Re: [openssl-users] RSA sign using SHA256 with mgf1 padding
Hi, I have written a sample few years ago that performs PSS signature using SHA256 like what you need. You can get it from https://www.idrix.fr/Root/Samples/openssl_pss_signature.c It uses the maximum salt length. You should check that the server expects this as well. Cheers, -- Mounir IDRASSI Le 29/08/2016 à 10:59, Moshe Wiener (mowiener) a écrit : > > Hello, > > I’m running an application which runs an authentication session with a > server. The server provides some random data, and my application needs > to sign it with its private key, and send back the signature. The > server which knows the public key verifies the signature, and it good > then the client which runs my application is authenticated. > > This session used to run OK, until the server was changed so instead > of using PKCS#1_v1.5 now it uses PKCS#1_v2.1 > > Now, the server uses signature algorithm of SHA256 WITH RSA AN DMGF1. > > In my application I use OpenSSL. > > I think that I need to use ‘RSA_padding_add_PKCS1_OAEP_mgf1’ but > couldn’t figure out what to put in each of its arguments. > > Is there somewhere a sample code which implements RSA signature with > mgf1 padding and a SHA256 hash? > > Many thanks, > > Moshe > > > > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Schanner secu
Hi, The latest Windows update that corrected the "WinShock" SChannel vulnerability brought many changes to the way TLS is performed and among the changes is the fact that the Supported Point Formats Extension is not sent anymore in the ServerHello during the TLS handshake. In version of OpenSSL prior to 1.0.0c, the Supported Point Formats Extension was expected to be present all the time which ofcourse is not correct. I have sent a patch for that in 2010 (https://rt.openssl.org/Ticket/Display.html?id=2240&user=guest&pass=guest#txn-26841) and the correction was subsequently included in 1.0.0c. This explains why you are starting to receive TLS handshake errors with curl client linked with OpenSSL 1.0.0a and 1.0.0b after the SChannel update from Microsoft. If you are not able to upgrade your clients, then the only solution is to ask Microsoft how to force the inclusion of the Supported Point Formats Extension in the TLS handshake as it was the case before. Their SChannel update brought new issues anyway and most certainly Microsoft will publish another update to SChannel in order to solve them, so there is a possibility for them to restore the old TLS handshake behavior unless it causes security issues for them (but I can't imagine how). Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2014 10:02 PM, Gilles Vollant wrote: Microsoft just published a patch on their SChannel component (KB 2992611 ) https://technet.microsoft.com/library/security/MS14-066 But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / 1.0.0b ! If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download anything from IIS 7.5/8.0 webserver using https after patching ! OpenSSL 1.0.0c has no problem. But somes clients cannot be updated magically! Curl says: curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list I made a report here: http://www.winimage.com/demo_report_openssl_windows/ I hope Microsoft can (and will) update their fix to allow curl + openssl1.0.0(a or b) connect ! regards Gilles Vollant __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Leak in BN_rand_range?
Hi, The leak comes from the fact that you are passing a NULL "value" parameter to BN_rand_range. This is unexpected as this is where the result is supposed to be written. Internally, because of this NULL pointer, OpenSSL allocate temporary BIGNUM that gets lost (allocated in the call to BN_bin2bn inside the function bnrand at line 199 of bn_rand.c). To avoid this leak, just allocate your "value" variable at the begining and don't free it inside the loop because its value will be updated by BN_rand_range. So just add value = BN_new(); at the begining and remove the if block inside the loop. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/24/2014 6:27 PM, Jeffrey Walton wrote: > I've got a program that repeatedly calls BN_rand_range. Valgrind is > reporting 2.4 MB of leaks. > > If I comment out the loop that generates the range value, then the > leak summary drops to 0. > > Is there anything else I should be doing below? > > ** > > Error checking was removed from the sample, but nothing fails. > > #include > #include > #include > > #include > > #define ITERATIONS 1000UL > > int main(int argc, char* argv[]) > { > UNUSED(argc), UNUSED(argv); > > int rc = 0, err; > BIGNUM *range = NULL, *value = NULL; > > range = BN_new(); > rc = BN_set_word(range, 3); > > for(size_t i = 0; i < ITERATIONS; i++) > { > if(value) { > BN_free(value), value = NULL; > } > > rc = BN_rand_range(value, range); > } > > if(range) { > BN_free(range), range = NULL; > } > > if(value) { > BN_free(value), value = NULL; > } > > return 0; > } > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_check_key failure 0x407b093 (value missing)
On 6/8/2014 1:46 AM, Jeffrey Walton wrote: OK, does the library provide the CRT solver (I don't believe so, but I thought I would ask). Few years ago, I needed such solver to convert from RSA SFM format (n,e,d) to CRT representation. Obviously OpenSSL doesn't contain one so I implemented it using OpenSSL routines and I released an Open Source tool called RsaConverter that provide such functionality (http://rsaconverter.sourceforge.net/). You can have a look at the file librsaconverter.c from its source (http://sourceforge.net/p/rsaconverter/code/HEAD/tree/Trunk/src/librsaconverter.c). In your case, you can use the function SfmToCrt in order to compute the CRT parameters, thus making RSA_check_key happy. Before calling SfmToCrt, I advice to call CheckRsaSfmKey to verify that the triplet (n,e,d) are valid for RSA otherwise SfmToCrt can't find the CRT parameters (the algorithm is based on random search for a generator that exists only for valid RSA parameters). In order to avoid infinite loops, I implemented a configurable timeout. Concerning its performance, the algorithm is fast : for RSA 2048, it takes 250 ms on average on a Core i7-2600K and on the older Pentium III M it takes 1 second on average. I don't if there are many people who need use RSA SFM parameters but having such conversion functionality inside OpenSSL can be interesting. In such case, I can send a patch for it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL ECCN #
Hi, There was a similar question years ago. Here is a link to its answer : http://marc.info/?l=openssl-users&m=123357572413547 I don't know if it is still relevant. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2012 8:38 PM, Alona Rossen wrote: Hello, We need OpenSSL ECCN # for our records. Please advise if this information can be obtained. Thank you, Alona Rossen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA OAEP with sha256
Hi Martin, In OpenSSL implementation of OAEP, MGF1 is hardcoded with SHA-1 (look at the end of the file rsa_oaep.c). Moreover, the function RSA_padding_add_PKCS1_OAEP is using explicitly SHA-1 as the unique possible hash. That's why your results are incorrect. Personally, I overcame these limitations by implementing my own version of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF implementation. I guess you should do the same. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/16/2012 11:27 PM, Martin Kaiser wrote: Dear all, I'd like to encrypt some bytes using RSA OAEP with MGF1. Both OAEP and MGF1 should use sha256 instead of the default sha1. Does openssl support this at all? I tried something along the lines of size_t outlen; int ret; EVP_PKEY_CTX *ctx; unsigned char in[] = { some bytes ... }; EVP_PKEY *key = NULL; RSA *r = NULL; unsigned char n[] = { ... }; /* 128 bytes */ unsigned char e[] = { 0x01, 0x00, 0x01 }; key = EVP_PKEY_new(); r = RSA_new(); assert(r); EVP_PKEY_assign_RSA(key, r); key->pkey.rsa->n = BN_bin2bn(n, sizeof(n), NULL); key->pkey.rsa->e = BN_bin2bn(e, sizeof(e), NULL); ctx = EVP_PKEY_CTX_new(key, NULL); assert(ctx); ret = EVP_PKEY_encrypt_init(ctx); assert(ret>=0); ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING); assert(ret>=0); ret = EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_MD, 0, (void *)EVP_sha256); assert(ret>=0); ret = EVP_PKEY_encrypt(ctx, out, &outlen, in, sizeof(in)); assert(ret>=0); assert(outlen==128); This doesn't fail on any asserts. I tried ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); instead of EVP_PKEY_CTX_ctrl(). This would not work because of a EVP_PKEY_OP_TYPE_... mismatch. Unfortunately, the output does not seem to be correct, I can't produce valid messages that are recognized by a receiving side that's known to work with oeap sha256. Does anyone see what I'm doing wrong here? Or does anyone have test vectors so that I can verify my code? I know there's test vectors from rsasecurity but they're only for oaep sha1. Thanks in advance for your help, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1a tarball ckecksums
Hi, Your browser is unzipping the archive on the fly. The file you are getting is the TAR and not the gzipped TAR. Try clicking "save as" on the link to see if you get the real gzipped file. By the way, all the ckecksums on the page are correct. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/22/2012 1:21 PM, Francois Claire wrote: Hi, On the openssl download page the size of openssl-1.0.1a.tar.gz is 4456456 bytes but when I download it (wget http://www.openssl.org/source/openssl-1.0.1a.tar.gz) I'm receiving a tarball which is 21770240 bytes long. Of course the SHA1 checksum is different than the one announced on the web site: $ openssl sha1 openssl-1.0.1a.tar.gz SHA1(openssl-1.0.1a.tar.gz)= e3ba2479b7cc594aff9eba2d9804063cc5f9f43d Could it be the checksums on the source download page (http://www.openssl.org/source/) are wrong ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS/SSL Re-Negotiation Vulnerability [CVE-2011-1473]
Hi, The following blog post explains different mitigation techniques for this vulnerability and among them is Rate Limiting : http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/21/2011 7:40 PM, Hasan, Rezaul (NSN - US/Arlington Heights) wrote: Hello All, We have openssl 0.9.8r on our Linux Server. Application thats used is httpd. A Nessus security scan on our Linux server tells us that we may be vulnerable to a potential DOS due to SSL/TLS Renegotiation Vulnerability [CVE-2011-1473]. The suggestions of mitigating these (we believe) are: 1. Disable Re-Negotiation completely. {We CANNOT use this choice, because our system does need to allow Re-Negotiation in some cases. So NOT an option for us} 2. "Rate-Limit" Re-Negotiations. Can someone please provide detailed information/guidance about exactly how to go about "Rate-Limiting" Re-Negotiation requests on the Linux Server? Pointing to a detailed article would also be helpful. Thanks a bunch in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS 1.0 "cracked"...
Hi, This have been already discussed in the openssl-dev mailing list. Go to the mailing list archive and take a look at the subject "openssl 1.0.1 and rumors about TLS 1.0 attacks". To be brief, this attack has been known for 7 years now and OpenSSL implemented an effective countermeasure against it since version 0.9.6d (insertion of empty fragments). So, an OpenSSL based web server is immune from this attack, unless it uses the flag SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS. Links cited in the dev mailing list : - http://www.openssl.org/~bodo/tls-cbc.txt , section 2. - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf : a 2006 paper discribing the attack and the OpenSSL countermeasure. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/21/2011 4:48 PM, Thomas J. Hruska wrote: The Register published an article yesterday that some people here might be interested in on TLS 1.0 being "cracked": http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ The Register points their Finger of Blame right at OpenSSL. Of course, a lot of places then blew this out of proportion with headlines along the lines of, "ZOMG! HTTPS/SSL Intertubes Hacked! i can haz your internets?!?!" Right now, no one really knows anything about the "research" that is supposedly going to be published on Friday. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Compile OpenSSL for debug and release in Windows with Visual C++
Yes, this the target configuration for debug under Windows VC++. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2011 7:38 AM, ml.vladimbe...@gmail.com wrote: Is “debug-VC-WIN32” option of configuration an answer to my question? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_decrypt across processes
Well, this is not quiet adapted to the situation. OpenSSL is a library and it doesn't spawn any process. Moreover, the issue is with the internal builtin RNG of OpenSSL and a simple user of OpenSSL can not change its implementation. Apart from a change to OpenSSL internal, the only option is to implement an engine that exports its own RNG implementation through a custom RAND_METHOD structure. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote: Start second process as a daemon so it only does the entropy gathering at process start-up? *On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net sent: * Indeed, their have been already a modification to OpenSSL in order to limit the observed delay but that doesn't completely solve the problem. This issue is linked to an internal design of OpenSSL which uses heap walking as a mean to gather entropy and unfortunately Windows 7 have made this mechanism more expensive than previous Windows versions. So, this issue won't be solved unless there is a major change to OpenSSL entropy gathering architecture, which doesn't appear to be coming any time soon. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 6:14 PM, Ashwin Chandra wrote: > Okay I read the complete bug report and it looks like there is a fix in > the latest openssl. However I checked it out and it limits the maximum > time RAND_poll will take to a second. 1000ms. Is there any other way to > speed this up? > > -Original Message- > From: owner-openssl-us...@openssl.org <mailto:owner-openssl-us...@openssl.org> > [owner-openssl-us...@openssl.org <mailto:owner-openssl-us...@openssl.org>] On Behalf Of Mounir IDRASSI > Sent: Wednesday, May 04, 2011 4:47 AM > To: openssl-users@openssl.org <mailto:openssl-users@openssl.org> > Subject: Re: RSA_private_decrypt across processes > > Hi, > > This could be related to the slowness of RAND_poll under Windows 7. See > : > http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Frt.openssl.org%2FTicket%2FDisplay.html%3Fid%3D2100%26user%3Dguest%26pass%3Dguest> > Your second process is certainly trying to initialize its RNG and that's > why you see this delay. > Do you confirm that you are executing these processes under Windows 7? > > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.idrix.fr> > > On 5/4/2011 7:02 AM, Ashwin Chandra wrote: >> I generate an RSA key using RSA_generate_key in one process. I then >> take the RSA structure that is generated and serialize it and send it >> to another process via an RPC mechanism. In the other process I then >> de-serialize the RSA data and use that as input to an >> RSA_private_decrypt function to decrypt some data that was previously >> encrypted with the RSA public key. >> >> This works fine and I am able to decrypt the data successful, HOWEVER, >> it takes a long time to do so, like up to 2 seconds. It is almost as >> if it is doing another key generation in the background. Note that if >> I do this RSA_private_decrypt in the same process as the one that >> generated the key, it takes around 20-30 ms. >> >> This leads me to think that maybe there is some static data that the >> openssl library uses in RSA_private_decrypt that was cached when I >> generated the key and now is not available since it is a new process. >> >> Can anyone enlighten me on this? >> > __ > OpenSSL Project http://www.openssl.org <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > User Support Mailing List openssl-users@openssl.org <mailto:openssl-users@openssl.org> > Automated List Manager majord...@openssl.org <mailto:majord...@openssl.org> > > > __ > OpenSSL Project http://www.openssl.org <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > User Support Mailing List openssl-users@openssl.org <mailto:openssl-users@openssl.org> > Automated List Manager majord...@openssl.org <mailt
Re: RSA_private_decrypt across processes
Indeed, their have been already a modification to OpenSSL in order to limit the observed delay but that doesn't completely solve the problem. This issue is linked to an internal design of OpenSSL which uses heap walking as a mean to gather entropy and unfortunately Windows 7 have made this mechanism more expensive than previous Windows versions. So, this issue won't be solved unless there is a major change to OpenSSL entropy gathering architecture, which doesn't appear to be coming any time soon. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 6:14 PM, Ashwin Chandra wrote: Okay I read the complete bug report and it looks like there is a fix in the latest openssl. However I checked it out and it limits the maximum time RAND_poll will take to a second. 1000ms. Is there any other way to speed this up? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Wednesday, May 04, 2011 4:47 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt across processes Hi, This could be related to the slowness of RAND_poll under Windows 7. See : http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest Your second process is certainly trying to initialize its RNG and that's why you see this delay. Do you confirm that you are executing these processes under Windows 7? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 7:02 AM, Ashwin Chandra wrote: I generate an RSA key using RSA_generate_key in one process. I then take the RSA structure that is generated and serialize it and send it to another process via an RPC mechanism. In the other process I then de-serialize the RSA data and use that as input to an RSA_private_decrypt function to decrypt some data that was previously encrypted with the RSA public key. This works fine and I am able to decrypt the data successful, HOWEVER, it takes a long time to do so, like up to 2 seconds. It is almost as if it is doing another key generation in the background. Note that if I do this RSA_private_decrypt in the same process as the one that generated the key, it takes around 20-30 ms. This leads me to think that maybe there is some static data that the openssl library uses in RSA_private_decrypt that was cached when I generated the key and now is not available since it is a new process. Can anyone enlighten me on this? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_decrypt across processes
Hi, This could be related to the slowness of RAND_poll under Windows 7. See : http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest Your second process is certainly trying to initialize its RNG and that's why you see this delay. Do you confirm that you are executing these processes under Windows 7? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 7:02 AM, Ashwin Chandra wrote: I generate an RSA key using RSA_generate_key in one process. I then take the RSA structure that is generated and serialize it and send it to another process via an RPC mechanism. In the other process I then de-serialize the RSA data and use that as input to an RSA_private_decrypt function to decrypt some data that was previously encrypted with the RSA public key. This works fine and I am able to decrypt the data successful, HOWEVER, it takes a long time to do so, like up to 2 seconds. It is almost as if it is doing another key generation in the background. Note that if I do this RSA_private_decrypt in the same process as the one that generated the key, it takes around 20-30 ms. This leads me to think that maybe there is some static data that the openssl library uses in RSA_private_decrypt that was cached when I generated the key and now is not available since it is a new process. Can anyone enlighten me on this? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: issue with p12 creation and network solutions EV SSL
Hi James, I got the the correct certificate chain from my Windows 7 box. Microsoft tends to update its trusted CA certificates store more quickly and regularly than Mozilla or Linux distros: the latest update was last month on March 23rd 2011. It is sad that even Network Solutions guys are not aware of this update...This issue should not have existed at the first place! Good luck, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/26/2011 7:07 PM, James Chase wrote: You've got the wrong chain file. I understand that NetSol switched to a new EV Issuing CA a few months ago. Are you definitely using the chain file that they supplied with your latest site cert? I am using the chain file that they suggest downloading which already has the intermediate files concatenated into a file -- but apparently it is wrong. I checked the .crt file that they include with my site certificate and they are the same certs that are in the chain file they have precompiled. I can't believe how much time I have spent on this issue and could the root of the issue be that they are not packaging the right files with my new certificate? wtf Mounir, where did you get those certificates?? The only cert that you used that came with my certificate is the last one, AddTrustExternalCARoot -- the other two are NOT included and are not in NetSol's precompiled chain file. Your chain file works when I test with apache, and I have just created a p12 from those chain files and that works too! Halellujah. But seriously, how did you synthesize that chain file? And how would I be expected to create that on my own?? I spent an hour and a half on the phone with NetSol telling them their was something wrong with their files and they just kept saying it was my fault and they will bill me $120/hour to fix it. > On Tue, Apr 26, 2011 at 8:19 AM, James Chase mailto:chase1...@gmail.com>> wrote: > > Well my results are quite different, and I guess point to my p12 not > > being correctly created. Strangely, the p12 I am running this test on > > works in production and doesn't produce a warning (I re-created last > > years certificate as a new p12 using the same process I am trying with > > this years). > > > > I also tried running this on my test apache site, where I am just using > > the plain old certificate, key and network solutions supplied chain file > > -- and the openssl s_client command returns better output but I still > > get a warning! > > > > [me@myserver ~]$ openssl s_client -connect www.example.com:443 <http://www.example.com:443> > > CONNECTED(0003) > > depth=0 /serialNumber=03-11- > > > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1 > > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15 <http://2.5.4.15>=V1.0, Clause > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > > Company International Ltd > > verify error:num=20:unable to get local issuer certificate > > verify return:1 > > depth=0 /serialNumber=03-11- > > > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1 > > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15 <http://2.5.4.15>=V1.0, Clause > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > > Company International Ltd > > verify error:num=27:certificate not trusted > > verify return:1 > > depth=0 /serialNumber=03-11- > > > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1 > > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15 <http://2.5.4.15>=V1.0, Clause > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > > Company International Ltd > > verify error:num=21:unable to verify the first certificate > > verify return:1 > > --- > > Certificate chain > > > > 0 s:/serialNumber=03-11- > > > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1 > > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15 <http://2.5.4.15>=V1.0, Clause > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > > Company International Ltd/OU=Book > > > > Sales/OU=Secure Link EV SSL/CN=www.example.com <http://www.example.com> > > > >i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions EV SSL CA > > > > ---
Re: issue with p12 creation and network solutions EV SSL
MDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -END CERTIFICATE- <======> I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/26/2011 2:29 PM, James Chase wrote: Someone suggested it would be helpful to post the chain file and the site's public certificate to the list. If it is helpful, here is the site cert (and below that their supplied chain file) -BEGIN CERTIFICATE- MIIF+TCCBOGgAwIBAgIRAOQNdqGKinmztM0sRh0SkkowDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRVYgU2VydmVyIENBMB4XDTEx MDQxMzAwMDAwMFoXDTEyMDQyOTIzNTk1OVowggE0MRIwEAYDVQQFEwlWLTU4NTA4 LTAxEzARBgsrBgEEAYI3PAIBAxMCVVMxEzARBgsrBgEEAYI3PAIBAhMCVlQxHTAb BgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJVUzEOMAwGA1UE ERMFMDU3NjcxCzAJBgNVBAgTAlZUMRIwEAYDVQQHEwlSb2NoZXN0ZXIxFDASBgNV BAkTC09uZSBQYXJrIFN0MSswKQYDVQQKEyJJbm5lciBUcmFkaXRpb25zIEludGVy bmF0aW9uYWwgTHRkMRMwEQYDVQQLEwpCb29rIFNhbGVzMRswGQYDVQQLExJTZWN1 cmUgTGluayBFViBTU0wxIjAgBgNVBAMTGXN0b3JlLmlubmVydHJhZGl0aW9ucy5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF66W6jHcsm5vPLFWt 8Vk+CSUINYZCibR8xMMYcgj1OCXArNJTWYJIPVFTcdMY97U0OmOGB/w44zzywKOz Yd3756/S5QYfokwkZ6A+dibbdOwzQX/qP2yGMD/zRPP8bALbAeiIEu5gnZkyqZVy UITMY7OnyV/VK0bP15o4/WMcFVMq7J2pZoY/7e3//Bhzd2yj4UtL/MQ+WVBq2Mh9 1XC5o+db2J4IP7HWEd14h5buRBlS+gdR+aPnQRfUgD8msOcrIHMuPo+cK0swGjLl lvEsvaMHsIdwTG0mnesLxMlYo1gbC0v/zJNbKmTOkcWU26V4rM9/3to+82wd2u2V XkAXAgMBAAGjggHdMIIB2TAfBgNVHSMEGDAWgBSKNeQ1OrwRoZ779U80ZtVLrExi aDAdBgNVHQ4EFgQUgUqFpUzoDl9o44trs/oaV2Lv0+swDgYDVR0PAQH/BAQDAgWg MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMG4G A1UdIARnMGUwYwYMKwYBBAGGDgECAQgBMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly93 d3cubmV0d29ya3NvbHV0aW9ucy5jb20vbGVnYWwvU1NMLWxlZ2FsLXJlcG9zaXRv cnktZXYtY3BzLmpzcDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLm5ldHNv bHNzbC5jb20vTmV0d29ya1NvbHV0aW9uc0VWU2VydmVyQ0EuY3JsMHoGCCsGAQUF BwEBBG4wbDBDBggrBgEFBQcwAoY3aHR0cDovL3d3dy5uZXRzb2xzc2wuY29tL05l dHdvcmtTb2x1dGlvbnNFVlNlcnZlckNBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov L29jc3AubmV0c29sc3NsLmNvbTAkBgNVHREEHTAbghlzdG9yZS5pbm5lcnRyYWRp dGlvbnMuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBusLaUTTTcvQl0up5zKYsfNPoS YXRsSC0tOEBdKBPvCDHmJlpNkjE/IPYTsRT/oxnWL3QORWKfClz9ygIy9L6AJb8w BDaopoHEt7oNIPjjyp3ArOyjkGOZTllPJMyv/SznKQVQLmsO8uMEyV5AXIHyW8nm OC0jMS28dELdFXrBOIPNUGw/e2lsRQbfoaMQY/vuSbLv1nlL28K3vXj3Jn/rSXaa Zc25pUZPQTGObF5is9CGBPnBW1zrtkj1jV+J05eRb5Qqc3zUMvlgUg58CNZjWraS pjyc7DtAqYyE//iPI+JBOSGBlc3Q6Qedxs3O/O9TrDpAyVQAffL5f1EgeQey -END CERTIFICATE- And the chain file -BEGIN CERTIFICATE- MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0 LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0 qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy dAkjOjUlc
Re: What Random number generator is used in the OpenSSL library?
