Re: SSL_CTX_new() failing when i try to do connect the server third time.
Hello, # openssl errstr 140A90F1 error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/22/2013 06:00:37 PM: Venkataragavan Vijayakumar venkataragava...@gmail.com Sent by: owner-openssl-us...@openssl.org 04/22/2013 06:31 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, cc Subject SSL_CTX_new() failing when i try to do connect the server third time. Hi All, I am using openssl for the HTTPS connection asyncronously. whenever i need to send a HTTPS request , i will create a new SSL connection with the server, i never use the same connection, since the server is not supporting it. so for every request the SSL_CTX_new() will be called, in the third time , i am getting the error: error:140A90F1:lib(20):func(169):reason(241) Please help me to solve this issue. Thanks, Venkat. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RFC 2246
Hello, Output from attached code: admin# ./mcl_tls1_PRF 0x8b 0x13 0xc7 0x58 0xc3 0x4f 0x99 0x3a 0x18 0x7d 0x29 0x45 0xed 0x5b 0x69 0x1d Best Regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/11/2013 09:48:51 PM: Sergei Gerasenko ser...@publicschoolworks.com Sent by: owner-openssl-us...@openssl.org 04/12/2013 11:57 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, cc Subject RFC 2246 Hello, Does anybody have sample input and output for the tls1_PRF function which is described in RFC 2246? I've used several implementations of it including the one from openSSL and I'm not sure if what I'm getting is right -- and all of them return something different. Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org mcl_tls1_PRF.c Description: Binary data
Re: RFC 2246
Hello, In your code in main() function change line: sha=EVP_sha(); to: sha=EVP_sha1(); and lines: char *label = 1234567890; int label_len = 10; to: char *label = 1234567890xyz; int label_len = 13; In OpenSSL code label is equal label+seed in main code. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/12/2013 06:36:49 PM: Sergei Gerasenko ser...@publicschoolworks.com Sent by: owner-openssl-us...@openssl.org 04/12/2013 08:14 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, cc Subject Re: RFC 2246 But... your results are the same as those of tls_prf_sha1_md5 which I took from the code of wpa_supplicant (sha1-tlsprf.c) So which result is right? :) On Fri, Apr 12, 2013 at 04:04:20PM +0200, marek.marc...@malkom.pl wrote: Hello, Output from attached code: admin# ./mcl_tls1_PRF 0x8b 0x13 0xc7 0x58 0xc3 0x4f 0x99 0x3a 0x18 0x7d 0x29 0x45 0xed 0x5b 0x69 0x1d Best Regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/11/2013 09:48:51 PM: Sergei Gerasenko ser...@publicschoolworks.com Sent by: owner-openssl-us...@openssl.org 04/12/2013 11:57 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, cc Subject RFC 2246 Hello, Does anybody have sample input and output for the tls1_PRF function which is described in RFC 2246? I've used several implementations of it including the one from openSSL and I'm not sure if what I'm getting is right -- and all of them return something different. Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Fw: Question on enhancing OpenSSL logs
Hello, This looks like declaration mismatch, you should send more info (used compilers, environment), maybe simple test code. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/21/2012 02:52:15 PM: grajapra...@inautix.co.in Sent by: owner-openssl-us...@openssl.org 05/21/2012 04:51 PM Please respond to openssl-users@openssl.org To marek.marc...@malkom.pl cc openssl-users@openssl.org, openssl-...@openssl.org Subject Fw: Question on enhancing OpenSSL logs Hi Marek, Thanks for the snippet. Its working in dev. But however its failing in one of our test regions with a compilation error as below. Cannot assign extern C void(*)(ssl_st*,int,int) to extern C void(*)() at a line where we have SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb); We are doing the same as mentioned in the below mail chain. Can you pleas help us in resolving this. Thanks in advance. Thanks Gogula Krishnan Rajaprabhu - Forwarded by Karthikeyan Thirumal/Chennai/iNautix on 05/17/2012 12:49 PM - marek.marc...@malkom.pl Sent by: owner-openssl-us...@openssl.org 05/16/2012 09:12 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc openssl-...@openssl.org, openssl-users@openssl.org, owner-openssl-us...@openssl.org Subject Re: Question on enhancing OpenSSL logs Hello, You may trace connect/accept progres defining some callback function: /** * SSL connection info callback. * * @paramssl SSL connection socket * @paramtypeconnection type * @paramval connection info * @return none */ static void ssl_connection_info_cb(const SSL * ssl, int type, int val) { if (type SSL_CB_LOOP) { log_tra(ssl_state: %s: %s, type SSL_ST_CONNECT ? connect : type SSL_ST_ACCEPT ? accept : undefined, SSL_state_string_long(ssl)); } if (type SSL_CB_ALERT) { log_tra(ssl_alert: %s:%s: %s, type SSL_CB_READ ? read : write, SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val)); } } and at library initialization set this callback: /* callback for connection information on SSL/TLS session negotiation */ SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb); Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/16/2012 05:15:40 PM: kthiru...@inautix.co.in Sent by: owner-openssl-us...@openssl.org 05/16/2012 05:25 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, openssl-...@openssl.org cc Subject Question on enhancing OpenSSL logs Team I have a query on enhancing the OpenSSL logs, As you know, SSL_accept is just one call using SSL library for an SSL handshake, but there are couple of steps inside this process like Client Hello / Server Hello, etc. What if i need to find the internal failures in SSL handshake ? Is there any openssl debug option available where the SSL library is capable of logging additional info ? We already have a series of error cases handled for SSL handshake, but they are pre- defined by OpenSSL and they do not speak on where they failed, err = SSL_accept((SSL *)SockObj-SSLCtx); if(err=0){ err=SSL_get_error((SSL *)SockObj-SSLCtx,err); switch(err){ case SSL_ERROR_NONE: case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_CONNECT: case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: } } Can you shed some lights here ? Thanks Regards Karthikeyan Thirumal ** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore
Re: Question on enhancing OpenSSL logs
Hello, You may trace connect/accept progres defining some callback function: /** * SSL connection info callback. * * @paramssl SSL connection socket * @paramtypeconnection type * @paramval connection info * @return none */ static void ssl_connection_info_cb(const SSL * ssl, int type, int val) { if (type SSL_CB_LOOP) { log_tra(ssl_state: %s: %s, type SSL_ST_CONNECT ? connect : type SSL_ST_ACCEPT ? accept : undefined, SSL_state_string_long(ssl)); } if (type SSL_CB_ALERT) { log_tra(ssl_alert: %s:%s: %s, type SSL_CB_READ ? read : write, SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val)); } } and at library initialization set this callback: /* callback for connection information on SSL/TLS session negotiation */ SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb); Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/16/2012 05:15:40 PM: kthiru...@inautix.co.in Sent by: owner-openssl-us...@openssl.org 05/16/2012 05:25 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org, openssl-...@openssl.org cc Subject Question on enhancing OpenSSL logs Team I have a query on enhancing the OpenSSL logs, As you know, SSL_accept is just one call using SSL library for an SSL handshake, but there are couple of steps inside this process like Client Hello / Server Hello, etc. What if i need to find the internal failures in SSL handshake ? Is there any openssl debug option available where the SSL library is capable of logging additional info ? We already have a series of error cases handled for SSL handshake, but they are pre- defined by OpenSSL and they do not speak on where they failed, err = SSL_accept((SSL *)SockObj-SSLCtx); if(err=0){ err=SSL_get_error((SSL *)SockObj-SSLCtx,err); switch(err){ case SSL_ERROR_NONE: case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_CONNECT: case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: } } Can you shed some lights here ? Thanks Regards Karthikeyan Thirumal ** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Are those TLS-SRP cipher suites supported?
Hello, $ openssl version OpenSSL 1.0.0 29 Mar 2010 $ openssl ciphers -V Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/13/2012 12:57:40 PM: Krzysztof Jercha nefa...@gmail.com Sent by: owner-openssl-us...@openssl.org 05/14/2012 01:46 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org openssl-users@openssl.org cc Subject Are those TLS-SRP cipher suites supported? Does OpenSSL support these cipher suites (TLS-SRP)? 0xc0, 0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA 0xc0, 0x1d TLS_SRP_SHA_WITH_AES_128_CBC_SHA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Looking for (easy) help.
Hello, Do not pad with spaces, look at: http://en.wikipedia.org/wiki/Padding_%28cryptography%29 Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/11/2012 11:08:52 PM: scott...@csweber.com Sent by: owner-openssl-us...@openssl.org 05/11/2012 11:11 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: Looking for (easy) help. Thanks for your reply, but that's not doing it. I manually padded the input in the C code with spaces. Then I manually padded the input file with spaces. Now both cleartexts are exactly 16 bytes long. The output from the openssl executable is now 32 bytes...? Where did it decide to do that? The API call has a value of 16 in your code, which matches the cleartext in your code. So what is going on? So, what do I decide how to pad? How far out do I pad it? I've been trying different combinations for two days, a lot more test configurations then you would like to see me post here. Under no condition can I get an output from the API that matches the output from the openSSL executable. Nor can I get the executable to decrypt any data from theAPI calls. Original Message Subject: Re: Looking for (easy) help. From: marek.marc...@malkom.pl Date: Fri, May 11, 2012 10:15 am To: openssl-users@openssl.org Cc: openssl-users@openssl.org, owner-openssl-us...@openssl.org Hello, Parametr -nosalt is not used in this case. I have attached my test code, to use this example save file aes_enc.c and execute: # gcc -Wall -pedantic -o aes_enc -lcrypto aes_enc.c # ./aes_enc | od -x 000 e61f b8eb c202 6df8 4cc4 631e 4bf2 dedd 020 # ./aes_enc enc.bin # openssl aes-256-cbc -in enc.bin -K 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -iv 000102030405060708090A0B0C0D0E0F -d marek I other words, when you prepare source buffer for excryption you shoud manualy pad this data. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/11/2012 03:43:01 PM: scott...@csweber.com Sent by: owner-openssl-us...@openssl.org 05/11/2012 03:46 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Looking for (easy) help. (resent, as I never saw this come through the list server) I am looking for some assistance. This should be really easy. But it's not working. Any quick advice I can get would be appreciated. When I use the API, I get a different cypher text then I get from the command line. And the command line appears to be the correct one, as it also matches the cypher text I get when I use the PHP interface. (Once I get the encryption working, I assume the PHP would decrypt it easily, which is my goal) The clear text I am using is simply 6 letters in a file. The file does NOT contain a newline, and neither does the hardcoded buffer used in the C source. The cypher I get is (hex string): from openssl EXE: aed38175d75ea94e7e59833f11400dcf From C code: 35709aab6f31555a378bc4a6107f3bd0 So, here's the code. Really easy stuff. The Key and IV are the same, --- Command line openssl enc -aes-256-cbc -in infile.txt -K 3131313131313131313131313131313131313131313131313131313131313131 -iv fbd070327199c9df7760c5a113bed7a3 -nosalt -out cypher.bin C code: static unsigned char initVect[] = { 0xfb,0xd0,0x70,0x32,0x71,0x99,0xc9,0xdf, 0x77,0x60,0xc5,0xa1,0x13,0xbe,0xd7,0xa3 }; static const unsigned char key32[] = {}; void AES256Encrypt(unsigned char *dst, const char *src, int len) { AES_KEY aeskey; unsigned char iv[sizeof(initVect)]; /* Our own personal copy of the initialization */ memcpy(iv,initVect,sizeof(initVect)); /* vector, to handle the fact that it's not CONST */ AES_set_encrypt_key(key32, 256, aeskey); AES_cbc_encrypt((unsigned char *)src, (unsigned char *) dst, len, aeskey, iv, AES_ENCRYPT); } Any help is appreciated! -Scott Weber __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http:// www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Looking for (easy) help.
