Re: Random number generator
You can use the below API's RAND_bytes() RAND_pseudo_bytes() On Thu, Apr 5, 2012 at 12:33 AM, Jeremy Farrell wrote: > http://lmgtfy.com/?q=openssl+random+number > > > From: Alex Chen [mailto:alex_c...@filemaker.com] > > > > There is a 'rand' command in the openssl command line tool to generate > > 'pseudo' random number generator. But I cannot find the API from > > either the 'ssl' or 'crypto' man pages. > > Can someone point me to the API page if it is available? > > > > Is this RNG implementation different in the regular distribution and > > the FIPS Object module? > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
DoS and MITM attack via SSL Renegotiation
Hi All, I have fixed the CVE-2009-3555 bug by making my application RFC 5746 compliant. Is this will cause the DoS attack ( CVE-2011-1473). Now I am facing Dos attack on one of the port. Please let me know is there any patch to fix this problem. Thanks, Gayathri
Re: ENGINE Structural and functional references
> ENGINE_free all of the structural references you got, including the one for > the ENGINE you're using And so in order to free all structural references of an ENGINE * e, I could just do this?- while( e->struct_ref > 0 ) { ENGINE_free( e ); } And to keep all but one functional reference to e, I could do this?- while(e->funct_ref > 1 ) { ENGINE_finish( e ); } > I don't think there is any cost to having extra references (of either kind) > to an ENGINE, as long as all of the references are freed when you are done. Once again, free all functional references and structural references if any and then call the ENGINE_cleanup() function ? Thanks for the help Wim! Sunjeet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Module 2.0 status update
Thanks for the response, Steve. Alex On Apr 4, 2012, at 4:58 PM, Steve Marquess wrote: > On 04/04/2012 07:17 PM, Alex Chen wrote: >> Steve, >> >> Unfortunately it has been four weeks and the status is still stuck in >> 'coordination'. Well, we all know the government pace is a 'little >> slower' than the rest of the industry. There is a 'finalization' >> status after 'coordination', what is involved in that status? > > I had expected "coordination" to take less time per experience with > previous validations. Since the test lab doing this validation reports > no known issues or complications I'm still hoping for this to conclude > any day now. > > This morning I had a long talk with another test lab that reports they > are also seeing unusually long durations for "coordination" for their > pending validations. > > The wait for a validation can vary dramatically with no obvious rhyme or > reason. Several years ago we waited thirteen months for one validation, > by which time it was no longer of any economic value. I still don't know > why that one took so long when other essentially identical concurrent > validations took only half the time. Frankly, if a vendor has a > validation need that was more schedule than cost sensitive it would be > prudent to do several validation attempts in parallel to try and dodge > the risk of being a long wait outlier; and in fact some vendors have > done that. We didn't have the funding to burn for this validation. > >> When an application reaches 'finalization', I assume it will >> eventually 'graduate', i.e. removed, from that list and gets a >> certificate number, right? > > Yes, the finalization phase is usually very brief ... of course I > thought that of the coordination phase as well. The test lab will > typically be informed of the successful validation award several days > before the web site is updated, and we will announce that happy news > here when it happens. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@opensslfoundation.net > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Module 2.0 status update
On 04/04/2012 07:17 PM, Alex Chen wrote: > Steve, > > Unfortunately it has been four weeks and the status is still stuck in > 'coordination'. Well, we all know the government pace is a 'little > slower' than the rest of the industry. There is a 'finalization' > status after 'coordination', what is involved in that status? I had expected "coordination" to take less time per experience with previous validations. Since the test lab doing this validation reports no known issues or complications I'm still hoping for this to conclude any day now. This morning I had a long talk with another test lab that reports they are also seeing unusually long durations for "coordination" for their pending validations. The wait for a validation can vary dramatically with no obvious rhyme or reason. Several years ago we waited thirteen months for one validation, by which time it was no longer of any economic value. I still don't know why that one took so long when other essentially identical concurrent validations took only half the time. Frankly, if a vendor has a validation need that was more schedule than cost sensitive it would be prudent to do several validation attempts in parallel to try and dodge the risk of being a long wait outlier; and in fact some vendors have done that. We didn't have the funding to burn for this validation. > When an application reaches 'finalization', I assume it will > eventually 'graduate', i.e. removed, from that list and gets a > certificate number, right? Yes, the finalization phase is usually very brief ... of course I thought that of the coordination phase as well. The test lab will typically be informed of the successful validation award several days before the web site is updated, and we will announce that happy news here when it happens. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A few questions about custom ASN1
