thanks a lot for answering my question.. but is this the only way?
it seems a bit overwhelming for me.. isn't there any other way?
like any function we can call?
Rather than risking you screwing up security-critical code, why don't you
paste the part of the code that sets the validity and
I´m adapting a PKCS#11 module for using it on Ubuntu Feisty. I had it
perfectly working on Ubuntu Dapper, but when I compile it (using g++
4.1.2-0ubuntu4 and Kdevelop 3.5.6) and compiler reaches to the call
EVP_idea_cbc(), it shows me this error: 'EVP_idea_cbc' was not declared in
this
What I am trying to accomplish is create a remote application with an
embedded private key that can securely retrieve a small block of data.
I started by generating a private key without a password:
openssl genrsa -out private.pem 2048
I then used various methods to hide the key in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL 0.9.7j on OpenBSD 4.0
1. Created a cert for host.domain1.tld (a mail server that houses
multiple virtual domains, but its real hostname is host.domain1.tld)
using the commands and config file listed below
2. Installed the root CA cert and
-Original Message-
I developed an SSL-enabled web server. I'm firing up SSL on incoming
connections with SSL_accept().
Now, if someone connects to my webserver not using SSL, but sending the
GET ... without the SSL handshake, I get an SSL Error
(error:1407609C:SSL
But as per the behavior of the Edge triggered epoll,
the epoll_wait will raise event only if it receives a data
after putting this in the read event of epoll every time.
Does this affect the behavior of SSL_read / SSL_write. If any
one implements the server using epoll ET can you please let
There are right ways and there are easy ways. The easy way is to
non-destructively read the first character on the connection.
What is the right way?
Zack
There are three right ways (and reasons why some or all of these are
sometimes impractical):
1) Don't get into this situation in the first
David,
Perfect - thanks!
Peeking at the first byte with recv(sock, buffer, 1, MSG_PEEK) works :-)
I'm not very familiar with the SSL handshake. What are the
chances of a G
or P being the first byte of the handshake itself?
0% until SSL version 71 comes out.
DS
Hello,
David,
Perfect - thanks!
Peeking at the first byte with recv(sock, buffer, 1, MSG_PEEK) works :-)
I'm not very familiar with the SSL handshake. What are the
chances of a G
or P being the first byte of the handshake itself?
This is not good solution,
Yep, that's the first
be sure to not use the same
encryption keys or algorithm?
Thanks
David
- Original Message
From: Michael Sierchio [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Monday, July 2, 2007 11:14:58 AM
Subject: Re: use ssl for ssh transport layer (not proxy bypassing)
David Latil wrote:
I
skeptical to say the least of the
cost/benefits of this.
I sure would appreciate if someone could tell me if this is a bad idea and why,
the more I know now at this time the better.
David
Be a better
the better.
David
I think it's a bad idea. SSL and SSH are well-tested and well-understood.
Any combination of them that you make would not have either of these
properties. Further, if any vulnerabilities appear in either of these
protocols, the blame will be shared across the designers, validators
i am trying to use the BIO_f_cipher to encrypt/decrypt data
coming/going over
a socket BIO. Everything works fine, just the last message that is sent
blocks the receiving side until a socket timeout ocurrs - at that
time the
last block is properly decrypted. Is there something that
I am using openssl for rsa encryption/decryption.
I have some questions.
1. What is the format of the encrypted data ?? It is neither ascii text
not binary nor unicode. what is it ??
There are any number of possible formats for encrypted data. You could have
raw binary RSA encrypted data,
Hello,
is there a way to ascertain that the data I am BIO-putting to an
HTTPS server
are actually encrypted, apart from watching the data flows from my openssl
application to the server, using tcpdump?
Thanks.
My classic answer to this question is what is your threat model. Or, to
put it
I would like to create a individual space for all my customers, using
their own domain name.
For example
debian.org - debian.org.example.com
linux.org - linux.org.example.com
uk.debian.org - uk.debian.org.example.com
I tried to create a wildcard certificate for example.com, but it only
For example if client connects, you may recv(,,,MSG_PEEK) 5 bytes
from client socket and check if this bytes are valid SSL2/SSL3/TLS1
record header (SSL2 and SSL3/TLS1 record headers are different).
