leak memory with SSL_load_error_strings
Hi, When I tracked memory leak ( with valgrind ), it is said that memory allocated by SSL_load_error_strings is not released. what function should I use to free memory allocated by SSL_load_error_strings ? Thanks for your help
Re: DH session Key length
Ok, I see now what you mean. I 'll try to hash the shared value with SHA1, then truncate it to obtain 128 bits ... 2011/4/20 Mike Mohr akih...@gmail.com Look, the typical way you'd use the DH shared secret would be to hash it using an appropriate hash function. I personally like using Tiger with AES-192, YMMV. On Tue, Apr 19, 2011 at 3:56 PM, ikuzar razuk...@gmail.com wrote: So, have I to generate a prime with length = 3200 bits ?, ( the corresponding exponent will belong to 3200-bit MODP group ) in order to generate an AES 128 session key ? ( I use 2 as generator ). Here http://tools.ietf.org/html/rfc3526, it is said : The new Advanced Encryption Standard (AES) cipher [AES], which has more strength, needs stronger groups. For the 128-bit AES we need about a 3200-bit group [Orman01]. ..; in this IETF, 6 MODP groups are exposed. 3200-bit is not among this groups... Concretly, what should I write to obtain AES 128 session key? i Wrote something like this ( in command line ): openssl dhparam -outform PEM -out dhParams.pem -2 3200 Then I decode dhParams.pem into internal C struct: dh. Then I call DH_generate_key(DH *dh); , then DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); with the peer pub_key and I finally want to store this session key at key 2011/4/19 Michael Sierchio ku...@tenebras.com Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2). - M On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr akih...@gmail.com wrote: You might take a look at RFC 3526: http://tools.ietf.org/html/rfc3526 It is my understanding that the DH exponent can be significantly shorter than the modulus without compromising security. RFC 3526 is from 2003, but I haven't found anything published since then that would make me think its assertions are invalid or outdated. The paranoid tinfoil hat crowd can probably take twice the maximum bit count from section 8 (620x2=1240) and be happy. Mike On Mon, Apr 18, 2011 at 8:01 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that key must point to DH_size(dh) bytes of memory. is 128 bits the default length ? how can I adjust this length according the symetric-key algorithm I use ( AES128/ICM) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH session Key length
Sorry I do not see the link between my previous post and your answer. 2011/4/20 Mike Mohr akih...@gmail.com Look, the typical way you'd use the DH shared secret would be to hash it using an appropriate hash function. I personally like using Tiger with AES-192, YMMV. On Tue, Apr 19, 2011 at 3:56 PM, ikuzar razuk...@gmail.com wrote: So, have I to generate a prime with length = 3200 bits ?, ( the corresponding exponent will belong to 3200-bit MODP group ) in order to generate an AES 128 session key ? ( I use 2 as generator ). Here http://tools.ietf.org/html/rfc3526, it is said : The new Advanced Encryption Standard (AES) cipher [AES], which has more strength, needs stronger groups. For the 128-bit AES we need about a 3200-bit group [Orman01]. ..; in this IETF, 6 MODP groups are exposed. 3200-bit is not among this groups... Concretly, what should I write to obtain AES 128 session key? i Wrote something like this ( in command line ): openssl dhparam -outform PEM -out dhParams.pem -2 3200 Then I decode dhParams.pem into internal C struct: dh. Then I call DH_generate_key(DH *dh); , then DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); with the peer pub_key and I finally want to store this session key at key 2011/4/19 Michael Sierchio ku...@tenebras.com Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2). - M On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr akih...@gmail.com wrote: You might take a look at RFC 3526: http://tools.ietf.org/html/rfc3526 It is my understanding that the DH exponent can be significantly shorter than the modulus without compromising security. RFC 3526 is from 2003, but I haven't found anything published since then that would make me think its assertions are invalid or outdated. The paranoid tinfoil hat crowd can probably take twice the maximum bit count from section 8 (620x2=1240) and be happy. Mike On Mon, Apr 18, 2011 at 8:01 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that key must point to DH_size(dh) bytes of memory. is 128 bits the default length ? how can I adjust this length according the symetric-key algorithm I use ( AES128/ICM) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH session Key length
2011/4/19 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Monday, 18 April, 2011 11:01 I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that key must point to DH_size(dh) bytes of memory. is 128 bits the default length ? how can I adjust this length according the symetric-key algorithm I use ( AES128/ICM) The size of both private (x) and public (y) values in DH is the same as the size of the prime P or very nearly. If the parameters were generated with openssl commandline 'dhparam' the default size of P was 512 bits, which is probably not secure. If P = 512 bits is not secure so shared key ( 512 bits ) generated with this P is not secured. Necessarily, shared key with 128 bits is not secured, and then AES 128 is not secured ? I am confused... Is there any way to understand in 2, 3 words how to generate a shared key with 128 bits length from Dh params ? For example g = 2, P = 128 = shared key length = 128 Thanks, Ikuzar (I know factoring thus RSA up to 700-something is broken; I haven't heard of results for discrete-log thus DH and DSA, but on my limited knowledge of number theory I think it should be about the same.) (Good) asymmetric algorithms need more bits for comparable security than (good) symmetric ones. Experts do not agree on an exact correspondence, but in (very) rough terms elliptic-curve algs are about 2x symmetric, and traditional asymmetric (RSA, DH, DSA, etc) are in the vicinity of 20x. NIST Special Publication 800-57 available under csrc.nist.gov seems to be a good reflection of reasonably current thinking. There is or at least was a few years ago an independent site with the consensus of leading academic crypto researchers, but I can't find it now. (If you don't know it, NIST = National Institute for Science and Technology is a part of the US government Department of Commerce; it was formerly NBS National Bureau of Standards.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH session Key length
So, have I to generate a prime with length = 3200 bits ?, ( the corresponding exponent will belong to 3200-bit MODP group ) in order to generate an AES 128 session key ? ( I use 2 as generator ). Here http://tools.ietf.org/html/rfc3526, it is said : The new Advanced Encryption Standard (AES) cipher [AES], which has more strength, needs stronger groups. For the 128-bit AES we need about a 3200-bit group [Orman01]. ..; in this IETF, 6 MODP groups are exposed. 3200-bit is not among this groups... Concretly, what should I write to obtain AES 128 session key? i Wrote something like this ( in command line ): *openssl dhparam -outform PEM -out dhParams.pem -2 3200* **Then I decode dhParams.pem into internal C struct: dh. Then I call DH_generate_key(DH *dh); , then DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); with the peer pub_key and I finally want to store this session key at key 2011/4/19 Michael Sierchio ku...@tenebras.com Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2). - M On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr akih...@gmail.com wrote: You might take a look at RFC 3526: http://tools.ietf.org/html/rfc3526 It is my understanding that the DH exponent can be significantly shorter than the modulus without compromising security. RFC 3526 is from 2003, but I haven't found anything published since then that would make me think its assertions are invalid or outdated. The paranoid tinfoil hat crowd can probably take twice the maximum bit count from section 8 (620x2=1240) and be happy. Mike On Mon, Apr 18, 2011 at 8:01 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that key must point to DH_size(dh) bytes of memory. is 128 bits the default length ? how can I adjust this length according the symetric-key algorithm I use ( AES128/ICM) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
DH session Key length
Hello, I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that *key* must point to *DH_size(dh)* bytes of memory. is 128 bits the default length ? how can I adjust this length according the symetric-key algorithm I use ( AES128/ICM) Thanks for your help.
How to retrieve serial number
Hello, I 'd like to retrieve serial number from X509 certificate, then store this sn in a memory pointed by char* sn ( in PEM or DER format). I did not find any function... Is there any combination of some functions to obtain it ? Thanks for your help.
