OpenSSL command line HMAC
Hi, To generate an HMAC key using SHA-256, I can issue the following command: openssl dgst -sha256 -hmac key -binary message.bin mac.bin I realised (eventually!) that the key is not supplied as a hex string (0a0b34e5.. etc.) but in a binary format. Obviously this leads to some fairly unpleasant command lines when the key contains non-printable characters. Can anybody comment on whether this is likely to cause problems for Windows or Linux? Looking at the source code, there doesn't appear to be any other mechanism for passing the key via the command line. I'm using the FIPS 1.2 flavour of OpenSSL. Many thanks, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
get server certificate after handshake failed
Hi. I have got the following problem in my application: - I have added an own callback function for certificate verification, which will let the handshake fail if the verification fails. - But if a verification process fails, I need the presented server certificate outside the callback function. - The problem is, that the function SSL_get_peer_certificate() returns NULL, if the handshake failed, even if the server has sent a certificate. So is there an easy way, to pass on the tested certificate from the callback function? I've tried to store the certificate in an extra data field with SSL_set_ex_data() and read it out with SSL_get_ex_data. That solution worked fine, until I compiled OpenSSL with thread support. Is there a special way of using SSL_set_ex_data() in a multi-threaded application? Thanks, Roman __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Errors in openssl-SNAP-20090130
On Fri January 30 2009, The Doctor wrote: From this morning's compile: - - - 380KB snipped - - - *) You have read the first paragraph of: http://www.openssl.org/source/repos.html Correct? *) Please keep these posts off of the users list; The developers can speak for themselves, but they have probably read the above paragraph. *) When posting, please trim the content down to the relevant portion - if you don't know the relevant portion - don't post. Example follows: making all in ssl... gcc -I../crypto -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall -mcpu=pentium3 -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c s2_pkt.c s2_pkt.c: In function `n_do_ssl_write': s2_pkt.c:546: `p' undeclared (first use in this function) s2_pkt.c:546: (Each undeclared identifier is reported only once s2_pkt.c:546: for each function it appears in.) s2_pkt.c:518: warning: unused variable `size' *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-SNAP-20090130$ exit exit Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Openssl signature verification
From: owner-openssl-us...@openssl.org On Behalf Of Ajeet kumar.S Sent: Friday, 30 January, 2009 00:07 In openssl API X509_verify(X509 *a, EVP_PKEY *r) is used to verify the signature of certificate. I have some doubt please help me. Is in this API we are passing the CA certificate and public key of CA certificate? We pass any cert and the key we believe (are told) will verify it. CA root certs are self-signed; the key _in_ the cert is used to sign it, or to be precise the keypair whose public half is in the cert is used. As a result you can't trust a root cert simply because the signature verifies; you must have other evidence this is the/a valid root cert from/for a given CA, such as a trusted distribution or manually-checked fingerprint. Lower-level CA certs (if any) and end-entity certs are signed by a parent cert, or to be precise by a keypair whose public half is certified by the parent cert. If you instead use X509_verify_cert, it tries several methods to find and verify the whole cert chain (from a root) by looking in (data from) a configurable file and/or (hashed) entries in a configurable directory. If you want to do this job or part(s) of it yourself, you can look at that for an example, but it's pretty complicated. What is data over SSL compute the HASH? The DER-encoded CertificateInfo portion of the cert, which is the first element in the outermost SEQUENCE and contains version, serial, copy of sig-algid, issuer name, subject name publickey, validity period, and for v3 optional extensions such as keyusage, subjectaltname, keyids, etc. This is everything in the cert except the appended algid and signature, and is indented under Data: in the display from openssl x509 -text . SSL will decrypt the CA signature (Which is on CA certificate bundle)? Decrypted CA Signature will match to above HASH.(query 2)? For RSA signatures this is approximately true. You actually raise the signature value to the public exponent (like RSA encryption) rather than the private exponent (as for RSA decryption), and the (standard) padding is different for sign/verify than for encrypt/decrypt. For DSA signatures this is not true at all. There is no corresponding encryption or decryption; there is simply a signing algorithm and a verifying algorithm. You apply the verifying algorithm to determine if the received signature is correct for the (recomputed) hash. You separately asked In Openssl for signature verification we are using API ASN1_item_verify(). Let me know the data which is used for finger print (signature) creation is the CA public key or some thing else data . Please clarify this doubt. How we are verifying the signature? If you mean in crypto/x509/x_all.c X509_verify(), we are verifying the signature in the cert, of the data in the cert, using the key. No fingerprint is involved. This only applies to X509 certs; the verification of signatures on other things is similar but not identical. Fingerprints can be used in lots of situations and ways. _PKI_ fingerprints can meaningfully be computed on either the whole CertificateInfo thus verifying all the attributes directly, or just on the publickey since that is enough to verify the signature. But a fingerprint is not a signature; it does not itself have any cryptographic protection. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Openssl: bio/crypto orthoganalization
I've not looked at the OpenSSL code for a few years now. Last time I looked the only way to do things was via a BIO and the BIO functions did the crypto. This is totally inappropriate for many server designs. I would like to ask if the crypto/bio functions have been factored apart so they are orthoganal. To my way of thinking we should have a way to basically do this: 1) define a single structure which will carry all data for a connection. This can be referenced from say an fd which is returned by fopen(). 2) define a single function which might for instance use a state flag and plug it into a case statement in order to call the appropriate step in the crypto pipeline. Thus the interface might work something like this: A packet comes in via say fread(). This packet is then passed into OpenSSL as follows: ierr=OpenSSL(control_code, fd, p_fd-OpenSSL_connection_data, packet_in, packet_out); In this case the control_code might be a constant which might have values like initialize, release, abort, establish_connection (many steps), encrypt, decrypt and whatever else is appropriate. 3) with something like this the bio() functions I looked at before are easy to implement... but if the application needs to do the I/O then it can. 4) another thing that should be done if it is not already done is that all malloc()ing should be controlled such that malloc() takes place a page at a time and the needed space is allocated from the pages in a pool indexed by the fd number. If this is done then the memory for a connection can be released easily adn memory leaks cannot occur. The point here is that if a connection is lost we simply blow away all the data held in OpenSSL_connection_data and blow away all pages associated with the page pool holding allocated memory and we are done. The crypto functions don't even need to know it happened. I'm not looking for details at this point. I just want to know what the status of the code is. Thanx. Terrell __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org