If yes, then you can call SSL_accept() on client socket
if not, you can read()/write()
This
Hey! Seems that recv(,,, MSG_PEEK); worked just fine for what I
wanted to do!
Thanks for your help guys! :-)
What if your recv(,,,MSG_PEEK) only returns one byte?
OK, will be enough.
If you can make the decision with just one byte, I believe you are okay.
DS
That's the reason secure tokens exist: they do not in any way allow
'public' access to the secrets stored. Think of them as 'write once'
devices; they are secured by off-loading part of the crypto process to
the token itself: you will only be able to read derived data. Since you
use a
Hi at all,
is it possible to change the OpenSSL RSA functions so that I can use
a different - may be a variable - block size. At the moment the block
size on the OpenSSL RSA functions depends on the length of the RSA
key pair and the kind of padding (following PKCS#1 v1.5, which means
11
But can I use e.g. a 1024 bit key pair with a block size of 116
byte, that is not depending on the problem shown above, isn't it?!
What is the security reason, why not to do this?
That would seriously weaken the security properties.
http://en.wikipedia.org/wiki/RSA
Read the section on
I am trying to create a proxy that reads packets from one side and sends
them over an SSL connection to the other side.
However, I frequently notice that some SSL_write()'s present a
delay of 1sec
to send the data (I receive a packet at time 0sec
and it is sent at time 1sec). Can I flush
If the server is doing all the encryption, then presumably the server is
responsible for storing the keys someplace where it has ready access to
them.
That's really not something you can assume. For example, the server might
hold only public keys and when it needs to decrypt something, the
Is it possible you ran config instead of config fips? I can
reproduce similar errors (different symbols) if I run config instead
of config fips in my build environment.
-David
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of hweeli
Sent
I'm developing an application in which we're using AES
to encrypt files as they're transferred from another system
and saved to disk. We'd like to provide the ability for the
application to resume a transfer that was interrupted mid-stream,
but the encryption throws a bit of a wrench into
Fortunately, we're not locked into any particular implementation
strategy, so if we're barking up the wrong tree, there's opportunity to
change. For example, we've also considered:
- Having the client do the encryption, which makes resuming
uploads trivial, but complicates the client
Did you call SSL_library_init(),SSL_load_error_strings(), etc.?
gary clark [EMAIL PROTECTED] wrote: Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
Any help would be appreciated.
David Huffman
Storix, Inc.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
and you've just multiplied your public key computation
load by a factor of three of four.
No, you merely double it. One - check that the identity cert is
valid, two
- that the attribute cert that *you* are interested in (out of a
dozen that
may be attached to this identity cert) is OK.
I want to reduce the reading the response time, so that the
performance will get improve.
I want to read all the bytes at a time.
SSL_read API is taking much time to read all the bytes of the response
from the server.
First time it is going to read 112 bytes, then 1300 bytes,1460
// Receiving WANT_READ during an SSL_write
bool writeSuccess = false;
while (!writeSuccess) {
ret = SSL_write(...)
if (ssl_Error(ret) == SSL_ERROR_WANT_WRITE) {
// Wants a write, just re-try the operation.
Continue;
}
Why are you retrying
Thanks for your response David, Rodney.
I understand (clearer now) the requirement that:
* If SSL_read reports WANT_WRITE; we need to issue an immediate SSL_write
However; what do I actually write? Do I write a blank/empty string
(SSL_write(ssl, , 0)?) - I may not have anything to write
The design of the application is that there are worker threads which
pick up data and send them out via the sockets. This works for the most
part, however as mentioned it will sometimes no longer appear to work
(data is not received in a timely fashion for example). I would think
this is
If you're talking about the cert and session key you posted, anyone can
get
the cert from the server and the master key is useless.
