Re: [openssl-users] A script for hybrid encryption with openssl
On 18/12/2018 18:04, Sam Roberts wrote: > Maybe you should look at gpg directly, `gpg --symmetric` uses a passphrase, > which doesn't sound fiddly. Unfortunately that doesn't do what I want: I'm after something using public key encryption (asymmetric, or a hybrid). This is so I don't need to deploy the decryption key on the server. N -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A script for hybrid encryption with openssl
On 17/12/2018 22:02, Jakob Bohm via openssl-users wrote: > A simpler way is to realize that the formats used by SMIME/CMS (specifically > the PKCS#7 formats) allow almost unlimited file size, and any 2GiB limit is > probably an artifact of either the openssl command line tool or some of the > underlying OpenSSL libraries. Yes. I started using openssl's smime implementation, then backed out when I realised there were indeed limits - apparently in the underlying libraries. On decrypting I got the same kind of errors described in this bug report thread (and elsewhere if you search, but this is the most recent discussion I could find). "Attempting to decrypt/decode a large smime encoded file created with openssl fails regardless of the amount of OS memory available". https://mta.openssl.org/pipermail/openssl-dev/2016-August/008237.html The key points are: - streaming smime *encryption* has been implemented, but - smime *decryption* is done in memory, consequentially you can't decrypt anything over 1.5G - possibly this is related to the BUF_MEM structure's dependency on the size of an int There's an RT ticket but I could not log in to read this. But it appears to have been migrated to Git-hub: https://github.com/openssl/openssl/issues/2515 It's closed - I infer as "won't fix" (yet?) and this is still an issue as my experience suggests, at least in the versions distributed for systems I will be using. I was using openssl 1.0.2g-1ubuntu4.14 (Xenial) and I've verified it with openssl 1.1.0g-2ubuntu4.3 (Bionic, the latest LTS release fro Ubuntu): $ openssl version -a OpenSSL 1.1.0g 2 Nov 2017 built on: reproducible build, date unspecified platform: debian-amd64 compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\"" OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1" $ dd if=/dev/zero of=sample.txt count=2M bs=1024 $ openssl req -x509 -nodes -newkey rsa:2048 -keyout mysqldump-secure.priv.pem -out mysqldump-secure.pub.pem $ openssl smime -encrypt -binary -text -aes256 -in sample.txt -out sample.txt.enc -outform DER -stream mysqldump-secure.pub.pem $ openssl smime -decrypt -binary -inkey mysqldump-secure.priv.pem -inform DEM -in sample.txt.enc -out sample.txt.restored Error reading S/MIME message 139742630175168:error:07069041:memory buffer routines:BUF_MEM_grow_clean:malloc failure:../crypto/buffer/buffer.c:138: 139742630175168:error:0D06B041:asn1 encoding routines:asn1_d2i_read_bio:malloc failure:../crypto/asn1/a_d2i_fp.c:191 > Anyway, setting up an alternative data format might be suitable if combined > with other functionality requiring chunking, such as recovery from > lost/corrupted data "blocks" (where each block is much much larger than > a 1K "disk block"). I should add that I don't really care about the format, or even the use of openssl - just the ability to tackle large files with the benefits of public key encryption, in a self-contained way without needing fiddly work deploying the keys (as GnuPG seems to require for its keyring, judging from my experience deploying Backup-Ninja / Duplicity using Ansible.) So other solutions, if tried and tested, might work for me. Cheers, Nick -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] A script for hybrid encryption with openssl
Hello, I've written a script to try and work around openssl's lack of a way to encrypt large files with public key or hybrid cryptography. I gather SMIME works for files < ~ 2.5GB but the current implementation cannot decrypt files larger than this. My use case is automated server back-ups, for which I need to back up arbitrarily large files and copy the result to S3 for storage, but I don't want to store a decryption key on the server. I contemplated splitting the archives, except this seemed about as much work as writing something which stored an encrypted one-time password with the payload and using symmetric encryption. As I'm not really a crypto/security expert, I thought I'd post it here and ask for some feedback on it. https://github.com/wu-lee/hencrypt Thanks! Nick -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Seg fault from d2i_RSAPrivateKey_fp
On Thu, 2013-02-21 at 05:15 -0500, Jeffrey Walton wrote: You enabled it with -Wextra, then you turned it off with -Wno-missing-field-initializers. Its not latched - the last option wins. Good catch! I forgot to remove that while doing some rapid prototyping. In addition, GCC's analysis may not have caught the issue since its a static analyzer. For better analysis of uninitialized values, its often better to use dynamic analysis - Valgrind at runtime. Ack. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 08:56 -0500, Jeffrey Walton wrote: g++-4.7.2 -g -Wall -Wextra -Weffc++ -Wno-missing-field-initializers -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -Werror -std=c++11 -Wno-missing-field-initializers :) Firstly, -Wno-missing-field-initializers turns -Wmissing-field-initializers *off*, which does not help. Secondly, -Wmissing-field-initializers is enabled as part of -Wextra, which I have enabled. Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Disable wrapping for EVP_EncodeUpdate?
I see EVP_EncodeUpdate adds a newline char after every 64 chars of output (presumably to wrap the output). Can this be disabled? Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Disable wrapping for EVP_EncodeUpdate?
On Tue, 2013-02-19 at 16:48 +, Viktor Dukhovni wrote: On Tue, Feb 19, 2013 at 03:57:00AM -0500, Nick wrote: I see EVP_EncodeUpdate adds a newline char after every 64 chars of output (presumably to wrap the output). Can this be disabled? No, but the EVP_EncodeBlock() function does not generate any newlines. You must pass it a multiple of 3-bytes on every call except the last, since it will otherwise generate trailing = padding for incomplete blocks, which are not valid midstream. Another option is to roll your own Base64 encoder, this is trivial to implement, there is little incentive to use the EVP routines if they don't do exactly what you want. Thanks. I've implemented a base64 codec in the past w/out a problem. But I figured if there was an easy way to get my desired functionality from an existing tested API, all the better. As it turns out, the wrapping does not seem to be an issue afterall--the consuming app handles it fine. Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 00:37 +0100, Dr. Stephen Henson wrote: That's because it is attempting to free up parts of a pointer that haven't been allocated with OPENSSL_malloc. See: http://www.openssl.org/docs/crypto/d2i_X509.html#WARNINGS Changing the code to allocate the struct via OPENSSL_malloc does not seg fault in a standalone app, but the same exact code seg faults in a slightly larger app (dump still points to d2i_RSAPrivateKey_fp). Does that mean any non-NULL ptr passed to the function must be allocated via OPENSSL_malloc? This line in the man page for d2i_X509 suggested to me that a non-NULL ptr need only point to a real structure (ie. could not simply be an uninitialized ptr): If *px is not NULL then it is assumed that *px contains a valid X509 structure and an attempt is made to reuse it. Accordingly, I currently have this d2i_X509_fp code which does not segfault: X509 x509; X509 *pTmpX509(x509); X509 *pX509 = d2i_X509_fp(pFile2, pTmpX509); It's semantically the same as how I'm calling d2i_RSAPrivateKey_fp: RSA rsa; RSA *pTmpRsa(rsa); RSA *pRSA = d2i_RSAPrivateKey_fp(pFile, pTmpRsa); The former (d2i_X509_fp) works fine while the latter (d2i_RSAPrivateKey_fp) seg faults. Are the APIs different in their expectations of the 2nd param? Or have I just been getting lucky w/ my calls to d2i_X509_fp? Must the non-NULL ptr that's passed as the 2nd param always be allocated with OPENSSL_malloc? Can it not come from the stack or some other heap allocator? Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Difference between SSL and TLS
On Mon, 2013-02-18 at 08:23 +, b ganesh ganesh wrote: All: What is the major difference bw SSL and TLS?Does it possible to use this protocols independenlty? Google seems to turn up a bunch of results for your first question: https://www.google.com/search?q=difference+between+ssl+and +tlsie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a Does that help? Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 04:00 -0500, Jeffrey Walton wrote: The signature is X509 *d2i_X509_fp(FILE *fp, X509 **x); Please re-read my previous response. I'm not having a problem w/ the code involving x509. I included it in my last response to point out that while it works fine, calling d2i_RSAPrivateKey_fp in a similar manner causes a seg fault. You might be sending junk into OpenSSL for processing. My understanding is that the input to the function comes from the file pointer, the second param is for the output. Considering the same file pointer works fine when NULL is passed for the second param, I'm confident that valid data is being passed in for processing. Perhaps the following would be better (let the optimizer decide what constitutes a dead write); X509 x509 = NULL; X509 *pX509 = d2i_X509_fp(pFile, x509); This does not compile. As I mentioned in my original post, if I pass the address of a NULL ptr for the second param, the code works fine. I'm trying to understand how to pass the address of a non-NULL pointer as the second param (or if that's even possible). In short, is this not valid? RSA rsa; RSA *pTmpRsa(rsa); RSA *pRSA = d2i_RSAPrivateKey_fp(pFile, pTmpRsa); Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 13:22 +0100, Dr. Stephen Henson wrote: Here's what's happening in detail. If you pass a non-NULL pointer for the second parameter it will attempt to reuse the structure. In the case of the RSA structure the outer (RSA *) is allocated via OPENSSL_malloc and so are many internal structures (e.g. BIGNUM key components), which it will also attempt to reuse. So all the internals need to be initialised to something sensible too or it may attempt to free up unintialised pointers with unpredictable results. That makes perfect sense, thank you. Where possible applications shouldn't mess around at this level. There are utility functions of the form X509_new (and RSA_new for (RSA *)) that allocate and initialise the structures correctly. So you could do something like this: RSA *prsa1, *prsa2; prsa1 = RSA_new(); prsa2 = d2i_RSAPrivateKey_fp(pFile, prsa1); But there isn't really any point as you can just do: rsa = d2i_RSAPrivateKey_fp(pFile, NULL); Which will call RSA_new() internally. I figured the same and took this approach too. Can you confirm the same logic applies to d2i_X509_fp? Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 08:12 -0500, Jeffrey Walton wrote: It looks like the GCC tool chain has let you down: C/C++ Option to Initialize Variables?, http://gcc.gnu.org/ml/gcc/2013-02/msg00207.html. Visual Studio has a similar feature for debug builds, and I don't ever recall being burned by using an uninitalized value since the value will be distinguished garbage - 0xCDCDCDCD and the like. As soon as I see it, I know something is not initialized. Fair point. Yes, I'm using GCC, and frankly, I have no real complaints compared to VC. In this case, based on the seg fault and the resulting corrupted stack trace, it was obvious that the issue was related to referencing bad memory. Regardless if a toolchain might help with issues like this, the error is more fundamental: I did not fully understand aspects of the API. So the time spent was less on what is happening? and more on what am I doing wrong?. Were you compiling with full warnings? If so, you should have been warned of use of an initialized value. If not, you might want to investigate how the tool chain can help you with reliability and security (there are lots of opportunities). Yes, I build w/ many warnings. Here's the relevant section of my build command--do you suggest other warnings to be enabled? g++-4.7.2 -g -Wall -Wextra -Weffc++ -Wno-missing-field-initializers -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -Werror -std=c++11 GCC did in fact warn me early-on about using the X509 struct uninitialized, but it did not warn about the RSA struct. Still, my lack of fully understanding the API led me to default initialize it (I come from more C++ than C) which silenced the warning and that part of the code worked anyway. So it still boils down to the developer knowing what he/she is doing and not relying on tooling to point out problems. Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Seg fault from d2i_RSAPrivateKey_fp
On Mon, 2013-02-18 at 14:18 +0100, Dr. Stephen Henson wrote: Can you confirm the same logic applies to d2i_X509_fp? Yes, it applies to any function of the form d2i_something_fp. I'll make the appropriate changes elsewhere then. Thank you very much for your prompt helpful responses. Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Seg fault from d2i_RSAPrivateKey_fp
Calling d2i_RSAPrivateKey_fp with the address of a non-NULL 2nd param yields a seg fault for me. It seems to work if I pass the address of a NULL ptr instead (commented out in the repro code below). I'm calling it in the same manner that I call d2i_X509_fp which also works. Environment: OpenSSL 1.0.1c and 1.0.1e x86 Linux (Gentoo) GCC 4.5.4 and 4.7.2 Following is a small repro (attached as well), command to gen key, compile run app, and get backtrace: // #include openssl/rsa.h #include openssl/x509.h #include iostream #include stdio.h using namespace std; int main(int argc, char **argv) { if(argc != 2) { cout Usage: argv[0] DER private key file endl; return 0; } cout Opening private key file... flush; FILE *pFile(fopen(./Input/PrivateKey1.der, rb) ); if(!pFile) { cerr Failed to open private key file. endl; return -1; } cout done. endl; cout Decoding RSA private key... flush; RSA rsa; RSA *pTmpRsa(rsa); // seg fault // RSA *pTmpRsa(NULL); // works RSA *pRSA = d2i_RSAPrivateKey_fp(pFile, pTmpRsa); if(!pRSA) { cerr Failed to decode private key. endl; return -1; } cout done. endl; RSA_free(pRSA); return 0; } // Command to generate key, compile app, run it, and get the backtrace: $ openssl genrsa -out ./PrivateKey1.pem 2048 openssl rsa -inform PEM -outform DER -in ./PrivateKey1.pem -out ./PrivateKey1.der g++ -g main.cpp -lcrypto ./a.out ./PrivateKey1.der Generating RSA private key, 2048 bit long modulus +++ .+++ e is 65537 (0x10001) writing RSA key Opening private key file...done. Decoding RSA private key...Segmentation fault (core dumped) $ gdb ./a.out ./core GNU gdb (Gentoo 7.5 p1) 7.5 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i686-pc-linux-gnu. For bug reporting instructions, please see: http://bugs.gentoo.org/... Reading symbols from /home/nick/src/tools/LoadDerPrivateKeyFromFile/a.out...done. [New LWP 2692] warning: Could not load shared library symbols for linux-gate.so.1. Do you need set solib-search-path or set sysroot? Core was generated by `./a.out ./PrivateKey1.der'. Program terminated with signal 11, Segmentation fault. #0 0xb7646ded in BN_bin2bn () from ../../3rdParty/build/lib/libcrypto.so.1.0.0 (gdb) bt #0 0xb7646ded in BN_bin2bn () from ../../3rdParty/build/lib/libcrypto.so.1.0.0 #1 0x0041 in ?? () #2 0x0101 in ?? () #3 0xb7646904 in BN_new () from ../../3rdParty/build/lib/libcrypto.so.1.0.0 #4 0x0014 in ?? () #5 0xb772b544 in ?? () from ../../3rdParty/build/lib/libcrypto.so.1.0.0 Backtrace stopped: previous frame inner to this frame (corrupt stack?) #include openssl/rsa.h #include openssl/x509.h #include iostream #include stdio.h using namespace std; int main(int argc, char **argv) { if(argc != 2) { cout Usage: argv[0] DER private key file endl; return 0; } cout Opening private key file... flush; FILE *pFile(fopen(./Input/PrivateKey1.der, rb) ); if(!pFile) { cerr Failed to open private key file. endl; return -1; } cout done. endl; cout Decoding RSA private key... flush; RSA rsa; RSA *pTmpRsa(rsa); // seg fault // RSA *pTmpRsa(NULL); // works RSA *pRSA = d2i_RSAPrivateKey_fp(pFile, pTmpRsa); if(!pRSA) { cerr Failed to decode private key. endl; return -1; } cout done. endl; RSA_free(pRSA); return 0; }
Problem in RAND_query_egd_bytes?
Hi, Its entirly possible that I have this wrong, but I have been trying to debug a problem on AIX 5.1 wheer I seem to fail to open the socket of the entropy daemon. I still haven't fixed that yet, but I think I may have found a flaw in RAND_query_egd_bytes, at least in openssl-1.0.0d. If the connect to the socket fails (in my case with a ECONNREFUSED), the loop is being broken abd the function exit's, but the return status is left at 0, so the calling app does not see the problem. diff -c crypto/rand/rand_egd.c crypto/rand/rand_egd.c.new *** crypto/rand/rand_egd.c Wed Nov 12 07:27:36 2008 --- crypto/rand/rand_egd.c.new Mon Aug 1 11:45:22 2011 *** *** 179,184 --- 179,185 break; #endif default: + ret = -1; goto err; /* failure */ } } Hope that is of use, and makes some sense. -- Nick Gorham __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Skipping the OID and BIT string prefix in DER formatted RSA keys
Hi guys, I am using the following command to output the public key for a given RSA private key: openssl rsa -in keyfile.private.pem -pubout -outform DER The output includes a SEQ with an OID, followed by a BIT string containing the DER formatted public key I need. Deleting the first 22 bytes (leaving everything after the BIT string header) worked in the target application. Is there a trick to getting openssl not to output the OID and BIT string wrapper? Thanks, Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Compiling Errors Crypt::SSLeay
Hello, I am receiving errors when compiling Crypt::SSLeay on RHEL4ASu7 x86_64. $ make test # Error: Can't load '/home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: /home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so: cannot open shared object file: No such file or directory at /usr/local/cars-perl/5.8.8/lib/5.8.8/i686-linux/DynaLoader.pm line 230. I am fairly certain this is something to do with being unable to load libcrypto.so or libssl.so, so I checked it out: # ldd /home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so libc.so.6 = /lib64/tls/libc.so.6 (0x002a9566a000) /lib64/ld-linux-x86-64.so.2 (0x00552000) That looks fine. I have the following packages installed: openssl-0.9.7a-43.17.el4_6.1 openssl-devel-0.9.7a-43.17.el4_6.1 I am confused as to what is missing here. From my standpoint, there should be no error when trying to load SSLeay.so file, especially a No such file or directory error because 'ldd' responds properly. What am I missing here? -Nick
Re: Bad Decrypt message when using -pass pass:
