Re: [openssl-users] Getting certificates from smartcards

2015-07-22 Thread Anirudh Raghunath
Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO 
*err, const char *file, int format, const char *pass, ENGINE *e, const char 
*cert_descrip) function then? If yes, then can someone elaborate on how to use 
this function? Thanks.


 On Tuesday, 21 July 2015 10:56 PM, Anirudh Raghunath 
anirudhraghun...@rocketmail.com wrote:
   

 Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO 
*err, const char *file, int format, const char *pass, ENGINE *e, const char 
*cert_descrip) function then? If yes, then can someone elaborate on how to use 
this function? Thanks 


 On Tuesday, 21 July 2015 8:19 PM, Victor Wagner vi...@wagner.pp.ru wrote:
   

 On Tue, 21 Jul 2015 13:58:21 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Ah okay, that clears up quite a lot of doubts. But the certificate I
 want to load is a self signed certificate which has a private key
 attached to it. I used the XCA application to export the
 certificate-private key pair as a p12 file to the smart card. What
 should I do to get the certificate in this case? Thanks.
 

It doesn't matter how you've installed certificate into smart card.
Once it, and its corresponding private key is installed on the card,
you can access them separately, using PKCS#11 API (and command-line
pkcs11-tool utility). So, you can extract just certificate from
certificate-private key pair and put it into the file (but typically
you cannot extract private key. You can only use PKCS11 API or OpenSSL
ENGINE API on top of it to perform cryptographic operations with this
private key. This is what smartcards are for). 

If you have opensc pkcs11 engine, you also should have pkcs11-tool from
opensc project.

Use 

pkcs11-tool --module your pkcs11 module --list-objects

to find out which certificate-private key pairs are available on your
card (you probably already know ID of your key pair, because you've used
ENGINE_load_private_key, and it requires key id as argument).

Then use

pkcs11-tool --module your pkcs11 module --write-object id 
 --type cert --output-file filename.der

to extract certificate from card.  You can then convert it to pem
format using 

openssl x509 -in filename.der -inform DER -out filename.pem

or can just use function SSL_CTX_use_certificate_file passing
SSL_FILETYPE_ASN1 as its argument.

Personally I consider it ugly that one need to extract certificate from
token before it can be used in openssl-based applications for any
purpose except SSL-client authentication.

Function

int ENGINE_load_certificate(ENGINE *e, const char *key id,
    UI_METHOD *ui_method, void *callback_data)

is clearly missing from API.

Existence of such function would allow to use smartcards and other
hardware tokens to be used

1. In the server applications
2. In the non-SSL (i.e. CMS signing) applications
3. For secondary protocols like OCSP or timestamping authority.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


   
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Anirudh Raghunath
Thanks for the quick response. I am currently working with smart cards and am 
using the engine provided by openSC to access the private key in the smart 
card. Long story short I have the EVP_PKEY object with me. Can I use this to 
sign a certificate or some file which can be used for SSL client verification. 
Merci 


 On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea 
erwann.aba...@opentrust.com wrote:
   

 Bonjour,
An X.509 certificate is:
Certificate  ::=  SEQUENCE  {        tbsCertificate       TBSCertificate,       
 signatureAlgorithm   AlgorithmIdentifier,        signatureValue       BIT 
STRING  }
What you produced with « openssl rsautl -sign » is the content of the « 
signatureValue » element (not its BIT STRING structure, only the inner 
content).What is missing is all the rest, and it can’t be produced by the sole 
« openssl x509 … » command.
Please refine your question.
Cordialement,Erwann Abalea



Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com a 
écrit :
Hello,
I have used rsault -sign option to sign a text file which gives me a binary 
file. I would like to convert this to X509 so that I can use it in a ssl 
handshake. I understand the command:
openssl x509 -inform format -in certfile -out cert.pem 
is used. I want to know what the parameters would be for a binary input file.
Thanks in advance. ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Victor Wagner
On Wed, 22 Jul 2015 09:17:43 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Hello,
 I have used rsault -sign option to sign a text file which gives me a
 binary file. I would like to convert this to X509 so that I can use
 it in a ssl handshake. I understand the command: openssl x509 -inform
 format -in certfile -out cert.pem is used. I want to know what
 the parameters would be for a binary input file. Thanks in advance. 