DS
__
OpenSSL Project http://www.openssl.org
Hi ,
In my SSL enabled client application , about 100 threads are spawned
and connection with a server is attempted. The application crashes
with the following message getting printed on the console. The
behaviour is random.
md_rand.c:312: ssleay_rand_add: Assertion `md_c[1] ==
Thank you
I did it but I think that is too difficult for me without
explications of functions and structures and
... There isnt
a manual (guide?) or a document about this functions?
Regards
I would very strongly advice you to find a knowledgeable security expert to
assist you. What you
Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public
key from openssl rsa command, because we need to get the public key in the
rsa PEM format at the time when we issued the certificate and upload it to
our production database.
Hi David,
I've tried the following command, but it failed to load cert:
$ openssl x509 -outform PEM -inform usercert.pem -pubkey
bad input format specified for Certificate
unable to load certificate
Thanks,
Janet
You didn't specify the input format. Try:
openssl x509
Hi, is there a function or something similar to create keys
and certificates directly from code?
Thank You
Yes. There are functions like RSA_generate_key, DSA_generate_key, X509_sign,
and so on.
It is not a particularly simple thing to do though. Look at the example code
in apps/ca.c,
Ok, so i guess i do somehow have to convert that hex data into
binary, right?
i tried to do this with xxd, but i cant seem to find the option i
need. i pasted the output of -help for xxd below. I tried:
xxd -r infile outfile
but had to learn that a hexdump is not quite what my key is ..
i
My program is exiting abnormally because of
RSA_free(rsa);
The two most common explanations are:
1) You are freeing a structure that has already been freed. This could
either be because you didn't have a reference to it when you thought you did
or because you freed a larger structure that
I'm trying to compile with the following options, but it's insisting
on using the 64 bit version and I can't seem to get around this.
# ./config --install_prefix=/usr/src/OPENSSL --prefix=/usr/local/ssl
--openssldir=/usr/local/ssl --shared solaris-x86-gcc
Operating system:
Well, client initially sends a http request to port 80 and my web
server redirects the client to use https using 302 http header if
SSL is enabled in my switch. As a result of that, client would resend
https request to port 443. However I do not understand why that should
cause this problem.
How would one normally go about loading things like server keys if
those have to be encrypted as well?
Ideally, they would be stored in a FIPS-approved security token. Otherwise,
I'm not aware of any FIPS-approved algorithm for encrypting keys other than
AES wrap (RFC3394). I'd love to hear
Hi DS
How do we handle closure in openssl??? . I just call:
[snip]
But sometimes I receive return 0 for both call. I do not know why, so I
just call one time
SSL_shutdown(ssl);
SSl_free(ssl);
close(sock);
Please help.
It depends on how you created the SSL connection in
I am trying to rewenew an expeired certificate on a windows
server 2003 machine. None of the steps in the RenewCert.txt
document seem to apply. I did not set this server up originally
and I need lots of help trying to figure this thing out.
Is your problem obtaining the renewed certificate
The problem is with installing it on the server. It is a windows
2003 server with II6, however the certificate isn't being handled
by IIS. I have no real clue how this thing was set up so I'm
grasping at straws. Gotta love clients that hire college kids to
do work, then are stuck when the
We use OpenSSL for encryption within our application.
I am now enhancing our application to become FIPS compliant.
The OpenSSL FIPS Security Policy lists RSA key wrapping and
key establishment as non-approved. But the policy states that
it is included when 80 to 150 bits of encryption
I have Client/Server application using openSSSL.
Server spin-off threads to handle each client SSL connection.
I get the following memory leak report when I run valgrind.
I think I am shutting down/freeing all the memory correctly.
[snip]
These are empty stacks. It's not a leak because the
I have Client/Server application using openSSSL.
Server spin-off threads to handle each client SSL connection.
I get the following memory leak report when I run valgrind.
I think I am shutting down/freeing all the memory correctly.
[snip]
These are empty stacks. It's not a leak because
Hi David,
Thanks for your sound replay :)
I'll take care of this caveat in action...
I understand that the same scenario would be applicable in the
case of multiple threads handling the same fd even though we
managed to get it synchronized using some mutex.
Please correct me if I'm
Victor
Thanks for your reply.
