The end result is that I had to change the makefile to -q32 to get
it to work with the openssl-0.9.8j distribution, which smartly does
use 32_64 mode and will FAIL if I did not change the fips-1.2 makefile.
This violates the security policy and invalides the FIPS certification. You
cannot
I have a general query regarding FIPS mode.
I am running an simple openssl https server based on openssl
that services https requests from window clients.
Is it in FIPS mode, yes or not? If not, then you cannot claim it is FIPS
compliant.
I have the following setting in my windows XP Use
I have some doudt regarding fips capbable openssl... If in my system ,
one of the my application gets into fips mode .. whether that going to
effect other application to use fips enabled cryptography alogorithm..
No.
I have seen in some fips enabled library, if one application gets into
Is there any way i can make my implementaion of openssl
FIPS capable and FIPS compliant ?
If you change even one line of code or one parameter in the building of the
canister, you have to go through the FIPS process yourself. Contact any of
the 13 accredited testing labs.
Hello,
I am currently developing an interface to a 3rd party product that
requires
HTTPS support using an X.509 certificate.
I have been given instructions on how to generate the certificate using
openssl.
While in development mode (this is a commercial product), do I need
to include some
thanks for the response.
I just need the certificate to securely identify that a request is
coming from who I think it is coming.
Then you need some way to distribute a certificate to that endpoint and for
the other end to know what certificate that endpoint has.
My goal is that I can
One final question. Given that non fips mode openssl can talk with fips
validated implementations , Lets say i have a server
which is using openssl in non fips mode which speaks and suports all the
ciphers (including the FIPS ciphers) .Now for a FIPS validated client is
there any way for the
Why does the call to d2i_ECPrivateKey(NULL, pptr, len); always fail?
Because you didn't pass it a key. Change that 'NULL' to 'eckey'.
DS
__
OpenSSL Project http://www.openssl.org
User Support
FIPS validated cryptography is mandated on endpoints which handle
sensitive information by the US Federal Government (though current
practice includes procurement, not necessarily implementation).
Thanks David and kyle for your time.
Kyle,
though current practice includes procurement
Hello all,
I have a general query regarding FIPS mode. I am running an simple openssl
https server based on openssl that services https requests from window
clients. I have the following setting in my windows XP Use FIPS comliant
algorithms for encryption, hashing and signing set to 1 .
Hi,
Do you know why an extra charater / is attached in front of the
subject name?
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
fprintf(stderr, Subject = %s\n, data);
The output is like /CN=XXX.hp.com.
Carol
X509_NAME_online is known to be buggy and quirky and is
Victor Duchovni wrote:
Because in amost all cases that's exactly the right advice.
The cryptography learning that is sufficient and desirable is from books
such as Applied Cryptography which cover protocols and algorithms
at a high level. Studying the implementation or creating ones
Hi... a simple question, i hope somebody know the solution:
I need to use the EVP_DecryptUpdate... but for fifth argument,
i need the large of encrypted.. how i do this? i'm sure that
strlen not works...
You cannot have a chunk of data without knowing how big it is. What it means to
have
When i use to encrypt data, i have not problems.. when i
decrypt the result of this code, i have not problem...
when i decrypt with this program, i have
13015:error:06065064:digital envelope routines:
EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
The EVP_DecryptUpdate works ok, decrypt
buff = (char *)malloc(bptr-length);
memcpy(buff, bptr-data, bptr-length-1);
buff[bptr-length-1] = 0;
Umm, you don't copy the last byte of data. You don't allocate enough space to
hold the data and a terminator. This is probably your main error. How will
'buff' hold a C-style string when
Has anyone seen problems encrypting credit card numbers with BlowFish.
When encrypting with a 32 char or a 56 char key the there are a number
of values that are not encrypting and thus decrypting all of the
characters.
This sounds like a classic example of bugs caused by the everything is a
Olaf Gellert:
I would not say so. If I found a CRL which contains the
self signed root certificate I would stop to trust it
immediately.
Why? What do you think that CRL means? Specifically, do you think it means
the public key was compromised? Do you think it means the issuer of the
original
Can you please elaborate on how would the higher-layer security
infrastructure go about this?
