SSL_read, SSL_write confusion
Hi, i am developing a client app with openssl. I use SSL_read and SSL_write in blocking mode, i just cant figure out something about them, if server sends me 10 kb and i call SSL_read just once, can i assume that i will receive all the data at once. I use simple recv call with that classic approach, should i use SSL_read in this way? int read_socket(SOCKET s, void *pBuf, int n) { int result; int index = 0; int left = n; while (left 0) { result = recv(s, (char *) pBuf + index , left, 0); if (result == 0) return index; if (result == -1) return -1; index += result; left -= result; } return index; }
X.509 certificate subject format
Hi list, I have a rather simple question regarding X.509 subjects that is not entirely clear to me and for which I cannot find the appropriate reference (pointers greatly appreciated). The trouble starts when trying to compare two subjects of *different* certificates for equality and becomes worse when certain fields are appearing more than once. To clarify, by equal I mean 'should behave in exactly the same way by all well-behaved implementations. Let's start easy. Consider the following subjects: subject1= /C=SE/O=FooBar/OU=BarFoo/CN=moo.koo.com subject2= /C=SE/OU=BarFoo/CN=moo.koo.com/O=FooBar Are these to be considered equal or not? I.e.: Does the order of elements matter? Does the order matter when fields are duplicate, i.e. are: subject1= /CN=foo/CN=bar subject2= /CN=bar/CN=foo equal? If they are not equal, does the first one have a special meaning? For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? I.e. could I access a webserver with the certificate subject as stated above by DNS foo *and* bar or only by one of them? One reason to ask for equality is that there maybe is a certificate X: issuerX = /O=myCA/OU=greatCA/CN=not subjectX= /CN=foo/CN=bar and it has a valid signature by a CA with the following subject: issuerX = /OU=greatCA/O=myCA/CN=not Is the certificate signature then valid? Any help is greatly appreciated! Best regards, Joe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] X.509 certificate subject format
Le 02/07/2012 10:34, Johannes Bauer a écrit : I have a rather simple question regarding X.509 subjects that is not entirely clear to me and for which I cannot find the appropriate reference (pointers greatly appreciated). The trouble starts when trying to compare two subjects of *different* certificates for equality and becomes worse when certain fields are appearing more than once. To clarify, by equal I mean 'should behave in exactly the same way by all well-behaved implementations. Let's start easy. Consider the following subjects: subject1= /C=SE/O=FooBar/OU=BarFoo/CN=moo.koo.com subject2= /C=SE/OU=BarFoo/CN=moo.koo.com/O=FooBar Are these to be considered equal or not? Not equal. I.e.: Does the order of elements matter? Does the order matter when fields are duplicate, i.e. are: The order of elements in a SEQUENCE matters. The order of elements in a SET doesn't matter (read X.690 to get DER rules). Comparison rules for AttributeAndValue elements follow X.520 recommendation (you have to canonicalize them before comparison). subject1= /CN=foo/CN=bar subject2= /CN=bar/CN=foo equal? Not equal. If they are not equal, does the first one have a special meaning? For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? I.e. could I access a webserver with the certificate subject as stated above by DNS foo *and* bar or only by one of them? This is not specified by X.509. Browsers tend to accept such a certificate for an accessed FQDN equal to either foo or bar. But you SHOULD place at most the first FQDN in a CN element in the subject, and other FQDN values in the subjectAlternativeName extension. One reason to ask for equality is that there maybe is a certificate X: issuerX = /O=myCA/OU=greatCA/CN=not subjectX= /CN=foo/CN=bar and it has a valid signature by a CA with the following subject: issuerX = /OU=greatCA/O=myCA/CN=not Is the certificate signature then valid? The signature may be cryptographically valid, but the names don't match, so /OU=greatCA/O=myCA/CN=not is not the issuer of /CN=foo/CN=bar (at least not in what you described, /CN=foo/CN=bar may have another certificate). -- Erwann ABALEA - Pas de panique, ça sera pire. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X.509 certificate subject format