Hello, Parametr -nosalt is not used in this case. I have attached my test code, to use this example save file aes_enc.c and execute: # gcc -Wall -pedantic -o aes_enc -lcrypto aes_enc.c # ./aes_enc | od -x 000 e61f b8eb c202 6df8 4cc4 631e 4bf2 dedd 020 # ./aes_enc enc.bin # openssl aes-256-cbc -in enc.bin -K 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -iv 000102030405060708090A0B0C0D0E0F -d marek I other words, when you prepare source buffer for excryption you shoud manualy pad this data. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 05/11/2012 03:43:01 PM: scott...@csweber.com Sent by: owner-openssl-us...@openssl.org 05/11/2012 03:46 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Looking for (easy) help. (resent, as I never saw this come through the list server) I am looking for some assistance. This should be really easy. But it's not working. Any quick advice I can get would be appreciated. When I use the API, I get a different cypher text then I get from the command line. And the command line appears to be the correct one, as it also matches the cypher text I get when I use the PHP interface. (Once I get the encryption working, I assume the PHP would decrypt it easily, which is my goal) The clear text I am using is simply 6 letters in a file. The file does NOT contain a newline, and neither does the hardcoded buffer used in the C source. The cypher I get is (hex string): from openssl EXE: aed38175d75ea94e7e59833f11400dcf From C code: 35709aab6f31555a378bc4a6107f3bd0 So, here's the code. Really easy stuff. The Key and IV are the same, --- Command line openssl enc -aes-256-cbc -in infile.txt -K 3131313131313131313131313131313131313131313131313131313131313131 -iv fbd070327199c9df7760c5a113bed7a3 -nosalt -out cypher.bin C code: static unsigned char initVect[] = { 0xfb,0xd0,0x70,0x32,0x71,0x99,0xc9,0xdf, 0x77,0x60,0xc5,0xa1,0x13,0xbe,0xd7,0xa3 }; static const unsigned char key32[] = {}; void AES256Encrypt(unsigned char *dst, const char *src, int len) { AES_KEY aeskey; unsigned char iv[sizeof(initVect)]; /* Our own personal copy of the initialization */ memcpy(iv,initVect,sizeof(initVect)); /* vector, to handle the fact that it's not CONST */ AES_set_encrypt_key(key32, 256, aeskey); AES_cbc_encrypt((unsigned char *)src, (unsigned char *) dst, len, aeskey, iv, AES_ENCRYPT); } Any help is appreciated! -Scott Weber __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org aes_enc.c Description: Binary data
Re: ECC generate public key with given private key
Hello, To generate EC key pair you should: - choose EC curve (eg secp256r1, secp384r1, ...) - generate private key: d = random(0,...,n) (0 d n) - generate public key dG = d*G where n = generator order, G = generator. If you have private key d then you should calculate public key dG = d*G using chosen EC curve. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/14/2012 12:32:22 PM: opensshelpmeplz okayh...@mailinator.com Sent by: owner-openssl-us...@openssl.org 04/15/2012 02:24 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject ECC generate public key with given private key I need to generate a public EC key given a private EC key that I provide myself. Is it possible to do this with OpenSSL? I have no problems to generate a key pair , and I know how to set private and public key to specific values, but is there some way to give it a private key and get a corresponding public key that is tied to the provided private key? I am using the Ruby wrapper for what it is worth thanks for any help, I have spent many hours trying to figure this out now. -- View this message in context: http://old.nabble.com/ECC-generate-public-key-with-given- private-key-tp33686367p33686367.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: no shared cipher
Hello, Test connection works: SERVER: # openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem -cipher RC4-SHA -tls1 Using default temp DH parameters Using default temp ECDH parameters ACCEPT -BEGIN SSL SESSION PARAMETERS- MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74LUjhba+gnYZ JrObUopzWYJc2tuSFoZlRsyhBgIET38dO6IEAgIcIKQGBAQBqwMEAQE= -END SSL SESSION PARAMETERS- Shared ciphers:RC4-SHA CIPHER is RC4-SHA Secure Renegotiation IS supported CLIENT: # openssl s_client -cipher RC4-SHA -tls1 New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher: RC4-SHA Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM: crk c...@crook.de Sent by: owner-openssl-us...@openssl.org 04/06/2012 06:26 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject no shared cipher Hi, I am trying to establish an tls1 connection between a server and a client, running in two threads. When doing the handshake the server gets the hello message and throws an error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher I am using on both sides SSL_CTX_set_cipher_list(ctx, RC4-SHA). To figure out the cipher string I used the following command: openssl ciphers -tls1 aRSA:AES:-kEDH:-ECDH:-SRP:-PSK:-NULL:-EXP:-MD5:-DES which gave me: ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDH- RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-RC4-SHA:AES256- SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA Also the certs and private keys for server and client are set up. No error here, I believe. What am I doing wrong? (see more here: http://paste.debian.net/162331/) Thanks so far, aureliano =) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: no shared cipher
Hello, Maybe there is library initialization problem, try to add: SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/06/2012 07:06:22 PM: crk c...@crook.de Sent by: owner-openssl-us...@openssl.org 04/06/2012 07:07 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: no shared cipher Hi Marek Marcola, thanks a lot for your help. I tried the commands with exactly the same certificates and private keys and the connection works. This makes me half happy :) So, maybe I doing something wrong on handshaking? Best regards chris r. On 06.04.2012 18:46, marek.marc...@malkom.pl wrote: Hello, Test connection works: SERVER: # openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem -cipher RC4-SHA -tls1 Using default temp DH parameters Using default temp ECDH parameters ACCEPT -BEGIN SSL SESSION PARAMETERS- MFoCAQECAgMBBAIABQQABDCLRcpyQeyzVWraS2xLoieVLwRjHGz74LUjhba+gnYZ JrObUopzWYJc2tuSFoZlRsyhBgIET38dO6IEAgIcIKQGBAQBqwMEAQE= -END SSL SESSION PARAMETERS- Shared ciphers:RC4-SHA CIPHER is RC4-SHA Secure Renegotiation IS supported CLIENT: # openssl s_client -cipher RC4-SHA -tls1 New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher: RC4-SHA Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM: crk c...@crook.de Sent by: owner-openssl-us...@openssl.org 04/06/2012 06:26 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject no shared cipher Hi, I am trying to establish an tls1 connection between a server and a client, running in two threads. When doing the handshake the server gets the hello message and throws an error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher I am using on both sides SSL_CTX_set_cipher_list(ctx, RC4-SHA). To figure out the cipher string I used the following command: openssl ciphers -tls1 aRSA:AES:-kEDH:-ECDH:-SRP:-PSK:-NULL:-EXP:-MD5:-DES which gave me: ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:ECDH- RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-RC4-SHA:AES256- SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA Also the certs and private keys for server and client are set up. No error here, I believe. What am I doing wrong? (see more here: http://paste.debian.net/162331/) Thanks so far, aureliano =) __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- crk For free communication with me use GPG. Questions? Ask me ;) WIKI: http://en.wikipedia.org/wiki/E-mail_privacy GPG: www.crook.de/crk/crk_pub_0xB268A580.asc [attachment signature.asc deleted by Marek Marcola/malkom] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: AES-256 Implementation and OpenSSL
Hello, This is standard AES implementation based on FIPS 197 (standard means also slow). OpenSSL daes not have such implementation, OpenSSL have optimized AES implementation based on function AES_encrypt() which far more faster then standard implementation. Standard implementation is good for learning but not in real life. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 04/02/2012 05:09:57 PM: Theodore Tolstoy filaho...@gmail.com Sent by: owner-openssl-us...@openssl.org 04/02/2012 05:11 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject AES-256 Implementation and OpenSSL Hi! There is a widely known and used AES implementation in C by Niyaz PK for encryption/decryption: http://www.hoozi.com/posts/advanced-encryption-standard-aes-implementation-in-cc-with- comments-part-1-encryption/ . It seems to implement AES-{128,192,256} ECB mode of encryption/decryption(?). Am I wrong? Is it possible to use OpenSSL to achieve equivalent results? -- +BW, TVT __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
Hello, If your data to encrypt is not exactly 16 bytes (AES block length), you should add block padding before encryption and remove padding after decryption. In your case you have string virident (8bytes), you should add 16-8=8 bytes of padding before encryption (fill last 8 bytes with value 8). After decryption remove last 8 bytes (filed with value 8). For printf() you may fill this last 8 bytes to 0. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/29/2012 04:02:17 PM: Prashanth kumar N prashanth.kuma...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/29/2012 04:03 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: How to do encryption using AES in Openssl Bit confusing... are you saying that i need to add NULL termination at the end of encrypted data? Isn't this wrong? I assume i shouldn't be NULL terminating the input string which needs to be encrypted. On Thu, Mar 29, 2012 at 7:10 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/29/2012 1:40 AM, Prashanth kumar N wrote: Thanks Ken for pointing out the mistake... after changing to AES_Decrypt(), it worked but i still see issue when i print the decrypted output as it has extra non-ascii characters in it. That's what happens in C if you try to printf an array that's not NUL terminated. The printf just keeps going, right past the end of the buffer, until it either hits a \0 or segfaults. You encrypted 16 bytes, not nul terminated, decrypted to the same 16 bytes, then pretended that it was nul terminated and tried to printf. Below is the input unsigned char text[]=test12345678abc2; After decryption, i get the following string: Decrypted o/p: test12345678abc2Ȳu�z�B��� ��A��S�� Few questions... 1. If we use AES, will decrypted files have same number of bytes as encrypted file? (I assume it should be same) It depends on the mode and padding scheme. Some (CTR, OFB) don't pad, some (CFC) do pad. If you're just playing, fine. But if this is a real product you're designing, you shouldn't be asking this question. It's time to hire a crypto expert. Otherwise, your product will be insecure. My requirement is mainly to support AES XTS but the reason for asking the above question was to understand if their is addition of extra bytes to encrypted data as it might consume more space when written to a drive... does my question make sense? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
Hello, If you want to use low-level AES functions to encrypt more then 16 bytes you should use AES in CBC mode. You can implement this mode using AES_encrypt () or better use AES_cbc_encrypt(). Using AES_encrypt() block-by-block is called ECB mode. Look at: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Example of using AES_cbc_encrypt() attached (pay attension of block padding). Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/28/2012 09:01:25 AM: Prashanth kumar N prashanth.kuma...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/28/2012 09:03 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: How to do encryption using AES in Openssl Here is the modified program #include stdio.h 2 #include openssl/aes.h 3 4 static const unsigned char key[] = { 5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 8 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 9 }; 10 11 void main() 12 { 13 unsigned char text[]=test12345678abcf; 14 unsigned char out[16]; 15 unsigned char decout[16]; 16 int i; 17 18 AES_KEY ectx; 19 AES_KEY dectx; 20 21 AES_set_encrypt_key(key, 256, ectx); 22 AES_encrypt(text, out, ectx); 23 24 printf(encryp data = %s\n, out); 25 26 AES_set_encrypt_key(key, 256, dectx); 27 AES_decrypt(out, decout, dectx); 28 printf( Decrypted o/p: %s \n, decout); 29 30 for (i = 0;i 16; i++) 31 printf( %02x, decout[i]); 32 } 33 As i read min AES block size is 128 bits which can go up to 256 bits in multiples of 32- bits. Is this correct? I do know encrypted data is binary but when i pass the same data to AES_decrypt() fucntion and print using %s, i get non-readable characters. What i notice is when i change the input plain text, i do see o/p vaires. On Tue, Mar 27, 2012 at 11:24 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/27/2012 1:33 PM, pkumarn wrote: I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something? Define I don't see any encryption happening. PS: I don't get any errors upon compilation. 1 #includestdio.h 2 #includeopenssl/aes.h 3 4 static const unsigned char key[] = { 5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 8 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 9 }; It's strange to define a 256 bit key and use 128 bits. 10 11 void main() 12 { 13 unsigned char text[]=virident; The input must be equal to the AES block size. 14 unsigned char out[10]; The output must be equal to the AES block size. 15 unsigned char decout[10]; Same here. 16 17 AES_KEY wctx; 18 19 AES_set_encrypt_key(key, 128,wctx); 20 AES_encrypt(text, out,wctx); This is a raw encrypt, which assumes input and output are one AES block. 21 22 printf(encryp data = %s\n, out); The encrypted data is binary, not a printable C string. 23 24 AES_decrypt(out, decout,wctx); 25 printf( Decrypted o/p: %s \n, decout); 26 27 28 } Please help me to figure this out... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org aes_dec.c Description: Binary data aes_enc.c Description: Binary data
Re: OpenSSL 1.0.1 handshake timeout
Hello, Try some test connections: # openssl s_client -connect hostname:443 -debug -msg # openssl s_client -connect hostname:443 -debug -msg -bugs Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/28/2012 06:02:01 PM: James Earl ja...@truckhardware.ca Sent by: owner-openssl-us...@openssl.org 03/28/2012 06:03 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject OpenSSL 1.0.1 handshake timeout I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. My original post on ruby-forum: http://www.ruby-forum.com/topic/3944461#new __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
Hello, Maybe attached simple example will help. Use: # gcc -o evp_enc evp_enc.c -lcrypto # cat /etc/group | ./evp_enc Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/28/2012 09:02:59 AM: Prashanth kumar N prashanth.kuma...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/28/2012 09:06 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: How to do encryption using AES in Openssl I tried to use EVP but let if of go due to bad documentation... On Wed, Mar 28, 2012 at 2:49 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 3/27/2012 10:42 PM, Jeffrey Walton wrote: On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldmankgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. Digest (search for openssl evp digest example): http://www.openssl.org/docs/crypto/EVP_DigestInit.html At least this one is outdated, it recommends SHA1, does not mention any of the larger algorithms and still shows the old SSL MD5+SHA1 288 bit length as the maximum MD size. openssl/evp.h has later definitions but no documentation in it. This document also gives two good reason not to use this interface when retrofitting existing code: 1. The state structure (EVP_MD_CTX) requires an extra call to free internal memory, which may not fit into existing code that doesn't have such a requirement of its own. 2. The EVP_DigestInit_ex() function is documented as loading a specific implementation if NULL is passed, thus almost certainly ensuring that said specific implementation will be linked into programs that don't use it at all. It is also unclear how referencing a specific engine avoids loading the entire feature set of that engine when only a subset is needed. Such granularity issues basic questions one should always consider in any library design. Encrypt (search for openssl evp encrypt example): http://www.openssl.org/docs/crypto/EVP_EncryptInit.html Sign (search for openssl evp sign example): http://www.openssl.org/docs/crypto/EVP_SignInit.html Verify (search for openssl evp verify example): http://www.openssl.org/docs/crypto/EVP_VerifyInit.html (I have not checked out those yet). Explicitly adding the word EVP to those searches was non-obvious because as a programmer I tend not to consider parts of identifiers as separate search words (except when doing a raw grep). And besides, how should a newcomer to OpenSSL guess that something called EVP is of any significance? -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org evp_enc.c Description: Binary data
Re: SSL error: SSL error code 336151528 (a seemingly rare error/bug?)