An excellent idea Ger, I will try it now, thanks for replying. Nick On 11 Feb 2009, at 14:04, Ger Hobbelt wrote: Since from the looks of it your feeding enc an entire disc image, the first question of course is: have you tried your process with a smaller file, say a snippet of about 1K of data or even less? (I'm thinking about hidden boundary issues here, so best would be to check the process with something tiny, then try a bigger size, and so on.) On Wed, Feb 11, 2009 at 2:55 PM, Nickfx n...@csitech.co.uk wrote: 24 hours on and still stuck! Nickfx wrote: Hi, first post here and I wonder if anyone with a larger brain than me can help? I'm in Windows XP Pro and using DD to image a disk and then pipe to openssl to encrypt. I'm using the -pass pass:'anotherpassword' switch to make decryption by the user as easy as possible. It looks like this:- dd if=\\.\PhysicalDrive0 conv=noerror | openssl enc -aes-128-ecb - salt -out encryptedfile.enc I enter the passphrase when prompted and verify. Encryption appears to work and I can see the SALTED line at the start of the file in a Hexviewer. However when I try to decrypt using:- openssl enc -d -aes-128-ecb -salt -in encryptedfile.enc -out finished.dd and type in the passphrase.. I get the following:- bad decrypt 4064:error:00065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt: .\crypto\evp\evp_enc.c:330: I've seen alot of posts that say the passphrase is wrong however I and a collegue have tried this 20 or 30 times with phrases from 123 to hello to more complex. We havent got it wrong each time! When I look at the resultant file I can see NTFS at the start of the file meaning it has sort of worked but when I hash compare the input and output they are different so something hasnt worked. I am well and truly stuck! Thanks in advance Nick Nick -- View this message in context: http://www.nabble.com/Bad-Decrypt-message-when-using--pass-pass%3A-tp21936670p21955180.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http:// www.openssl.org User Support Mailing Listopenssl- us...@openssl.org Automated List Manager majord...@openssl.org -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org CSITech n...@csitech.co.uk Tel - +44(0)1275 394027 Mob - +44(0)7970 663160 Addr - PO Box 1412, Bristol, BS41 9DN __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_bio_PrivateKey() returns NULL for password protected keys
I am having exactly the same problem as reported by Ken Gold of IBM on the openssl-users list in May. I haven't seen any response to his original posting or received a reply from him. I can read a password protected private key file OK using the OpenSSL shell, but if I try and do it programmatically I just get a NULL key returned. If the private key is not password protected everything works 100%! I am trying it under OpenSSL 0.9.8i in a Windows shell or 0.9.8h in a Cygwin Bash shell - both give the same error (NULL key). I am programming in CodeGear C++ Builder on Windows XP. The relevant code snippet as follows: bio_key = BIO_new( BIO_s_file() ); BIO_read_filename( bio_key, keyfile ); sigkey = PEM_read_bio_PrivateKey( bio_key, NULL, NULL, (void *)pwd ); where keyfile is the (correct) path to the private key file and pwd is the (correct) password as a NULL terminated string. The error text reported is as follows: 5244:error:0906B072:lib(9):func(107):reason(114):.\crypto\pem\pem_lib.c:481 I get the same response with keys generated with RSA and also ECDSA. If anyone can provide any insights or pointers on this issue it would be much appreciated! Regards, Nick Dr. Nick van der Merwe Director: Technology Business Development Ideco Technologies (Pty) Ltd Tel: 011 463 1902 Fax: 086 529 0641 / 011 745 5615 Mobile: 083 709 8230 E-mail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.ideco.co.za/ www.ideco.co.za Merton House, Eton Office Park East c/o Sloane Str. Harrison Ave., Epsom Downs, 2191 PO Box 130353, Bryanston 2021 Disclaimer: This e-mail and any files transmitted with it are confidential and intended solely for the use of the addressee. If you have received this e-mail in error, please delete it and notify the sender. Please note that any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of the Ideco Group. Finally, the recipient should check this e-mail and any attachments for the presence of viruses, worms and any other malicious software. Ideco accepts no liability for any damage caused by any malicious software which may be transmitted by this e-mail. attd5e8a.gif
Re: Memeory leak in PEM_read_bio_X509
Kaushalye Kapuruge wrote: Hi, Somebody please reply to my question... :) Cheers, Kaushalye Kaushalye Kapuruge wrote: Hi, I found that there is a memory leak in the function PEM_read_bio_X509(); Herewith I've attached the valgrind trace(with flags --tool=memcheck --leak-check=full --show-reachable=yes ) and a sample test case. Is this a known issue or have I missed some steps? Cheers, Kaushalye #include stdio.h #include openssl/rsa.h #include openssl/evp.h #include openssl/objects.h #include openssl/x509.h #include openssl/err.h #include openssl/pem.h #include openssl/ssl.h #include openssl/bio.h int main () { static char certfile[] = rsacert.pem; X509 *cert = NULL; BIO *bio_cert = NULL; int ret; /*Load cert*/ bio_cert = BIO_new_file(certfile, rb); PEM_read_bio_X509(bio_cert, cert, NULL, NULL); if(!cert){ printf(Cannot load the certificate\n); } ret = BIO_reset(bio_cert); ret = BIO_free(bio_cert); bio_cert = NULL; return 0; } I think the problem is that you haven't freed the X509 structure which was created when you read the certificate. So your program needs something like if (cert) { X509_free(cert); } at the end. nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: ocsp response validation problem
Hi, From my work in this area, I found that the error at the end of the ocsp command is only a problem with the running of the command - the contents of the file produced are not impacted. However, the way to avoid the error is to concatenate (doing it in a text editor is fine) all the certs in your chain - in PEM format - into a file (chain.pem or similar) and supply this file as the parameter to your -Cafile options. Hope this helps. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon McMahon Sent: Thursday, August 31, 2006 4:49 AM To: openssl-users@openssl.org Subject: ocsp response validation problem Hi, 0.9.8b I'm doing some OCSP testing and I had a little confusion with OCSP response validation. If you leave out -CAfile on the request then the validation fails even in the simple case where the CA is the same as the issuer. The examples in the ocsp(1) doc should include a request that includes the -CAfile argument to make it succeed e.g: openssl ocsp -issuer demoCA/cacert.pem -CAfile demoCA/cacert.pem -url http://localhost: -serial 1 This will work when the server is run as shown in the samples section. If -CAfile is left out then you get a validation error. If you use -CA (a server argument) then it also fails and this is pretty confusing. Note: A sample of how to make a OCSP responder cert with OCSPSigning in the extended key usage would be nice too. When I work this bit out I can send in a sample for that if that helps. Simon McMahon __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: merging certs
I merged some certs which were in PEM format just by putting them together in the editor. The openssl ocsp command has a param -CAfile fname where fname needs the entire cert chain back to the root. I did it in Notepad and it worked fine. I haven't tried it with .DER format. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marten Lehmann Sent: Thursday, August 10, 2006 1:53 PM To: openssl-users@openssl.org Subject: merging certs Hello, I recently read, that it is possible the have more than one ssl-host per ip-address. This shall be possible with two special requirements: - all ssl-hosts share the same key - all certs for the hosts are bundled within one file For the letter requirement I think it doesn't only have to be one file containing one cert after the other, but these certs have to merged to one big cert. How can this merging be done? Is it possible to do this with openssl or can only the issuer of the certs do that? Regards Marten __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: merging certs
That part I can't help you with. Sorry. However I did just merge them as you describe. Good luck. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marten Lehmann Sent: Thursday, August 10, 2006 3:31 PM To: openssl-users@openssl.org Subject: Re: merging certs Hello, I merged some certs which were in PEM format just by putting them together in the editor. so merging is really just the step of putting several certs like this in one file? -BEGIN CERTIFICATE- [...] -END CERTIFICATE- -BEGIN CERTIFICATE- [...] -END CERTIFICATE- -BEGIN CERTIFICATE- [...] -END CERTIFICATE- The openssl ocsp command has a param -CAfile fname where fname needs the entire cert chain back to the root. I did it in Notepad and it worked fine. Well, I'm not the issuer of the certs. It is Equifax (GeoTrust/RapidSSL). Can I merge them anyway? Or would Equifax have to merge it for me? Regards Marten __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Certificate Chain Problems
Hi Stewart, Not sure if I have you right here but I came across a similar problem when I was trying to generate OCSP responses. Firstly I assume you have this man page : http://www.openssl.org/docs/apps/openssl.html Some commands have a parameter -CAfile fname This fname should have the full cert chain back to the root in it - by which I mean the certificates for all links in the chain in PEM format concatenated. Supplying this extra parameter worked for me. Good luck. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 10, 2006 5:52 PM To: openssl-users@openssl.org Subject: Certificate Chain Problems PKI newbie in need of help. When I sign a SSL cert with my CA, the certification path only lists the web server. Not my SubCA or the Windows Root CA. I am trying to stand up a SubCa under a Windows Certificate Authority and I am having issues getting the Chain of Authority correct. I have been spinning my wheels for a while now and exhausted google(maybe I just don't know what to search for...). Can someone point me to some docs on this or help me? I generate my key # openssl genrsa -des3 -out /tmp/ca.key I generate a CSR from that key # openssl req -new -extensions v3_ca -days 3650 -key /tmp/ca.key -config openssl.cnf -out ca.csr Openssl has the following defined. [ v3_ca ] basicConstraints= CA:TRUE, pathlen:2 subjectKeyIdentifier= hash authorityKeyIdentifier = keyid:always,issuer:always I send the CSR off to the windows folks who sign it and send it back. They assure me they are using the SubCA Template for this. Any obvious mistakes? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ca format of index.txt. file
Hello All, Does anyone know where there is a definition of the format of the contents of the index.txt file used with the ocsp and ca commands ? (This file contains info on the revocation status of certificates). Thanks, Nick
RE: ca format of index.txt. File - IT WORKS!
