Question on Openssl.NET C# Wrapper + OpenSSL 1.0.1b
Recently I rewrote most of the C# Openssl.NET wrapper to comply with 1.0.1b (from 0.9.8 structs/methods/enc/auth/mac/etc, very rough.) and I had a question which is related to both openssl C and the wrapper. Since this list encompasses only Openssl C, and there is no list for the C# wrapper, would it be appropriate to post a question about the wrapper and the Openssl library? Or should I keep any/all questions specific to the C application aspect of the OpenSSL library? (I do have a couple questions regarding the Stack implementation specifically at it pertains to the SSL_CIPHER struct) Thank you , Damian Kohlfeld
Re: Help me find the SSL wrapper/another solution
demos/state_machine demos/tunala On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote: Hello, I have to write non blocking SSL/TLS server based on the OpenSSL library. I couldn't find any example/tutorial with this. Please write me where can I find some client/server examples or simple OpenSSL wrapper that make me able to do it. Is it possible to use SSL_read/ SSL_write functions as non blocking functions? I found some examples based on BIO - do really have to do it this way? My problem is I have to kill thread that operate with several SSL connections gently without and the thread Can't be blocked by any function. Thank you very much for help and best regards, Marcin Glogowski Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna ul. Marszałkowska 78/80 / 00-517 Warszawa wpisana w Rejestrze Przedsiębiorców prowadzonym przez Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem: KRS 048901 / NIP 526-10-26-828 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w całości__ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Looking for (easy) help.
On Sat, May 12, 2012 at 12:15 AM, scott...@csweber.com wrote: Ahhh! So, a 15 byte block (or ends with a 15 byte after multiples of 16 bytes) would use a 0x01 in the last position...? And a whole multiple of 16 blocks would have an extra block filled with 0x0f's...? 0x10, actually. My initial testing now looks like I can get it to work. Thanks! -Scott Weber Original Message Subject: RE: Looking for (easy) help. From: Dave Thompson dthomp...@prinpay.com Date: Fri, May 11, 2012 3:45 pm To: openssl-users@openssl.org From: owner-openssl-us...@openssl.org On Behalf Of scott...@csweber.com Sent: Friday, 11 May, 2012 17:09 I manually padded the input in the C code with spaces. Then I manually padded the input file with spaces. Now both cleartexts are exactly 16 bytes long. The output from the openssl executable is now 32 bytes...? Where did it decide to do that? So, what do I decide how to pad? How far out do I pad it? The padding most cryptography uses and openssl commandline (and EVP_*) does is NOT spaces, it is a count of unused octets repeated. It was popularized by PKCS#5, see RFC 2898 6.1.1-2. Because the padding is always nonempty to avoid ambiguity, if the cleartext is an exact multiple of the blocksize, padding adds an extra block (and unpadding removes it). Marek showed you an example, although it's ambiguous because by coincidence his last plaintext byte was 0a (newline) and his padding bytes were also 0a (16-6=10). When you call AES_* (or DES_* etc) directly, you must add the padding on encrypt and remove it on decrypt yourself. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Help me find the SSL wrapper/another solution
Thank you for help Currently I'm testing Boost/Asio - it seems what I need (but has short read bug 1.49 ;-) Best regards, Marcin Głogowski -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie Sent: Saturday, May 12, 2012 2:54 PM To: openssl-users@openssl.org Subject: Re: Help me find the SSL wrapper/another solution demos/state_machine demos/tunala On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote: Hello, I have to write non blocking SSL/TLS server based on the OpenSSL library. I couldn't find any example/tutorial with this. Please write me where can I find some client/server examples or simple OpenSSL wrapper that make me able to do it. Is it possible to use SSL_read/ SSL_write functions as non blocking functions? I found some examples based on BIO - do really have to do it this way? My problem is I have to kill thread that operate with several SSL connections gently without and the thread Can't be blocked by any function. Thank you very much for help and best regards, Marcin Glogowski Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna ul. Marszałkowska 78/80 / 00-517 Warszawa wpisana w Rejestrze Przedsiębiorców prowadzonym przez Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem: KRS 048901 / NIP 526-10-26-828 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w całości___ ___ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna ul. Marszałkowska 78/80 / 00-517 Warszawa wpisana w Rejestrze Przedsiębiorców prowadzonym przez Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem: KRS 048901 / NIP 526-10-26-828 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w całości. P - Nie drukuj tej wiadomości, jeśli to nie jest konieczne. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Are those TLS-SRP cipher suites supported?
Hello, $ openssl version OpenSSL 1.0.0 29 Mar 2010 $ openssl ciphers -V Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/13/2012 12:57:40 PM: Krzysztof Jercha nefa...@gmail.com Sent by: owner-openssl-us...@openssl.org 05/14/2012 01:46 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org openssl-users@openssl.org cc Subject Are those TLS-SRP cipher suites supported? Does OpenSSL support these cipher suites (TLS-SRP)? 0xc0, 0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA 0xc0, 0x1d TLS_SRP_SHA_WITH_AES_128_CBC_SHA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Are those TLS-SRP cipher suites supported?