Hello, $ echo obase=16;336151528 | bc 140943E8 $ openssl errstr 140943E8 error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/27/2012 01:09:56 AM: Blake Mizerany blake.mizer...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/27/2012 09:24 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject SSL error: SSL error code 336151528 (a seemingly rare error/bug?) While working on postgres driver in Go, I began getting these errors in my postgres logs: SSL error: SSL error code 336151528 I spoke with a postgres team member and they aren't sure exactly where this is coming from. A little more research on my side found someone else getting a very similar error on OS X: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg14704.html Triangulation of the error points to OpenSSL right now. Any thoughts/help would be very much appreciated. I don't have a deep understanding of SSL so I'm not sure I'll be able to find the root of the problem; but will keep looking. -blake __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Query in EVP_PKEY_cmp for a particular value of .crt and .key
Hello, owner-openssl-us...@openssl.org wrote on 03/23/2012 03:10:47 PM: Ajay Garg ajaygargn...@gmail.com Sent by: owner-openssl-us...@openssl.org Hi all. I have been trying lately to debug a startup issue in APACHE's httpd service; and the last logs I receive in /etc/httpd/logs_error_log is # [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch # Just do: $ openssl rsa -in key.pem -noout -modulus Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC... $ openssl x509 -in crt.pem -noout -modulus Modulus=E43E2DAB15DA7E70FC2E2149FC00481816650E799AAEC... and check if output maches. Best regards, -- Marek Marcola marek.marc...@malkom.pl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Query in EVP_PKEY_cmp for a particular value of .crt and .key
Hello, Then do some more deep checking: 1) Check RSA key consistency $ openssl rsa -in key.pem -check -noout RSA key ok 2) Display RSA key and certificate $ openssl rsa -in key.pem -text -noout Private-Key: (1024 bit) modulus: 00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47: 76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9: 7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c: 94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a: 79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0: 84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56: 83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01: 8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9: 0d:6a:b9:ed:5c:9f:1d:bc:b7 publicExponent: 65537 (0x10001) privateExponent: 25:88:f6:c0:25:95:97:ae:b8:66:33:33:e8:a9:31: 46:89:9f:a4:30:5a:e7:1a:b4:68:90:4f:7d:dd:ba: c5:74:e6:19:02:6d:3c:fc:c7:02:46:8a:2a:c6:2c: bf:9f:a5:e4:bb:4d:86:5c:5b:f0:7c:e7:d1:32:60: 95:21:b2:25:e4:7c:cc:92:78:64:aa:f8:f6:98:10: 84:2d:57:e3:7a:e8:af:e2:ca:3a:37:7e:d9:00:d3: 9f:10:06:f5:2c:b1:49:a2:64:05:d7:34:0e:1c:6f: 11:6f:73:4e:67:7e:3b:91:56:5b:d6:3c:30:59:55: 2b:e2:b9:d9:90:f4:53:01 $ openssl x509 -in crt.pem -text -noout Certificate: ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:e3:29:5a:7f:55:8c:3d:78:d3:be:5d:85:f7:47: 76:80:87:8e:aa:11:54:98:78:5d:50:76:f5:7b:f9: 7d:88:b4:20:c3:60:0e:5c:02:14:8b:6b:5c:58:9c: 94:e1:a1:b6:1c:10:ca:66:4f:e9:3b:18:ce:49:7a: 79:8b:e2:c3:80:96:a3:c7:5d:27:8c:93:24:e1:b0: 84:22:37:6e:94:47:e5:06:a9:41:5e:23:53:0f:56: 83:18:27:e8:8c:6f:9e:ba:53:71:ca:99:b4:5c:01: 8f:f7:50:cf:8e:90:0e:32:2d:8a:03:c1:93:95:b9: 0d:6a:b9:ed:5c:9f:1d:bc:b7 Exponent: 65537 (0x10001) and check that modulus==Modulus and publicExponent==Exponent This should guarantee that key and cert are ok. You may also test this files using simple openssl ssl server: 1) Run server on one terminal $ openssl s_server -accept 1212 -key key.pem -cert crt.pem -debug -msg 2) Connect to server from another terminal $ openssl s_client -connect localhost:1212 -debug -msg Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/23/2012 04:44:42 PM: Ajay Garg ajaygargn...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/23/2012 04:46 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc owner-openssl-us...@openssl.org Subject Re: Query in EVP_PKEY_cmp for a particular value of .crt and .key Thanks Marek for the reply. I hope that it is ok if the key and cert files are with .key and .crt extensions (instead of pem). If yes, then fortunately (or unfortunately) the modulus matches. ### [ajay@ajay certs]$ openssl rsa -in ssl.key -noout -modulus Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F [ajay@ajay certs]$ openssl x509 -in ssl.crt -noout -modulus Modulus=9ED17DA2E4C31CD5C1E24FE985C4DBC80A7A10FD1ADEBE828C4185AC3E36E188BC79E3A05C2C28E2CFE187DB5A765FFCB8BC70E74CBED24433F881830993267E6DC78C181233A135E09BB77B1404F550FED56EB5143DA7C005C13485D151DD35FC4F8E124DBCF675479BB89212C2CE184063A5B4278A6DE8D2204BB1D020FF2F ### So, Marek :: a) Could there be any other reason, wh ere a return value of 0 may be returned? b) The permissions for server.key and server.crt are 0755. I hope, these are valid permissions. c) Finally, I would appreciate if you could send me a pair of key and crt files, generated from your end (or alternatively, send me the command to generate these files), THAT WOULD GUARANTEE THAT EVP_PKEY_cmp(xk, k) RETURNS 1 (as the success value). Thanks again. Regards, Ajay On Fri, Mar 23, 2012 at 8:40 PM, marek.marc...@malkom.pl wrote: Hello, owner-openssl-us...@openssl.org wrote on 03/23/2012 03:10:47 PM: Ajay Garg ajaygargn...@gmail.com Sent by: owner-openssl-us...@openssl.org Hi all. I have been trying lately to debug a startup issue in APACHE's httpd service; and the last logs I receive in /etc/httpd/logs_error_log is # [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Re: Query in EVP_PKEY_cmp for a particular value of .crt and .key
Hello, I'm sure you know that but just to remind: After sending to the list the output of command: $ openssl rsa -in server.key -text -noout you can not use this key (and certificate) for production. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/23/2012 06:27:15 PM: Ajay Garg ajaygargn...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/23/2012 06:30 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Query in EVP_PKEY_cmp for a particular value of .crt and .key Thanks Marek (and I say again, whole-heartedly) for your quick, prompt response. a) RSA Key correctness :: VERIFIED [ajay@ajay certs]$ openssl rsa -in server.key -check -noout Enter pass phrase for server.key: RSA key ok b) modulus==Modulus publicExponent==Exponent = TRUE [ajay@ajay certs]$ openssl rsa -in server.key -text -noout Enter pass phrase for server.key: Private-Key: (2048 bit) modulus: 00:b9:2d:f2:59:1f:f6:c2:ac:0d:bd:0f:dd:25:e5: e8:7e:5b:1e:94:45:6d:be:2d:60:d6:8b:95:3a:11: 12:90:3a:4b:b7:ef:63:be:80:90:f7:8a:ce:1e:99: 46:11:72:23:be:f3:24:d1:5c:fe:40:ca:67:04:13: 59:10:02:4d:2b:ac:30:15:b5:a0:ff:1a:60:6d:28: 4a:42:dd:81:3b:26:9f:c7:d2:92:99:da:bc:c0:d3: 60:03:4c:e7:4d:c9:64:11:c6:63:e1:78:f2:b4:9a: 71:cd:56:a6:d5:a4:b1:c5:b4:d8:ee:5b:57:e7:80: f5:75:92:af:8c:cd:ba:d6:b3:d2:fd:1b:27:1d:6b: 17:97:dc:ff:0c:31:8d:59:76:72:81:fb:51:85:02: db:2e:9b:b4:59:85:e5:cd:32:67:3d:7b:20:02:43: cb:e8:bd:c5:c7:b6:3e:15:f2:44:94:54:fb:fd:77: e1:f1:f2:15:7a:6d:22:d9:f3:a9:e2:a8:a2:84:1c: 4b:cf:78:d4:6a:f2:a7:87:e2:01:d5:22:f6:e2:6c: e0:e7:7f:b3:32:0b:c4:01:2d:fb:9d:db:fe:44:a9: 84:63:f0:eb:da:9d:5f:e4:73:2c:69:5d:d5:e1:80: 5e:7c:91:45:31:b3:ee:0e:0f:5c:50:bc:3a:97:8d: dd:63 publicExponent: 65537 (0x10001) privateExponent: 05:d7:e1:51:d6:a4:5e:b8:37:26:c4:1d:62:58:c2: e1:59:d6:b9:2f:07:ab:7c:9b:15:aa:09:e7:6f:2a: 7a:ca:9c:21:0d:b8:c4:06:22:8c:ed:20:5b:ee:d2: 3b:32:b2:d6:0f:ae:15:bd:2d:78:b5:ea:52:42:9a: 08:db:49:bc:1b:0e:d9:60:85:d8:06:e9:0c:08:bd: 6f:26:b6:31:3b:a2:c7:17:69:f0:d8:ea:23:db:87: a8:13:01:29:7f:35:5d:2a:39:74:9f:f0:68:aa:86: f4:c7:cb:33:ea:a2:81:6e:97:79:ce:00:14:1a:09: a4:d0:20:21:fd:4b:ec:02:6a:e4:45:6a:24:13:dd: 8b:81:4d:c0:37:7c:11:b1:14:09:69:7d:9f:9f:0a: 13:c2:ce:b0:4b:56:8b:4e:0c:ff:e7:74:62:bc:f3: 22:ca:b5:c9:5f:d0:01:28:b9:ca:d7:50:56:65:9f: b5:0d:d1:9e:79:f6:37:a7:bc:bd:31:45:d2:29:f5: 88:05:a8:02:7d:21:7b:fe:78:ca:bd:f4:3c:11:16: 3d:e0:24:f8:bf:14:0e:de:6f:01:74:36:bd:4c:4d: a1:fa:cb:da:74:78:5f:8a:e2:5c:41:a4:80:28:18: 43:90:6e:82:eb:e9:50:d1:d8:86:a5:32:e4:d2:16: 81 prime1: 00:da:72:b7:22:b8:a2:7e:a9:23:3d:df:1e:fa:01: f1:07:d8:51:80:fd:8f:2d:7f:a1:f4:a6:3c:72:f2: 9f:dc:a5:a9:1f:97:04:3a:83:10:12:f8:4c:fd:6e: 9b:4a:d2:65:c8:9c:6d:6d:0b:a8:ff:66:7d:05:cd: 0d:9f:74:e4:9c:ce:64:6d:00:93:1b:94:89:3d:cd: 7e:c1:dd:32:72:60:8b:38:eb:7e:95:e7:3d:43:94: 1a:aa:29:20:71:9c:b2:e9:19:9c:01:f2:60:5d:76: 47:27:0d:eb:6a:aa:23:f3:a4:21:28:c2:6f:93:44: a9:c3:12:f5:82:53:d0:6d:33 prime2: 00:d9:03:2c:42:99:84:8f:1b:6e:d4:4c:9c:32:24: df:52:96:29:af:b5:ea:4e:c2:ac:33:2f:52:81:61: ad:bc:db:9a:03:1e:55:1f:8a:96:5a:a9:15:e4:ed: 90:0c:a0:9f:15:f3:dc:a4:1a:95:81:7d:f4:7b:eb: f9:cc:6b:0a:75:31:0a:99:bc:2e:81:db:38:e3:e4: fa:2d:7f:46:4e:c7:89:3b:2d:39:b4:b3:c6:7a:bc: fb:d0:3b:63:e1:a3:21:52:b6:b8:36:ff:78:93:04: 4c:77:59:f6:09:f0:f9:55:19:b6:a9:a2:f5:98:18: ba:1a:e9:e1:44:a4:2c:ef:11 exponent1: 00:b6:f3:12:4b:a3:04:7c:3d:dd:45:09:23:a1:50: 94:f3:f4:08:36:96:a5:1d:fe:e1:bd:ca:a7:9f:c1: 71:7f:52:c2:b4:b1:3e:9a:5e:7f:cc:d3:65:6f:6e: fd:e2:09:19:b3:8c:c6:dc:67:c2:8e:bb:e0:03:46: bb:9d:0b:42:17:cd:87:2f:ff:26:35:18:0e:64:d3: 40:d0:ce:17:5c:d1:5c:68:3c:5a:54:e3:48:5c:db: a2:05:56:d2:54:34:5f:66:77:cb:3f:9a:25:78:c1: 01:50:45:09:1f:d9:04:a9:1d:91:a3:d8:4b:a7:b3: fe:d5:60:80:7b:39:04:bb:1f exponent2: 33:ad:13:bf:10:3b:86:b0:6b:a5:d6:50:63:88:70: 3d:84:50:8c:ec:ee:cc:ae:82:be:f5:87:da:13:5e: 81:d8:71:46:48:d4:d0:5b:fa:0d:c0:b1:db:ff:ce: 0b:93:bc:0e:48:31:c4:4a:28:4b:db:a8:7a:51:e8: fc:0a:89:44:fa:d6:a1:61:34:59:eb:d0:12:44:96: 66:7b:26:4c:e0:2b:07:92:6f:69:5e:5d:e7:20:55: 7e:72:86:08:57:06:3a:62:14:5f:d4:59:eb:f8:5c: 15:17:b1:05:11:02:ee:86:de:fe:6a:35:bd:70:35: f0:ee:bc:9b:d1:d4:79:61 coefficient: 43:61:58:68:0c:c8
RE: RSA_private_decrypt without e and d
Hello, I think that if you have only p, q, dmp1, dmq1, iqmp and n = p*q (which is not too hard to calculate) you can decrypt message with OpenSSL API. No d and e. In attached file you have small example. There is created private key without e and d and decryption succeeds. Before decryption you should disable RSA blinding if you do not have e in your private key. For example if you comment line: RSA_blinding_off(rsa_priv); then you will get decryption error: *** error:0408808C:rsa routines:RSA_setup_blinding:no public exponent *** error:04065044:rsa routines:RSA_EAY_PRIVATE_DECRYPT:internal error You can experiment. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 10:30:17 PM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 10:32 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: RSA_private_decrypt without e and d Hi Marek, My understanding was that while it's mathematically possible, from an OpenSSL API perspective there is no way to do it. Did I misunderstand? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of marek.marc...@malkom.pl Sent: Thursday, February 24, 2011 11:23 AM To: openssl-users@openssl.org Cc: openssl-users@openssl.org; owner-openssl-us...@openssl.org Subject: RE: RSA_private_decrypt without e and d Hello, Remember, you do not need to recover this parameters to decrypt message. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 05:21 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: RSA_private_decrypt without e and d Thanks Mounir and Marek, I will try to recover these parameters. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Thursday, February 24, 2011 2:27 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt without e and d Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). I'm trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project