Simply put, whatever put the certificate in its trusted position is what is
to remove it. If a CA says to trust a certificate, that CA can say not to.
But if the certificate is self-signed, the trust
Ger Hobbelt wrote:
Okay, so if I get this right, you're saying you want to verify the
server certificate BUT you do NOT want to check it's activation date /
expiry date (i.e. the time range over which the certificate is valid)?
I'll forego the very bad security implications of such a wish
On Sat, 2009-01-24 at 00:13 +0100, Georges Le grand wrote:
I wonder if you could give out a reference on how to establish a VPN
using DTLS or to tell how to do so.
We are just using Cisco's AnyConnect VPN, which runs over an HTTPS
'CONNECT' and will use DTLS for subsequent data transfer if it
On Sat, 2009-01-24 at 23:03 +0100, Georges Le grand wrote:
So it is alike SSL VPN with data encapsulated into HTTP Packets, but I
don't get how does HTTP run over UDP.
Probably best explained by the code... it just uses HTTP for the initial
setup -- a CONNECT request with an HTTP cookie for
All,
I am trying to build OpenSSL-fips-1.2 on a Solaris 10 machine
with Sun Studio 8 and force it to build 32-bit objects. Is there
a way I can do that without changing the makefile and thus
violating the fips validation?
I'm not specifically familiar with 64-bit Solaris, but I know
On Thu, 2009-01-22 at 06:10 +0100, Robin Seggelmann wrote:
To avoid getting into trouble with already fixed bugs you should apply
the patches I sent to the dev list. I'll set up a website with a patch
collection and some instructions soon.
Is there anyone who actually cares about DTLS
Please note that I can not solve this problem via the protocol that I
use on top of DTLS - which is IPFIX - because IPFIX - by definition -
only *sends* but does not receive data. I.e. I can not infer that the
server crashed from the fact the he does not send any data because he
does not
is missing
CertUtil: -dsPublish command FAILED: 0x80070490 (WIN32: 1168)
CertUtil: Element not found.
So I assume this means I need the CRL Next Publish oid somehow... Or I
have something messed up above.
Please help
-
DAVID BLAINE
We are experiencing the following error intermittently when we create
SSL connections via PHP + cURL:
error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines
We're running Arch Linux, with Apache 2.2.10 and the latest Pacman
modules for PHP (5.2.7-2), cURL (7.19.2), and
Hi,
I am writing an application that using openssl to do some encryption and
decryption. I am wondering if there is a way, on the command line or
otherwise, to make sure that no memory that OPENSSL is using is ever
paged out to disk? I want to make sure that after the program is done
there
Edward Diener wrote:
Perhaps your seeing this shows why I was at least nominally concerned
about the MySQL client having its own public key-private key
certificates. I have tried to find out what actual use the client's
public key-private key has in MySQL, from either the client or the
Edward Diener wrote:
1) You need someone to confirm that having a client use a
known-compromised
private key to authenticate over SSL is no worse than the
client using no
key at all. It seems to me like you'd almost have to try to make this a
problem, but who knows -- maybe it's
Victor Duchovni wrote (ironically, just a week ago):
No, it is the protocol design (how all the pieces fit together), not the
specific algorithms that make it secure (yes the pieces have to have
the right general properties, but this is secondary).
I can't resist pointing out how today's
Edward Diener wrote:
In this last case I do not understand how the client can encrypt data
going to the server if it has no private key of its own.
Your question is kind of puzzling. Why would the client needs its own
private key in order to encrypt data going to the server? In general,
The TLS protocol did not fail, what failed is the X.509v3 protocol where
algorithm choices are not made by SSL users, rather the poor choices
were made by CAs, who should have known better, and in any case have
largely phased out MD5, with Verisign (reportedly) just one month away
from
I can understand your summary quite clearly.
Great.
Suppose the server encrypts data it sends to the client and the client
needs to decrypt that data. This is the case when my client SELECTs data
from the MySQL database. Does this need a different sequence than the
sequence mentioned
Edward Diener:
But other than vague remonstrances about security planning, and that I
was not qualified as a mere programmer to handle security issues from
people who have no idea about my ability, I have yet to receive any
specifics from others about what they would do in this very common
Kyle Hamilton wrote:
If your company hires a security consultant, s/he will state the
same thing.