Unfortunately signed text file and certificate are quite different
things.

Of course, certificate is signed electronic document. But it is
document of special binary format, which contains public key and
information about owner of corresponding private key.

And typically, it is not signed by you, it is signed by Certificate
Authority (known to server).

When you use certificate (and corresponding private key) during SSL
handshake, it means than server sends you something, you sign this
something using your private key and send signature to server along
with certificate.

Server verifies signature under data, which it remembers it have been
sent to you, using public key contained in the certificate, and says
Ok, this guy really owns private key corresponding to public key in
this certificate. It also verifies signature under certificate using
known beforehand and trusted CA certificates, to make sure that  public
key stored in the certificate
really belongs to person mentioned in the certificate subject field.

So, if you sign some text file using your certificate, this signature
cannot be used in the SSL handshake any way. Because you've signed some
text file, not a challenge send by server during SSL handshake.

This signature proves that you, owner of private key,
have had access to
this text file (provided your private key is not compromised), but
there is no way to use this signature to prove that your are one, who
established connection with server. To prove so, you have to sign
something send to your from server, not some data, known beforehand. 

Really, option -sign of this utility may produce some signed document
format such as PKCS#7 or CMS, which contains signer's certificate.

For same purpose which I've described above. If someone wants to verify
if you've signed this file, one should have your certificate, with
public key and your name in it. Simplest way to ensure this is to
attach certificate to the signed message. Then recipient of message can
validate certificate, extracted from message with known and trusted CA
and then use it to verify signature under message.

If you want use such a curved way to extract certificate from card, it
is possbile, provided that your  rsautl produces standard signed message
format, i.e PKCS#7

may be

openssl pkcs7 -inform der -in signedfile.bin -print_certs

would do the trick and write certificate of one who signed the file into
filename.pem

But this is not called convert signed file to X509 format, it is
called extract X509 certificate from signed file.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Anirudh Raghunath
Thank you for the extremely elaborate answer. Now I understand the big picture. 
I want to attach a file from the server side which can be collected in the 
client program(the test) and I want to sign it and send it back. I have the ssl 
server client connection ready through socket and ssl code. I want to know if 
there is a function to load the random file to the SSL_CTX object the way we do 
with certificates. Thanks anyways for taking the time to answer my trivial 
doubts :). 


 On Wednesday, 22 July 2015 12:12 PM, Victor Wagner vi...@wagner.pp.ru 
wrote:
   

 On Wed, 22 Jul 2015 09:17:43 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Hello,
 I have used rsault -sign option to sign a text file which gives me a
 binary file. I would like to convert this to X509 so that I can use
 it in a ssl handshake. I understand the command: openssl x509 -inform
 format -in certfile -out cert.pem is used. I want to know what
 the parameters would be for a binary input file. Thanks in advance. 

Unfortunately signed text file and certificate are quite different
things.

Of course, certificate is signed electronic document. But it is
document of special binary format, which contains public key and
information about owner of corresponding private key.

And typically, it is not signed by you, it is signed by Certificate
Authority (known to server).

When you use certificate (and corresponding private key) during SSL
handshake, it means than server sends you something, you sign this
something using your private key and send signature to server along
with certificate.

Server verifies signature under data, which it remembers it have been
sent to you, using public key contained in the certificate, and says
Ok, this guy really owns private key corresponding to public key in
this certificate. It also verifies signature under certificate using
known beforehand and trusted CA certificates, to make sure that  public
key stored in the certificate
really belongs to person mentioned in the certificate subject field.

So, if you sign some text file using your certificate, this signature
cannot be used in the SSL handshake any way. Because you've signed some
text file, not a challenge send by server during SSL handshake.

This signature proves that you, owner of private key,
have had access to
this text file (provided your private key is not compromised), but
there is no way to use this signature to prove that your are one, who
established connection with server. To prove so, you have to sign
something send to your from server, not some data, known beforehand. 

Really, option -sign of this utility may produce some signed document
format such as PKCS#7 or CMS, which contains signer's certificate.

