Question on Openssl.NET C# Wrapper + OpenSSL 1.0.1b

[Damian Kohlfeld]

Recently I rewrote most of the C# Openssl.NET wrapper to comply with 1.0.1b
(from 0.9.8 structs/methods/enc/auth/mac/etc, very rough.) and I had a
question which is related to both openssl C and the wrapper.  

 

Since this list encompasses only Openssl C, and there is no list for the
C# wrapper, would it be appropriate to post a question about the wrapper and
the Openssl library?

 

Or should I keep any/all questions specific to the C application aspect of
the OpenSSL library? (I do have a couple questions regarding the Stack
implementation specifically at it pertains to the SSL_CIPHER struct)

 

Thank you , 

 

Damian Kohlfeld

 

Re: Help me find the SSL wrapper/another solution

[Ben Laurie]

demos/state_machine
demos/tunala

On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote:
 Hello,
 I have to write non blocking SSL/TLS server based on the OpenSSL library.
 I couldn't find any example/tutorial with this.
 Please write me where can I find some client/server examples or simple 
 OpenSSL wrapper that make me able to do it.
 Is it possible to use  SSL_read/ SSL_write functions as non blocking 
 functions?
 I found some examples based on BIO - do really have to do it this way?
 My problem is I have to kill thread that operate with several SSL connections 
 gently without and the thread
 Can't be blocked by any function.
 Thank you very much for help and best regards,
 Marcin Glogowski
 Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna
 ul. Marszałkowska 78/80 / 00-517 Warszawa

 wpisana w Rejestrze Przedsiębiorców prowadzonym przez
 Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
 Sądowego
 pod numerem: KRS 048901 / NIP 526-10-26-828

 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w 
 całości__
 OpenSSL Project                                 http://www.openssl.org
 User Support Mailing List                    openssl-users@openssl.org
 Automated List Manager                           majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Looking for (easy) help.

[Ben Laurie]

On Sat, May 12, 2012 at 12:15 AM,  scott...@csweber.com wrote:
 Ahhh!
 So, a 15 byte block (or ends with a 15 byte after multiples of 16 bytes)
 would use a 0x01 in the last position...?

 And a whole multiple of 16 blocks would have an extra block filled with
 0x0f's...?

0x10, actually.


 My initial testing now looks like I can get it to work.

 Thanks!

 -Scott Weber

  Original Message 
 Subject: RE: Looking for (easy) help.
 From: Dave Thompson dthomp...@prinpay.com
 Date: Fri, May 11, 2012 3:45 pm
 To: openssl-users@openssl.org

From: owner-openssl-us...@openssl.org On Behalf Of scott...@csweber.com
Sent: Friday, 11 May, 2012 17:09

I manually padded the input in the C code with spaces. Then I
manually padded the input file with spaces. Now both cleartexts
are exactly 16 bytes long.

The output from the openssl executable is now 32 bytes...?
Where did it decide to do that?

So, what do I decide how to pad? How far out do I pad it?

 The padding most cryptography uses and openssl commandline
 (and EVP_*) does is NOT spaces, it is a count of unused octets
 repeated. It was popularized by PKCS#5, see RFC 2898 6.1.1-2.
 Because the padding is always nonempty to avoid ambiguity,
 if the cleartext is an exact multiple of the blocksize,
 padding adds an extra block (and unpadding removes it).

 Marek showed you an example, although it's ambiguous because
 by coincidence his last plaintext byte was 0a (newline)
 and his padding bytes were also 0a (16-6=10).

 When you call AES_* (or DES_* etc) directly, you must add
 the padding on encrypt and remove it on decrypt yourself.


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List openssl-users@openssl.org
 Automated List Manager majord...@openssl.org

 __
 OpenSSL Project http://www.openssl.org User Support Mailing List
 openssl-users@openssl.org Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Help me find the SSL wrapper/another solution

[Marcin Głogowski]

Thank you for help
Currently I'm testing Boost/Asio - it seems what I need (but has short read bug 
1.49 ;-)
Best regards,
Marcin Głogowski