On Tue, Apr 03, 2012, Naveen Nathan wrote: > On Wed, Apr 04, 2012 at 03:12:26AM +0200, Dr. Stephen Henson wrote: > > On Tue, Apr 03, 2012, Naveen Nathan wrote: > > > > > > > > That's because the ASN1_OBJECT is a little different. Some standard > > > > > > OIDs are > > > > > > set to a fixed value to avoid the need to keep allocating them. > > > > > > What that > > > > > > means in practice is you do something like: > > > > > > > > > > > > foo->usage = OBJ_something(somearg); > > > > > > > > > > > > This wont result in a memory leak because the OID isn't dynamically > > > > > > allocated. > > > > > > > > > > I would also be using custom OIDs. Would I need to first register the > > > > > OIDs > > > > > using OBJ_create? Normally we don't use any name identifier. Or is > > > > > there > > > > > a way to duplicate an ASN1_OBJECT? > > > > > > > > > > Otherwise I can probably write an auxillary function to handle this in > > > > > a similar vein to OBJ_dup(ASN1_OBJECT *). > > > > > > > > > > > > > You can use OBJ_txt2obj to created an ASN1_OBJECT from the numerical > > > > form if > > > > you wish. OBJ_dup will duplicate an ASN1_OBJECT just fine. > > > > > > Thanks, but perhaps I am a little unclear about the issue I'm having. > > > > > > I have written the following code to demonstrate the issue I'm having, > > > specifically with ASN1_OBJECT in a custom ASN1 struct containing only > > > one ASN1_OBJECT type. > > > > > > I just have a basic ASN1 sequence containing an ASN1_OBJECT. I want > > > to assign the custom OID "1.2.3.4" to obj. When I try to do this with > > > OBJ_txt2obj(), this becomes the cause for a segfault on i2d_basic(). > > > > > > I'm unsure why this segfault occurs. My guess is obj is already > > > allocated by simple_asn_new(); therefore reassigning it with > > > a newly created object from OBJ_txt2obj() causes a segfault. > > > But I'm not too familiar with the internals of the i2d_* routine > > > to see how this is possible. > > > > > > > What OS are you running this on? > > This is on Mac OSX 10.7.2 running OpenSSL 0.9.8r. > > I also have the same issue on FreeBSD 8.2 running OpenSSL 0.9.8q. That's weird. I don't get crashes with 0.9.8 trees or 1.0.0, your program works as expected. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Module 2.0 status update
Steve, Unfortunately it has been four weeks and the status is still stuck in 'coordination'. Well, we all know the government pace is a 'little slower' than the rest of the industry. There is a 'finalization' status after 'coordination', what is involved in that status? When an application reaches 'finalization', I assume it will eventually 'graduate', i.e. removed, from that list and gets a certificate number, right? Alex On Mar 6, 2012, at 3:08 AM, Steve Marquess wrote: > The OpenSSL FIPS Object Module 2.0 is now in "coordination" status at > the CMVP. That's usually a good sign that the formal validation award > is imminent (as in "a week or three..."). > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@opensslfoundation.net > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ENGINE Structural and functional references
On 4 Apr 2012, at 12:10 PM, Sunjeet Singh wrote: > If I have multiple SSL connections using an engine at the same time, IS IT > TRUE THAT- > 1. I should have at least one structural and one functional reference for the > entire duration within which the engine will be used i.e., between the calls > to ENGINE_by_id() and ENGINE_cleanup(). Or can the structural reference be > freed once a functional reference has been obtained? The structural reference is not needed if you also have a functional reference. So, for example, the following is a reasonable pattern: get structural references for several ENGINEs figure out which one you want to use get a functional reference for that one (ENGINE_init()) ENGINE_free all of the structural references you got, including the one for the ENGINE you're using ... do something with the ENGINE ... free the functional reference (ENGINE_finish()) The SSL context will take care of calling init/finish for the engine it uses, however. If what you are doing is calling SSL_CTX_set_client_cert_engine(), all you need to do is have a structural reference when you make