On 07/02/2012 10:34 AM, Johannes Bauer wrote: Hi list, I have a rather simple question regarding X.509 subjects that is not entirely clear to me and for which I cannot find the appropriate reference (pointers greatly appreciated). The trouble starts when trying to compare two subjects of *different* certificates for equality and becomes worse when certain fields are appearing more than once. To clarify, by equal I mean 'should behave in exactly the same way by all well-behaved implementations. Let's start easy. Consider the following subjects: subject1= /C=SE/O=FooBar/OU=BarFoo/CN=moo.koo.com subject2= /C=SE/OU=BarFoo/CN=moo.koo.com/O=FooBar Are these to be considered equal or not? Not equal. beware, you are using a textual representation which is probably the one of openssl. So C=SE is the first in the DN sequence. Note that there is also the possibility to put several attribute into one RDN. I.e.: Does the order of elements matter? Yes. Does the order matter when fields are duplicate, i.e. are: subject1= /CN=foo/CN=bar subject2= /CN=bar/CN=foo equal? No. If they are not equal, does the first one have a special meaning? X.509 and RFC 5280 defines a hierachical order of the relative disdintiguised names that make up the sequence of the distinguished name. For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? No. I.e. could I access a webserver with the certificate subject as stated above by DNS foo *and* bar or only by one of them? This depends on the implemention of the client, and also whether you have a subjectAltName extension. If there is a sibjectAltName extension, the common name is (not supposed to be) used by a client. One reason to ask for equality is that there maybe is a certificate X: issuerX = /O=myCA/OU=greatCA/CN=not subjectX= /CN=foo/CN=bar and it has a valid signature by a CA with the following subject: issuerX = /OU=greatCA/O=myCA/CN=not Is the certificate signature then valid? The certificate signature may be cryptographically valid, but not the name chain in a path validation. At least it shouldn't, there had been errors in some toolkits in the past that treated the hierarchy as a heap of attributes. /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert PKCS7_decrypt output to char*
Hello, I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use this procedure to encrypt so that I can retreive the encrypted buffer into a char* (and not into a file). Here is the code: p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) return 0; char* chTest = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); BIO_get_mem_data(memorybio, chTest); cout chTest \n; Now, when I want to do the reverse, I do as follows: BIO* memorybio = BIO_new(BIO_s_mem()); int iLength = BIO_puts(memorybio, chEnc); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* inbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ BIO_flush(inbio); BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY); p7 = d2i_PKCS7_bio(inbio, p7); if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) return 0; The problem is that the PKCS7_decrypt does not work and it is not derypting correctly. Any idea how to solve it? Looking forward to your suggestions and comments. Thanks From: Florian Rüchel florian.ruec...@ruhr-uni-bochum.de To: openssl-users@openssl.org Sent: Monday, June 25, 2012 3:32 PM Subject: Re: Convert PKCS7_encrypt output to char* Hi, A good idea might be to use the following sequence to create a base64 encoded output (safe to send over network): memorybio = BIO_new(BIO_s_mem()); base64bio = BIO_new(BIO_f_base64()); outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ i2d_PKCS7_bio(outbio, s-request_p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); s-request_len = BIO_get_mem_data(memorybio, s-request_payload); I took this from a software called sscep just for reference. It base64 encodes the data and sends it over the network. On the other side it is easy to base64 decode it. As such it gives you the guarantee it is decoded correctly. On the other side you should of course also have the reverse chain, but I don't have an example at hand for that. Regards On 25.06.2012 15:04, Mohammad Khodaei wrote: Hello, I want to encrypt a small data using recipient public key and decrypt it on the receiver side using recipient private key. I chose PKCS7_encrypt and PKCS7_decrypt api to do so. Are they the correct functions? Is there any other alternative? Now my problem is that I want to convert the encrypted output of PKCS7_encrypt to char* to send it over TCP. I used i2d_PKCS7_fp, d2i_PKCS7_bio and d2i_PKCS7_fp to first write them in the file and later on read them and send them. Here is the procedure to encrypt: P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS); IF (!P7) GOTO ERR; FILE *FP = NULL; CHAR *FILE = HELLO; SIZE_T LEN = 0; FP = FOPEN(FILE, W); IF (FP == NULL) { PRINTF(ERROR IN OPENING A FILE.., FILE); } I2D_PKCS7_FP(FP, P7); FCLOSE(FP); And here is the code to decrypt? Is the procedure to convert is correct? FILE *P = NULL; CHAR *FILE = HELLO; P = FOPEN(FILE, R); IF (P == NULL) { PRINTF(ERROR IN OPENING A FILE.., FILE); } D2I_PKCS7_FP(P, P7); FCLOSE(P); IF (!P7) GOTO ERR; BIO* OUT; D2I_PKCS7_BIO(OUT, P7); IF (!(OUT2)) GOTO ERR; /* DECRYPT S/MIME MESSAGE */ IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, OUT, 0)) GOTO ERR; It does not work and even the out is not initialized. Any suggestion? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Padding used by the ca command
Hello! Which padding method does openssl use, when I sign a certificate with the 'ca' command (using an RSA key)? Is there a way to change it? cheers Mathias smime.p7s Description: S/MIME Cryptographic Signature