Re: How to retrieve error about private key loading.
Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:Re: How to retrieve error about private key loading.
Hello, Agree, or even: SSL_load_error_strings(); Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 03:10:45 PM: lzyzizi lzyz...@126.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 03:13 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re:Re: How to retrieve error about private key loading. I think ERR_load_RSA_strings(void) should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RSA_private_decrypt without e and d
Hello, Remember, you do not need to recover this parameters to decrypt message. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 05:21 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: RSA_private_decrypt without e and d Thanks Mounir and Marek, I will try to recover these parameters. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Thursday, February 24, 2011 2:27 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt without e and d Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). I'm trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_decrypt without e and d
Hello, If you have on the receiving site n, p, q, dmp1, dmq1, and iqmp components then you may decrypt message M from ciphertext C with CRT: Cp = C mod p Cq = C mod q Mp = Cp^dmp1 mod p Mq = Cq^dmq1 mod q h = (Mp?Mq) * iqmp mod p M = Mq + qh where: dmp1= d mod (p?1) dmq1= d mod (q?1) iqmp = q^?1 mod p you have recomputed. You do not need d on the receiving site if you have this parameters. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 05:48:19 AM: Victor Duchovni victor.ducho...@morganstanley.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 05:50 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: RSA_private_decrypt without e and d On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would *like* to be able to do (or something close). What you are asking to do is not possible, not because of API limitations, but as a matter of principle (mathematical property of RSA). I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). The RSA algorithm computes a ciphertext M' from a plaintext M via M' = (M)^e mod n (i.e. mod pq). decryption is possible when p, q (and implicitly e) are known because M = (M')^d mod n provided: - M n (e.g. the message is shorter than the key bit length), thus computing the result mod n loses no information. - d*e = 1 mod phi(n) = (p-1)(q-1) http://en.wikipedia.org/wiki/Euler%27s_totient_function when e, p and q are known, d can be computed via Euclid's algorithm for finding the multiplicative inverse of a mod b, when a is co-prime to b. When e is unknown, any M'' obtained from M via some exponent e' is as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have: M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e) therefore if the public exponent were (d'*e) instead of e, the same message M' decrypts to M' instead of M. There is no well-defined inverse to RSA without e, since e is fundamental parameter of the operation you want to invert. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_private_decrypt without e and d
Hello, Try to disable RSA blinding with: RSA_blinding_off(new_key); before RSA_private_decrypt(). Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 03:46:53 AM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 03:52 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don’t have the e and d components but that is the case). I’m trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: Secure Command Line MAC Computation
Hello, owner-openssl-us...@openssl.org wrote on 10/01/2009 10:24:11 PM: Ger Hobbelt g...@hobbelt.com Sent by: owner-openssl-us...@openssl.org ;-) Of course, you always could go an use shell backquoting, e.g. dgst -hmac `cat keyfile` ... assuming the 'keyfile' is in the proper format already. admin# echo 100 /tmp/p.txt admin# sleep `cat /tmp/p.txt` [1] 21988 admin# ps -ef | grep sleep | grep -v grep root 21988 3150 0 22:29 pts/000:00:00 sleep 100 Best regards, -- Marek Marcola marek.marc...@malkom.pl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hash chaine
Hello, Use RAND_bytes(). This function uses hashes for you. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/26/2009 07:59:14 PM: hello i want to create a some random values (N values )using SHA1, ( like lamport authentication protocol) how can i do that ? i tried to generate a random number and use sha to generate a digest (i did it N times ), but i'm afraid , i'm not sure that it's correct. tell me plz if i have to use a big random number or a random integer is sufficient ?? best regards Découvrez tout ce que Windows Live a à vous apporter ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Which version of SSL is supported in OpenSSL 0.9.7e
Hello owner-openssl-us...@openssl.org wrote on 02/19/2009 08:30:04 PM: We are using OpenSSL 0.9.7e and would like to know if it supports SSL 3.0? Yes. Best regards, -- Marek Marcola marek.marc...@malkom.pl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: build openSSL for an embedded system without an OS
Hello, owner-openssl-us...@openssl.org wrote on 02/18/2009 07:17:51 PM: On Wed, Feb 18, 2009 at 4:24 PM, Guyotte, Greg gguyo...@ti.com wrote: Ger, thank you for this response. I really do just need the RSA decryption bits, so I think that the approach you recommend is far too heavy-handed for me. I will check out the rsaref and cryptlib that you mentioned! All right. Since you don't need anything more than just that, I think that indeed is the smarter move now. Sorry for response to this email but I do not have earlier posts. If you want RSA decryption routine then you may try to extract from OpenSSL some BIGNUM files, probably: bn_add.c bn_asm.c (probably may be removed - depend on your platform) bn_ctx.c bn_div.c bn_exp.c bn_gcd.c bn_lcl.h bn_lib.c bn_mod.c bn_mont.c bn_mul.c bn_recp.c bn_shift.c bn_sqr.c bn_word.c cryptlib.h and compile this to library format. Of course some modification will be needed. With BN library you need only RSA decryption routine which you can borrow from file: rsa_eay.c Depending on decryption scheme you may need RSA_eay_public_decrypt() or RSA_eay_private_decrypt(). If you will need RSA_eay_public_decrypt() some BN files needed for Montgomery method may are not required (bn_mont.c). The most complicated part is to properly define header files depending on you platform architecture (8bit/16bit/32bit). Best regards, -- Marek Marcola marek.marc...@malkom.pl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: how to trace aes quickly?
Hello, owner-openssl-us...@openssl.org wrote on 02/17/2009 03:20:38 PM: 2009/2/17 Victor Duchovni victor.ducho...@morganstanley.com: On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote: Dear all: I want to realize aes, so I trace enc_main in enc.c. But I find there are a lot call back functions such that I spend more time on tracing these call back functions than understanding aes algorithm. I have studied the aes flow chart on the wiki, http://en.wikipedia.org/wiki/Advanced_Encryption_Standard But I cannot find out where the connection between the password I input with the aes. suppose I type: openssl enc -aes-256-cbc -salt -in test.txt -out test.enc enter aes-256-cbc encryption password: 123456 Verifying - enter aes-256-cbc encryption password:123456 How do we deal with 123456 before calling AES_cbc_encrypt? Is 123456 a part of key? User-supplied passwords (password based encryption) are not strong enough to use directly as AES keys. Instead these are passed to a key-derivation function. OpenSSL uses PBKDF2 from PKCS#5 v2.1 http://en.wikipedia.org/wiki/PBKDF2 The API entry point (still to be documented) is: src/distro/crypto/evp/p5_crpt2.c: PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key) Hi: thanks for your help. I have another questions about aes: The round# is set according to the bits we pass to AES_set_encrypt_key. And Nk*round# keys are also produced well in it. But how about Nb, the number of column in state? (in 128, 192 and 256 bits block plaintext, the Nb, column# of state is 4,6,8.) Yes, but AES implementation used in OpenSSL supports only 128 bit block (16 bytes). So, in this implementation Nb is always 4 (4 32-bit words). Best regards, -- Marek Marcola marek.marc...@malkom.pl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Installation Steps for OpenSSL on AIX Unix
Hello, [EMAIL PROTECTED] wrote on 09/30/2008 03:34:28 PM: Greetings, We would like to install the latest stable version of the OpenSSL software on our AIX 5.3 Unix server to support a product known as Cloverleaf Integrator (an interface engine). We have downloaded a tarball from the official OpenSSL website and opened it up using Winzip. We cannot find any explicit installation instructions for our Unix platform. At least it is not apparent at this point. If you want to compile your own version of OpenSSL you may try: (32-bit version with gcc) $ gzip -dc openssl-0.9.8e.tar.gz | tar xf - $ cd openssl-0.9.8e $ ./Configure threads --prefix=/usr/local/security/openssl-0.9.8e aix-gcc $ make $ make test $ make install $ file apps/openssl apps/openssl: executable (RISC System/6000) or object module not stripped (64-bit version with gcc) $ gzip -dc openssl-0.9.8e.tar.gz | tar xf - $ cd openssl-0.9.8e $ ./Configure threads --prefix=/usr/local/security/openssl-0.9.8e aix64-gcc -maix64 $ make $ make test $ make install $ file apps/openssl apps/openssl: 64-bit XCOFF executable or object module not stripped (32-bit version with IBM XL C) $ ./Configure threads --prefix=/usr/local/security/openssl-0.9.8e aix-cc $ file apps/openssl apps/openssl: executable (RISC System/6000) or object module not stripped (64-bit version with IBM XL C) $ ./Configure threads --prefix=/usr/local/security/openssl-0.9.8e aix64-cc $ file apps/openssl apps/openssl: executable (RISC System/6000) or object module not stripped or you may download current binary distribution from: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp and then: # pwd /var/tmp/sw # mkdir openssl; cd openssl # gzip -dc ../openssl.9.8.601.tar.Z | tar xvf - # installp -ac -Y -d /var/tmp/sw/openssl all Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: .der to .crt file conversion
Hello, [EMAIL PROTECTED] wrote on 09/24/2008 03:19:20 PM: Dear All, Thank you Vineeta for your help. hi.. you can simply rename the .pem format to .crt. It will work fine.. As above you mention conversion from .pem to .der but .PEM format having only certificate having like given below: -BEGIN CERTIFICATE- -- - - -END CERTIFICATE- But .der format having some more other information so I thing just renaming is not correct way. $ openssl x509 -in crt.pem -text -noout $ openssl x509 -in crt.pem -outform der -out crt.der $ openssl x509 -in crt.der -inform der -text -noout Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to use a hardware RNG with openssl?
