Re: Crash in EVP_DigestUpdate()
If I remember correctly, one possibility could be due to openssl malloc failure in EVP_DigestInit() which can result in EVP_DigestUpdate to cause segfault. Check EVP_DigestInit() return code. Normally this can happen during longevity or scale, if u'r system has some memory leak or not enough resource. -Shafeek On Wed, Oct 12, 2011 at 3:37 PM, Gyanendra kumar gyanendra.ku...@gmail.comwrote: Hi, I am using SSL open source for secured connection. This product we are developing in Linux Red hat 5.5. I am facing a crash when we call SSL_connetc() it crashes in function EVP_DigestUpdate() in file /lib/libcrypto.so.6. Due to this crash I am not able to proceed further. Please help me out in this. What causes this crash. Regards, Gyanendra Linux Red Hat Version 5.5 OpenSSL version used is 0.9.7g -- View this message in context: http://old.nabble.com/Crash-in-EVP_Digest%E2%80%8BUpdate%28%29-tp32636864p32636864.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
performance impact with -fno-omit-frame-pointer
Hi, Openssl build by default has -fomit-frame-pointer optimization enabled. Can somebody plz provide any info on the performance impact in using openssl built with -fno-omit-frame-pointer on x86 systems. Thanks Shafeek
Re: Help me fix this code
Hi Peter,
Add padding for CBC mode encryption.
Or u can use CFB mode. EVB_bf_cfb()
-Shafeek
On Sat, Apr 30, 2011 at 7:26 PM, derleader mail derlea...@abv.bg wrote:
Hi,
I have a problem with the code below. There is a bug that I can't find
and fix.
This is the output when I try to run it:
[root@localhost test]# ./a.out sdcsdsdcd
Entering Encryption Stage:
String to encrypt: sdcsdsdcd
Encryption Successful
Entering Decryption Stage
Error Whilst DecryptFinal
19041:error:06065064:lib(6):func(101):reason(100):evp_enc.c:325:
Here is the source code:
#include stdio.h
#include stdlib.h
#include string.h
#include openssl/evp.h
#include openssl/rand.h
#define input_buf_size 1024
#define output_buf_size 1032
int main(int argc, char *argv[])
{
if (argc !=2)
{
printf(Usage: test1 stringtoencrypt\n);
exit(1);
}
char *string;
int encoutlen, decoutlen, enctotallen, dectotallen;
unsigned char iv[8];
unsigned char password[16];
unsigned char enc_outbuf[output_buf_size];
char enc_inbuf[input_buf_size];
unsigned char dec_outbuf[input_buf_size];
char dec_inbuf[output_buf_size];
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
/*
* Begin the encode - decode
*
* Get our inputs and the random IV
*
*/
string = argv[1];
RAND_bytes(iv, 8);
RAND_bytes(password, 16);
printf(Entering Encryption Stage:\n\n);
printf(String to encrypt: %s\n\n, string);
EVP_CIPHER_CTX_init(ectx);
EVP_EncryptInit(ectx, EVP_bf_cbc(), password, iv);
bzero (enc_inbuf, input_buf_size);
if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string,
strlen(string)))
{
printf(Error whilst EncryptUpdate\n);
return 0;
}
if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen))
{
printf(Error Whilst EncryptFinal\n);
return 0;
}
encoutlen += enctotallen;
printf(Encryption Successful\n\n);
printf(Entering Decryption Stage\n\n);
EVP_CIPHER_CTX_init(dctx);
EVP_DecryptInit(dctx, EVP_bf_cbc(), password, iv);
bzero (dec_inbuf, output_buf_size);
bzero (dec_outbuf, input_buf_size);
if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf,
output_buf_size)))
{
printf(Error Whilst DecryptUpdate\n);
return 0;
}
if (!(EVP_DecryptFinal(dctx, dec_outbuf + decoutlen,
dectotallen)))
{
printf(Error Whilst DecryptFinal\n);
ERR_print_errors_fp(stdout);
return 0;
}
decoutlen += dectotallen;
printf(Decryption Successful\n\n);
printf(Decrypted String is: %s\n, dec_outbuf);
return 0;
}
Any help will be highly appreciated!
Regards
Peter
Re: Re: Help me fix this code
Hi Peter,
The extra string in o/p is due to error in coding. u r passing incorrect
length in EVP_DecryptUpdate.
if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf,
output_buf_size)))
change above line to
if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf,
encoutlen)))
-Shafeek
On Mon, May 2, 2011 at 3:09 PM, derleader mail derlea...@abv.bg wrote:
Hi Peter,
Add padding for CBC mode encryption.
Or u can use CFB mode. EVB_bf_cfb()
-Shafeek
Hi,
Thank you for the reply. I have edit the code.