Hi, Well I finally worked out what I wanted to do so I thought I'd share it with anyone out there who might be trying the same thing themselves. The tie in between the certificate whose status I am seeking an ocsp response for and the index file supplied as a parameter to the ocsp command is the serial number of the certificate - as simple as that. The fourth column in the index file contains the serial number of certificates issues by a a particular CA. The first column (V(erified(, E(xpired) and R(evoked)) represents the status of that certificate. So I can now generate OCSP responses, with a status I choose, for any certificate which I choose. I notice however that if I set the Status column to be R(evoked) I get a staus of unknown rather than revoked. Does anyone have any observations on this ? Thanks to Ted fo his input on this query. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fitzsimons, Nick Sent: Tuesday, August 01, 2006 11:22 AM To: openssl-users@openssl.org Subject: RE: ca format of index.txt. file Hi Ted, Thanks for your reply. I see you are busy replying to several different request helps. :-) I am glad to hear that the reason I can't find the documentation is there isn't any. Your reply helps significantly. I hope you can bear with me for a follow up question. I use the following to generate an ocsp request for a cert : ocsp -issuer cacert.pem -cert cert.pem -reqout req.der I am then seeking to use the following to generate on OCSP response to the request I have just generated : ocsp -index index file -rsigner respondercert.pem -rkey responderkey.pem -CA CACert.pem -reqin req.der -respout resp.der -Cafile certchain.pem My understanding is that the contents of index file are use to check the status of the cert which is detailed in req.der. However no matter how I try to configure index file I always get a status Cert Status: unknown Given that the certificate whose status I am trying to ascertain has a Subject of : Subject: CN=Rick, O=Rick RI, L=Hamburg, C=DE what would I put in the index file to enable the ocsp command to find this certificate and return a status which I could set up in this index file ? As a first pass I have tried the following V 090705233205Z 041009233205Z 01 certs/0001 /CN=Rick V 090705233205Z 041009233205Z 02 unknown /CN=Rick/O=Rick RI/L=Hamburg/C=DE in the hope that ocsp would see the V for othe cert identified and return a status of valid. Thanks in advance if you can find the tiem to help. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernhard Froehlich Sent: Tuesday, August 01, 2006 11:01 AM To: openssl-users@openssl.org Subject: Re: ca format of index.txt. file Fitzsimons, Nick wrote: Hello All, Does anyone know where there is a definition of the format of the contents of the index.txt file used with the ocsp and ca commands ? (This file contains info on the revocation status of certificates). Thanks, Nick First of all the format of index.txt is undocumented. Probably because it might change sometime. Or it was a fast hack to get the demo application running. Or something like that. Having said this, it currently (openssl 0.9.8b) is a text database where a tab separates the columns and newline separates the rows. The columns are defined as #define DB_type 0 /* Status of the certificate */ #define DB_exp_date 1 /* Expiry date */ #define DB_rev_date 2 /* Revocation date */ #define DB_serial 3 /* Serial No., index - unique */ #define DB_file 4 #define DB_name 5 /* DN, index - unique when active and not disabled */ DB_type is defined as #define DB_TYPE_REV'R' /* Revoked */ #define DB_TYPE_EXP'E' /* Expired */ #define DB_TYPE_VAL'V' /* Valid */ 'E' is currently not used by openssl ca, I guess because it is redundant to DB_exp_date. So expired certificates still have status 'V' DB_file currently is always 'unknown' and not used by openssl ca. I guess the original idea was to store the filename of the generated certificate file here. The dates are in ASN1_UTCTIME-format. Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users
RE: ca format of index.txt. File - IT WORKS!
Hi Ted, I can now get the Revoked status to work properly - I simply wasn't entering a date in the column for Revoked Date : I was only putting an R in the first column. I can't get E(xpired) to work but I can live without that for now. I always get an error of some sort when the first column is an E. This does seem like a bug. Your analysis of Unknown, Good and Revoked matches my experience with testing it. I am using the utility to generate OCSP responses which I can then import into my test harness to test a DRM agent I am working on. Using OpenSSL / ocsp (eventually!) looks like it gives more flexibility for negative testing than trying to persuade a real server to reply with the responses which my test cases require. I am using version 0.9.8b, as you are. Thanks for your input here. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernhard Froehlich Sent: Tuesday, August 01, 2006 3:13 PM To: openssl-users@openssl.org Subject: Re: ca format of index.txt. File - IT WORKS! Fitzsimons, Nick wrote: [...] I notice however that if I set the Status column to be R(evoked) I get a staus of unknown rather than revoked. Does anyone have any observations on this ? The relevant code goes as this (apps/ocsp.c lines 1063 and following): inf = lookup_serial(db, serial); if (!inf) OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, 0, NULL, thisupd, nextupd); else if (inf[DB_type][0] == DB_TYPE_VAL) OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_GOOD, 0, NULL, thisupd, nextupd); else if (inf[DB_type][0] == DB_TYPE_REV) { ASN1_OBJECT *inst = NULL; ASN1_TIME *revtm = NULL; ASN1_GENERALIZEDTIME *invtm = NULL; OCSP_SINGLERESP *single; int reason = -1; unpack_revinfo(revtm, reason, inst, invtm, inf[DB_rev_date]); single = OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_REVOKED, reason, revtm, thisupd, nextupd); if (invtm) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); else if (inst) OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0); ASN1_OBJECT_free(inst); ASN1_TIME_free(revtm); ASN1_GENERALIZEDTIME_free(invtm); } while the status-defines are #define V_OCSP_CERTSTATUS_GOOD0 #define V_OCSP_CERTSTATUS_REVOKED 1 #define V_OCSP_CERTSTATUS_UNKNOWN 2 So to me this looks like the result is UNKNOWN if the serial is not found, GOOD if status is 'V' and REVOKED if status is 'R'. But I haven't had much experience with OCSP yet... Which version of openssl are you working with (i'm looking into the source of 0.9.8b)? BTW, if there is an unexpected status (like 'E') there seems to be no response. Is this really the way it should work? Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
New user with teething troubles
Good Morning All, I am new to openssl. I am seeking to use use the tool to generate OCSP responses to enable me to do negative testing of a DRM implementation I am working on. My first query, given that I am new to the tool, is - does it work ? I'd hate to spend more time trying to get it to work only to find out that it is never going to work. Assuming that the problem is me rather than the tool, highly probable, here is the problem I am trying to solve. I am using the tool to generate an OCSP request : ocsp -issuer cacert.pem -cert cert.pem -reqout req.der I then want to use the req.der as part of the following command to generate an OCSP response. ocsp -index index.txt -rsigner cert.pem -rkey private key.pem -CA cert.pem -reqin req.der -repsout resp.der When I try this I get an error message saying that the generated resp.der will not parse. SoI guess I need to be sure that I understand the semantics of each of the parameters to the ocsp command to ensure that I am supplying them correctly. A first question would be : What is the role of the -CA parameter and how does it relate to the contents of the indext.txt file ? If anyone can be be bothered to read and respond to this posting they would have have mysincere gratitude - however useless that might be. Cheers, Nick Fitzsimons
Re: Decrypting RSA Private Key
Dr. Stephen Henson wrote: On Tue, Jun 21, 2005, Nick G. wrote: Hello, I have a need to read an encrypted RSA Private Key generated using openssl with a java program. I have included some background at the end of this message, but my question is basically: how is the pass phrase converted into the key part? I can get the IV from the DEK-Info line, but I can't seem to figure out (by looking at the openssl source) how the key portion of the decryption key is created from the password entered by the user. Right now I am simply converting the pass phrase into a bytes and using that as the key portion. I believe this is incorrect, but I don't know what else to try. Also, I assume that the key is _not_ encrypted with PBE (since it is not padded per pkcs5). Is this assumption correct? Finally, once decrypted, will the key have the same asn1 schema as a key written in the clear? Please excuse me if these questions are already answered in the archives, as I was unable to locate any posts with this information (probably poor choice of search terms!) Also, if the transformation of the pass phrase into key is covered in some rfc I have yet to discover a shove in the right direction would be appreciated! Background: I have been able to generate/convert keys using openssl in the following formats and successfully read them using a java program: pkcs8 - clear text pkcs8 - des encrypted rsa - clear text However, I'm using the key for Apache mod_ssl and the only formats it seems to accept are: pkcs8 - clear text rsa - clear text rsa - des encrypted Since we want to protect the key using at least des encryption and I can't seem to make Apache read the pkcs8 format keys when they are encrypted (perhaps the httpd folks are using the wrong callback?), I thought making java decrypt the RSA key would be the simplest solution. Any OpenSSL application should transparently handle PKCS#8 clear text or encrypted keys. But make sure you have the correct PEM headers. If you try: openssl rsa -in key.pem -noout -text and that can correctly decrypt the key you should have no problems with Apache unless it does something weird. The PKCS#8 formats OpenSSL uses are all standard and it can use a variety of password based encryption (PBE) algorithms included PKCS#5 v1.5, v2.0 and PKCS#12. The other 'traditional' format for OpenSSL private key encyption is non-standard and has remained unchanged since the SSLeay days. It *is* documented. See: http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT and http://www.openssl.org/docs/crypto/EVP_BytesToKey.html#KEY_DERIVATION_ALGORITHM Thank you, this is exactly what I was searching for. Sadly, I had even guessed that maybe the DEK-Info was the salt [and not an IV], and guessed the iteration count might be one, but couldn't get that to work either. Obviously, I gave up to soon! WRT Apache I did verify that OpenSSL can read the keys I created using: openssl genrsa -out clr.rsa 1024 then openssl pkcs8 -v1 PBE-MD5-DES -in clr.rsa -topk8 -out enc.des.v1.pkcs8 or openssl pkcs8 -v2 des -in clr.rsa -topk8 -out enc.des.v2.pkcs8 or openssl pkcs8 -v2 des3 -in clr.rsa -topk8 -out enc.des3.v2.pkcs8 and that the output from the command you suggested above is identical for all the keys but that Apache will not accept any of the encrypted PKCS#8 versions (prompts for passphrase, but then claims the pass phrase was bad no matter how many times I try to type it in correctly!). I will report this as bug to them. FYI, The new Java5 stuff will also croak when deciphering the v2 algorithms claiming that it: Cannot find any provider supporting 1.2.840.113549.1.5.13 (1.2.etc is the OID for TripleDES, right?)sigh Again, thank you for the help. Cheers! Nick __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Decrypting RSA Private Key