DH_generate_key( ) Vs DH_compute_key( )
Hello, I'd like to know if DH_compute_key( ) runs faster than DH_generate_key( ). DH_generate_key generate x and g^x, in my case ( x was not set when I call this function ). I only made measure for DH_generate_key and have got 0.00 ms ( CPU Intel Core i7-740QM, 1.73Ghz / 6GB of memory ). Is it normal ... ? Thanks for your help.
store peer pubkey my DH structure
Hello, I 'd like to know if it is possible to store peer pubkey in my DH sructure. Thanks ikuzar
DH: is there a way to compare k1 and k2
Hello, I 'd like to know if there is a way to compare two DH public keys k1 and k2 ( if they are equal ) Thanks for your help. ikuzar.
Re: error:0D07209B:asn1 encoding routines:ASN1_get_object:too long
My certificate is stored in a file.pem, build with PEM format ( so DER format written in base 64, am I wrong ? ). But between PEM file loading and call to certifiate( const char *str, size_t clen), there is a processing. May be I lost ASN1 format in this processing I 'll check it and keep you informed. ikuzar. 2011/4/5 Francesco Petruzzi francesco.petru...@innovery.it Correct cast is const unsigned char*, but your problem probably is in str content, not asn1 der format. Is your source certificate in der format? *Da:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *Per conto di *ikuzar *Inviato:* martedì 5 aprile 2011 02:05 *A:* openssl-users@openssl.org *Oggetto:* error:0D07209B:asn1 encoding routines:ASN1_get_object:too long Hello, I have got ths kind of error after running my program : error:0D07209B:asn1 encoding routines:ASN1_get_object:too long I code with c++, my constructor is like this : certificate(const char *str, size_t clen) { unsigned char const *u_str = reinterpret_cast unsigned char const * (str); X509* mycert = d2i_X509(NULL, u_str, clen); .. } when I run my prog, I have got segmentation fault because mycert is NULL ( after debuging ). I think it is likely because of reinterpret_cast ... am I wrong? I cannot change the constructor's signature. ( cannot make certificate(unsigned const char *str, size_t clen ) . Is there another way to convert from const char *str to unsigned const char * ? I often meet this kind fo issue ( converting from const char *str to unsigned const char * u_str ) Thanks for your help.
error:0D07209B:asn1 encoding routines:ASN1_get_object:too long
Hello, I have got ths kind of error after running my program : error:0D07209B:asn1 encoding routines:ASN1_get_object:too long I code with c++, my constructor is like this : certificate(const char *str, size_t clen) { unsigned char const *u_str = reinterpret_cast unsigned char const * (str); X509* mycert = d2i_X509(NULL, u_str, clen); .. } when I run my prog, I have got segmentation fault because mycert is NULL ( after debuging ). I think it is likely because of reinterpret_cast ... am I wrong? I cannot change the constructor's signature. ( cannot make certificate(unsigned const char *str, size_t clen ) . Is there another way to convert from const char *str to unsigned const char * ? I often meet this kind fo issue ( converting from const char *str to unsigned const char * u_str ) Thanks for your help.
Re: how to retrieve RSA param from SSL_CTX
Ok thanks. It works now. I use these functions : -- to obain public key : X509 *myCert = SSL_get_certificate(cli_ssl); EVP_PKEY *pubkey = X509_get_pubkey(myCert); -- to obtain private key : EVP_PKEY *privkey = SSL_get_privatekey(cli_ssl); Then to sign and verify: RSA_sign(NID_sha1, md1, md1_len, u_sigret, siglen, privkey-pkey.rsa) RSA_verify(NID_sha1, md1, md1_len, u_sigret, siglen, pubkey-pkey.rsa) This code above was written just for makin a simple test. this does not reflect reality. ( I sign and verify in client ) I know that data is MACed using a key derived from the session shared secret but I have to do it... ( it does not depend on me, personnaly I wouldn't sign it ), but one says me that it is useful in the case shared key is compromised Ikuzar. 2011/3/30 Dave T hompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Monday, 28 March, 2011 11:02 I'd like to know how to retrieve RSA parameters and keys from SSL_CTX. I 'd like to put them into RSA *rsa structure in order to sign buffered data ... 1: You do know that all data on an SSL connection/session is MACed using a key derived from the session shared secret (aka master) so if your end was authenticated during the handshake (which the server usually is and the client usually isn't but both of those can be altered) you're already committing to the data you send -- albeit not in a way that can (easily) be verified later, or by a an independent party. 2: If you put your keycert(s) into SSL_CTX (and/or SSL) to start with, just remember them, and use them -- assuming they are suitable; in particular if your cert was issued with extended-usage as 'SSL client/server', verifiers may reject it for other signatures. I found this one, but it does the reverse...i.e from RSA* to SSL_CTX : int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 3: if you have a connection (SSL) *that used the RSA keycert* SSL_get_privatekey returns the EVP_PKEY containing it and you can either get1_RSA from the EVP_PKEY or just use the EVP_PKEY to sign. There is no similar routine for SSL_CTX presumably because an SSL_CTX can have several different keycert using different algorithms, and until the handshake happens you don't know which will be used. If you really must pick out the RSA key from SSL_CTX, it looks like #include'ing ssl_locl.h *WITH THE CORRECT BUILD OPTIONS* then ctx-cert-pkeys[SSL_PKEY_RSA_SIGN].privatekey should get you the EVP_PKEY. But this is peeking behind the curtain and may well break in the future. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: how to retrieve RSA param from SSL_CTX
I 'd like to know to if these calls are correct : RSA_sign(NID_sha1, md1, md1_len, u_sigret, siglen, privkey-pkey.rsa) RSA_verify(NID_sha1, md1, md1_len, u_sigret, siglen, pubkey-pkey.rsa) knowing that : int RSA_sign(int type, unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); I guess, it proviteds private key when I put privkey-pkey.rsa in RSA_sign... and it provides public key when I put pubkey-pkey.rsa in RSA_verify ... am I wrong ? Thanks, ikuzar. 2011/3/30 ikuzar razuk...@gmail.com Ok thanks. It works now. I use these functions : -- to obain public key : X509 *myCert = SSL_get_certificate(cli_ssl); EVP_PKEY *pubkey = X509_get_pubkey(myCert); -- to obtain private key : EVP_PKEY *privkey = SSL_get_privatekey(cli_ssl); Then to sign and verify: RSA_sign(NID_sha1, md1, md1_len, u_sigret, siglen, privkey-pkey.rsa) RSA_verify(NID_sha1, md1, md1_len, u_sigret, siglen, pubkey-pkey.rsa) This code above was written just for makin a simple test. this does not reflect reality. ( I sign and verify in client ) I know that data is MACed using a key derived from the session shared secret but I have to do it... ( it does not depend on me, personnaly I wouldn't sign it ), but one says me that it is useful in the case shared key is compromised Ikuzar. 2011/3/30 Dave T hompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Monday, 28 March, 2011 11:02 I'd like to know how to retrieve RSA parameters and keys from SSL_CTX. I 'd like to put them into RSA *rsa structure in order to sign buffered data ... 1: You do know that all data on an SSL connection/session is MACed using a key derived from the session shared secret (aka master) so if your end was authenticated during the handshake (which the server usually is and the client usually isn't but both of those can be altered) you're already committing to the data you send -- albeit not in a way that can (easily) be verified later, or by a an independent party. 2: If you put your keycert(s) into SSL_CTX (and/or SSL) to start with, just remember them, and use them -- assuming they are suitable; in particular if your cert was issued with extended-usage as 'SSL client/server', verifiers may reject it for other signatures. I found this one, but it does the reverse...i.e from RSA* to SSL_CTX : int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 3: if you have a connection (SSL) *that used the RSA keycert* SSL_get_privatekey returns the EVP_PKEY containing it and you can either get1_RSA from the EVP_PKEY or just use the EVP_PKEY to sign. There is no similar routine for SSL_CTX presumably because an SSL_CTX can have several different keycert using different algorithms, and until the handshake happens you don't know which will be used. If you really must pick out the RSA key from SSL_CTX, it looks like #include'ing ssl_locl.h *WITH THE CORRECT BUILD OPTIONS* then ctx-cert-pkeys[SSL_PKEY_RSA_SIGN].privatekey should get you the EVP_PKEY. But this is peeking behind the curtain and may well break in the future. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
DH: safe prime issue
Hi, I 'd like to know if it is a security issue when p ( a DH param ) is not a safe prime ? is it more easier to attack DH algorithm with a non safe prime ... ? Thanks for your help
codes value in DH_check(dh, codes)
Hi, I 'd like to know if there are other values of codes in DH_check(dh, codes) ? This program prints Other result of check : int codes = 0; dh_check_ret = DH_check(dh, codes); if(dh_check_ret == 1){ if(codes == DH_CHECK_P_NOT_SAFE_PRIME) printf(\nDH_CHECK_P_NOT_SAFE_PRIME\n); if(codes == DH_NOT_SUITABLE_GENERATOR) printf(\nDH_NOT_SUITABLE_GENERATOR\n); if(codes == DH_UNABLE_TO_CHECK_GENERATOR) printf(ret = 1, DH_UNABLE_TO_CHECK_GENERATOR); else printf(\nOther result of check\n); } else{ if(codes == DH_UNABLE_TO_CHECK_GENERATOR) printf(\nret = 0, DH_check retourne 0\n); else printf(other type of error); } is it an abnormal behavior ... ? I took 2 as generator. Thanks for your help
how to retrieve RSA param from SSL_CTX
Hello, I'd like to know how to retrieve RSA parameters and keys from SSL_CTX. I 'd like to put them into RSA *rsa structure in order to sign buffered data by using : int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); I found this one, but it does the reverse...i.e from RSA* to SSL_CTX : int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); Thanks for your help, ikuzar.
