Re: additively computing SHA hash
Steve/Victor, You mean you want to do: SHA1(A) and later do: SHA1(A || B) without including A again? That is correct. Thats exactly what I want to do. You need to serialize, save and restore the intermediate state of the digest before you call final if you need to be able to append more data without re-computing the entire checksum. I am open to the idea of serializing, saving and restoring. OpenSSL does not provide a serialization interface for MD_CTX objects. Perhaps you're better off with a simpler library that does not support engines, and other features that make serialization difficult. Both of you mention that OpenSSL doesn't provide such an interface. May be this question is not appropriate for this forum, but do you know of any such simpler libraries that I might be able to use? Has anyone else on this forum ran in to a similar situation and had to dive deep in to the source code to make this work? Thanks a lot for the prompt response! Subra
Re: Extracting certificate start and end dates
Hey, I'm not extracting the start or end date but the domain name maybe this piece of code could help : I'm extracting the certificate from a PKCS#7 object but if you already have the X509 it shouldn't be a problem. I think you should take a look at X509_NAME_get_index_by_NID in de second if. X509 *userCert = NULL; STACK_OF(PKCS7_SIGNER_INFO) *stack_pkcs7_si= NULL; PKCS7_SIGNER_INFO *pkcs7_si = NULL; X509_NAME *subject = NULL; int position = 0; X509_NAME_ENTRY *entry = NULL; ASN1_STRING *asn1Data = NULL; unsigned char *entryString = NULL; if (!(stack_pkcs7_si = PKCS7_get_signer_info(pkcs7)) || !(pkcs7_si = sk_PKCS7_SIGNER_INFO_pop(stack_pkcs7_si)) || !(userCert = PKCS7_cert_from_signer_info(pkcs7, pkcs7_si))) { //remove signers stack PKCS7_SIGNER_INFO_free(pkcs7_si); sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si); return false; } PKCS7_SIGNER_INFO_free(pkcs7_si); sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si); if(!(subject = X509_get_subject_name(userCert)) || !(position = X509_NAME_get_index_by_NID(subject,NID_commonName, -1)) || !(entry = X509_NAME_get_entry(subject, position)) || !(asn1Data = X509_NAME_ENTRY_get_data(entry)) || !(entryString = ASN1_STRING_data(asn1Data))) { ASN1_STRING_free(asn1Data); //X509_NAME_ENTRY_free(entry); //X509_NAME_free(subject); //X509_free(userCert); return false; } std::string cert_domain((const char *)entryString); //remove all object ASN1_STRING_free(asn1Data); //X509_NAME_ENTRY_free(entry); //X509_NAME_free(subject); //X509_free(userCert); Op 8-jun-2010, om 02:02 heeft Dallas Clement het volgende geschreven: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. I found these two nifty functions X509_get_notBefore() and X509_get_notAfter() which return a pointer to a ASN1_TIME struct. I'm not sure where to go from here. I would like to be able to convert the ASN1_TIME to a time_t struct or something. Would one of you experts please advise the best approach? Thanks, Dallas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verifying PKCS#7
Hey I'm using this code to verify my PKCS#7 signed object and extract it from the S/MIME This code works perfectly if I test it with boost and send a mock SMIME to it. This mock up is generated with OpenSSL. But I'm trying to verify a S/MIME with the same structure that has been generated by Bouncy Castle in Java. Every time I try this I get a error that is thrown by the verify_callback function saying the certifcates can't be verified ! But I'm using the same certifcates as with OpenSSL ! Any body any advise on how to fix this ? Thanks a lot ! Regards, Niels Stevens //X509_STORE setup. int verify_callback(int ok, X509_STORE_CTX *stor) { //userfriendly error handlin = X509_verify_cert_error_string(stor-error) if (!ok) cout X509_verify_cert_error_string(stor-error) endl; //throw CCToolsException(QObject::tr(Error with certificate store !).toLatin1(), SC_ERROR_UNKNOWN ); return ok; } X509_STORE * create_store() { X509_STORE *store = NULL; X509 *caCert= NULL; BIO *cc = NULL; /* create the cert store and set the verify callback */ if (!(store = X509_STORE_new())) { KILL_STORE(store); throw CCToolsException(QObject::tr(Error creating X509_STORE_CTX object!).toLatin1(), SC_ERROR_UNKNOWN); } X509_STORE_set_verify_cb_func(store, verify_callback); if(!(cc = BIO_new(BIO_s_mem())) || !(BIO_puts(cc, ZETES_CA)) || !(caCert = PEM_read_bio_X509(cc, NULL, NULL, NULL)) || !(X509_STORE_add_cert(store,caCert))) { KILL_BIO(cc); throw CCToolsException(QObject::tr(Error adding cert to X509_STORE_CTX object!).toLatin1(), SC_ERROR_UNKNOWN); } X509_free(caCert); KILL_BIO(cc); if (X509_STORE_set_default_paths(store) != 1) { KILL_STORE(store); throw CCToolsException(QObject::tr(Error loading the system-wide CA certificates!).toLatin1(), SC_ERROR_UNKNOWN); } return store; } const bool CCToolsLocal::validateChallengeSignature(const std::string message) { X509_STORE *rootStore = NULL; BIO *in = NULL; BIO *pkcs7_bio = NULL; PKCS7 *pkcs7= NULL; BUF_MEM *bptr = NULL; std:string json_domain; authenticationFlag = false; cout message endl; if (!