Is there a specific reason why this is not supported
by openssl?
It would add a lot of overhead and complexity to a significant fraction of
the code for a feature that isn't all that useful and wouldn't be used all
that often. It also creates a few thorny
It would be immensely useful in Postfix, because we could cache and
re-use TLS encrypted connections. I would minimize the utility of the
feature, but it is nearly impossible to retrofit. The design would have
to support very complex serialization or many related data structures
and I/O
Apologies if this was already responded to:
Or if I put it in another way, if SSL_read() returns,
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE (from SSL_get_error())
on the socket fd then, can I send data on the same socket using
SSL_write() ? (Provided, both read and write operations on the
I want to generate a large random bitstream witch
is deterministic (given a certain seed).
If for example, if I have 2 diffrent programs running,
both possessing the same session key.
I seed the generator in both applications with this session key.
Both applications should receive the
Sorry to be rude, but your post just told me what I already know :),
If that's true, then you are asking the wrong questions.
my lack of knowledge at security, but didn't help me a bit :(
(not sure if the post was meant to be helpful).
I told you exactly what you need to do. Spend several
About a year ago, I posted to this mailing list looking for
information debugging errors I had trying to make stunnel operate in
OpenSSL's FIPS mode. I was able to do this with the help with the aid
of Dr. Henson.
One of the suggestion he made to me was to convert my private keys
into PKCS#8
Thanks for the reply Goetz, appreciated! I believe with signing
the license
information (correct me if I am wrong), I have to provide the actually
license info/data (in plain clear text) along with the data
generated during
the signing process. The problem with this approach is, that
It's just this I'm having a hard trouble to grasp.
Normally with say 'write' I would do
// pseudo code
while(written len)
written += write(fd, my_packet + written, len - written);
But because SSL_write handles an internal queue and calls for
sending the same
argument all the time I
So what would be your recommendation?
Partial writes or not ?
Sane non-blocking implementations pretty much have to enable 'partial
writes' and 'enable moving write buffer'. Otherwise the semantics become
insane, as you pointed out.
It all seems a bit unclear to me still I'm afraid. mostly
So what you are saying is the scenario we have been discussing so far is
possible ONLY in case of memory allocation issues NOT OTHERWISE.
I guess I will have a look at the SSL_connect code before I just
trust this
:-)
I would still recommend coding to handle this case. Perhaps the next
Call SSL_write with the same parameters until it succeeds. You need
to handle WANT_READ and WANT_WRITE return values.
I guess that is clear enough.
but does that imply if I call
SSL_write(ssl, buffer, len),
it will ONLY return len
or 0 ?
I mean if it returns len/2 (sent only half
I see, so if I disable PARTIAL_WRITES, will that mean that it will return
values as I wrote up there?
PARTIAL_WRITES has no effect on the meaning of the return value. It just
controls whether or not the internal write logic tries to continue writing
if the underlying write partially completes.
I am unable to think of a scenerio why ur case is possible unless some
serious network congestion has developed and pkts were lost..i dont see
how..but the experts might able to give u a better idea.
You get a SYN, send a SYN ACK, other side sends an ACK, then the other
side's Internet
I have a SSL server application in which the certificate file is rsa.der
and key file rsakey.dat.
There is no standard key file format that uses a '.dat' extension that I
know of.
What is the *.dat format? How does it differ from pem and der formats?
How do we generate one with OpenSSL?
I
If the scenario mentioned above is possible, then the server
will be blocked in the SSL_accept() (until the underlying tcp
connection is broken) and hence wont be able to service other
clients' connection requests
This is the Toyota Principle, you asked for it, you got it. If you don't
want
Thanks Steve!
But How can i go to the command prompt ?
I think thats the problem... i didnt understood the order:
...Then from the VC++ environment at a prompt...
There should be a shortcut. For 2003, in the default, it's:
Microsoft Visual Studio .NET 2003 -
Vistual Studio .NET Tools -
Does anyone know how can the encryption key used to
secure SSL communication be changed/rotated over a
long-lived (hours to days) SSL connection to prevent
sniffers from deciphering the key by analyzing a
arge amount of traffic?