For same purpose which I've described above. If someone wants to verify
if you've signed this file, one should have your certificate, with
public key and your name in it. Simplest way to ensure this is to
attach certificate to the signed message. Then recipient of message can
validate certificate, extracted from message with known and trusted CA
and then use it to verify signature under message.

If you want use such a curved way to extract certificate from card, it
is possbile, provided that your  rsautl produces standard signed message
format, i.e PKCS#7

may be

openssl pkcs7 -inform der -in signedfile.bin -print_certs

would do the trick and write certificate of one who signed the file into
filename.pem

But this is not called convert signed file to X509 format, it is
called extract X509 certificate from signed file.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Sending files in SSL communication

2015-07-22 Thread Salz, Rich
What you want is application-specific, not part of the TLS protocol.  So you 
have to use SSL_read/SSL_write and pull the data out as needed.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Warnings Compiling openssl 1.0.2d

2015-07-22 Thread Jeffrey Walton
On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote:
 On 22/07/2015 01:21, Jeffrey Walton wrote:

 For the stragglers, I don't think its a stretch to ask C99 in 2015.

 Visual Studio is often used on Windows, and it is not C99.

 Oh my, I was not aware it was still struggling for C99 :) I guess
 Microsoft is still putting their energies into the one-size, tablet
 interface known as Windows 8, fits all, even on desktops without a
 touchscreen.

 On the good side, MSVC does not need to be 100% compliant. It just
 needs to support initialization at time of declaration. That
 particular feature works.

 Isn't that a C89 (or maybe even KR) feature?

I thought that was C99. I think Ben Laurie even corrected me with some
OpenSSL sample code because I initialized a variable without using
-std=c99.

 There is another problem though: Blindly initializing
 every variable with dummy values (because the correct
 value comes from one or more if() branches), only
 achieves two things, both bad:

 - It hides correct warnings in case one of those if()
  branches forgets to set the variable, before it is
  read.

 - It potentially confuses less-than-halting-problem-
  solving optimizers to needlessly generate code that
  allocates and initializes the variable because they
  cannot detect (within their compile time resource
  limits) that the dummy value is (hopefully) never
  used.

 The second problem is almost guaranteed to happen on
 any compiler/option combination that would otherwise
 falsely warn about the variable being maybe-
 uninitialized.  This is because most compilers
 generate that warning as a side effect of the
 optimizer trying to figure out if the garbage or
 dummy value will be used by the code.

What, exactly is the problem? The program is in a known state. As far
as I know, that's the best state to be in.

And that's why managed languages like Java and .Net are so popular.
When a variable is declared, it gets placed in a known state
immediately. It relieves the programmer of remembering pesky details
like, remember to initialize your variables to a known state.

Jeff
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Sending files in SSL communication

2015-07-22 Thread Salz, Rich
 But is there a way to send text files through SSL_write()? 

No. 
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Size of OpenSSL ECDSA/DSA Implementation

2015-07-22 Thread Jakob Bohm

On 21/07/2015 22:07, Michaela Schoenbauer wrote:

Hi,

I'm currently working on my Master thesis, and the topic is about 
ECDSA implementations and DSA implementations in the context of small 
embedded systems.


I'd like to try out OpenSSL but I'm not sure if I can configure it to 
be small enough for the embedded devices I use.
For my purpose a custom built of the library should exclude all 
SSL/TLS functionality and only include (a) ECDSA support and (b) DSA 
support in another built.


Does anyone know how small I can make the OpenSSL library? May the 
results be smaller than 10KB or which results can I expect?


If anyone already tried something similar or has some answers/hints I 
would be thankful.

Unfortunately, since the introduction (many years ago)
of the EVP interface abstraction, it has gotten a lot
harder to link libcrypto (the non-SSL part of OpenSSL)
with just a few algorithms and little else.

Best chance is to:

1. Use OpenSSL 1.0.2, not the future 1.1.0 which has
  removed some of what you need for this.

2. Build OpenSSL as static libraries, not as shared
  libraries/DLLs.

3. Use the raw ecdsa/dsa functions from ecdsa.h/dsa.h

4. Write your test program to only do the signing OR
  verification, not the key generation or other
  functions.

5. Write your test program to operate directly on the
  internal structures so you don't need the code space
  for the i2d/d2i conversion functions.