Hello, I have a need to read an encrypted RSA Private Key generated using openssl with a java program. I have included some background at the end of this message, but my question is basically: how is the pass phrase converted into the key part? I can get the IV from the DEK-Info line, but I can't seem to figure out (by looking at the openssl source) how the key portion of the decryption key is created from the password entered by the user. Right now I am simply converting the pass phrase into a bytes and using that as the key portion. I believe this is incorrect, but I don't know what else to try. Also, I assume that the key is _not_ encrypted with PBE (since it is not padded per pkcs5). Is this assumption correct? Finally, once decrypted, will the key have the same asn1 schema as a key written in the clear? Please excuse me if these questions are already answered in the archives, as I was unable to locate any posts with this information (probably poor choice of search terms!) Also, if the transformation of the pass phrase into key is covered in some rfc I have yet to discover a shove in the right direction would be appreciated! Background: I have been able to generate/convert keys using openssl in the following formats and successfully read them using a java program: pkcs8 - clear text pkcs8 - des encrypted rsa - clear text However, I'm using the key for Apache mod_ssl and the only formats it seems to accept are: pkcs8 - clear text rsa - clear text rsa - des encrypted Since we want to protect the key using at least des encryption and I can't seem to make Apache read the pkcs8 format keys when they are encrypted (perhaps the httpd folks are using the wrong callback?), I thought making java decrypt the RSA key would be the simplest solution. Regards, Nick Grynkewich __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
known_hosts with permissions greater than 0750
I have a security requirement that all files in a users directory have permissions no greater than 0750. When ~/.ssh/known_hosts is created it is given 0644. Is there a reason for this? I can see why other would need access to this file at all. Nix __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem decoding DER buffer into X509 structure
Hi- I'm having trouble with the d2i_X509() call. I've googled all the errors that I get and I can't figure out what's going on. I'm using OpenSSL 0.9.7d. Basically, I'm trying to read a cert off disk (PEM format). Then I convert it into a DER buffer using i2d_X509(). Sometime later, I need to convert the DER buffer back into an X509 structure using d2i_X509() and that's when the wheels come off the wagon. I've attached a code snippet that shows the problem. Can anyone help me out? Thanks, Nick all:example.c gcc -o example -lcrypto example.c -BEGIN CERTIFICATE- MIIDdTCCAl2gAwIBAgIBADANBgkqhkiG9w0BAQUFADB1MQwwCgYDVQQDEwNTQ0Ex CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3Vu dGFpbiBWaWV3MRUwEwYDVQQKEwxFc3RpcHMsIEluYy4xFDASBgNVBAsTC0VuZ2lu ZWVyaW5nMB4XDTA0MTAxMTIzMTU0M1oXDTA0MTExMDIzMTU0M1owdTEMMAoGA1UE AxMDU0NBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE BxMNTW91bnRhaW4gVmlldzEVMBMGA1UEChMMRXN0aXBzLCBJbmMuMRQwEgYDVQQL EwtFbmdpbmVlcmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHm DVMGPubS11msKHvWxvI5NINCPx/fZuznUwkGJOZrlF0F2H3gALqJWTkPHJb1gZ1c 0+m6eLE8FfNyhy4quatWLQ2UYe2eve+HoiwJxiM5IYjBiAq09uePQI9lJK65qdT7 8pSjNZpH+yqIBk5DTMT1tVpiqUESkq5Rk6dH4IstX0nrw95HFTOm1fScnk8p5oGt 1jl8Yr6azTXt8mQb8ijqPERJ2CXLmdv+ygBAaZDBvWcSA7EHIXEgVaUBFuO649dK QmXvUQOeWtgCWMtfs+ICIBTAO7pgqhdgIj0sdfi68Rg/Wgvu4ZTM0ESFxcJ1z5o7 77adKG+9gY9egHFXa+0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B AQUFAAOCAQEAf3dj+IZuAabWeXmq67N4AGUqMt2fZmba5V/sfRfVtqLmZUANoEhs NohoPsMeeFcfrRlOp0rbuVRhukSXDso+PvB0nX9dz394PC9oiFxVngMORum6LEyV kv2gZ7czDjp9a6oiLWLpvMdutmS1gOWJ78HTgOLHTNp+CP8EwfIZby594TnJab4S r3Twg6apj+IXaPqL3WymKAyzMxefokUFa6YNBdnyc7XsEnOfo4llxEbW1EC0WHfM zhvU6ww6sAec2cngoezDS48tfD9GAOYUh+ObHvy5g5E6ZSyNwKyi5n6fUVcNphn6 Hfpp/N4nh2UwHihvxn4g2yg+HbxuTJt4Aw== -END CERTIFICATE- #include stdio.h #include openssl/pem.h #include openssl/x509.h #include openssl/err.h int main(int argc, char** argv) { int buflen = 200; char buf[buflen]; unsigned long opensslerr = 0; /* This OpenSSL incantation is absolutely necessary */ OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); FILE *fp = fopen(cacert.pem, r); /* Load a cert off disk */ X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL); opensslerr = ERR_get_error(); if (opensslerr != 0) { ERR_error_string_n(opensslerr, buf, buflen); printf(PEM READ ERROR %s\n, buf); return -1; } fclose(fp); fp = NULL; /* Print out the subject and issuer */ X509_NAME *name = X509_get_subject_name(cert); char *nameStr = X509_NAME_oneline(name, buf, buflen); printf (Subject: %s\n, nameStr); name = X509_get_issuer_name(cert); nameStr = X509_NAME_oneline(name, buf, buflen); printf (Issuer: %s\n, nameStr); /* Find out how long the cert is when converted to DER */ int certlen = i2d_X509(cert, NULL); opensslerr = ERR_get_error(); if (opensslerr != 0) { ERR_error_string_n(opensslerr, buf, buflen); printf(CERT DER LEN ERROR %s\n, buf); return -1; } printf(CertLen: %d\n, certlen); /* Allocate some space for it */ unsigned char* certbuf = (unsigned char*) malloc(certlen); if (certbuf == NULL) { printf(Unable to allocate memory for DER buffer); return -1; } /* Convert the X509 structure to a DER encoding */ if (i2d_X509(cert, certbuf) 0) { opensslerr = ERR_get_error(); ERR_error_string_n(opensslerr, buf, buflen); printf(i2d ERROR %s\n, buf); return -1; } /* Turn right around and try to recreate the X509 from the DER */ X509 *decodedcert = d2i_X509(NULL, certbuf, certlen); if (decodedcert == NULL) { while ((opensslerr = ERR_get_error()) != 0) { ERR_error_string_n(opensslerr, buf, buflen); printf(d2i ERROR %s\n, buf); } return -1; } }
Re: Question about CA.pl and -newca
Dr Henson, Try deleting the demoCA tree and doing CA.pl -newca again. That isn't it. I tried that first. I am assuming the demoCA that it looks for is in the current working directory. Also check openssl.cnf is somewhere usable or OPENSSL_CONF points to it or the req command will give an error when creating the CA certificate. I think this might be the problem. I could be wrong, but I dont remember this file before 0.97. I ran the commands /usr/local/bin/openssl genrsa -des3 -out ca.key 1024 /usr/local/openssl/certs# /usr/local/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt and got what I expected. Was there some config I need to do to the openssl.cnf file to make the CA.pl script work? Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question about CA.pl and -newca
On Sat, 2003-08-23 at 15:25, Dr. Stephen Henson wrote: On Sat, Aug 23, 2003, Nick Gray wrote: Dr Henson, Try deleting the demoCA tree and doing CA.pl -newca again. That isn't it. I tried that first. I am assuming the demoCA that it looks for is in the current working directory. Yes. Also check openssl.cnf is somewhere usable or OPENSSL_CONF points to it or the req command will give an error when creating the CA certificate. I think this might be the problem. I could be wrong, but I dont remember this file before 0.97. I ran the commands /usr/local/bin/openssl genrsa -des3 -out ca.key 1024 /usr/local/openssl/certs# /usr/local/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt and got what I expected. Was there some config I need to do to the openssl.cnf file to make the CA.pl script work? No, if req -new works then openssl.cnf is in the right place. Does CA.pl -newca give any kind of error message after it asks for a CA certificate? Did you give it the name of a CA certificate or just hit enter? No error, take a look at the first message I sent. I didnt cut anything out of this, it is exactly what happened. I am just hitting enter. I will take a look at the perl script tonight so that I can understand what it is doing and see if I can see the diffs. Thanks Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Question about CA.pl and -newca
Prior to version 0.96 I didn't have a problem with OpenSSL at all. Today I built a new system and tried to use it with the following results. root:/usr/local/openssl# cd misc root:/usr/local/openssl/misc# ls CA.pl CA.sh c_hash c_info c_issuer c_name der_chop root:/usr/local/openssl/misc# ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... root:/usr/local/openssl/misc# ls CA.pl CA.sh c_hash c_info c_issuer c_name demoCA der_chop root:/usr/local/openssl/misc# cd demoCA root:/usr/local/openssl/misc/demoCA# ls certs crl index.txt newcerts private serial root:/usr/local/openssl/misc/demoCA# ls * index.txt serial certs: crl: newcerts: private: root:/usr/local/openssl/misc/demoCA# Problem is, it didn't actually do anything. It created the DemoCA as shown above, but there is nothing really in it. This is a LFS system with nothing except the basics. What in the world am I overlooking here??? In the past I have shown people how this works. Now it doesn't seem to work the way I remember. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Overview of Certificate usage
On Tue, 2003-02-25 at 12:32, Dr. Stephen Henson wrote: On Tue, Feb 25, 2003, Nick Gray wrote: On Tue, 2003-02-25 at 11:00, Dr. Stephen Henson wrote: You cant call ./Ca.pl -sign a second time. I knows about the certificate that was previously made and fails. Now perhaps if I wanted to set up aliases for the machine. (i.e. www.machine.com mail.machine.com) but I dont. The primary purpose of the machine is a mail server with a web interface as well as auth pop and auth/excrypted smtp Well currently it will fail if the certificates have identical field values, it could be argued that this is a deficiency in the way 'ca' operates. You can get round this by having some alternative field with a different value, say Server certificate, IMAP certificate etc. I also mistyped when I wrote servers as someone pointed out, I meant services. So if I want to use the different value, can I put it in the 'Organizational Unit Name' field. Would that do it? I wasn't aware that is was looking at anything other that common name for this. I will give it a shot. Thanks! There are other ways to get certificate with the same DN signed such as using the 'x509' utility instead of 'ca' but that can get messy. I think I would rather use the CA.pl rather than to try to support the raw routines over the phone. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
REMOVE
REMOVE __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL and IAIK different encoded lengths for the same public key ??