Look at SSL_renegotiate() and SSL_renegotiate_pending()
1)created CA using openssl
2)Created CA cert.
3)Created server cert signed by CA cert
4)Imported trusted CA cert and server cert into SunOne Webserver 6.1
instance.
5)Enabled SSL communication in web server
6)created pkcs 12 cert signed by above CA
7)imported the cert in browser
8)trying
hello,all,
does anybody know how to set up keep alive signal in
openssl programming and how to know the connection is
losing by using keep alive signal? thans a lot.
The same way you do that in TCP.
DS
__
OpenSSL Project
Error validating server certificate for 'https://acer9100:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: acer9100
- Valid: from Mar 9 14:29:17 2007 GMT until Mar 8 14:29:17
However, in a strict local configuration like my testing environment the
concept of trust is non relevant. I'm able to consider my CA and
certifictae
trustfull. And so the problem is only technical.
Basically how to complete (technical) trust between both ?
It depends upon the precise
As my security experience is not very broad I think that as you properly
pointed I was confused by the security model.
If this is a real-world application, you really need to stop *immediately*
and get someone with much more security experience to review what you're
doing. If we fix all the
cout Set BIO block size (ex: 4096): ;
cin nBioBlockSize;
What value are you using for nBioBlockSize?
else
{
BIO_ctrl(out, BIO_CTRL_FLUSH, 0, NULL);
}
Why is this here?
DS
__
Can any please tell me how to configure/compile FIPS on VC6?
I am failed to do the configuration.
C:\openssl-fips-1.1.1\openssl-fips-1.1.1perl Configure VC-WIN32 fips
[snip]
What have I done wrong?
You are showing the commands used to build a FIPS capable OpenSSL, not the
commands to build
with
other utilities. I tried using this with VC7 and VC8. I was successful linking,
and things ran fine in non-FIPS mode. When I tried enabling FIPS, I found
problems with global statics in the FIPS module not being initialized properly.
I have not found a resolution for that.
-David
I will have to retry this. I was using gcc 3.2.3.
Thanks
-David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, February 23, 2007 9:54 AM
To: openssl-users@openssl.org
Subject: Re: FIPS compilation with VC6
On Fri, Feb
linker
actually has a -n option, so it does not cause an error. However, I do
not know if there are adverse impacts to linking with the -n option.
-David
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BATCHELOR, SCOTT
(CONTRACTOR)
Sent: Friday, February 23, 2007 12:37
initialized
properly. I have not found a resolution for that.
-David
Did you compile/link in fips_premain.c?
DS
Hi Kit,
u can follow the instruction give in file INSTALL.W32
for installing openssl-fips-1.1.1.
1. Install active perl on C:\
2. Extract openssl-fips-1.1.1 at C:\
3. Then -c:\openssl-fips-1.1.1perl Configure VC-WIN32
--prefix=c:/OpenSSL/SSL this can be any path u like.
4.
Hi David,
Yes, I did link with fips_premain.c. I specified the compile and link
options for the fipslink.pl script, and included fips_remain.o as an
object.
The problem was that static globals in the gcc-compiled code were not
initialized. For example, I believe there was static int
This among other things requires the application to enable FIPS
mode which a
typical application will not do. One of several effects of
entering FIPS mode
is to disable the use of non-FIPS algorithms: this may cause
problems where
the application expectes to use such algorithms and cannot
I'm sure I'm doing something stupid. I'm trying to build a FIPS capable
OpenSSL on a run-of-the-mill Linux box. I build the FIPS canister and
untarred a fresh distribution of 'openssl-0.9.7l'. I configured it with
./config fips no-rc5 no-idea and it found the FIPS stuff. Then I did a
that linker and created a symbolic link to my GNU linker. I was
then able to successfully build FIPS on Solaris.
I suspect a similar thing is happening for you in HPUX. You need to use
GNU's ld.