Hi, Take a look at : http://www.openssl.org/docs/crypto/rand.html (at section "INTERNALS"). For entropy gathering, RAND_poll is implemented for each platform (also RAND_event is available under Windows for that purpose). For example, you will find in file crypto/rand/rand_win.c all Windows specific PRNG helper functions. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/26/2011 10:05 AM, Vladimir Belov wrote: Hello, What Random number generator is used in the OpenSSL library? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: HELP!!!! mod_tsa:could not load X.509 certificate
Hi, Getting the same error (on ts_rsp_sign.c:206) with the file I send means that you are not using the right files : I have explicitely tested the OpenSSL function referenced in ts_rsp_sign.c and it is working with no error. You have to check your configuration in order to point to the right key file. In my tests, I only used OpenSSL code, no mod_tsa or Apache, because I was targeting the OpenSSL error you described. I used the latest version 1.0.0d but I thinks this has nothing to do with your problem since it is certainly caused by a configuration issue. Concerning cnf file, I just modified the usr_cert section in the default one in order to add "extendedKeyUsage = critical,timeStamping" and set keyUsage to "nonRepudiation, digitalSignature". Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23/2011 3:32 PM, Yessica De Ascencao wrote: Hello! Thanks for your help and monitoring. Yes, I get the same error, I also throws the same when tested with the files you sent me. I think there must be something I missed or did wrong in the installation. Which version did you use for this package: openssl mod_tsa Apache mod_ssl mysql ts-patch_ Another thing, to generate the certificate for the extension tsa with Time Stamping, which. cnf did you use? The openssl.cnf or one created for you? Very grateful! Thanks 2011/2/22 Mounir IDRASSI <mailto:mounir.idra...@idrix.net>> Hi, Are you sure you have the same error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here with a certificate containing "Digital Signature, Non Repudiation" key usage and OpenSSL doesn't complain. I'm attaching the timestamp certificate (with its key and its CA certificate) that I used. Can you see if it is working for you? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 3:11 PM, Yessica De Ascencao wrote: Hi Mounir IDRASSI! I generated the certificate with ONLY Digital Signature, Non Repudiation but I still have the same problem. Thanks! Certificate: Data: Version: 3 (0x2) Serial Number: d8:e6:a3:f6:22:c7:a4:0c Signature Algorithm: sha1WithRSAEncryption Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve <mailto:a...@suscerte.gob.ve> <mailto:a...@suscerte.gob.ve <mailto:a...@suscerte.gob.ve>> Validity Not Before: Feb 22 14:08:20 2011 GMT Not After : Feb 22 14:08:20 2012 GMT Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, CN=tsscompany/emailAddress=t...@company.com <mailto:t...@company.com> <mailto:t...@company.com <mailto:t...@company.com>> Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e: 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71: 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc: f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb: 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b: 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c: 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c: 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19: 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8: 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7: 7a:4b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17 X509v3 Authority Key Identifier:
Re: RSA_private_decrypt without e and d
Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don’t have the e and d components but that is the case). I’m trying to do something like: If (!(new_key = RSA_new())) return -1; new_key->n = BN_bin2bn(n_data, n_data_len, NULL); new_key->p = BN_bin2bn(p_data, p_data_len, NULL); new_key->q = BN_bin2bn(q_data, q_data_len, NULL); new_key->dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key->dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key->iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_decrypt without e and d
Hi Victor, Your analysis is not true because the original poster says he has dmp1, dmq1 and iqmp, not only p and q. With these 5 parameters, it is possible to recover the plain text from the ciphered text thanks to the Chinese Reminder Transformation (CRT). Moreover, it is possible to recover the pubic exponent e and the private exponent d from these 5 parameters using a mathematical transformation. I have implemented such a transformation in an open source tool that I put on SourceForge : you can get it along with the mathematics behind it from the following link : http://rsaconverter.sourceforge.net/ . Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 5:48 AM, Victor Duchovni wrote: On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would *like* to be able to do (or something close). What you are asking to do is not possible, not because of API limitations, but as a matter of principle (mathematical property of RSA). I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). The RSA algorithm computes a ciphertext M' from a plaintext M via M' = (M)^e mod n (i.e. mod pq). decryption is possible when p, q (and implicitly e) are known because M = (M')^d mod n provided: - M< n (e.g. the message is shorter than the key bit length), thus computing the result mod n loses no information. - d*e = 1 mod phi(n) = (p-1)(q-1) http://en.wikipedia.org/wiki/Euler%27s_totient_function when e, p and q are known, d can be computed via Euclid's algorithm for finding the multiplicative inverse of a mod b, when a is co-prime to b. When e is unknown, any M'' obtained from M via some exponent e' is as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have: M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e) therefore if the public exponent were (d'*e) instead of e, the same message M' decrypts to M' instead of M. There is no well-defined inverse to RSA without "e", since e is fundamental parameter of the operation you want to invert. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ecdsa_method missing?
Yes, you should open a ticket on the issue tracker. However, I'm not sure if Dr. Stephen Henson will agree to add this change to the current stable versions (0.9.8x and 1.0.0x) as he usually delays header changes till the 1.1.0 release. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23/2011 4:44 PM, Kent Yoder wrote: Thanks Mounir, I'd like to use ECDSA_METHOD to implement a dynamic engine for ecdsa. I want to avoid copying the header files from the upstream source so that my engine package can compile stand-alone. This should be in line with the way dynamic engines have worked for other algorithms since 0.9.8, if I understand correctly. Should I open an item in the issue tracker for this? Thanks, Kent On Tue, Feb 22, 2011 at 8:04 PM, Mounir IDRASSI wrote: Hi, In the case of RSA_METHOD, it is working because the underlying type rsa_meth_st is defined in rsa.h, whereas for ECDSA_METHOD, the underlying type ecdsa_method is not exported by the public headers: it is defined in the internal OpenSSL header ecs_locl.h found in the source distribution. That explains why you are getting the compile error. I don't know why it was done like this, but if you really need this structure then you'll have to copy its definition from the header I mentioned above. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 6:14 PM, Kent Yoder wrote: Hi, The following RSA code compiles: #include main() { RSA_METHOD rsa = { "test" }; } but this ECDSA code doesn't: #include main() { ECDSA_METHOD ecdsa = { "test" }; } Am I missing a declaration, or is this perhaps a bug? Thanks, Kent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ecdsa_method missing?
Hi, In the case of RSA_METHOD, it is working because the underlying type rsa_meth_st is defined in rsa.h, whereas for ECDSA_METHOD, the underlying type ecdsa_method is not exported by the public headers: it is defined in the internal OpenSSL header ecs_locl.h found in the source distribution. That explains why you are getting the compile error. I don't know why it was done like this, but if you really need this structure then you'll have to copy its definition from the header I mentioned above. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 6:14 PM, Kent Yoder wrote: Hi, The following RSA code compiles: #include main() { RSA_METHOD rsa = { "test" }; } but this ECDSA code doesn't: #include main() { ECDSA_METHOD ecdsa = { "test" }; } Am I missing a declaration, or is this perhaps a bug? Thanks, Kent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: HELP!!!! mod_tsa:could not load X.509 certificate
Hi, Are you sure you have the same error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here with a certificate containing "Digital Signature, Non Repudiation" key usage and OpenSSL doesn't complain. I'm attaching the timestamp certificate (with its key and its CA certificate) that I used. Can you see if it is working for you? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 3:11 PM, Yessica De Ascencao wrote: Hi Mounir IDRASSI! I generated the certificate with ONLY Digital Signature, Non Repudiation but I still have the same problem. Thanks! Certificate: Data: Version: 3 (0x2) Serial Number: d8:e6:a3:f6:22:c7:a4:0c Signature Algorithm: sha1WithRSAEncryption Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve <mailto:a...@suscerte.gob.ve> Validity Not Before: Feb 22 14:08:20 2011 GMT Not After : Feb 22 14:08:20 2012 GMT Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, CN=tsscompany/emailAddress=t...@company.com <mailto:t...@company.com> Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e: 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71: 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc: f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb: 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b: 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c: 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c: 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19: 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8: 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7: 7a:4b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17 X509v3 Authority Key Identifier: keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76 X509v3 Subject Alternative Name: email:t...@company.com <mailto:email%3a...@company.com> X509v3 Extended Key Usage: critical Time Stamping Signature Algorithm: sha1WithRSAEncryption 3d:d4:76:9a:d7:2d:6a:93:62:d7:2c:29:87:cc:9c:72:97:19: 1a:2d:59:b8:fc:6c:86:22:ad:9c:ba:74:de:89:cb:55:c0:f8: 50:02:5d:7d:58:92:cb:0d:c9:9a:30:a9:2a:32:7e:2c:c6:a1: 19:eb:09:30:55:85:c8:30:d4:f1:51:9a:ca:77:58:8e:f8:a6: b8:d9:92:63:10:fa:ad:06:79:aa:d9:5a:09:9c:5b:91:8b:7a: 04:66:f5:24:0b:25:25:69:a5:66:30:c1:4a:b8:cf:c7:51:e1: 5a:a0:a6:51:cf:b0:26:05:8d:c4:66:cd:3b:c6:08:a5:de:57: 81:af 2011/2/22 Mounir IDRASSI <mailto:mounir.idra...@idrix.net>> Hi, I don't agree : from the error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206) it is clear that OpenSSL loaded the certificate but the X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) call in ts_rsp_sign failed. Actaully, reading the certificate dump shows that the problem is coming from the certificate Key Usage : it MUST NOT contain Key Encipherment. So, to resolve your problem, set the Key Usage to ONLY Digital Signature, Non Repudiation. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 2:40 PM, Patrick Patterson wrote: Hi Yessica: That error is fairly straightforward - it's can't load the cert (meaning, it can't even load the file). Have you made sure that the permissions are correct? Are you absolutely sure that you have the right cert in the right location? Have fun. Patrick. On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote: Hi! This is the new certificate: Certificate: Data:
Re: HELP!!!! mod_tsa:could not load X.509 certificate
Hi, I don't agree : from the error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206) it is clear that OpenSSL loaded the certificate but the X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) call in ts_rsp_sign failed. Actaully, reading the certificate dump shows that the problem is coming from the certificate Key Usage : it MUST NOT contain Key Encipherment. So, to resolve your problem, set the Key Usage to ONLY Digital Signature, Non Repudiation. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 2:40 PM, Patrick Patterson wrote: Hi Yessica: That error is fairly straightforward - it's can't load the cert (meaning, it can't even load the file). Have you made sure that the permissions are correct? Are you absolutely sure that you have the right cert in the right location? Have fun. Patrick. On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote: Hi! This is the new certificate: Certificate: Data: Version: 3 (0x2) Serial Number: d8:e6:a3:f6:22:c7:a4:0b Signature Algorithm: sha1WithRSAEncryption Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve Validity Not Before: Feb 21 20:15:08 2011 GMT Not After : Feb 21 20:15:08 2012 GMT Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, CN=tsscompany/emailAddress=t...@company.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e: 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71: 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc: f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb: 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b: 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c: 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c: 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19: 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8: 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7: 7a:4b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17 X509v3 Authority Key Identifier: keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76 X509v3 Subject Alternative Name: email:t...@company.com X509v3 Extended Key Usage: critical Time Stamping Signature Algorithm: sha1WithRSAEncryption 02:d1:fd:44:de:1e:9f:e0:29:66:35:8f:43:da:e6:b5:20:43: 52:90:b0:dc:8a:0f:09:92:9e:c2:6b:dc:14:ab:2c:9f:1b:8e: 02:76:9a:17:08:77:ca:26:06:13:25:9e:4a:e2:bf:bb:2b:4d: cf:67:41:c0:2b:3a:1a:d0:ae:a8:88:3c:13:e2:0d:f6:9c:1e: e7:ba:ef:22:c6:b8:18:3b:a8:5e:f9:0e:43:b8:de:82:b1:e0: be:00:d2:57:9c:f3:d9:48:72:28:70:5d:06:d7:73:84:bc:f7: 5e:65:27:86:0d:e8:28:b4:dd:72:4d:8e:59:02:cc:39:0f:8d: 47:87 And this is the error: [Mon Feb 21 20:15:37 2011] [error] mod_tsa:could not load X.509 certificate: /usr/local/ssl/misc/demoCA/tss.pem [Mon Feb 21 20:15:37 2011] [error] mod_tsa:17262:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206: [Mon Feb 21 20:15:37 2011] [emerg] exiting, fatal error during mod_tsa initialisation. Thanks!!! 2011/2/21 Jaroslav Imrich Hello Yessica, please post new certificate and exact error you're getting. -- Kind Regards / S pozdravom Jaroslav Imrich http://www.jariq.sk On Mon, Feb 21, 2011 at 4:41 PM, Yessica De Ascencao wrote: hello!!! Thanks for the response! Yes I needed the extension to Time Stamping, however when I load the sample certificate in the OpenTSA page, continues to show me the same error. I created a certificate with the correct extension and likewise gives me error. I really do not know what may be happening. Thank you very much!
Re: RSA public/private keys only work when created programatically.
Hi, Your command line that create the public key is missing the -pubout switch that tells the rsa utility to output a public key. So, this command should look like : openssl rsa -in rsaprivatekey.pem -out rsapublickey.pem -pubout . Without it, it will just output the private key as is. Moreover, the openssl rsa utility saves the public key using the function PEM_write_bio_RSA_PUBKEY and not PEM_write_bio_RSAPubicKey. So, if you want your program to be compatible with its output, then you should use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY for saving/loading public key files. I hope this will help, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/18/2011 4:59 AM, David Henry wrote: I've written a bare bones enveloping example that takes a string, seals it in an envelope, and then goes about opening it. Everything works just fine if I generate my RSA keys programatically. Unfortunately, it does not work if I encrypt the session keys with an RSA public key that was created on the command line like: > openssl genrsa -out rsaprivatekey.pem > openssl rsa -in rsaprivatekey.pem -out rsapublickey.pem I would greatly appreciate if someone could explain why my programatically-created keys work, but the command-line ones do not. The code that generates usable keys looks like this: int main() { // generate & check keys RSA* rsa = RSA_generate_key(2048, RSA_F4, NULL, 0); int check_key = RSA_check_key(rsa); while (check_key <= 0) { cerr << "error generating keys -- regenerating..."; rsa = RSA_generate_key(2048, RSA_F4, NULL, 0); check_key = RSA_check_key(rsa); } RSA_blinding_on(rsa, NULL); // write out pem-encoded public key BIO* rsaPublicBio = BIO_new_file("rsapublickey.pem", "w"); PEM_write_bio_RSAPublicKey(rsaPublicBio, rsa); // write out pem-encoded encrypted private key BIO* rsaPrivateBio = BIO_new_file("rsaprivatekey.pem", "w"); PEM_write_bio_RSAPrivateKey(rsaPrivateBio, rsa, NULL, NULL, 0, NULL, NULL); BIO_free(rsaPublicBio); BIO_free(rsaPrivateBio); RSA_free(rsa); ... return 0; } The program that uses the keys is: #include #include #include #include #include #define BUF_SIZE4096 #define BLOCK_SIZE32 int main() { // uninitialized symmetric cipher context EVP_CIPHER_CTX* ctx = new EVP_CIPHER_CTX; // symmetric cipher const EVP_CIPHER* type = EVP_aes_256_cbc(); unsigned char message[BUF_SIZE] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; printf("Unencoded string = {%s}\n", message); int npubk = 1; unsigned char** ek = new unsigned char*[npubk]; int* ekl = new int[npubk]; EVP_PKEY** pubk = new EVP_PKEY*[npubk]; // read in pem-encoded public key BIO* rsa_pub_bio = BIO_new_file("rsapublickey.pem", "r"); RSA* rsa_pub = RSA_new(); PEM_read_bio_RSAPublicKey(rsa_pub_bio, &rsa_pub, NULL, NULL); BIO_free(rsa_pub_bio); // encrypt symmetric session keys for (int i = 0; i < npubk; i++) { pubk[i] = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pubk[i], rsa_pub); ek[i] = new unsigned char[EVP_PKEY_size(pubk[i])]; ekl[i] = EVP_PKEY_size(pubk[i]); } // random initialization vector unsigned char* iv = new unsigned char[EVP_MAX_IV_LENGTH]; RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); int message_len;// initialized by EVP_SealUpdate & EVP_SealFinal unsigned char encrypt_buf[BUF_SIZE + BLOCK_SIZE]; EVP_SealInit(ctx, type, ek, &ekl[0], &iv[0], &pubk[0], npubk); // EVP_SealUpdate changes message_len to # bytes in message EVP_SealUpdate(ctx, encrypt_buf, &message_len, message, strlen((const char*) message)); printf("buf_len: %d\n", message_len); int total_len = message_len;// line must be between SealUpdate & SealFinal // EVP_SealFinal changes message_len value to # bytes of encryption overhead EVP_SealFinal(ctx, &encrypt_buf[message_len], &message_len); int i; printf("Encoded string = {"); for (i = 0; i < message_len; i++) { printf("%02x", encrypt_buf[i]); } for (i = 0; i < message_len; i++) { printf("%02x", encrypt_buf[i + total_len]); } printf("}\n"); unsigned char decrypt_buf[BUF_SIZE]; int decrypt_len;// initialized by EVP_OpenUpdate & EVP_OpenFinal // read in pem-encoded encrypted private key BIO* rsa_priv_bio = BIO_new_file("rsaprivatekey.pem", "r"); RSA* rsa_priv = RSA_new();
Re: OpenSSL and MinGW - Error report
Hi, Add -leay32 to the end of the gcc command line of order to suppress the link errors you are seeing. This will help the gcc linker find the missing symbols exported by libeay32.a. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/16/2011 8:07 PM, Rui Fernandes wrote: I've followed these instructions: "Assuming a default installation (C:\OpenSSL), go to 'C:\OpenSSL\lib\MinGW' and copy all of the files to your MinGW 'lib' directory. Next, copy everything in the 'C:\OpenSSL\include' directory to your MinGW 'include' directory." I've called the bn.h, with: #include and I've got the following errors: C:\MinGW\bin>gcc fatorialBIG.c -o fatorialBIG.exe C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0xf): undefin ed reference to `BN_new' C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x4c): undefi ned reference to `BN_dec2bn' C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x6a): undefi ned reference to `BN_mul_word' C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x84): undefi ned reference to `BN_bn2dec' collect2: ld returned 1 exit status Any ideas? Regards, Rui Fernandes __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify return code: 20 (unable to get local issuer certificate)
Hi Lennart, Issue the following command : openssl version -d Its output will tell you which directory the openssl binary you are calling is using for accessing CA certificates. If it is not /etc/ssl, then this explains why you are getting this error : you are using a binary that looks elsewhere (for example in /usr/local/ssl) On the other hand, if it is /etc/ssl, then you need just to update the CAs hashs in /etc/ssl/certs. For that, issue the following command : c_rehash /etc/ssl/certs. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 5:07 PM, Lennart van den Dool | fonq.nl wrote: Hi, I can’t figure this out and I’ve been searching the net for hours, so I hope someone can help. I want to make an ldaps connection to a remote server, but issuing openssl s_client -ssl3 -connect [domain]:636 -state -verify results in: Verify return code: 20 (unable to get local issuer certificate). When I specify the -CAfile /etc/ssl/certs/AddTrust_External_CA_Root.pem it works fine. How can I make openssl use (trust) that CAfile automatically? Thanks in advance! Regards, Lennart __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Adding non-root certificates to the list of trusted certificates?