DH_check seg fault
Hello, When my program run DH_check, it generate an error: segmentation fault. Here is the code : dh = PEM_read_DHparams(fp, NULL, NULL, NULL); // it 's OK, here dh != NULL dh_check_ret = DH_check(dh, codes); When I debug, I tried to print dh before calling DH_check(dh, codes) : (gdb) print dh $1 = (DH *) 0x1768e0 it seems to be OK ... would someone have an idea, why DH_check fails ? Thanks for your help, ikuzar.
Re: (DH) how to send dh-pub_key to peer
This book seems to be interesting, but I am student and I have to save money... Yes I know that DH is subject to a MITM attack. I make DH key exchange in a secure channel with authenticated peer. How to serialized dh-pub_key ? I know that i2d_DHparams(const_dh, dhbuf); serialize dh structure pointed by const_dh but I did not find a function to serialize just dh-pub_key ikuzar. 2011/3/25 Mike Mohr akih...@gmail.com ikuzar, You cannot send the public key to a peer as-is. The DH structure contains bignums which must be serialized prior to transmission. Do you understand that DH is subject to a MITM attack unless the messages are signed or encrypted somehow? If you insist on using the low-level objects, I'd suggest you read the following book first: http://www.amazon.com/Information-Security-Principles-Mark-Stamp/dp/0471738484 On Thu, Mar 24, 2011 at 5:35 PM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know how to send dh-pub_key to peer ? I know that to send const DH* const_dh, I have to convert it into pem format like this i2d_DHparams(const_dh, dhbuf);, then I send dhbuf. But to send only dh-pub_key, I did not find any function to convert it into PEM ... Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: (DH) how to send dh-pub_key to peer
Do you mean something like that: DH* dh; dh = DH_new(); RAND_bytes(random_bytes, 256/8); dh-priv_key = BN_bin2bn(random_bytes, 256/8, NULL); DH_generate_key(dh); In this way, is dh-pub_key serialized ? 2011/3/25 Frank Morgner frankmorg...@gmx.de Hi! How to serialized dh-pub_key ? I know that i2d_DHparams(const_dh, dhbuf); serialize dh structure pointed by const_dh but I did not find a function to serialize just dh-pub_key Use BN_bin2bn. Greets, Frank.
Re: How to verify that DH private and public key have been generated ?
I have to use DH structure ( I have no choice ). So I 'll try EVP_PKEY_new() as Dr. Henson said. However I 'd like to learn and understand how to verify if DH_generate_key( ) has really set pbkey and pvkey. ikuzar. 2011/3/24 Mike Mohr akih...@gmail.com ikuzar, I'm sorry to be blunt, but if you don't understand what I'm saying then you shouldn't be writing code that deals with low-level cryptographic objects/primitives. See the recent revelations from Sony and Nokia for why: even multinational corporations with hundreds of specialist developers can all too easily ship epic failboat code. As Dr. Henson has already pointed out you should use the subroutines that OpenSSL provides to you. On Wed, Mar 23, 2011 at 4:50 PM, ikuzar razuk...@gmail.com wrote: I do not understand what you mean. 1) I tried to print data's size returned by i2d_DHparams(const_dh, dhbuf); without computing private nor public key. I have got 138 bytes. Then I remade the same operation but I had computed private and public key using DH_generate_key(dh); and I have still got 138 bytes ...it seems to be odd for me, because I think dh's size must be greater after computing keys. 2) I tried the following check before and after computing keys : if (dh-priv_key == NULL) printf(\n1)dh-priv_key is NULL\n); else printf(\n1)dh-priv_key is not NULL\n); Before computing key, I have got priv_key is NULL. After computing, priv_key is not NULL I 'm wondering what happens... could you tell me more about bit counting ? I do not understand The private and public keys should be similar in size to p. Thanks for your help. 2011/3/23 Mike Mohr akih...@gmail.com Try checking the bit count of the structure members. The private and public keys should be similar in size to p. On Mar 23, 2011 10:27 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know how to verify that DH private and public key have been generated ? In my DH struct, p and g had been generated with commands line ( openssl dhparam... ) struct { BIGNUM *p; // prime number (shared) BIGNUM *g; // generator of Z_p (shared) BIGNUM *priv_key; // private DH value x BIGNUM *pub_key; // public DH value g^x // ... }; DH Priv_key and pub_key are generated later with DH_generate_key(dh). I would like verify if DH_generate_key( ) has generated the priv_key ( an human proof, example by using DHparams_print_fp(fp, dh ); ) I used this function but it did not print private key into file pointed by fp. Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to verify that DH private and public key have been generated ?
