RE: Direct trust in server certificate?
Victor,
Thank you. I've managed to write code that does fingerprint verification
like you suggested, and it seems to work.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Wednesday, February 13, 2008 8:59 AM
To: openssl-users@openssl.org
Subject: Re: Direct trust in server certificate?
On Tue, Feb 12, 2008 at 04:33:49PM -0500, Cooper, Andy wrote:
Now, on the client I'm trying to make sure that only the certificate
I've created is valid and that any other certificate is not valid.
What I'm seeing is that the client doesn't seem to care about the
server certificate as long as it has the CA certificate in its trusted
certificates file.
The OpenSSL verification callbacks only (optionally) verify the
certificate trust chain. Verifying that this is the right cert for a
given destination is application code you have to write, as OpenSSL has
no idea who you expected to connect to, or what your matching rules are.
Is there any way I can make the client ONLY accept the one and only
server certificate that I specify and deny other certificates issued
by the same certificate authority?
As an example, see:
http://www.postfix.org/TLS_README.html#client_tls_fprint
the code to compare the peer cert against the expected fingerprint is
something you need to provide.
The X509_digest() routine allows you to obtain the peer certificate
fingerprint. You could instead fingerprint just the public key, which
will continue to work even if a new cert is issued for the same
private/public key pair.
int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
The pubkey version is less convenient for users. I am not aware of any
standard command-line tools to print the pubkey fingerprint from an x509
file. The C API appears to have been added in 0.9.7.
If you switch to verifying the fingerprint, you can entirely forgo the
trust chain verification, it is no longer needed. Just use
SSL_CTX_set_verify() with a callback that always returns 1.
static int ok_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
return 1;
}
...
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, ok_cb);
...
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: possible SSL_write bug
You are right, it is just a signal I should ignore. Now it works perfectly. Maybe the fact that the SSL_write might rise a SIGPIPE should be in the documentation, because it happens only in particular situations (2 writes in a row with connection closed remotely), and it might cause occasional crashes of an application, which are harder to solve. Thanks for your help. David Schwartz ha scritto: Program received signal SIGPIPE, Broken pipe. You need to either catch or ignore SIGPIPE. There is also the output of the program. I think the focus should not be on the call the caused the crash, but on the call before, which returned 7 even if the connection was closed. There's nothing unusual about that. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RAND_load_file question
Hi,
I am making an application that makes SSL connections. The problem is
that my application will run in a chrooted environment, and will not be
able to access /dev/urandom, but I have a function available which can
read random values from a TRNG. I would like to know if my approach to
the random initialization is correct. I just write a file with 1024
bytes of random data, call RAND_load_file passing that file, and delete
the file.
#define TMP_RAND_FILENAME /tmp/aaa
#define RANDOM_DATA_LEN 1024
static int seed_prng(void)
{
unsigned char trng_buff[RANDOM_DATA_LEN];
{
unsigned short count = 0;
while(count RANDOM_DATA_LEN)
{
if(trng_read((unsigned int *)(trng_buff + count))!=0)
return -1;
count += sizeof(unsigned int);
}
}
{
int fd;
fd = open(TMP_RAND_FILENAME, O_CREAT | O_TRUNC | O_WRONLY,
S_IRUSR | S_IWUSR);
if(fd 0)
return -1;
if(write(fd, trng_buff, RANDOM_DATA_LEN) != RANDOM_DATA_LEN)
{
close(fd);
return -1;
}
close(fd);
}
if(RAND_load_file(TMP_RAND_FILENAME, RANDOM_DATA_LEN) = 0)
return -1;
unlink(TMP_RAND_FILENAME);
return 0;
}
Thanks in advance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: possible SSL_write bug
Alessandro Pivi - GLOBALcom engineering wrote: You are right, it is just a signal I should ignore. Now it works perfectly. Maybe the fact that the SSL_write might rise a SIGPIPE should be in the documentation, because it happens only in particular situations (2 writes in a row with connection closed remotely), and it might cause occasional crashes of an application, which are harder to solve. Thanks for your help. I guess it's implicit in the sense that /if/ the underlying BIO uses a socket then the scenario you described (writing into a broken connection) can generate a SIGPIPE. I wouldn't call it SSL_write()'s property. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
AES_set_encrypt_key() function fails for 256 bit key length on solaris10amd64
Hi, I'm writing an application on Solaris10AMD64 using 0.9.7d version of OpenSSL (comes along with the OS). In my application, AES_set_encrypt_key() is returning -2 for 256 bit key length. I also found that it works only for 128 bit key length. I came to know that this is a known issue with OpenSSL on Solaris10AMD64. There is also a source code patch available for this problem. http://fixunix.com/openssh/176914-patch-solaris-10-missing-openssl-functions- 128bit.html I wanted to know is there any binary patch available for this so that my application works with 256 bit key length? Thanks in advance. Regards, Radhika. DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail may contain viruses. Before opening attachments please check them for viruses and defects. While MindTree Consulting Limited (MindTree) has put in place checks to minimize the risks, MindTree will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. MindTree reserves the right to monitor and review the content of all messages sent to or from MindTree e-mail address. Messages sent to or from this e-mail address may be stored on the MindTree e-mail system or else where.
