Re: RSA_private_encrypt does not work with RSA_NO_PADDING option
I see the point. Thanks alot On Tue, Jul 20, 2010 at 12:47 AM, Mounir IDRASSI wrote: > Hi, > > When calling RSA_private_encrypt with RSA_NO_PADDING, the input must have > the same size as the RSA key modulus. > In your case, you are supplying 20 bytes whereas it certainly needs more > (for example, for a 1024 bit key, input must be 128 bytes long). So, you > have to add some sort of padding to your data before feeding it to > RSA_private_encrypt. > The other option is to use a standard padding by calling > RSA_private_encrypt with RSA_PKCS1_PADDING. > > I hope this clarifies things to you. > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > > On 7/19/2010 2:51 PM, anhpham wrote: > >> Hi all :x >> I encountered an error when using function RSA_private_encrypt with >> RSA_NO_PADDING option. >> I had an unsigned char array a with length = 20, RSA* r, >> unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I >> invoked >> function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The >> returned value i = -1 means that this function failed. However, when I >> invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did >> run smoothly. I'm confused whether it is an error of the library or not >> but >> I don't know how to solve this problem. >> Please help me :-< >> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: RSA_private_encrypt does not work with RSA_NO_PADDING option
Hi, When calling RSA_private_encrypt with RSA_NO_PADDING, the input must have the same size as the RSA key modulus. In your case, you are supplying 20 bytes whereas it certainly needs more (for example, for a 1024 bit key, input must be 128 bytes long). So, you have to add some sort of padding to your data before feeding it to RSA_private_encrypt. The other option is to use a standard padding by calling RSA_private_encrypt with RSA_PKCS1_PADDING. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/19/2010 2:51 PM, anhpham wrote: Hi all :x I encountered an error when using function RSA_private_encrypt with RSA_NO_PADDING option. I had an unsigned char array a with length = 20, RSA* r, unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I invoked function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The returned value i = -1 means that this function failed. However, when I invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did run smoothly. I'm confused whether it is an error of the library or not but I don't know how to solve this problem. Please help me :-< __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_encrypt does not work with RSA_NO_PADDING option
On Mon, Jul 19, 2010, anhpham wrote: > > Hi all :x > I encountered an error when using function RSA_private_encrypt with > RSA_NO_PADDING option. > I had an unsigned char array a with length = 20, RSA* r, > unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I invoked > function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The > returned value i = -1 means that this function failed. However, when I > invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did > run smoothly. I'm confused whether it is an error of the library or not but > I don't know how to solve this problem. > Please help me :-< If you use RSA_NO_PADDING you have to supply a buffer of RSA_size(r) bytes and whose value is less than the modulus. With RSA_PKCS1_PADDING you can pass up to RSA_size(r) - 11. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSA_private_encrypt does not work with RSA_NO_PADDING option
Hi all :x I encountered an error when using function RSA_private_encrypt with RSA_NO_PADDING option. I had an unsigned char array a with length = 20, RSA* r, unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I invoked function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The returned value i = -1 means that this function failed. However, when I invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did run smoothly. I'm confused whether it is an error of the library or not but I don't know how to solve this problem. Please help me :-< -- View this message in context: http://old.nabble.com/RSA_private_encrypt-does-not-work-with-RSA_NO_PADDING-option-tp29204310p29204310.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Help creating certificate chain