-Kyle H
The fundamental problem is this:
You have one door. Every customer must walk through it. However, you don't want
a customer to run amuck once he gets through the door. Your solution
Edward Diener wrote:
Please suggest ways to do so. The server is no different from any other
server database. It accepts a username/password to prevent unauthorized
users from accessing its data. I am perfectly willing to listen to other
server techniques which involve security, or read
Edward Diener
Your scheme requires you to put the credentials where an
attacker can get them in unencrypted form. All an attacker need
do is terminate your process as soon as it attempts a network
connection (or intercept its filesystem calls and snapshot every
file before it is
It is not just about you but about many people that have skills
in security,
but I have this feeling that those people likes to bash on
newbies, thinking
that they are stupid.
Would you want to drive over a bridge that was built by a newbie engineer
who didn't think it was important to have
No, my risk model is to simply ascertain whether distributing the certs
as files in the application directory is a serious security risk or not
and, if it is, what steps can make it less so.
If it's a security risk, it's because something is broken someplace else.
Why do you need to hide a
If we want secure compare
by hash, then almost any sync protocol that uses SHA-256 will
be fine but
almost any that uses MD5 will not. Why? Because SHA-256 is good
for compare
by hash and MD5 is not. Any protocol that's not brain-damaged that uses
SHA-256 will work, and any that
BiGNoRm6969:
Never heard about binary specification of the RSA* private key.
Can you give
more more information about that please.
Okay, think about this logically. You want to take the SHA256 hash of an RSA
private key and get the same result every time. But the SHA256 hash function
takes
And, I should note, you've already proved our point a dozen times
over. Your
code contains three separate bugs, all of them extremely serious. For
example, you used the byte size of the *MODULUS* (that's what RSA_size
returns) as the hash input size for the private key.
And, by the way, I'm
For information: I am using this key to encrypt / decrypt files
locally on a
host.
Why not use the RSA key for this purpose, using an established and tested
algorithm? Since you have the RSA key, and there are any number of
established algorithms to use an RSA key for encryption, why did you
Why not use the RSA key for this purpose, using an established
and tested
algorithm? Since you have the RSA key, and there are any number of
established algorithms to use an RSA key for encryption, why
did you roll
your own?
This too is wrong,
If it's wrong, why did you say the
- Don't choose algorithms for security, choose protocols for
security.
That sounds completely backwards to me. When we have a set of security
requirements, the first thing we do is select the algorithms that meet those
requirements, then we look for protocols that implement them.
Hi!
I am doing a SHA256 on a RSA* private key. I used the result as a
symmetric
key for AES encryption.
Do you have a specification for how to do this? What ensures that the RSA
private key has the same binary representation each time?
For example, 3 and 03 represent the same number, so
Ok. I am a little bit confused. You are telling me that a same
data encrypted
with the same key can generate different results?
Yes. This is absolutely essential for any public-key system to be secure.
Imagine if someone asks you, Should we attack at dawn? Send the message
securely using my
Hello,
Can you explain-me how ssl can to be security comunicating first by the
public key, and them negociate a private key?
If anyone can get the public key, anyone can get the private sniffing
the packs.
Thanks.
Walter Neto - Brazil
Private keys are never sent over the network and
Then how would I fix it so it would compil and not violation any security
policy
Getting a FIPS build just right is a major pain and requires all kinds of
trade offs. I just wouldn't bother unless you absolutely, positively must
have a FIPS build for some reason.
What you have to do is find
The only reasion I'm installing openSSL is because Perl SSH2 requires it.
Am I getting to deep into this or is there another way I can get the
library I need?
Get OpenSSL-0.9.8e or any other version that SSH2 supports.
Then how would I fix it so it would compil and not violation
any
In the non-blocking mode, is there a better way than watch return value of
BIO_do_accept() in a loop ?
Is there a way to be notified when a handshake is initiated from
the client
? A kind of WAITINCOMINGHANDSHAKE which have a timeout ? Or
nothing else ?
The OpenSSL documentation tells
SSL_accept always returns 0 error. With SSL_get_error I found that the
error is SSL_ERROR_WANT_READ.