Hello, [EMAIL PROTECTED] wrote on 09/09/2008 10:20:48 AM: Hello, we purchased a hrng for the generation of RSA keys for instance. It is an USB device an shows up as /dev/qrandom. So, in order to generate rsa keys, is it sufficient to use it as a replacement for /dev/urandom and to call genrsa as openssl genrsa -rand /dev/qrandom 2048 ? I am not shure about the role of /dev/urandom: does it deliver a (pseudo) random number or the salt for the PRNG? Salt (32 bytes) for the PRNG Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL support for RFC2898 / PBKDF2
Hello, [EMAIL PROTECTED] wrote on 09/05/2008 02:04:01 AM: [EMAIL PROTECTED] wrote: Does openssl support RFC2898, and if so, what function should I be looking at? PKCS5_PBKDF2_HMAC_SHA1() This function seems to be undocumented: int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); Am I correct in understanding that the key generated by this function will be written to the buffer specified in out, and will have the length specified by keylen? Yes, example attached. What is the meaning of the int that this function returns? This function always returns 1. Best regards, -- Marek Marcola [EMAIL PROTECTED] pkcs5.c Description: Binary data
Re: OpenSSL support for RFC2898 / PBKDF2
Hello, [EMAIL PROTECTED] wrote on 09/03/2008 04:16:57 PM: Hi all, According to the man page for EVP_BytesToKey, Newer applications should use more standard algorithms such as PKCS#5 v2.0 for key derivation. Unfortunately the man page stops there, and doesn't give a clue as to which openssl function should be used to derive a key in a compliant way. Does openssl support RFC2898, and if so, what function should I be looking at? PKCS5_PBKDF2_HMAC_SHA1() Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Creating RSA key from given prime numbers
Hello, [EMAIL PROTECTED] wrote on 07/17/2008 10:17:14 PM: For educational purposes, I want to use openssl to create an RSA key with prime numbers I provide. Is this possible with an openssl command, or do I have to adapt the source code? From command line (openssl executable) this is not possible. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decrypting Fragmented packets
Hello, [EMAIL PROTECTED] wrote on 06/26/2008 01:56:33 PM: Well, I tried it like you guys said, but I keep getting an error from EVP_DecryptFinal_ex() (returns 0) and the resulting decrypted packet that I got is not right. However, doing it like I said previously, that is reassemblng the packets and merging them into one and then passing it to the above mentioned Decrypt functions seem to be working fine. Then you will get error at third packet which arrives after that two. Merging SSL/TLS records is not good solution. Also, how is it exactly that you suggest that I go along? If I send the message Hello World from my server to client and I capture the aforementioned packet, lets say, I treat it as two separate records and decrypt each record. I now have two decrypted records. Should I merge these now? If that were the case, are you implying that my inital message Hello World has been broken into two parts before it was encrypted? (Maybe one part is Hello and the other isWorld?) That does not sound right. The situation that I am facing can actually be repeated by just running the s_server and s_client programs in debug mode and then observing the output. Also, in the packet dump that I had posted earlier, 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 2b 18 b1 8d d8 3c 15 3d e9 c7 and comparing this to the packet format here. I have 32 bytes of application data that should be followed by some amount of padding and 20 Bytes of MAC, which is not available here. But I can clearly see that the algorithm being used is DHE-RSA-AES256-SHA, specifying that SHA is being used. Even, the debug mode in s_server program that I am using shows the same data being transmitted. You must be aware that after decrypting first packet and calling EVP_DecryptFinal_ex() you have cleared decryption context. In other words - this function erases your key and iv. When you try to decrypt second packet function EVP_DecryptUpdate() works ok because this function only applies decryption algorithm do your data, its not important if your key is proper or not. But when you call EVP_DecryptFinal_ex() at the end of decryption you get error because this function checks proper last block padding. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: From RSA to string and compare problem
Hello, [EMAIL PROTECTED] wrote on 06/25/2008 04:10:45 PM: Hi, i'm creating a little client/server program using C. i need to read a rsa from pem file (so using PEM_read_RSAPublicKey) and then send the key to a server (the message can be only a string type) which reads a rsa public key from another pem file and return, comparing keys, is are egual or not. What about just reading your .pem file with simple read() to char table and send this to server ? Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How-To encrypt using rsautl ??
Hello, [EMAIL PROTECTED] wrote on 06/25/2008 08:59:00 PM: I am trying to encrypt a file using rsautl, but its generating an error. What am I doing wrong?? I create a private key - /usr/local/ssl/bin/openssl genrsa -out rsa-priv.pem 2048 Generating RSA private key, 2048 bit long modulus .+++ ..+++ e is 65537 (0x10001) I extract the public key - /usr/local/ssl/bin/openssl rsa -in rsa-priv.pem -pubout -out rsa-pub.pem writing RSA key I try to encrypt a file - /usr/local/ssl/bin/openssl rsautl -in foo -out foo.encrypted -inkey rsa-pub.pem -pubin -encrypt RSA operation error 6180:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151: With 2048 bit key (256 bytes) you may encrypt max 256-11 bytes of data (11 bytes for PKCS1). Because of this RSA encryption is not use for encryption whole files but for encryption symmetric keys (for AES or DES) that encrypt files with symmetric algorithm. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: From RSA to string and compare problem
Hello, [EMAIL PROTECTED] wrote on 06/25/2008 04:34:07 PM: [EMAIL PROTECTED] ha scritto: Hello, [EMAIL PROTECTED] wrote on 06/25/2008 04:10:45 PM: Hi, i'm creating a little client/server program using C. i need to read a rsa from pem file (so using PEM_read_RSAPublicKey) and then send the key to a server (the message can be only a string type) which reads a rsa public key from another pem file and return, comparing keys, is are egual or not. What about just reading your .pem file with simple read() to char table and send this to server ? Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Yes of course. But nothing more elegant ? I do not think that in this case are more elegant solutions ... but you can try: You may create memory BIO: BIO *mem; if ((mem = BIO_new(BIO_s_mem())) == NULL) { goto err; } Write public key to this bio: if (PEM_write_bio_PUBKEY(mem, key) == 0) { BIO_free(mem); goto err; } and read to buffer in PEM format: if ((n = BIO_read(mem, buf, *len)) = 0) { BIO_free(mem); goto err; } BIO_free(mem); This code is not tested nor checked, hope this helps. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: R: From RSA to string and compare problem
Hello, [EMAIL PROTECTED] wrote on 06/26/2008 02:06:47 AM: Returning on reading with read() may I ask you about comment header and footer? It's safe to jump lines of file pem starting with - or it's possible that the key contain the char - ? Data between BEGIN and END header is ASN1 structure encoded with base64. Base64 encoded data can have the following characters: static const char base64[] = ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 +/ (and '=' as padding character if required - only at end of data) As you see, there can not be '-' character inside base64 encoded data. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decrypting Fragmented packets
Hello, [EMAIL PROTECTED] wrote on 06/25/2008 07:25:12 AM: Hi, I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a SSL packet that I have captured. The cipher that I am using AES256 and I can read the application data in cleartext as a result. The problem comes if the application data size 8, which I think has something to do with me using a block cipher. I can't seem to decrypt the data then. Anyways, after inspecting the packet dumps, I realized that sometimes I get fragmented packets. For Example, 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 2b 18 b1 8d d8 3c 15 3d e9 c7 This is actually two packets that are using the SSL application protocol, each of size 0x20 (The second packet starts on line 3, 6th byte onwards). While decrypting, should both these packets be merged together and hence treated as a single packet of size 0x40 or should packet be processed separately. Since, we are using a block cipher of size 256 bits(32 bytes), will it even make a difference? This two packets should be decrypted separately. You should look at this packet from SSL point of view, not TCP point of view. It is not important that you have this data in one TCP packet. From the other hand this data may come to you with 20 TCP packets too. Merging this two packets may work for decryption but will break MAC (message authentication code) because when MAC is calculated implied message number is used. When you merge this packet - one packet will be lost in this calculation. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Difference in packet contents
Hello, [EMAIL PROTECTED] wrote on 06/17/2008 02:11:14 PM: Yup, that solves it. Another matter that's been troubling me is the output that I get when I run the s_server program with the debug option. At the end of the handshake, when the server sends the Finished Packet to the client, the following packet dump is obtained. write to 099EB570 [099FADC0] (53 bytes = 53 (0x35)) - 16 03 01 00 30 b8 bd 82-61 05 3c 59 0e 0e cc 0b 0010 - 57 88 ad f2 93 1e 5a 1f -9f d1 82 3a 10 e2 4b d3 0020 - 00 f4 91 7d f1 10 a2 1d-d4 e6 ef 2a c6 be 1e b5 0030 - 16 fd f6 09 71 Byte 0x00 - 0x16 is indicative of the Handshake protocol in progress. Byte 0x01 and 0x02 - SSL v.3.1 Byte 0x03 and 0x04 - Length of message that follows, 48 bytes + the 5 before it, totals to the 53 bytes shown at the very beginning. Byte 0x05 - This is where the trouble begins. It shows 0xb8 which does not correspond to any standard message type. It should, in my opinion show, 0x14 which is the message type for the Finished packet. I ran the same program a few times I keep getting what appears to me as random bytes each time. When I run the s_server program with both the msg and debug options, the output from the msg tallies with my observation above. I was not sure if the actual packet contents that were being sent as both the msg and debug option seemed to contradict each other. I then wrote a sniffer to check the actual packet contents and they corresponded to those received from debug mode which now leads to me believe this - That, in the Finish packet, the message type, message length and the handshake message are all encrypted. Am I right in thinking so? In which case, I wonder, if the client were to receive such a packet, which coincedentally were to have its Byte 0x05 as some standard message type, will it not proceed to treat that packet correspondingly instead of treating it as a Finished packet? Taking this even further, the whole idea of having 20 as a standard message type for a finished packet would be useless. I realise that the above is a pretty lengthy description of the problem that I am facing and will be more than happy to elaborate on any part of it that is ambigous. I am obviously wrong somewhere and it would be great if someone can point where exactly. Finished packet is the first packet with encrypted contents. If you look at packets dump, you will see ChangeCipherSpec packet Finished packet. All packet after ChangeCipherSpec should use encryption, this is something like switch witch turn on encryption. So, Finished packet should be decrypted before analysed. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Difference in packet contents
Hello, [EMAIL PROTECTED] wrote on 06/17/2008 03:21:08 PM: Hi, I do know for a fact that part of the Finish message is encrypted. My question was actually if the Message type field is also part of the encrypted part? In which case, as I had pointed out earlier, there is a chance that the first byte of the encrypted {message_type + message} can be equal to one of the Standard Message types hence misleading the client to the type of packet that is actually being sent. To put it another way, IMHO, it does not make sense to have a field in a packet whose value does not give us any information of the packet itself. i.e. if the field contains 14 (in base 10), should it be interpreted as a Finish packet with encrypted data whose first byte also happens to be 14 or a ServerHelloDone packet? Finished packet is built with: Protcol header: --- 22 - protocol (1 byte) 3- ssl/tls wersion (2 bytes, this and next) 0/1 len1 - data length (2 bytes, this and next) len2 Handshake header: - 20 - type hs_len1 - handhsake data length (3 bytes, this and next two) hs_len2 hs_len3 Handshake data: --- signed digest1 - MD5 for RSA signed digest2 - SHA1 for RSA,DSA SSL/TLS is built with layers, encryption is used ad record layer where handshake layer and data layer are above this layer. From record layer point of view there is not difference between application data and handshake packet, all is encrypted and send to other party or decrypted and send to layer above. There is only one sign of type of data sent: first byte which tells what kind of data is carried by packet but this is used to defend against reply attacks too (this byte is used in MAC calculation). So, in case of Finised packet, record layer puts handshake header and data, add MAC and PAD, encrypt this, encapsulate encrypted data with 5 byte protocol header and sent to peer: protocol_header, {handshake_header,handshake_data,MAC,PAD} ^^ ENCRYPTED Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OPENSSL Problem