-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Ben Laurie
Sent: Saturday, May 12, 2012 2:54 PM
To: openssl-users@openssl.org
Subject: Re: Help me find the SSL wrapper/another solution

demos/state_machine
demos/tunala

On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote:
 Hello,
 I have to write non blocking SSL/TLS server based on the OpenSSL library.
 I couldn't find any example/tutorial with this.
 Please write me where can I find some client/server examples or simple 
 OpenSSL wrapper that make me able to do it.
 Is it possible to use  SSL_read/ SSL_write functions as non blocking 
 functions?
 I found some examples based on BIO - do really have to do it this way?
 My problem is I have to kill thread that operate with several SSL
 connections gently without and the thread Can't be blocked by any function.
 Thank you very much for help and best regards, Marcin Glogowski Dom
 Maklerski Banku Ochrony Środowiska Spółka Akcyjna ul. Marszałkowska
 78/80 / 00-517 Warszawa

 wpisana w Rejestrze Przedsiębiorców prowadzonym przez Sąd Rejonowy dla
 m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego
 pod numerem: KRS 048901 / NIP 526-10-26-828

 Kapitał zakładowy w wysokości 21.551.200zł wpłacony w
 całości___
 ___ OpenSSL Project
 http://www.openssl.org User Support Mailing List
 openssl-users@openssl.org Automated List Manager
 majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
Dom Maklerski Banku Ochrony Środowiska Spółka Akcyjna
ul. Marszałkowska 78/80 / 00-517 Warszawa

wpisana w Rejestrze Przedsiębiorców prowadzonym przez
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
Sądowego
pod numerem: KRS 048901 / NIP 526-10-26-828

Kapitał zakładowy w wysokości 21.551.200zł wpłacony w całości.

P - Nie drukuj tej wiadomości, jeśli to nie jest konieczne.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Are those TLS-SRP cipher suites supported?

[Marek . Marcola]

Hello,

$ openssl version
OpenSSL 1.0.0 29 Mar 2010
$ openssl ciphers -V

Best regards,
--
Marek Marcola marek.marc...@malkom.pl


owner-openssl-us...@openssl.org wrote on 05/13/2012 12:57:40 PM:

 Krzysztof Jercha nefa...@gmail.com 
 Sent by: owner-openssl-us...@openssl.org
 
 05/14/2012 01:46 PM
 
 Please respond to
 openssl-users@openssl.org
 
 To
 
 openssl-users@openssl.org openssl-users@openssl.org
 
 cc
 
 Subject
 
 Are those TLS-SRP cipher suites supported?
 
 Does OpenSSL support these cipher suites (TLS-SRP)?
 0xc0, 0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA
 0xc0, 0x1d TLS_SRP_SHA_WITH_AES_128_CBC_SHA
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Are those TLS-SRP cipher suites supported?

[Peter Sylvester]

On 05/14/2012 02:59 PM, marek.marc...@malkom.pl wrote:

Hello,

$ openssl version
OpenSSL 1.0.0 29 Mar 2010
$ openssl ciphers -V

For SRP one should use the 1.0.1 version.

openssl version
OpenSSL 1.0.1 14 Mar 2012

openssl ciphers SRP
SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Generating random keys/data on Windows

[Web Developer]

Thanks for the help Jakob. To make sure I understand this right:

Do I need to seed the PRNG on Windows explicitly then? OR is it seeded
transparently as it is for Linux/Unix platforms?

If I do need to seed it explicitly then should I use RAND_screen()  or
RAND_event() function? The (outdated) documentation seems to indicate that
RAND_event() generates better source of randomness as compared to
RAND_screen(). Is that still valid? Given that my server runs in an
unattended mode, I can't really use RAND_event(), I pretty much to use
RAND_screen(). Is my understanding right?

Thanks again for your help

Regards,
Web Developer




On Sun, May 13, 2012 at 12:13 PM, jb-open...@wisemo.com wrote:

  On 13-05-2012 04:09, Web Developer wrote:

 Hey guys,

 I need to generate random data (for keys, IVs etc.) but I can't seem to
 find the right way to do it.

 Here is the background -
 I am developing my server in c/c++ on windows using visual studio and am
 using the openssl1.0.1c library.

 I was reading the documentation for random data generation using openssl
 at http://www.openssl.org/docs/crypto/RAND_add.html# and stumbled onto
 the following -

 

 OpenSSL makes sure that the PRNG state is unique for each thread. O*n
 systems that provide /dev/urandom, the randomness device is used to seed
 the PRNG transparently. However, on all other systems, the application is
 responsible for seeding the PRNG by calling RAND_add(), 
 RAND_egd(3)http://www.openssl.org/docs/crypto/RAND_egd.html#or
 RAND_load_file(3)http://www.openssl.org/docs/crypto/RAND_load_file.html#
 .*

 RAND_seed() is equivalent to RAND_add() when *num == entropy*.