Re: [openssl-users] Padding used by the ca command
Bonjour, Le 02/07/2012 16:05, Mathias Tausig a écrit : Which padding method does openssl use, when I sign a certificate with the 'ca' command (using an RSA key)? RSA PKCS#1v1.5 Is there a way to change it? I don't think so. -- Erwann ABALEA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS in 1.0.1 windows 7 64 bit compile / link problems
Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS in 1.0.1 windows 7 64 bit compile / link problems
More than happy to help you Dirk, but we use MinGW here and it works ok. You could check the versions (OpenSSL version and FIPS version). Sergio. Date: Mon, 2 Jul 2012 18:05:54 +0200 From: noadsple...@web.de To: openssl-users@openssl.org Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Sergio, I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which combination are you using and which target (debug?) do you build? Will the function FIPS_corrupt_aes be exported and is the include file fips.h available? Thanks Dirk On 02.07.2012 18:30, Sergio NNX wrote: More than happy to help you Dirk, but we use MinGW here and it works ok. You could check the versions (OpenSSL version and FIPS version). Sergio. Date: Mon, 2 Jul 2012 18:05:54 +0200 From: noadsple...@web.de To: openssl-users@openssl.org Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
On Mon, Jul 02, 2012, Dirk Menstermann wrote: Hello Sergio, I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which combination are you using and which target (debug?) do you build? Will the function FIPS_corrupt_aes be exported and is the include file fips.h available? As I indicated HEAD wont work as it isn't currently FIPS capable. The (largely internal use) functions like FIPS_corupt_aes are not exported from the Windows DLL at present: do you have a specific need to call them? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Padding used by the ca command
On Mon, Jul 02, 2012, Erwann Abalea wrote: Bonjour, Le 02/07/2012 16:05, Mathias Tausig a écrit : Which padding method does openssl use, when I sign a certificate with the 'ca' command (using an RSA key)? RSA PKCS#1v1.5 Is there a way to change it? I don't think so. In openssl 1.0.1 and later you can use the -sigopt to change the signature format used. It currently supports PKCS#1 v1.5 and PSS. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Padding used by the ca command
Le 02/07/2012 19:38, Dr. Stephen Henson a écrit : On Mon, Jul 02, 2012, Erwann Abalea wrote: Le 02/07/2012 16:05, Mathias Tausig a écrit : Is there a way to change it? I don't think so. In openssl 1.0.1 and later you can use the -sigopt to change the signature format used. It currently supports PKCS#1 v1.5 and PSS. Thanks for the info. I kept the habit of looking in the source code because the help message isn't accurate, but the source I had here was a 1.0.0e. And -sigopt isn't mentioned in the help message ;) -- Erwann ABALEA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OCSP proxy support
Dr. Stephen others, Could you please shed some light on this? I need to talk to an OCSP responder through a proxy server. I am currently using OCSP_sendreq_nbio(). What is the best solution (including hacking the openssl code) to make it work? Thanks in advance, -binlu From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bin Lu Sent: Tuesday, May 22, 2012 7:00 PM To: openssl-users@openssl.org Subject: OCSP proxy support Hi, Is BIO_set_proxies() supported in 1.0.1? What is the proxy solution for OCSP query? Thanks, -binlu
RE: Client certificate verification: performance
From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople Sent: Friday, 29 June, 2012 19:37 Following is the code I used at server side program. while (1) { SSL *ssl = SSL_new(ctx); SSL_set_fd(ssl, clientserver[1]); if (SSL_accept(ssl) != 1) break; result.handshakes++; SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN); SSL_free(ssl); } I presume there's some synchronization, not shown, so the SSL_accept (and remainder) only executes once a socket connection from the/a client exists. If this is a single loop as shown and not threaded, you are including network transmission/latency in your measurement. Unless you care about performance wrt a single client that does one connection at a time, this gives inaccurate results; most servers accept multiple connections usually from multiple clients concurrently and can overlap computation with I/O. This is the server loop I used to handle the requests from the client. Where ctx is configures ad follows: SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_client_certificate); /* Set the verification depth */ SSL_CTX_set_verify_depth(ctx, VERIFICATION_DEPTH); I had to also include following code: int verify_client_certificate(int ok, X509_STORE_CTX* store) { snip To be exact, you must have a function with that parameter types and return type. Its *content* can vary if appropriate. I presume you are also setting the cert/privatekey and truststore (usually CAfile and/or CApath); without the former in the server no authenticated suite can proceed, and without the latter in the server if the client does auth (i.e. supplies a cert) OpenSSL can't verify and every SSL_accept (with the verify callback shown) should fail. To clarify, 1. server does uses Openssl. 