Hello, [EMAIL PROTECTED] wrote on 06/11/2008 08:51:45 AM: Hi All, I have install the open ssl from the http://www.slproweb.com/products/Win32OpenSSL.html now when i check it with the link point api then it giving me the following error “ Unable to load/validate private_key ERRs: wsa=33558530 err=33558530 ssl=537317504 sys=33558530. INFO: ACE_SSL (2792|2668) error code: 33558530 - error:02001002:lib (2):func(1):reason(2) “ I don’t know what is going on because I have created the certificate (i.e. .PEM file) through the OPEN SSL and added the same into the IIS and it uploaded perfectly. Is there any way to check where the OPEN SSL is installed properly or not. Also give me some solution how we can solve the following problem. $ (echo obase=16; echo 33558530) | bc 2001002 $ openssl errstr 2001002 error:02001002:system library:fopen:No such file or directory Best regards, -- Marek Marcola [EMAIL PROTECTED]
RE: ldaps client and oracle internet directory
Hello, [EMAIL PROTECTED] wrote on 06/06/2008 06:25:38 PM: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] snipped With the following error, what are the things that I need to check? Thanks Mike openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect xxx:636 CONNECTED(0003) 24664:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562: Try to add -debug -msg -state flags to this command to get more verbose output. Mark, That does help. Thanks. It should have been obvious from the error message above but I been thrashing so much on this that I am not thinking clearly. I did speak with the OID admin and he tells me that we are using the default config set, which is encryption only - no server auth. I am not sure if this is the source of the ssl handshake failure. I'm checking with the OID admin now. Thanks again for your suggestion. I hope this isn't too much off topic for this group. Mike +SUCCESSFUL SSL CONNECTION ON PORT 443+ # openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect xxx:443 -state CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A response snipped SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- +SSL HANDSHAKE FAILURE ON PORT 636+ # openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect xxx:636 -state CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 1460:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562: Because you get handshake alert after sending client_hello, server do not accept some data in this packet. With SSLv2/v3 client in reality sends SSL2 client_hello and this may not be acceptable by server. You may add -ssl3 or -tls1 flags to use exactly one of this protocol (without SSL2 client_hello) Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ldaps client and oracle internet directory
Hello, [EMAIL PROTECTED] wrote on 06/05/2008 03:01:14 PM: I am trying to establish a connection from a openldap/openssl client to Oracle Internet Directory. I know this isn't much to go on but will at least begin the conversation. I am getting the following error on the client. I am able to connect to 443 but unable to connect to 636. With the following error, what are the things that I need to check? Thanks Mike openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect 10.10.7.86:636 CONNECTED(0003) 24664:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562: Try to add -debug -msg -state flags to this command to get more verbose output. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help with UNICODE md5...
Hello, [EMAIL PROTECTED] wrote on 06/02/2008 07:44:26 PM: I got a problem with openssl, I need to get the digest of the next line in UTF-8: ||A|1|2005-09-02T16:30:00|1|ISP900909Q88|Industrias del Sur Poniente, S.A. de C.V.| Alvaro Obregón|37|3|Col. Roma Norte|México|Cuauhtémoc|Distrito Federal|México|06700|Pino Suarez|23|Centro|Monterrey|Monterrey|Nuevo Léon|México|95460|CAUR390312S87|Rosa María Calderón Uriegas|Topochico|52|Jardines del Valle|Monterrey|Monterrey|Nuevo León|México| 95465|10|Caja|Vasos decorados|20|200|1|pieza|Charola metálica|150|150|IVA|52.5|| I save the string in a text file string.txt in notepad with UTF-8 format, then I use the next command: openssl dgst -md5 string.txt And I get the next result: 011bd54ffdcb0b3e97e4b9bbc69c5dd9 But according to a tutorial im following, the result should be: 8aa2b617944427353697e694a2e35a07 When I get the digest with .Net i get the correct result, but with openssl I don't, Can someone tell me what is wrong? This is end of line problem. For example after saving your example to /tmp/zz.txt I get: $ openssl md5 /tmp/zz.txt 611af9d8272a34478514927b922f53b6 after reading this line to ZZ variable: $ ZZ=`cat /tmp/zz.txt` $ echo $ZZ | openssl md5 611af9d8272a34478514927b922f53b6 but when printing ZZ without new line: $ echo -n $ZZ | openssl md5 8aa2b617944427353697e694a2e35a07 Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need help on OpenSSL error
Hello, [EMAIL PROTECTED] wrote on 06/03/2008 04:40:10 AM: Dear Sir/Madam, I'm currently using Crypt::OpenSSL::RSA module with perl linking with OpenSSL 0.9.8h to encrypt/decrypt message and transport over HTTP POST request to Java application on the other side. When Encrypting with the given public key, Java application can receive the data perfectly. But when Java side encrypt message with private key (which is the pair for our public key), and reply back, we found the following error while trying to decrypt message: RSA.xs:202: OpenSSL error: block type is not 01 at ... Please kindly suggest how we could get around this issue. Currently, we use PKCS1 padding. Please kindly see below for our perl script used. $RSA_Decrypt = Crypt::OpenSSL::RSA-new_public_key( $PublicKey ); $RSA_Decrypt-use_pkcs1_padding(); my $TmpText = decode_base64( $CipherText ); my $PlainText = $RSA_Decrypt-public_decrypt( $TmpText ); #-- Error on the line above Double check that public key used to decrypt java message is really pair to private key on encryption side. You may use NO PADDING and look at decrypted data to check that this data looks reasonable or not. You should consider also that data encrypted with private key may by decrypted by anyone with public key (if public key is really public). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: newbie: problem + RSA
Hello, [EMAIL PROTECTED] wrote on 05/30/2008 12:34:15 PM: Hello, i have created the following code to test the use of RSA (signautre): #include stdio.h #include stdlib.h #include stdint.h #include fcntl.h #include unistd.h #include string.h #include openssl/engine.h #include openssl/err.h #include openssl/rsa.h #include openssl/rand.h #include openssl/sha.h main () { long erreur = 0; char *message=vatos locos para siempre; char *encrypt, *decrypt, *sign, hash[SHA_DIGEST_LENGTH],hash1[SHA_DIGEST_LENGTH]; int longmsg,i,random,ok; int siglong; RSA *rsa; random= RAND_load_file(/dev/urandom ,1024);//seeding the Pseudo random generator rsa = RSA_generate_key(128,13,NULL,NULL);//generating a key having a 128 bits modulus SHA1(message,strlen(message),hash);//computing a digest using SHA1 for(i=0; i20; ++i){ printf(%x,hash[i]);} printf(\n); sign=(unsigned char*)malloc(RSA_size(rsa)); ok= RSA_sign(NID_sha1,hash,strlen(hash),sign,siglong,rsa);//generating the signature using RSA erreur= ERR_get_error(); printf(signature = %d \n,ok); printf(signature length =%d \n,siglong); printf(erreur =%d \n,erreur); printf(PRNG random =%d \n,random); printf(strlen(hash) =%d \n,strlen(hash)); RSA_free(rsa); free(sign); } After i compiled it using: gcc rsa.c -o rsa -lssl And i received the following results: ff9c6bffdd1c5dff9157ffdbff93ffab3c23ffe5ffb344ff8b49632 signature = 0 signature length =-1209806408 erreur =67588208 PRNG random =0 strlen(hash) =20 here are my questions: 1- why RSA_sign returned a 0 (signautre = 0) which means the failure of the key generation? 2- why the signautre has a negative value unstead of having 20 bytes length? 3- why the function RAND_load_file returned zero unstead of returning the number of bytes obtained after seeding the PRNG? Try: - buffers for RSA_* functions mostly are unsigned char*, not char * - use -Wall at compile time and look at any warnings like passing argument 2 of ‘RSA_sign’ differ in signedness - do not use strlen() on signatures, signatures are binary data, not strings - you can not create RSA signature from 160 bit hash using 128 bit RSA key. - add SSL_load_error_strings() and SSL_library_init(). Best regards, -- Marek Marcola [EMAIL PROTECTED] :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: No error messages on Linksys Openwrt
Hello, [EMAIL PROTECTED] wrote on 05/26/2008 09:58:29 PM: Hello calling i2d_RSAPublicKey() I get on a linksys running OpenWrt kamikaze 7.09 the following errors. error:0D07207B:lib(13):func(114):reason(123) error:0D068066:lib(13):func(104):reason(102) error:0D07803A:lib(13):func(120):reason(58) Can anybody please tell me what this means? In the beginning I load ERR_load_crypto_strings(); SSL_load_error_strings(); but that seems somehow not to work. In which header file of the OpenSSL source are those number defined? A grep on th numbers returns to many matches. I suppose it must have to to with an ASN1* call hp8510# openssl errstr 0D07207B error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long hp8510# openssl errstr 0D068066 error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header hp8510# openssl errstr 0D07803A error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Building OpenSSL without Crypto Support
Hello, [EMAIL PROTECTED] wrote on 05/07/2008 12:51:21 PM: The application I am developing requires HTTP over SSL connection and hence I am using OpenSSL for SSL support . But Using OpenSSL with all the cryptographic libraries included increases the size of my app heavily . To deal with that , I want to build a OpenSSL library with NULL encryption ( No Crypto Support at all ) so that the size comes down fairly . My application uses OpenSSL for SSL handshake and I/O only with no encryption/decryption needed at all for data transfer . You can certainly disable algorithms you don't really need. You can eliminate elliptic curve, RC5, MDC2, IDEA, SSLv2, SHA0, blowfish, and probably quite a few others. But I'm not sure I understand (or that you understand) what you're really asking for. SSL is a security protocol, and if you take away the encryption, what do you think is left? Without crypto support, how is the SSL handshake going to work? The SSL handhake is largely a succession of cryptographic operations. For example, one of the steps of the SSL handshake requires the server to decrypt the pre-master secret, which the client encrypts with the server's public key. If the server cannot decrypt this because it has no encryption libraries, how can it prove that it is the owner of its certificate? And if it can't do that, why would the client continue talking to it? What do you think is left if you subtract all encryption operations from SSL? Authentication doesn't work without encryption. It's no use to make absolutely sure you are talking to www.securesite.com if the subsequent data is sent in the clear (because a man-in-the-middle could change it). I would love to see the requirements that require SSL but do not require any actual security. What do you think basic SSL is? Protocol only, cryptographic algorithms may come from other source. You may use some other library (gmp for RSA or IPP for RSA/EC/AES) ... You may use your customer crypto library ... You may use some crypto hardware ... In this case you do not need any software algorithms which comes with OpenSSL. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: d2i_DSAPrivateKey defination
Hello, [EMAIL PROTECTED] wrote on 04/29/2008 03:31:42 PM: Hi, I am using openssl-0.9.8g release not able to find function defination of d2i_DSAPrivateKey. can anybody please let me know when can i find this function defination. After compiling: $ cd crypto/dsa $ nm --print-file-name *.o | grep d2i_DSAPrivateKey dsa_asn1.o:01c0 T d2i_DSAPrivateKey $ gcc -E dsa_asn1.c | grep d2i_DSAPrivateKey Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: question about RSA in openSSL