Thanks a lot for the explanation Patrick, that did the trick! On Fri, Jul 16, 2010 at 1:58 PM, Patrick Patterson < ppatter...@carillonis.com> wrote: > Hello Hugo: > > On July 16, 2010 02:31:53 pm Hugo Garza wrote: > > Hello Stephen, thank you for your comment that made the verification > pass. > > But I'm a bit confused now. > > > > Just as a demo I moved these certs to my windows computer and installed > the > > Root CA into my current user's Trusted Root Certificate Authorities > folder > > using the MMC certificates snap in. Then I double click the inter CA > > certificate and Windows says it's OK. But when I double click the users > > certificate it says that it doesn't have enough information to verify the > > certificate. > > > > This is strange to me, because I can visit lots of websites that I know I > > don't have the intermediate CA installed it all works. For instance I can > > visit gmail and it says the root is Class 3 Public Primary Certification > > Authority by Verisign, and I can see that it's installed in my > > windows Trusted Root Certificate Authorities. The next certificate is > > Thawte SGC CA which is no where in my Trusted Root Certificate > Authorities > > and finally is mail.google.com and windows says it's valid. > > > > Am I missing some extension when I create the end user certificate or > what > > part of this puzzle is escaping my grasp. > > > Yes, you probably are missing the "AuthorityInformationAccess" extension in > the client certificate. This is an X.509 extension that contains, in the > "caIssuers" field, a URI that points to a location that an application that > is > performing path construction may use to download the certificate for that > certificate's issuer. Inside of THAT certificate, there should be another > "AuthorityInformationAccess" extension which points to THAT Certificates > issuer all the way up the line to a self signed certificate that SHOULD NOT > have an AIA field. > > For a full description, including the formatting of the certificate to be > downloaded, please see RFC5280. > > As an aside, even with an AIA extension, the OpenSSL library (and by > extension, the command line tool) will NOT fetch intermediate certificates > for > you (which is why you needed to put both certs in the cafile.pem) - this is > because it doesn't have any code to be an HTTP or LDAP client (probably a > good > thing:). If you want to do path construction, you have to write an > application > that uses OpenSSL for the crypto, but your application has to handle all of > the network access. > > Have fun! > > -- > Patrick Patterson > President and Chief PKI Architect, > Carillon Information Security Inc. > http://www.carillon.ca > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: encrypting long strings
On 19-07-2010 14:32, Jeffrey Walton wrote: On Wed, Jul 14, 2010 at 6:42 AM, Jakob Bohm wrote: On 14-07-2010 07:52, Jeffrey Walton wrote: On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohmwrote: [SNIP] proponents of the RSA and DH algorithms said that the number was wildly exaggerated and proposed some much smaller values. I'm not willing to go out on a limb a recommend a smaller moduli (what is RSA recommending, BTW?). I look at it this way: When DSS was proposed, RSA Data Securities lobbied hard to get an RSA Signature included. They can't win them all Yes, that mostly dead company lost the political lobbying battle against Certicom, but I was asking about science, not politics. http://scholar.google.com/scholar?hl=en&q=integer+factorization+estimate&as_sdt=2000&as_ylo=2008&as_vis=0 After looking at some of the rather mixed bag of documents from that search, I was able to spot only the following factoid, which I post here for the benefit of the rest of the list (and I hope this one is right). The needed size of RSA moduli increases approximately with the cube of the equivalent symmetric key size, thus if 128 bit AES corresponds to L bit RSA, 256 bit AES should correspond to 8L bit RSA. I did not spot an article that seemed to give estimates for the actual RSA key lengths corresponding to modern symmetric key lengths. Make sure to have a look a Lenstra, et. al. "On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography". Not quite what you were asking for but a very thorough analysis. Ah, nice article which did not turn up in the initial search you suggested. From this article and the other information I believe that the public key lengths needed to achieve N bits of security is: RSA/DH (N/7.5)**3 ECC N*2 Thus (with some rounding): 128 bits: 5120 bit RSA/DH or 256 bit ECC 192 bits: 16384 bit RSA/DH or 384 bit ECC 256 bits: 40960 bit RSA/DH or 512 bit ECC which is not that far off from some other recommendations. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: encrypting long strings
