPFS problem , we have to use xlc_r compiler to build openssl 9.8J .Since
i am using xlc_r compiler it is not created validated module. Can you please
tell me what all changes i need to do to build the openssl 9.8J by using
xlc_r compiler . I have seen some are using some patch on Makefile.shared
file etc. Can you please guide me .

Thanks

Rajan

On Sat, Jan 24, 2009 at 3:47 AM, mail1...@tds.net wrote:

Dr. Stephen Henson st...@openssl.org wrote:
On Fri, Jan 23, 2009, rajan chittil wrote:

Hi ,

I have gone through security policy (
http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf) and user
guide.(
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf).

I have changed the configuration option to

1. opensslfips1.2
./config fipscanisterbuild
make

2. openssl 9.8j
./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl

--with-fipslibdir=/home/rajan/openssl/opensslfips1.2/fips64/openssl-fips-1.2/fips
fips no-idea no-rc5 no-ec no-symlinks shared threads aix64-xlc_r
make
make test

But still i am getting the same error

Stop.
make: The error code from the last command is 2.

Stop.

But i have tested ./fips_test_suite it work fine

$ ./fips_test_suite
FIPS-mode test application

All tests completed with 0 errors

$ ./fips_test_suite aes
FIPS-mode test application

AES encryption/decryption with corrupted KAT...

ERROR:2d06e065:lib=45,func=110,reason=101:file=fips_aes_selftest.c:line=98:
Power-up self test failed
$ ./fips_test_suite sha1
FIPS-mode test application

SHA-1 hash with corrupted KAT...

ERROR:2d073065:lib=45,func=115,reason=101:file=fips_sha1_selftest.c:line=90:
Power-up self test failed

This things work fine.

Can You please tell me where i am going wrong.

Try building without the shared option and see if that works. Also make
sure
the system type is consistent between the two builds... in the FIPS
directory
do:

./config -t

and ensure you use that type for the 0.9.8j build.

[image: ;-)] HOWDY COWBOYS COWGIRLS

i get all your e-mail all the time every day, i develo web ages, excuse my
daughters com uter it doesnt have the letter thats missing, anyway

i must get at least12 mails a day about your develo ing secure info and
netsca e develo ment. sssi etc. dont send them

anymore, i know you use

Re: ECDSA signature verification

RE: ECDSA signature verification

RE: ECDSA signature verification

How to check Server certificate and signature?

Re: How to check Server certificate and signature?

Re: Make test failed for Fips Capable openssl 9.8J

RE: How to check Server certificate and signature?

Re: Make test failed for Fips Capable openssl 9.8J

RE: ECDSA signature verification

Re: ECDSA signature verification

Re: openssl-fips 1.2 questions

Re: How to check Server certificate and signature?

RE: force 32-bit fips

RE: ECDSA signature verification

Re: openssl-fips 1.2 questions

Re: DTLS server implementation experiences and documentation

certificate verification failed for postfix relayhost

controlling re-negotiation on TLS client

Errors when compiling on AIX

Re: certificate verification failed for postfix relayhost

Re: Make test failed for Fips Capable openssl 9.8J

Re: DTLS server implementation experiences and documentation

Re: no shared cipher error

RE: generating private and public key with alias

Re: Make test failed for Fips Capable openssl 9.8J

25 matches

Site Navigation

Mail list logo

Footer information