When I try to computed shared key with DH_compute_key, I have got error : error:05066064:Diffie-Hellman routines:COMPUTE_KEY:no private value. Could you tell me what should I do to fix this problem ? ( I 'll try EVP_PKEY later ). Thanks. 2011/3/24 ikuzar razuk...@gmail.com I have to use DH structure ( I have no choice ). So I 'll try EVP_PKEY_new() as Dr. Henson said. However I 'd like to learn and understand how to verify if DH_generate_key( ) has really set pbkey and pvkey. ikuzar. 2011/3/24 Mike Mohr akih...@gmail.com ikuzar, I'm sorry to be blunt, but if you don't understand what I'm saying then you shouldn't be writing code that deals with low-level cryptographic objects/primitives. See the recent revelations from Sony and Nokia for why: even multinational corporations with hundreds of specialist developers can all too easily ship epic failboat code. As Dr. Henson has already pointed out you should use the subroutines that OpenSSL provides to you. On Wed, Mar 23, 2011 at 4:50 PM, ikuzar razuk...@gmail.com wrote: I do not understand what you mean. 1) I tried to print data's size returned by i2d_DHparams(const_dh, dhbuf); without computing private nor public key. I have got 138 bytes. Then I remade the same operation but I had computed private and public key using DH_generate_key(dh); and I have still got 138 bytes ...it seems to be odd for me, because I think dh's size must be greater after computing keys. 2) I tried the following check before and after computing keys : if (dh-priv_key == NULL) printf(\n1)dh-priv_key is NULL\n); else printf(\n1)dh-priv_key is not NULL\n); Before computing key, I have got priv_key is NULL. After computing, priv_key is not NULL I 'm wondering what happens... could you tell me more about bit counting ? I do not understand The private and public keys should be similar in size to p. Thanks for your help. 2011/3/23 Mike Mohr akih...@gmail.com Try checking the bit count of the structure members. The private and public keys should be similar in size to p. On Mar 23, 2011 10:27 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know how to verify that DH private and public key have been generated ? In my DH struct, p and g had been generated with commands line ( openssl dhparam... ) struct { BIGNUM *p; // prime number (shared) BIGNUM *g; // generator of Z_p (shared) BIGNUM *priv_key; // private DH value x BIGNUM *pub_key; // public DH value g^x // ... }; DH Priv_key and pub_key are generated later with DH_generate_key(dh). I would like verify if DH_generate_key( ) has generated the priv_key ( an human proof, example by using DHparams_print_fp(fp, dh ); ) I used this function but it did not print private key into file pointed by fp. Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
(DH) how to send dh-pub_key to peer
Hello, I 'd like to know how to send dh-pub_key to peer ? I know that to send const DH* const_dh, I have to convert it into pem format like this i2d_DHparams(const_dh, dhbuf);, then I send dhbuf. But to send only dh-pub_key, I did not find any function to convert it into PEM ... Thanks for your help.
How to verify that DH private and public key have been generated ?
Hello, I 'd like to know how to verify that DH private and public key have been generated ? In my DH struct, p and g had been generated with commands line ( openssl dhparam... ) struct { BIGNUM *p; // prime number (shared) BIGNUM *g; // generator of Z_p (shared) BIGNUM *priv_key; // private DH value x BIGNUM *pub_key;// public DH value g^x // ... }; DH Priv_key and pub_key are generated later with DH_generate_key(dh). I would like verify if DH_generate_key( ) has generated the priv_key ( an human proof, example by using DHparams_print_fp(fp, dh ); ) I used this function but it did not print private key into file pointed by fp. Thanks for your help.
Re: How to verify that DH private and public key have been generated ?
I do not understand what you mean. 1) I tried to print data's size returned by i2d_DHparams(const_dh, dhbuf); without computing private nor public key. I have got 138 bytes. Then I remade the same operation but I had computed private and public key using DH_generate_key(dh); and I have still got 138 bytes ...it seems to be odd for me, because I think dh's size must be greater after computing keys. 2) I tried the following check before and after computing keys : if (dh-priv_key == NULL) printf(\n1)dh-priv_key is NULL\n); else printf(\n1)dh-priv_key is not NULL\n); Before computing key, I have got priv_key is NULL. After computing, priv_key is not NULL I 'm wondering what happens... could you tell me more about bit counting ? I do not understand The private and public keys should be similar in size to p. Thanks for your help. 2011/3/23 Mike Mohr akih...@gmail.com Try checking the bit count of the structure members. The private and public keys should be similar in size to p. On Mar 23, 2011 10:27 AM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know how to verify that DH private and public key have been generated ? In my DH struct, p and g had been generated with commands line ( openssl dhparam... ) struct { BIGNUM *p; // prime number (shared) BIGNUM *g; // generator of Z_p (shared) BIGNUM *priv_key; // private DH value x BIGNUM *pub_key; // public DH value g^x // ... }; DH Priv_key and pub_key are generated later with DH_generate_key(dh). I would like verify if DH_generate_key( ) has generated the priv_key ( an human proof, example by using DHparams_print_fp(fp, dh ); ) I used this function but it did not print private key into file pointed by fp. Thanks for your help.
encode/decode: internal C struct - pem
Hello, 1) I do not know when must I use pem or der format when I deal with data encoding. For example, now, I have to read DHparam file. I created it with command line. I chose DHparam.pem because PEM is commonly used... 2) So, I am looking for PEM encode/decode functions which help me to perform this scheme : a) read DHparam.pem - store it in C structure DH* dh; - PEM_encode(dh, char* data) - send_data_to_peer(sock, *data) b) recv_data_from_peer(sock, *data) - PEM_decode(dh, char* data) But PEM encode/decode functions are not documented . I found : DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); I 'm wondering why it returns DH* ...? I guess it put result in DH** I do not know how to use this function. 3) I found DER encode/decode function in the doc : DH * d2i_DHparams(DH **a, unsigned char **pp, long length); inti2d_DHparams(const DH *a, unsigned char **pp); For the moment, despite the fact that I intend to use PEM encode/decode function, I am going to use DER one's. to summarize: -- is PEM format adequate to send data to peer ? so how to use these PEM functions : http://www.openssl.org/docs/crypto/pem.html -- Any way, for the moment I am going to use DER encode/decode functions. So I have to convert DHparam.pem into DHparam.der so that I can read it with DER function. ( does d2i_ read PEM format ..? ) Thanks for your help.
d2i_DHparams signature
Hello, I 'd like to know what is the real signature of d2i_DHhparams. When I run my appli, I have got this error : error: cannot convert ‘unsigned char (*)[256]’ to ‘const unsigned char**’ for argument ‘2’ to ‘DH* d2i_DHparams(DH**, const unsigned char**, long int)’ In openssl doc, we have : DH * d2i_DHparams(DH **a, unsigned char **pp, long length); and when I put a const unsigned char** in arg 2, it works ... was there any change in the signature and so, openssl doc is not updated ? Thanks.
must 'x' in g^x be a prime number
Hello, I 'd like to know : 1) if exponent x in g^x must be a great prime number. In some docs I saw, it is said that x must b a GREAT number but no information about primality .. 2) May generation of 'x' run for hours like related here : http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES) Thanks for your help.
