Is there another way to load RSA public than from a file?

2011-10-21 Thread Väinö Leppänen 
Hello,

I'm just starting with openssl and public key encryption.
I'm trying to encrypt certain knowledge in a C++ application,
and I already have a working code but functions such as
PEM_read_RSA_PUBKEY
read the public key data from a file. The natural workaround
of course is to implant the public key in a header and write
it to a temporary file at runtime and then load it to the RSA-
structure.

Is there a way to load the header data directly to the RSA-
structure?

All help is appreciated.
Cheers

RE: TLS, BIOs, SSL_read/write

2011-10-21 Thread Vadi 

Hi n8,

I am converting a TLS server(which uses one thread per client) to use IOCP
(in Windows 2008 server).

All your answers have cleared my doubts on IOCP threading vs SSL thread-safe
issues.

Could you please reply, were you able to successfully implement your SSL
server with 4 worker threads to handle multiple(or thousands) SSL clients
(using IOCP) successfully? 

For now, I would like to know implementing SSL server via IOCP is feasible?

I will study / design further based on your reply.

Thanks
Vadi


n8leon wrote:
 
 Again, thanks for all the pointers, these are really helpful getting
 me going in the right direction.
 I am still digesting all of your info, but wanted to discuss this
 point further, as it almost sounds like a show-stopper:
 
 be aware that SSL BIO's (and (SSL*) sessions!) are 'threadsafe' in the
 sense that OpenSSL *assumes* a (SSL *) or
 /any/ BIO remains inside a single thread from the moment it becomes
 'active', i.e. is set up / is going to do some work.
 
 As you pointed out, the IOCP model does NOT tie a socket to a single
 thread.  In fact, I will likely have four worker threads receiving
 traffic off the wire, hopefully supporting many thousands of
 simultaneous client sessions, and each client session consisting of
 multiple command/data submissions.  Thus, it is most likely that all
 of the submissions from a single client session will NOT hit the same
 worker thread in my application.
 
 I have extended the OVERLAPPED object in my app to include things such
 as session state, and was planning to include a TLSWrapper object
 there (encapsulates SSL* m_ssl, BIO_pair, etc...) as well so that each
 client submission during a session will get the same SSL* object.
 However, this implies that various threads may work on one of my SSL*
 object during the life of a client session.  It sounds like you are
 saying this is not going to work?  Note, my app guarantees any m_ssl
 object will NOT get picked up by two threads simultaneously, so any
 given m_ssl object will only get touched by one thread at a time.
 
 But are you saying the SSL* object ties itself to the specific thread
 that set it up?  That doesn't make sense to me, so I'm hoping that I'm
 just reading too much into your statement.  Otherwise, it sounds like
 I would have to setup and tear down the SSL objects every time a
 client submits data to my app during a single session? (could be
 hundreds or thousands of separate client submissions during the life
 of a single client session)
 
 Thanks,
 n8
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
 
 

-- 
View this message in context: 
http://old.nabble.com/TLS%2C-BIOs%2C-SSL_read-write-tp22507857p32691793.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl s_client -dtls1 and ECC key

2011-10-21 Thread Robin Seggelmann 
Hi Erwin,

Thanks for the report. I found the bug and submitted a patch (#2628). You can 
also download it from our website at 
http://sctp.fh-muenster.de/dtls-patches.html and it would be very helpful if 
you can confirm that the patch fixes your issue.

Robin


On Oct 12, 2011, at 11:33 PM, Erwin Himawan wrote:

 Hi,
 
 Does anybody know whether openssl s_client and s_server support the use of 
 -dtls1 option while the server uses ECC key?
 The issuing CA and root CA use ECC keypair.
 
 These are my openssl s_server and s_client options:
 openssl s_server -accept 12000 -cert server.pem -certform pem -key 
 server_key.pem -keyform pem -CApath . -CAfile CAECCRoot.pem -dtls1 -cipher 
 ALL -debug -msg -state
 openssl s_client -connect:10.8.122.106:12000 -CApath . -CAfile CAECCRoot.pem 
 -dtls1 -cipher ALL -debug -msg -state
 
 When I attempted to do this, the s_client gives error:
 
 SSL3 alert write:fatal:decrypt error
 SSL_connect:error in SSLv3 read server key exchange B
 5551756:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad 
 signature:s3_clnt.c:1610
 
 further down, I notice that the Verify return code: 0 (ok).
 