On 05/14/2012 02:59 PM, marek.marc...@malkom.pl wrote: Hello, $ openssl version OpenSSL 1.0.0 29 Mar 2010 $ openssl ciphers -V For SRP one should use the 1.0.1 version. openssl version OpenSSL 1.0.1 14 Mar 2012 openssl ciphers SRP SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Generating random keys/data on Windows
Thanks for the help Jakob. To make sure I understand this right: Do I need to seed the PRNG on Windows explicitly then? OR is it seeded transparently as it is for Linux/Unix platforms? If I do need to seed it explicitly then should I use RAND_screen() or RAND_event() function? The (outdated) documentation seems to indicate that RAND_event() generates better source of randomness as compared to RAND_screen(). Is that still valid? Given that my server runs in an unattended mode, I can't really use RAND_event(), I pretty much to use RAND_screen(). Is my understanding right? Thanks again for your help Regards, Web Developer On Sun, May 13, 2012 at 12:13 PM, jb-open...@wisemo.com wrote: On 13-05-2012 04:09, Web Developer wrote: Hey guys, I need to generate random data (for keys, IVs etc.) but I can't seem to find the right way to do it. Here is the background - I am developing my server in c/c++ on windows using visual studio and am using the openssl1.0.1c library. I was reading the documentation for random data generation using openssl at http://www.openssl.org/docs/crypto/RAND_add.html# and stumbled onto the following - OpenSSL makes sure that the PRNG state is unique for each thread. O*n systems that provide /dev/urandom, the randomness device is used to seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add(), RAND_egd(3)http://www.openssl.org/docs/crypto/RAND_egd.html#or RAND_load_file(3)http://www.openssl.org/docs/crypto/RAND_load_file.html# .* RAND_seed() is equivalent to RAND_add() when *num == entropy*. RAND_event() collects the entropy from Windows events such as mouse movements and other user interaction. It should be called with the *iMsg*, *wParam* and *lParam* arguments of *all* messages sent to the window procedure. It will estimate the entropy contained in the event message (if any), and add it to the PRNG. The program can then process the messages as usual. The RAND_screen() function is available for the convenience of Windows programmers. It adds the current contents of the screen to the PRNG. For applications that can catch Windows events, seeding the PRNG by calling RAND_event() is a significantly better source of randomness.* It should be noted that both methods cannot be used on servers that run without user interaction. * Now, my server does run in an unattended mode so I guess I cannot use the Rand_event() and Rand_screen() methods. How do I securely use the Rand_bytes() method on Windows? I don't already have a file with entropy so RAND_load_file() is out of question and the links on the documentation page for EGD seem to not have an EGD that is supported on Windows. How do I make sure that it is seeded with enough entropy? Any help is appreciated... Regards, Web developer All that drivel in the documentation is extremely outdated for Windows. Please ignore it (and somebody please fix the official docs). Since 1996, all releases of Windows have included a software API very similar to the UNIX /dev/random. And since many versions ago, the OpenSSL functions still misnamed with the word screen actually use this API to get randomness without us users having to do anything. It is unfortunate that documentation, code comments and user interface messages in OpenSSL still keep repeating this hopelessly outdated misinformation. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 tel: +4531131610 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
Problems with OpenSSl BN
Hello, I am using the OpenSSL BN functions. Wenn I measure the time which a BN function needs, then I see that for example BN_mod_add, needs for every calling different times. Shouldn't it be the same timeconsumption, every time I call for example BN_mod_add? The deviation is up to 300%. Thank you! -- NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
TLS/SSL Negative Scenarios
Hi Folks, In RFC-2246 there are various ways of Handshake failure. Alert Descriptions === unexpected message 10 bad record mac 20 decryption failed 21 record overflow 22 decompression failure 30 unsupported certificate 43 certificate revoked 44 certificate unknown 46 illegal parameter 47 access denied 49 decode error 50 decrypt error 51 export restriction 60 protocol version 70 insufficient security 71 internal error 80 user cancelled 90 no renegotiation 100 Is there anyway to simulate these scenarios ? If yes please let me know. Thanks in advance. Best Regards, S S Rout -- View this message in context: http://old.nabble.com/TLS-SSL-Negative-Scenarios-tp33831528p33831528.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems with OpenSSl BN
On 14/05/12 15:48, chip...@gmx.de wrote: Hello, I am using the OpenSSL BN functions. Wenn I measure the time which a BN function needs, then I see that for example BN_mod_add, needs for every calling different times. Shouldn't it be the same timeconsumption, every time I call for example BN_mod_add? The deviation is up to 300%. Thank you! You don't say how you did your testing or under what conditions you expect responses to be constant time. There are a couple of reasons that I can think of why BN_mod_add would provide different results for different invocations. 1) Different bit lengths of the parameters. Obviously the BN functions are designed to work with integers of arbitrary length. Under the covers BN_mod_add will add these by looping through a word at a time. Obviously adding together integers that are 1 word long each is going to give you significantly different results to integers that are 10 words long each. Also the time for the addition is largely related to size of the *smallest* integer. So for example adding a 1 word integer to a 10 word integer will be quicker than adding a 10 word integer to another 10 word integer. 2) The mod operation In order to calculate the mod part of BN_mod_add essentially a division operation is performed with the result being the remainder. However a short cut is if the result of the add is less than the mod value. In that case no division is necessary, and therefore this operation can be avoided. Therefore if you are comparing BN_mod_adds that require a division with those that do not then you are likely to see different performance results. If constant time is important to you, I believe it is possible to force certain operations within the BN library to respond in a more predictable response time by setting the BN_FLG_CONSTTIME flag. However this does not apply to all function calls and removes certain optimizations from the code. Hope that helps Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org