(rootStore = create_store())) { KILL_STORE(rootStore); return false; } cout store created succes endl; if (!(in = BIO_new(BIO_s_mem())) || !(BIO_puts(in, message.c_str( { KILL_BIO(in); KILL_STORE(rootStore); return false; } cout bio's created succes endl; //used to set mem bio react like file bio BIO_set_mem_eof_return(in, 0); if (!(pkcs7 = SMIME_read_PKCS7(in, pkcs7_bio))) { //char buf[200]; //ERR_error_string(ERR_peek_last_error(),buf); //cout buf endl; KILL_BIO(in); KILL_BIO(pkcs7_bio); KILL_STORE(rootStore); return false; } cout Smime_read_pkcs7 succes endl; BIO *json_bio = BIO_new(BIO_s_mem()); if (PKCS7_verify(pkcs7, NULL, rootStore, pkcs7_bio, json_bio, 0) != 1) { char buf[200]; ERR_error_string(ERR_peek_last_error(),buf); cout buf endl; KILL_BIO(in); KILL_BIO(pkcs7_bio); KILL_BIO(json_bio); KILL_STORE(rootStore);
Re: Extracting certificate start and end dates
On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: self-signed SSL certificates and trusted root certificate
Hi Jeff, thanks for responding, but see my comments below. -Original Message- From: Jeffrey Walton Hi Patrick, can you please elaborate on where you see a security drawback in the attack scenario you mentioned when using wildcard certs over non-wildcard certs? Principle of leat privilege dictates that only a single server (or possibly related servers) be authenticated. However, a wild card will match all hosts(some hand waiving here) - even if the host was put in place by a bad guy. I'm aware of a couple of tools that will flag it. Exchange's Security Analyzer is one of them. As long as the bad guy doesn't compromise your private key, he won't be able to impersonate any of your hosts, wildcard cert or not. Once he compromises your key, he further needs to hack your dns to redirect traffic to his hosts. With a wildcard cert he can now add his hosts without interfering with the service of yours. Without a wildcard cert he would need to do add some logic to redirect traffic to your host whlie keeping others for himself. No big deal. But once your host is hacked, I guess it's much easier to compromise your app to his needs. No need to hack further into dns, to setup a server of his own and jump through more hoops, while increasing the chance of being detected. So security-wise, I still can't see the major drawbacks you were talking about earlier. I think wildcard certs are a valid option for securing your hosts. A related attack from Black Hat: http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/Bla ckHat-DC-09-Marlinspike-Defeating-SSL.pdf. But that presentation is talking about weaknesses in standard software and the way people are using them. Whether I protect my site with a wildcard or non-wildcard cert is of no relevance here. Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about custom X509 extensions
Hi, Hex encoding surely ought to increase the size by a factor of exactly 2? (Plus a few bytes for the tag and length.) 2 is correct without the colon but the OpenSSL function I use adds them. Of course you are right, it would be possible with 2 :) An extension has an OID, a criticality flag, and a value. The value is an OCTET STRING containing the DER encoding of some ASN.1 type (defined by the extension). For a private extension you can stick any type in there you choose. An obvious choice for a binary blob is OCTET STRING. (It's probably not safe to stick any binary blob directly in the extnValue OCTET STRING, since processors (like OpenSSL) probably assume they can decode the value as DER even if they can't do much with it.) Ok, so what I am currently doing is something like asndata = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(asndata, myData, myLength); and then I add asndata to an extension I create: ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, asndata ); In the one case, myData was the hex encoded data, in the other case it was my raw binary data. Is the DER encoding included here and if not, how can I add it for the raw data? Thank you very much, Chris smime.p7s Description: S/MIME Cryptographic Signature
openssl ocsp responder unauthorised error
Hi, When will an ocsp responder respond with unauthorized error for a ocsp request. It is an windows server 2008 machine. Thanks, Arun
Re: Question about custom X509 extensions
decoder deco...@own-hero.net writes: [...] Ok, so what I am currently doing is something like asndata = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(asndata, myData, myLength); and then I add asndata to an extension I create: ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, asndata ); In the one case, myData was the hex encoded data, in the other case it was my raw binary data. Is the DER encoding included here and if not, how can I add it for the raw data? I think it's not. OpenSSL seems fine with the result, though, so perhaps you'll be OK. If you want to add in the extra layer, encode asndata using i2d_OCTET_STRING() then put the result of *that* into an ASN1_OCTET_STRING and pass the resulting ASN1_OCTET_STRING into X509_EXTENSION_create_by_NID(). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Extracting certificate start and end dates