HI, We have openssl generating an RSA 1024/1001 key, using openssl the routines produce a X509 encoded public key of 159 bytes. This encoded key is successfully decoded and read into an IAIK key. If you then try to get the encoded public key out of the IAIK key you get a byte array of 161 bytes !! Data signed by the openssl code is successfully verified by the IAIK code. This is normally not a problem but we do some key comparisons that make used of the length parameter which is causing us difficulties ! Does anyone know why they should be different (padding ?) and any possible ways of making them the same ? Many thanks Nick Farrow __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Basic OpenSSL Client w/Pthreads
You are correct, it was timeouts. My pthread application was overloading the SSL server and it wasn't returning within the timeout, so that is why I kept receiving Error with sockets. I have an additional question related to SSL_write on a non-blocking IO. What is the proper method to check and make sure that the SSL write was performed properly? I've seen a few errors in my SSL server log that look like this that have actually been crashing my SSL daemon: There are no problems with service_data-servicesend, this is always a simple HTTP HEAD request, I've already checked this. [Mon May 13 16:10:40 2002] [error] [client xxx.xx.x.xx] Invalid method in request ^A^C^A [Mon May 13 16:11:58 2002] [error] [client xxx.xx.x.xx] Invalid method in request ^A^C^A [Mon May 13 16:13:24 2002] [error] [client xxx.xx.x.xx] Invalid method in request ^A^C^A [Mon May 13 16:18:26 2002] [error] SSL_accept failed Below is the code: ssl = SSL_new(ssl_ctx); SSL_set_fd(ssl, sockfd); if(SSL_connect(ssl) == 0) { close(sockfd); SSL_free(ssl); return(2); } SSL_write(ssl, service_data-servicesend, strlen(service_data-servicesend)); numbytes = 1; FD_ZERO(rset); FD_SET(sockfd, rset); while(numbytes != 0) // run select as below and cycle until we get what we want. Best Regards, Nicholas Gaugler CommuniTech.Net Development - Kansas City 2001 Small Business of the Year - A HostIndex.com Top 15 Web Hosting Company - Member of the BBB On-Line Reliability Program - Member of the Web Host Guild VeriHost -Original Message- From: Nick Gaugler [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 5:53 PM To: [EMAIL PROTECTED] Subject: Basic OpenSSL Client w/Pthreads I've come up with the following BASIC OpenSSL client from the cli.cpp example and I am trying to turn it into a multi threaded application with pthreads. Each thread will open a brand new connection, it will not read off of the same connection, so it should not be any different. I've added the th-lock.c library into it before the threads are created and after they are destroyed, from the limited documentation I've found, that should cover everything. The only thing I have changed with the basic cli.cpp is that I am using non-blocking IO through SELECT/FD_ISSET. By doing this I have also added support for SSL_ERROR_WANT_READ, so that shouldn't be the issue. The problem I am seeing is within the select/FD_ISSET. My FD_ISSET is failing. (Enclosed below) c = select(sockfd+900, readfds, NULL, NULL, tv); if (c 0) { perror(SELECT); fprintf(stderr, Error with the select\n); break; } if (!FD_ISSET(sockfd, readfds)) { perror(Error); fprintf(stderr,Error with socket\n); break; } Should I not be using this with OpenSSL and/or pthreads? Are there any known issues or can anyone shed some light onto the subject for me? Thanks in advance, Nick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Basic OpenSSL Client w/Pthreads
I've come up with the following BASIC OpenSSL client from the cli.cpp example and I am trying to turn it into a multi threaded application with pthreads. Each thread will open a brand new connection, it will not read off of the same connection, so it should not be any different. I've added the th-lock.c library into it before the threads are created and after they are destroyed, from the limited documentation I've found, that should cover everything. The only thing I have changed with the basic cli.cpp is that I am using non-blocking IO through SELECT/FD_ISSET. By doing this I have also added support for SSL_ERROR_WANT_READ, so that shouldn't be the issue. The problem I am seeing is within the select/FD_ISSET. My FD_ISSET is failing. (Enclosed below) c = select(sockfd+900, readfds, NULL, NULL, tv); if (c 0) { perror(SELECT); fprintf(stderr, Error with the select\n); break; } if (!FD_ISSET(sockfd, readfds)) { perror(Error); fprintf(stderr,Error with socket\n); break; } Should I not be using this with OpenSSL and/or pthreads? Are there any known issues or can anyone shed some light onto the subject for me? Thanks in advance, Nick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Important Message Concerning Your Membership Account. 4/23/2002 6:30:09 PM
The point is that th At 10:28 AM 2002-04-25 +0200, Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Wed, 24 Apr 2002 18:45:33 -0400, Nick Simicich [EMAIL PROTECTED] said: njs It looks like the Received headers are filtered at the openssl njs listserv - Nope. See your own message (or this one) as an example :-). njs it is impossible to tell where this spam really came from. It might mean that the spammer in question talked more or less directly to OpenSSL's mailserver and perhaps faked a received header while it was at it. Note that there is one trace: njs Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP njs from localhost1127.com id AAA26960; Wed, 24 Apr 2002 00:28:20 njs +0200 (MET DST) I've no idea what localhost1127.com is... Exactly. That is why the sendmail at en5.engelschall.com is broken. That name does not resolve here either - it should include an IP address in the Received line as well as a helo name. For it not to do so makes it a cloaking device. -- War is an ugly thing, but it is not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. A man who has nothing for which he is willing to fight, nothing he cares about more than his own personal safety, is a miserable creature who has no chance of being free, unless made so by the exertions of better men than himself. -- John Stuart Mill Nick Simicich - [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Important Message Concerning Your Membership Account. 4/23/2002 6:30:09 PM
It looks like the Received headers are filtered at the openssl listserv - it is impossible to tell where this spam really came from. I almost just pasted it into spamcop and then I realized that the list was anonymizing the real origin of posts. Well, I expect that, as happened to bugtraq, enough people will make spamcop complaints that will end up in the list's lap (because the list anonymizes) that Spamcop's blacklist will kick in and cut off mail from 195.27.130.252. I suggest that you change your list configuration to not strip received lines - or at least to always record the IP address. from localhost1127.com means that you are only recording helo names and not even checking to see if they are real. At 06:30 PM 2002-04-23 -0400, you wrote: X-Persona: njs@squawk Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252]) by scifi.squawk.com (Postfix) with ESMTP id EAC5E3501B for [EMAIL PROTECTED]; Tue, 23 Apr 2002 18:33:02 -0400 (EDT) Received: by mmx.engelschall.com (Postfix) id 42DFD194E5; Wed, 24 Apr 2002 00:30:18 +0200 (CEST) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 97281194C3 for [EMAIL PROTECTED]; Wed, 24 Apr 2002 00:30:17 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-L id AAA26982; Wed, 24 Apr 2002 00:29:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP from localhost1127.com id AAA26960; Wed, 24 Apr 2002 00:28:20 +0200 (MET DST) Message-Id: [EMAIL PROTECTED] From: mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Tue, 23 Apr 2002 18:30:09 -0400 Subject: Important Message Concerning Your Membership Account. 4/23/2002 6:30:09 PM X-Mailer: Microsoft Outlook Express 5.00.2919.1990 MIME-Version: 1.0 X-Precedence-Ref: 12 Content-Type: text/html; charset=us-ascii Sender: [EMAIL PROTECTED] Precedence: bulk Reply-To: [EMAIL PROTECTED] X-Sender: mark [EMAIL PROTECTED] X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-users Status: -- War is an ugly thing, but it is not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. A man who has nothing for which he is willing to fight, nothing he cares about more than his own personal safety, is a miserable creature who has no chance of being free, unless made so by the exertions of better men than himself. -- John Stuart Mill Nick Simicich - [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Compatibility with Crypt::DES
Hi, I'm trying to use the openssl libraries to decrypt text encrypted using perl's Crypt::DES module without success. After failing using CBC, I've switched to a simple 8 byte block encrypted with des_ecb_encrypt and this still produces different cipher text. Which presumably means the problem lies with the key ? I take a hardcoded 8 byte key and use des_string_to_key and then create a des_key_sched prior to doing the encryption. Does anyone have any suggestions or any experience of using perl / openssl together just for DES as opposed to complete SSL communication ? thanks Nick Roberts __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: interoperability
Absolutely. You have to have your root cert signed by their root key, so the chain can be verified. This is pretty much what PKI is all about. Thawte (http://www.thawte.com) used to have information on their website about to do just that. However, I can't seem to find it (things changed when Verisign purchased them :-). Does anyone have specific URL's about this? Nick *** REPLY SEPARATOR *** On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote: is the following possible?? if so, could you explain me how or point me documentation about it??. I create end-user certificates and sign them by my own CA, this kind of PKI is working on a apache+openssl+modssl system and i would like to make this certificates to be accepted to other CA's, in somehow, to interoperate with other certificates or higher, that my CA interoperates with other CA's. I understan that we're working with X.509 certificates so the fields thing cannot change but i'm talking about when other CA has the same structure for its certificates and i want to take its certificates as mine or viceversa, let's say, Verisign certificates, is it technically possible that its certificates and ours could interoperate?? or maybe with DoD certificates??. Of course it has to be an agreement and all those, i repeate, technically. Any comments or directions will help so please comment, thanks. Juan Carlos Albores Aguilar _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
NO_MD5 Compilation oddity
Good Day, My name is Nick Jenkins. I am setting up an Apache + mod_ssl + OpenSSL (AMO, heretofore) configuration for internal testing purposes here at GE. In general, I think this solution is great, and that although it is a shame that SSL was necessarily 'chucked' from Apache due to the NSA, that this more modular solution is better, anyway. Thanks to those of you who maintain this. Now then, I am trying to get AMO configured to provide only legal, non-patented, and Secure SSL. Thus, I have configured the ./config command as follows: sh config --openssldir=/usr/local/openssl \ no-threads shared no-idea no-rc2 no-rc4 no-rc5 \ no-md4 no-md5 -DSSL_FORBID_ENULL -DSSL_ALLOW_ADH The reason that I am excluding MD5 is that according to RSA, it is based upon MD4, that has been completely cracked, and that some follow-on work was performed on MD5 that might make it (somewhat) insecure, as well. (This is, of course, my paraphrase of what they said.) Whether MD5 is, in fact, insecure is not important. What IS important, for the sake of this discussion is that I don't trust it, and want it disabled. So, I specified the no-md5 option, and after lots of compiling, the openSSL make failed at s3_srvr.c. When I investigated, I found that in ssl/ssl.h, it says: #if (defined(NO_RSA) || defined(NO_MD5)) !defined(NO_SSL2) #define NO_SSL2 #endif So, I naturally am not surprised that I get no SSL2 by disabling MD5. What did surprise me, though, is that s3_srvr.c requires #include openssl/md5.h, which has in it: #ifdef NO_MD5 #error MD5 is disabled. #endif Since I haven't bothered to read the SSL spec (big surprise, eh?), I would have thought it possible to build an SSL server that only used SHA1 and/or MDC2, but not necessarily MD5. However, it would appear that at least in the current revision of the software, MD5 is a pre-requisite for building SSL2 or SSL3 or TLS1 support. Since MD5 seems to be required, I have enabled it in my current compile. I just wanted to point this out, in case this had slipped through the cracks. Also, this begs the question, why have a 'NO_MD5' compilation option if it is required for compilation? I have not joined this mailing list, as I really don't anticipate posting another note here, and I already get enough mail, so if you have any responses, please copy me at: [EMAIL PROTECTED] Thanks, -NICK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Client mode vs. Server mode and combined...