 I also use openssl verify to verify the server certificate using the issuing 
 CA and root CA. The result agrees with the result shown by the s_client debug 
 message.
 
 On the second note, I also try the s_server with RSA keypair, issued by the 
 same issuing CA; the server certificate has RSA public key with signature 
 algorithm is ecdsa-with-SHA256.
 In this scenario, the s_client was able to establish tls connection with the 
 s-server.
 
 Does this mean that the openssl s_client and s_server does not support ECC 
 keypair?
 
 Any pointer or idea how further troubleshoot this?
 
 Thanks,
 Erwin

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Is there another way to load RSA public than from a file?

2011-10-21 Thread Jakob Bohm 

Use BIO_read_bio_RSA_PUBKEY() with BIO_new_mem_buf()
to read directly from memory.

For even more efficient code, use the openssl rsa command
at build time to convert the PEM file to DER format before
embedding it in your code, then simply pass that data to
d2i_RSA_PUBKEY directly.  This will make the embedded
data 25% smaller by skipping the Base64 encoding.

On 10/21/2011 9:23 AM, Väinö Leppänen wrote:

Hello,

I'm just starting with openssl and public key encryption.
I'm trying to encrypt certain knowledge in a C++ application,
and I already have a working code but functions such as
PEM_read_RSA_PUBKEY
read the public key data from a file. The natural workaround
of course is to implant the public key in a header and write
it to a temporary file at runtime and then load it to the RSA-
structure.

Is there a way to load the header data directly to the RSA-
structure?

All help is appreciated.
Cheers


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Failing to verify the certificate of one specific site

2011-10-21 Thread Jakob Bohm 
According to the Digicert CPS 
http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf,

that DigiCert root is cross-certified by the Entrust root.  Some trusted
certificate bundles include only the Entrust root CA and will need the
Entrust-signed cross intermediary certificate to validate, other trusted
certificate bundles include the Digicert self-signed root for this key 
directly.


It is expected from the standards and the behavior of other X.509 
libraries that
upon seeing the keyid of a known root, the library should stop 
following the
chain and ignore any extra certificate provided by the entity being 
verified.



On 10/21/2011 3:10 AM, Dave Thompson wrote:

From: owner-openssl-us...@openssl.org On Behalf Of Lucas Clemente Vella
Sent: Wednesday, 19 October, 2011 22:44

snip: connect to graph.facebook.com:443 using
   cafile=DigiCertHighAssuranceEVRootCA.crt gets rc=20

Then I found this directory in my system, /etc/ssl/certs, containing
my installed CA roots, which I provided to OpenSSL, instead of the
certificate file:and got rc=0
It seems to me that there is one certificate installed in
/etc/ssl/certs, which is different from the on I was providing, that
is being used to verify the host. If it is so, how can I know what
certificate is being used? And why Firefox and Chrome both use the
former certificate I provided, while OpenSSL is unable to use it for
the same host?


s_client shows that host is providing a chain which has at #2
Digicert High Assurance EV Root CA not actually a root but instead
isssued by Entrust.net Secure Server Certification Authority.
Such a cert with SHA1 99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539
found at www.entrust.net Download roots does verify the chain,
and is in my Windows/IE(7) and FF3.6 and Java(6u24) truststores
out of the box, so if your /etc/ssl/certs was put together with
the usual suspects (a la Casablanca) very likely it's in there.

The #2 from graph.facebook.com and the root from digicert.com have
the same public key and keyid so either one can verify the children
(which (both) have AKI.keyid). I don't know why both forms exist
and I don't see anything obvious on the Digicert website about it.
The dates are different: the #2 is 20061001 to 20140726 while the
true root is 20061110 to 2030; possibly digicert initially got
cross-signed by entrust and then established their own root(s).


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: RSA Cipher using openssl

2011-10-21 Thread trilok nuwal 
Please reply me too, I don't have openssl-users subscription.

I want to create a crypto objects using RSA keys  so that I can get cipher
 update and final kind of behavior.
 I have written this code and it works fine on one machine.