Source Code:
//gcc blowfish2.c -L/usr/local/ssl/lib/ -lssl -lcrypto -Wall
#include stdio.h
#include stdlib.h
#include string.h
#include openssl/evp.h
#include openssl/rand.h
#define input_buf_size 1024
#define output_buf_size 1032
int main(int argc, char *argv[])
{
if (argc !=2)
{
printf(Usage: test1 stringtoencrypt\n);
exit(1);
}
char *string;
int encoutlen, decoutlen, enctotallen, dectotallen;
unsigned char iv[8];
unsigned char password[16];
unsigned char enc_outbuf[output_buf_size];
char enc_inbuf[input_buf_size];
unsigned char dec_outbuf[input_buf_size];
char dec_inbuf[output_buf_size];
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
/*
* Begin the encode - decode
*
* Get our inputs and the random IV
*
*/
string = argv[1];
RAND_bytes(iv, 8);
RAND_bytes(password, 16);
printf(Entering Encryption Stage:\n\n);
printf(String to encrypt: %s\n\n, string);
EVP_CIPHER_CTX_init(ectx);
EVP_EncryptInit(ectx, EVP_bf_cfb(), password, iv);
bzero (enc_inbuf, input_buf_size);
if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string,
strlen(string)))
{
printf(Error whilst EncryptUpdate\n);
return 0;
}
if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen))
{
printf(Error Whilst EncryptFinal\n);
return 0;
}
encoutlen += enctotallen;
printf(Encryption Successful\n\n);
printf(Entering Decryption Stage\n\n);
EVP_CIPHER_CTX_init(dctx);
EVP_DecryptInit(dctx, EVP_bf_cfb(), password, iv);
bzero (dec_inbuf, output_buf_size);
bzero (dec_outbuf, input_buf_size);
if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf,
output_buf_size)))
{
printf(Error Whilst DecryptUpdate\n);
return 0;
}
if (!(EVP_DecryptFinal(dctx, dec_outbuf + decoutlen,
dectotallen)))
{
printf(Error Whilst DecryptFinal\n);
ERR_print_errors_fp(stdout);
return 0;
}
decoutlen += dectotallen;
printf(Decryption Successful\n\n);
printf(Decrypted String is: %s\n, dec_outbuf);
return 0;
}
This is the output:
[root@localhost test]# ./a.out dcee
Entering Encryption Stage:
String to encrypt: dcee
Encryption Successful
Entering Decryption Stage
Decryption Successful
Decrypted String is: dcee���=�͜I ���C� ���=�ty�|:�|s�� � h[j
�l��ȥg�L^�aPB=�
everytime the string after dcee is diffrent. So I need padding.
Could you edit the source code in proper way. I have no idea how to add
padding.
Regards
Peter
-
Дизайнерски обувки с до -70%. Регистрирай се и пазарувай.
http://a.abv.bg/www/delivery/ck.php?oaparams=2__bannerid=4884__zoneid=63__oadest=http://clk.tradedoubler.com/click?p=191500a=1875689g=19425934
Re: PKCS12_parse / PKCS12_create issue
Hi Dave, Thank you for the detailed explanation and the suggestions. It really helped to solve the issue. I did use openssl tool to avoid the problem. I tried clearing the keyid and friendly name in cert using x509__set1 fn's before passing it to PKCS12_create and it also worked fine. I was not aware of these api's to clear the attribute fields. So another option i tried was by creating my own PKCS12 parse function and removed the keyid attribute setting in cert. Your assumption about my code snippet is right. I just provided the relevant functions that are actually from two different functions in my code. So fp handling is fine. Also thanks for pointing out the discrepancy in encryption algorithm passed to PKCS12_create function. -Shafeek On Tue, Feb 1, 2011 at 3:01 AM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Muhammed Shafeek Sent: Wednesday, 26 January, 2011 12:30 I've a program that extracts private key and cert from the input pfx file loaded into the system and then create a p12 file out of this private key and cert using a different password to add it to a local keystore. You know you could use the commandline utility to do this. (Given it is present, or can be installed, and accessible; and you can write some temporary files, but if you can write an output file you can probably do temporaries.) /*code to extract key*/ p12Key = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12Key, pass, pkey, NULL, NULL); /*code to extract cert*/ p12Cert = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12Cert, pass, NULL, pCert, NULL); I assume you've omitted some file-management code here, since two d2i's from the same file open (fp) don't work. And you don't need them; you could call PKCS12_parse twice on a single (decoded) p12 object. But you shouldn't; one call to PKCS12_parse can get both key and cert, and should since they logically (must) go together. And you should definitely check for error(s), but I'll optimistically assume that was just omitted for posting. /*creating p12 from the extracted key and cert*/ p12 = PKCS12_create(password, name, pkey, pCert, NULL, NID_pbe_WithSHA1And40BitRC4,NID_pbe_WithSHA1And3_Key_TripleDES_CBC,0, 0, 0); It makes no security sense to encrypt the key with RC4-40, which nowadays is trivially brute-forced (even in the days of ITAR when