AES-256 - aes-586.pl - align 64?
Hi, We are trying to deploy AES-256 in assembly, and of course we ran into your code in aes-586.pl. In the code we saw that you use 64 byte alignment: set_label(AES_Te,64);# Yes! I keep it in the code segment! Which is something that gives us a headache in other modules that use openssl libraries in Windows. Do you think that there's a certain reason why the alignment should be 64? Thanks! Roi smime.p7s Description: S/MIME cryptographic signature
Re: openssl smime problem: the output of smime -decrypt is not the same to the original one
S/MIME requires that all native line endings be converted to \r\n before signing. -Kyle H On Mon, Apr 13, 2009 at 8:32 PM, xh xiangshu...@gmail.com wrote: Hi everyone, I find the output of the openssl smime -decrypt is not the same with the original one. My OS is Fedora 10 and the openssl version is 0.9.8g. I use the following command to get the encrypt version of the file a.txt # openssl smime -encrypt -in a.txt -out b.txt mycert.pem and try to use the following command to the paintext from the b.txt to c.txt # openssl smime -decrypt -in b.txt -out c.txt -recip mycert.pem -inkey priv.key The following is the hex dump and from the dump we can see that 0a become 0d0a. I think that should be a problem in the linux systems. # xxd a.txt 000: 6269 6e0a 626f 6f74 0a64 6576 0a65 7463 bin.boot.dev.etc 010: 0a65 7670 5f70 6b63 7331 315f 7465 7374 .evp_pkcs11_test 020: 2e63 0a68 6f6d 650a 6c69 620a 6c6f 7374 .c.home.lib.lost 030: 2b66 6f75 6e64 0a6d 6564 6961 0a6d 6973 +found.media.mis 040: 630a 6d6e 740a 6e65 740a 6f70 740a 7065 c.mnt.net.opt.pe 050: 7273 6f6e 616c 0a70 726f 630a 726f 6f74 rsonal.proc.root 060: 0a73 6269 6e0a 7365 6c69 6e75 780a 7372 .sbin.selinux.sr 070: 760a 7379 730a 746d 700a 7479 7065 7363 v.sys.tmp.typesc 080: 7269 7074 0a75 7372 0a76 6172 0a77 730a ript.usr.var.ws. [r...@amadis mykey]# xxd c.txt 000: 6269 6e0d 0a62 6f6f 740d 0a64 6576 0d0a bin..boot..dev.. 010: 6574 630d 0a65 7670 5f70 6b63 7331 315f etc..evp_pkcs11_ 020: 7465 7374 2e63 0d0a 686f 6d65 0d0a 6c69 test.c..home..li 030: 620d 0a6c 6f73 742b 666f 756e 640d 0a6d b..lost+found..m 040: 6564 6961 0d0a 6d69 7363 0d0a 6d6e 740d edia..misc..mnt. 050: 0a6e 6574 0d0a 6f70 740d 0a70 6572 736f .net..opt..perso 060: 6e61 6c0d 0a70 726f 630d 0a72 6f6f 740d nal..proc..root. 070: 0a73 6269 6e0d 0a73 656c 696e 7578 0d0a .sbin..selinux.. 080: 7372 760d 0a73 7973 0d0a 746d 700d 0a74 srv..sys..tmp..t 090: 7970 6573 6372 6970 740d 0a75 7372 0d0a ypescript..usr.. 0a0: 7661 720d 0a77 730d 0a var..ws.. thanks, -Derek __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Query on OpenSSL for Certificate verification
Hi Kyle, Sorry for the delayed response, I am just back form my Vacation. Thank you so much for your response and the information provided. But even with the SSL_CTX_set_verify() callback invocation, the result of the certificate validation need to be returned in the context of the callback function itself in a synchronous manner. Where as in our scenario, the cert validation status is reported back in an Asynchronous manner as I explained earlier. I am just wondering how can I realize that scenario. Thanks again. Regards Vijay -Original Message- From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Tuesday, April 07, 2009 12:26 PM To: openssl-users@openssl.org Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham) Subject: Re: Query on OpenSSL for Certificate verification This is a protocol called OCSP, with its designated responder mechanism. If you want to implement it, call the OCSP functions with the DR address and the fields that OCSP needs during the SSL_CTX_set_verify() callback invocation; if you really need to, create two separate SSL_CTX contexts, one of which calls a function to check the certificate status, the other of which always passes (so that the DR certificate doesn't need to be in the client's local store). Note that I consider this insecure. First, the denial of service potential (the DR goes down). Second, man-in-the-middle or redirection attacks (the DR is replaced by a bogus one). Third, the entire point of X.509 is to allow for clients to have all the information they need to verify certificates in the absence of an online authority. For more information I suggest you read the cryptographic literature for the protocols that exist. -Kyle H On Mon, Apr 6, 2009 at 8:18 AM, Vijay Kothamasu (vikotham) vikot...