Re: data size issue with SSL_read( ) / SSL_write
Ok. Thank everybody for your help. Now it works. 2011/3/17 Ryan Pfeifle r...@vpi-corp.com Yes, if SSL_write() sends 5 bytes, SSL_read() will return 5 bytes even though the passed buffer is 10 bytes (SSL does NOT expect \0 to stop reading). But like David said, you are ignoring the return value of SSL_read(), which tells you how many bytes were actually received. Your code is expecting MY_recv() to update its len parameter with the new byte count, but it is not doing that, and you are not null terminating the buffer you print. That is why you end up printing garbage. You need to change MYrecv() to something more like this: MY_recv(MY_cn sd, char* buf, size_t *len, unsigned int flags, unsigned int timeout) { ret = SSL_read(socki-ssl, buf, *len); *len = ret; } int MYApi::MYrecv(MY_cn sd) { strresult *r = new strresult; const size_t L=8*1024; size_t len = L; char buf[L]; r-first = MY_recv(sd, buf, len, flags, timeout); if (r-first 0) r-second.assign(buf, len); return r; } data = api.MYrecv(cn) Ryan Pfeifle Sr. Programmer Voice Print International, Inc. http://www.VPI-corp.com/ *Immediate Results. Unmatched Value.* http://www.VPI-corp.com/ValueTM *Tel: *1.805.389.5200 x5297 *Fax: *N/A *Email: *r...@vpi-corp.com *Web:* www.VPI-corp.com Experience the* **VPI Value Advantagehttp://www.vpi-corp.com/ValueAdvantage *TM The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *ikuzar *Sent:* Thursday, March 17, 2011 7:44 AM *To:* openssl-users@openssl.org *Subject:* Re: data size issue with SSL_read( ) / SSL_write I am confused. When I used a simple c++ program which uses SSL functions for the first time, I need not implement a protocol. when I tell SSL_write( ) to send 5 bytes and tell SSL_read( ) to read 10 bytes, the last reads 5 bytes ! ( doesn't it ? am I wrong ? I assume SSL reads expect \0 then it stop reading). Anyway, when SSL_write( ) sends TEST, SSL_read( ) reads TEST and not TEST��y 0�y ... Now, in my python program, the difference between my simple c++ program is that, I retrieve a string ( a_string.data( ), a_string.size( ) ) and tell SLL_write through my API to send this string. 2011/3/17 David Schwartz dav...@webmaster.com On 3/17/2011 6:40 AM, ikuzar wrote: Why do we expect \r\n ? why not \0 ? That's why you need to implement a protocol. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org vpi_logo.jpg
data size issue with SSL_read( ) / SSL_write
Hello, In my programm, client send HELLO message to server. 1) --- SSL_write is encapsulated in MY_send( ) function like this : MY_send(MY_cn sd, const char* data, size_t len) { ret = SSL_write(socki-ssl, data, len); } and MY_send is encapsuled in MYsend like this : int MYApi::MYsend(SIP_cn sd, const std::string data) { return MY_send(sd, data.data(), data.size()); } in python code, I call : api.MYsend(sock, HELLO) 2) --- SSL_read is encapsulated in MY_recv( ) function like this : MY_recv(MY_cn sd, char* buf, size_t* len, unsigned int flags, unsigned int timeout) { SSL_read(socki-ssl, buf, *len); } and MY_recv is encapsuled in MYrecv like this : int MYApi::MYrecv(MY_cn sd, const std::string data) { strresult *r = new strresult; const size_t L=8*1024; size_t len = L; char buf[L]; r-first = MY_recv(sd, buf, len, flags, timeout); if (!r-first) r-second.assign(buf, len); return r; } in python code, I call err,data = api.MYrecv(cn, 0, 0) The problem : when I print data, I have got : HELLO��y0�y 0�y��y i`�0�y ������L���L��-M etc... instead of HELLO. in MYrecv, when I make L = 5, it works what should I do to read just the right size so that when I print I get HELLO, GOODBYE, etc ... and not HELLO��y0�y, GOODBYE��y0�y etc ... thanks for your help
Re: data size issue with SSL_read( ) / SSL_write
Why do we expect \r\n ? why not \0 ? 2011/3/17 l...@xharbour.com.br Hi does your server send \r\n with hello? i read byte by byte until i found an \r\n Regards Luiz Hello, In my programm, client send HELLO message to server. 1) --- SSL_write is encapsulated in MY_send( ) function like this : MY_send(MY_cn sd, const char* data, size_t len) { ret = SSL_write(socki-ssl, data, len); } and MY_send is encapsuled in MYsend like this : int MYApi::MYsend(SIP_cn sd, const std::string data) { return MY_send(sd, data.data(), data.size()); } in python code, I call : api.MYsend(sock, HELLO) 2) --- SSL_read is encapsulated in MY_recv( ) function like this : MY_recv(MY_cn sd, char* buf, size_t* len, unsigned int flags, unsigned int timeout) { SSL_read(socki-ssl, buf, *len); } and MY_recv is encapsuled in MYrecv like this : int MYApi::MYrecv(MY_cn sd, const std::string data) { strresult *r = new strresult; const size_t L=8*1024; size_t len = L; char buf[L]; r-first = MY_recv(sd, buf, len, flags, timeout); if (!r-first) r-second.assign(buf, len); return r; } in python code, I call err,data = api.MYrecv(cn, 0, 0) The problem : when I print data, I have got : HELLO��y 0�y 0�y ��y i`� 0�y ��� ���L���L��-M etc... instead of HELLO. in MYrecv, when I make L = 5, it works what should I do to read just the right size so that when I print I get HELLO, GOODBYE, etc ... and not HELLO��y 0�y , GOODBYE��y 0�y etc ... thanks for your help __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: data size issue with SSL_read( ) / SSL_write
I am confused. When I used a simple c++ program which uses SSL functions for the first time, I need not implement a protocol. when I tell SSL_write( ) to send 5 bytes and tell SSL_read( ) to read 10 bytes, the last reads 5 bytes ! ( doesn't it ? am I wrong ? I assume SSL reads expect \0 then it stop reading). Anyway, when SSL_write( ) sends TEST, SSL_read( ) reads TEST and not TEST��y 0�y ... Now, in my python program, the difference between my simple c++ program is that, I retrieve a string ( a_string.data( ), a_string.size( ) ) and tell SLL_write through my API to send this string. 2011/3/17 David Schwartz dav...@webmaster.com On 3/17/2011 6:40 AM, ikuzar wrote: Why do we expect \r\n ? why not \0 ? That's why you need to implement a protocol. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
which cipher-suite must I choose
Hello, I 'd like to know which cipher-suite is the most suitable for VoIP soft. 1) I 'd like to know when must I choose bloc cipher. Then, how to know if AES is more suitable than 3DES / blowfish / etc. 2) I 'd like to know whent must I choose stream cipher. Then, how to know if RC4 is more suitable than other ... etc. Thanks for your help.
Re: how to desable data compression
Could you tell me how to use this option ? in which function ? I found something like below in the internet ( I did not find on OpenSSL website ) SSL *s ... #ifndef OPENSSL_NO_COMP if (!(s-options SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; but I do not know how to write in my source code. My source code is very simple : cli_meth = TLSv1_method(); cli_ctx = SSL_CTX_new(cli_meth); SSL *cli_ssl = SSL_new(cli_ctx); SSL_set_fd(cli_ssl, s_cli) SSL_connect(cli_ssl) etc ... Thanks. 2011/3/15 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Monday, 14 March, 2011 11:48 I 'd like to know how to desable data compression procedure. The compression flag is set to yes in tcp stream. It isn't really in the stream. SSL optional compression is negotiated during the handshake, along with the ciphersuite, and then applies to all subsequent data until/unless renegotiated. In fact, I would like to observe difference between plain text ( by setting NULL-SHA ) and cipher text ( by setting AES256-SHA ) using wireshark. I cannot make this observation if data is compressed. Option SSL_OP_NO_COMPRESSION is commented as /* Don't use compression even if supported */ and is used in what looks like the right places. Alternatively, if either client or server is using an openssl built without zlib available, it won't agree to compression. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: convert x509 cert into string and store certs in cache
Ok. In the doc, I think i2d_X509() is adequate to encode X509 *cert; The doc says : int i2d_X509(X509 *x, unsigned char **out); i2d_X509() encodes the structure pointed to by *x* into DER format. If *out*is not *NULL* is writes the DER encoded data to the buffer at **out*, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. Now, the function which adds certificates into shared map is like this : int addCertIntoMap(const char* uri, const char* certificate, unsigned int clen, time_t duration); uri is the key, const char* certificate is the certificate to add into map. My question : DER format will be stored in an unsigned char **out. In addCertIntoMap, we add a const char* certificate. I do not know how to write the code. I want to write somthing like this : X509* peerCert = SSL_get_peer_certificate(ssl); unsigned char **DERcert; i2d_X509(peerCert, DERcert); addCertIntoMap(uri, DERcert, len, time); // but here DERcert is char** and not char* ... to summarize : my problem is how to write it now. Thanks for your help. 2011/3/11 Dave Thompson dthomp...@prinpay.com (I avoid HTML on lists, but editting this back to plaintext was too hard, sorry) -- *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *ikuzar *Sent:* Wednesday, 09 March, 2011 08:38 *To:* openssl-users@openssl.org *Subject:* Re: convert x509 cert into string and store certs in cache add to previous post, I 'd like to know what is the best format for storing item in map. Item is here a struct which encapsulated certificate object ( as shown in previous message ). I think about DER format ... is it a good idea ? If you want sharing processes to use the cert, yes. (You need some serialized format for sharing; there are other serializations that could work in theory, but DER is by far the most convenient for openssl.) 2011/3/9 ikuzar razuk...@gmail.com snip = I want to make something like : templateclass StrType struct certificate : shared { StrType uri; StrType sn; StrType data; certificate(X509* cert) { char commonName[512]; subject_name = X509_get_subject_name(cert); X509_NAME_get_text_by_NID(subject_name, NID_commonName, commonName, 512); uri = commonName; sn = get_sn(cert);// I 'll deal with it later data = get_data(cert); // I 'll deal with it later } -- then, this certificate defined above is encapsulated in a cacheitem structure. -- In fact, map stores a range of cacheitem. Map will be read and written from different 'forked' childs : -- there is a class certmanager which manage these cacheitems ( add, get, delete items from cache, ...etc). I use URI as key for map. For example, I 'll search item which URI = 213...@etu-univ.com snip = I have to store in the certificate an URI which identify an user. this URI is like this : phone_number@domain. example : 0123456...@etu-univ.com ( this is a SIP uri ). I though I could store it in CN ... was I wrong ? have any other suggestion ? That could be the body of a subset of SIP URIs, but by itself is not a URI. If you are issuing the cert(s), you can put practically anything you want in CommonName. (Using control characters or escape sequences or suchlike would be a bad idea, but any normal data that identifies the subject is reasonable.) If you (or your users) are obtaining the cert(s) from a CA, it depends on the CA. You can request anything in the CSR, but it's up to the CA whether they approve it. Typically they demand you own or control the domain, address, or whatever.
