Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
Am 18.02.15 um 13:19 schrieb Stephan Mühlstrasser: Unfortunately the -no_explicit command line option is not documented: https://www.openssl.org/docs/apps/ocsp.html What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the -no_explicit command line option. What exactly is checked by the X509_check_trust() call above with respect to the relevant RFCs? As there is no documentation and as noone seems to know the meaning of the -no_explicit for openssl ocsp, should I file a documentation defect in RT for that? If I understand the code in OCSP_basic_verify() that is depending on the OCSP_NOEXPLICIT flag correctly, it checks the root CA for the presence of the OCSPSigning flag in the extended key usage field. I could not find anything in RFC 6960 and RFC 2560 that would mandate such a check for the root CA certificate. Only the OCSP signing certificate must have OCSPSigning in the extended key usage field. So maybe it is even a bug in the code itself? -- Stephan ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
As there is no documentation and as noone seems to know the meaning of the -no_explicit for openssl ocsp, should I file a documentation defect in RT for that? yes, please. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On Tue, Feb 24, 2015, Richard Welty wrote: On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. it will not be detached, and will be in BER form. shortcuts (as long as they're in a documented API) are welcome as this is in a path that should be fast. So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). A couple of those functions are currently undocumented (that will be fixed) but nothing in that involves using structure internals. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote: What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the -no_explicit command line option. What exactly is checked by the X509_check_trust() call above with respect to the relevant RFCs? If the responder root CA is set to be trusted for OCSP signing then it can be used to sign OCSP responses for any certificate (aka a global responder). This comes under: 1. Matches a local configuration of OCSP signing authority for the certificate in question or alternatively: Additional acceptance or rejection criteria may apply to either the response itself or to the certificate used to validate the signature on the response. from RFC2560 et al. If the -no_explicit flag is set or OCSP_NOEXPLICIT is set then this behaviour is disabled. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. it will not be detached, and will be in BER form. shortcuts (as long as they're in a documented API) are welcome as this is in a path that should be fast. thanks, richard -- rwe...@averillpark.net Averill Park Networking - GIS IT Consulting OpenStreetMap - PostgreSQL - Linux Java - Web Applications - Search signature.asc Description: OpenPGP digital signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] fips_ecdhvs failing for non Prime Curves
On Mon, Feb 23, 2015, Bala Duvvuri wrote: Hi All, I am trying to test the FIPS ECDH support present in OpenSSL i.e trying to run the fips_ecdhvs.c test. When you say ECDH support present in OpenSSL do you mean in the FIPS module or in OpenSSL itself? If you mean in OpenSSL itself then you need to use cofactor ECDH for the tests which is only supported in OpenSSL 1.0.2 and later (it is supported in the FIPS module). The results for cofactor ECDH differ from ECDH if the curve cofactor is not 1: this is true for several binary curves which would account for the differences you were seeing. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On Mon, Feb 23, 2015, Richard Welty wrote: i'm starting on some work that needs to use CMS in an application, and i'm having trouble getting my head wrapped around how to handle the case of verifying a signature and then decrypting the enveloped data that has been signed. specifically, i'm not grasping how to extract the encrypted data to pass to CMS_decrypt after verification is done. do i need to use a BIO filter for this or is there some other mechanism i'm not seeing? Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS methods and symlinks