6. Use linker diagnostics and/or object dumper programs
  to see which functions and source files get linked
  into your embedded binary.

7. Look at the actual implementation code in the OpenSSL
  source code to see if there is even more that can be
  trimmed out, e.g. by splitting some source files that
  contain multiple functions so one file contains the
  functions you use, and another file ther other.

8. Look at the actual ecdsa/dsa implementation code to
  see if it invokes the RNG for each signature or uses
  a cryptographic formula to deterministically generate
  a message/key dependent adversary unknowable
  per-signature key.
   This makes a big size difference because the RNG
  itself needs so much non-dsa code.

9. For ecdsa, look at the implementation code to see
  if it branches into different implementations
  depending on the curve used for the public/private
  key pair.  If so, create a special version
  supporting only the curve you use for your test.

With all this, you might be able to get a code size a
lot smaller than what you would get by just following
the official guides on how to do the same operation
with supported high level functions.  But I am not
at all sure if you can still get as low as you need.

A completely different approach is to just cut and
paste snippets from the OpenSSL ecdsa/dsa code and
hand optimize it for minimum size.

As another datapoint for your investigation, the
ECDSA-like signature scheme recently promoted by
D.J.Bernstein apparently hand optimized assembler
code, yet I seem to recall it being larger than
10Kio code.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[openssl-users] Sending files in SSL communication

2015-07-22 Thread Anirudh Raghunath
Hello all,
I have a ssl server client connection set up which I have written in C using 
sockets and openssl. I understand that I can attach a certificate of the server 
and send it to the client by attaching it to the SSL_CTX object. I used the 
SSL_CTX_use_certificate_file to do so. Now I can retrieve that certificate by 
using SSL_get_peer_certificate function on the client side. I also want to send 
a test( say a text file) from the server to the client for the client to sign 
it and send it back. What function do I use to do so? Is it similar to the way 
we attach certificates to the SSL_CTX? And how do I retrieve it on the client 
side?Thanks in advance.___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Sending files in SSL communication

2015-07-22 Thread Anirudh Raghunath
But there is a way in which the server sends a test( for example a random 
number) and the client signs it with his private key right?


 On Wednesday, 22 July 2015 1:30 PM, Anirudh Raghunath 
anirudhraghun...@rocketmail.com wrote:
   

 But is there a way to send text files through SSL_write()? If so, can you 
please give a small example? Thanks. 


 On Wednesday, 22 July 2015 1:27 PM, Salz, Rich rs...@akamai.com wrote:
   

 What you want is application-specific, not part of the TLS protocol.  So you 
have to use SSL_read/SSL_write and pull the data out as needed.


   
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Erwann Abalea
Bonjour,

An X.509 certificate is:

Certificate  ::=  SEQUENCE  {
tbsCertificate   TBSCertificate,
signatureAlgorithm   AlgorithmIdentifier,
signatureValue   BIT STRING  }

What you produced with « openssl rsautl -sign » is the content of the « 
signatureValue » element (not its BIT STRING structure, only the inner content).
What is missing is all the rest, and it can’t be produced by the sole « openssl 
x509 … » command.

Please refine your question.

Cordialement,
Erwann Abalea



 Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com 
 a écrit :
 
 Hello,
 
 I have used rsault -sign option to sign a text file which gives me a binary 
 file. I would like to convert this to X509 so that I can use it in a ssl 
 handshake. I understand the command:
 
 openssl x509 -inform format -in certfile -out cert.pem 
 
 is used. I want to know what the parameters would be for a binary input file.
 
 Thanks in advance. 
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Regarding the security of the keys

2015-07-22 Thread Frank Thater
Hi,

I my opinion the only way to securely handle your keys is the usage of
some kind of Hardware Security Module, e.g.

www.smartcard-hsm.com
www.yubico.com

These lightweight HSMs provide a PKCS#11 interface which can be
integrated using the PKCS#11 engine of OpenSSL. In addition the
SmartCard-HSM supports key replication to build some kind of
load-balancing cluster where all HSMs share the same key.

Depending on the load of the server these small HSMs might be
suitable. Otherwise you should spent some money for a complete and full
HSM solution.