Re: convert x509 cert into string and store certs in cache
2011/3/9 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Tuesday, 08 March, 2011 13:02 I am going to explain below what I HAVE TO do : a) I have to store certificates in a map which is a shared memory. ( I have to do this, I have no choice, because I have to continue what guy before me had started ). So I think it's better to store x509 structure which represents the certificate instead of string. I think it is a good idea. isn't it ? If the purpose of putting this data in shared memory is to share it, and assuming you mean the typedef X509 aka struct x509_st, no. Many openssl API structs, including that one, consist mostly of pointers to data stored elsewhere in memory -- which in any other process is invalid and will produce garbage or crashes. If you only need to share the map but not its contents, which would be silly, you could have X509's in your private memory, and just put pointers in the shared map, and no other process can use them, but if the map is keyed it could see the keys, and know that e.g. your process has *some* cert for server#3 or server.domain.name. = I want to make something like : templateclass StrType struct certificate : shared { StrType uri; StrType sn; StrType data; certificate(X509* cert) { char commonName[512]; subject_name = X509_get_subject_name(cert); X509_NAME_get_text_by_NID(subject_name, NID_commonName, commonName, 512); uri = commonName; sn = get_sn(cert);// I 'll deal with it later data = get_data(cert); // I 'll deal with it later } -- then, this certificate defined above is encapsulated in a cacheitem structure. -- In fact, map stores a range of cacheitem. Map will be read and written from different 'forked' childs : -- there is a class certmanager which manage these cacheitems ( add, get, delete items from cache, ...etc). I use URI as key for map. For example, I 'll search item which URI = 213...@etu-univ.com b) I must be able to extract uri, serial_number from x509 structure and store them into a STRING variable. Is there a way to exact URI and SN ? ( see source code above ). You can definitely get serial. Warning: nowadays serials usually aren't sequential (i.e. not 1,2,3,...) and aren't so much numbers as longish bitstrings encoded as numbers. Best to treat it as opaque, and if you need a UI display it as hex bytes. In particular, it's not safe to treat serial directly as a C string, as the code in your earlier post seems to; if you want a C string and even more so if you want human-legible text, do hex or base64 or somesuch. What URI? policy? CRLdist? OCSP? Something else? If you can identify it you should be able to get it. And a (valid) URI will actually be good char-string data. Although if it's encoded as BMP(2byte) or Universal(4), you need appropriate 'wide' char/string support; any given C can't have both, and it's not guaranteed to have either. = I have to store in the certificate an URI which identify an user. this URI is like this : phone_number@domain. example : 0123456...@etu-univ.com( this is a SIP uri ). I though I could store it in CN ... was I wrong ? have any other suggestion ? But the combination of URI and serial doesn't make sense; they don't relate to each other at all. *Issuer* plus serial is commonly (but not always) used to identify a certificate. Issuer is never a URI. It is *sometimes* a domainname, which can be PART of a URL which is one kind of URI, but that is not the same thing as being a URI. If issuer is what you want, yes you can get it, and even in a nice-for-humans (but not necessarily programs) text string form, look for oneline. c) is it possible to send x509 structure (certificate) to peer ? ( apart from handshake ) I 'd like to write something like: SSL_write(ssl, X509* cert) No for the same reason as above; the x509_st itself has pointers only valid within one process memory. This is exactly why 'wire' encodings exist, and the usual one for X.509 (including SSL) is DER. Openssl also prefers DER or PEM-wrapped-DER for local storage, but here other methods are *possible*. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: convert x509 cert into string and store certs in cache
add to previous post, I 'd like to know what is the best format for storing item in map. Item is here a struct which encapsulated certificate object ( as shown in previous message ). I think about DER format ... is it a good idea ? 2011/3/9 ikuzar razuk...@gmail.com 2011/3/9 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Tuesday, 08 March, 2011 13:02 I am going to explain below what I HAVE TO do : a) I have to store certificates in a map which is a shared memory. ( I have to do this, I have no choice, because I have to continue what guy before me had started ). So I think it's better to store x509 structure which represents the certificate instead of string. I think it is a good idea. isn't it ? If the purpose of putting this data in shared memory is to share it, and assuming you mean the typedef X509 aka struct x509_st, no. Many openssl API structs, including that one, consist mostly of pointers to data stored elsewhere in memory -- which in any other process is invalid and will produce garbage or crashes. If you only need to share the map but not its contents, which would be silly, you could have X509's in your private memory, and just put pointers in the shared map, and no other process can use them, but if the map is keyed it could see the keys, and know that e.g. your process has *some* cert for server#3 or server.domain.name. = I want to make something like : templateclass StrType struct certificate : shared { StrType uri; StrType sn; StrType data; certificate(X509* cert) { char commonName[512]; subject_name = X509_get_subject_name(cert); X509_NAME_get_text_by_NID(subject_name, NID_commonName, commonName, 512); uri = commonName; sn = get_sn(cert);// I 'll deal with it later data = get_data(cert); // I 'll deal with it later } -- then, this certificate defined above is encapsulated in a cacheitem structure. -- In fact, map stores a range of cacheitem. Map will be read and written from different 'forked' childs : -- there is a class certmanager which manage these cacheitems ( add, get, delete items from cache, ...etc). I use URI as key for map. For example, I 'll search item which URI = 213...@etu-univ.com b) I must be able to extract uri, serial_number from x509 structure and store them into a STRING variable. Is there a way to exact URI and SN ? ( see source code above ). You can definitely get serial. Warning: nowadays serials usually aren't sequential (i.e. not 1,2,3,...) and aren't so much numbers as longish bitstrings encoded as numbers. Best to treat it as opaque, and if you need a UI display it as hex bytes. In particular, it's not safe to treat serial directly as a C string, as the code in your earlier post seems to; if you want a C string and even more so if you want human-legible text, do hex or base64 or somesuch. What URI? policy? CRLdist? OCSP? Something else? If you can identify it you should be able to get it. And a (valid) URI will actually be good char-string data. Although if it's encoded as BMP(2byte) or Universal(4), you need appropriate 'wide' char/string support; any given C can't have both, and it's not guaranteed to have either. = I have to store in the certificate an URI which identify an user. this URI is like this : phone_number@domain. example : 0123456...@etu-univ.com( this is a SIP uri ). I though I could store it in CN ... was I wrong ? have any other suggestion ? But the combination of URI and serial doesn't make sense; they don't relate to each other at all. *Issuer* plus serial is commonly (but not always) used to identify a certificate. Issuer is never a URI. It is *sometimes* a domainname, which can be PART of a URL which is one kind of URI, but that is not the same thing as being a URI. If issuer is what you want, yes you can get it, and even in a nice-for-humans (but not necessarily programs) text string form, look for oneline. c) is it possible to send x509 structure (certificate) to peer ? ( apart from handshake ) I 'd like to write something like: SSL_write(ssl, X509* cert) No for the same reason as above; the x509_st itself has pointers only valid within one process memory. This is exactly why 'wire' encodings exist, and the usual one for X.509 (including SSL) is DER. Openssl also prefers DER or PEM-wrapped-DER for local storage, but here other methods are *possible*. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
convert x509 cert into string and store certs in cache
Hello, I have to work with a pre-existing code which simulated handshake, data encryption etc ... certificate struct is defined like in the source code I reuse : templateclass StrType struct certificate : shared { StrType uri; StrType sn; StrType data; certificate(const char *str, size_t clen=0) { string s_uri,s_sn,s_data; parseCertificate(str, s_uri,s_sn,s_data); uri = s_uri.c_str(); sn = s_sn.c_str(); data = s_data.c_str(); } ... etc }; my questions : 1) What does DER format means ? is it equivalent to a string format ? In the following function, we have a parameter named out : int i2d_X509(X509 *x, unsigned char **out); this function convert X509 internal data into DER format. Result is stored in out That's why I am wondering if DER = string ... ? 2) is it possible to verify ( by hand ) certificate in string format ? 3) what kind of data structure ( vector, etc..) is the best way to store certificate with string format ? 4) is a bad idea to handle everywhere certificates in string format ? Thanks for your help.
