Cannot decrypt file - maybe wrong key?

2011-10-23 Thread James Coldwell 
Hello List,

I'm trying to decrypt a backup file, using
openssl enc -d -aes-256-cbc -in etc.bz2.aes256 -out etc.tar.bz2 -pass
file:autobackup.aeskey
It returns
bad decrypt
34560:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad
decrypt:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/evp/evp_enc.c:330:

I encrypted the file using
openssl enc -aes-256-cbc -salt -in etc.bz2 -out etc.bz2.aes256 -pass
file:autobackup.aeskey

Now, I'm fairly certain that it's the same key but not 100%.
Is there some other reason the decrypt could fail?

Regards,
James
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl s_client -dtls1 and ECC key

2011-10-23 Thread Erwin Himawan 
I would like to follow up on the path that Robin provided to fix bug
associated with DTLS issue when using ECC keypair.

In summary, I was able to apply the patch into openssl-1.0.0e.  I verified
that the patch fixed the issued associated with bad encryption error.  I
verified the dtls1 connection (s_client and s_server) with and without
-Verify at the server.  The server, issuing CA, and root CA use prime256v1
curve. The cert signature is ecdsa-with-sha256.

Thanks to  Robin.

Erwin



On Fri, Oct 21, 2011 at 10:30 AM, Robin Seggelmann 
seggelm...@fh-muenster.de wrote:

 Hi Erwin,

 The patch is for the current release 1.0.0e but should work with 1.0.0d as
 well. However, I recommend using 1.0.0e anyway because several bugs have
 been fixed in this version, as you might have seen on our website.

 Robin


 On 21.10.2011, at 17:27, Erwin Himawan wrote:

  Robin,
 
  Thanks for looking into this. Is this patch applicable to openssl-1.0.0d,
 or is it for another release?
 
   I will definitely let you know whether the patch solve the issue.
 
  Erwin
 
  On Fri, Oct 21, 2011 at 2:44 AM, Robin Seggelmann 
 seggelm...@fh-muenster.de wrote:
  Hi Erwin,
 
  Thanks for the report. I found the bug and submitted a patch (#2628). You
 can also download it from our website at
 http://sctp.fh-muenster.de/dtls-patches.html and it would be very helpful
 if you can confirm that the patch fixes your issue.
 
  Robin
 
 
  On Oct 12, 2011, at 11:33 PM, Erwin Himawan wrote:
 
   Hi,
  
   Does anybody know whether openssl s_client and s_server support the use
 of -dtls1 option while the server uses ECC key?
   The issuing CA and root CA use ECC keypair.
  
   These are my openssl s_server and s_client options:
   openssl s_server -accept 12000 -cert server.pem -certform pem -key
 server_key.pem -keyform pem -CApath . -CAfile CAECCRoot.pem -dtls1 -cipher
 ALL -debug -msg -state
   openssl s_client -connect:10.8.122.106:12000 -CApath . -CAfile
 CAECCRoot.pem -dtls1 -cipher ALL -debug -msg -state
  
   When I attempted to do this, the s_client gives error:
  
   SSL3 alert write:fatal:decrypt error
   SSL_connect:error in SSLv3 read server key exchange B
   5551756:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
 signature:s3_clnt.c:1610
  
   further down, I notice that the Verify return code: 0 (ok).
  
   I also use openssl verify to verify the server certificate using the
 issuing CA and root CA. The result agrees with the result shown by the
 s_client debug message.
  
   On the second note, I also try the s_server with RSA keypair, issued by
 the same issuing CA; the server certificate has RSA public key with
 signature algorithm is ecdsa-with-SHA256.
   In this scenario, the s_client was able to establish tls connection
 with the s-server.
  
   Does this mean that the openssl s_client and s_server does not support
 ECC keypair?
  
   Any pointer or idea how further troubleshoot this?
  
   Thanks,
   Erwin
 
 



 Viele Grüße
 Robin

Support for Indirect CRL

2011-10-23 Thread Sligar, Benjamin 
Hello,
We have an application using openssl that acts as a server and receives an SSL 
connection.

Based on the configuration, the server requests a client certificate and 
validates it by check to see that it is signed by a trusted  CA + others checks 
(CN...)  but  it was not validating against a crl.  We used the following 
function from the openssl libraries  to enable that in the libraries:

SSL_set_verify (ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 
verify_callback);
SSL_set_verify_depth (ssl,G_PPROFS[profIndex].certdef);

Our verify_callback also does other checks.  And we were getting the client 
certificate and doing the validation, with no problems.  We now have been 
requested to add support for CRL.