 #include stdio.h
 #include stdlib.h

 #include openssl/evp.h
 #include openssl/pem.h
 #include openssl/rsa.h
 #include openssl/err.h


 int main(int argc, char *argv[])
 {

RSA *rsa=NULL,*rsaPvt=NULL,*rsaPub=NULL;
 EVP_PKEY *evpPvt=NULL;
 EVP_PKEY *evpPub=NULL;



 BIGNUM *e=NULL;

 rsa=RSA_new();
 e = BN_new();BN_set_word(e, 65537);

 RSA_generate_key_ex(rsa,2046,e,NULL);

 rsaPub=RSAPublicKey_dup(rsa);
 rsaPvt=RSAPrivateKey_dup(rsa);


 //evp object
 evpPvt = (EVP_PKEY*) EVP_PKEY_new();
 EVP_PKEY_assign_RSA( (EVP_PKEY*) evpPvt,rsaPvt);

 evpPub=  (EVP_PKEY*) EVP_PKEY_new();
 EVP_PKEY_assign_RSA( (EVP_PKEY*)evpPub,rsaPub);



 unsigned char
 data[1024]=ASDsdasdsdsdasdsadadsadsadasdsadasddasdadasdasdasdasddasdasdsdasdsadasdsadasdsaddasddasdasdsadasdasdsadasdasdasdsadsadasdasdasdsaddasdasdasdasdasdsadasd;
 unsigned char *enc_out=(unsigned char*) malloc(1024 +
 EVP_MAX_IV_LENGTH);
 unsigned char *dec_out=(unsigned char*) malloc(1024 +
 EVP_MAX_IV_LENGTH);

 unsigned char *enc_out1=enc_out;
 unsigned char *dec_out1=dec_out;

 unsigned int enc_out_len=1024 + EVP_MAX_IV_LENGTH;
 unsigned int dec_out_len=1024 + EVP_MAX_IV_LENGTH;
 int temp=0;
 unsigned int total_out=0;


 unsigned char *ek;
 int eklen;
 unsigned char iv[EVP_MAX_IV_LENGTH];

 EVP_CIPHER_CTX ctx;

 EVP_CIPHER_CTX_init(ctx);
 eklen=EVP_PKEY_size(evpPub);
 ek = (unsigned char*) malloc(eklen);

 if (!EVP_SealInit(ctx, EVP_aes_128_ecb(), ek, eklen, iv, evpPub,
 1))
 {
 fprintf(stderr, EVP_SealInit: failed.\n);
 }

 temp=1024 + EVP_MAX_IV_LENGTH;

 if (!EVP_SealUpdate(ctx, enc_out, temp, data, 1024))
  {
   fprintf(stderr, EVP_SealUpdate: failed.\n);

   }
 total_out+=temp;
 enc_out=enc_out+temp;
 temp=enc_out_len-temp;
 if (!EVP_SealFinal(ctx, enc_out, temp))
 {
 fprintf(stderr, EVP_SealFinal: failed.\n);
 }
 total_out+=temp;

 EVP_CIPHER_CTX_cleanup(ctx);

 enc_out=enc_out1;

 EVP_CIPHER_CTX_init(ctx);

 if (!EVP_OpenInit(ctx, EVP_aes_128_ecb(), ek, eklen, iv,evpPvt))
 {
 fprintf(stderr, EVP_SealInit: failed.\n);
 }

 temp=1024 + EVP_MAX_IV_LENGTH;

 if (!EVP_OpenUpdate(ctx, dec_out, temp, enc_out, total_out))
 {
  fprintf(stderr, EVP_SealUpdate: failed.\n);

 }
 total_out=0;
 total_out+=temp;
 dec_out=dec_out+temp;
 temp=dec_out_len-temp;

 if (!EVP_OpenFinal(ctx, dec_out, temp))
 {
 fprintf(stderr, EVP_SealFinal: failed.\n);
 }
 total_out+=temp;

 dec_out=dec_out1;
 EVP_CIPHER_CTX_cleanup(ctx);


 }

 But now problem is if I transfer the encrypted data to other machine then
 how other machine knows about the key (ek) used in EVP_OpenInit to create
 the decryption context . Some how I need to transfer this (ek) to other
 side. But first place why does it need to specify the encryption algorithm
 internally it should use the appropriate
 RSA cipher algo.

 Other this in other crypto system like cryptopp, library internally uses
 its own crypto algorithm. But here we need to specify this. Why it is so?

 If it needs it which algorithm should I use for the RSA encyption. So that
 other RSA cipher implementation understands this.