Regards,

Frank

Am 21.07.2015 um 09:53 schrieb Mike Mohr:
 Securing a system against this kind of attack can be done in several
 ways, depending on the level of assurance you desire.  You might start
 out with Tripwire:
 
 https://en.wikipedia.org/wiki/Open_Source_Tripwire
 http://www.tripwire.org/
 
 You could also implement mandatory access control and ACLs using either
 grsecurity or SELinux:
 
 http://grsecurity.net/
 http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf
 https://en.wikipedia.org/wiki/Security-Enhanced_Linux
 
 Personally I prefer grsecurity, but it is not supported in mainline by
 any major distribution that I am aware of.  You'll have to patch, build,
 and and support your own kernel image in order to use it.  SELinux is
 supported out of the box on CentOS 6 and 7, so it would probably be a
 good place to start.
 
 If your concern is solely in the realm of protecting your RSA keys, you
 might consider some HSM product from e.g. Yubico:
 
 https://www.yubico.com/
 https://en.wikipedia.org/wiki/Hardware_security_module
 
 These tiny USB keys store the RSA keys on a secure element which is
 physically tamper-resistant.  The key material never leaves the hardware
 token.  However, you'd probably have to write a custom provider for
 OpenSSL, and the throughput would probably only be sufficient for a very
 small amount of traffic.  If you need something that can handle a higher
 load, you might consider purchasing one of Cavium's cards:
 
 http://www.cavium.com/overview.html
 
 However, they are 10 gigabit passthrough devices and will unwrap /
 re-wrap the SSL session in hardware.  They are not cheap.
 
 Good luck!
 
 
 On Mon, Jul 20, 2015 at 11:46 PM, James james.arivazha...@gmail.com
 mailto:james.arivazha...@gmail.com wrote:
 
 Hi there, 
 I have a concern regarding the private keys we use in the https (say
 apache) server. 
 The https server links with openssl.so file, and uses the APIs
 provided by it. 
 If some one build their own openssl and add few lines to print the
 keys during encrypt and decrypt and put in the library in the
 LD_LIBRARY_PATH, may result in compromising the security of the keys.
 
 Does any of you faced this problem and if you could share the
 solution it would be helpful. 
 
 regards,
 James Arivazhagan Ponnusamy  
 
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
 
 
 
 
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
 

-- 

Thater  Schwier Consulting GbR
Frank Thater
M.Sc. in Applied IT Security,
Dipl.-Wirt.-Inf.
Schülerweg 38
32429 Minden, Germany
Phone +49 160 6316655
http://www.tscons.de

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Sending files in SSL communication

2015-07-22 Thread Anirudh Raghunath
But is there a way to send text files through SSL_write()? If so, can you 
please give a small example? Thanks. 


 On Wednesday, 22 July 2015 1:27 PM, Salz, Rich rs...@akamai.com wrote:
   

 What you want is application-specific, not part of the TLS protocol.  So you 
have to use SSL_read/SSL_write and pull the data out as needed.


  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Anirudh Raghunath
Hello,
I have used rsault -sign option to sign a text file which gives me a binary 
file. I would like to convert this to X509 so that I can use it in a ssl 
handshake. I understand the command:
openssl x509 -inform format -in certfile -out cert.pem 
is used. I want to know what the parameters would be for a binary input file.
Thanks in advance. ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Jakob Bohm

(top posting for consistency)

Look at the functions named X509_sign(), X509_CRL_sign() and 
X509_REQ_to_X509(), those should get you started.


On 22/07/2015 11:57, Anirudh Raghunath wrote:
Thanks for the quick response. I am currently working with smart cards 
and am using the engine provided by openSC to access the private key 
in the smart card. Long story short I have the EVP_PKEY object with 
me. Can I use this to sign a certificate or some file which can be 
used for SSL client verification.


On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea 
erwann.aba...@opentrust.com wrote:



Bonjour,

An X.509 certificate is:

Certificate  ::=  SEQUENCE  {
tbsCertificate   TBSCertificate,
signatureAlgorithm   AlgorithmIdentifier,
signatureValue   BIT STRING  }

What you produced with « openssl rsautl -sign » is the content of the 
« signatureValue » element (not its BIT STRING structure, only the 
inner content).
What is missing is all the rest, and it can’t be produced by the sole 
« openssl x509 … » command.