I haven't done a lot with SSL before, but most of the interfaces in openssl seem reasonably straightforward and I have gotten some basic examples and test cases up and running. My question pertains to SSL methods ( SSL_METHOD ) and the difference between the different methods. I would like to know what the real difference between server, client, and generic methods is. Does it have to do with the way that authentication is performed? Here's a simplified version of the situation I have and the problem I'm trying to solve: I have two machines, I'll refer to them as machines A and B for the sake of discussion. Both of these machines are listening on a particular port and know about one another (IP address and listening port). Both of them have the same private key and certificate files (for now at least). If one of them encounters a certain situation it will send a message to the other. The machine sending the message will use an exiting connection (if already connected to the other machine) otherwise it creates a new connection to the remote machine so that it can send the message. When done the connection is kept alive for a period of time, but lets just say indefinitely for now. If machine A and B start out disconnected and machine A wants to send a message to machine B, should machine A set up the SSL connection in client mode after negotiating the TCP connection and machine B set the corresponding SSL connection on its end to server mode? What happens if they both set themselves up in server mode? Can one still do an SSL_connect and the other an SSL_accept? Can I make them both verify the others certificate, and does one mode over the other change the way verification is done? I would like to have auto negotiation done if possible, but if not what do I have to do to make sure that the handshaking occurs? I'd appreciate any information you can send my way: answers, code, FAQ's, etc. that you can refer me to. Thanks, Nick Woods __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: bad mac decode (Was: CodeWarrior and openssl)
_client_method, presumably? Whatever, get the same error when I experiment with an SSL server and connect to it with IE f.i. (both SSL client connect to a secure server and SSL server contacted by IE broswser fail on this mac thing). anyway tnx. for the help, kind regards, nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem with p7 verify
I using the libeay crypto library to verify a PKCS 7 signed object, but it fails to verify because the message hash authenticated attribute is not being picked up. I use d2i_PKCS7 to convert the signed data into internal form, then p7bio=PKCS7_dataInit(p7,NULL) and then use PKCS7_signatureVerify to verify each of the Signer Info. The verify fails because the PKCS7_digest_from_attributes(sk) call in PKCS7_signatureVerify fails to locate the P7 authenticated attribute containing the message hash. It looks as though the object identified name is not set up in the internal representation of the Message Hash attribute. Is there something that should be done to set up the object identifiers? Can anyone help? Thanks Nick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Problem with p7 verify
Thanks for the quick response: However, I've tried adding this and still get the same problem. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Sylvester Sent: 15 September 2000 12:02 To: [EMAIL PROTECTED] Subject: Re: Problem with p7 verify Nick, have you called : OpenSSL_add_ssl_algorithms() ; Is there something that should be done to set up the object identifiers? Can anyone help? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Suggestion: smime -noexpire
One thing that hits smime in a way that it doesn't hit openssl's other uses (SSL net services) is that you may want to verify an smime message long after the SSL cert has expired. IMHO it is not, strictly speaking, the same thing to say that a cert is expired and can't be used to generate _new_ messages as opposed to a cert being expired and suddenly is useless to validate any messages that it ever signed. With this in mind, I would propose one of 3 things: 1. smime should not disuse expired certs. This is probably the least palatable option. 2. smime should have a way to check the date field of an incoming message and use _that_ to check for expiration. This sounds to me like the best solution. 3. smime should have a -noexpire flag to disable bombing out expired certs. Just a thought. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl and IE5.0 on MacOS
Hi all, can anyone pass me some url's to servers running openssl-0.9.5a, as I suspect that IE5.0 on Mac may be incompatible with this openssl version and NOT with f.i. 0.9.3a. Also does anybody know why https://www.modssl.org is running openssl-0.9.3a ?? kind regards, nick. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl and IE5.0 on MacOS
Try mine. https://www.aet.tu-cottbus.de Server Version: Apache/1.3.12 (Unix) PHP/4.0.0 mod_ssl/2.6.5 OpenSSL/0.9.5a Tnx for the URL, and yep ... it seems to work (sih...I thought I found the solution to my problem). I fear I'm falling into the trap of the 'cascading' problems, so very typical when dealing with software (and even hardware). Meaning: I got a problem A: I have very well working, self-written http server on MacOS. But I need to add user/password control to it. For this mechanism to make any sense a all (and not sending cleartext or base64 passwords around) I have to make sure that the communication between browser and server is somehow encrypted. * my solution to problem A - use https, this will do the trick. openSSL seems to be a valid option here, but causing two new problems B1 and B2: problem B1: openssl isn't fully ported to the mac problem B2: openssl uses something called certificates, which I don't need but which openssl apperantly does * my solution to problem B1: do the necessary extra porting work myself, which I have done and seems to work (=compile and also the server works fine when contacted by every browser on any platform except the Mac IE5.0). * my solution to problem B2: use a basic as possible certficate so I don't encounter to much problems and can bypass this as much as possible now my question to you experts (which I think most of you will be ;-)): 1. Is there a way I can get rid of those certifcates at all and still use openssl, this would give me the advantage that I don't implement stuff in our software that we don't need nor use and hence cannot cause bugs or support problems. 2. Does anyone already experimented a lot with openssl on MacOS ? Can this person please contact me, I'm dying for some feedback here, maybe something compiled but isn't quite acting as it should. Or maybe there's a programmatic fix to allow the strange MacOS IE5.0 behaviour (=more or less tolerate the buggy behaviour). anyway, many greetings and sorry if I bother you too much with my problems. nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl and IE5.0 on MacOS
After living w/ this problem for months, I"m to the point where I'll try anything. Me too. nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Where is OPENSA website ?
[following up my own posting] Nick Boyce wrote : Shum asked : Can anybody tell does OPPENSA web site has been closed ? I cannot find it! Assuming you mean the website hosting the project to make Win32 versions of Apache, OpenSSL and other useful system software tools, it's supposed to be at http://www.opensa.de but that site appears to be broken Hmm. I copied that reply to the OpenSA announcer's (Daniel Reichenbach) email address, but got a bounce : - The following addresses had permanent fatal errors - [EMAIL PROTECTED] - Transcript of session follows - ... while talking to mx00.schlund.de.: RCPT To:[EMAIL PROTECTED] 550 Cannot route to [EMAIL PROTECTED] 550 [EMAIL PROTECTED]... User unknown so maybe the OpenSA project is no more ... Nick Boyce Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Win32 OpenSSL Binary
On 24 Jul 2000, Uli Koeppe asked : is there any such thing as a compiled openssl program win32 for Windows 98 and/or NT, (command line version) that can be downloaded from somewhere in the web? I *think* you can get what you want from http://www.opensa.de/, but it's a while since I looked, and when I checked the link just now it gave me an error page stating "Please use the domain-name instead of the IP-address" so maybe the server's misconfigured at the moment. As I recall, the site is dedicated to a Win32 port of OpenSSL/Mod_SSL/Apache/Sendmail and any other such Unix-originated open software as may be wonderfully useful. Nick Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openSSL+IE5.0 on macintosh
http://www.heavywear.com/help.htm#ie lists a litany of SSL-related issues and problems with IE for the Mac, along with some workarounds and patch links. Not sure if any are directly related to your observed problems, but you might find the information useful. It's all about explorer 4.5 and before. The problem also appears with this 4.5 version. Could it be that this is due to the fact that I'm using a self generated certificate. BTW, ERR_print_errors prints: 1:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:753: any help would be very welcome, kind regards, nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openSSL+IE5.0 on macintosh
Hi, Can somebody help me out with the following problem. I'm developing an openSSL enabled webserver running on MacOS. The certificate (and key) I use for the server are self-generated. Now, Netscape (either mac or pc) and Explorer (on PC) seem to reckognise the fact, when connecting to my server, that they need to get the certificate form the server. The user is prompted with the question to allow/disallow. However, Explorer on Mac (tested 4 5) just stalls and doesn't make a connection at all. Moreover my server reports a failure in accepting the incoming connection. Anyone a bright idea ? What am I doing wrong ? many greetings, nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Compiler error in alpha digital unix4.x!