Hello, To grasp how FIPS methods are called, and following one method as an example, HMAC_Update() in hmac.c, we can see that if FIPS mode is active then FIPS_hmac_update() will be called. This is fine although searching the sources for the physical definiton of FIPS_hmac_update() does not yield any results. How does the symbolic links function, what ends up being executed in this case and through which path ? Thanks, regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t
On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote: I need your authoritative answer on the following question. [snip stuff that is too long] You are totally overthinking this. The SSL protocol involves negotiation, during which the sender and the receiver exchange data with each other. What this means is that during either SSL_read, or SSL_write, openssl might try to write or read respectively. If your non-blocking code isn’t geared to handle this, you might end up either hanging or spinning as you wait for the wrong event. The SSL_WANTS_READ response code is a warning that means “I want to read during SSL_write, are you ok with me doing this?”. The SSL_WANTS_WRITE response code is a warning that means “I want to write during SSL_read, are you ok with me doing this?”. In both cases, once you have determined that it is ok to read, or ok to write, you simply retry SSL_write() or SSL_read() again. For example, a read loop: sense = READ; while (sense == READ ? if_ready_to_read() : if_ready_to_write()) { rc = SSL_read(); if (rc == SSL_WANT_WRITE) { sense = WRITE; } else { sense = READ; } // do stuff with what you read (you may have read nothing, but that’s fine too) } Regards, Graham — ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote: Do I understand it correctly then that a local configuration of OCSP signing authority here means that it is a deliberate choice inside OpenSSL itself to look for the OCSPSigning flag in the extended key usage of the root CA, although RFC 2560 does not say so? No it's a separate thing called a trust setting which is not part of the certificate itself . This is something which has to be explicitly configured to trust that root CA for OCSPSigning. It's OpenSSL's version of the trust settings you see in browsers. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
Am 24.02.2015 um 16:19 schrieb Salz, Rich: As there is no documentation and as noone seems to know the meaning of the -no_explicit for openssl ocsp, should I file a documentation defect in RT for that? yes, please. Never mind, Stephen already fixed the doc in master :) Sorry, I sent already a message to the RT address. -- Stephan ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
As there is no documentation and as noone seems to know the meaning of the -no_explicit for openssl ocsp, should I file a documentation defect in RT for that? yes, please. Never mind, Stephen already fixed the doc in master :) ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson: If the responder root CA is set to be trusted for OCSP signing then it can be used to sign OCSP responses for any certificate (aka a global responder). This comes under: 1. Matches a local configuration of OCSP signing authority for the certificate in question or alternatively: Additional acceptance or rejection criteria may apply to either the response itself or to the certificate used to validate the signature on the response. from RFC2560 et al. If the -no_explicit flag is set or OCSP_NOEXPLICIT is set then this behaviour is disabled. Do I understand it correctly then that a local configuration of OCSP signing authority here means that it is a deliberate choice inside OpenSSL itself to look for the OCSPSigning flag in the extended key usage of the root CA, although RFC 2560 does not say so? -- Stephan ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS methods and symlinks