Please refine your question.


Le 22 juil. 2015 à 11:17, Anirudh Raghunath 
anirudhraghun...@rocketmail.com 
mailto:anirudhraghun...@rocketmail.com a écrit :


Hello,

I have used rsault -sign option to sign a text file which gives me a 
binary file. I would like to convert this to X509 so that I can use 
it in a ssl handshake. I understand the command:


openssl x509 -inform format -in certfile -out cert.pem

is used. I want to know what the parameters would be for a binary 
input file.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Converting Bin format to X509 format

2015-07-22 Thread Erwann Abalea
Long response short, yes, you can.
Prepare and fill in your X509 object, perform the signature with your EVP_PKEY 
private key, format the resulting signature into a BIT STRING, place this BIT 
STRING into your previous X509 object, complete it with the AlgorithmIdentifier 
you choose when signing (it should already have been set in the TBSCertificate 
structure, just copy it from there).
The resulting X.509 certificate can be used for anything and is not limited for 
a SSL client verification usage.

In the previous paragraph, I assume your smart card contains the CA private 
key, and you want to sign certificates (either subCA or subscriber, it doesn’t 
matter). That’s how I understood your question.

If you want to do all this using only openssl CLI, that’s doable with a 
specially crafted config file declaring your engine and its parameters.

Cordialement,
Erwann Abalea



 Le 22 juil. 2015 à 11:57, Anirudh Raghunath anirudhraghun...@rocketmail.com 
 a écrit :
 
 Thanks for the quick response. I am currently working with smart cards and am 
 using the engine provided by openSC to access the private key in the smart 
 card. Long story short I have the EVP_PKEY object with me. Can I use this to 
 sign a certificate or some file which can be used for SSL client 
 verification. 
 
 Merci
 
 
 
 On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea 
 erwann.aba...@opentrust.com wrote:
 
 
 Bonjour,
 
 An X.509 certificate is:
 
 Certificate  ::=  SEQUENCE  {
 tbsCertificate   TBSCertificate,
 signatureAlgorithm   AlgorithmIdentifier,
 signatureValue   BIT STRING  }
 
 What you produced with « openssl rsautl -sign » is the content of the « 
 signatureValue » element (not its BIT STRING structure, only the inner 
 content).
 What is missing is all the rest, and it can’t be produced by the sole « 
 openssl x509 … » command.
 
 Please refine your question.
 
 Cordialement,
 Erwann Abalea
 
 
 
 Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com 
 mailto:anirudhraghun...@rocketmail.com a écrit :
 
 Hello,
 
 I have used rsault -sign option to sign a text file which gives me a binary 
 file. I would like to convert this to X509 so that I can use it in a ssl 
 handshake. I understand the command:
 
 openssl x509 -inform format -in certfile -out cert.pem 
 
 is used. I want to know what the parameters would be for a binary input file.
 
 Thanks in advance. 
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 
 https://mta.openssl.org/mailman/listinfo/openssl-users
 
 
 

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Warnings Compiling openssl 1.0.2d

2015-07-22 Thread Jakob Bohm

On 22/07/2015 01:27, Jeffrey Walton wrote:

Like I said, its learning to play well with your tools :)

Well I think what your saying is that we should play well with other
people's tools! My tools (and presumably the rest of the dev team's as
well) don't report this warning.

Ah, OK. So its being reported in GCC 5.1 via -Wmaybe-unitialized (I
suspect). That may point to an issue in OpenSSL's engineering process.
There may be a gap because no one is running, say Fedora 22 or Debian
8 (I think Debian 8 provides GCC 5.1).

F.Y.I.  Debian 8 (Jessie) uses GCC 4.9.2

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Warnings Compiling openssl 1.0.2d

2015-07-22 Thread Jakob Bohm

On 22/07/2015 01:21, Jeffrey Walton wrote:

For the stragglers, I don't think its a stretch to ask C99 in 2015.

Visual Studio is often used on Windows, and it is not C99.