2. Full handshakes are done. We don't know that from the code shown. SSL_accept can do either a full or abbreviated handshake; so can SSL_connect. 3. SSL object is created and [freed] for each handshake. Therefore, ideally, session should not be cached. Since I am trying to create a new ssl object. There is similar counter code at client side. Do you see my conclusions right? Session caching is done at the SSL_CTX level, not the SSL level, so using new SSL objects doesn't prevent caching. And OpenSSL's default for server caching is on. However, if your client also uses OpenSSL in a similar way, that defaults to off, and if so full handshakes are indeed occurring. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL_read, SSL_write confusion
From: owner-openssl-us...@openssl.org On Behalf Of Dogan Kurt Sent: Friday, 29 June, 2012 15:14 Hi, i am developing a client app with openssl. I use SSL_read and SSL_write in blocking mode, i just cant figure out something about them, if server sends me 10 kb and i call SSL_read just once, can i assume that i will receive all the data at once. I use simple recv call with that classic approach, should i use SSL_read in this way? snip: typical recv-until-full-or-EOF-or-error Maybe. For plain TCP in the wild (not on a LAN of your own systems) this is really needed. Not only can either endpoint fragment, but increasing numbers and types of middleboxes can also. Basically if your application doesn't keep reading until it has 'enough' data -- whatever that means for your app, it may be everything (as you coded) or it may be less using protocols like HTTP, SMTP, FTP, etc. etc. -- then it won't reliably work on the Internet. SSL/TLS formally promises only the same stream behavior as TCP. But SSL/TLS is implemented using records which must be (decrypted and) authenticated as a whole, and IME most implementations (including OpenSSL) send one 'write' as a record if possible, and receive one record as a 'read'. Thus only the sender can fragment not the network; while this can still happen, it is easier to determine and sometimes to control. First, SSL/TLS defines a maximum record of 16K-1, so any data larger than that MUST be fragmented. *If* your 10k *stays* 10k and doesn't grow with new users or application features etc., you're okay on this front. But even below the maximum, a sender can choose to fragment. In particular, Microsoft for one 'solved' the BEAST attack last fall with a change (MS12-006) which splits data after one byte. This defense is only useful for CBC suites before TLS 1.1, but I haven't tested if the implementation limits it that way. And I don't know if it applies to servers as well as clients, although browser semi-shared execution environment that allowed the BEAST attacker to send adaptive plaintext applies differently if at all in a server. During that time, I saw discussions by other implementers about doing the same 1/(N-1) method but I don't know if any did. OpenSSL years ago implemented a 0/N approach which does not fragment records but reportedly does or at least did cause interop problems with some implementations that mishandle empty records. To be on the safe side, and robust to future changes in either your application or OpenSSL or other SSL implementations, do the read loop. It's usually easy enough. On the write side, OpenSSL by default (unless you set an option) will always write (and return) full count, even if this involves multiple records, unless 'error' -- which includes EWOULDBLOCK if you use nonblocking; but if you're not using nonblocking for TCP then I suspect you probably won't for SSL either. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AUTO: Peter Birk pb...@us.ibm.com is out of the office until July 16th, 2012
I am out of the office until 07/16/2012. I'm out of the office until July 16th, 2012. I will have limited network access but will likely be checking for urgent emails daily. If you have questions about any of the following projects, please contact those listed below. For all other questions, please contact my manager Carlos A Hoyos caho...@us.ibm.com. Thanks! IBM Certificate Authority / Client Certificates:Gabriel Pereira Borges gpbor...@br.ibm.com Simplified Web SSO: Michael K Ackerbauer mac...@us.ibm.com ISAM ESSO 8.2 Pilot: Michael K Ackerbauer mac...@us.ibm.com Two-Factor Authentication: Michael K Ackerbauer mac...@us.ibm.com Encryption Recovery Service: Pedro Irlandini Endres de Oliveira pedr...@br.ibm.com Endpoint Registration Service: Pedro Irlandini Endres de Oliveira pedr...@br.ibm.com Regards, Pete Note: This is an automated response to your message RE: Client certificate verification: performance sent on 07/02/2012 20:53:10. This is the only notification you will receive while this person is away.