@cisco.com wrote: Hi, I am just wondering if there is a way to realize the following scenario with the help of OpenSSL libraries, here is the brief explanation in this regard. - I have a client and Server who need to setup a secure connection using TLS/SSL. But as part of handshake Server sends its certificate to the Client. But Client doesn't have any certificates with it to Authenticate the certificate, rather it needs to communicate (a non-blocking call )with another entity(like Certificate Authority (CA) ) to get the certificate validated. This CA will look through its list of certificates to authenticate the it and inform back to the Client in an Asynchronous manner(may be some callback) that the certificate is valid. Now the Client will proceed further with the Server to complete the Handshake and setup the connection. Here is a pictorial description of this scenario for better clarity - I went through the available documentation, to the best of my understanding I couldn't find the library APIs(SSL/BIO/X509) to realize the above scenario. Is there any way to fit in the above verification setup as part of the handshake? It will be of great help if anybody can provide me the pointers in this regard. Thanks for your help in advance. Regards Vijay __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl smime problem: the output of smime -decrypt is not the same to the original one
Kyle Hamilton wrote: S/MIME requires that all native line endings be converted to \r\n before signing. My understanding is that s/mime is only focused on email related, so I think it's ok using \r\n replace \r. thanks, -Derek __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RFC 4680 implementation
Hy, I want to know if there is any library that provides support for the RFC 4680, I have found this http://tlsext-general.blogspot.com/ but my problem with this library is that the client can send the supplemental data only after the server done state, and i need that data after the server hello done state. -- View this message in context: http://www.nabble.com/RFC-4680-implementation-tp23035956p23035956.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL cryptography fails in release mode, but no in debug
Hy, I'm using an older version of OpenSSL (the new one has errors in X509.h), on a Win32 machine, installed as binaries. I'm using the EVP_Encrypt/Decrypt functions and a generated key to encrypt my data, and everything works fine in debug mode. When I try to run the release mode, it still runs fine, but the decryption returns scrambled data. I've read the FAQ, and I am using the libraries as mentioned there (libeay32MTd.lib - /MDd for debug and libeay32MT.lib - /MD for release). I didn't quite understood the last part of the specific FAQ answer, about the .DLL usage. I use the LIBEAY32.DLL, the only one I have. Thank You.
Re: OpenSSL cryptography fails in release mode, but no in debug
Sorry, I made a mistake when I wrote the first text, I'm using libeay32MDd.lib - /MDd for debug and libeay32MD.lib - /MD for release. I only made the mistake writing this, I'm linking against the correct .libs in my project. On Tue, Apr 14, 2009 at 2:03 PM, Atti att...@gmail.com wrote: Hy, I'm using an older version of OpenSSL (the new one has errors in X509.h), on a Win32 machine, installed as binaries. I'm using the EVP_Encrypt/Decrypt functions and a generated key to encrypt my data, and everything works fine in debug mode. When I try to run the release mode, it still runs fine, but the decryption returns scrambled data. I've read the FAQ, and I am using the libraries as mentioned there (libeay32MTd.lib - /MDd for debug and libeay32MT.lib - /MD for release). I didn't quite understood the last part of the specific FAQ answer, about the .DLL usage. I use the LIBEAY32.DLL, the only one I have. Thank You.