Hi Lou, I think you misunderstood Matthias's question? He is not asking about how to make his own CA accepted (from his post, it appears he already knows how to do that), but he is rather asking how to make an end entity server certificate a trusted anchor for OpenSSL certificate chain verification. As he explained, this is especially interesting if you connect to a server for whom you don't the corresponding CA certificate: in this case, a trust model like the SSH one is desirable. Personally I don't think it is possible currently without a change to OpenSSL internals or the use of the verify callback. That being said, I remember vaguely a post by Dr Stephen Henson related to this where he mentioned a planned change in this direction, but I can't find a link to it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 4:46 PM, Lou Picciano wrote: Matthias, Generally, when you are 'accepting a cert' in the web browser, you are accepting that _server's_ cert, and not automatically saving the CA cert. For a Certificate Authority of your own to be accepted, you'd have to manually install that CA's cert into the root store for that browser. This, then, would allow SSL to verify the Server's cert against this newly-installed CA cert. Thus, your chain is tested. Lou Picciano - Original Message - From: "Matthias Meixner" To: openssl-users@openssl.org Sent: Thursday, February 10, 2011 10:19:03 AM Subject: Adding non-root certificates to the list of trusted certificates? Hello! When you connect to a webserver for which you do not have a trusted CA certificate, normally the browser allows you to permanently accept the certificate and continue. How can this be done using OpenSSL? If I add this non-self-signed certificate to the list of trusted certificates (e.g. via CAfile), it is ignored and verification fails. I have never had any success if the certificate chain was incomplete. Example: I have the following certificates: root-ca.cert -> ca.cert -> server.cert The server uses server.cert as certificate. If CAfile contains root-ca.cert, everything works fine. However, if CAfile only contains server.cert verification fails. But this is exactly what most browsers allow: Just accept any certificate as long as the user has allowed to accept it. So how can this be done using OpenSSL? Is there any option I can set? Or is there only the brute force way of using the verify callback, reading all the certificates from CAfile and comparing them manually with the server certificate? Regards, Matthias Meixner __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating and signing certificate via API
Hi, This is a classical C bug : the parameter cert of the function createCertificate is passed by value instead of being passed by reference as it should be since this function modifies its content. So, in order to solve your problem, change the declaration of createCertificate as follows : void createCertificate(X509_NAME *issuerName, X509_NAME *serverName, EVP_PKEY *caKey, struct certKey* cert) and then pass the address of the local variable clientCert in main as follows : createCertificate(X509_get_subject_name(caCertificate), X509_get_subject_name(oldCertificate), caKey, &clientCert); With these modifications, everything will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/20/2011 2:36 PM, Bret McDanel wrote: I am trying to load an old certificate, take the subject line and make a new certificate signed with my self signed certificate. I am sure that it is something obvious that I am overlooking, but no matter what I try I always fail when I try to check the private key of the new certificate. I have a "CA cert" which works with other things so I am fairly sure that is done correctly. I have an old certificate that I read in, and I can read it with the CLI program so I am fairly sure that too is not corrupted. The new certificate is what is giving me problems. I would appreciate any pointers on where the problem may be. Attached is my program, I tried to redact it as much as possible without totally refactoring it for fear of introducing new unrelated bugs. It is most likely something in "createCertificate" that I am either not doing and should or doing and should not. Thanks for any help, #include struct certKey { EVP_PKEY *keys; X509 *certificate; }; void createCertificate(X509_NAME *issuerName, X509_NAME *serverName, EVP_PKEY *caKey, struct certKey cert) { RSA *rsaKeyPair = RSA_generate_key(1024, RSA_F4, NULL, NULL); cert.certificate = X509_new(); X509_set_version(cert.certificate, 3); ASN1_INTEGER_set(X509_get_serialNumber(cert.certificate), 1234); X509_set_subject_name(cert.certificate, serverName); X509_set_issuer_name(cert.certificate, issuerName); cert.keys = EVP_PKEY_new(); EVP_PKEY_assign_RSA(cert.keys, rsaKeyPair); X509_set_pubkey(cert.certificate, cert.keys); X509_gmtime_adj(X509_get_notBefore(cert.certificate), 0); X509_gmtime_adj(X509_get_notAfter(cert.certificate), (long)60*60*24*365); X509_sign(cert.certificate, caKey, EVP_sha1()); } X509* loadCertificateFromFile(const char *file) { SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX_use_certificate_file(ctx,file,SSL_FILETYPE_PEM); return SSL_get_certificate(SSL_new(ctx)); } EVP_PKEY* loadKeyFromFile(char *file, char *password) { EVP_PKEY *privKey; FILE *fp; if (!(fp = fopen (file, "r"))) { printf("Error reading private key file\n"); exit(1); } if (!(privKey = PEM_read_PrivateKey (fp, NULL, NULL, password))) { printf("Error reading private key in file\n"); exit(1); } fclose (fp); return privKey; } main() { X509 *caCertificate; EVP_PKEY *caKey; char *caCertFile = "cacert.pem"; char *caKeyFile = "cakey.pem"; char *oldCertFile = "oldcert.pem"; X509 *oldCertificate; struct certKey clientCert={0}; SSL_CTX *ctx; static int session_id_ctx = 1; SSL_library_init(); OpenSSL_add_all_algorithms(); caCertificate = loadCertificateFromFile(caCertFile); caKey = loadKeyFromFile(caKeyFile,NULL); oldCertificate = loadCertificateFromFile(oldCertFile); createCertificate(X509_get_subject_name(caCertificate), X509_get_subject_name(oldCertificate), caKey, clientCert); ctx = SSL_CTX_new(SSLv23_server_method());; SSL_CTX_set_session_id_context(ctx, (void*)&session_id_ctx, sizeof session_id_ctx); SSL_CTX_use_certificate(ctx, clientCert.certificate); SSL_CTX_use_PrivateKey(ctx, clientCert.keys); if (SSL_CTX_check_private_key(ctx) == 0) { printf("private key is the fail\n"); } } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How exactly is symmetric key constructed from a passphrase?
Hi, The function EVP_BytesToKey is used internally by this command (and others) in order to create a key from a password. The iteration count is set to 1. Look at the following link for more information : http://www.openssl.org/docs/crypto/EVP_BytesToKey.html Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/14/2011 9:02 AM, Calvert Remillard wrote: Consider following: > openssl aes-256-cbc -e -nosalt -pass pass:TEST -in FILE -out FILE.enc -P key=033BD94B1168D7E4F0D644C3C95E35BF98D6BC98DA097F25270DEC053083AACF iv =8BEAB338FC102B2A12933636C6EB7D59 How does passphrase "TEST" become "key=033BD94B1168D7E4F0D644C3C95E35BF98D6BC98DA097F25270DEC053083AACF"? How is it constructed? I've tried all supported hash functions (md5, sha1, etc.), but they seem to produce different output. Thanks a bunch in advance! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question on SHA1 Functions
Hi, SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto folder) as HASH_UPDATE and HASH_FINAL respectively. Happy hacking, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/10/2011 4:40 PM, Stan Joyner wrote: Hi, I am a newbie to openssl and have run into what is probably a stupid question. I am using openssl-1.0.0c. So here it goes. I wanted to look at how openssl implemented the following functions which are defined in the openssl crypto library in openssl/crytpo/sha.h: int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); In file sha1.c I only see the function implementation for SHA1 which is a wrapper function that invokes SHA1_init, SHA1_Update, and SHA1_Final. I was expecting to see the implementations for all four of these functions in file sha1_one.c. But I only see the implementation for the wrapper function SHA1 in that file. Where are these functions suppose to be implemented? [u...@centos sha]$ pwd /home/user/OPENSSLTEST/openssl-1.0.0c/crypto/sha [u...@centos sha]$ grep SHA1_Final * sha1.c: SHA1_Final(&(md[0]),&c); sha1_one.c: SHA1_Final(md,&c); sha.h:int SHA1_Final(unsigned char *md, SHA_CTX *c); sha_locl.h:# define HASH_FINAL SHA1_Final For instance above I see calls to SHA1_Final; but I don't see the actual implementation of that function. By comparison for the SHA512 case I do see all of the following functions in sha512.c in this same directory: SHA512_Init. SHA512_Update, SHA512_Final, and of course the wrapper function SHA512 implementations can all be found in sha512.c. For example: [u...@centos sha]$ grep SHA512_Final * *sha512.c:int SHA512_Final (unsigned char *md, SHA512_CTX *c)* sha512.c:{ return SHA512_Final (md,c); } sha512.c: SHA512_Final(md,&c); sha512.c: SHA512_Final(md,&c); sha.h:int SHA512_Final(unsigned char *md, SHA512_CTX *c); I don't understand how this works obviously. Any information would be appreciated. I want to use this in an embedded application. I also noticed macros in sha_locl.h for SHA. Is this where the SHA1 functions are implemented? Thanks, Stan Joyner __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Building OpenSSL vs Downloaded
Hi, Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib libeay32.dll) in order to create OMF export libraries instead of the COFF ones produced by VC++. With them, the link will be successful. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 11:30 PM, hpenaguz...@aim.com wrote: I'm going to try that. In the mean time I also tried gcc and MinGW and both work fine, but I would like to have it together in Borland since it is a part of a project. The other problem I have is that it doesn't work with so I had to use Qt. Here is the test code, which is very simple just to make sure everything works. I'm working with OpenSSL 1.0.0c I included libraries libeay32.lib and ssleay32.lib into the project. #include // Cabeceras OpenSSL #include #include #include int main(int argc,char ** argv){ // Iniciando OpenSSL SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); printf("Hola, mundo de OpenSSL\n"); return 0; } Here is the linker error, I got using dowloaded version with Borland 5. [Linker Error] 'C:\OPENSSL-WIN32\LIB\LIBEAY32.LIB' contains invalid OMF record, type 0x21 (possibly COFF) I thought I was having this error since I couldn't built it with borland, that's why I was asking Building vs Downloaded, but then I make it work with MinGW. -Original Message- From: Ryan Pfeifle To: openssl-users Sent: Wed, Dec 22, 2010 4:21 pm Subject: RE: Building OpenSSL vs Downloaded I use the precompiled DLLs provided by http://www.slproweb.com/products/Win32OpenSSL.html. I do not recompile OpenSSL myself, though I do have the source code installed for reference. Ryan Pfeifle Sr. Programmer Voice Print International, Inc. <http://www.vpi-corp.com/> *Immediate Results. Unmatched Value.* <http://www.vpi-corp.com/Value>^TM *Tel: *1.805.389.5200 x5297 *Fax: *N/A *Email: *...@vpi-corp.com <mailto:r...@vpi-corp.com> *Web:* www.VPI-corp.com <http://www.vpi-corp.com/> Experience the***VPI Value Advantage <http://www.vpi-corp.com/ValueAdvantage>*^TM ^ The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. *From:*owner-openssl-us...@openssl.org <mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org <mailto:owner-openssl-us...@openssl.org?>] *On Behalf Of *hpenaguz...@aim.com <mailto:hpenaguz...@aim.com> *Sent:* Wednesday, December 22, 2010 10:35 AM *To:* openssl-users@openssl.org <mailto:openssl-users@openssl.org> *Subject:* Re: Building OpenSSL vs Downloaded May I ask which download version are you using?, I tried several and couldn't build it and neither use it with Borland, I got a linker error. Thanks. -Original Message- From: Ryan Pfeifle mailto:r...@vpi-corp.com>> To: openssl-users <mailto:openssl-users@openssl.org>> Sent: Tue, Dec 21, 2010 4:08 am Subject: RE: Building OpenSSL vs Downloaded You do not need to build the library unless you want to customize it. If you do compile it, it can be used with other compilers. I use the downloaded version with Borland C++Builder 5 and 6, though it was originally built with VC++, and it works fine. Ryan Pfeifle Sr. Programmer Voice Print International, Inc. <http://www.vpi-corp.com/> *Immediate Results. Unmatched Value.* <http://www.vpi-corp.com/Value>^TM *Tel: *1.805.389.5200 x5297 *Fax: *N/A *Email: *...@vpi-corp.com_ <mailto:r...@vpi-corp.com> *Web:*_www.VPI-corp.com_ <http://www.vpi-corp.com/> Experience the***VPI Value Advantage <http://www.vpi-corp.com/ValueAdvantage>*^TM The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. *From:*_owner-openssl-us...@openssl.org_ <mailto:owner-openssl-us...@openssl.org> [_mailto:owner-openssl-us...@openssl.org_ <mailto:owner-openssl-us...@openssl.org?>] *On Behalf Of *_hpenaguz...@aim.com_ <mailto:hpenaguz...@aim.com> *Sent:* Friday, December 17, 2010 6:59 PM *To:* _openssl-us...@openssl.org_ <mailto:openssl-users@openssl.org> *Subject:* Building OpenSSL vs Downloaded Have two questions: 1) Is it mandatory to build the OpenSSL library in order to use the functionali
Re: components of RSA keys?
Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c. Good hack, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/24/2010 12:35 AM, Mike Mohr wrote: Thanks much for the clarification. I'm interested in re-implementing RSA for my own education; can someone point me to the location in the openssl sources where the RSA keys are actually generated (so I can see how the BIGNUMs are manipulated)? Thanks, Mike On Thu, Dec 23, 2010 at 1:17 PM, Mounir IDRASSI wrote: Take a look at : http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm exponent1 = dp exponent2 = dq coefficient = qInv -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 9:48 PM, Mike Mohr wrote: Good afternoon, When generating an RSA key, several components are described in the output file. Per the RSA specification on wikipedia, I can identify the following values: prime1: p prime2: q modulus: N = p * q publicExponent: e privateExponent: d What I'm not clear about is what function these values play: exponent1: ?? exponent2: ?? coefficient: ?? Can someone explain? Thanks, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: components of RSA keys?
Take a look at : http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm exponent1 = dp exponent2 = dq coefficient = qInv -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 9:48 PM, Mike Mohr wrote: Good afternoon, When generating an RSA key, several components are described in the output file. Per the RSA specification on wikipedia, I can identify the following values: prime1: p prime2: q modulus: N = p * q publicExponent: e privateExponent: d What I'm not clear about is what function these values play: exponent1: ?? exponent2: ?? coefficient: ?? Can someone explain? Thanks, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Pls some basic c code to generate key pair using openssl
Hi, Here are the basic calls needed to generate an ECC key (this example uses NSA Suite B curve P-256) : int curveId = OBJ_sn2nid("prime256v1"); EC_GROUP* pGroup = EC_GROUP_new_by_curve_name(curveId); EC_KEY* pKey = EC_KEY_new(); EC_KEY_set_group(pKey, pGroup); EC_KEY_generate_key(pKey)); Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/19/2010 8:47 AM, akdin wrote: I am a new user of openssl. If anybody post basic C code to generate ecc key pairsusing openssl it will give me an insight to produce further . Ur help will be highly appreciable., regards akdin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
Hi, What compiler are you using under Windows? From my side, I have compiled and tested binaries produced by VC++ 2008 SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW (gcc 4.5.0), and in both cases everything is OK (no crash and all tests succeed) -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/4/2010 1:59 AM, Marcus Carey wrote: I used openssl to create a server certificate and key. The s_server application never loads because the error occurs using the default ECDH parameters. Then I ran the ecdhtest application to see if there was a problem. ecdhtest.exe is the test application in the crypto/ecdh directory for testing elliptic curve Diffe-Hellman routines. All of the PRIME test failed. However, the BINARY test passed. As long as no other applications use these routines it should be okay. I guess. - Original Message - From: "Victor Duchovni" To: Sent: Friday, December 03, 2010 1:18 PM Subject: Re: nist_cp_bn issue On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote: openssl ecdhtest What is "openssl ecdhtest"? Must use the -no_ecdhe flag. openssl.exe s_server -no_ecdhe With what cert/key? Any other options? What client invocation? ... openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int * a=0x0001, int top=8) Line 308 + 0x6 C Sure looks like "res" is not quite right... int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { /* . . . */ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(size_t)carry; res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here r->top = BN_NIST_256_TOP; bn_correct_top(r); return 1; } I don't understand the "res = ..." code, perhaps it is not portable to your Windows compiler, or perhaps it is not right. Please report a more detailed description of how you reproduce this. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Private Key from Windows Cert Store
Hi, In order to enable the CAPI engine, you have to use the enable-capieng switch : this will compile the CAPI engine statically inside OpenSSL. Here is a example of configure command line for this : perl Configure VC-WIN32 --prefix=c:/openssl enable-capieng I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8k>perl Configure VC-WIN32 --prefix=c:\temp\openssl no-static-engine ms\do_ms.bat nmake -f ms\ntdll.mak Unfortunately I now get the following errors: link /debug /nologo /subsystem:console /opt:ref /debug /dll /out:out32dl l.dbg\4758cca.dll @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp Creating library out32dll.dbg\4758cca.lib and object out32dll.dbg\4758cca.exp e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_get_next_error_library referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_set_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_ex_data_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_create_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_add_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_locking_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_mem_functions referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_get_static_state referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_cmd_defns referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_pubkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_privkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_ctrl_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_finish_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_init_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_destroy_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RAND referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RSA referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_name referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_id referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_load_strings referenced in function _ERR_load_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_unload_strings referenced in function _ERR_unload_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_free referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_new_index referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_bind_func referenced in function _ibm_4758_cca_init e_4758cca.obj
Re: opensll-0.9.8q.tar.gz corrupted.