the call; if you have no further need of the ENGINE you can free the structural reference immediately afterwards. The SSL_CTX will obtain the references it needs and will release them when the SSL_CTX itself is deallocated. At least, that is my understanding. > 2. Although various other functions like ENGINE_init(), ENGINE_set_default(), > etc. increase the number of structural and functional references to my engine > variable (as documented for each function), I should go on a free the extra > references and should only maintain one structural and one functional > reference to the engine at all times. I don't think there is any cost to having extra references (of either kind) to an ENGINE, as long as all of the references are freed when you are done. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ENGINE Structural and functional references
Hi, I'm working on an OpenSSL Engine implementation and I don't entirely get the idea behind Structural and Functional references. So, I'd be very grateful if someone could comment on my approach of handling references. If I have multiple SSL connections using an engine at the same time, IS IT TRUE THAT- 1. I should have at least one structural and one functional reference for the entire duration within which the engine will be used i.e., between the calls to ENGINE_by_id() and ENGINE_cleanup(). Or can the structural reference be freed once a functional reference has been obtained? 2. Although various other functions like ENGINE_init(), ENGINE_set_default(), etc. increase the number of structural and functional references to my engine variable (as documented for each function), I should go on a free the extra references and should only maintain one structural and one functional reference to the engine at all times. Thank you, Sunjeet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Random number generator
http://lmgtfy.com/?q=openssl+random+number > From: Alex Chen [mailto:alex_c...@filemaker.com] > > There is a 'rand' command in the openssl command line tool to generate > 'pseudo' random number generator. But I cannot find the API from > either the 'ssl' or 'crypto' man pages. > Can someone point me to the API page if it is available? > > Is this RNG implementation different in the regular distribution and > the FIPS Object module? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Random number generator
There is a 'rand' command in the openssl command line tool to generate 'pseudo' random number generator. But I cannot find the API from either the 'ssl' or 'crypto' man pages. Can someone point me to the API page if it is available? Is this RNG implementation different in the regular distribution and the FIPS Object module? Thanks. Alex__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: pkcs12 error
Yeah, that was the problem. RC2 was disabled in the build. Thanks, -binlu -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, April 03, 2012 1:59 PM To: openssl-users@openssl.org Subject: Re: pkcs12 error On Tue, Apr 03, 2012, Bin Lu wrote: > Hi, > > When I tried the pkcs12 command (as below) in openssl 1.0.1, it gave me the > following error. > The same command worked fine in openssl 0.9.8d. Any idea? > > $ openssl pkcs12 -export -in test.cer -inkey test.key -out test.p12 > Enter pass phrase for test.key: > Enter Export Password: > Verifying - Enter Export Password: > 3085185856:error:060740A0:digital envelope > routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:186: > 3085185856:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > cipherinit error:p12_decr.c:83: > 3085185856:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt > error:p12_decr.c:175: > 3085185856:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt > error:p12_add.c:202: > > Has that version of OpenSSL disabled anhy algorithm such as RC2? If not try printing out the value of "cipher_nid" it doesn't like in that function. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: subjectAltName requirements
Hi Andy, > -Original Message- > From: Andy GOKTAS > > I'm generating a CSR and need to include subjectAltNames (about 6 of > them). > > I remember reading (but I could be dreaming) a while back > that you MUST > include your CN in the subjectAltName list - and it should be listed > first in the subjectaltname list, otherwise it won't work; or you will > experience issues. > > Is this true? no, this is not true. I assume you're talking about a server certificate. The question you have to ask yourself is: Which clients/browsers do I want to support. And then you can check yourself how they behave if you don't add the hostname contained in the cn to the list of subjectAltNames. If I remember correctly, the last time I checked this, Opera required the cn's hostname additionally in a subjectAltName extension. But this is 6 years ago, and my memory could be at fault... HTH, Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
What should be the size of a Diffie-Hellman private key?