On Tue, Jun 08, 2010, Christian Hohnstaedt wrote: On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Yes that would work fine. There isn't a function to convert to time_t at present, the actual year range of ASN1_TIME (0 to ) far exceeds that of time_t (at least the more common 32 bit version). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about custom X509 extensions
On Tue, Jun 08, 2010, Bruce Stephens wrote: decoder deco...@own-hero.net writes: [...] Ok, so what I am currently doing is something like asndata = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(asndata, myData, myLength); and then I add asndata to an extension I create: ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, asndata ); In the one case, myData was the hex encoded data, in the other case it was my raw binary data. Is the DER encoding included here and if not, how can I add it for the raw data? I think it's not. OpenSSL seems fine with the result, though, so perhaps you'll be OK. OpenSSL is fine with including raw data in an extension but it is technically illegal so added an encoded OCTET STRING in there is advisable. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl ocsp responder unauthorised error
On Tue, Jun 08, 2010, Arunkumar Manickam wrote: When will an ocsp responder respond with unauthorized error for a ocsp request. It is an windows server 2008 machine. Well when, for some reason, the rsponder doesn't like the requestor. This could be, for example, because it is expecting a signed request. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: additively computing SHA hash
On Mon, Jun 07, 2010, Subra Aswathanarayanan wrote: Steve/Victor, You mean you want to do: SHA1(A) and later do: SHA1(A || B) without including A again? That is correct. Thats exactly what I want to do. You need to serialize, save and restore the intermediate state of the digest before you call final if you need to be able to append more data without re-computing the entire checksum. I am open to the idea of serializing, saving and restoring. OpenSSL does not provide a serialization interface for MD_CTX objects. Perhaps you're better off with a simpler library that does not support engines, and other features that make serialization difficult. Both of you mention that OpenSSL doesn't provide such an interface. May be this question is not appropriate for this forum, but do you know of any such simpler libraries that I might be able to use? Has anyone else on this forum ran in to a similar situation and had to dive deep in to the source code to make this work? Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL structures are made opaque and almost certainly will fail if you have an ENGINE. What you need to do is copy the md_ctx-data (which will be a flat buffer for the software SHA1 implementation) for md_ctx-digest-md_size bytes. Save that somewhere and after calling init the second time copy it back. Do NOT try restoring the context with different versions of OpenSSL or different architectures. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Related to the license
We are planning to use the Openssl for HTTPS connection for one of our requirement. So is there anything like License version of the openssl; or we need to refer the license provided at http://www.openssl.org/source/license.html. http://www.openssl.org/source/license.html. -- View this message in context: http://old.nabble.com/Related-to-the-license-tp28817629p28817629.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: additively computing SHA hash
Stephen, Thanks for your solution. Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL structures are made opaque and almost certainly will fail if you have an ENGINE. Understood. I am new to openssl and I am reading up about 'ENGINE's in openssl. When you say it will fail when there is an 'ENGINE', do you mean if I use EVP_DIGEST functions (from the example on openssl.org), your solution will not work? If yes, is the solution as simple as using SHA1_Init, SHA1_Update, SHA1_Final functions instead? What you need to do is copy the md_ctx-data (which will be a flat buffer for the software SHA1 implementation) for md_ctx-digest-md_size bytes. Save that somewhere and after calling init the second time copy it back. Do NOT try restoring the context with different versions of OpenSSL or different architectures. Will this work with plain old SHA also? I will try to find the answers for some of the questions on my own by writing some code. But any help from your side will be much appreciated. Subra
Re: self-signed SSL certificates and trusted root certificate