Hi, There is no problem with the archive. If you are under Windows, use the latest 7zip (version 9.20). You will get a warning but the decompression is OK. The previous version of 7zip had a limitation for tar support. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 2:28 PM, Brent Evans wrote: It would appear that the opensll-0.9.8q.tar.gz file is corrupt. un-tar fails. Cheers, Brent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
http://www.openssl.org/news/secadv_20101202.txt -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/2/2010 9:03 PM, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of OpenSSL Sent: Thursday, December 02, 2010 2:17 PM To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 o Fix mishandling of absent EC point format extension. o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. We consider OpenSSL 1.0.0c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0c.tar.gz Size: 4023056 MD5 checksum: ff8fb85610aef328315a9decbb2712e4 SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0c.tar.gz openssl sha1 openssl-1.0.0c.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5 Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO 6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0 g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg== =yMGM -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: creating RSA structure when Private key(E,D,N) known
Hi, I have developed a while ago a tool that uses OpenSSL in order to perform such conversions (between SFM format and CRT format). I have put it under SourceForge (source and binary): http://rsaconverter.sourceforge.net/ The binary is for Windows but the sources (librsaconverter.c and librsaconverter.h) are portable and they provide two functions : SfmToCrt and CrtToSfm. In your case, you will use the function SfmToCrt in order to compute p,q,dp,dq and u. The mathematics behind are explained on the PDF linked on the project page (idea based on Miller factoring algorithm as described on his 1976 paper). By the way, is this kind of functionality interesting enough to be integrated into OpenSSL code? I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/25/2010 1:32 PM, Chir wrote: Hi guys, i want to create a RSA structure to pass this to RSA_private_decrypt(). I am not generating keys i am getting keys from second party. i have got N, D, E but i dnt know how to generate p, q required to fill the RSA structure. Please help. Thanks Chir __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: contribution
Hi, Contribution are usually done by sending a patch to r...@openssl.org. The subject of the email must start with "[PATCH]". The patch should be against the latest stable sources or CVS head of the branch/branches you are targeting (0.9.8x, 1.0.0x or 1.0.1x). I hope this will help you enrich OpenSSL with this interesting engine. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/26/2010 10:11 AM, flavio vella wrote: Hello, we are a team of the department of Computer Science at the University of Perugia (Italy). Recently, we have developed an engine that implements AES in OpenCL (http://www.khronos.org/opencl/). This engine allows to perform AES on many-multi core devices (CPU or GPU). The group's activities will focus on the consolidation of this engine and on the development of new ones. We would like to release it as a contribution to openssl community. What is the correct practices to do it? -- Dott. Flavio Vella Department of Mathematics and Computer Science __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: kEECDH handshake failure with invalid ecpointformatlist?
On 11/25/2010 6:32 AM, Victor Duchovni wrote: Unless we are mistaken, I really think this should have been integrated into 1.0.0b if not earlier. More important IMHO than backporting removal of dead variables, which just risks code breakage, and should not go into the stable release. I agree. I'll start a discussion about this on the dev list. -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: kEECDH handshake failure with invalid ecpointformatlist?
Hi, This is a known issue for which I have sent a patch (under ticket #2240) on April 25th 2010. OpenSSL wrongly returns an error if the ServerHello is missing the Supported Point Format extension whereas it should interpret it as only uncompressed format is supported. Can you check that this solves the failures you are seeing? Here is the link on RT with the description of the issue and the patch : http://rt.openssl.org/Ticket/Display.html?id=2240&user=guest&pass=guest Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/24/2010 11:37 PM, Victor Duchovni wrote: I see intermitten failures to complete an SMTP STARTTLS handshake with some servers. This happens when on entry into ssl_check_serverhello_tlsext() the server proposes a kEECDH cipher, say: (gdb) p *(s->s3->tmp.new_cipher) $7 = {valid = 1, name = 0x2a95a0ceea "ECDHE-RSA-DES-CBC3-SHA", id = 50380818, algorithm_mkey = 128, algorithm_auth = 1, algorithm_enc = 2, algorithm_mac = 2, algorithm_ssl = 2, algo_strength = 129, algorithm2 = 12336, strength_bits = 168, alg_bits = 168} but (gdb) p s->session->tlsext_ecpointformatlist $5 = (unsigned char *) 0x0 (gdb) p s->session->tlsext_ecpointformatlist_length $6 = 0 and so the handshake fails on line 1469 of t1_lib.c: (gdb) bt #0 ssl_check_serverhello_tlsext (s=0x5745e0) at t1_lib.c:1469 #1 0x002a959e5ad7 in ssl3_get_server_hello (s=0x5745e0) at s3_clnt.c:940 #2 0x002a959e9220 in ssl3_connect (s=0x5745e0) at s3_clnt.c:279 (gdb) l 1467if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) 1468{ 1469 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); 1470return -1; 1471} Is the server doing something wrong here? I see the same symptoms with both 1.0.0a and 1.0.0b. Excluding kEECDH ciphers works yielding EDH-RSA-DES-CBC3-SHA. The packet dump (if that's useful is below): TLS cipher list "aNULL:ALL:+RC4:@STRENGTH:!eNULL" SSL_connect:before/connect initialization write to 0054A4D0 [0057C340] (236 bytes => 236 (0xEC)) 16 03 01 00 e7 01 00 00|e3 03 01 4c ed 91 59 da ...L..Y. 0010 b2 14 bb 72 d2 f0 65 69|84 18 5b 11 41 50 95 1c ...r..ei ..[.AP.. 0020 66 dc bb 5d 45 30 4d 7d|6e 52 00 00 00 76 c0 19 f..]E0M} nR...v.. 0030 00 3a 00 89 c0 14 c0 0a|00 39 00 38 00 88 00 87 .:.. .9.8 0040 c0 0f c0 05 00 35 00 84|c0 17 00 1b c0 12 c0 08 .5.. 0050 00 16 00 13 c0 0d c0 03|00 0a c0 18 00 34 00 9b .4.. 0060 00 46 c0 13 c0 09 00 33|00 32 00 9a 00 99 00 45 .F.3 .2.E 0070 00 44 c0 0e c0 04 00 2f|00 96 00 41 c0 16 00 18 .D./ ...A 0080 c0 11 c0 07 c0 0c c0 02|00 05 00 04 00 1a 00 15 0090 00 12 00 09 00 19 00 14|00 11 00 08 00 06 00 17 00a0 00 03 00 ff 01 00 00 44|00 0b 00 04 03 00 01 02 ...D 00b0 00 0a 00 34 00 32 00 01|00 02 00 03 00 04 00 05 ...4.2.. 00c0 00 06 00 07 00 08 00 09|00 0a 00 0b 00 0c 00 0d 00d0 00 0e 00 0f 00 10 00 11|00 12 00 13 00 14 00 15 00e0 00 16 00 17 00 18 00 19|00 23 .# 00ea - SSL_connect:SSLv2/v3 write client hello A read from 0054A4D0 [005818A0] (7 bytes => -1 (0x)) read from 0054A4D0 [005818A0] (7 bytes => 7 (0x7)) 16 03 01 12 d4 02.. 0006 - read from 0054A4D0 [005818AA] (4818 bytes => -1 (0x)) read from 0054A4D0 [005818AA] (4818 bytes => 2889 (0xB49)) 00 46 03 01 4c ed 91 59|67 4a d7 63 37 1e a1 b8 .F..L..Y gJ.c7... 0010 ac 62 3e 04 00 66 86 e1|de bb 04 9d 07 b2 ee b2 .b>..f.. 0020 9a 08 94 03 20 4c ed 91|59 49 98 8a 73 e0 bb 2d L.. YI..s..- 0030 ee 4c ee 70 73 a2 ba 56|bb 8f bd 8a 0e 05 2b 63 .L.ps..V ..+c 0040 1c 31 d0 6a c6 c0 12 00|0b 00 11 cd 00 11 ca 00 .1.j 0050 04 f2 30 82 04 ee 30 82|03 d6 a0 03 02 01 02 02 ..0...0. 0060 04 46 45 1a ee 30 0d 06|09 2a 86 48 86 f7 0d 01 .FE..0.. .*.H 0070 01 05 05 00 30 81 ca 31|0b 30 09 06 03 55 04 06 0..1 .0...U.. 0080 13 02 55 53 31 10 30 0e|06 03 55 04 08 13 07 41 ..US1.0. ..UA 0090 72 69 7a 6f 6e 61 31 13|30 11 06 03 55 04 07 13 rizona1. 0...U... 00a0 0a 53 63 6f 74 74 73 64|61 6c 65 31 1a 30 18 06 .Scottsd ale1.0.. 00b0 03 55 04 0a 13 11 47 6f|44 61 64 64 79 2e 63 6f .UGo Daddy.co 00c0 6d 2c 20 49 6e 63 2e 31|33 30 31 06 03 55 04 0b m, Inc.1 301..U.. 00d0 13 2a 68 74 74 70 3a 2f|2f 63 65 72 74 69 66 69 .*http:/ /certifi 00e0 63 61 74 65 73 2e 67 6f|64 61 64 64 79 2e 63 6f cates.go daddy.co 00f0 6d 2f 72 65 70 6f 73 69|74 6f 72 79 31 30 30 2e m/reposi tory100. 0100 06 03 55 04 03 13 27 47|6f 20 44 61 64 64 79 20 ..U...'G o Daddy 0110
Re: OpenSSL 1.0.0b testssl fails
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. I don't see anything OS specific in the changes introduced in t1_lib.c or s3_srvr.c. Could it be a gcc bug? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/16/2010 9:56 PM, Dr. Stephen Henson wrote: On Tue, Nov 16, 2010, Victor Duchovni wrote: Anyone know why I am seeing the below errors: ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: 10 handshakes of 256 bytes done Approximate total server time: 0.00 s Approximate total client time: 0.01 s Dang, I'm seeing that too now. Why didn't I see that when I tested it earlier today? I'll look into it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: s_server crashes in version 1.0.0a
Hi, I have no crash here, both with official release and snapshot. Moreover, it is surprising that the command "openssl s_server" executes on your machine without specifying a key, which means that you have a server.pem file on your out32dll directory. In a clean build, there is no such file. Maybe you have some malformed key. Can you please check that? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2010 8:57 PM, Marcus Carey wrote: I tried the latest snap shot before I sent the first email. OpenSSL 1.0.1-dev xx XXX . Also, when I ran the test, they all passed. However, the ectest.exe application crashed. - Original Message - From: "Dr. Stephen Henson" To: Sent: Sunday, November 14, 2010 8:32 AM Subject: Re: s_server crashes in version 1.0.0a On Sun, Nov 14, 2010, Marcus Carey wrote: Windows XP Service Pack 3 OpenSSL version 1.0.0a 1 Jun 2010 C:\openssl-1.0.0a\out32dll>openssl s_server Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters After this message I get a pop a window saying openssl has encountered a problem and needs to close. Please try a recent snapshot, this should be fixed now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: error: unable to get local issuer certificate
Hi Ariel, The simple answer to your questions is no. There is no way to workaround this. Others have already explained why. -- Mounir IDRASSI IDRIX http://www.idrix.fr > Well, I'm trying to do SSL Client Authentication for my website. So I > bought > a wildcard cert from GoDaddy and it works pretty well to enable SSL on my > site. But now I'm trying to use it for SSL Client Auth for my clients. > Then > I'm trying to sign, issue and validate client certificates using the one I > bought to GoDaddy with NO results :( So I'm wondering if it's possible and > if so, how? > > Btw, the cert I got from GoDaddy has "CA:false" in its extensions, does it > mean that I can't use for the purpose I want? Is it possible, in some way, > to create and sign client certificates using the one I got from GoDaddy? > How > can I include or create a chained root certificates in the certificates I > provide/issue to my clients? > > Hope you can understand my issues. > > Thanks, > > - Ariel > > On Fri, Oct 22, 2010 at 6:04 PM, Eduardo Navarro > wrote: > >> I think you can make your own CA, if you plan to only test this or want >> to >> have people you know and that know you, setup your root as trusted. >> >> If your purpose is just for using an SSL cert for a website you own, >> then >> you are basically better off just buying one from Verisign, Thawte, >> whoever. >> >> If you plan to start your own SSL issuing service, then this is a >> different >> story, you will need to look at WebTrust compliance as a starting point. >> >> -Eduardo >> >> -Original Message- From: Mounir IDRASSI >> Sent: Friday, October 22, 2010 2:26 PM >> To: openssl-users@openssl.org >> Subject: Re: error: unable to get local issuer certificate >> >> >> >> Hi Ariel, >> >> If you want to avoid browsers warning, your only option is to get a >> valid certificate for your users from a commercial CA. You can get them >> for free from StartSSL for example (http://www.startssl.com/). >> >> If you represent an organization, then you can try to qualify for the >> intermediate CA programs offered by commercial CAs. This involves being >> audited and vetted and this comes with some limitations. Of course, the >> price for such a program can be very high depending on your needs. >> I hope this clarifies things for you. >> >> Cheers, >> -- >> Mounir IDRASSI >> IDRIX >> http://www.idrix.fr >> >> On 10/22/2010 7:03 PM, Ariel wrote: >> >>> Hi Dave, thanks for your reply but... >>> >>> On Thu, Oct 21, 2010 at 7:52 PM, Dave Thompson >>> >> dthomp...@prinpay.com>> wrote: >>> >>>> From: owner-openssl-us...@openssl.org >>><mailto:owner-openssl-us...@openssl.org> On Behalf Of Ariel >>>> Sent: Thursday, 21 October, 2010 16:34 >>> >>>> On Thu, Oct 21, 2010 at 12:44 AM, sandeep kiran p >>>mailto:sandeepkir...@gmail.com>> wrote: >>>> mydomain.com.crt is an End-Entity certificate and >>>not a CA >>>cert. >>> >>>> So basically you mean that I can't use "mydomain.com.crt" >>>to sign >>>and issue >>>> new certificates for my clients? I thought I can using the bundle >>> or >>>intermediate >>>> one they provided to me. Sorry for my ignorance but I don't know >>>too much >>>> how does it work and this is annoying to me :S >>>> I only want to generate and issue new certificates that my >>>clients >>>can install >>>> in their browsers and then provide it to me (SSL Client >>>certificate) when >>>they come >>>> to my site. Is this possible without having to create a >>>self-sign CA cert >>>that causes >>>> browsers to not recognize it as a valid CA? Can I provide a >>> trusted >>>chained root >>>> with the certificates I'm trying to issue? >>> >>>> [sandeep?] So you either need to get a CA cert from GoDaddy or >>>setup a >>>test CA >>>> on your own using OpenSSL. GoDaddy, I am sure would not provide >>>you with a >>>CA >>>> certificate as that would then empower you to >>> >>>Do as sandeep said. Create your own private CA
Re: error: unable to get local issuer certificate
Hi Ariel, If you want to avoid browsers warning, your only option is to get a valid certificate for your users from a commercial CA. You can get them for free from StartSSL for example (http://www.startssl.com/). If you represent an organization, then you can try to qualify for the intermediate CA programs offered by commercial CAs. This involves being audited and vetted and this comes with some limitations. Of course, the price for such a program can be very high depending on your needs. I hope this clarifies things for you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/22/2010 7:03 PM, Ariel wrote: Hi Dave, thanks for your reply but... On Thu, Oct 21, 2010 at 7:52 PM, Dave Thompson <mailto:dthomp...@prinpay.com>> wrote: > From: owner-openssl-us...@openssl.org <mailto:owner-openssl-us...@openssl.org> On Behalf Of Ariel > Sent: Thursday, 21 October, 2010 16:34 > On Thu, Oct 21, 2010 at 12:44 AM, sandeep kiran p mailto:sandeepkir...@gmail.com>> wrote: > mydomain.com.crt is an End-Entity certificate and not a CA cert. > So basically you mean that I can't use "mydomain.com.crt" to sign and issue > new certificates for my clients? I thought I can using the bundle or intermediate > one they provided to me. Sorry for my ignorance but I don't know too much > how does it work and this is annoying to me :S > I only want to generate and issue new certificates that my clients can install > in their browsers and then provide it to me (SSL Client certificate) when they come > to my site. Is this possible without having to create a self-sign CA cert that causes > browsers to not recognize it as a valid CA? Can I provide a trusted chained root > with the certificates I'm trying to issue? > [sandeep?] So you either need to get a CA cert from GoDaddy or setup a test CA > on your own using OpenSSL. GoDaddy, I am sure would not provide you with a CA > certificate as that would then empower you to Do as sandeep said. Create your own private CA with OpenSSL. You issue certs to clients (who request them) and set your server(s) to trust your private root and thus the certs presented by the clients. Your server presents the cert issued to it under a real CA which the clients trust. This means I need to create my own self-signed CA cert, right? And this is what I'm trying to avoid "Because there is no established trust hierarchy leading to a self-signed certificate, it is impossible to verify that a self-signed certificate is genuine." [1] I was reading here [2] because this is what I'm trying to do: SSL Client Authentication; but my problem is in how to setup or get a valid ca.crt that can use to sign and issue new client certificates and that will also validate properly. Is this possible? Thanks for your help, - Ariel [1] http://publib.boulder.ibm.com/infocenter/zos/v1r10/index.jsp?topic=/com.ibm.zos.r10.ikya100/intermed.htm [2] http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-3 The only tricky bit is if your clients need to authenticate themselves to some *other* server(s) besides yours. Then they need to be able to select 'key/cert for Ariel' versus other, perhaps public, key/cert(s). Your server should do SSL_[CTX_]set_client_CA_list to your private root; this will send a 'hint' to the client which cert to present -- although it's up to the client to actually obey this hint, it's not required to. Plus of course you need to ensure that the people/machines you issue certs to are in fact the ones you want as clients. Although if you make a mistake, you can issue your own CRL(s) which your server checks. (And if it's convenient to put your CA on the same machine as your server, this greatly simplifies the CRL distribution procedure. ) __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org <mailto:openssl-users@openssl.org> Automated List Manager majord...@openssl.org <mailto:majord...@openssl.org> -- Ariel Diaz Bermejo http://www.linkedin.com/in/adiazbermejo __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [patch] LNK4078 and LNK4210 linking with x64 static libs
Hi, I was not involved in this discussion, but I wanted just to say that patches and other development issues are discussed in the openssl-dev list and all messages sent to r...@openssl.org are also copied to that list not the users list. Anyone interested in OpenSSL internals should join openssl-dev to be kept updated. That being said, I understand your frustration but the others certainly thought you were aware of their discussion in the other list. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/19/2010 1:20 PM, Jakob Bohm wrote: On 19-10-2010 12:32, per frykenvall wrote: Thanks, Jakob! However, I followed Dr. Stephen Hensons advice earlier in this thread and filed a report to the bug tracker, and got a resolution from Andy Polyakov a week ago, based on your suggestion. I've tested it and am fully satisfied: [openssl.org #2356] Resolved: LNK4078 and LNK4210 linking with x64 static libs http://cvs.openssl.org/chngview?cn=19935 So I wasted my precious time preparing a patch while someone else had already posted a patch off-list. Thanks to everyone involved for not telling the list that this issue had been resolved in another forum! Of course, that resolution does not include the race condition you describe. Best regards, Per On 2010-10-18 17:35, Jakob Bohm wrote: I have now created an actual patch to fix this. It turns out to be a small pattern bug in x86_64xlate.pl Patch attached as openssl-1.0.0a-x86_64attr.patch. While debugging this patch I ran into an unrelated issue where nmake would invoke nasm before the .asm file had been completely output. This is probably a bug in the perl build used on one of the test machines, but I think the patch to kludge around that race condition might be useful too. Patch attached as openssl-1.0.0a-x86_64cpuid-build-race.patch. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert
Hi Stefan, The value of the Basic Constraint extension of this website self-signed certificate is "End Entity" and, more importantly, it is set to Critical. So, technically speaking, this certificate can not be a CA and it can't certify itself. The Nokia implementation seems to be strict compared with others but it can't be blamed for checking the correctness of a certificate. The administrators of this website can solve this issue by creating a new certificate without the Basic Constraint extension. A more clean solution would be to a have the server's certificate issued by a root CA of their own, like in any normal PKI architecture. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 7:11 PM, Stefan Bauer wrote: Dear Openssl-Users, i recently came across a problem with the offered ssl-cert on www.mastersnet.de It's a self signed cert and all of the nokia cell phones, i get my hands on refuse to accept this cert when trying to import it manually in the cert store. It is working without problems for example with a signed cert from cacert (where the root-CA-cert is also not in the default cert store) I'm asking for your help hereby, if some of you could please have a look at this cert and tell me, if there is something suspicous, leading to the reported problem. It might be a bug in the nokia cell phones. It's working with iPhone or windows mobile devices. Thanks in advance Stefan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Negotiation Command Failed when sending mail via TLS
Hi, The error string you are giving is not part of the OpenSSL code, so we can't help you much. You have to give us the error code returned by what ever OpenSSL function you are using. A stripped down version of your code would also help better understand your approach. Under Windows, some problems can arise because conflicting versions of the OpenSSL dlls exist on different directories belonging to the PATH. try checking if the machine where the problem exists has only the version of dlls you are targeting. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 11:23 PM, Roger Eckhard wrote: I am using the OpenSSL dlls libeay32 and ssleay32 to send SMTP email using TLS. My code works fine on most machines, but on one particular computer, it fails with the error: "Start SSL negotiation command failed" Whenever I try to connect to the mail server. All the machines are connecting to the same mail server (Gmail) so its not a problem on the server end. The problem machine is a Windows 7 32 bit install. Can anyone shed some light on what might cause this, or how I can best debug the problem? Thanks, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to sign new certificates
Hi Ariel, You can't achieve what you want because the certificate you bought is not a CA one : if you look at its extensions, you will find that the value of the Certificate Basic Constraints extension is End Entity and that it is set as Critical. if the contrary was possible, then it would have been a big security hole : you could issue valid certificates for domains without authorization (like paypal.com) and it will enable you to mount sophisticated man-in-the-middle attacks. To authenticate users in your website, create you own CA, issue certificates for them and then configure your webserver to accept only client certificates issued by your CA. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/12/2010 5:41 AM, Ariel wrote: Hi again, I could enable my site to use SSL with a wildcard certificate bought to GoDaddy by concatening the "mysite.com.crt" and the "gd_bundle.crt" into a combined one "mysite.com.combined.crt" (explained in a previous email). Now I want to enable SSL Client certificate, creating new keypair files, new certificate signed requests (csr) and signing them using my combined cert file as the CA. Is that possible? How can achieve this goal using the command line tool? Thanks, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_write_PUBKEY segfault with 1.0.0 on windows
Hi, Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a in Release and Debug modes and ran on Windows 7 system (hardware DEP enabled). What compiler are you using? Can you perform a debug build and give us a crash trace? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 06/10/2010 00:31, Kenneth Goldman wrote: I'm getting a PEM_write_PUBKEY() segfault. This is existing code that works with 0.9.8 with Windows or 1.0.0. with Linux, but fails with 1.0.0. and Windows. What's my latent bug? Here's a small sample that fails: RSA *rsa = RSA_generate_key(512, 65537, NULL, NULL); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); FILE *file = fopen("tmp.pem", "wb"); PEM_write_PUBKEY(file, pkey); In my actual application, I set rsa->n and rsa->e to bignums that I generate. I think that should be enough to write the public key. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CA cert from .p12 file
Hi, Your PKCS#12 file doesn't contain the CA, so the simplest solution is to use Windows: since you can use it correctly, there is a big chance that the CA is installed under Windows, so go to the IE certificate store, double click on your certificate, go to the "Certification Path" tab and from there copy the CA that signed your certificate to a file (Base64 encoded). You can then transfert this file to your Linux box. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Your On 9/20/2010 12:45 PM, Sergey Sedov wrote: Hi, My ISP provides to me .p12 file containing certs for using TLS for wifi connection. I can install it under Windows and use it. But when I try to install it under Linux I have some troubles. NetworkManager wants 3 certs to setup TLS for wifi connection. I can extract User cert and Private Key, but can't extract CA Cert. The output file after using this command has zero length: openssl pkcs12 -in example.p12 -out cacert.pem -cacerts -nokeys So, I suppose that there is no CA Cert in this .p12 file. Is there any other way to obtain CA Cert for this ISP or to cheat NetworkManager? Why it works under Windows? Thanks and best regards, Sergey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to convert RSA public key XML format to PEM or ASCII format
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi > > Thanks for your response. In which lplatform do I compile/execute the below > CODE? > I only have UNIX command line and Windows available. > > Regards > Vivek Panikulam > > > > > ________ > From: Mounir IDRASSI > To: openssl-users@openssl.org > Sent: Fri, September 17, 2010 10:07:10 PM > Subject: Re: How to convert RSA public key XML format to PEM or ASCII > format > > Hi, > > To perform the conversion, use your favorite XML library to extract the > BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY > structure from these using the functions I'm pasting below. From here, > call PEM_write_PUBKEY to create a PEM file that will contain your RSA > public key and that can be used later by OpenSSL. > > > unsigned char *fromBase64(const char* szInput, int* pLen) > { > BIO *b64, *bmem; > size_t length = strlen(szInput); > // The length of BASE64 representation is always bigger > // than the actual data length, so the size given to > // the malloc below is sufficient to hold all the > // decoded data > unsigned char *buffer = (unsigned char *)malloc(length); > > b64 = BIO_new(BIO_f_base64()); > // No LF on the input string > BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); > bmem = BIO_new_mem_buf((void*)szInput, length); > bmem = BIO_push(b64, bmem); > > *pLen = BIO_read(bmem, buffer, length); > BIO_free_all(bmem); > > return buffer; > } > > BIGNUM* BN_fromBase64(const char* szBase64) > { > BIGNUM* bn = NULL; > int iLen; > unsigned char* pbData = fromBase64(szBase64, &iLen); > if (iLen) > { > bn = BN_bin2bn(pbData, iLen, NULL); > } > free(pbData); > return bn; > } > > EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp) > { > BIGNUM *n = BN_fromBase64(szModulus); > BIGNUM *e = BN_fromBase64(szExp); > > if (!n) printf("Invalid encoding for modulus\n"); > if (!e) printf("Invalid encoding for public exponent\n"); > > if (e && n) > { > EVP_PKEY* pRsaKey = EVP_PKEY_new(); > RSA* rsa = RSA_new(); > rsa->e = e; > rsa->n = n; > EVP_PKEY_assign_RSA(pRsaKey, rsa); > return pRsaKey; > } > else > { > if (n) BN_free(n); > if (e) BN_free(e); > return NULL; > } > } > > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > >> Hi All >> >> I have a RSA public key provided in the below format and would like to >> know how >> to convert it into a format like PEM or any other format which can be >> read >> by >> openssl. I didnt find any conclusive solutions for this on www. Will >> the application which generated this key format be capable of generating >> the >> same key in PEM or ASCII format? >> >> >> - >> >>dhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq >>> >> >> AQAB >> >> >> Regards >> Vivek Panikulam >> >> >> >> > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: cannot create p12 file
Hi, It hangs because it is waiting for the input certificate that has to be put with the given key inside the PKCS#12 file. Replace the -certfile option with -in and everything will be OK. Actually -certfile is for adding additional certificate, not the main one. -- Mounir IDRASSI IDRIX http://www.idrix.fr > I am trying to create a .p12 file with pkcs12. > > > > I created the private key: > > > > #openssl genrsa -out user.key -des3 > > > > > > I also create a certificate signing request (openssl req ..) and a > certificate (openssl ca.) > > > > I want to store the user key (and optionally the user certificate) in a > .p12 > file that can be imported Microsoft IIS. > > > > #openssl pkcs12 -export -inkey user.key -certfile user.cer -out user.pfx > -name "my key" > > Or > > #openssl pkcs12 -export -inkey user.key -out user.pfx -name "my key" > > > > > > In either case, I get prompted for the pass phase for the key, then the > process just hangs. This is with OpenSSL 1.0.0 on Solaris 10 and OpenSSL > 0.9.8l under cygwin. > > > > I am pretty sure I have do this in the past and not sure what I am doing > wrong. > > > > Thanks for you help. > > > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error while trying to get text output from x509 cert file
Hi, The error says that it didn't find the expected start line for a certificate which is -BEGIN CERTIFICATE- . So, check that your certificate is indeed BASE64 encoded and that the first line is -BEGIN CERTIFICATE- and the last is -END CERTIFICATE- . Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi > > I am trying to get output from this x509 certificate and am getting the > below > error. Please let me know how to resolve this error and generate text > output > from this cert file. > > $ openssl x509 -in TestCryptPublic.cert -pubkey > unable to load certificate > 557096:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE > > > Regards > Vivek Panikulam > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to convert RSA public key XML format to PEM or ASCII format
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi > > Thanks for your response. In which platform do I compile/execute the below > CODE? > I only have UNIX command line and Windows available. > > Regards > Vivek Panikulam > > > > > ________ > From: Mounir IDRASSI > To: openssl-users@openssl.org > Sent: Fri, September 17, 2010 10:07:10 PM > Subject: Re: How to convert RSA public key XML format to PEM or ASCII > format > > Hi, > > To perform the conversion, use your favorite XML library to extract the > BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY > structure from these using the functions I'm pasting below. From here, > call PEM_write_PUBKEY to create a PEM file that will contain your RSA > public key and that can be used later by OpenSSL. > > > unsigned char *fromBase64(const char* szInput, int* pLen) > { > BIO *b64, *bmem; > size_t length = strlen(szInput); > // The length of BASE64 representation is always bigger > // than the actual data length, so the size given to > // the malloc below is sufficient to hold all the > // decoded data > unsigned char *buffer = (unsigned char *)malloc(length); > > b64 = BIO_new(BIO_f_base64()); > // No LF on the input string > BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); > bmem = BIO_new_mem_buf((void*)szInput, length); > bmem = BIO_push(b64, bmem); > > *pLen = BIO_read(bmem, buffer, length); > BIO_free_all(bmem); > > return buffer; > } > > BIGNUM* BN_fromBase64(const char* szBase64) > { > BIGNUM* bn = NULL; > int iLen; > unsigned char* pbData = fromBase64(szBase64, &iLen); > if (iLen) > { > bn = BN_bin2bn(pbData, iLen, NULL); > } > free(pbData); > return bn; > } > > EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp) > { > BIGNUM *n = BN_fromBase64(szModulus); > BIGNUM *e = BN_fromBase64(szExp); > > if (!n) printf("Invalid encoding for modulus\n"); > if (!e) printf("Invalid encoding for public exponent\n"); > > if (e && n) > { > EVP_PKEY* pRsaKey = EVP_PKEY_new(); > RSA* rsa = RSA_new(); > rsa->e = e; > rsa->n = n; > EVP_PKEY_assign_RSA(pRsaKey, rsa); > return pRsaKey; > } > else > { > if (n) BN_free(n); > if (e) BN_free(e); > return NULL; > } > } > > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > >> Hi All >> >> I have a RSA public key provided in the below format and would like to >> know how >> to convert it into a format like PEM or any other format which can be >> read >> by >> openssl. I didnt find any conclusive solutions for this on www. Will >> the application which generated this key format be capable of generating >> the >> same key in PEM or ASCII format? >> >> >> - >> >>dhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq >>> >> >> AQAB >> >> >> Regards >> Vivek Panikulam >> >> >> >> > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to convert RSA public key XML format to PEM or ASCII format
Hi, To perform the conversion, use your favorite XML library to extract the BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY structure from these using the functions I'm pasting below. From here, call PEM_write_PUBKEY to create a PEM file that will contain your RSA public key and that can be used later by OpenSSL. unsigned char *fromBase64(const char* szInput, int* pLen) { BIO *b64, *bmem; size_t length = strlen(szInput); // The length of BASE64 representation is always bigger // than the actual data length, so the size given to // the malloc below is sufficient to hold all the // decoded data unsigned char *buffer = (unsigned char *)malloc(length); b64 = BIO_new(BIO_f_base64()); // No LF on the input string BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new_mem_buf((void*)szInput, length); bmem = BIO_push(b64, bmem); *pLen = BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } BIGNUM* BN_fromBase64(const char* szBase64) { BIGNUM* bn = NULL; int iLen; unsigned char* pbData = fromBase64(szBase64, &iLen); if (iLen) { bn = BN_bin2bn(pbData, iLen, NULL); } free(pbData); return bn; } EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp) { BIGNUM *n = BN_fromBase64(szModulus); BIGNUM *e = BN_fromBase64(szExp); if (!n) printf("Invalid encoding for modulus\n"); if (!e) printf("Invalid encoding for public exponent\n"); if (e && n) { EVP_PKEY* pRsaKey = EVP_PKEY_new(); RSA* rsa = RSA_new(); rsa->e = e; rsa->n = n; EVP_PKEY_assign_RSA(pRsaKey, rsa); return pRsaKey; } else { if (n) BN_free(n); if (e) BN_free(e); return NULL; } } Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi All > > I have a RSA public key provided in the below format and would like to > know how > to convert it into a format like PEM or any other format which can be read > by > openssl. I didnt find any conclusive solutions for this on www. Will > the application which generated this key format be capable of generating > the > same key in PEM or ASCII format? > > > - > > dhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq > > AQAB > > > Regards > Vivek Panikulam > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Loading and using PKCS#12 in runtime
Hi, First, OpenSSL_add_all_algorithms is just a define that resolves to OPENSSL_add_all_algorithms_noconf (or OPENSSL_add_all_algorithms_conf if you define OPENSSL_LOAD_CONF in your build). It's there on evp.h . To solve you PKCS#12 problem, all you need is to call OpenSSL_add_all_algorithms at the start of your program. Which means in your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and then call it. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hello, > >For certain reasons I want to load the OpenSSL libraries at run-time > (rather than at load-time). My application will specifically need to be > able to load a PKCS#12 file, and fiddle around with the data in it. > >The relevant code snippets follows (the code below is just exerts, > and parts where originally taken from apps/apps.c): > > > typedef int (OPENSSLCALLCONV *pfnPKCS12_parse)(PKCS12 *p12, const char > *pass, > EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); > typedef int (OPENSSLCALLCONV *pfnPKCS12_free)(PKCS12 *p12); > typedef int (OPENSSLCALLCONV *pfnPKCS12_verify_mac)(PKCS12 *p12, > const char *pass, int passlen); > typedef PKCS12 *(OPENSSLCALLCONV *pfnd2i_PKCS12_fp)(FILE *fp, PKCS12 > **p12); > > > pfnPKCS12_parse pkcs12_parse = NULL; > pfnPKCS12_free pkcs12_free = NULL; > pfnPKCS12_verify_mac pkcs12_verify_mac = NULL; > pfnd2i_PKCS12_fp d2i_pkcs12_fp = NULL; > > > main() > { >int ret = 0; >void *lib = NULL; >char *error = NULL; > >lib = dlopen(fname, RTLD_LAZY); > >dlerror(); > >pkcs12_parse = (pfnPKCS12_parse)dlsym(lib, "PKCS12_parse"); >pkcs12_free = (pfnPKCS12_free)dlsym(lib, "PKCS12_free"); >pkcs12_verify_mac = (pfnPKCS12_verify_mac)dlsym(lib, > "PKCS12_verify_mac"); >d2i_pkcs12_fp = (pfnd2i_PKCS12_fp)dlsym(lib, "d2i_PKCS12_fp"); > > >fpp12file = fopen(p12file, "rb"); >if(fpp12file == NULL) >{ > printf("Error: Unable to fopen(\"%s\")\n", p12file); > return 1; >} > >load_pkcs12(fpp12file, "P12 test #1", p12password, NULL, NULL, NULL); > >return 0; > } > > > int load_pkcs12(FILE *fp, const char *desc, const char *passwd, > EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) > { > int len, ret = 0; > PKCS12 *p12; > > p12 = d2i_pkcs12_fp(fp, NULL); > if(p12 == NULL) > { > printf("Error: Unable to load PKCS12 file for \"%s\"\n", desc); > goto die; > } > /* See if an empty password will do */ > if(pkcs12_verify_mac(p12, "", 0) || pkcs12_verify_mac(p12, NULL, 0)) > { > pass = ""; > } > else > { > len = strlen(passwd); > if(!pkcs12_verify_mac(p12, passwd, len)) > { > printf("Mac verify error (wrong password?) in PKCS12 " > "file for %s\n", desc); > goto die; > } > pass = tpass; > } > ret = pkcs12_parse(p12, pass, pkey, cert, ca); > die: > if(p12) > pkcs12_free(p12); > return ret; > } > > >I get the "Mac verify error (wrong password? ..." error. > >My initial guess was that I need to initialize the library in some > manner before I can call functions which perform the verification. A > quick search led me to > http://www.ibm.com/developerworks/linux/library/l-openssl.html, which > stipulates: > >``/* Initializing OpenSSL */ > > SSL_load_error_strings(); > ERR_load_BIO_strings(); > OpenSSL_add_all_algorithms();'' > >I nm'd my /usr/lib/libcrypto.so, but it doesn't appear to contain any > entry for OpenSSL_add_all_algorithms. It does however have: > 0009be20 T OpenSSL_add_all_ciphers > 0009bc90 T OpenSSL_add_all_digests > >But I'm beginning to feel that I might be chasing the wrong end here. > Can anyone find an immediate problem with how I'm using the PKCS#12 > functions? > > -- > Kind regards, > Jan Danielsson > > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Intermediate root CA's -- lost and confused :(