Oh my, I was not aware it was still struggling for C99 :) I guess
Microsoft is still putting their energies into the one-size, tablet
interface known as Windows 8, fits all, even on desktops without a
touchscreen.

On the good side, MSVC does not need to be 100% compliant. It just
needs to support initialization at time of declaration. That
particular feature works.

Isn't that a C89 (or maybe even KR) feature?

There is another problem though: Blindly initializing
every variable with dummy values (because the correct
value comes from one or more if() branches), only
achieves two things, both bad:

- It hides correct warnings in case one of those if()
 branches forgets to set the variable, before it is
 read.

- It potentially confuses less-than-halting-problem-
 solving optimizers to needlessly generate code that
 allocates and initializes the variable because they
 cannot detect (within their compile time resource
 limits) that the dummy value is (hopefully) never
 used.

The second problem is almost guaranteed to happen on
any compiler/option combination that would otherwise
falsely warn about the variable being maybe-
uninitialized.  This is because most compilers
generate that warning as a side effect of the
optimizer trying to figure out if the garbage or
dummy value will be used by the code.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Sending files in SSL communication

2015-07-22 Thread Salz, Rich
 But there is a way in which the server sends a test( for example a random 
 number) and the client signs it with his private key right?

It's called mutual (or client-side) authentication and is part of the TLS 
protocol.  The client must have an X.509-style certificate.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Warnings Compiling openssl 1.0.2d

2015-07-22 Thread Jakob Bohm

On 22/07/2015 13:14, Jeffrey Walton wrote:

On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote:

On 22/07/2015 01:21, Jeffrey Walton wrote:

For the stragglers, I don't think its a stretch to ask C99 in 2015.

Visual Studio is often used on Windows, and it is not C99.

Oh my, I was not aware it was still struggling for C99 :) I guess
Microsoft is still putting their energies into the one-size, tablet
interface known as Windows 8, fits all, even on desktops without a
touchscreen.

On the good side, MSVC does not need to be 100% compliant. It just
needs to support initialization at time of declaration. That
particular feature works.

Isn't that a C89 (or maybe even KR) feature?

I thought that was C99. I think Ben Laurie even corrected me with some
OpenSSL sample code because I initialized a variable without using
-std=c99.

There is a C99 feature backported from C++: Allow
declarations after/between statements, thus allowing
unconditional initialization formulas to be used even
if code is needed before them.

E.g.

int foo61(void)
{
   int a = 1;
   int b = 5;
   do {
  a *= b;
   } while (--b);
   int c = a / 2;  // C99/C++ only

   return c + 1;
}



There is another problem though: Blindly initializing
every variable with dummy values (because the correct
value comes from one or more if() branches), only
achieves two things, both bad:

- It hides correct warnings in case one of those if()
  branches forgets to set the variable, before it is
  read.

- It potentially confuses less-than-halting-problem-
  solving optimizers to needlessly generate code that
  allocates and initializes the variable because they
  cannot detect (within their compile time resource
  limits) that the dummy value is (hopefully) never
  used.

The second problem is almost guaranteed to happen on
any compiler/option combination that would otherwise
falsely warn about the variable being maybe-
uninitialized.  This is because most compilers
generate that warning as a side effect of the
optimizer trying to figure out if the garbage or
dummy value will be used by the code.


What, exactly is the problem? The program is in a known state. As far
as I know, that's the best state to be in.

In the first case, the program is in a wrong state,
and no tool will tell you about it.  Silently producing
a wrong result is quite unpleasant.

In the second case we have inefficient code.

And if the compiler *can* detect the situation correctly,
and the code *is* correct without the extra initialization,
the compiler is likely to emit a warning that variable is
assigned a value which is never used.

So if the goal is to avoid warnings, you can't win anyway.

If as in the case under discussion, the value is set and
used only under a (common) condition, one may consider a
structural change so the condition is checked only once,
then move the variable inside that conditional block.  On
pipelined processors, this may even result in faster code,
though it will be larger, this however depends on a closer
analysis of the particular code.




And that's why managed languages like Java and .Net are so popular.
When a variable is declared, it gets placed in a known state
immediately. It relieves the programmer of remembering pesky details
like, remember to initialize your variables to a known state.