During debugging and troubleshooting, I realised that when I use normal
blocking windows socket, SSL_accept works fine.
Why using non-blocking windows socket caused that error ?
This is
I used fwrite(signature,1,strlen(signature),fp) and got the
same results.
You seem to have a fundamental misunderstanding about how strings work
in
C. That's not good for someone writing security software. The 'strlen'
function computes the length of a C-style string. The signature
Hi all,
it seems that I am missing the usage of the set of obscure functions:
CRYPTO_set_dynlock_create_callback()
CRYPTO_set_dynlock_lock_callback()
CRYPTO_set_dynlock_destroy_callback()
but I have no idea how to initialize those functions - is there
any example
RSA_verify(NID_md5, datatosign, (strlen(datatosign)), signature,
strlen(signature), key);
The 'strlen' function is only useable on a C-style string. The signature cannot
be a C-style string because it is arbitrary binary data.
Best regards,
Am. Sivaramakrishnan
DS
Where am i going wrong here?
char* message = Hello World;
if(RSA_sign(NID_md5, (unsigned char*) message, strlen(message),
signature, slen, private_key) != 1) {
The problem is that your RSA key is very small. A 256-bit RSA key can only
sign up to 32 bytes. 11 bytes are lost
I'm using RSA to encrypt/decrypt some text. I encrypt the data using the
private key and then decrypt it using RSA_public_decrypt(). One thing i
noticed was that if the data was not encrypted using the correct
private key
that RSA_public_decrypt() will just set the output to giberish. Is
Yes. Hence the correct solution would be non-blocking with select()...
Best regards,
Lutz
How do you determine (portably) if the socket you got from 'socket' is
inside the legal range for FD_SET? Many platforms, including Linux, will
happilly allow 'socket' to return values that are way
That's a great question. Indeed, this platform (AIX) does have
/dev/random but apparently that too was exhausted because that
is checked first in our implementation. I think the fault is truly
with the system in question, because prngd should not have blocked
in the manner it did. Despite
Ben Sandee wrote:
On Thu, Nov 6, 2008 at 9:11 PM, David Schwartz [EMAIL PROTECTED]
wrote:
There needs to be a call to fcntl(fd,F_SETFL,O_NONBLOCK) just after
the socket() call and error status check.
That will just waste CPU. The code will spin in each loop
while (!success) loop until
There needs to be a call to fcntl(fd,F_SETFL,O_NONBLOCK) just after
the socket() call and error status check.
-Kyle H
That will just waste CPU. The code will spin in each loop while (!success)
loop until it gets what it wants. It will still not return any time soon, but
will do so at 100%
On 2008.09.22 at 16:37:58 +0200, F. wrote:
Any way to collect only from HRNG?
You can write your own RAND_METHOD
and encapsulate it in the engine module.
Then you can load this engine via openssl.cnf
and set default rand method to this engine.
Really, this is not very good idea,
Thank you again David,
You are welcome.
As for the network issue scenarios here are some details about the last
case:
1)The server is running on UNIX, the client is running on windows or unix.
unplug the client or the server. The server does not report anything!
Logical, nothing has
All -
I am using OpenSSL with memory BIOs for the communication. I have
everything working just fine, until I came across a server that sends
Application data in the final packet of the TLS handshake.
Specifically, Wireshark shows the following in its output :
Change Cipher Spec,
Md Lazreg wrote:
Actually the same question is valid even if I am not using SSL sockets.
So is there a way to distinguish between if a socket was closed because
of a client crash or because of a netwrok issue?. If yes, is there an
equivalent under SSL sockets?
You have three choices:
1)
Hello,
In appendix B of the openssl FIPS security policy it is stated
that the module must be built with a particular tar file
(openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar
file is specified. Furthermore it is stated that there shall be
no additions, deletions, or
Thanks David.
Unfortunately option 1) and 3) are not possible for my clients.
In other words, you cannot engineer a sensible option and have to fake it.
That's fine, but solutions that aren't engineered tend to be poor.
option 2) seems the way to go for me, but so far it proved unreliable
Calling SSL_accept.