Hi Paul, Can you test the SSLCertificateChainFile instructions from the following site : http://www.cam.ac.uk/cs/tlscerts/deploying-thawte.html? Your problem could come from the fact that your Apache SSLCertificateChainFile configuration is missing the Thawte Cross Root CA that links "thawte Primary Root CA" to "Thawte Premium Server CA". -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/14/2010 3:32 AM, Paul B. Henson wrote: On Mon, 13 Sep 2010, Tim Hudson wrote: Try gnutls without the TLS extensions processing occurring and you will see that the server is not sending back the certificate chain: Hmm, so the server isn't volunteering the chain, but if the client is smart enough to ask for it it will provide it :)? This fails. You need to correct your server configuration so that it correctly sends out the chain. I'm using bog-standard apache with mod_ssl, currently version 2.2.14. The instructions from Thawte were to use the SSLCACertificateFile directive in the config pointing to a file they provided containing two certs (the "thawte Primary Root CA" followed by the "Thawte SSL CA"). My server cert is signed by the "Thawte SSL CA", and my openssl client has the "Thawte Premium Server CA" cert installed on it. This didn't work, as you point out it seems the server is not sending the chain. Per an off list discussion, I've changed my config and am now using the SSLCertificateChainFile directive instead (which seems to be the better way to do it). I also reversed the order of the certs in the file per a forum thread I found indicating they should be in order of verification. That's still not working, no chain from the server. Presumably somebody has one of these new Thawte certs installed under apache working correctly, could one of those somebodies possibly post what apache configuration directives they are using, and what certificates in what order are present in the intermediate ca file they are using? That would be greatly appreciated :). Thanks... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify X.509 certificate, openssl verify returns bad signature
Hi Peter, Although the certificate's encoding of the serial number field breaks the BER specification about the minimal bytes representation, it is known that many CA's and libraries treat this field as a blob and usually encode it on a fixed length basis without caring about leading zeros. Specifically, Peter Gutmann in his X.509 Style Guide says this about this field : "If you're writing certificate-handling code, just treat the serial number as a blob which happens to be an encoded integer". Moreover, major PKI libraries are tolerant vis-a-vis the encoding of the serial number field of a certificate and they verify successfully the certificate chain given by the original poster. For example, NSS, GnuTLS and CryptoAPI accept the given certificates and verify successfully their trust. Supporting or not specific broken implementations have always been the subject of heated debates. Concerning the specific issue here, it's clear that OpenSSL is too restrictive compared to other major libraries since this is a minor deviation from the BER specs (i.e. minimal bytes representation) and thus hurts deployments of real-world certificates. -- Mounir IDRASSI IDRIX http://www.idrix.fr > The encoding is invalid BER. > The openssl is tolerant but also destructive in copy. > > whenever you use openssl x509 -in -out ... you remove one leading 0 > octet. > > IMHO openssl should reject the cert because of invalid encoding. > > > On 08/29/2010 04:17 AM, Mounir IDRASSI wrote: >> Hi, >> >> The problem you are encountering is partly caused by the way OpenSSL >> handles integers whose DER encoded value starts with one or more zeros >> : in this case, OpenSSL removes the leading zero when creating the >> corresponding ASN1_INTEGER structure thus leading to the fact that >> computed DER of this structure and the original one will be different!! >> >> In your case, the certificate you are trying to verify has a DER >> encoded serial number "00 00 65". So, OpenSSL will create an >> ASN1_INTEGER with a value of "00 65". And in the course of the >> certificate signature verification, this structure will be encoded to >> DER which will lead to a encoded value of "00 65". Thus, the generated >> DER of the CertInfo will be different from the original one, which >> explains why the signature verification fails. >> >> After some digging, I found that part of the problem is caused by the >> functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file >> crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that >> removes any leading zeros. Commenting out these blocks solves the DER >> encoding mismatch but the verification still fails because the >> computed digest is different from the recovered one. >> >> I will continue my investigation to find all the culprits. >> Meanwhile, the question remains why in the first place the removal of >> the leading zero from the parsed DER encoding was added since this >> clearly have the side effect of making the computed DER different from >> the original one. >> >> Cheers, >> -- >> Mounir IDRASSI >> IDRIX >> http://www.idrix.fr >> >> >> On 8/28/2010 10:43 PM, Goran Rakic wrote: >>> Hi all, >>> >>> I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt >>> downloaded from http://ca.mup.gov.rs/sertifikati-lat.html >>> >>> Certificate path is MUPCARoot> MUPCAGradjani and I would like to >>> validate MUPCAGradjani against the other. What I did is to convert both >>> to PEM format and rename them by hash as efd6650d.0 (Gradjani) and >>> fc5fe32d.0 (Root) using this script: >>> >>> #!/bin/bash >>> hash=`openssl x509 -in $1 -inform DER -noout -hash` >>> echo "Saving $1 as $hash.0" >>> openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM >>> >>> Now I run: >>> >>> $ openssl verify -CApath . efd6650d.0 >>> error 7 at 0 depth lookup:certificate signature failure >>> 16206:error:04077068:rsa routines:RSA_verify:bad >>> signature:rsa_sign.c:255: >>> 16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP >>> lib:a_verify.c:173: >>> >>> Hm, that is not working. What am I doing wrong here? >>> >>> I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I >>> also have my personal certificate issued by MUPCAGradjani that I would >>> like to verify but it is failing with the same error (just one level >>> down): >>> >&g
Re: Verify X.509 certificate, openssl verify returns bad signature
Hi, The problem you are encountering is partly caused by the way OpenSSL handles integers whose DER encoded value starts with one or more zeros : in this case, OpenSSL removes the leading zero when creating the corresponding ASN1_INTEGER structure thus leading to the fact that computed DER of this structure and the original one will be different!! In your case, the certificate you are trying to verify has a DER encoded serial number "00 00 65". So, OpenSSL will create an ASN1_INTEGER with a value of "00 65". And in the course of the certificate signature verification, this structure will be encoded to DER which will lead to a encoded value of "00 65". Thus, the generated DER of the CertInfo will be different from the original one, which explains why the signature verification fails. After some digging, I found that part of the problem is caused by the functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that removes any leading zeros. Commenting out these blocks solves the DER encoding mismatch but the verification still fails because the computed digest is different from the recovered one. I will continue my investigation to find all the culprits. Meanwhile, the question remains why in the first place the removal of the leading zero from the parsed DER encoding was added since this clearly have the side effect of making the computed DER different from the original one. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/28/2010 10:43 PM, Goran Rakic wrote: Hi all, I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt downloaded from http://ca.mup.gov.rs/sertifikati-lat.html Certificate path is MUPCARoot> MUPCAGradjani and I would like to validate MUPCAGradjani against the other. What I did is to convert both to PEM format and rename them by hash as efd6650d.0 (Gradjani) and fc5fe32d.0 (Root) using this script: #!/bin/bash hash=`openssl x509 -in $1 -inform DER -noout -hash` echo "Saving $1 as $hash.0" openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM Now I run: $ openssl verify -CApath . efd6650d.0 error 7 at 0 depth lookup:certificate signature failure 16206:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255: 16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:173: Hm, that is not working. What am I doing wrong here? I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I also have my personal certificate issued by MUPCAGradjani that I would like to verify but it is failing with the same error (just one level down): $ openssl verify -CApath . qualified.pem qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike Srbije/L=Beograd/C=Republika Srbija (RS) error 7 at 1 depth lookup:certificate signature failure 16258:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255: 16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:173: When I install downloaded certificates in Windows using Internet Explorer and doubleclick on my personal certificate (qualified.cer) it looks valid. I am not sure, but I believe it is doing certificate chain validation so the certificates and paths should be valid. After all they are issued by a trustful CA. Output of "openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text -in $1" looks reasonable for both downloaded certificates and is the same before and after conversion to PEM (using -inform DER in the first case). My take on this is that I am not doing conversion properly or maybe the original certificates are in some other format requiring extra argument, but I can not find answer in the docs. How can I properly validate X.509 certificate from http://ca.mup.gov.rs/sertifikati-lat.html by certificate chain? Kind regards, Goran __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Check the private key
Hi Ingo, You are mistaken : this keys is not an encoded RSAPrivateKey as defined by PKCS#1 but it's an encoded PrivateKeyInfo as defined in PKCS#8. Here is the ASN.1 definitions : PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, privateKey PrivateKey, attributes [0] Attributes OPTIONAL } Version ::= INTEGER {v1(0)} (v1,...) PrivateKey ::= OCTET STRING As you can see from the ASN.1 dump, it starts with the version, followed by the algorithm identifier and then the RSAPrivateKey encoding inside an OctetString. Concerning Vladimir's question, the answer is simple : your key is OK and it was verified successfully by OpenSSL. The error message you are getting is due to the fact that in the source code of the rsa utility there is a line that dumps the errors on OpenSSL stack and in this case there is an error that is harmless and that is caused by the way OpenSSL tries to decode the PEM content. In the file "apps/rsa.c", at line 335, there is the following : if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ { ERR_print_errors(bio_err); goto end; } A more correct version would be to change "||" in the if test by "&&", and thus there will be no misleading error. I hope this clarifies things. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2010 4:25 PM, Ingo Naumann wrote: Vladimir, To me, your key looks like a standard 1024 RSA private key, in PKCS#1 format (see below). And, I'm getting the same error when I type openssl rsa -checkhttp://www.rsa.com/rsalabs/node.asp?id=2125 RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponentINTEGER, -- e privateExponent INTEGER, -- d prime1INTEGER, -- p prime2INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } Your key: 30 : SEQUENCE (Length: 0x277) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x0D) 06 : Object Identifier (OID): 1.2.840.113549.1.1.1 rsaEncryption 05 : NULL 04 : Octet String (Length: 0x261) 30 : SEQUENCE (Length: 0x25D) 02 : Integer (Length: 0x01) 00 02 : Integer (Length: 0x81) 00 C5 F1 4E FF 1C 97 02 A2 02 A1 C7 A0 8D E6 9F 9D EF D5 56 87 D7 B2 BF A3 7B 68 73 4E 34 A4 5E FE 41 86 3E 3E 7D 55 6F 9D F1 42 D6 FB CC 27 BB 0C D3 C6 C8 0E 40 CA 53 F8 5A 81 E2 90 18 A8 94 C0 12 72 15 98 0F 1C A2 8F 75 A9 26 E6 A0 8A 7B AB [0x0030 bytes skipped.] 02 : Integer (Length: 0x03) 01 00 01 02 : Integer (Length: 0x81) 00 90 06 E3 5A 11 2D 78 06 F6 2F 4D 17 EF E8 6D 1F F8 50 9C E3 BE F9 1B 24 13 39 8F 1C CA 85 07 71 AD AF C6 3E A5 E7 B2 8D 93 EC F4 8C C6 A1 EA 22 8D 3D C8 77 46 81 71 D3 F5 D7 28 49 7D 07 BD 23 33 AD 3D A7 76 33 6C 47 D7 A2 5B 62 58 A7 06 5B [0x0030 bytes skipped.] 02 : Integer (Length: 0x41) 00 F7 D7 7F 0E C3 04 7D B3 69 AE 54 4F 70 A5 47 E3 D5 1F DC DE 40 AB 99 6D 93 BD 96 4F 31 92 11 F8 43 54 D5 9C EC 3D DF B6 AA 9B AA 3D 60 14 A5 A3 C7 78 DD DE E5 A1 7C C4 5C DF 5F 56 2F EC 41 DB 02 : Integer (Length: 0x41) 00 CC 75 52 E6 9A 0A 1B B7 35 7C D1 D0 51 65 D8 B0 35 BE EA AE D3 88 53 7C AF A5 36 C5 41 09 95 CF 66 73 8F 3D 57 87 FB A0 77 7E B1 D2 95 9D 83 5E 92 5B 95 AB 2A CF 9F FA F7 01 2B 69 4D C7 52 C3 02 : Integer (Length: 0x40) 17 3B 24 D6 BE 62 EA 61 69 D3 84 65 99 DA 74 3D 9F D9 87 BB 71 76 64 40 48 2B EA 2D EC 28 93 F4 A0 63 10 4E D0 3A 10 81 2F C6 BD 93 59 31 36 41 7E CE 0E 85 F9 22 44 EE A7 01 ED 0E C8 19 2E 27 02 : Integer (Length: 0x41) 00 BC 97 5F DF 8B A8 D5 45 DA 15 87 67 33 1D D1 91 40 12 19 61 27 87 71 12 EA E5 67 2E ED BD CC AC E1 20 A8 B8 79 5B DA 33 7A E5 A7 5A CA 5C DF 47 45 93 2A EC 16 F2 2A EC 10 18 C9 15 3A 04 28 87 02 : Integer (Length: 0x40) 20 4C 8C 60 52 94 CA 42 30 DC 1B EF 3D 1E 5F 84 82 40 D1 25 84 BE 1E 18 35 0F F9 4A 5A 40 16 B0 E2 8F 5B 9B C3 FC C5 E7 08 0A BC F0 D1 BA 01 4B 47 08 08 60 15 48 80 A2 C1 98 03 56 FC A4 D9 DC __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project
Re: OpenSSL assistance
Hi, This kind of error (MAC verification failure) usually indicates that the given password is incorrect. Check your password in the code, maybe there is some encoding problems (ASCII vs UTF8). You can also try to open your pkcs#12 file using another application, like Firefox, to see if it's able to open it using this password. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/11/2010 5:14 PM, Sashi Dutt wrote: Hello, I was wondering if any of you guys ran into the below error and provide some guidance/assistance? 8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure:p12_kiss.c:121: p12 = d2i_PKCS12_fp(fp, NULL); if (!PKCS12_parse(p12, "password",&pkey,&x509,&ca)) Basically, I am trying to read in a string, sign it and return its signature value. Thanks, Sashi __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_generate_key
Hi, I think you are confusing RSA with some sort of symmetric algorithm. RSA is a public key algorithm that involves two parts : a public part represented by the modulus and the public exponents, and the private part which has two possible representations (one is modulus+private exponent and the other is called CRT). The RSA size is actually the size of the modulus. I encourage you to read more about RSA before trying to use OpenSSL resources for this. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > yes ..i am not able to find the 128 byte RSA key.. how should get > those information? > > kris > > On Tue, Aug 3, 2010 at 1:15 AM, Michael S. Zick > wrote: > >> On Mon August 2 2010, krishnamurthy santhanam wrote: >> > Hi, >> > >> > i am new to OpenSSL..i have to use RSA_generate key function to >> generate >> > key..below is the program and outcome..is this the way to generate >> key? >> > >> > #include >> > #include >> > #include >> > int main() >> > { >> > char *plain="Sample text"; //Sample text (plain text) to >> Encrypt/Decrypt >> > char *ciphertext; >> > printf("%s\n",plain); >> > // Generate RSA key >> > RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL); >> > // RSA_size() will determine how much memory must be allocated for an >> > if(rsa1==NULL) { >> > printf("NO RSA!\n\n"); >> > ERR_load_crypto_strings(); >> > ERR_print_errors_fp(stdout); >> > } >> > else >> > { >> > printf("RSA OK!\n"); >> > } >> > ciphertext = (char *)malloc(RSA_size(rsa1)); >> > printf("rsa key = %d\n",rsa1); >> > printf("RSA size = %d\n",RSA_size(rsa1)); >> > RSA_free(rsa1); >> > } >> > >> > $ gcc -o rsa1 rsa1.c -lcrypto >> > >> > Output >> > - >> > $ ./rsa1 >> > Sample text >> > RSA OK! >> > rsa key = 473608208 >> >> > RSA size = 128 >> > >> >> Times 8 bits per octet == 1024 bits as requested. >> >> > >> > Please correct me if i am missing anything .. >> > >> >> Does your %d recognize a number that is 128 bytes long? >> >> Mike >> > >> > kris >> > >> >> >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Wildcard certs?
Well, your question was "who i must do request for..." that's why we gave you links for outside CAs. If you are dealing with your own CA, then using a wildcard character in the DN will do the job. -- Mounir IDRASSI IDRIX http://www.idrix.fr > Le vendredi 23 juillet 2010 22:06:44, Kyle Hamilton a écrit : >> There's a company called StartCom (http://www.startssl.com/) who will >> do 2-year validity wildcard certs, upon verification of your identity >> and verification that you have control of the domain for which you are >> requesting certificates. >> >> Oh, and they're included in the latest Microsoft Root Certificate Update >> for Windows XP, and all later versions; Firefox recognizes them, they're >> part of Apple's certificate store, and it's pretty much only Opera who >> doesn't recognize them for whatever reason. >> >> -Kyle H >> >> On 7/23/10 6:24 PM, Mounir IDRASSI wrote: >> > Hi, >> > >> > All major commercial CAs do provide wildcard SSL certificates and the >> > price is usually high. >> > >> > Googling gives the following links for Comodo, Thawte and Verisign : >> >- >> http://www.comodo.com/e-commerce/ssl-certificates/wildcard-ssl.php >> >- http://www.thawte.com/ssl/wildcard-ssl-certificates/ >> >- >> http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/ >> > >> > Cheers, >> > >> > On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote: >> >> Just wondering >> >> >> >> who i must do request for a wildcard cert, for example to accept all >> the >> >> *.mydomain.com >> >> >> >> Regards, >> >> >> >> LD >> >> __ >> >> OpenSSL Project >> http://www.openssl.org >> >> User Support Mailing List >> openssl-users@openssl.org >> >> Automated List Manager >> majord...@openssl.org >> > >> > __ >> > OpenSSL Project http://www.openssl.org >> > User Support Mailing Listopenssl-users@openssl.org >> > Automated List Manager majord...@openssl.org > > I was meaning, for my openssl local installation > how i may do the request? > > shall i put *.mydomain.com in dn? or what > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Wildcard certs?