On Wed, Jul 14, 2010 at 6:42 AM, Jakob Bohm wrote: > On 14-07-2010 07:52, Jeffrey Walton wrote: >> >> On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm wrote: >>> >>> [SNIP] >> > proponents of the RSA and DH algorithms said that the > number was wildly exaggerated and proposed some much > smaller values. I'm not willing to go out on a limb a recommend a smaller moduli (what is RSA recommending, BTW?). I look at it this way: When DSS was proposed, RSA Data Securities lobbied hard to get an RSA Signature included. They can't win them all >>> >>> Yes, that mostly dead company lost the political lobbying battle against >>> Certicom, but I was asking about science, not politics. >> >> http://scholar.google.com/scholar?hl=en&q=integer+factorization+estimate&as_sdt=2000&as_ylo=2008&as_vis=0 >> > After looking at some of the rather mixed bag of documents from that > search, I was able to spot only the following factoid, which I post here > for the benefit of the rest of the list (and I hope this one is right). > > The needed size of RSA moduli increases approximately with the cube > of the equivalent symmetric key size, thus if 128 bit AES corresponds > to L bit RSA, 256 bit AES should correspond to 8L bit RSA. > > I did not spot an article that seemed to give estimates for the > actual RSA key lengths corresponding to modern symmetric key lengths. Make sure to have a look a Lenstra, et. al. "On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography". Not quite what you were asking for but a very thorough analysis. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Function RSA_private_encrypt does not work with RSA_NO_PADDING option
Hi all :x I'm using OpenSSL 1.0.0 and I encountered a problem when using function RSA_private_encrypt. I have an unsigned char array a[] with length = 20, RSA* r, unsigned char* signature = (unsigned char*) malloc(RSA_size(r)). Then I invoked function int i = RSA_private_encrypt ( 20, a, signature, r, RSA_NO_PADDING ) and I received i = -1. It means that an error occurred. However when I invoked function int i = RSA_private_encrypt ( 20, a, signature, r, RSA_NO_PADDING ), it run smoothly. I was confused whether it's an error of library or not but I did not know how to solve this. Please help me :-< -- View this message in context: http://old.nabble.com/Function-RSA_private_encrypt-does-not-work-with-RSA_NO_PADDING-option-tp29202949p29202949.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Win CE 6.0 + ARM + openssl
On 16-07-2010 22:50, Mark Bishop wrote: Thank you very much so far with all the input you have given me. I have few more questions. I am going to have to give up on interfacing with the Windows Crypto library and put openssl on my client as well. However, my client will be running Windows CE 6.0 with an ARM processor. Are the installation instructions in INSTALL.WCE still valid? Has anyone compiled openssl for CE 6.0 (Visual C 2005), ARM processor? I've been asked to give a quote on how long it is going to take me and by the looks of the instructions, it doesn't look difficult at all. Can anyone more experienced say otherwise? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org I know someone who has recently compiled a 0.9.8 version for this target and I am going to port his work to 1.0.0 and 1.0.0a very soon. I will post back with more information when I get it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OCSP_basic_verify:certificate verify error ( Verify error:unable to get local issuer certificate)