PKCS12 was established, it was pretty easy), but the cert which doesn't really need privacy with TripleDES. The defaults, which are the other way, would be much better. I observe the following things: 1. The attributes ptr in pkey extracted using PKCS12_parse is null. Note that the input pfx does have local Key ID and friendly name. The cert extracted using PKCS12_parse have local Key ID attribute which is same as in input pfx file. Yes, p12_kiss.c returns alias=friendly and keyid for the cert and no attributes for the key. The man page says Attributes currently cannot be store in the private key EVP_PKEY structure. although that appears to be out of date. Perhaps it should, although friendly and keyid should be the same for key and cert if used at all, so getting them on the cert should probably usually be enough. 2. The p12 file created using PKCS12_create has a local KeyID attribute for private key and is different from that of cert. I assume you mean PKCS12_create plus i2d_PKCS12_fp or similar, since PKCS12_create by itself only creates a memory structure. Can any one please explain the reason for this? Is there any issue in my code? or Is this an openssl issue? On the cert, p12_crt.c uses any friendly=alias and keyid in the cert object, and ADDS friendly from caller if not null and keyid = SHA1 of cert (if doing both keycert). This appears to violate PKCS9 (at least the one I have) which says single-valued. And isn't mentioned on the man page. (On the key, it just does friendly from caller and keyid = SHA1, but also MSCSPname and recently LocalKeySet from key.attributes!) Depending on the software that reads this, if it assumes the PKCS9 single-value rule as it apparently has a right to, which values get used/displayed/whatever for the cert may be arbitrary or even unpredictable. You probably should X509_alias_set1(,NULL,0) and similarly for keyid on your cert before giving it to PKCS12_create. Alternatively, but more work, build your own exactly as you want with the PKCS12_ PKCS7_ PKCS8_ etc. primitives. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS12_parse / PKCS12_create issue
Hi, I've a program that extracts private key and cert from the input pfx file loaded into the system and then create a p12 file out of this private key and cert using a different password to add it to a local keystore. /*code to extract key*/ p12Key = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12Key, pass, pkey, NULL, NULL); /*code to extract cert*/ p12Cert = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12Cert, pass, NULL, pCert, NULL); /*creating p12 from the extracted key and cert*/ p12 = PKCS12_create(password, name, pkey, pCert, NULL,NID_pbe_WithSHA1And40BitRC4,NID_pbe_WithSHA1And3_Key_TripleDES_CBC,0, 0, 0); I observe the following things: 1. The attributes ptr in pkey extracted using PKCS12_parse is null. Note that the input pfx does have local Key ID and friendly name. The cert extracted using PKCS12_parse have local Key ID attribute which is same as in input pfx file. 2. The p12 file created using PKCS12_create has a local KeyID attribute for private key and is different from that of cert. Can any one please explain the reason for this? Is there any issue in my code? or Is this an openssl issue? Thanks Shafeek
Re: Extracting cert from pfx file
Hi All, I'm resending the mail with more details with sample pfx file key and cert extracted using PKCS12_parse() fn is as follows. Plz note the localKeyID field in cert and key. ** MAC verified OK Bag Attributes localKeyID: 01 00 00 00 friendlyName: mysrt localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD subject=/C=IN/ST=Karnataka/L=bangalore/O=mycompany/OU=mybu/CN= 10.10.1.68/emailAddress=shaf...@gmail.com issuer=/DC=com/DC=autocert/CN=rootca -BEGIN CERTIFICATE- MIIGDjCCBPagAwIBAgIKQAum1gAAQDANBgkqhkiG9w0BAQUFADBAMRMwEQYK wEEyMlzv32iuW2QTeQ8980fk -END CERTIFICATE- Bag Attributes friendlyName: mysrt localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD Key Attributes: No Attributes -BEGIN RSA PRIVATE KEY- MIIEpAIBAAKCAQEAtsU6UvSXKcbCqLJFapFNNSPBiu1pYtsxqm/tPMJW5caqaGtD uJuUCTtysSTd0XMs20Xkk857mCR6mMct5fFo6sd1HY57kFtzNX7cIA== Key and cert extracted from the same pfx file using openssl command line utility has only one localKeyID in key and cert each with value 01 00 00 00 (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem) (openssl pkcs12 -in input.pfx -nocerts -out outkey.pem) Please let me know whether PKCS12_parse function has any such know issues. -Shafeek On Sun, Jan 23, 2011 at 10:26 PM, Muhammed Shafeek shafee...@gmail.comwrote: Hi All, The following code is to extract cert from a pfx file. p12Cert = d2i_PKCS12_fp(fp, NULL); //fp points to a .pfx file. PKCS12_parse(p12Cert, pass, NULL, oCert, NULL); Here the resultant oCert has multiple localKeyID as shown below. MAC verified OK Bag Attributes localKeyID: 01 00 00 00 localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD The second localKeyID seen in the Bag attributes is actually the thumbprint. But extracting cert from the same pfx file using openssl command line utility (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem) results in single localKeyID attribute. Bag Attributes localKeyID: 01 00 00 00 Can anyone please tell me why there is an additional localKeyID with the first method? Thanks in Advance Shafeek