Error code: 5
error::lib(0):func(0):reason(0)
Error: SSL_ERROR_SYSCALL, errlist: No such file or directory
WSAGetLastError, rc=0
This is basically the APIs I call to get the above information.
err = SSL_get_error(ssl, rc);
printf(Error code: %d, err);
So I can now see the Solaris side. It appears it gets
gibberish, probably
encrypted data. Does anyone know why it would appear that the socket is
not decrypting the data? This same code works fine on a Windows system.
SSL_ca_file: /opt/bf-567/Platform/keystore/CA.pem
SSL_cert_file:
please tell me where the deadlock is.
As far as I know a deadlock arise when one process locks a
resource an other
process requests and vice versa.
A deadlock occurs when two or more agents are waiting for each other. Neither
can make forward progress until the other does. This is
Let me try one more time to explain the problem with an unrealistic, but I hope
easy to follow, example. Consider:
A - B
Now, imagine A sends a message to B requesting some unit of data. B begins
sending a very, very large chunk of data to A, many tens of MB. After 10 MB or
so, A realizes
understand in SSL and Certificates?
Thank you in advance!
David Carvalho
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
? Is there anything that I
fairly clear and I should understand in SSL and Certificates?
Thank you in advance!
David Carvalho
Hello list,
I write a application which acts like a proxy/repeater between
two ssl - endpoints. For my app I use OpenSSL 0.9.8g.
The two endpoints connect to the app and idenfity themselves
using a id (Both use the matrixssl implementation for ssl handling).
Two matching id's start the
I was thinking about an alternate solution, using blocking sockets,
and doing the connect on another thread. If the user cancels the
operation I'd close the socket (BIO_free) and I guess the connect
would return with an error and the thread would exit then. Seems a
little dirty but it could
I was thinking about an alternate solution, using blocking sockets,
and doing the connect on another thread. If the user cancels the
operation I'd close the socket (BIO_free) and I guess the connect
would return with an error and the thread would exit then. Seems a
little dirty but it
Gabriel Soto wrote:
{
// Create BIO with some random nonexistent host.
BIO *bio = BIO_new_connect(192.168.9.9:);
if (bio == NULL) {
// Failed to obtain BIO.
return false;
}
// Set as non-blocking.
BIO_set_nbio(bio, 1);
// Attempt to
Never ship a Shared OpenSSL library. Anyone can rebuild it to output
the socket buffer to disk prior to encryption and replace yours.
:-)
A party to an encrypted conversation can put its contents in a full-page ad
in the New York Times if they want to. There's no need to keep a
conversation
David Schwartz wrote:
Which is pretty much the same as every other operation. If you
call 'send'
or 'write' on a blocking TCP socket, and you get a zero return,
does that
mean the data has been sent? No. It means the data is queued
and the send is
in progress. If you call
Most of the time but not all I get
140A90F1:lib(20):func(169):reason(241) from the error stack when
I try to call sl_ctx_new. I am using 9.8i in a win32 environment.
Any information on what the error message means would be much appreciated.
The OpenSSL executable has the 'errstr' command
Documentation tells me that the SSL pointer should inherit
the blocking property from the socket passed to SSL_set_fd.
Right.
However, when I call SSL_shutdown with the SSL handle,
the return code I get is not an error or a shutdown completed
but a shutdown in progress (return code= 0).
btw, when i try to get the error code by
printf(Error code: %d, ERR_get_error());
i get Error code: 67567722
Your code says:
result = RSA_public_decrypt(pValidationData.ulValidationDataLength,
pValidationData.rgbValidationData, outputPlaintext, publicKey,
Aravinda Babu wrote:
Problem is our application will verify only DER format certificates.
So if i get the peer certificate in PEM format , i will convert
that into DER and i will verify the peer certificate.
Is there any openSSL API which will tell me a'out the peer
certificate encoding ?
Hello,
The Windows NT 4.0 system has the workstation service stopped.
This causes the following snippet from rand_win.c to return 0
if (netstatget(NULL, LLanmanWorkstation, 0, 0,
outbuf) == 0)
{
RAND_add(outbuf,
Actually before closing a TLS connection I need to make sure that no
pending data is present on the that socket. So, calling SSL_peek would
tell if this is the case or not.
No, it won't. Okay, you call SSL_peek, and there's no pending data.