Re: RFC 4680 implementation
Hi, On Tue, 2009-04-14 at 02:16 -0700, nhack wrote: I want to know if there is any library that provides support for the RFC 4680, I have found this http://tlsext-general.blogspot.com/ but my problem with this library is that the client can send the supplemental data only after the server done state, and i need that data after the server hello done state. nice to see someone is interested in our work ;-) BTW, we have a newer version of the code, with a slightly better interface, if you need. Unfortunately what you ask is not RFC-4680 compliant: the client SupplementalData message MUST be send after the ServerDone. You could take from our library and modify your own libssl to add a client message after the ServerHello, but personally I think this is more tricky (in fact in TLS there are no client's messages between ServerHello and ServerDone)... Could you explain in more details why do you really need a message between the ServerHello and ServerDone? Best regards, -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Open SSL via dyndns.org
Hi, we tried to create a ssl certification via openssl. Our problem is that we have in intern server called SVR02. This server could be reached via name.dyndns.org:443. If we create a certification with the CO SVR02 the server accept this and install the certification. But if we try it from www the reaction is that there is a non-trusting certification course we called by name.dyndns.org. If we change the CO to name.dyndns.org the certification is non-trusting by the server at all. Is there a chance to create a certification on the intern server called by the extern https://name.dyndns.org adress ? Greetings Tobias Semmet
Re: Query on OpenSSL for Certificate verification
I'd be happy to, if you engage me as a contractor. -Kyle H On Tue, Apr 14, 2009 at 12:26 PM, Vijay Kothamasu (vikotham) vikot...@cisco.com wrote: Hi Kyle, Thanks for your valuable inputs, find my response inline. Then don't return from the original SSL_CTX_set_verify callback until you either: a) receive a valid OCSP response that says it's okay, b) receive a valid OCSP response that says it's not okay, c) receive an invalid OCSP response (i.e., OCSP failure), or d) time out. [Vijay] Blocking in the callback function is not feasible as our product operates in a single thread model for what so ever reason may be. If we block in the callback function there will be huge number of other events which will not be processed till we return from this function which is really costly for our kind of scenario. You're perilously close to a chicken and egg problem here: 1) You need the certificate to check 2) you cannot get the certificate to check until you attempt to make the connection 3) once you connect, you are stuck in a state machine where you haven't checked the certificate. [Vijay] You are very correct Some browsers try to handle this kind of situation by scanning HTML for links and pre-loading them to the cache. These tend not to work all that well. If you're returning asynchronously, then you also need to have a mechanism to send asynchronous exceptions. [Vijay] Could you please provide more details on this method? What these exceptions? How to report the status through these exceptions asynchronously? Please provide us a sample program and documentation regarding the exceptions. Also do you fore see any issues with this kind of approach? Either that, or you have to make it synchronous until the OCSP response is returned. [Vijay] I discussed with our team, Synchronous method is not feasible. Thanks again for your help. Regards Vijay -Original Message- From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Tuesday, April 14, 2009 7:57 AM To: Vijay Kothamasu (vikotham) Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish Mynampati (jmynampa); Uma Sankar Panda (upanda) Subject: Re: Query on OpenSSL for Certificate verification Then don't return from the original SSL_CTX_set_verify callback until you either: a) receive a valid OCSP response that says it's okay, b) receive a valid OCSP response that says it's not okay, c) receive an invalid OCSP response (i.e., OCSP failure), or d) time out. You're perilously close to a chicken and egg problem here: 1) You need the certificate to check 2) you cannot get the certificate to check until you attempt to make the connection 3) once you connect, you are stuck in a state machine where you haven't checked the certificate. Some browsers try to handle this kind of situation by scanning HTML for links and pre-loading them to the cache. These tend not to work all that well. If you're returning asynchronously, then you also need to have a mechanism to send asynchronous exceptions. Either that, or you have to make it synchronous until the OCSP response is returned. -Kyle H On Mon, Apr 13, 2009 at 2:35 PM, Vijay Kothamasu (vikotham) vikot...@cisco.com wrote: Hi Kyle, Sorry for the delayed response, I am just back form my Vacation. Thank you so much for your response and the information provided. But even with the SSL_CTX_set_verify() callback invocation, the result of the certificate validation need to be returned in the context of the callback function itself in a synchronous manner. Where as in our scenario, the cert validation status is reported back in an Asynchronous manner as I explained earlier. I am just wondering how can I realize that scenario. Thanks again. Regards Vijay -Original Message- From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Tuesday, April 07, 2009 12:26 PM To: openssl-users@openssl.org Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham) Subject: Re: Query on OpenSSL for Certificate verification This is a protocol called OCSP, with its designated responder mechanism. If you want to implement it, call the OCSP functions with the DR address and the fields that OCSP needs during the SSL_CTX_set_verify() callback invocation; if you really need to, create two separate SSL_CTX contexts, one of which calls a function to check the certificate status, the other of which always passes (so that the DR certificate doesn't need to be in the client's local store). Note that I consider this insecure. First, the denial of service potential (the DR goes down). Second, man-in-the-middle or redirection attacks (the DR is replaced by a bogus one). Third, the entire point of X.509 is to allow for clients to have all the information they need to verify certificates in the absence of an online authority. For more information I suggest you read the cryptographic literature for