 Also tell me Is it the correct way of doing it or some other way I should
 do it.

 I know about this implement ion but I don't want to use this.

  int RSA_public_encrypt(int flen, unsigned char *from,
 unsigned char *to, RSA *rsa, int padding);
  int RSA_private_decrypt(int flen, unsigned char *from,
 unsigned char *to, RSA *rsa, int padding);
  int RSA_private_encrypt(int flen, unsigned char *from,
 unsigned char *to, RSA *rsa,int padding);
  int RSA_public_decrypt(int flen, unsigned char *from,
 unsigned char *to, RSA *rsa,int padding);


 Please help.

 Thanks
 -Trilok

A (client's) revoked certificate verifies as OK?!?!!

2011-10-21 Thread npmz 

Hi,

I'm having a problem where my 'server' code verifies a client as OK, even
though their cert was revoked.

I've tested my client against openssl s_server, which properly states:
verify error:num=23:certificate revoked, so I know the cert/ca is setup OK.

Some relevant server code:

/* set verify params */
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,NULL);
SSL_CTX_set_verify_depth(ctx,1); //played with different values, doesn't
have an effect

 /* wait for connection */
 if(BIO_do_accept(abio) = 0) {  //cleanup and exit }

//process concetion (prob on a neew thread)
out = BIO_pop(abio);

 //do SSL handshake
 if(BIO_do_handshake(out) = 0){
printf(Handshake failed.\n);
ERR_print_errors_fp(stdout);
//cut some cleanup… 
return -1;}

//validate cert...
SSL *ssl2;
BIO_get_ssl(out,ssl2);

//verify conn
if(SSL_get_verify_result(ssl2) != X509_V_OK)
{
//never gets here 
}
else 
printf(verified ok %ld\n,SSL_get_verify_result(ssl2)); 


So it always prints verified ok 0 - which is the verified code.
Any ideas??

Thanks!!
-- 
View this message in context: 
http://old.nabble.com/A-%28client%27s%29-revoked-certificate-verifies-as-OK-%21-%21%21-tp32695926p32695926.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Is there another way to load RSA public than from a file?

2011-10-21 Thread Kenneth Goldman 
 From: Väinö Leppänen narcomaco...@gmail.com
 Date: 10/21/2011 03:27 AM
 
 I'm just starting with openssl and public key encryption.
 I'm trying to encrypt certain knowledge in a C++ application,
 and I already have a working code but functions such as
 PEM_read_RSA_PUBKEY
 read the public key data from a file. The natural workaround
 of course is to implant the public key in a header and write
 it to a temporary file at runtime and then load it to the RSA-
 structure.
 
 Is there a way to load the header data directly to the RSA-
 structure?

Do I understand that you have a raw public key as a byte array
in a header, and you want to create the RSA structure from it?
If so:

RSA_new()
BN_bin2bn(n) convert public modulus to bignum
BN_bin2bn(e) convert exponent to bignum
RSA-n = n bignum
RSA-e = e bignum

Re: Failing to verify the certificate of one specific site

2011-10-21 Thread Lucas Clemente Vella 
2011/10/21 Jakob Bohm jb-open...@wisemo.com:
 According to the Digicert CPS
 http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf,
 that DigiCert root is cross-certified by the Entrust root.  Some trusted
 certificate bundles include only the Entrust root CA and will need the
 Entrust-signed cross intermediary certificate to validate, other trusted
 certificate bundles include the Digicert self-signed root for this key
 directly.

 It is expected from the standards and the behavior of other X.509 libraries
 that
 upon seeing the keyid of a known root, the library should stop following
 the
 chain and ignore any extra certificate provided by the entity being
 verified.

So, the behavior I get with OpenSSL when using the Digicert root is
non-conformant with X.509? The peer's certificate should have been
verified when I provided the Digicert root?

-- 
Lucas Clemente Vella
lve...@gmail.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Auto Reply: Re: Failing to verify the certificate of one specific site

2011-10-21 Thread darren . moffat 
I am out of the office on vacation until Tuesday 25th October.

For urgent issues please contact Markus Flierl or Steven De Tar.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Auto Reply: Auto Reply: Re: Failing to verify the certificate of one specific site

2011-10-21 Thread darren . moffat 
I am out of the office on vacation until Tuesday 25th October.

For urgent issues please contact Markus Flierl or Steven De Tar.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org