Is there another way to load RSA public than from a file?
Hello, I'm just starting with openssl and public key encryption. I'm trying to encrypt certain knowledge in a C++ application, and I already have a working code but functions such as PEM_read_RSA_PUBKEY read the public key data from a file. The natural workaround of course is to implant the public key in a header and write it to a temporary file at runtime and then load it to the RSA- structure. Is there a way to load the header data directly to the RSA- structure? All help is appreciated. Cheers
RE: TLS, BIOs, SSL_read/write
Hi n8, I am converting a TLS server(which uses one thread per client) to use IOCP (in Windows 2008 server). All your answers have cleared my doubts on IOCP threading vs SSL thread-safe issues. Could you please reply, were you able to successfully implement your SSL server with 4 worker threads to handle multiple(or thousands) SSL clients (using IOCP) successfully? For now, I would like to know implementing SSL server via IOCP is feasible? I will study / design further based on your reply. Thanks Vadi n8leon wrote: Again, thanks for all the pointers, these are really helpful getting me going in the right direction. I am still digesting all of your info, but wanted to discuss this point further, as it almost sounds like a show-stopper: be aware that SSL BIO's (and (SSL*) sessions!) are 'threadsafe' in the sense that OpenSSL *assumes* a (SSL *) or /any/ BIO remains inside a single thread from the moment it becomes 'active', i.e. is set up / is going to do some work. As you pointed out, the IOCP model does NOT tie a socket to a single thread. In fact, I will likely have four worker threads receiving traffic off the wire, hopefully supporting many thousands of simultaneous client sessions, and each client session consisting of multiple command/data submissions. Thus, it is most likely that all of the submissions from a single client session will NOT hit the same worker thread in my application. I have extended the OVERLAPPED object in my app to include things such as session state, and was planning to include a TLSWrapper object there (encapsulates SSL* m_ssl, BIO_pair, etc...) as well so that each client submission during a session will get the same SSL* object. However, this implies that various threads may work on one of my SSL* object during the life of a client session. It sounds like you are saying this is not going to work? Note, my app guarantees any m_ssl object will NOT get picked up by two threads simultaneously, so any given m_ssl object will only get touched by one thread at a time. But are you saying the SSL* object ties itself to the specific thread that set it up? That doesn't make sense to me, so I'm hoping that I'm just reading too much into your statement. Otherwise, it sounds like I would have to setup and tear down the SSL objects every time a client submits data to my app during a single session? (could be hundreds or thousands of separate client submissions during the life of a single client session) Thanks, n8 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/TLS%2C-BIOs%2C-SSL_read-write-tp22507857p32691793.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl s_client -dtls1 and ECC key
Hi Erwin, Thanks for the report. I found the bug and submitted a patch (#2628). You can also download it from our website at http://sctp.fh-muenster.de/dtls-patches.html and it would be very helpful if you can confirm that the patch fixes your issue. Robin On Oct 12, 2011, at 11:33 PM, Erwin Himawan wrote: Hi, Does anybody know whether openssl s_client and s_server support the use of -dtls1 option while the server uses ECC key? The issuing CA and root CA use ECC keypair. These are my openssl s_server and s_client options: openssl s_server -accept 12000 -cert server.pem -certform pem -key server_key.pem -keyform pem -CApath . -CAfile CAECCRoot.pem -dtls1 -cipher ALL -debug -msg -state openssl s_client -connect:10.8.122.106:12000 -CApath . -CAfile CAECCRoot.pem -dtls1 -cipher ALL -debug -msg -state When I attempted to do this, the s_client gives error: SSL3 alert write:fatal:decrypt error SSL_connect:error in SSLv3 read server key exchange B 5551756:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1610 further down, I notice that the Verify return code: 0 (ok). I also use openssl verify to verify the server certificate using the issuing CA and root CA. The result agrees with the result shown by the s_client debug message. On the second note, I also try the s_server with RSA keypair, issued by the same issuing CA; the server certificate has RSA public key with signature algorithm is ecdsa-with-SHA256. In this scenario, the s_client was able to establish tls connection with the s-server. Does this mean that the openssl s_client and s_server does not support ECC keypair? Any pointer or idea how further troubleshoot this? Thanks, Erwin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is there another way to load RSA public than from a file?