But it also makes it harder to auto-detect bugs where a
variable is left in that default state when it should
have been in a different state.  In fact for languages
without implicit initialization, there are often debug
tools that can set the variables to a known impossible
value and report if those values are ever used.
Typical choices include 0xBAADF00D (where 32 bit
pointers are restricted to the range 0x1000 to
0x7fff) etc.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

2015-07-22 Thread Jakob Bohm

On 22/07/2015 14:12, jonetsu wrote:

Hello,


Our Nessus version  6.4.1 is detecting a BEAST vulnerability against OpenSSL 
1.0.1e.  The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 
0x0800L and several tests are made for this value in the code.  The CHANGES 
mentions though that this had some side effects, the option now being part of 
SSL_OP_ALL.  It would look like, from the scan, that the fragments are not 
enabled by default, could it be ?

Yep, for some silly reason,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was/is included in
the default value SSL_OP_ALL.  This is in the same
header as SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

The proper solution, as just about everybody knows
by now would have been to insert 1-byte fragments
(known as the 1/n-1 solution) which some other
SSL/TLS implementations do.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Regarding the security of the keys

2015-07-22 Thread Mike Mohr
On Tue, Jul 21, 2015 at 9:46 PM, Salz, Rich rs...@akamai.com wrote:


  Actually that isn't quite right.  A properly configured and
 tuned RBAC policy, when combined with PaX, can very effectively limit all
 userspace activity (including root access!).

 How do you know that the module is installed and actually doing things?
 How do you know what kernel is actually booted?


Of course you're right.  One might also consider attack vectors from an
unsecured BMC or the IME - they probably have undetectable DMA access to
the host, after all.  But that isn't the point ... steps can and should be
taken to lock down the host operating system.



  It helps if you can also use a hardware security module to protect your
 key material.

 How do you know that the operations that YOU request are actually the ones
 being performed?  How do you know that the operating system isn't making
 additional requests of its own?

 You have to trust root.  No two ways about it.


The first question has no bearing on the second statement.  With or without
grsecurity/selinux, you have no way to guarantee that the kernel is
operating the way you expect it to at any given time.  I suppose it boils
down to the threat model.  However, limiting root's power is a good idea,
and grsecurity provides an excellent framework in which to do so.  Caveat
emptor.



 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[openssl-users] Extended key usage keyAgreement bit in certificate

2015-07-22 Thread John Foley
The following commit changed the behavior of checking the extended key
usage bits in a server certificate when using X509_PURPOSE_SSL_SERVER:

http://marc.info/?l=openssl-cvsm=132759007026375w=2

This commit was put into 1.0.2 on April 6, 2012.  Therefore, 1.0.1 and
1.0.2 behave differently in this regard.  When using 1.0.2, the server
certificate needs to include the keyAgreement bit.  Otherwise the client
will reject the server certificate when checking the purpose
(X509_PURPOSE_SSL_SERVER).

Does this behavior in 1.0.2 comply with RFC 5246?  Reading section 7.4.2
on pages 47/48, the server certificate should include the keyAgreement
bit when using DH key exchange cipher suites.  The wording on page 48 is: 

  DH_DSS Diffie-Hellman public key; the keyAgreement bit
  DH_RSA MUST be set if the key usage extension is
 present.

Given there's no other mention of using the keyAgreement bit in RFC
5246, does this imply the keyAgreement bit doesn't need to be set when
not using a DH cipher suite?  Given the commit noted above will always
check the keyAgreement bit, and the logic in v3_purp.c is unaware of the
negotiated cipher suite,  would this be considered a bug?  If not, would
it be appropriate to back-port this commit to 1.0.1 so that we would
have consistent behavior between 1.0.1 and 1.0.2?



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

2015-07-22 Thread jonetsu
Hello,


Our Nessus version  6.4.1 is detecting a BEAST vulnerability against OpenSSL 
1.0.1e.  The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 
0x0800L and several tests are made for this value in the code.  The CHANGES 
mentions though that this had some side effects, the option now being part of 
SSL_OP_ALL.  It would look like, from the scan, that the fragments are not 
enabled by default, could it be ?


Thanks.



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users