Hi, All major commercial CAs do provide wildcard SSL certificates and the price is usually high. Googling gives the following links for Comodo, Thawte and Verisign : - http://www.comodo.com/e-commerce/ssl-certificates/wildcard-ssl.php - http://www.thawte.com/ssl/wildcard-ssl-certificates/ - http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/ Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote: Just wondering who i must do request for a wildcard cert, for example to accept all the *.mydomain.com Regards, LD __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_encrypt does not work with RSA_NO_PADDING option
Hi, When calling RSA_private_encrypt with RSA_NO_PADDING, the input must have the same size as the RSA key modulus. In your case, you are supplying 20 bytes whereas it certainly needs more (for example, for a 1024 bit key, input must be 128 bytes long). So, you have to add some sort of padding to your data before feeding it to RSA_private_encrypt. The other option is to use a standard padding by calling RSA_private_encrypt with RSA_PKCS1_PADDING. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/19/2010 2:51 PM, anhpham wrote: Hi all :x I encountered an error when using function RSA_private_encrypt with RSA_NO_PADDING option. I had an unsigned char array a with length = 20, RSA* r, unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I invoked function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The returned value i = -1 means that this function failed. However, when I invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did run smoothly. I'm confused whether it is an error of the library or not but I don't know how to solve this problem. Please help me :-< __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Issue with clients Operating System on certs
Hi, You Apache configuration uses SNI (Server Name Indication) which is not supported on Windows XP using IE, Safari and Chrome. The client must be running under Windows Vista and higher in order for SNI to work. That being said, you are saying in your message that Firefox fails to support SNI under XP and that surprises me because it's supposed to work starting from 2.0 and up, independently from the OS. What version of Firefox are using under XP? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/16/2010 3:31 PM, Richard Buskirk wrote: I sent this situation off to the help team but maybe it is either that stupid or that hard. I have installed 2 SSL Certs on my server. I am using a naming convention for apache configuration for each cert. *Server:* Windows server 2008, Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 *httpd-vhost.conf* ___ NameVirtualHost *:443 SSLEngine on SSLCertificateFile "C:\\certs\\ServerA.crt" SSLCertificateKeyFile "C:\\certs\\ ServerA.key" ServerName www. ServerA.com SSLOptions StrictRequire SSLProtocol all -SSLv2 ServerAdmin notice@ ServerA.com DocumentRoot "C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\www\\html\\ ServerA " ErrorLog "C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\logs\\ssl-access- ServerA.log" CustomLog "logs/access-ssl-www. ServerA.com" common SSLEngine on SSLCertificateFile "C:\\certs\\ ServerB.crt" SSLCertificateKeyFile "C:\\certs\\ ServerB.key" ServerName www. ServerB.com SSLOptions StrictRequire SSLProtocol all -SSLv2 ServerAdmin notice@ ServerB.com DocumentRoot "C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\www\\html\\ ServerB " ErrorLog "C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\logs\\ssl-access- ServerB.log" CustomLog "logs/access-ssl-www. ServerB.com" common Here is where my senerio goes very weird. A computer with windows 7 browses to both location and everything is perfect. A computer with windows XP browses to the siteA no issue. But if they go to siteB, the cert for Site A is used on SiteB’s load every time no matter what computer they are on. The siteB does show the proper site but the cert is the wrong cert. This fails in Firefox, IE, Safari, Google Chrome on windows XP. Any suggestions ? Does this make sense what I am saying? Richard L. Buskirk Senior Software Developer __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: encrypting long strings
Hi, Of course the randomly-generated symmetric key is not public! Otherwise, everyone can decrypt your data. The only thing that is public is the RSA public key. For decryption, you only need the RSA private key. It will be used to decrypt the symmetric key and then with the later you will decrypt your string. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi, > Thanks for the reply Phillip. One quick question. Is the > randomly-generated > key PUBLIC? I know the public RSA key to encrypt the key is public, but is > the randomly-generated key PUBLIC? > Thanks. > > On Thu, Jul 8, 2010 at 8:43 PM, Phillip Hellewell > wrote: > >> The general approach is to encrypt data using a symmetric cipher (e.g., >> AES-256) with a randomly-generated key, and then encrypt that symmetric >> key >> with the RSA (public) key. >> >> And for the symmetric encryption you'll also have to make a decision >> about >> what mode to use (ECB, CBC, CTR, etc). Whatever you do, don't use ECB >> :) >> >> Phillip >> >> >> On Thu, Jul 8, 2010 at 7:40 PM, Chuck Pareto >> wrote: >> >>> Is there an algorithm that I can use, similar to RSA with >>> public/private >>> key, that will allow me to encrypt really long strings (like an >>> email/text >>> file)? Actually no limit on the size would be ideal. >>> >> >> > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify certificate in c
Hi, Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your main and the certificate verification will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > > Hi, I'm a newbie user of OpenSSL. > I want to create a simple C program that verify a certificate chain like > this: > rootCA->CA-A->client > > i found this example on the internet that should work for two consecutive > certificate (but it doesn't work for me); i don't known how to create the > chain... > > [code] > #include > #include > #include > #include > #include > > int main(int argc,char **argv) > { > > int i; > FILE *fp; > X509 * cert; > X509_STORE_CTX csc; > char *strerr; > > fp = fopen ("ca-a-cert.pem", "r"); > cert = PEM_read_X509 (fp, NULL, NULL, NULL); > > X509_STORE *ctx=NULL; > ctx=X509_STORE_new(); > X509_STORE_load_locations(ctx, "cacert.pem", "./"); > > X509_STORE_set_default_paths(ctx); > > X509_STORE_CTX_init(&csc,ctx,cert,NULL); > > if (X509_verify_cert(&csc) != 1) { > strerr = (char *) X509_verify_cert_error_string(csc.error); > printf("Verification error: %s\n", strerr); > return 1; > } > X509_STORE_CTX_cleanup(&csc); > > } > [/code] > > the output is: Verification error: certificate signature failure > > "cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is > the CA-A cert. > > the certificate are good because i verify it by the bash command: openssl > verify -CAfile cacert.pem ca-a-cert.pem > > with output: > ca-a-cert.pem: OK > > any suggestion? > > p.s. sorry for my bad English :) > -- > View this message in context: > http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Compiling a native code using DES
Hi, libcrypto is enough for basic cryptographic operations like encryption/decryption with DES, AES, ...etc Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hello all, > > I have a C Code which is making use of DES.h in a JNI Environment. > I wanted to know if compiling this code with libcrypto will be enough or > it > will need libssl as well? > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: build an application with the openssl source code (not the shared libraries)
Hi Andrei, What about building the modified OpenSSL as static libraries and then link your apps with libcrypto.a and libssl.a? This way you will have no external dependency. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote: Hello, I have somewhat experience with OpenSSL, and I've setup a client and a server which use SSL connection objects to communicate, but what I want is to compile my applications with the openssl source code (for example in ssl) because I've added an extension to the code to allow me to send supplemental data during the handshake (via a tool named DAA toolkit) and I do not want to use the shared libraries. Basically, I'm adding new things to the OpenSSL source, and to run them I have to first build the shared libraries and then compile my programs (client/server) with -lssl, -lcrypto and so. I just want to compile my apps inside to openssl source, without any shared libraries, because otherwise I always have to replace the original libraries on other systems with the modified ones I have, in order to compile. Does anyone know how to do this? Right now, I'm looking into the config script, makefile... to see what should be changed. Do you know a faster solution? Thank you, Andrei D. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Integrating OpenSSL as a DLL in Windows
Hi Robert, Take a look at the OpenSSL.NET project on SourceForge : http://openssl-net.sourceforge.net/ They have implemented a managed wrapper around libeay32.dll and ssleay32.dll. I think this is what you are looking for. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/23/2010 8:23 AM, Strauch, Robert wrote: Hello, I've been using OpenSSL for quite a time but now it's time for me to integrate some functionality into my own application (C#). That is: decrypting with a private key and building hashsums. As far as I understood I need the libeay32.dll to achieve this. However I cannot find something like an API documentiation which describes how to call OpenSSL functions from this DLL. Could someone assist me in this? Sincerely, Robert __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: questions about RSASSA-PSS
Hi, The low-level functions RSA_padding_add_PKCS1_PSS and RSA_verify_PKCS1_PSS will get the job done. I have wrote last year a sample showing how they work. You can get it here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c . For high-level function (maybe EVP interface), I will let other give their hints. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2010 3:26 AM, 芦翔 wrote: > Hi all, > Could anybody please tell me the support status of RSASSA-PSS in openssl with > the version after 0.9.8l. If there is the implementation, could you please > tell me which functions I can call directly for my project purpose. Thank you > so much. > Regards,Xiang > _ > MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取! > http://kaba.msn.com.cn/?k=1 > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL with OpenPGP
Hi, I have written a small program that demonstrates how an RSA public key can be extracted from an OpenPGP public key file and used in OpenSSL. You can get the source from the following link : http://www.idrix.fr/Root/Samples/pgp_pubkey.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > > is there any way to use an OpenPGP public key with OpenSSL encryption ? > -- > View this message in context: > http://old.nabble.com/OpenSSL-with-OpenPGP-tp28707336p28707336.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Detect CRL format
Hi, One simple and efficient method to distinguish between PEM and DER encoding for a CRL or a certificate is to read the first byte : if it's equal to 0x30 then this DER (this is the start of an ASN.1 Sequence) , otherwise it is PEM encoded. This works ONLY if you are sure that the given file is either PEM or DER encoded and that the encoded object is an ASN.1 Sequence. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/3/2010 10:48 AM, Arunkumar Manickam wrote: Hi, Given a CRL file, how to detect its format. whether it is in PEM encoded format or ASN1. Thanks, Arun __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Crash bug in 0.9.8n
Hi, The crash occurs with 0.9.8 because it wrongly calls the function "close" instead of "closesocket" in order to release the client socket. In the 1.0.0 source, this has been corrected but the modification has not been back-ported to the 0.9.8 source tree. Also, the crash occurs only if you compile with a recent VC++ runtime (like VC2008 and VC2005). With VC6 no crash happens. This is because recent VC++ runtimes call a default handler when a CRT function receives an invalid parameter and this handler simply aborts the program execution. This behavior can be changed by setting a custom handler using the function _set_invalid_parameter_handler. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Thomas J. Hruska schrieb: >> Running 'openssl s_client' on 0.9.8n without any additional arguments >> crashes openssl.exe. >> > There is very different behavior between 0.0.8 and 1.0.0 on WinXP Pro SP3: > > openssl version > OpenSSL 0.9.8j 07 Jan 2009 > openssl s_client > Loading 'screen' into random state - done > connect: Bad file descriptor > connect:errno=10061 > > openssl version > OpenSSL 1.0.0 29 Mar 2010 > openssl s_client > Loading 'screen' into random state - done > connect: No error > connect:errno=0 > > its no problem for me. Just for information completion. > > regards, > Modem Man > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
Hi, Try adding the switch /Zi to the CFLAG in the makefile and rebuild the dlls. This is mandatory to create a full program database. I come across the same problem and I solved it with this. The perl scripts should be updated to include this flag for the debug build. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/25/2010 1:47 PM, Modem Man wrote: Dear readers, I know, it's great, sunny whether today, but may be someone would kindly help, anyway ;-) *Background:* I'm just debugging some problem around SSL_CTX_load_verify_locations() call in my particular environment. Since I'm not able to find the reason for: openssl.exe s_client -debug -state -connect 192.168.0.192:21 is always reporting: no peer certificate available, so I think it's best to step into SSL_CTX_load_verify_locations() and to see, what files and directories are _really_ tried to load and so on. *Problem:* But I can't step into _any_ BIO_xxx or SSL_xxx functions. VS2005 reports, it has the symbols: \Training\ssl1\debug\libeay32.dll', Symbols loaded. blahblah..\msvcr80d.dll', Symbols loaded. \Training\ssl1\debug\ssleay32.dll', Symbols loaded. *but on pressing F11 (step into), nothing happens!* Already copied all *.pdb to the same directory as my local copies of DLLs are located, also added \openss1_1.0.0.\out32dll to pdb search path. I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the 'no-asm' and 'debug' options. This created in ./out32dll aside others this: 08.04.2010 19:34 1.363.968 libeay32.dll 08.04.2010 19:34 315.392 ssleay32.dll 08.04.2010 19:34 771.324 libeay32.lib 08.04.2010 19:3456.834 ssleay32.lib 08.04.2010 19:34 1.944.576 libeay32.pdb 08.04.2010 19:34 420.864 ssleay32.pdb 08.04.2010 19:34 385 ssleay32.dll.manifest 08.04.2010 19:34 385 libeay32.dll.manifest 08.04.2010 19:34 466.605 libeay32.exp 08.04.2010 19:3434.068 ssleay32.exp One question: Is the file size okay for really being DEBUG versions? Any hint or help is highly appreciated by Modem Man __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible user error / memory leak using RSA_new() and RSA_free();
Hi, Remove the unecessary call to RSA_new and the memory leak will disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY) Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/19/2010 11:07 PM, Stuart Weatherby wrote: Hi List, I am trying to figure out why there is a memory leak using RSA_new& RSA_free: Below is a code sample (which will produce a memory leak) and the relevent valgrind output. I have checked the documentation but I still fail to see my error. As I understand the docuumentation, RSA_free() is the only required call to free memory allocated using the RSA_new() function. Thanks, Stuart int main (void) { FILE *fp; RSA *p = NULL; char *pt = "hi\0"; char pt_0 = *pt; int pt_len = strlen(pt); unsigned char *ct; int ct_len = 0; if ((p = RSA_new()) == NULL) return 1; if ((fp = fopen ("pub.key", "rb")) == NULL) return 2; if ((p = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL)) == NULL) { fclose(fp); return 3; } fclose(fp); ct = malloc(RSA_size(p)); if(RSA_public_encrypt(pt_len,(unsigned char *) pt,ct, p, RSA_PKCS1_OAEP_PADDING) == -1) return 4; free(ct); RSA_free(p); return 0; } Here is the valgrind output: ==2330== 528 bytes in 10 blocks are still reachable in loss record 2 of 2 ==2330==at 0x4A05809: malloc (vg_replace_malloc.c:149) ==2330==by 0x35156DAD51: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e) ==2330==by 0x351567EAC8: lh_new (in /lib64/libcrypto.so.0.9.8e) ==2330==by 0x351565B4C4: (within /lib64/libcrypto.so.0.9.8e) ==2330==by 0x351565B5E5: (within /lib64/libcrypto.so.0.9.8e) ==2330==by 0x351565B98A: (within /lib64/libcrypto.so.0.9.8e) ==2330==by 0x351566F9B3: RSA_new_method (in /lib64/libcrypto.so.0.9.8e) ==2330==by 0x40083D: main (rsatest.c:24) ==2330== ==2330== LEAK SUMMARY: ==2330==definitely lost: 168 bytes in 1 blocks. ==2330== possibly lost: 0 bytes in 0 blocks. ==2330==still reachable: 528 bytes in 10 blocks. ==2330== suppressed: 0 bytes in 0 blocks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openSSL and PKCS #12 certificates
Bon courage pour la suite! -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote: Merci beaucoup, Mounir, but I got the same error. Given the time constraints I have, I think my path moving forward is to try another library or two to see if I can find one that uses openSSL properly. Au plaisir, Remi. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: April 13, 2010 9:09 PM To: openssl-users@openssl.org Subject: Re: openSSL and PKCS #12 certificates Hi Remi, I don't know what the inputs of your python module are, but from the error message I guess that it's expecting the PEM file to contain also the certificate of the private key and the associated CA chain. For that, I advice you to replace the option "-nocerts" in your command line with "-nodes". Thus: - The output PEM file will contain the private key AND its certificate along with any associated CAs - You will not be asked for a password a second time because the private key in the output PEM file will be unencrypted. After that, you will have to open the output PEM file in a text editor in order to ensure that the certificate that comes just after the private key block is the one associated with the key and not a CA certificate ( a cut and past is almost necessary to put everything in the right order). I hope that with all this steps, you will finally be able to perform your client authentication. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote: Mounir, Thank you so much for your answer. I did extract the key into a pem file (using command: c:\openssl\bin\openssl pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect using the key file as output. It got further along in the process - I was prompted to enter my PEM pass phrase - but a different error came up: File "C:\python26\lib\ssl.py", line 113, in __init__ cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib Would you have any insight in regards to the problem here? I should also note that while I was creating the key file, I noticed that I was prompted to "Enter Import Password", but also to "Enter PEM pass phrase". Does this mean the private key found in the pfx file is actually in PEM format to begin with? Does this change your advice at all? Regards, Remi. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: April 13, 2010 11:29 AM To: openssl-users@openssl.org Subject: Re: openSSL and PKCS #12 certificates Hi, OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that contains functions for parsing and exporting private keys and certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse). Concerning the error you are getting, it appears that the phython module you are using is calling SSL_CTX_use_PrivateKey_file by giving it the PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. In order to correct this, you have two solutions : - Either feed the python module with the private key in a PEM file. - Or modify the source code of this python module in order to use the PKCS#12 functions I mentioned above to extract the private key as an EVP_PKEY and then call SSL_use_PrivateKey instead of SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting the associated certificate. The first solution is the easiest because you can simply use the OPENSSL command line utility in order to extract the private key and its certificate from the PKCS#12 file as PEM files and then give them as input to your python module. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote: Hello. I’ve been trying to setup client authentication using a PKCS #12 certificate, and I’ve been having some trouble. I’m trying to determine whether its because its something unsupported in openSSL, or if it’s a problem with the wrapper library I’m using (Python’s httplib). I’d appreciate it if anyone might be able to provide some insight. I’m getting an error raised by the openSSL library when the wrapper class is trying to instantiate and wrap a socket, and from what I’ve been able to gather to-date, the error appears to be coming from openSSL: Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Is PKCS #12 supposed to be supported by openSSL? I would guess yes; I dug around in the source and found that “PEM lib” is the error text for ERR_R_PEM_LIB
Re: openSSL and PKCS #12 certificates
Hi Remi, I don't know what the inputs of your python module are, but from the error message I guess that it's expecting the PEM file to contain also the certificate of the private key and the associated CA chain. For that, I advice you to replace the option "-nocerts" in your command line with "-nodes". Thus: - The output PEM file will contain the private key AND its certificate along with any associated CAs - You will not be asked for a password a second time because the private key in the output PEM file will be unencrypted. After that, you will have to open the output PEM file in a text editor in order to ensure that the certificate that comes just after the private key block is the one associated with the key and not a CA certificate ( a cut and past is almost necessary to put everything in the right order). I hope that with all this steps, you will finally be able to perform your client authentication. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote: Mounir, Thank you so much for your answer. I did extract the key into a pem file (using command: c:\openssl\bin\openssl pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect using the key file as output. It got further along in the process - I was prompted to enter my PEM pass phrase - but a different error came up: File "C:\python26\lib\ssl.py", line 113, in __init__ cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib Would you have any insight in regards to the problem here? I should also note that while I was creating the key file, I noticed that I was prompted to "Enter Import Password", but also to "Enter PEM pass phrase". Does this mean the private key found in the pfx file is actually in PEM format to begin with? Does this change your advice at all? Regards, Remi. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: April 13, 2010 11:29 AM To: openssl-users@openssl.org Subject: Re: openSSL and PKCS #12 certificates Hi, OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that contains functions for parsing and exporting private keys and certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse). Concerning the error you are getting, it appears that the phython module you are using is calling SSL_CTX_use_PrivateKey_file by giving it the PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. In order to correct this, you have two solutions : - Either feed the python module with the private key in a PEM file. - Or modify the source code of this python module in order to use the PKCS#12 functions I mentioned above to extract the private key as an EVP_PKEY and then call SSL_use_PrivateKey instead of SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting the associated certificate. The first solution is the easiest because you can simply use the OPENSSL command line utility in order to extract the private key and its certificate from the PKCS#12 file as PEM files and then give them as input to your python module. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote: Hello. I’ve been trying to setup client authentication using a PKCS #12 certificate, and I’ve been having some trouble. I’m trying to determine whether its because its something unsupported in openSSL, or if it’s a problem with the wrapper library I’m using (Python’s httplib). I’d appreciate it if anyone might be able to provide some insight. I’m getting an error raised by the openSSL library when the wrapper class is trying to instantiate and wrap a socket, and from what I’ve been able to gather to-date, the error appears to be coming from openSSL: Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Is PKCS #12 supposed to be supported by openSSL? I would guess yes; I dug around in the source and found that “PEM lib” is the error text for ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB in there. This gives me the impression that openSSL is incorrectly trying to load the PKCS #12 cert as a PEM cert, and thus the error – which leads me to believe that the wrapper library may not be calling openSSL properly, if PKCS #12 certificates should be supported. (Otherwise, why would openSSL be returning an error related to PEM certs and not PKCS #12 certs?) Can anyone tell me whether or not openSSL should be able to work with PKCS#12 certs? Any advice anyone might have is welcome. (Sorry if this is vague; this is the fi
Re: openSSL and PKCS #12 certificates
Hi, OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that contains functions for parsing and exporting private keys and certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse). Concerning the error you are getting, it appears that the phython module you are using is calling SSL_CTX_use_PrivateKey_file by giving it the PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. In order to correct this, you have two solutions : - Either feed the python module with the private key in a PEM file. - Or modify the source code of this python module in order to use the PKCS#12 functions I mentioned above to extract the private key as an EVP_PKEY and then call SSL_use_PrivateKey instead of SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting the associated certificate. The first solution is the easiest because you can simply use the OPENSSL command line utility in order to extract the private key and its certificate from the PKCS#12 file as PEM files and then give them as input to your python module. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote: Hello. I’ve been trying to setup client authentication using a PKCS #12 certificate, and I’ve been having some trouble. I’m trying to determine whether its because its something unsupported in openSSL, or if it’s a problem with the wrapper library I’m using (Python’s httplib). I’d appreciate it if anyone might be able to provide some insight. I’m getting an error raised by the openSSL library when the wrapper class is trying to instantiate and wrap a socket, and from what I’ve been able to gather to-date, the error appears to be coming from openSSL: Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Is PKCS #12 supposed to be supported by openSSL? I would guess yes; I dug around in the source and found that “PEM lib” is the error text for ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB in there. This gives me the impression that openSSL is incorrectly trying to load the PKCS #12 cert as a PEM cert, and thus the error – which leads me to believe that the wrapper library may not be calling openSSL properly, if PKCS #12 certificates should be supported. (Otherwise, why would openSSL be returning an error related to PEM certs and not PKCS #12 certs?) Can anyone tell me whether or not openSSL should be able to work with PKCS#12 certs? Any advice anyone might have is welcome. (Sorry if this is vague; this is the first time I dig into the openSSL project.) The certificate appears correct, as I’ve tested it by adding it to MSIE and Firefox and I’m able to connect to the server. Regards, Remi. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decrypting with key and initialization vector don't decrypt the first 8 bytes?
Hi, When you encrypted data with a password using openssl command line, the first 16 bytes of the output are actually a header of the form 'Salted__' where the last 8 bytes represent the salt used to derive the key and the IV. So, from here you have to choices : - decrypt the encrypted file using the same password. In this case, openssl will use the header to compute the key and the IV and then decrypt the remaining data. - discard the first 16 bytes of the encrypted file and then give openssl the value of the key and the IV in order to decrypt the remaining data. As a rule, if you encrypt using a password, you should decrypt using a password and if you encrypt using a specific key and IV, then you should decrypt using the same key and IV: You can't mix the two approaches without extra processing. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hello everybody and thank you all for reading. > > I'm doing some experiments with blowfish and triple DES ciphers. > I'm encrypting some text files; using a password to generate the key > and the IV; while using the "-p" option to let openssl show me the > salt, the key and the IV onscreen. > > As far as I've understood I could decrypt the output encrypted file > just supplying the key and the IV. > And actually if I do that, that is ALMOST what I get. But, the first > eight characters of the source file didn't get decrypted, or at least > they doesn't apparently get decoded correctly: I got a bunch of > unreadable binary bytes instead. > > Here's what I did: > $ openssl enc -bf -in source.txt -out encrypted -p > > enter bf-cbc encryption password: > Verifying - enter bf-cbc encryption password: > salt=FF01D744C268C056 > key=22153E114FB3C2873BAE05873AFBD19C > iv =F68A9A229A516752 > > Then if I try to decode the encrypted file with: > > openssl enc -d -bf -in encrypted -K 22153E114FB3C2873BAE05873AFBD19C > -iv F68A9A229A516752 > > Then the output *of the first eight bytes* isn't even ASCII so I can't > paste it here! The rest of the file is perfectly decrypted though. I > tried with files of various length and they are all decrypted > perfectly but the first chars. > > I tried with versions 0.9.8g (19 Oct 2007) and 0.9.8k (25 Mar 2009) > with the same results. Using des3 in place of bf doesn't change that > behaviour too. > > Please kindly help me to understand what I'm missing. Thank you SO much! > -- > Alfredo Belmonti > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: pkcs7 cert loading, why this code doesn't work?