Use BIO_read_bio_RSA_PUBKEY() with BIO_new_mem_buf() to read directly from memory. For even more efficient code, use the openssl rsa command at build time to convert the PEM file to DER format before embedding it in your code, then simply pass that data to d2i_RSA_PUBKEY directly. This will make the embedded data 25% smaller by skipping the Base64 encoding. On 10/21/2011 9:23 AM, Väinö Leppänen wrote: Hello, I'm just starting with openssl and public key encryption. I'm trying to encrypt certain knowledge in a C++ application, and I already have a working code but functions such as PEM_read_RSA_PUBKEY read the public key data from a file. The natural workaround of course is to implant the public key in a header and write it to a temporary file at runtime and then load it to the RSA- structure. Is there a way to load the header data directly to the RSA- structure? All help is appreciated. Cheers __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Failing to verify the certificate of one specific site
According to the Digicert CPS http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf, that DigiCert root is cross-certified by the Entrust root. Some trusted certificate bundles include only the Entrust root CA and will need the Entrust-signed cross intermediary certificate to validate, other trusted certificate bundles include the Digicert self-signed root for this key directly. It is expected from the standards and the behavior of other X.509 libraries that upon seeing the keyid of a known root, the library should stop following the chain and ignore any extra certificate provided by the entity being verified. On 10/21/2011 3:10 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Lucas Clemente Vella Sent: Wednesday, 19 October, 2011 22:44 snip: connect to graph.facebook.com:443 using cafile=DigiCertHighAssuranceEVRootCA.crt gets rc=20 Then I found this directory in my system, /etc/ssl/certs, containing my installed CA roots, which I provided to OpenSSL, instead of the certificate file:and got rc=0 It seems to me that there is one certificate installed in /etc/ssl/certs, which is different from the on I was providing, that is being used to verify the host. If it is so, how can I know what certificate is being used? And why Firefox and Chrome both use the former certificate I provided, while OpenSSL is unable to use it for the same host? s_client shows that host is providing a chain which has at #2 Digicert High Assurance EV Root CA not actually a root but instead isssued by Entrust.net Secure Server Certification Authority. Such a cert with SHA1 99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539 found at www.entrust.net Download roots does verify the chain, and is in my Windows/IE(7) and FF3.6 and Java(6u24) truststores out of the box, so if your /etc/ssl/certs was put together with the usual suspects (a la Casablanca) very likely it's in there. The #2 from graph.facebook.com and the root from digicert.com have the same public key and keyid so either one can verify the children (which (both) have AKI.keyid). I don't know why both forms exist and I don't see anything obvious on the Digicert website about it. The dates are different: the #2 is 20061001 to 20140726 while the true root is 20061110 to 2030; possibly digicert initially got cross-signed by entrust and then established their own root(s). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA Cipher using openssl
Please reply me too, I don't have openssl-users subscription. I want to create a crypto objects using RSA keys so that I can get cipher update and final kind of behavior. I have written this code and it works fine on one machine. #include stdio.h #include stdlib.h #include openssl/evp.h #include openssl/pem.h #include openssl/rsa.h #include openssl/err.h int main(int argc, char *argv[]) { RSA *rsa=NULL,*rsaPvt=NULL,*rsaPub=NULL; EVP_PKEY *evpPvt=NULL; EVP_PKEY *evpPub=NULL; BIGNUM *e=NULL; rsa=RSA_new(); e = BN_new();BN_set_word(e, 65537); RSA_generate_key_ex(rsa,2046,e,NULL); rsaPub=RSAPublicKey_dup(rsa); rsaPvt=RSAPrivateKey_dup(rsa); //evp object evpPvt = (EVP_PKEY*) EVP_PKEY_new(); EVP_PKEY_assign_RSA( (EVP_PKEY*) evpPvt,rsaPvt); evpPub= (EVP_PKEY*) EVP_PKEY_new(); EVP_PKEY_assign_RSA( (EVP_PKEY*)evpPub,rsaPub); unsigned char data[1024]=ASDsdasdsdsdasdsadadsadsadasdsadasddasdadasdasdasdasddasdasdsdasdsadasdsadasdsaddasddasdasdsadasdasdsadasdasdasdsadsadasdasdasdsaddasdasdasdasdasdsadasd; unsigned char *enc_out=(unsigned char*) malloc(1024 + EVP_MAX_IV_LENGTH); unsigned char *dec_out=(unsigned char*) malloc(1024 + EVP_MAX_IV_LENGTH); unsigned char *enc_out1=enc_out; unsigned char *dec_out1=dec_out; unsigned int enc_out_len=1024 + EVP_MAX_IV_LENGTH; unsigned int dec_out_len=1024 + EVP_MAX_IV_LENGTH; int temp=0; unsigned int total_out=0; unsigned char *ek; int eklen; unsigned char iv[EVP_MAX_IV_LENGTH]; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); eklen=EVP_PKEY_size(evpPub); ek = (unsigned char*) malloc(eklen); if (!EVP_SealInit(ctx, EVP_aes_128_ecb(), ek, eklen, iv, evpPub, 1)) { fprintf(stderr, EVP_SealInit: failed.\n); } temp=1024 + EVP_MAX_IV_LENGTH; if (!EVP_SealUpdate(ctx, enc_out, temp, data, 1024)) { fprintf(stderr, EVP_SealUpdate: failed.