On Tue, Feb 24, 2015, jonetsu wrote: Hello, To grasp how FIPS methods are called, and following one method as an example, HMAC_Update() in hmac.c, we can see that if FIPS mode is active then FIPS_hmac_update() will be called. This is fine although searching the sources for the physical definiton of FIPS_hmac_update() does not yield any results. How does the symbolic links function, what ends up being executed in this case and through which path ? Function names get changed through fips/fipssyms.h in the FIPS module source. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS methods and symlinks
On Tue, 24 Feb 2015 16:16:17 + Dr. Stephen Henson st...@openssl.org wrote: On Tue, Feb 24, 2015, jonetsu wrote: Hello, To grasp how FIPS methods are called, and following one method as an example, HMAC_Update() in hmac.c, we can see that if FIPS mode is active then FIPS_hmac_update() will be called. This is fine although searching the sources for the physical definiton of FIPS_hmac_update() does not yield any results. How does the symbolic links function, what ends up being executed in this case and through which path ? Function names get changed through fips/fipssyms.h in the FIPS module source. Yes, for instance there is: #define HMAC_Update FIPS_hmac_update My question is about not having found FIPS_hmac_update. If it is called, then where is it ? May sound like a simple question, although grep did not return any actual method. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPSLD 2.0.5 (HP-UX AI64 11.23) fails to link with pthread error
Have you tried changing FIPSLD_CC and FIPSLD_LINK to include the necessary options (e.g. -mt)? Note: it might be simpler to modify fipsld instead, depending on how easy/hard it is to maintain spaces properly when settings FIPSLD_CC and FIPSLD_LINK. Since the fipsld script is just a convenience script to help you meet the requirements of the security policy, you’re free to modify it. Just don’t modify it such that the security policy is no longer followed. Generally speaking, adding more options to the compile and link steps will be safe. TOM On Feb 23, 2015, at 4:36 AM, Mrunal Nerpawar p.mru...@gmail.com wrote: Details == Fips 2.0.5 configured with no-asm and threads. Openssl 1.0.1H configured with shared, fips, threads no-asm (many alogos omitted) compiler - using aCC 6.25 on HPUX-IA64 11.23. bash-2.05$ aCC --version aCC: HP C/aC++ B3910B A.06.25.02 [Nov 25 2010] bash-2.05$ product linking with fipsld fails with error ... = :DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0): Cannot dlopen load module '/usr/lib/hpux32/libpthread.so.1' because it contains thread specific data. Options tried == * Compiling Cxx sources with -mt. * Linking with -lpthread, * setting LD_PRELOAD. None worked effectively. with LD_PRELOAD option, ended up getting error - undefined symbol Ztil, etc. complete error is as follows. = Building shared library objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 FIPSLD_CC=aCC FIPSLD_LINK=aCC /unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/fipsld +Z -b -g -O2 -AA -Wl,+s +tls=dynamic -o objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 objs/HP-UX-B.11.23-ia64-64/stdafx.o objs/HP-UX-B.11.23-ia64-64/UserUtil.o objs/HP-UX-B.11.23-ia64-64/LSSpawner.o objs/HP-UX-B.11.23-ia64-64/LSFilter.o objs/HP-UX-B.11.23-ia64-64/LSCmdOutputParser.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_1.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_2.o objs/HP-UX-B.11.23-ia64-64/GroupUtil.o objs/HP-UX-B.11.23-ia64-64/ShadowHelper.o objs/HP-UX-B.11.23-ia64-64/BlockedFiles.o objs/HP-UX-B.11.23-ia64-64/NISUtil.o objs/HP-UX-B.11.23-ia64-64/Utilities.o objs/HP-UX-B.11.23-ia64-64/MachineUtil.o objs/HP-UX-B.11.23-ia64-64/BvNetworkInfo.o objs/HP-UX-B.11.23-ia64-64/NSSwitch.o objs/HP-UX-B.11.23-ia64-64/FileUtil_1.o objs/HP-UX-B.11.23-ia64-64/FileUtil_2.o objs/HP-UX-B.11.23-ia64-64/SecurityThreatCheck.o objs/HP-UX-B.11.23-ia64-64/UserEnumerator.o objs/HP-UX-B.11.23-ia64-64/LocalUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/UnixUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/WinUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/GetEntHandler.o objs/HP-UX-B.11.23-ia64-64/UnixShadowReader.o objs/HP-UX-B.11.23-ia64-64/EtcShadowReader.o objs/HP-UX-B.11.23-ia64-64/UnixEtcShadowReader.o