-David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher
Marshall
Sent: Thursday, February 15, 2007 2:10 PM
To: openssl-users@openssl.org
Subject: RE: compiling openssl-fips-1.1.1 on HP-UX 11.11
David:
Thanks for the info. Interestingly enough, I
I'm quite aware that that high goal is quite hard to reach, but
still it's my
goal. Aim for the star and you'll reach the top of trees.
That make sense.
Yeah, I have been reading up a lot on select and poll, etc.
It seems epoll is the way to go.
Yes, 'epoll' is the most efficient
Hi I have problem,
Is there any function in Openssl, that says me, that connection
is active?? I create a new TCP connection with BIO_do_connect, it
returns me, that connection was established. Than I make some
another things in my program, after a while a send through this
connection some
I'm about to develop a server application which should be able to
handle ALOT of connections, say 20k-30k
Any suggestions as to how I should tackle this problem?
It takes a lot of experience to develop a system that can handle more than
10,000 simultaneous connections. I don't think it's
Hi, I have a question. I have multithread system, with non
blocking I/O and perhaps 100 connections to servers. I have a
special thread, that waits on select(). When it returns me, that
I have some data for reading, I start the reading for every
connection.
That's not particularly
Hello. I have a question about BIO_read function ().
I am trying to read data from BIO, i have a buffer to place data in it.
But how can I know that there is more data (xml/xmpp in fact) in BIO?
This way I can grow the buffer and append new data to it. Thanx.
If there is at least one byte of
Hi Everyone,
My problem is with Windows 200x generated certificates. The Windows
servers are set to local time, but when I import or use these
certificates within OpenSSL they appear to be set to GMT time. The
certificate's validity is not valid between the offset of GMT to the
localtime
Please reference http://www.openssl.org/support/faq.html#PROG13 --
I think I've detected a memory leak, is this a bug?
Thanks!
It doesn't matter if I call those cleaning functions, the leaks are
still there.
In most cases the cause of an apparent memory leak is an OpenSSL internal
from an existing RSA key?
And if this is not possible: How can I create a .pem file (preferably
not using the command line) and read the RSA key out of it.
Many thanks in advance,
David
__
OpenSSL Project
Hi,
sorry, please let me ask this question:
The ASCII files OpenSSL produces all look like
BEGIN CERTIFICATE
...
END CERTIFICATE
Is the number of dashes reliably 4? And what is the name
of this file format?
Yes. PEM.
DS
Hi DS
However, do not select for read if you call BIO_read after calling
BIO_write. You can deadlock if you do this. Consider:
1) You call BIO_write, you get SSL_ERROR_WANT_READ because handshaking
has not been read yet.
2) You (perhaps in another thread) call BIO_read, it reads the
WRITING:
when BIO_write() returns me SSL_ERROR_WANT_READ, it`s because I
have in SSL buffer some data for reading (perhaps the message
from server) so I need to call the BIO_read function.
No, you call the BIO_read function when you want to read data from the BIO.
When BIO_write returns
or i should close all ssl connections based on a ctx before i
call SSL_CTX_free?
Yes, you should.
Huh? Why?
What would be the point of having a reference count if you had to get rid of
all other references before you could release your own?
A chunk of code should call SSL_CTX_free as soon
Guys:
I have a listening socket, waiting for connections from clients. When a
client connects to my server, I put SSL on socket and spin up a thread
to handle it. One client is one thread. All of these connections are
shared by same SSL_CTX ctx. This is the way I handle at the end of this
guys:
the man page for SSL_CTX_free says:
SSL_CTX_free() decrements the reference count of ctx, and removes
the SSL_CTX object pointed to by ctx and frees up the allocated
memory if the the reference count has reached 0.
i have a couple of questions regarding this:
1. what make the
Hi Marek Marcola
I do the following:
1. Create ctx
2. Create ssl= new (ctx,...)
3. printf ( Number of ssl %d, ctx-references)
Step 3 show me 2 instead of 1 ( I only have one socket ssl with ctx).
Why ?? Please kindly help me.
Your question is baffling to me. How could it possibly be
901 - 1000 of 1731 matches
Mail list logo