Re: Query on OpenSSL for Certificate verification
On Mon, Apr 06, 2009 at 11:56:15PM -0700, Kyle Hamilton wrote: Third, the entire point of X.509 is to allow for clients to have all the information they need to verify certificates in the absence of an online authority. This said, it is now widely understood that this particular entire point of X.509 is its most severe design error. Thus X.509 drifts gradually back towards a Kerberos-like model, but the design is still fatally flawed until key certificate issuance move into the hands of the subject's organization, rather than a 3rd party CA (that model does not scale). Of course secure distributed key management on an Internet-wide scale has never been done before, and may never work, but if it does the first step is probably a trusted DNS in which one can publish signing keys. This is all some time away, and in the mean-time we (still don't) have X.509 PKI. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL via dyndns.org
we tried to create a ssl certification via openssl. Our problem is that we have in intern server called SVR02. This server could be reached via name.dyndns.org:443. If we create a certification with the CO SVR02 the server accept this and install the certification. But if we try it from www the reaction is that there is a non-trusting certification course we called by name.dyndns.org. If we change the CO to name.dyndns.org the certification is non-trusting by the server at all. Is there a chance to create a certification on the intern server called by the extern https://name.dyndns.org adress ? Tobias Semmet You have a lot of choices, but no particularly good ones. In my opinion, your best option is to register your own domain name, CNAME it to your dyndns.org address, and obtain your own certificate in the name of your own domain. You could also ask the dyndns provider if they offer certificates. Since they own the name (as far as the certification authorities are concerned), they'd have to work with the CA to obtain the certificate. You can't do it because you can't prove to the CA that you own the host name you are using. Other options include creating your own certificate not issued by a CA and having people add an exception or providing them your own CA cert to install by other means. These are more difficult to get right and still keep the same level of security, so I don't recommend them. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Resource temporarily unavailable error with SSL_connect
From: owner-openssl-us...@openssl.org On Behalf Of Dan Maartens Sent: Monday, 13 April, 2009 20:31 Thanks for your response Dave. With -state and -msg enabled, [s_server] seems to be hanging after SSL_accept:SSLv3 flush data. When I abort the client at this point (as it will retry forever with no success), I get: failed in SSLv3 read client certificate A. So your server is set to request client cert aka client auth? Just to be sure, the server 'flush data' is after 'write server hello', 'write certificate', 'write key exchange' and 'write certificate request'? That indeed should have sent a response that the client should receive. Given the stupefying nature of this problem, I'm fairly certain it has something to do with our multithreading, but if you have any additional suggestion I'd certainly appreciate it. FW(L)IW, I would try generic divide-and-conquer approaches. Can you run a network-level monitor e.g. tcpdump to verify that the response is actually sent to the client machine? Does netstat on the server show send-q, or on the client recv-q? Does your app use socket options, like buffering or windows? I know quite a few exist, but I'm not familiar with most, and in general if they were wrong I would expect performance problems not totally-no-data as you have. But if so and you can omit/skip or change them it might give some info. Can your app do plain-TCP (nonSSL) connections? To same server machine? And send and receive data (anything at all)? Blocking/nonblocking? Good luck. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: X509_get_serialNumber
From: owner-openssl-us...@openssl.org On Behalf Of sarym binome Sent: Monday, 13 April, 2009 15:19 i want to extract the the serial number or the subject name from an X509 certificate i used X509_get_serialNumber but i don't know how can i use it , i can't print it cause it's a struct It's an ASN1_INTEGER, which (like several ASN.1 types in openssl) is really an ASN1_STRING which is a byte string plus some flags, because the ASN.1 encoding of INTEGER is variable length and can contain values larger than C integer datatypes. See asn1.h. To simply display, if you have a BIO or can create one (possibly a mem_BIO) you can use i2a_ASN1_INTEGER. To manipulate a value that is small, as here, you can use ASN1_INTEGER_get . For a large (or potentially large) value, you can use openssl's bignums, or you can do something else e.g. write your own. The subject (or issuer) name is more complicated; it's actually an ASN.1 SEQUENCE of (OID, value) pairs, where each value may be one of several types of string. this is my certificate Certificate: Data: Version: 1 (0x0) Serial Number: 3 (0x3) Signature Algorithm: md5WithRSAEncryption Issuer: CN=ARAN CA Validity Not Before: Mar 27 13:45:00 2009 GMT Not After : Jul 25 13:45:00 2009 GMT Subject: CN=0.0.0.3 If this is a CA with only trustworthy users (e.g. internal), as looks likely, OK. In a public setting (available to an adversary), a CA that signs with md5 and uses consecutive or otherwise predictable serials, and predictable validityperiods, can now easily be defrauded. (The latter two are normally true for the openssl trivial-CA.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org