On 13 Jul 2000 09:35 George Xu wrote : I Compiler the openssl-0.9.5a in Alpha Digital Unix4.x.But It appear some errors . These are errors messages : [snip] make[1]: Entering directory `/usr/users/george/soft/openssl-0.9.5a/apps' rm -f openssl cc -o openssl -DMONOLITH -I../include -DRSAref -fPIC -std1 -tune host -O4 -readonly_strings openssl.o verify.o asn1pars.o req.o dgs ld: Badly formed hex number: -std1 ld: Usage: ld [options] file [...] make[1]: *** [openssl] Error 1 make[1]: Leaving directory `/usr/users/george/soft/openssl-0.9.5a/apps' make: *** [all] Error 1 # How to solver the problem? If you search the mailing list archive back a few days you'll find I reported the same problem with building OpenSSL for Digital Unix 4.0D on Tuesday 11th.July (earlier this week !). I got the same error as you : Badly formed hex number: -std1 ld: Usage: ld [options] file [...] while compiling the "openssl" commandline module. See my next post to this list for further comment. Nick Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Build Failure On Digital Unix 4.0D
I got two replies :- Richard Levitte said : Richard Well, it looks like Compaq C will just ignore -fPIC when it compiles, Richard and try to pass it on to ld when linking is going on. However, Richard there's no support for -fPIC anywhere in True64. [ Thanks Richard: I have no idea *what* PIC/pic is about, so I'll just let this slip by me :-( ] Richard If you check the Richard manual for ld, you'll probably find a few lines about '-f fil', where Richard the filling is expected to be a 4-byte hex constant. Well you're quite right; the ld man page says : -f fill Set the fill pattern for "holes" within an output section. The argu- ment fill is a four-byte hexadecimal constant. But what I don't understand is why you're talking about a problem with "-fPIC" when my compilation objected to "-std1" ... Richard My suggestion: don't configure with -fPIC on True64. Anyway, I followed your suggestion, configuring with "./config no-idea", and my compilation completed OK, and "make test" has run OK. Since the "-fPIC" parameter is documented in the MOD_SSL documentation as being required when building OpenSSL if we want to build MOD_SSL as an Apache DSO module, does this mean I can't run Apache/MOD_SSL configured with dynamic shared modules on a Digital Unix platform ? cut == Meanwhile, Michael Barnes emailed me directly to say : Michael try this: Michael Michael cc -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o Michael enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o Michael dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o Michael apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o Michael pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../.. -L../../.. -lssl Michael -lcrypto Michael Michael apparently Digital unix's cc cannot correctly tell between a link Michael and a compile. The above command should work, but I do not have Michael access to a Digital unix machine right now. Thanks Michael. I tried this command hands-on and it worked. Looking at your cc call, you're supplying all the same input modules as the distro does, but omitting most of the commandline switches including "-fPIC" *and* "-stdl". I guess that will avoid any complaining about either of those options, but what is the effect on the compilation of omitting the other switches (e.g. -DMONOLITH, -DNO_IDEA, -tune, -readonly-strings) ? And should I submit bugs on all this ? (Or is Digital Unix support "experimental" ?) Nick Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Build Failure On Digital Unix 4.0D
Richard Levitte wrote : nick.boyce But what I don't understand is why you're talking about a nick.boyce problem with "-fPIC" when my compilation objected to nick.boyce "-std1" ... Ah. Well, I'll do some qualified guesses: suppose that the command line parser in ld is the stupid kind that checks if argv[i][0] is '-' and then just does a switch(argv[i][1]) to process each possible switch, and that for any switch value it will take argv[i+1]. So, it finds your -fPIC, thinks it found -f and tries to use the next argument as fill. That happens to be "-std1" which is very far from a hex value, so it complains... Words fail me ... and this is a commercial big-bucks Unix ... Thanks for the analysis. Erm ... I need to find a way forward on this. Should I submit a bug to Compaq against Digital Unix's linker, or submit a bug against OpenSSL to ask for a workaround to be built in for Digital Unix platforms ? And anyway, if Digital Unix won't support "PIC" (whatever it is) should I give up on building OpenSSL/MOD_SSL/Apache with DSO modules ? (Is this the wrong list to ask that question on ?) I suppose maybe it's just MOD_SSL that can't be shared. Cheers, Nick Boyce Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Build Failure On Digital Unix 4.0D
Many thanks to Richard and Andrew, who explained a DigUnix box's behaviour magnificently, and also to a bunch of other folks who emailed me direct to explain the "-fPIC" stuff (which I now know is not relevant to DigUnix - it generates relocatable code anyway). I'm now pressing ahead on building OpenSSL/Apache/Mod_SSL *with* DSO Apache modules, but without any special build params for OpenSSL. I'll report back if anything noteworthy happens. (Oh, and I'll report that -fPIC isn't needed to the Mod_SSL list - later - I'm not subscribed at the moment). Thanks again. Nick Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Build Failure On Digital Unix 4.0D
I've just had a go at building OpenSSL 0.9.5a on our Digital Unix box, but the build fails, apparently with a bizarre parameter error in a linker call, thus : === cut cc -DMONOLITH -I../include -DNO_IDEA -fPIC -std1 -tune host -O4 -readonly_string s -c smime.c cc -DMONOLITH -I../include -DNO_IDEA -fPIC -std1 -tune host -O4 -readonly_string s -c rand.c cc -DMONOLITH -I../include -DNO_IDEA -fPIC -std1 -tune host -O4 -readonly_string s -c openssl.c rm -f openssl cc -o openssl -DMONOLITH -I../include -DNO_IDEA -fPIC -std1 -tune host -O4 -read only_strings openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o pas swd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x50 9.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_so cket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto ld: Badly formed hex number: -std1 ld: Usage: ld [options] file [...] *** Exit 1 Stop. *** Exit 1 Stop. === cut I've searched the list archives, but this isn't the same as any previously reported problem with Digital Unix that I can find. Configure appeared to work OK, except for reporting that it couldn't set up for threads (which is OK by me). I'm building for use with Apache/MOD_SSL, so I configured with sh config no-idea -fPIC The box is Digital Unix 4.0D with Patch Kit 5, on an AXP 4270 (dual CPU). I'm using DEC's C compiler (the standard one - not the "better" one you can download from their website). I'll be grateful if anybody has any ideas here ... [ PS: I noted previous issues with D/Unix 4.0x in the archive which resulted in advice to avoid the assembler routines on this platform; is that still the right advice ? If so, do I achieve this using "./config no-asm" ? ] Thanks Nick Systems Team, EDS Healthcare, Bristol, UK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PRNG facilities function?
I am fixing my pine+ssl hack to seed the PRNG. My development platform is FreeBSD, so I never noticed a problem, since it has a /dev/random. I plan on doing something like a 'ls /' and sending that into the PRNG along with the time, pid, ppid, uid and any other metrics I can get my hands on, but this seems like a job that (optionally, of course) should be consolidated -- or do we want every program to seed the PRNG a different way? :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Did it! Now, just a quick question about SSLRequire directory ...
So, I added this to my apache.conf Location /secure SSLRequire ( true ) /Location [snip] The problem is, after adding that configuration line, I can still go to /secure with my browser, and it doesn't start a SSL session. I don't understand this at all - it seems really easy ... sslREQUIRE leads me to believe that the directory or file specified would open in the browser as SSL, and if the browser doesn't support it, it would not let it open at all (because it is required). I understand your confusion completely - that's exactly how I'd have thought it would work: if you use an http:// URL then you get an insecure connection, whereas if you use an https:// URL for the same web pages then you get SSL. However, my understanding is that to *stop* an "http://" URL from being obeyed by your webserver you have to actually *change* the URL on receipt to the equivalent "https://" URL within your webserver on the fly, *every* time a client browser tries the http:// version. The standard method for doing this seems to be to make use of the mod_rewrite Apache module. As far as I can see, the SSLRequire directive doesn't actually do anything at all. But I must be missing something ... :-( I''ve never done any of this, so I can't advise you on the use of mod_rewrite. And I too would be really grateful if Someone Who Understands could explain the use of SSLRequire. Cheers, Nick Systems Team, EDS Healthcare, Bristol, UK Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: virtual host setup with same certificates
I used a cert with *.commercestore.com. This worked for me. You then need to make a virtualhost for both ports 443 and 80 for each domain. The setup varies between ben_ssl and mod_ssl, and there may be a few other variations. Check the docs that came with your "ssl" add-on. Nick At 11:26 AM 7/22/99 -0500, you wrote: I set up some virtual hosts on a linux machine with apache. I want to get the virtual hosts to use the same certificate as the "main" server (there is www.company.com as well as blah.company.com and blahblah.company.com on the same machine) The virtual host part works fine for all 3, however if I go to https://blah.company.com it serves up the document root pages for www.company.com instead!??!?! Yes, DocumentRoot is defined for the each virtual host(it works fine for http but not for https) I'm sure this is a (relatively) simple configuration problem, but I don't know what else to do:( Any help is appreciated. Yes I took out the virtualhost _default_ line. There is a virtualhost ip:443 for each of the 3 ip #s. Morgan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL lockup when using SMP
Hi all- We are running a transaction-based server under NT using a dual 450 PII and the OpenSSL library (we just upgraded from SSLeay .90). Under load, we are experiancing thread lockups. What is strange is that if we set the process to use only a single processor, the symptom goes away. I can be more specific in the future, right now I am wondering if similar problems have been encountered anf if there is a known fix. If not, then we'll turn on the debugging juice and see if we can't get it resolved. Thanks! Nick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Server cert password protection
OK. I'm confused (;-). I thought I understood the load-the-certificate-at-Apache-startup issue, but then ... On 28th.April,1999 Paul Rubin wrote :- If you need a lot of hits/sec (a smart card can't handle many) you can use a hardware accelerator like the Ncipher (what I'm using) or Rainbow accelerators and now I'm lost again. Surely the certificate only needs to be loaded (and therefore the passphrase needs to be entered) *once* after Apache startup ? Are you saying it has to be loaded every time the server gets a hit from a browser !!???!?! Nick Boyce [ Information Security Manager ] Systems Team, EDS Healthcare, Bristol, UK Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]