Hi again, When i see the client certificate details using IE browser I see this on the Authority Information Access Field [1]Authority Info Access Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) Alternative Name: URL=http://ocsp.auc.cartaodecidadao.pt/publico/ocsp So, I think the AIA field exists and its filled with data So my question remains why Apache is not reading this info.. Luis > From: ppatter...@carillonis.com > To: openssl-users@openssl.org > Subject: Re: OCSP_basic_verify:certificate verify error ( Verify > error:unable to get local issuer certificate) > Date: Fri, 16 Jul 2010 14:27:05 -0400 > > Hi Luis: > > See reply inline: > > On July 16, 2010 11:05:46 am Luis Neves wrote: > > > > > besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder > > directive? Shouldnt the mod_ssl code discover automatically the responder > > address from the client certificate itself?? > > > > From your other mail: > openssl x509 -in /home/oracle/lneves.pem -noout -text > > >2.5.29.46: > > 0h0f.d.b.`http://pki.cartaodecidadao.pt/publico/lrc/cc_sub- > >ec_cidadao_autenticacao_crl0003_delta_p0005.crl > >Authority Information Access: > >OCSP - URI:http://ocsp.auc.cartaodecidadao.pt/publico/ocsp > > The part that catches my eye is the incorrect decoding for > authorityInfoAccess. First of all, 2.5.29.46 is NOT AIA, but according to: > > http://www.alvestrand.no/objectid/2.5.29.46.html > > It is "Freshest CRL". This is NOT the OID for AIA, thus the application > should > NOT be able to find the OCSP information. Fix the CA that generated this > certificate to generate correct PKIX RFC5280 certificates, and at least part > of your problem should go away. > > Have fun. > > -- > Patrick Patterson > President and Chief PKI Architect, > Carillon Information Security Inc. > http://www.carillon.ca > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
having "OCSP_basic_verify:root ca not trusted" error on Apache
Hi to all, first of all a big thanks to everyone that so far helped me on all the OCSP questions Ive had so far. I still have a single problem when trying to validade client Certs using Apache and a OCSP responder. Iam having this error on error log: (I can successfully validate the cert if using openssl command line, but not using Apache) [Fri Jul 16 16:02:11.201292 2010] [debug] [pid 21789] proxy_util.c(1962): proxy: initialized single connection worker 1 in child 21789 for (*) [Fri Jul 16 16:02:27.399755 2010] [debug] [pid 21783] ssl_util_ocsp.c(79): [client 10.14.148.50:54752] connecting to OCSP responder 'ocsp.auc.cartaodecidadao.pt' [Fri Jul 16 16:02:27.614470 2010] [debug] [pid 21783] ssl_util_ocsp.c(105): [client 10.14.148.50:54752] sending request to OCSP responder [Fri Jul 16 16:02:28.566401 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Date: Fri, 16 Jul 2010 14:51:24 GMT [Fri Jul 16 16:02:28.566469 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Server: Apache [Fri Jul 16 16:02:28.566505 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 [Fri Jul 16 16:02:28.566542 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Expires: Fri, 16 Jul 2010 14:53:24 GMT [Fri Jul 16 16:02:28.566576 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Cache-Control: max-age=120 [Fri Jul 16 16:02:28.566617 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Content-Length: 2530 [Fri Jul 16 16:02:28.566643 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Connection: close [Fri Jul 16 16:02:28.566682 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Content-Type: application/ocsp-response [Fri Jul 16 16:02:28.566720 2010] [debug] [pid 21783] ssl_util_ocsp.c(252): [client 10.14.148.50:54752] OCSP response: got 1127 bytes, 1127 total [Fri Jul 16 16:02:28.569926 2010] [debug] [pid 21783] ssl_util_ocsp.c(252): [client 10.14.148.50:54752] OCSP response: got 1403 bytes, 2530 total [Fri Jul 16 16:02:28.569991 2010] [debug] [pid 21783] ssl_util_ocsp.c(235): [client 10.14.148.50:54752] OCSP response: got EOF [Fri Jul 16 16:02:28.578764 2010] [error] [pid 21783] SSL Library Error: error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted [Fri Jul 16 16:02:28.578810 2010] [error] [pid 21783] failed to verify the OCSP response [Fri Jul 16 16:02:28.578927 2010] [error] [pid 21783] [client 10.14.148.50:54752] Certificate Verification: Error (50): application verification failure _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Can I have multiple OCSP responders in apache?