Hi, We are using OpenSSL DH for key establishment in our product. Recently we increased the size of P parameter to 2048 bits from 640 bits (we use g parameter of value 5), which is in accordance with the latest NIST standard document. Using the established shared secret, we are deriving 4 sub keys of size 128, 192 and 256 for symmetric key encryption using AES. " NIST Special Publication 800-131a: "Recommendation for the Transitioning of Cryptographic Algorithms and Key Lengths", published by the U.S. Department of Commerce. - For DH and MQV schemes using finite fields: ?The use of |p| = 2048 bits, and |q| = 224 or 256 bits is acceptable? (pages 8 and 9). " But due to the above change the time of key establishment has increased by 20-30 times. With 640 bit P parameter, key establishment was taking around 3.5 ms, but with 2048 bit, key establishment is taking around 85.5 ms. After going through the OpenSSL implementation of DH, we figured that the issue is with the size of priavte key. By default OpenSSL DH generates the private key with size same as the size of P parameter, so in our case private key size is 2048 bits. When we set the DH->priv_key to a 256 bit random number before calling DH_generate_key(), the key establishment is taking only 11.9 ms, which is quite better than what we see with a 2048 bit private key. Can you please let us know the acceptable sizes of private key for 2048 bit P parameter? Are there any standards/specifications for the private key sizes? Thank You Ram Prasad
Re: How to get the Certificate Keyusage retire error ? (lCert->ex_kusage =0)
On 04/04/2012 02:51 PM, brajan wrote: I am using openssl 0.9.8g version . i convert the PEM certificate file to X509 format and try to read the key usage value . Keyuage =lCertificate->ex_kusage ; Some time the keyusage = 128 Some time Keyusage is 0 for the same certificate . why this problem occurs ... the flags are set by one of functions in crypo/v3_purp.c try callX509_check_ca(lCertificate) before accessing __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to get the Certificate Keyusage retire error ? (lCert->ex_kusage =0)
On Wed, Apr 04, 2012, brajan wrote: > > I am using openssl 0.9.8g version . > > i convert the PEM certificate file to X509 format and try to read the key > usage value . > Keyuage =lCertificate->ex_kusage ; > > Some time the keyusage = 128 > Some time Keyusage is 0 for the same certificate . why this problem occurs > ... You need to ensure that that information is set up. Call X509_check_purpose(cert, -1, 0) first. An alternative way to decode any extension is to use: X509_get_ext_d2i(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How to get the Certificate Keyusage retire error ? (lCert->ex_kusage =0)
I am using openssl 0.9.8g version . i convert the PEM certificate file to X509 format and try to read the key usage value . Keyuage =lCertificate->ex_kusage ; Some time the keyusage = 128 Some time Keyusage is 0 for the same certificate . why this problem occurs ... -- View this message in context: http://old.nabble.com/How-to-get-the-Certificate-Keyusage-retire-error---%28lCert-%3Eex_kusage-%3D0%29-tp33556624p33556624.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SRP in OpenSSL 1.0.1
On 04/04/2012 11:01 AM, Christian Weber wrote: Dear users and developers, we just read through some of the code examples for SRP usage. Concerning the necessary callbacks we wonder why in s_server.c the verifier parametrization is being delayed. Within apps/s_server.c we can find the comment: "When the callback is called for a new connection we return with a negative value. This will provoke the accept etc to return with an LOOKUP_X509. The main logic of the reinvokes the suspended call (which would normally occur after a worker has finished) and we set the user parameters." There seems to be something missing between 'the' and 'reinvokes', so we cannot understand what's being meant. application: Imagine a server that has a large base of users. When the callback is invoked, it would start with some asynch ldap call or whaever else to read a verifier. The callback would return -1, and the SSL_accept fails with the return code ERROR_LOOKUP_X509 (well, I know, by this name was the only one available, borrowed by a