Hi Patrick, As long as the bad guy doesn't compromise your private key, he won't be able to impersonate any of your hosts, wildcard cert or not. What happens in the case of a web farm behind a proxy or load balancer, where the forward facing host does SSL (perhaps through an accelerator)? Jeff On Tue, Jun 8, 2010 at 6:55 AM, Eisenacher, Patrick patrick.eisenac...@bdr.de wrote: Hi Jeff, thanks for responding, but see my comments below. -Original Message- From: Jeffrey Walton Hi Patrick, can you please elaborate on where you see a security drawback in the attack scenario you mentioned when using wildcard certs over non-wildcard certs? Principle of leat privilege dictates that only a single server (or possibly related servers) be authenticated. However, a wild card will match all hosts(some hand waiving here) - even if the host was put in place by a bad guy. I'm aware of a couple of tools that will flag it. Exchange's Security Analyzer is one of them. As long as the bad guy doesn't compromise your private key, he won't be able to impersonate any of your hosts, wildcard cert or not. Once he compromises your key, he further needs to hack your dns to redirect traffic to his hosts. With a wildcard cert he can now add his hosts without interfering with the service of yours. Without a wildcard cert he would need to do add some logic to redirect traffic to your host whlie keeping others for himself. No big deal. But once your host is hacked, I guess it's much easier to compromise your app to his needs. No need to hack further into dns, to setup a server of his own and jump through more hoops, while increasing the chance of being detected. So security-wise, I still can't see the major drawbacks you were talking about earlier. I think wildcard certs are a valid option for securing your hosts. A related attack from Black Hat: http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/Bla ckHat-DC-09-Marlinspike-Defeating-SSL.pdf. But that presentation is talking about weaknesses in standard software and the way people are using them. Whether I protect my site with a wildcard or non-wildcard cert is of no relevance here. Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: self-signed SSL certificates and trusted root certificate
Hi Jeff, -Original Message- From: Jeffrey Walton As long as the bad guy doesn't compromise your private key, he won't be able to impersonate any of your hosts, wildcard cert or not. What happens in the case of a web farm behind a proxy or load balancer, where the forward facing host does SSL (perhaps through an accelerator)? well, off-loading ssl to dedicated host(s) infront of the application servers is hopefully the standard setup we are talking about. But I don't see how your question relates to the cited snippet. Are you saying, using a wildcard cert makes a difference over using n non-wildcard certs, when the attacker has access to the ssl terminator's keystore? Or are you thinking in the direction where the attacker manages to compromise a host behind the ssl termination? Again, every compromise is bad, but it doesn't matter whether the cert on the ssl terminator is a wildcard cert or not, does it? Jeff, I'm afraid I don't get your point. Can you please describe the attack scenario you're having in mind a bit more verbosely, where using a wildcard cert has indeed a security drawback over using a non-wildcard one? Thanks, Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: additively computing SHA hash
On Tue, Jun 08, 2010, Jason Fister wrote: Stephen, Thanks for your solution. Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL structures are made opaque and almost certainly will fail if you have an ENGINE. Understood. I am new to openssl and I am reading up about 'ENGINE's in openssl. When you say it will fail when there is an 'ENGINE', do you mean if I use EVP_DIGEST functions (from the example on openssl.org), your solution will not work? If yes, is the solution as simple as using SHA1_Init, SHA1_Update, SHA1_Final functions instead? If you don't know what an ENGINE is you probably aren't using one. They can contain alternative algorithm implementations in either software or hardware. The reason why this may not work with an ENGINE is the data inside may contain anything including pointers to internal contexts in hardware which wont be properly saved or restored. What you need to do is copy the md_ctx-data (which will be a flat buffer for the software SHA1 implementation) for md_ctx-digest-md_size bytes. Save that somewhere and after calling init the second time copy it back. Do NOT try restoring the context with different versions of OpenSSL or different architectures. Will this work with plain old SHA also? I will try to find the answers for some of the questions on my own by writing some code. But any help from your side will be much appreciated. It should work with any of the standard OpenSSL software implementations. So that includs SHA, MD5, SHA256 etc. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org