objs/HP-UX-B.11.23-ia64-64/AIXShadowHelper.o objs/HP-UX-B.11.23-ia64-64/HPLoginsShadowHelper.o objs/HP-UX-B.11.23-ia64-64/HPTcbShadowHelper.o objs/HP-UX-B.11.23-ia64-64/UnixHPShadowReader.o objs/HP-UX-B.11.23-ia64-64/ProcessUtil.o objs/HP-UX-B.11.23-ia64-64/FieldUtils.o objs/HP-UX-B.11.23-ia64-64/LoggedInUserInfo.o objs/HP-UX-B.11.23-ia64-64/TcpdRulesParser.o objs/HP-UX-B.11.23-ia64-64/DirectoryUtil.o objs/HP-UX-B.11.23-ia64-64/Timestamp.o objs/HP-UX-B.11.23-ia64-64/Timespan.o objs/HP-UX-B.11.23-ia64-64/NumberFormatter.o objs/HP-UX-B.11.23-ia64-64/DateTimeParser.o objs/HP-UX-B.11.23-ia64-64/DateTimeFormatter.o objs/HP-UX-B.11.23-ia64-64/DateTimeFormat.o objs/HP-UX-B.11.23-ia64-64/DateTime.o objs/HP-UX-B.11.23-ia64-64/Timezone.o objs/HP-UX-B.11.23-ia64-64/LocalDateTime.o objs/HP-UX-B.11.23-ia64-64/RFUtilities.o objs/HP-UX-B.11.23-ia64-64/OpenPortUtil.o objs/HP-UX-B.11.23-ia64-64/AIXStanzaReader.o objs/HP-UX-B.11.23-ia64-64/Bugcheck.o objs/HP-UX-B.11.23-ia64-64/DateTime.o objs/HP-UX-B.11.23-ia64-64/Debugger.o objs/HP-UX-B.11.23-ia64-64/Exception.o objs/HP-UX-B.11.23-ia64-64/GroupEnumerator.o objs/HP-UX-B.11.23-ia64-64/UnixGroupEnumerator.o objs/HP-UX-B.11.23-ia64-64/FileInfoFetcher.o objs/HP-UX-B.11.23-ia64-64/UnixFileInfoAccessor.o objs/HP-UX-B.11.23-ia64-64/FileStatSysCallProcessor.o objs/HP-UX-B.11.23-ia64-64/StatSysCallFileInfoFetcherImpl.o objs/HP-UX-B.11.23-ia64-64/FileInfoAccessor.o objs/HP-UX-B.11.23-ia64-64/FileProcessorObjectFactory.o objs/HP-UX-B.11.23-ia64-64/UUID.o objs/HP-UX-B.11.23-ia64-64/RandomStream.o objs/HP-UX-B.11.23-ia64-64/Random.o objs/HP-UX-B.11.23-ia64-64/SHA1Engine.o objs/HP-UX-B.11.23-ia64-64/DigestEngine.o objs/HP-UX-B.11.23-ia64-64/FileDescriptorUtil.o objs/HP-UX-B.11.23-ia64-64/PasswordInfo.o objs/HP-UX-B.11.23-ia64-64/DictionaryReader.o objs/HP-UX-B.11.23-ia64-64/PasswordCracker.o
Re: [openssl-users] FIPS methods and symlinks
On Feb 24, 2015, at 9:42 PM, jone...@teksavvy.com wrote: On Tue, 24 Feb 2015 16:16:17 + Dr. Stephen Henson st...@openssl.org wrote: On Tue, Feb 24, 2015, jonetsu wrote: Hello, To grasp how FIPS methods are called, and following one method as an example, HMAC_Update() in hmac.c, we can see that if FIPS mode is active then FIPS_hmac_update() will be called. This is fine although searching the sources for the physical definiton of FIPS_hmac_update() does not yield any results. How does the symbolic links function, what ends up being executed in this case and through which path ? Function names get changed through fips/fipssyms.h in the FIPS module source. Yes, for instance there is: #define HMAC_Update FIPS_hmac_update My question is about not having found FIPS_hmac_update. If it is called, then where is it ? May sound like a simple question, although grep did not return any actual method. You’ll find it in the FIPS Object Module. But in the source for the FIPS Object Module, it’s called HMAC_Update. You just need to read the table backwards. If you want to understand why, think about it a moment. The module is mostly just a specific, tested, version of OpenSSL’s libcrypto (with extra fluff added, and some stuff removed*). It was pretty simple** to just keep the source identical (with appropriate #ifdef to control adding in the fluff and removing other things), and then rename all the symbols in the result to avoid duplicate symbols. It may make it a little harder to follow after the fact, but it’s really not that hard — HMAC_Update() in your FIPS-capable libcrypto will invoke the renamed HMAC_Update() in the FIPS Object Module when operating in FIPS mode. Steve Marquess: Is the document (which IIRC, you published back before the first validation) on how/why the FIPS Object Module was coded still available somewhere? If so, that’d probably be a good starting point for people who post questions like this. It’s certainly not something that’s easy to figure out if one doesn’t already have an idea of what’s going on. :) TOM * That’s probably not the best way to put it, it’s certainly not precise. :) ** Says a guy who in no way contributed to that effort. :) ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users