Hi to all. can I use multiple SSLOCSPDefaultResponder directives in Apache in the hope that Apache will try to contact all of them until one gives success with a client Certificate? if not, how can I configure Apache so It accepts (and test the revogation status) certificates from multiple CAs? Only using CRLs? I presume also that if those different client certificates has the correct OCSP responder on them so Apache will be able to deal automaticaly with that Luis _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
RE: OCSP_basic_verify:certificate verify error ( Verify error:unable to get local issuer certificate)
Hummm, thanks for catching this this is not good news for us I dont believe anyone on this CA will care for this, but I will try anyway. Regards Luis > From: ppatter...@carillonis.com > To: openssl-users@openssl.org > Subject: Re: OCSP_basic_verify:certificate verify error ( Verify > error:unable to get local issuer certificate) > Date: Fri, 16 Jul 2010 14:27:05 -0400 > > Hi Luis: > > See reply inline: > > On July 16, 2010 11:05:46 am Luis Neves wrote: > > > > > besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder > > directive? Shouldnt the mod_ssl code discover automatically the responder > > address from the client certificate itself?? > > > > From your other mail: > openssl x509 -in /home/oracle/lneves.pem -noout -text > > >2.5.29.46: > > 0h0f.d.b.`http://pki.cartaodecidadao.pt/publico/lrc/cc_sub- > >ec_cidadao_autenticacao_crl0003_delta_p0005.crl > >Authority Information Access: > >OCSP - URI:http://ocsp.auc.cartaodecidadao.pt/publico/ocsp > > The part that catches my eye is the incorrect decoding for > authorityInfoAccess. First of all, 2.5.29.46 is NOT AIA, but according to: > > http://www.alvestrand.no/objectid/2.5.29.46.html > > It is "Freshest CRL". This is NOT the OID for AIA, thus the application > should > NOT be able to find the OCSP information. Fix the CA that generated this > certificate to generate correct PKIX RFC5280 certificates, and at least part > of your problem should go away. > > Have fun. > > -- > Patrick Patterson > President and Chief PKI Architect, > Carillon Information Security Inc. > http://www.carillon.ca > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re:core dump in openssl library
Hi All, My cc compiler is : /usr/bin/cc: $Revision: 92453-07 linker linker crt0.o B.11.61 070723 $ LINT B.11.11.20 CXREF B.11.11.20 HP92453-01 B.11.11.20 HP C Compiler $ PATCH/11.00:PHCO_27774 Oct 3 2002 09:45:59 $ and use gmake to make the openssl. I am not in the mail-list ,so please cc me. Thanks in advance! Kevin At 2010-07-15 15:43:34,kai_yang2008 wrote: Hi All, I have encountered a core dump in libssl library which is called by mod_ssl in apache product on hpux 11.23 and 11.31 platform. The core dump happens when i use O3 to build the openssl while O1 will not create this core dump. It seems that the core dump has something related to the optimization level. Here i paste some debug message : #0 0x6000c038e1d0:0 in kill+0x30 () from /usr/lib/hpux32/libc.so.1 #1 0x40b1fd0:0 in sig_coredump () at mpm_common.c:1260 #2 #3 0x0 in () warning: Attempting to unwind past bad PC 0x0 #4 0x6000c13f0f80:0 in SSL_accept+0x90 () from /usr/lib/hpux32/libssl.so.0 #5 0x6000c13e37b0:0 in ssl23_get_client_hello+0xd0 () from /usr/lib/hpux32/libssl.so.0 #6 0x6000c13e35a0:0 in ssl23_accept+0x420 () from /usr/lib/hpux32/libssl.so.0 #7 0x6000c13f0f80:0 in SSL_accept+0x90 () from /usr/lib/hpux32/libssl.so.0 #8 0x6000c27dd2a0:0 in + 0x140 () from /opt/hpws22/apache32/modules/mod_ssl.so #9 0x6000c27de1f0:0 in + 0x110 () from /opt/hpws22/apache32/modules/mod_ssl.so #10 0x40b5830:0 in ap_get_brigade () at util_filter.c:489 #11 0x4063d50:0 in ap_rgetline_core () at protocol.c:231 #12 0x4065020:0 in read_request_line () at protocol.c:596 #13 0x40666d0:0 in ap_read_request () at protocol.c:891 #14 0x40b71a0:0 in ap_process_http_connection () at http_core.c:183 #15 0x40a99c0:0 in ap_process_connection () at connection.c:189 #16 0x40cfb00:0 in process_socket () at worker.c:587 #17 0x40d0f30:0 in worker_thread () at worker.c:966 #18 0x6000c27a8840:0 in dummy_worker () at threadproc/unix/thread.c:162 ---Type to continue, or q to quit--- #19 0x6000c00f4060:0 in __pthread_bound_body+0x170 () from /usr/lib/hpux32/libpthread.so.1 So could some one give me help about this? Thanks in advance! Kevin