Re: Emptying the buffer
Ok, I will change that. Can you provide any guidance on how to empty the
buffer?
Thanks
On Thu, Feb 14, 2008 at 2:50 AM, jimmy bahuleyan [EMAIL PROTECTED]
wrote:
Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: ECC Self-Signed Certificate
I have noticed this as well. I believe it operates correctly in the 0.9.9 snapshot. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Bugbee Sent: February 13, 2008 8:41 PM To: openssl-users@openssl.org Subject: Re: ECC Self-Signed Certificate I've signed and consumed ECC certs just fine. My only problem is that when I specify a hash algorithm like SHA-256, OpenSSL falls back to the default SHA-1 for self-signed certs only. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Direct trust in server certificate?
On Wed, Feb 13, 2008 at 05:06:35PM -0500, Cooper, Andy wrote: Thank you. I've managed to write code that does fingerprint verification like you suggested, and it seems to work. Cool. If you are concerned about second pre-image attacks on md5, use sha1, if you are also concerned about sha1, you can use sha2 fingerprints, but these are not enabled by default when you enable just the SSL algorithms. You have to enable all digest algorithms. See OpenSSL_add_all_digests(3). Despite all the recent progress, I am not aware of effective second pre-image attacks on either md5 or sha1. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i2d_ASN1_INTEGER definition in src code
Can anyone please help me out on this...Thanks -- Shanku --- Shanku Roy [EMAIL PROTECTED] wrote: Hi Folks, Can anyone please point me to the location of function definition of i2d_ASN1_INTEGER () in OpenSSL source code. I could trace only till the following in the header files: file crypto/asn1/asn1.h: #define I2D_OF(type) int (*)(type *,unsigned char **) Thanks -- regards, Shanku Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Direct trust in server certificate?
Thanks. As it turns out I had enabled all digest algorithms and used SHA256 which is probably somewhat of an overkill ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Thursday, February 14, 2008 10:55 AM To: openssl-users@openssl.org Subject: Re: Direct trust in server certificate? On Wed, Feb 13, 2008 at 05:06:35PM -0500, Cooper, Andy wrote: Thank you. I've managed to write code that does fingerprint verification like you suggested, and it seems to work. Cool. If you are concerned about second pre-image attacks on md5, use sha1, if you are also concerned about sha1, you can use sha2 fingerprints, but these are not enabled by default when you enable just the SSL algorithms. You have to enable all digest algorithms. See OpenSSL_add_all_digests(3). Despite all the recent progress, I am not aware of effective second pre-image attacks on either md5 or sha1. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Direct trust in server certificate?
On Thu, Feb 14, 2008 at 10:56:53AM -0500, Cooper, Andy wrote: Thanks. As it turns out I had enabled all digest algorithms and used SHA256 which is probably somewhat of an overkill ... Yes, it is somewhat paranoid, but not unreasonably so. Wouldn't have brought it up it otherwise... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i2d_ASN1_INTEGER definition in src code
[EMAIL PROTECTED] wrote on 02/14/2008 05:45:21 PM:
Can anyone please help me out on this...Thanks
--
Shanku
--- Shanku Roy [EMAIL PROTECTED] wrote:
Hi Folks,
Can anyone please point me to the location of function
definition of i2d_ASN1_INTEGER
() in OpenSSL source code. I could trace only till the following in
the header files:
file crypto/asn1/asn1.h:
#define I2D_OF(type) int (*)(type *,unsigned char **)
Try something like that (after make):
$ pwd
/tmp/openssl-0.9.8g
$ find . -name *.o -exec nm -o --defined-only {} \; | grep
d2i_ASN1_INTEGER
../crypto/asn1/tasn_typ.o:1060 T d2i_ASN1_INTEGER
$ cd ./crypto/asn1/
$ gcc -E tasn_typ.c | grep d2i_ASN1_INTEGER | indent
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i2d_ASN1_INTEGER definition in src code
On Tue, Feb 12, 2008, Shanku Roy wrote: Hi Folks, Can anyone please point me to the location of function definition of i2d_ASN1_INTEGER () in OpenSSL source code. I could trace only till the following in the header files: file crypto/asn1/asn1.h: #define I2D_OF(type) int (*)(type *,unsigned char **) It is defined through a macro in tasn_typ.c but that is just a wrapper round a call to the ASN1 interpreter. The actual content processing is in the function c2i_ASN1_INTEGER(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL wants to read on connection?