Hello, [EMAIL PROTECTED] wrote on 04/28/2008 07:00:09 AM: Hi, I have 2 question about RSA generating in OpenSSL : - First, does p and q statisfy condition : sqrt(N)/2 p q 2sqrt(N) No, because q p in any key generated from openssl (starting from some version). - second, when I use RSA_generate_key() with odd value of e, then it runs ok. But when use with even value of e, it runs very slow and I don't know if can it finish or not ? As you already answered this key can not be generated. In OpenSSL algorithm enters endless loop checking for GCD. Here is OpenSSL code: for (;;) { /* When generating ridiculously small keys, we can get stuck * continually regenerating the same prime values. Check for * this and bail if it happens 3 times. */ unsigned int degenerate = 0; do { if(!BN_generate_prime_ex(rsa-q, bitsq, 0, NULL, NULL, cb)) goto err; } while((BN_cmp(rsa-p, rsa-q) == 0) (++degenerate 3)); if(degenerate == 3) { ok = 0; /* we set our own err */ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL); goto err; } if (!BN_sub(r2,rsa-q,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa-e,ctx)) goto err; Here is GCD calculation (which in this case can not be 1) if (BN_is_one(r1)) break; ^^ This can not be satisfied and loop can not end. if(!BN_GENCB_call(cb, 2, n++)) goto err; } Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: s_client GET request
Hello, [EMAIL PROTECTED] wrote on 04/28/2008 04:03:02 PM: Hello, I would like to know how to hold a requisition s_client GET https that the server was connected ?? Ex: GET /Nfe/services/NfeStatusServico?wsdl HTTP/1.1\r\nHost: hnfe.sefaz.es.gov.br\r \nConnection: Keep-Alive\r\nAccept: */*\r\n It would have any other apps I can do this test? You may use wget (with ssl support compiled in) instead. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DER encoding SubjectPublicKeyInfo
Hello, [EMAIL PROTECTED] wrote on 04/21/2008 10:45:18 PM: Hi, I need to DER encode an RSA public key as a SubjectPublicKeyInfo. The ASN.1 definition of SubjectPublicKeyInfo is SubjectPublicKeyInfo ::= SEQUENCE { algorithmAlgorithmIdentifier, subjectPublicKey BIT STRING } According to rfc 3279, the bit string subjectPublicKey should hold the DER encoding of the following ASN.1 defintion: RSAPublicKey ::= SEQUENCE { modulusINTEGER,-- n publicExponent INTEGER } -- e In order to achieve this encoding I tried to call i2d_X509_PUBKEY(). The DER output of this function for an RSA test key is: 0x30 0x81 0x9f 0x30 0x0d 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 0x05 0x00 0x03 0x81 0x8d 0x00 0x30 0x81 0x89 0x02 0x81 0x81 0x00 0xac 0xaa 0x98 0xf8 0xeb 0x58 0x8c 0x0d 0xec 0xf3 0xbe 0xd4 0xd0 0xd0 0xe8 0x0a 0x4d 0x02 0x70 0x30 0xa1 0x1f 0xea 0xa1 0x02 0xaa 0x9d 0xb0 0x16 0x91 0x8a 0x39 0xfe 0x79 0x9a 0xf3 0x46 0xbb 0xc9 0x49 0x23 0x9d 0x37 0xa5 0x13 0xe6 0x2f 0x9e 0xe3 0x94 0xfb 0x31 0xd9 0x8d 0x80 0x79 0x7d 0xbe 0xdf 0x1e 0xf4 0x88 0x6c 0x45 0xc6 0x3e 0xbf 0x4c 0x93 0x58 0xe9 0x5c 0x7a 0x63 0xd5 0x9e 0xb1 0x23 0xf0 0x43 0x50 0x23 0x0d 0xe8 0xc6 0x9f 0x40 0x79 0x3e 0x5a 0x15 0xf0 0x4a 0x1a 0x68 0xc5 0xdb 0xb1 0x69 0x9b 0x5d 0x5c 0x6c 0x12 0x1b 0xaa 0x24 0x36 0x15 0x11 0x45 0x12 0xe5 0x37 0x85 0xa4 0xa8 0x59 0xeb 0x2b 0x2c 0xc4 0x14 0xa4 0x70 0x11 0x72 0x51 0x02 0x03 0x01 0x00 0x01 What type encoding is 0x30? I was expecting to see 0x10 (the type value for SEQUENCE). ASN.1 encodes objects as TLV (tag, length, value). Tag is constructed with class, type, object value. If object value is less then 31 all this information is encoded in one byte (class - 2bits, type - 1bit, object value - 5bits). Because ASN.1 SEQUENCE has value of 0x10 (which is less then 31) all this is encoded in one byte as: ASN_CLASS_UNIVERSAL | ASN_TYPE_CONSTRUCTED | ASN_OBJECT_SEQUENCE where: ASN_CLASS_UNIVERSAL = 0x00 ASN_TYPE_CONSTRUCTED = 0x20 ASN_OBJECT_SEQUENCE = 0x10 which gives you 0x30 Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Public key from a x509v3 certificate
Hello, [EMAIL PROTECTED] wrote on 04/15/2008 06:30:10 PM: Hello, I'm looking to get back the public key from a x509 v3 certificate. I use the function ASN1_BIT_STRING * key = 509_get0_pubkey_bitstr(x509* certificate); but i don't get what i want : I get (from a conversion to hexadecimal thanks to : cout setw(2) setfill('0') right hex (int) key-data[c]; ) 30:82:01:0A:02:82:01:01:___the_public_key___:02:03:01:00:01 How can i get only the public key ? Try X509_get_pubkey(). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can PEM_read_RSAPublicKey() load public key from private key ?
Hello, One thing I will conform you is we can not get public key from a private key . I do not remember where i studied , but it is true. So do not try to get a public key from private key. This is not true. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hash input and output
Hello, [EMAIL PROTECTED] wrote on 04/11/2008 03:56:45 PM: Hi Marek, I do the following: static char *login=login; static char *password=password; static char *label=label; const unsigned char *buf=NULL; strcat(buf, login); strcat(buf, password); strcat(buf, label); You should allocate space for buf before strcat(). unsigned char *m1[20]; unsigned char *m2[20]; SHA1(buf, strlen(buf), m1); // The output is: 3d79ad220830e96dabd6ae6f9973306df1800906 //the output of the above SHA1 will be used as an input for the SHA1 below, after concatenating it with label strcat(m1, label); m1 has binary data, not string. This data may have embeded 0x00 (look at your output above) and strcat can not copy data in good place (to bytes before end instead of end of md1). Use memcpy, does not relay of strlen() on such data too. SHA1(m1, str len(m1), m2); I don't know why the output of the second SHA1 is not the same when I run the program several times. But I think the problem is in the m1 storing, but I don't know how to resolve that. Best regards, -- Marek Marcola [EMAIL PROTECTED]
Re: SSL_connect failing with error -1
Hello, [EMAIL PROTECTED] wrote on 04/11/2008 06:05:31 AM: Thanks for the reply. I really appreciate it ! I have tried initializing the library, but still facing same problem. - Is there anyway to decode the error string error:0001::lib(0) :func(0) :reason (1), to find out what is actually going wrong ? means what does reason(1) stands here for ? - Is a distributable certificate is must for making a https connection ? I have checked with the server owner, as per the feedback they are not using any client site certificates having certificate only on the server side (which I need not to worry). By the way we are using same web services, there everything is working fine, this problem which i am facing is only on mac. Please let me know if there is anything else which I can check here. Here is the code which i have written, rest all code is autogenerated by gsoap. thanks SSL_load_error_strings();/* readable error messages */ int value = SSL_library_init(); LicenseManagerHttpBinding licenseService; licenseService.endpoint = https://10.102.48.28:8443/LicenseManager/services/LicenseManager;; _ns1__Checkout ns1__Checkout; _ns1__CheckoutResponse ns1__CheckoutResponse_; value = licenseService.__ns1__Checkout(ns1__Checkout, ns1__CheckoutResponse_); // Web Service function call ... which fails as per the details in below thread. Try to use something like: int log_ssl(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } return (0); } instead of one call to ERR_error_string(). In OpenSSL you have stack of errors and you should print them all. Next errors may be more informative. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect failing with error -1
Hello, [EMAIL PROTECTED] wrote on 04/11/2008 12:20:12 PM: Thanks for the response. this was useful. Now I got the readable message as : *** error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed I have checked this server certificate is expired. As this is an internal server for us, so as of now i want to ignore this error want to communicate with the server. Is there any way to bypass this error still have the normal https communication with the server ? I know that this is not the proper way to do the https, but for the time i want to test my client server people are working of the certificate, so that will be sorted out in meantime. Try something like: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hash input and output
Hello, [EMAIL PROTECTED] wrote on 04/11/2008 03:51:18 AM: Dear all, I need to call the hash function two times, in which the output of the first call is used as an input for the second (result = hash[hash(A +B) + C] The first call is ok, but when I concatenate its output to the C, I don't get the expected output. Did I miss something? Expression above looks good, but there is too little information of real implementation to say something reasonable. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with SSL_CTX_use_certificate_ASN1
Hello, I need to load ASN1/DER private key. To do this i use FILE *fp; char in_buf[1000]; fp = fopen(../keys/prkey.der, r); len = fread(in_buf, sizeof(char), 1000, fp); fclose(fp); if (!len) return 0; if (!SSL_CTX_use_PrivateKey_ASN1(SSL_FILETYPE_ASN1, ctx, (unsigned char*)in_buf, len)) ERR_print_errors_fp(stdout); and all the time i am getting the following error: 7701:error:0D09A0A3:asn1 encoding routines:d2i_PrivateKey:unknown public key type:d2i_pr.c:125: 7701:error:140AF00D:SSL routines:SSL_CTX_use_PrivateKey_ASN1:ASN1 lib:ssl_rsa.c:690: I have converted that key to pem format with openssl commandline tool and loaded with SSL_CTX_use_certificate_ASN1(ctx, len, (unsigned char*)in_buf) It worked. Does anybody have any ideas what is wrong with SSL_CTX_use_PrivateKey_ASN1 ? Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect failing with error -1
Hello, I am facing some problem when trying to use a https service. SSL_connect() is failing with error -1 (in stub code ...generated using gsoap ... code snippet below), which means some fatal error occured at the protocol level or connection failure occured. Further getting the SSL error code (using SSL_get_error) gives 1 (error in SSL library). Error sting is error:0001::lib(0) :func(0) :reason(1). I am connected to the network able to browse my service (https:// localhost.webserver.net:8443/Version/services/Version?wsdl) in firefox without any problems. Can anyone give me some pointers why it can occur ? PS: Before this i tried to use the service using http, that was working perfectly fine. Is there anything special needs to be done in order to use the https service ? I have build my code with the SSL support. Code sinppet which is causing the problem (from stdsoap2.cpp): /* Try connecting until success or timeout */ for (;;) { if ((r = SSL_connect(soap-ssl)) = 0) ** returns -1 { int err = SSL_get_error(soap-ssl, r);* returns 1 char *strErr = new char[255]; strErr = ERR_error_string(err, strErr);* strErr is comming as : error:0001::lib(0) :func(0) :reason(1) if (err != SSL_ERROR_NONE err != SSL_ERROR_WANT_READ err != SSL_ERROR_WANT_WRITE) { soap_set_sender_error(soap, soap_ssl_error(soap, r), SSL connect failed in tcp_connect(), SOAP_SSL_ERROR); soap-fclosesocket(soap, fd); return SOAP_INVALID_SOCKET;** My program is returning from here. Try to initialize SSL library with SSL_library_init() first. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with SSL_CTX_use_certificate_ASN1
Hello, On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED] wrote: I have converted that key to pem format with openssl commandline tool and loaded with SSL_CTX_use_certificate_ASN1(ctx, len, (unsigned char*)in_buf) It worked. Does anybody have any ideas what is wrong with SSL_CTX_use_PrivateKey_ASN1 ? Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1. Is the OP's file a private key or an X.509 certificate? Line: fp = fopen(../keys/prkey.der, r); suggest that this is private key. Best regards, -- Marek Marcola [EMAIL PROTECTED]
Re: Problem with SSL_CTX_use_certificate_ASN1
Hello, [EMAIL PROTECTED] wrote on 04/10/2008 11:56:50 PM: On Thu, Apr 10, 2008 at 11:44:23PM +0200, [EMAIL PROTECTED] wrote: Hello, On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED] wrote: I have converted that key to pem format with openssl commandline tool and loaded with SSL_CTX_use_certificate_ASN1(ctx, len, (unsigned char*)in_buf) It worked. Does anybody have any ideas what is wrong with SSL_CTX_use_PrivateKey_ASN1 ? Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1. Is the OP's file a private key or an X.509 certificate? Line: fp = fopen(../keys/prkey.der, r); suggest that this is private key. The success of SSL_CTX_use_certificate seems to point to it being a certificate. Which is it? Did the OP misreport what worked? Which was it: SSL_CTX_use_PrivateKey_ASN1() OR SSL_CTX_use_certificate_ASN1() Yes, indeed. According to OP second function works (after conversion). But first function has bad key type specified. I think that output from command: $ openssl asn1parse -in pekey.der -inform der may be very helpful in this case. Best regards, -- Marek Marcola [EMAIL PROTECTED]
RE: CRYPTO_add_lock() segmentation fault (core dump included)
Hello, Oh :) I forgot to mention that I instantiated those variables (it was like obvious for me). Here is the initialization code: int Server::TLS_init() { int i; mutex_buf = (pthread_mutex_t*) malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); if (mutex_buf == NULL) { return -1; } for (i = 0; i CRYPTO_num_locks(); i ) { pthread_mutex_init(mutex_buf[i], NULL); } Maybe changing i to i++ may help. CRYPTO_set_locking_callback(locking_function); CRYPTO_set_id_callback(id_function); SSL_library_init(); SSL_load_error_strings(); return 0; } int Server::TLS_cleanup() { int i; if (mutex_buf == NULL) { return 0; } CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); for (i = 0; i CRYPTO_num_locks(); i ) { pthread_mutex_destroy(mutex_buf[i]); } Maybe changing i to i++ may help. free(mutex_buf); mutex_buf = NULL; return 0; } Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What is wrong with this code?