Re: convert x509 cert into string and store certs in cache
Ok, things are more clear now. I am going to explain below what I HAVE TO do : a) I have to store certificates in a map which is a shared memory. ( I have to do this, I have no choice, because I have to continue what guy before me had started ). So I think it's better to store x509 structure which represents the certificate instead of string. I think it is a good idea. isn't it ? b) I must be able to extract uri, serial_number from x509 structure and store them into a STRING variable. Is there a way to exact URI and SN ? ( see source code above ). c) is it possible to send x509 structure (certificate) to peer ? ( apart from handshake ) I 'd like to write something like: SSL_write(ssl, X509* cert) 2011/3/8 Patrick Patterson ppatter...@carillonis.com Hey there: On 2011-03-08, at 10:03 AM, ikuzar wrote: my questions : 1) What does DER format means ? is it equivalent to a string format ? In the following function, we have a parameter named out : int i2d_X509(X509 *x, unsigned char **out); this function convert X509 internal data into DER format. Result is stored in out That's why I am wondering if DER = string ... ? DER is the Distinguished Encoding Rules - it is a binary format that is designed to be a concise and machine independent representation of the ASN.1 structure of whatever is encoded that way. It is MOST DEFINITELY NOT a string. 2) is it possible to verify ( by hand ) certificate in string format ? I have no idea even what you are referring to... what does convert to a string mean - you need to validate/verify the certificate according to the rules outlined in IETF RFC5260, and that involves verifying the signature, and this involves dealing with the certificate in the same format it was signed in (which, I believe, is the binary DER encoding). 3) what kind of data structure ( vector, etc..) is the best way to store certificate with string format ? PEM of course. 4) is a bad idea to handle everywhere certificates in string format ? VERY, VERY bad... Have fun! --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
how to use a preloaded certificate
Hello, I have a function my_initialize( ) which initialize a lot of thing before doing my_connect( ), my_accept( ), etc. In my_initialize( ), I call : - SSL_library_init(); - SSL_load_error_strings(); In my_connect( ), I set handshake: - meth = TLSv1_method( ); - ctx = SSL_CTX_new(meth); - SSL_CTX_set_cipher_list( ) - SSL_CTX_use_certificate_file( ) - ... - SSL_connect( ) now, I have to load certificate in my_initialize( ) and not in my_connect( ). How must I tell SSL_connect ( ) that the certificate is already loaded in my_initialize( ) and it must use this certificate to process handshake ? Thanks.
Re: how to load certificates into a share memory
Hi, for 2) it is OK for 1) I do not understand ... -- I 'd like to retrieve x509 certificate and store it into a X509 object. I do not want to converts ANSO DER strings to X509 objects for the moment. I want something like this : x509* cert; cert = SSL_get_certificate(/home/me/mywork/certificates/server_cert.pem); -- what did you mean with you can reference the source code... , ...reference the SSL_use_certificate_file( ) ... ? I 'd like to load certificate apart from Handshake process. Thanks. 2011/2/7 Aro RANAIVONDRAMBOLA razuk...@gmail.com Thanks, I 'd like to know also if there is a way to duplicate certificate issued from handshake. In fact, I 'd like to store client certificate in my cache and use it later. ( = send it to another client ). 2011/2/7 lzyzizi lzyz...@126.com 1)All X509 operations are in the x509 module(folder).You may see the x509.h for more details.To load a X509 object , you can use d2i_X509 which converts the ANSI DER strings to X509 object(you can see the openssl doc for more function details). Also,you can reference the source code in ssl folder.I recommend you to reference the int SSL_use_certificate_file(SSL *ssl, const char *file, int type) function's implementation,which will tell you how to load a x509. 2)To get the information from the X509 object, you should see the x509.h. To get CN ,OU... , you can use X509_NAME * X509_get_issuer_name(X509 *a); or X509_NAME * X509_get_subject_name(X509 *a); To get a serial number , you can use ASN1_INTEGER * X509_get_serialNumber(X509 *x); At 2011-02-07 04:08:30,Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote: Hello, I work with C++ language. I'd like to create a class named certificate in which I 'll have a X509 object and fonctions member like verify_certificate. 1) I would like to know how to load X509 certificate object, I do not see any fonction in the API which can do it ( out of handshake fonctions ). 2) Then How to parse this X509 certificate ( in pem format for example ). I must retrieve serial number, cn etc ... Thanks for your help
Re: how to use a preloaded certificate
2011/3/7 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Monday, 07 March, 2011 10:00 I have a function my_initialize( ) which initialize a lot of thing before doing my_connect( ), my_accept( ), etc. In my_initialize( ), I call : - SSL_library_init(); - SSL_load_error_strings(); In my_connect( ), I set handshake: - meth = TLSv1_method( ); - ctx = SSL_CTX_new(meth); - SSL_CTX_set_cipher_list( ) - SSL_CTX_use_certificate_file( ) - ... Presumably also (at least) use_PrivateKey (matching the cert) and ending with ssl = SSL_new (ctx). = That's OK - SSL_connect( ) now, I have to load certificate in my_initialize( ) and not in my_connect( ). How must I tell SSL_connect ( ) that the certificate is already loaded in my_initialize( ) and it must use this certificate to process handshake ? Create and set-up ctx (SSL_CTX object) in initialize, and later use ctx to create an SSL object for the/each connection. This is exactly why SSL_CTX exists: to store, once and possibly in advance, the parameters for possibly multiple connections. = I exactly did it. But the guy who started developping the project had build a certmanager class. He loaded certificates into a cache in certmanager. He loaded certificates in my_initialize( ) and added them into certmanager... He did not use openssl, he simulated what openssl do. For the moment I have to continue his work and later, I 'll change it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_connect( ) want read
Hello, I have got a SSL_ERROR_WANT_READ after a call to SSL_connect. I 'd like to know what should I do exactly ? Thanks
Re: SSL_read( ) = segmentation fault
I found where the segmentation fault happens. There is no link between SSL function call and the seg fault. SSL functions work fine until now. 2011/3/1 ikuzar razuk...@gmail.com Hello, I develop a secure stack. This stack is between TCP and an application. The appli call my stack's functions ( my_connect( ), my_listen( ), etc. ). I have got segmentation fault after launching the the program. SERVER SIDE : my_recv( ) is like this : int my_recv(my_cn sd, char* buf, size_t* len, unsigned int flags, unsigned int timeout){ ... err = SSL_read(si-ssl, buf, *len); switch(err) { ... } } I call my_recv( ) in main( ) like this : main( ){ ... lsock = my_listen(0, TESTPORT, test_proto, 5); // that's OK my_cn s2 = my_accept(lsock, addr, port); // That's OK ... char buf[10]; size_t len = 5; my_recv(s2, buf, len, 0, 0); // Here is seg fault ... } After a simple debug ( only in server side) , I realized that: 1) seg fault is caused by SSL_read( ) 2) si-ssl != NULL CLIENT SIDE : maint( ) { my_cn sock = my_connect(inet_addr(127.0.0.1), TESTPORT, local_addr, local_port, test_proto); // That's OK my_send(sock, Test, 5); // it fails ( seg fault here ... ? ); ... } I am wondering what would cause the problem, probably buf or len...!? I tried char buf[5] but I have got the same result. Does someone find what happens. Thanks