reciprooque feature in the client. The application would do some select call on whatever filedescriptors. As soon as the verifier is available, the application stores this somewhere, and calls SSL_accept again, which in this case will cause the callback to return the verifier. Nothing about srp is documented so far. The code in apps/server.c is not doing any select loop, it just calls the SSL_accept twice. This is done to illustrate the possibilities of the callback. The callback 'pretends' that the data are not there. I do not really like to use the verifier file as it is done in the example, since one needs to restart a server after modifying a user. May it be a security impact to implement the lookup within the callback itself (as done in ssl/ssltest.c, based on user's password) or may there be other error conditions which are covered by relocating the lookup to init_ssl_connection in apps/s_cerver.c? As I wrote abone, the while loop to do SSL_accept is not exactly what you would want to do in a real application. The simulated logic flow is: i=SSL_accept(con); if ( i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP ) do whatever is necessary to get the verifier, in this case simulated by srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); since there is nothing async to do in the example. and then do another i=SSL_accept(con); I could have folded out the loop to get out the init_ssl_connection etc. Any opinions about possible security weakening against implementing the lookup within the callback? There may be many ways to store and create a verifier. One could for example on the fly generate a one time password, send it as an SMS, store the verifiers in an LDAP. Therefore the callback allows an application to choose whatever means it wants to implement, openssl is not charged to read files, make network requests or whatever. Peter TIA -- Christian Weber __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
subjectAltName requirements
Hello, I’m generating a CSR and need to include subjectAltNames (about 6 of them). I remember reading (but I could be dreaming) a while back that you MUST include your CN in the subjectAltName list - and it should be listed first in the subjectaltname list, otherwise it won’t work; or you will experience issues. Is this true? If so, why? Thanks, Andy Goktas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Fwd: CVE-2011-1473 - DoS attack via ssl renegotiation
Hi All, What is the difference between CVE-2009-3555 and CVE-2011-1473. Both are related to SSL renegotiation issue. Please let me know is there any patch to fix this problem. Is there any openssl version with fixes for the above two vulnerabilities. Thanks, Gayathri
Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
Hi, I had earlier posted query on AES_Keywrap() usage and had good response on the same and got lot of things clarified. Now i am successful in using AES_wrap_key() API but i am running into a new problem. I need to wrap 512bit key with 256 bit KEK key. When i do this, i am hitting seg fault in AES_wrap_key(). When i do gdb, it points to memcpy(). From the code i didn't see any limitation of not using 512 bit key. Am i missing something? Below is my sample code which works successfully for 256 bit Key. Below code can be enabled for 512 bit with the macro KEY512. #include #include #include //#define KEYBITS 128 //#define KEYLEN16 #define KEY512 0 #if KEY512 #define KEYLEN 64 #define KEYBITS 512 #else #define KEYLEN 32 #define KEYBITS 256 #endif static const unsigned char default_iv[] = { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, }; static const unsigned char invalid_iv[] = { 0x16, 0xA6, 0xA6, 0xA6, 0xA6, 0x16, 0xA6, 0xA6, }; void main() { #if (!KEY512) static const unsigned char kek[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }; #else static const unsigned char kek[] = { 0xbc, 0x54, 0xd8, 0xa0, 0x6e, 0xab, 0x3b, 0x4c, 0x06, 0xf5, 0xbe, 0x01, 0xc5, 0x77, 0x28, 0x3d, 0x92, 0xda, 0xfb, 0xe8, 0x3f, 0xe0, 0x59, 0x57, 0xff, 0xbe, 0xfa, 0x5b, 0xe0, 0xd4, 0xfb, 0xb7 }; #endif /* static const unsigned char key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; */ #if (!KEY512) static const unsigned char key[] = { 0x46, 0xab, 0x1b, 0xdc, 0x89, 0x38, 0x57, 0x23, 0x47, 