 RAND_event() collects the entropy from Windows events such as mouse
 movements and other user interaction. It should be called with the *iMsg*,
 *wParam* and *lParam* arguments of *all* messages sent to the window
 procedure. It will estimate the entropy contained in the event message (if
 any), and add it to the PRNG. The program can then process the messages as
 usual.

 The RAND_screen() function is available for the convenience of Windows
 programmers. It adds the current contents of the screen to the PRNG. For
 applications that can catch Windows events, seeding the PRNG by calling
 RAND_event() is a significantly better source of randomness.* It should
 be noted that both methods cannot be used on servers that run without user
 interaction. *
 

 Now, my server does run in an unattended mode so I guess I cannot use the
 Rand_event() and Rand_screen() methods. How do I securely use the
 Rand_bytes() method on Windows? I don't already have a file with entropy so
 RAND_load_file() is out of question and the links on the documentation page
 for EGD seem to not have an EGD that is supported on Windows. How do I make
 sure that it is seeded with enough entropy?

 Any help is appreciated...

 Regards,
 Web developer

  All that drivel in the documentation is extremely outdated for Windows.
 Please ignore it (and somebody please fix the official docs).

 Since 1996, all releases of Windows have included a software API very
 similar to the UNIX /dev/random.  And since many versions ago, the OpenSSL
 functions still misnamed with the word screen actually use this API to
 get randomness without us users having to do anything.

 It is unfortunate that documentation, code comments and user interface
 messages in OpenSSL still keep repeating this hopelessly outdated
 misinformation.
  Enjoy

 Jakob

 --
 Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
 Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10 tel:
 +4531131610
 This public discussion message is non-binding and may contain errors.
 WiseMo - Remote Service Management for PCs, Phones and Embedded

Problems with OpenSSl BN

[chipler]

Hello,

I am using the OpenSSL BN functions. Wenn I measure the time which a BN 
function needs, then I see that for example BN_mod_add, needs for every calling 
different times. Shouldn't it be the same timeconsumption, every time I call 
for example BN_mod_add?
The deviation is up to 300%. 

Thank you!
-- 
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!  

Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

TLS/SSL Negative Scenarios

[Mr.Rout]

Hi Folks,

In RFC-2246 there are various ways of Handshake failure.
Alert Descriptions
===

unexpected message 10
bad record mac 20
decryption failed 21
record overflow 22
decompression failure 30
unsupported certificate 43
certificate revoked 44
certificate unknown 46
illegal parameter 47
access denied 49
decode error 50
decrypt error 51
export restriction 60
protocol version 70
insufficient security 71
internal error 80
user cancelled 90
no renegotiation 100

Is there anyway to simulate these scenarios ? If yes please let me know.

Thanks in advance.

Best Regards,
S S  Rout
-- 
View this message in context: 
http://old.nabble.com/TLS-SSL-Negative-Scenarios-tp33831528p33831528.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Problems with OpenSSl BN

[Matt Caswell (fr...@baggins.org)]

On 14/05/12 15:48, chip...@gmx.de wrote:

Hello,

I am using the OpenSSL BN functions. Wenn I measure the time which a BN 
function needs, then I see that for example BN_mod_add, needs for every calling 
different times. Shouldn't it be the same timeconsumption, every time I call 
for example BN_mod_add?
The deviation is up to 300%.

Thank you!
You don't say how you did your testing or under what conditions you 
expect responses to be constant time.


There are a couple of reasons that I can think of why BN_mod_add would 
provide different results for different invocations.


1) Different bit lengths of the parameters.
Obviously the BN functions are designed to work with integers of 
arbitrary length. Under the covers BN_mod_add will add these by looping 
through a word at a time. Obviously adding together integers that are 1 
word long each is going to give you significantly different results to 
integers that are 10 words long each. Also the time for the addition is 
largely related to size of the *smallest* integer. So for example adding 
a 1 word integer to a 10 word integer will be quicker than adding a 10 
word integer to another 10 word integer.


2) The mod operation
In order to calculate the mod part of BN_mod_add essentially a 
division operation is performed with the result being the remainder. 
However a short cut is if the result of the add is less than the mod 
value. In that case no division is necessary, and therefore this 
operation can be avoided. Therefore if you are comparing BN_mod_adds 
that require a division with those that do not then you are likely to 
see different performance results.


If constant time is important to you, I believe it is possible to force 
certain operations within the BN library to respond in a more 
predictable response time by setting the BN_FLG_CONSTTIME flag. However 
this does not apply to all function calls and removes certain 
optimizations from the code.


Hope that helps

Matt




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org