The CRL file is loaded at the time the software is started.

1) The CRL support works fine when the client certificate is signed by the same 
authority (CA) and the CRL is issued by that same authority.  We had to add the 
following in the code to support Client validation against a CRL:

   // Get the store structure
X509_STORE *x509_store = 
SSL_CTX_get_cert_store(G_SSLINFO[profIndex].ctx);
  // Add the CRLs
  if(!load_file_lookup(x509_store, G_PPROFS[profIndex].crlfile)){
  sprintf ( obuf,load_file_lookup  failed  for crl file %s 
on profile %i,G_PPROFS[profIndex].crlfile,profIndex  );
  SSLPrintErr(IMMED, DANGER_, 
XLPRGFLO,obuf);
  return ( -1);
  }

/* NOTE: we use the method above instead of X509_STORE_add_crl. The 
CRLs are in a file and we believed that has the same result
   than processing each  CRL and adding them into the X509_store.   Hope it 
is correct.  It seems to work but we are using one CRL so
more testing may be needed  */

//X509_STORE_add_crl(x509_store, crl);

X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_new();
X509_VERIFY_PARAM_set_flags(param, 
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL|X509_V_FLAG_EXTENDED_CRL_SUPPORT);
SSL_CTX_set1_param(G_SSLINFO[profIndex].ctx, param);
X509_VERIFY_PARAM_free(param);

We tested that for a while and it seems to work just fine.  Certificates that 
are revoked are detected and the connection ends with an error of the type:

SSL alert (write): fatal: certificate revoked

Certificates that are valid process with no issues and the connections are 
established.  However, if a client certificate is received, and it is signed by 
a different CA than the one that issued the  CRL, we get an error  unable to 
get certificate CRL.  So it seems to work fine in that Direct CRL scenario.

Now the issue is around indirect CRL:

2) The CRL support does not work if the client certificate is not signed by the 
same authority that issued the CRL.  Below is one example:

Client certificate is signed by CA1 and in the CRL Distribution Points we have:

 CRL Distribution Point
 Distribution Point Name:
  Full Name:
   URL=http://luc.com/luc.crl
 CRL Issuer:
  Directory Address:
   CN=Luc CRL Issuer
   O=Luc

The CRL is issued by Luc CRL Issuer and the Luc CRL Issuer certificate is 
signed by CA1.

I was hoping that the code above will still work given that I added the flag 
X509_V_FLAG_EXTENDED_CRL_SUPPORT and was expecting that the libraries would:

a) Look for direct CRL by checking if it is able to find a CRL that is issued 
by the same issuer that issued the client certificate. If not then,
b) Check the CRLIssuer from the client certificate and check if there is a CRL 
issued using that issuer name.  If yes, then use, else
c) CRL not found.

Could someone take a look and let me know if my assumptions are correct with 
regard to the behavior of OpenSSL with regards to support of Indirect CRL?  If 
my assumptions are correct, could you tell me what I am missing as it is not 
working.  If my assumptions are not valid, do you know how I should approach 
support for indirect CRL?

Thanks!!


*
Benjamin Sligar
Manager, Development Support
P: 703.453.8324
us_dev_supp...@tnsi.com
*



This e-mail message is for the sole use of the intended recipient(s)and may
contain confidential and privileged information of Transaction Network Services.
Any unauthorised review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Failing to verify the certificate of one specific site

2011-10-23 Thread Jakob Bohm 

On 10/22/2011 4:52 AM, Lucas Clemente Vella wrote:

2011/10/21 Jakob Bohmjb-open...@wisemo.com:

According to the Digicert CPS
http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf,
that DigiCert root is cross-certified by the Entrust root.  Some trusted
certificate bundles include only the Entrust root CA and will need the
Entrust-signed cross intermediary certificate to validate, other trusted
certificate bundles include the Digicert self-signed root for this key
directly.

It is expected from the standards and the behavior of other X.509 libraries
that
upon seeing the keyid of a known root, the library should stop following
the
chain and ignore any extra certificate provided by the entity being
verified.

So, the behavior I get with OpenSSL when using the Digicert root is
non-conformant with X.509? The peer's certificate should have been
verified when I provided the Digicert root?


Just my unqualified opinion though.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org