\n); } total_out+=temp; enc_out=enc_out+temp; temp=enc_out_len-temp; if (!EVP_SealFinal(ctx, enc_out, temp)) { fprintf(stderr, EVP_SealFinal: failed.\n); } total_out+=temp; EVP_CIPHER_CTX_cleanup(ctx); enc_out=enc_out1; EVP_CIPHER_CTX_init(ctx); if (!EVP_OpenInit(ctx, EVP_aes_128_ecb(), ek, eklen, iv,evpPvt)) { fprintf(stderr, EVP_SealInit: failed.\n); } temp=1024 + EVP_MAX_IV_LENGTH; if (!EVP_OpenUpdate(ctx, dec_out, temp, enc_out, total_out)) { fprintf(stderr, EVP_SealUpdate: failed.\n); } total_out=0; total_out+=temp; dec_out=dec_out+temp; temp=dec_out_len-temp; if (!EVP_OpenFinal(ctx, dec_out, temp)) { fprintf(stderr, EVP_SealFinal: failed.\n); } total_out+=temp; dec_out=dec_out1; EVP_CIPHER_CTX_cleanup(ctx); } But now problem is if I transfer the encrypted data to other machine then how other machine knows about the key (ek) used in EVP_OpenInit to create the decryption context . Some how I need to transfer this (ek) to other side. But first place why does it need to specify the encryption algorithm internally it should use the appropriate RSA cipher algo. Other this in other crypto system like cryptopp, library internally uses its own crypto algorithm. But here we need to specify this. Why it is so? If it needs it which algorithm should I use for the RSA encyption. So that other RSA cipher implementation understands this. Also tell me Is it the correct way of doing it or some other way I should do it. I know about this implement ion but I don't want to use this. int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); Please help. Thanks -Trilok
A (client's) revoked certificate verifies as OK?!?!!
Hi, I'm having a problem where my 'server' code verifies a client as OK, even though their cert was revoked. I've tested my client against openssl s_server, which properly states: verify error:num=23:certificate revoked, so I know the cert/ca is setup OK. Some relevant server code: /* set verify params */ SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,NULL); SSL_CTX_set_verify_depth(ctx,1); //played with different values, doesn't have an effect /* wait for connection */ if(BIO_do_accept(abio) = 0) { //cleanup and exit } //process concetion (prob on a neew thread) out = BIO_pop(abio); //do SSL handshake if(BIO_do_handshake(out) = 0){ printf(Handshake failed.\n); ERR_print_errors_fp(stdout); //cut some cleanup… return -1;} //validate cert... SSL *ssl2; BIO_get_ssl(out,ssl2); //verify conn if(SSL_get_verify_result(ssl2) != X509_V_OK) { //never gets here } else printf(verified ok %ld\n,SSL_get_verify_result(ssl2)); So it always prints verified ok 0 - which is the verified code. Any ideas?? Thanks!! -- View this message in context: http://old.nabble.com/A-%28client%27s%29-revoked-certificate-verifies-as-OK-%21-%21%21-tp32695926p32695926.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is there another way to load RSA public than from a file?
From: Väinö Leppänen narcomaco...@gmail.com Date: 10/21/2011 03:27 AM I'm just starting with openssl and public key encryption. I'm trying to encrypt certain knowledge in a C++ application, and I already have a working code but functions such as PEM_read_RSA_PUBKEY read the public key data from a file. The natural workaround of course is to implant the public key in a header and write it to a temporary file at runtime and then load it to the RSA- structure. Is there a way to load the header data directly to the RSA- structure? Do I understand that you have a raw public key as a byte array in a header, and you want to create the RSA structure from it? If so: RSA_new() BN_bin2bn(n) convert public modulus to bignum BN_bin2bn(e) convert exponent to bignum RSA-n = n bignum RSA-e = e bignum
Re: Failing to verify the certificate of one specific site
2011/10/21 Jakob Bohm jb-open...@wisemo.com: According to the Digicert CPS http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf, that DigiCert root is cross-certified by the Entrust root. Some trusted certificate bundles include only the Entrust root CA and will need the Entrust-signed cross intermediary certificate to validate, other trusted certificate bundles include the Digicert self-signed root for this key directly. It is expected from the standards and the behavior of other X.509 libraries that upon seeing the keyid of a known root, the library should stop following the chain and ignore any extra certificate provided by the entity being verified. So, the behavior I get with OpenSSL when using the Digicert root is non-conformant with X.509? The peer's certificate should have been verified when I provided the Digicert root? -- Lucas Clemente Vella lve...@gmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Auto Reply: Re: Failing to verify the certificate of one specific site
I am out of the office on vacation until Tuesday 25th October. For urgent issues please contact Markus Flierl or Steven De Tar. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Auto Reply: Auto Reply: Re: Failing to verify the certificate of one specific site
I am out of the office on vacation until Tuesday 25th October. For urgent issues please contact Markus Flierl or Steven De Tar. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org