0x49, 0xfc, 0xc4, 0x6e, 0x26, 0xf0, 0xae, 0xbd, 0x4b, 0x0b, 0xcf, 0x51, 0x96, 0x21, 0x2c, 0xd4, 0xd0, 0x82, 0x71, 0xa3, 0x8c, 0xcb, 0x3c }; #else static const unsigned char key[] = { 0xf5, 0x96, 0x87, 0x3e, 0x53, 0x6d, 0x61, 0xf5, 0x55, 0x53, 0xca, 0x0c, 0xd8, 0xcd, 0x1d, 0x40, 0xcb, 0x66, 0x58, 0xf7, 0x8f, 0xae, 0xbf, 0x9b, 0x78, 0x4d, 0xd1, 0x0f, 0x19, 0xc2, 0x89, 0x5a, 0x47, 0xd9, 0x3c, 0x7e, 0x26, 0x18, 0x2d, 0xd0, 0xce, 0xcb, 0x3a, 0x58, 0x55, 0x59, 0x4e, 0x5b, 0x2a, 0xd3, 0x9a, 0x86, 0x9d, 0x6c, 0x5d, 0x70, 0x21, 0xa7, 0x87, 0xcb, 0xdd, 0xf5, 0xe3, 0xf5 }; #endif int ret, i; unsigned char *otmp, *dtmp; AES_KEY actx, dctx; printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS); if (AES_set_encrypt_key(kek, KEYBITS, &actx)) printf("\n Error seeting AES key "); otmp = (unsigned char *) malloc(sizeof(char) * (KEYLEN+8)); dtmp = (unsigned char *) malloc(sizeof(char) * KEYLEN); ret = AES_wrap_key(&actx, default_iv, otmp, key, KEYLEN); printf("\n AES wrap ; ret = %d", ret); if (ret < 0) printf("\n AES wrap key failed"); printf("\n Wrapped key : "); for (i = 0; i< (KEYLEN + 8); i++) printf(" %02x", otmp[i]); if (AES_set_decrypt_key(kek, KEYBITS, &dctx)) printf("\n Error setting decrypt key "); ret = AES_unwrap_key(&dctx, default_iv, dtmp, otmp, ret); printf("\n AES unwrap ; ret = %d", ret); if (ret == 0) printf("\n AES unwrapping failed "); printf("\n Original key : "); for (i = 0; i < KEYLEN ; i++) printf(" %02x", dtmp[i]); printf("\n"); free(otmp); free(dtmp); } Output result when 256 bit key is used keylen = 32; kebits= 256 AES wrap ; ret = 40 Wrapped key : 0a f2 44 0b 98 e9 7d 65 3d 90 ea aa 4d fd 10 37 24 17 66 82 cb 60 b2 c6 56 cc 83 d9 ad 6b 32 a8 5d aa d1 b7 10 54 1b ea AES unwrap ; ret = 32 Original key : 46 ab 1b dc 89 38 57 23 47 49 fc c4 6e 26 f0 ae bd 4b 0b cf 51 96 21 2c d4 d0 82 71 a3 8c cb 3c Ouput when 512 bit is key - Here i hit seg fault keylen = 64; kebits= 512 Segmentation fault any help is highly appreciated... -- View this message in context: http://old.nabble.com/Hitting-seg-fault-in-AES_wrap_key%28%29-when-Key-is-512-bits-in-length-tp33552263p33552263.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: [openssl-dev] Re: [openssl.org #2782] BUG report: RSA private key serializer
Le 04/04/2012 05:22, Curt Sampson a écrit : [...] In fact, if one can be encoded in a shorter form than the other, it MUST be encoded in that shorter format. This is because certificates use DER, not BER, and DER says that. As pointed by Peter Sylvester, BER doesn't allow useless leading 00 octets either in the content. The content MUST be serialized with the lowest possible number of octets. The difference between BER and DER for integers encoding is on the length encoding ("02 81 01 01" is valid BER, not valid DER; "02 01 00 01" is neither valid BER nor DER). -- Erwann ABALEA - N'ouvrez aucun message ayant pour objet RETURNED OR ENABLE TO DELIVER. ce virus se greffe tout seul à tout les composants de votre ordinateur et les détruit. Ce message vous est envoyé par l'équipe du QUICK DRIVE -+-AL in: Guide du Neuneu Usenet - Le virus Mad Cow frappe encore -+- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SRP in OpenSSL 1.0.1
Dear users and developers, we just read through some of the code examples for SRP usage. Concerning the necessary callbacks we wonder why in s_server.c the verifier parametrization is being delayed. Within apps/s_server.c we can find the comment: "When the callback is called for a new connection we return with a negative value. This will provoke the accept etc to return with an LOOKUP_X509. The main logic of the reinvokes the suspended call (which would normally occur after a worker has finished) and we set the user parameters." There seems to be something missing between 'the' and 'reinvokes', so we cannot understand what's being meant. May it be a security impact to implement the lookup within the callback itself (as done in ssl/ssltest.c, based on user's password) or may there be other error conditions which are covered by relocating the lookup to init_ssl_connection in apps/s_cerver.c? Any opinions about possible security weakening against implementing the lookup within the callback? TIA -- Christian Weber __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org