Hi, There are two bugs in your code: First, you only need calls to BIO_read not BIO_write, and in order to avoid the crash you have to pass a pointer equal to &inbuf instead of &inbuf directly because d2i_PKCS7 increment the pointer internally. So, a more correct version of the code will be : BIO *bio, *b64; char inbuf[4096]; int inlen = strlen(a); char* ptr = &inbuf[0]; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio = BIO_push(b64, bio); inlen=BIO_read(bio, inbuf, 4096); p7 = d2i_PKCS7(NULL, &ptr, inlen); I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/3/2010 3:06 AM, sean wang wrote: Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason in the second half): BIO *bio, *b64; PKCS7 * p7; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); p7 = d2i_PKCS7_bio(bio, NULL); However, for some interface reasons, I need to pass pass in a base64 decoded blob to a legacy function, so i tried the following code: BIO *bio, *b64, *bio_out; char inbuf[4096]; int inlen = strlen(a); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); while((inlen=BIO_read(bio, inbuf, 4096))>0) BIO_write(bio_out, inbuf, inlen); p7 = d2i_PKCS7(NULL,&inbuf, inlen); now this code fails with a segment fault. So my question is, if i really need to get the based64 decoded blob of a pkcs 7 cert, what is the right way? (because the first code worked, I assume the base64 decoding worked fine, but I can't pull the data out of 'bio' variable, appears there the data is still base64 encoded. how can i get the correct decoded blob?) test cert I used: char cert[] = "MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\ 2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\ AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\ VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\ DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\ BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\ CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\ bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\ dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\ wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\ 9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\ AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\ BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\ ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\ aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\ kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\ OUP4KRvWhjC/AKEAMQA="; _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help on: openssl pkcs12 --- avoid or in batch mode
Hi John, I have already answered your question twice on the list but it seems that you didn't receive them for an unknown reason. Look at the link below of OpenSSL list archive to reader what I wrote : http://marc.info/?t=12690119749&r=1&w=2 Have a nice day, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/24/2010 3:14 PM, John Chen wrote: Hi guys, I am still searching for the answer of batch mode on openssl pkcs12 but no luck. Is anyone can help me a work around way to avoid Enter Export Password: Verifying - Enter Export Password: Above to prompts. Thanks John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Chen Sent: Monday, March 22, 2010 10:01 AM To: openssl-users@openssl.org Subject: Need help on: openssl pkcs12 --- avoid or in batch mode Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name "xx" It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help on: openssl pkcs12 --- avoid or in batch mode
Hi John, I have already answered your question on the list two days ago. Here is what I wrote : To avoid the password prompt, you can add the argument "-password pass:" to the command line. This will use an empty password for the PKCS12 file. For a non empty value, for example 1234, use "-password pass:1234" instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/22/2010 3:00 PM, John Chen wrote: Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out new.p12 -export -name "xx" It will prompt user for: Enter Export Password: Verifying - Enter Export Password: Is anyway I can manipulate or default or void those two prompts since those prompts useless in here. I checked pkcs12 command options seems there is no batch mode. I also tried using wrapping script but no help either. Thanks in advance. John -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, March 20, 2010 2:21 PM To: openssl-users@openssl.org Subject: Re: Apache client certificate authentication On Sat, Mar 20, 2010, Graham Leggett wrote: On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: need help on: openssl pkcs12 --- avoid or manipulate propmpts
Hi John, To avoid the password prompt, you can add the argument "-password pass:" to the command line. This will use an empty password for the PKCS12 file. For a non empty value, for example 1234, use "-password pass:1234" instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi, > > Is anyone run through the same issue I have, please help me out. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile . It will prompt user for: > Enter Export Password: > Verifying - Enter Export Password: > > Is anyway I can manipulate or default or void those two prompts since I don't need those prompts. > > Thanks in advance. > > John > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify with RSA Public Key Fails
Hi Paul, You say that the exponent is 1024 bit long. This means you are using the private exponent because usually the public exponent is much smaller: typically the public exponent is 3 or 65537. So in order to construct your RSA public key, replace the value of the private exponent you are using by the value of the corresponding public exponent. If my guess is correct, then you should be able to verify the signature correctly. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/27/2010 3:00 AM, Paul Suhler wrote: Hi, everyone. In Openssl 0.9.8i, I'm trying to take an RSA public exponent and public modulus, assemble them into an RSA key, and use that to verify a signature for a message. However, EVP_VerifyFinal() always fails, apparently because of the wrong use of padding. My code: RSA * RsaKeyPtr = RSA_new(); EVP_PKEY * EvpKeyPtr = EVP_PKEY_new(); RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); // Public modulus n RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); // Public key exponent e EvpKeyPtr->type = EVP_PKEY_RSA; if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr)) { EVP_MD_CTX_init(&MDContext); if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL)) { if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength)) { if(EVP_VerifyFinal(&MDContext, SignaturePtr, SignatureLength, EvpKeyPtr)) { ... The call stack looks like: RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); ... RSA_eay_public_decrypt() RSA_padding_check_PKCS1_type_1() and that last function fails. Am I assembling the RSA key incorrectly? The modulus and exponent are each 1024 bits long and the message and signature are each 128 bytes long Thanks very much, Paul *___ Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |* Office:* 949.856.7748 | _paul.suh...@quantum.com_ <mailto:paul.suh...@quantum.com> The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt. -- -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unable to decrypt without Chinese Remainder Theorem factors ?
Hi, The problem that you are encountering comes from the fact that the function d2i_RSAPrivateKey, that create the key from the PEM content, will allocate the p, q, dmp1, dmq1 and iqmp fields and set them to zero, which is normal since this is their value on the PEM file. But then, the function RSA_eay_private_decrypt will fail with the error you are getting because it only tests for NULL pointers for the CRT fields not doesn't check if they are zeros. You have two options here : - use a patched version of OpenSSL where the implementation of RSA_eay_private_decrypt test for NULL pointers and zeros BIGNUMs - convert your keys to CRT format. For the later, I have developed an open source tool that converts private keys from SFM format (modulus, private exponent, public exponent) to CRT format. It's locate on SourceForge : http://rsaconverter.sourceforge.net/. It uses OpenSSL BIGNUM implementation. Especially, you can look at the file librsaconverter.c for the function SfmToCrt where the conversion algorithm is implemented. For the first option, I can send you a patch for RSA_eay_private_decrypt but it's easy to do (just add tests !BN_is_zero between lines 534 and 539). I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/8/2010 10:12 AM, JB Van Puyvelde wrote: Hi, I would like to import and use in OpenSSL RSA key pairs generated by an other program. This program can export public and private keys to PEM files, with X509 and PKCS#7 specifications. But, the private key doesn't contain Chinese Remainder Theorem factors, only the private exponent and the modulus. So, I'm able to encrypt a file with the public key : C:\openssl rsautl -encrypt -inkey pub.pem -pubin -in hello.txt -out hello.enc Loading 'screen' into random state - done But, trying to decrypt causes the following error : C:\openssl rsautl -decrypt -inkey priv.pem -in hello.enc -out result.txt Loading 'screen' into random state - done RSA operation error 2548:error:0306B067:bignum routines:BN_div:div by zero:.\crypto\bn\bn_div.c:213: I suppose the error comes from the fact that openssl.exe tries to use the CRT factors to decrypt the file. Could you confirm this ? And of course, is there any way to make works decryption with my keys ? Currently, I'm thinking about three possible solutions : 1) find a way to generates CRT factors from modulus and private exponent (but I don't know if it's possible) 2) could the use of the RSA C functions, instead of the openssl binary, solve the problem, because http://openssl.org/docs/crypto/rsa.html says "p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the RSA operations are much faster when these values are available." ? 3) and last, generate the keys with OpenSSL, but honestly I would really appreciate to not have to do that and continue to generate key pairs with my first program. An example of key pair is attached with this e-mail. And for those who knows, the first program is coded Java, the private key comes from the PrivateKey class and is exported to PEM file with the PemWriter class of BountyCastle. Thanks, JB -- -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL Ca
Hi, What mail client are you using under Windows? Each mail client has its own storage for private keys (Thunderbird uses local NSS key storage, Outlook uses CSP and IE certificate store). So, since you generated the key outside the scope of the mail client, you will certainly have to create a PKCS#12 file (called also PFX under Windows) containing your private key and its signed certificate and then import this file into your mail client's key storage (for Outlook, you'll have to install the PFX by double-clicking on it). So, everything depends on your mail client and how it will access your private key. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/12/2010 12:35 PM, Anton Xuereb wrote: Hi, I'm trying to create a private CA with openssl for my enterprise. I have generated the CA private key and certificate. I have created a key pair and a certificate signing request from a windows pc using kleopatra (key management utility that comes with winpgp). I signed the request with the CA's key and sent the signed certificate to the windows pc and imported the certificate. I exported the public key which I sent to my laptop. I imported the certificate of my CA into my mail client and trusted it. I then imported the public key as exported from the windows pc. It is imported but instead of being put into the People category it's sent in the Others section as it apparently does not fit in any of the other categories. I am therefore unable to send encrypted mail to the windows pc using it's public key as my client will not use it to encrypt. The following are the commands I used in order to get to this point: In order to generate the private key and ca certificate: # openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca -keyout private/myca.key -out certs/myca.crt -days 1825 I converted the request from DER to PEM format using: openssl req -in datareq.p10 -inform der -out datareq.csr In order to sign the request: # openssl ca -config openssl.my.cnf -policy policy_anything -in datareq.csr I'm at a loss at the moment so any help would be appreciated. Thanks , Anton -- -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: About Crypto Library usage and...
Hi, OpenSSL can definitely be used to implement a port of Crypto API under Linux but I advise you to take a look at Winelib from the "Wine" project (http://www.winehq.org/winelib). They have implemented, among other things, the whole Crypto API functions along with MS CSPs. Although it's not based on OpenSSL (they use LibTomCrypt and GnuTLS), it's very stable and easy to use in order to port existing Crypto API code. In order to show this, I have written a CryptAPI sample that performs RSA key generation, hashing and signature computation along with the Linux makefile that enables to compile it using Winelib. You can get it from the following link : http://www.idrix.fr/Root/Samples/capi_wine.tar.gz (Just type make after decompressing) Under Debian, you get Winelib by typing "apt-get install libwine-dev" and under Ubuntu you've to type "apt-get install wine-dev". I hope this will help. Cheers -- Mounir IDRASSI IDRIX http://www.idrix.fr Gaurav Kumar wrote: Hi, I want to port few MS Crypto Api's on Linux. Here are api's which i want to port. CryptSetKeyParam CryptDecrypt CryptEncrypt CryptGetKeyParam CryptHashData CryptCreateHash I want to use the same parameters used for encryption and decryption on windows. For e.g. CryptDecrypt uses parameters: hkey ---key to use for the decryption. hHash --- Hash handle MD5 or SHA1. dwFlag-For padding pbData --- Data to decrypt. pdwDatalength -- Size of data to decrypt. Can this be possible using Crypto Library? Which Crypto Api's in Linux uses key, MD5 or SHA1 and padding to decrypt and encrypt the data? Thanks, Gaurav __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Padding mode for RSA_private_decrypt()...
Hi, Take a look at function get_client_master_key in the file s2_srv.c, and specifically at the line where a call to ssl_rsa_private_decrypt is made : in it, the decision to use RSA_PKCS1_PADDING or RSA_SSLV23_PADDING is made depending on the value of the member ssl2_rollback of the ssl2_state_st structure. This member is set in the function ssl23_get_client_hello in the file s23_srv, depending on the options of the SSL options. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: "Michael S. Zick" wrote in message The padding is added to the **plain text** After decryption, the server can determine the padding present. I'm writing a server and I usually just call RSA_private_decrypt(..., RSA_PKCS1_PADDING). Everything works fine most of the time but sometimes I get that error. In your last sentence, did you mean that the server can determine the padding mode? If so, how? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Padding mode for RSA_private_decrypt()...
Hi, Which version of SSL/TLS are you talking about? To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2 padding (in case of SSL V2 rollback, that last eight padding bytes are not random and are set to 0x03 but this special case is detect at the protocol level). Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: "Mounir IDRASSI" wrote in message ... You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear text without having access to the private key!! Okay, but the SSL client uses RSA_public_encrypt() with a padding value that is unknown to the SSL server, which uses RSA_private_decrypt() later on. How can the SSL server know in advance what padding mode the SSL client is going to use? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Padding mode for RSA_private_decrypt()...
Hi, You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear text without having access to the private key!! Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: How can I tell what the padding mode was before I attempt to decrypt data. For example, when I use RSA_private_decrypt(encsize, encdata, decdata, privkey, RSA_PKCS1_PADDING) I sometimes (but not always) get the following error: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Verification
Hi, In order to help you further, can you post : - The data to be hashed which is the content of your variable xmlDat - The signature to be verified which is the content of your variable sigDat (maybe it's what you posted first) - The public key that will be used for the verification - The endianess of the the signature. It should be big endian as expected by OpenSSL And just one last confirmation : In your first email, you posted some BASE64 data that you say is the signature. This data is 512 bytes long. So this would mean that the key used is a 4096 bit RSA key. Is this correct? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jim Welch wrote: Hello Again, The code is there to check for a non-null pkey. It wasn't copied to keep the original message shorter. I've now made sure that I've Base64'd the xml string and Base64'd the signature string. These are what I'm giving to the EVP_VerifyUpdate and EVP_VerifyFinal. Still not verifying. Thanks Again, Jim - Original Message - From: "Mounir IDRASSI" To: Sent: Friday, November 06, 2009 5:11 PM Subject: Re: Signature Verification Hi, You must also handle BASE64 decoding in EVP_VerifyUpdate not only EVP_VerifyFinal. Those two functions must have as input the byte arrays that represent the binary data and the binary signature respectively. Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then everything is OK with the public key and you don't have to worry. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jim Welch wrote: Hi, Thank you for the response. It was sha512 not 256. I changed it to EVP_sha512 in the code but it still won't verify. On the verify final, I've tried it both with and without a Base64 converted string (and corresponding length). I'm not sure from what I've read if the PEM_read_PUBKEY does a Base64 conversion on the Public Key or not and I'm not sure where to look in the pkey to find out. Jim - Original Message - From: "Mounir IDRASSI" To: Sent: Friday, November 06, 2009 3:55 PM Subject: Re: Signature Verification Hi, In your description you say that the signature was created with SHA256 but in your code you are using SHA-1 through EVP_sha1. Replace this with EVP_sha256 to have a correct processing. Also, your data seems to be BASE64 encoded and you are computing the digest directly on the BASE64 string. You should convert this BASE64 string to the corresponding byte array and then compute the digest on this byte array. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jim Welch wrote: Hello, I've been trying to verify the signature from the following xml data: 1.0EC1000-090001800:54:66:18:3A:40code="impedance">2000-01-012099-12-31code="multimeter">2000-01-012099-12-31code="sulfation">2000-01-012099-12-31AA80A2A7119FD4F1C122080E1AD17490 using this signature: C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2 dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo= These two strings above are being sent from a server as one file which I parse into the two separate strings making sure white space has been removed from the xml as that was how it was signed. The signature was created with RSA & SHA512. I'm using a C program to verify and have tried numerous attemps with no sucess. The openssl release is 0.9.8k. The vars sigDat and xmlDat are the respective strings. The code is as follows (some parts left out for simplicity): fp = fopen (filePubKey, "r"); pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL); EVP_VerifyInit (&md_ctx, EVP_sha1()); EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat)); err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey); EVP_PKEY_free (pkey); Any ideas as to what is wrong. Another part of the project here involves java and the programmer working on that says that he can verify the signature so I know that the data is correct. Thank You, Jim Welch __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org
Re: export custom key in a PEM format
Hi, First, you must define a format for the PEM encoding/decoding. If you don't have any interoperability constraints, you can choose a simple format consisting of Sequence that contains two integers. For that, I have written a sample that implements PEM reading/writing for this simple format. Most of the work is done by the macros DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source code from the following link : http://www.idrix.fr/Root/Samples/custom_pem.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr denot...@libero.it wrote: > Hi all > > I'm working with ID-based signature (SHAMIR 84) and I create a struct > as below: > > struct sign > { > BIGNUM *s; > BIGNUM *d; > } > > How do I export this key into > a file in a PEM format?? > > Thanks in advance > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: aes_256_cbc decryption
Hi, There is a confusion in your code between byte buffers and their HEX representation. You should work directly with buffer without trying to access them as strings. This will solve all your problems. So, change the implementation of your function MD5_hash to put the hash directly into the chash parameter without converting it to ASCII and never call printf directly on byte arrays. Once you have done these changes and if you still have errors, post your code and we will try to help you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Mounir IDRASSI wrote: Hi, There are two main mistakes in your code: - The output of the MD5 is 16 bytes long but you are allocating 8 bytes only. This will cause memory corruption. - AES-256 expects the key to be 32-bytes long but you want to use an MD5 digest as a key which is only 16-bytes. You should use SHA-256 instead for this purpose. 1. I tried to allocate more, but got some extra-symbols returned with the hash char *chash = (char*)malloc(16); MD5_Hash(pass, chash); printf("%s \n", chash); returned: "Р♥>3dd0cd797a7399b56c470612887108eb" 2. Just for the test I doubled my MD5 digest and send it to Decryption function and got the same sad result new ctext = "fdfb4ca253caf79c683b85787de8d094" as you can see it remains the same after doubling the hash -- CODE -- // double the key char hash[65] = {0}; int i; for (i = 0; i <= 64; i++) { if (i >= 32) hash[i] = chash[i-32]; else hash[i] = chash[i]; } hash[65] = '\0'; printf("%s \n", hash); -- CODE -- Result: [*] decryption result ae e3 27 62 c8 8a 9a 76 0b 67 73 1e 17 f8 dc ca оу'b╚КЪv♂gs▲↨°▄╩tСTUT*ыьЫuУ{╧$Qо 3. I also changed a little my Decryption code: -- CODE -- int templen; EVP_DecryptFinal(&ctx, outbuf + outlen, &templen); outlen = outlen + templen; -- CODE -- SO -- CODE -- for(i = 0; i < outlen; i++) printf("%02x ", outbuf[i]); -- CODE -- Now works fine __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: aes_256_cbc decryption
Hi, There are two main mistakes in your code: - The output of the MD5 is 16 bytes long but you are allocating 8 bytes only. This will cause memory corruption. - AES-256 expects the key to be 32-bytes long but you want to use an MD5 digest as a key which is only 16-bytes. You should use SHA-256 instead for this purpose. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Hello, I wrote a source for encrypting and decrypting some text data with aes_256_cbc: -- CODE -- void aes256cbc_encrypt(char *text, char *hkey) { int i, outlen; unsigned char *outbuf = (unsigned char*)malloc(1024); unsigned char *inbuf = (unsigned char*)text; int inlen = strlen(text); unsigned char *key = (unsigned char*)hkey; //unsigned char key[] = "somevalue"; EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; EVP_CIPHER_CTX_init(&ctx); cipher = EVP_aes_256_cbc(); EVP_EncryptInit(&ctx, cipher, key, NULL); EVP_EncryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen); EVP_EncryptFinal(&ctx, outbuf + outlen, &outlen); for(i = 0; i < outlen; i++) printf("%02x", outbuf[i]); EVP_CIPHER_CTX_cleanup(&ctx); free(outbuf); } int aes256cbc_decrypt(char *ctext, char *hkey) { int i, outlen; unsigned char *outbuf = (unsigned char*)malloc(1024); unsigned char *inbuf = (unsigned char*)ctext; int inlen = strlen(ctext); unsigned char *key = (unsigned char*)hkey; printf("cyphered text = %s\nhashed key = %s\n", ctext, hkey); EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; EVP_CIPHER_CTX_init(&ctx); cipher = EVP_aes_256_cbc(); EVP_DecryptInit(&ctx, cipher, key, NULL); EVP_DecryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen); EVP_DecryptFinal(&ctx, outbuf + outlen, &outlen); printf("\n[*] decryption result\n"); //for(i = 0; i < outlen; i++) printf("%02x", outbuf[i]); for(i = 0; i < 16; i++) printf("%02x", outbuf[i]); printf("\n%s \n", outbuf); EVP_CIPHER_CTX_cleanup(&ctx); free(outbuf); } main () { char *pass = "testtesttesttest"; char *text = "testtesttesttest"; char *ctext = "fdfb4ca253caf79c683b85787de8d094"; // generating MD5 hash char *chash = (char*)malloc(8); MD5_Hash(pass, chash); //aes256cbc_crypt(text, chash); aes256cbc_decrypt(ctext, chash); } -- CODE -- My questions concerning decryption are: 1. why don't I get outlen value? 2. why don't I get plaintext value after decryption (must be "testtesttesttest") __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Compile dlls with Borland compiler OR avoid using VC 2008 Redistributable
Hi, You can build OpenSSL dlls that don't require runtime redistribuable using MS Visual Studio. For that, follow the build instruction and before calling nmake -f ms\ntdll.mak, edit the file ntdll.mak and replace the switch /MD by /MT. After the build, you will have dlls that are statically linked to the MS CRT and so they don't require any reditribuable on the target machine. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Max Terentiev wrote: Hi, I suspect BC will have its own runtime libraries to provide similar generic C runtime functionality. Yes, but BC can link it inside output .dll. MS VS should link to but I don't know what compiler option must be set for it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: about the big number xor
Hi, There is no explicit function for this but you can use the function BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials, the addition is a simple bitwise XOR. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr jaze lee wrote: > I want to implement xor function of large number . I do not know > whether the similar function is already been implemented. If so, where > i can find it . And if not i have to try , thank you ! > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org