From: edam ... I was wondering - where would you guys suggest I go to read up on OpenSSL programming? I've been reading their manpages online at http://www.openssl.org/docs/ but to be honest, they're fairly complicated when you're new to OpenSSL! And there are gaps in the documentation! I've ended up looking through the source of jabberd, stunnel and a couple of others for clues! Surely there must be better sites? Or good books? The Book, as referenced on the OpenSSL Website, is discussed here: http://www.opensslbook.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Where is openssl_root on OS X?
Hi, I have a pretty simple question. I need to install mod_tsa on my OS X machine. One command to be executed is: make OPENSSL=openssl_root I could not find out what is openssl_root On my Mac. Ted Zeng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AES_set_encrypt_key() function fails for 256 bit key length on solaris10amd64
Radhika Hebbar wrote: Hi, I’m writing an application on Solaris10AMD64 using 0.9.7d version of OpenSSL (comes along with the OS). In my application, AES_set_encrypt_key() is returning -2 for 256 bit key length. I also found that it works only for 128 bit key length. I came to know that this is a known issue with OpenSSL on Solaris10AMD64. There is also a source code patch available for this problem. http://fixunix.com/openssh/176914-patch-solaris-10-missing-openssl-functions-128bit.html I wanted to know is there any binary patch available for this so that my application works with 256 bit key length? Thanks in advance. Regards, Radhika. According to all the docs I have found RE: Sun, the software distributed with the OS only supports 128 bit keys. We recently ran into this because we need to use AES256 in openssh. We had to install SunFreeware versions to get that. Leonard -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Where is openssl_root on OS X?
U from a command window try: find / -name ssl ? Sent from my Verizon Wireless BlackBerry -Original Message- From: Ted Zeng [EMAIL PROTECTED] Date: Thu, 14 Feb 2008 16:08:36 To:openssl-users@openssl.org Subject: Where is openssl_root on OS X? Hi, I have a pretty simple question. I need to install mod_tsa on my OS X machine. One command to be executed is: make OPENSSL=openssl_root I could not find out what is openssl_root On my Mac. Ted Zeng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] . __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Error while execution of ERR_print_errors_fp()
Hi Group,
I am trying to create a SSL server with the following code.
I am using the function ERR_print_errors_fp to get the last error in case
of any failure. I want to divert the output to standard output stdout.
For e.g.
if(!SSL_CTX_use_PrivateKey_file(ctx, privatee.key, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
I am using the OpenSSL 0.9.8g available from
http://www.shininglightpro.com/download/Win32OpenSSL-0_9_8g.exe
This is a Visual studio 6.0 project and I have included the following
libraries in the Project Setting - Link - Object\Library module.
1. libeay32MD.lib
2. libeay32MDd.lib
3. libeay32MT.lib
4. libeay32MTd.lib
5. ssleay32MD.lib
6. ssleay32MDd.lib
7. ssleay32MT.lib
8. ssleay32MTd.lib
The compilation and linking process is done without any error.
But while exection the application exits/crashes when execution
ERR_print_errors_fp(stdout).
Any idea what I am doing wrong?
Thanks,
Parag Jhavery
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Anyone have any ideas?
Thanks
On Wed, Feb 13, 2008 at 6:44 PM, Joel Christner [EMAIL PROTECTED]
wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server socket
after encryption. One question I have is how I clear what's already been
decrypted on the server-side from the buffer. It appears that the data I've
already read out of the buffer (post-decryption) is not being discarded,
thus when data is received, it starts back at the beginning and I get the
same data back. Any insight would be much appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct sockaddr
*)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