Now, you're about to call SSL_shutdown. How do you
Thanks for the suggestionb but the RAND_poll function already
pulls from the system right after the big #if 0 block as described
below in the stetup for the calls.
if (advapi)
{
/*
* If it's available, then it's available in
Hi,
Can anyone tell me if SSL_peek is a blocking or non-blocking call ?
It can be either.
When I use it inside my code, then the program blocks on this fuction call
where there is no data on the socket.
If you're using blocking socket calls, that's what will happen.
The reason I want to
Thank you for your response. I have checked the
error code using SSL_get_error.
I get an SSL_ERROR_SYSCALL (5) return code,
indicating an I/O, but the error queue is empty.
My application continues to function. It is fetching
an HTML document over an HTTPS connection.
This is a
Where can I find a detailed description of how to
compute the RSA private key? Well structured C
or C++ code might do.
Thanks,
Mike.
http://en.wikipedia.org/wiki/RSA
In the section Operation, the first set of 5 steps beginning with Choose two
distinct large random prime numbers p and q
09dirkd+sRoXWShF8ctVVb4B1PAFTOBEa8diickehnAyEq6KhzLWpQqhqCnylETw\r\n
Drys2uVaAzmRhS6tGJ2fdwPnlSLJrQbHuP938BkyxNhdYN8drfqb\r\n;
You appear to have an extra ; here ---^
But that should give you a compilation error.
-END RSA PRIVATE KEY-\r\n;
That
Stanislav Mikhailenko:
Hello I use openssl 0.9.8i in my project under Win32.
There are some leaks detected when i do just it:
X509* x=X509_new();
X509_free();
It was in previous versions too.
What should i do to remove this?
Did you confirm that the memory was leaked and
Solveig Viste wrote:
I have an application which is occasionally hanging.
I have tracked it down to an SSL_shutdown call.
The value (0) returned from the shutdown call indicates
that the shutdown is not finished.
As happens with non-blocking sockets, sometimes the operation does not
Isabel [EMAIL PROTECTED] wrote:
1) Is the software compatible with XP? If not, what is the compatible
version and what are the costs involved in upgrading?
OpenSSL is compatible with XP. OpenSSL is a library and you are probably
using it through other programs. You need to investigate their
On Fri, 2008-09-26 at 13:46 -0700, David Woodhouse wrote:
At the worst, I should be able to reverse-engineer the library I have.
The first failure seems to have been a discrepancy in epoch numbers.
Comparing behaviour of their library and 0.9.8e, I find that theirs is
adding '00 01 00 00 00 00
On Sun, 2008-09-28 at 18:56 +0100, David Woodhouse wrote:
On Fri, 2008-09-26 at 13:46 -0700, David Woodhouse wrote:
At the worst, I should be able to reverse-engineer the library I
have.
The first failure seems to have been a discrepancy in epoch numbers.
And the others are due to patches
Hi SSL experts,
I am using the s_client.c and the s_server.c for my ssl client and
server. I need to find the socket calls such as send and recv. ie
SSL_write( ), SSL_read( ), bio_read( ), bio( ) write etc will
finally have to make a call to the socket calls such as send and
recv as I
On Tue, 2008-09-23 at 23:12 -0700, nagendra modadugu wrote:
Hi David, unfortunately I've been out of touch with the developments
to DTLS for some time. I forwarded your message to Eric Rescorla
who worked with Cisco to get their implementation working.
Thanks.
I suspect that Cisco has
I am rather confused why people need to drop out of FIPS mode. The
Federal Information Processing Standard dictates that FIPS-validated
cryptography be used for everything that requires cryptographic
transformation for storage (or really anything that enters or leaves
the cryptograpic
I am trying to use a memory BIO to decrypt data
from a TCP stream I am processing,
I have followed the following steps and for some reason
I am still not able to get the
SSL_READ function to return anything but -1?
I have looked at the archives and it
appears that this method has worked
Dave,
It appears that my take on this was really off, thank you for
your explanation, what I am trying to do
is to create a utility like ssltap that will allow me the ability
to pull decrypted data out of a
connection between a browser and Apache. So it appears I need to
build some
501 - 600 of 1731 matches
Mail list logo