Extracting cert from pfx file
Hi All, The following code is to extract cert from a pfx file. p12Cert = d2i_PKCS12_fp(fp, NULL); //fp points to a .pfx file. PKCS12_parse(p12Cert, pass, NULL, oCert, NULL); Here the resultant oCert has multiple localKeyID as shown below. MAC verified OK Bag Attributes localKeyID: 01 00 00 00 localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD The second localKeyID seen in the Bag attributes is actually the thumbprint. But extracting cert from the same pfx file using openssl command line utility (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem) results in single localKeyID attribute. Bag Attributes localKeyID: 01 00 00 00 Can anyone please tell me why there is an additional localKeyID with the first method? Thanks in Advance Shafeek
Identifying openssl version from lib
Hi, How can I identify the exact openssl version from libssl. I've a server using libssl.so.0.9.8. I want to know the exact patch version (eg: 0.9.8j or 0.9.8k) from the lib. Is it possible? Thanks in advance Shafeek
Re: Question regarding OpenSSL Security Advisory
In the Advisory it is mentioned that
Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
What about users of OpenSSL releases before 0.9.8f ? Isn't the vulnerability
applicable there as well?
Thanks
Shafeek
On Tue, Nov 16, 2010 at 7:15 AM, OpenSSL open...@master.openssl.orgwrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [16 November 2010]
TLS extension parsing race condition.
=
A flaw has been found in the OpenSSL TLS server extension code parsing
which
on affected servers can be exploited in a buffer overrun attack.
The OpenSSL security team would like to thank Rob Hulswit for reporting
this
issue.
The fix was developed by Dr Stephen Henson of the OpenSSL core team.
This vulnerability is tracked as CVE-2010-3864
Who is affected?
=
All versions of OpenSSL supporting TLS extensions contain this
vulnerability
including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.
Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses
OpenSSL's internal caching mechanism. Servers that are multi-process
and/or
disable internal session caching are NOT affected.
In particular the Apache HTTP server (which never uses OpenSSL internal
caching) and Stunnel (which includes its own workaround) are NOT affected.
Recommendations for users of OpenSSL
=
Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this
issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b
release
which contains a patch to correct this issue.
If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.
Patch for OpenSSL 0.9.8 releases
Index: ssl/t1_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.27
diff -u -r1.13.2.27 t1_lib.c
- --- ssl/t1_lib.c 12 Jun 2010 13:18:58 - 1.13.2.27
+++ ssl/t1_lib.c15 Nov 2010 15:20:14 -
@@ -432,14 +432,23 @@
switch (servname_type)
{
case TLSEXT_NAMETYPE_host_name:
- - if (s-session-tlsext_hostname ==
NULL)
+ if (!s-hit)
{
- - if (len
TLSEXT_MAXLEN_host_name ||
- -
((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+
if(s-session-tlsext_hostname)
+ {
+ *al =
SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (len
TLSEXT_MAXLEN_host_name)
{
*al =
TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
+ if
((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+ {
+ *al =
TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
memcpy(s-session-tlsext_hostname, sdata, len);
s-session-tlsext_hostname[len]='\0';
if
(strlen(s-session-tlsext_hostname) != len) {
@@ -452,7 +461,8 @@
}
else
- - s-servername_done =
strlen(s-session-tlsext_hostname) == len
+ s-servername_done =
s-session-tlsext_hostname
+
strlen(s-session-tlsext_hostname) == len
strncmp(s-session-tlsext_hostname, (char *)sdata, len) == 0;
break;
Patch for OpenSSL 1.0.0 releases
Index: ssl/t1_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.64.2.14
diff -u -r1.64.2.14 t1_lib.c
- --- ssl/t1_lib.c 15 Jun 2010 17:25:15
Scatter/Gather IO support in openssl crypto library
Hi, I'm developing a security product and in the process of selecting the crypto library. Can anyone please answer the following queries. 1. Does openssl crypto library supports scatter/gather I/O. The requirement is to pass bsdnet mbuf cluster to the openssl crypto library for encryption/decryption? 2. Does openssl crypto library supports non-blocking calls? Thanks in advance Shafeek