SSL_write( ) fails
Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
Re: SSL_write( ) fails
Ok. Thanks. So, here SSL_write( ) wants to read( ). In fact, ssl_accept( ) fails ( but I continued instead of returning -1 for example. I repaired this programming error. Now it's OK ). -- Then I realize that ssl_accept returns ***ret = 0. * -- I check if ret 1. If true then I make : gret = SSL_get_error(ssl, ret) -- Then, I make a switch(gret) and I realize that gret = *SSL_ERROR_SYSCALL * -- Then, I make ERR_get_error(); it returns 0. According to the doc ( http://www.openssl.org/docs/ssl/SSL_get_error.html#RETURN_VALUES) I can recheck *ret* value. If it is == 0 it says that an EOF was observed that violates the protocol. My questions : 1) Did I well interpreted the doc ? 2) What does an EOF was observed that violates the protocol mean ? 3) I come back to the SSL_write( ). He wants to read( ). The doc says : Caveat: Any TLS/SSL I/O function can lead to either of * SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular, SSL_read()or SSL_peek() may want to write data and SSL_write() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. 3.1) When the doc says SSL_write () may want to read data... what does it mean exactly ? Does it mean that a function is blocked somewhere because it wants read ? ( In my case : this function is accept( ) ?? ) 3.2) Does the client and server share the same ssl object ... ? Thanks. 2011/3/2 lzyzizi lzyz...@126.com If you stepped a bit into the source code , you would have found the answer yourself. They are defined in the ssl.h.You may see the help doc for more details. #define SSL_ERROR_NONE0 #define SSL_ERROR_SSL1 #define SSL_ERROR_WANT_READ2 #define SSL_ERROR_WANT_WRITE3 #define SSL_ERROR_WANT_X509_LOOKUP4 #define SSL_ERROR_SYSCALL5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN6 #define SSL_ERROR_WANT_CONNECT7 #define SSL_ERROR_WANT_ACCEPT8 At 2011-03-02 22:55:51,ikuzar razuk...@gmail.com wrote: Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
SSL_read( ) = segmentation fault
Hello, I develop a secure stack. This stack is between TCP and an application. The appli call my stack's functions ( my_connect( ), my_listen( ), etc. ). I have got segmentation fault after launching the the program. SERVER SIDE : my_recv( ) is like this : int my_recv(my_cn sd, char* buf, size_t* len, unsigned int flags, unsigned int timeout){ ... err = SSL_read(si-ssl, buf, *len); switch(err) { ... } } I call my_recv( ) in main( ) like this : main( ){ ... lsock = my_listen(0, TESTPORT, test_proto, 5); // that's OK my_cn s2 = my_accept(lsock, addr, port); // That's OK ... char buf[10]; size_t len = 5; my_recv(s2, buf, len, 0, 0); // Here is seg fault ... } After a simple debug ( only in server side) , I realized that: 1) seg fault is caused by SSL_read( ) 2) si-ssl != NULL CLIENT SIDE : maint( ) { my_cn sock = my_connect(inet_addr(127.0.0.1), TESTPORT, local_addr, local_port, test_proto); // That's OK my_send(sock, Test, 5); // it fails ( seg fault here ... ? ); ... } I am wondering what would cause the problem, probably buf or len...!? I tried char buf[5] but I have got the same result. Does someone find what happens. Thanks
Re: How to retrieve error about private key loading.
SSL_set_fd( ) also fails. to know what exactly happened, I tried somthing like this : if(SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } BUT I have got this message : error::lib(0):func(0):reason(0) how to know what happens ...? What does this error mean ? Thanks. 2011/2/25 Aro RANAIVONDRAMBOLA razuk...@gmail.com Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.
Re: Re:Re: How to retrieve error about private key loading.
Ok. In fact, I develop a secure stack between TCP and an appli which will be developped by another developper. I do not want to display error on screen but now I 'd like to resend it to the appli above. I 'd like to make something wich matchs errors with integer. example : error number xxx - PVKEY_DOES_NOT_MATCH_WITH_CERT error number yyy - CANNOT_SET_SLL_WITH_FD So, someone who develops appli above make : if(PVKEY_DOES_NOT_MATCH_WITH_CERT) { // treat error here : prinf, etc ... } if(CANNOT_SET_SSL_WITH_FD){ //treat error here } etc... The problem is that I do not know how to retrieve xxx and yyy ... and how to match them with PVKEY_... and CANNOT_SET... etc... I am novice in C/C++ Thanks. 2011/2/25 lzyzizi lzyz...@126.com Sorry,I didn't catch your meaning... You can use *ERR_GET_FUNC(l) *with the error code* *to get the error function ID that is defined in the module's header(here is ssl.h).You can also use *const char *ERR_func_error_string(unsigned long e) *with the error code to get the string representation of the error function. Every time you want to know the string information of the error code,you need to call the* void ERR_load_ERR_strings(void) first.*(or call *ERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) * *ERR_get_error() *.It get the most recently occurred error code. At 2011-02-25 22:10:45,lzyzizi lzyz...@126.com wrote: I think *ERR_load_RSA_strings(void) *should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re:Re: How to retrieve error about private key loading.
I am confused. ERR_load_SSL_strings does not exist in the doc on openssl web site. Idem for *ERR_load_ERR_strings().* I do not know how to obtain string information when SSL_set_fd( ) fails. I do not know what to do. Why do I need to get error function ID ? Sorry, I am so confused. 2011/2/25 lzyzizi lzyz...@126.com Sorry,I didn't catch your meaning... You can use *ERR_GET_FUNC(l) *with the error code* *to get the error function ID that is defined in the module's header(here is ssl.h).You can also use *const char *ERR_func_error_string(unsigned long e) *with the error code to get the string representation of the error function. Every time you want to know the string information of the error code,you need to call the* void ERR_load_ERR_strings(void) first.*(or call *ERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) * *ERR_get_error() *.It get the most recently occurred error code. At 2011-02-25 22:10:45,lzyzizi lzyz...@126.com wrote: I think *ERR_load_RSA_strings(void) *should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: How to retrieve error about private key loading.
Thanks, I missed ! ... 2011/2/25 lzyzizi lzyz...@126.com I think you missed the logic about the function return value. If SSL_set_fd( ) is ok , it will return 1. Your code may write this way: if(* !*SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } At 2011-02-25 22:21:21,ikuzar razuk...@gmail.com wrote: SSL_set_fd( ) also fails. to know what exactly happened, I tried somthing like this : if(SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } BUT I have got this message : error::lib(0):func(0):reason(0) how to know what happens ...? What does this error mean ? Thanks. 2011/2/25 Aro RANAIVONDRAMBOLA razuk...@gmail.com Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.