Hello, The encrypted.file is exactly as the original. If length of your file is multiple of 16 then you will got this behavior. AES_encrypt_cbc() function does not add additional padding block in this case. void aes::encrypt_file(const char * key, const char * path, unsigned char * buf /*[in|out]*/) { // ... unsigned char fbuf_in[1024]; unsigned char fbuf_out[1024]; // Open the reading and writing paths. std::fstream in(path, std::ios::in | std::ios::binary); std::fstream out(/encrypted.file, std::ios::out | std::ios::binary); // Set up the AES key structure. AES_set_encrypt_key(k, 256, m_encrypt_ctx); // Set the IV. std::memset(m_iv, rand(), AES_BLOCK_SIZE); I'm not sure how this is going to work. rand() returns integer between 0 and RAND_MAX. m_iv should be 16-byte table (vector) and you should initialize every 16 bytes in this table. // Do the actual reading, ecrypting and writing. while (!in.eof()) { std::cout aes::encrypt_file: Reading... std::endl; in.read((char *) fbuf_in, 1024); unsigned int len = in.gcount(); std::cout aes::encrypt_file: Encrypting... std::endl; AES_cbc_encrypt(fbuf_in, fbuf_out, len, m_encrypt_ctx, m_iv, AES_ENCRYPT); std::cout aes::encrypt_file: Writing... std::endl; out.write((char *)fbuf_out, len); } } Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Salted password generation/digest
Hello, [EMAIL PROTECTED] wrote on 03/31/2008 11:44:10 PM: I don't think Marek is correct. The command-line interface (openssl enc) doesn't use PKCS5_PBKDF2_HMAC_SHA1(). Other parts of the command-line utilities do (e.g. openssl pkcs8 -topk8 -v2 for encrypting RSA and DSA private keys), but not openssl enc. Of course you are right about openssl enc, this code does not use PKCS5_PBKDF2_HMAC_SHA1(). This code use something between PBKDF1 and PBKDF2. My answer was rather about last question about: public interface where an application developer can pass a password and as a result he becomes a password of the specified length. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl performance
Hello, [EMAIL PROTECTED] wrote on 04/03/2008 04:18:42 AM: Anybody any comments? On Tue, Apr 1, 2008 at 11:56 PM, raj H [EMAIL PROTECTED] wrote: Hi Experts, OpenSSL 9.8b. We are facing some performance issues with it. I heard that doing session reuse or using some other ciphers can help improve the performance significantly. I would like to know - 1. Is using the session reuse with ssl handshake is advisable? I read somewhere that session reuse with openssl is controversial with memory usage. It might have some memory leaks. Is that true? What are other issues with ssl session reuse? Does anyone has any numbers on performance gain with session reuse? This is method improves handshake performance when your client connects/disconnects many times to your server in short time (like https client connections with HTTP/1.0). In this case handshake exchanges only 6 packets (without RSA encryption in case where RSA certificates are used) instead of 9/10/12 (depending of authorization scheme). 2. Does changing cipher used improve performance? We use the default one. Is there any numbers on this too? I plan to use one of - In general: use AES instead of DES3, its faster. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 3DES encryption how to
Hello, [EMAIL PROTECTED] wrote on 04/02/2008 02:16:19 PM: Hi all , I am a newbie to OpenSSL . I have written a client and server program using OpenSSL that works properly doin certificate verification , authentication etal . Now i want to encrypt my data on the client side using 3DES algorithm i m confused which is the way to go ..using ciphers EVP apis like EVP_des_ede3_cbc() or built in custom functions like DES_ede3_cbc_encrypt() Use EVP with EVP_des_ede3_cbc() - high level API. DES_ede3_cbc_encrypt() is low level API Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA support
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 03:58:31 PM: HI, Can SHA be used without compiling in SHA512 support? Yes, SHA is independent of SHA256/SHA384/SHA512 Are there any caveats with this approach? You will not be able to use SHA256/SHA384/SHA512 algorithms but SSL3/TLS1 will work fine. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What scenario will cause openssl can't send client hello request?
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 04:57:18 PM: Hi all, Our program that use openssl can't work normally with 'https' protocol. Then we use ethereal to sniff data on the port 443 and find that client doens't send client hello message to server after it finish tcp handshake. Does anyone known about this? BTW: the openssl lib is fine under another environment. Does anyone have any idea? Any suggestion and help are welcome and greatly appreciated. Thanks. You should look at your application log files (OpenSSL library messages). Establishing tcp connection is one thing while initializing OpenSSL library, creating client_hello packet is another. Log files may answer your question. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA support
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 08:42:45 PM: So SHA256/SHA384/SHA512 are not independant of eachother? Depends. SHA224 uses the same algorithm as SHA256 but with different init constants witch initiates 8 32-bit state variables and output (8 32-bit state variables after transformations) is truncated to 224 bytes. SHA384 uses the same algorithm as SHA512 but with different init constants witch initiates 8 64-bit state variables and output (8 64-bit state variables after transformations) is truncated to 384 bytes. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Salted password generation/digest
Hello, [EMAIL PROTECTED] wrote on 03/29/2008 06:52:18 PM: Hello, consider the following example: You want to encrypt something using OpenSSL's AES 256 Bit encryption. You use the OpenSSL command line interface and specify an 8 character password. This means you specified 64 Bit (8 characters = 64 Bit) but want to use 256 Bit encryption. How does the OpenSSL library expand the password? Does it do a digest of the user specified password to fill up the 256 Bit? Is there even a standard which describes this? And finally is there a public interface where an application developer can pass a password and as a result he becomes a password of the specified length? Try: PKCS5_PBKDF2_HMAC_SHA1() Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems about how to store private key safely
Hello, [EMAIL PROTECTED] wrote on 03/28/2008 10:18:39 AM: Hello, I hope to design an application that uses OpenSSL. Users will use this application from different PCs or Laptops. Therefore, users will have to have their private key in different pcs. If I use the pass phrase protected private key, is it possible for other persons to steal and decrypt that key. Or do you have more feasible ways to implement it? Smartcards. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: querry about content of the RSA key file
Hello, I need to know the content of RSA key files (private and public both). is there any header that we write in these files? what all parameters(n,e,d,p,q) are written in each file? RSA key is encoded with ASN.1. Look at PKCS#1 specification for details. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem in openssl Master key Generation
Hello, When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I tried to connect https://www.gmail.com using sslv2.0 .At that time I saw client sent client hello and server sent server hello successfully. But After that Client was not sending MASTER_KEY message. I checked and I found in file ssl\s2_clnt.c inside function int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) having function x509=d2i_X509 (NULL, data,(long)len); return x509=0; that’s why it is going to label err. And returning ret =-1; Please tell me how I can remove this error. So I can proceed further next step in sslv2.0 response . One thing I want to say for compilation purpose I added below function in this file “x_x509.c“. Do not use/support SSL2 for secure communications, use SSL3 or TLS1. SSL2 client_hello may be used for negotiations SSL3 or TLS1 (only one handshake packet). Best regards, -- Marek Marcola [EMAIL PROTECTED]
Re: Doubt about the PKCS5_PBKDF2_HMAC_SHA1() function
Hello, I have a doubt about the PKCS5_PBKDF2_HMAC_SHA1() function. I have to realize a master key derivation on the client and server, using a password to obtain the session encrypt key. I use the PKCS5_PBKDF2_HMAC_SHA1() function to reach this purpose. If i use the same input, should i receive the same result on both sides? Yes. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: cipher algorithms
Hello, I have some doubts regarding OpenSSL cipher algorithms and I was wondering if someone could help me with that. 1) If my understanding is correct, the client sends the list of supported cipher algorithms and the server will choose one algorithm of such list in order to establish the secure channel. Is there some priority for the algorithms? For instances, will it favor AES in lieu DES whenever supported by the client? Or is the algorithm chosen randomly? Client should sent most favorite cipher first. But, of course, server makes the final decision. Client order of cipher_suites in client_hello is only hint for server. 2) How is the symmetric key negotiated in OpenSSL? Does it use Diffie-Hellman or RSA? Or does it vary depending on client request? If the second, what is used if client supports both? Key exchange method is dependent of chosen ciphersuite. Look at: $ openssl ciphers -v Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: cipher algorithms
Hello, One last question, can an algorithm or cipher suite be enabled or disabled on OpenSSL by an user (I mean, without needing to recompile and redistribute OpenSSL binaries)? Yes, from server or client point of view you can control this with SSL_CTX_set_cipher_list() function call. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help regarding error
Hello, when i compile the program p192.c i get following error [EMAIL PROTECTED] ~]# gcc p192.c /tmp/ccicrxZV.o: In function `main': p192.c:(.text+0x12): undefined reference to `DH_new' p192.c:(.text+0x31): undefined reference to `BN_bin2bn' p192.c:(.text+0x3e): undefined reference to `BN_new' p192.c:(.text+0x5c): undefined reference to `BN_set_word' p192.c:(.text+0x71): undefined reference to `PEM_write_DHparams' collect2: ld returned 1 exit status Add -lcrypto to gcc command. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to use the HMAC() function
Hello, I have a doubt about how to use the HMAC() function. I developed this code in C language: (abridged) ... unsigned char *auth = NULL; unsigned char *session_auth_key; unsigned char *auth_tag; . . auth = HMAC(EVP_sha1(), session_auth_key, auth_key_length, length, auth_tag, auth_tag_length); . . Is the first argument in HMAC correct? When i run my program with GDB (GNU Project Debugger ) i get the string EVP_DigestFinal_ex () from /usr/lib/i686/cmov/libcrypto.so.0.9.8 as result. I think that the problem deals with the HMAC function. I use also the AES_ctr128_encrypt in my program. Can it have an influence? Code like this: HMAC(EVP_md5(), pass, strlen(pass), (u_char *) ctx-chal, strlen(ctx-chal), buff, len); works (pass and chal are normal strings) As a result you will get hmac (here of MD5 size = 16bytes) but as binary buffer. You may convert this buffer to hex with code: for (i = 0; i len; i++) { sprintf((digest[i * 2]), %02x, buff[i]); } digest[2 * len] = 0; and use for example for ascii compare or so. (from performance point of view sprintf() should be replaced with simple function which covert byte to hex form). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL Error
Hello, I am facing some problem when I tried to compile the application. This application was building fine, but after adding a file called digestclient.c (to support HTTPs), it's throwing the following error. Can anyone give some input on this. digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] Add -lcrypto -lssl libraries to linking process. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: No Shared Cipher
Hello, I am facing some difficulties with OpenSSL implementation and am stuck at handshake failure. I have created a normal .exe (which acts as a server) which opens port 36003 and loads the required certificate and private key and waits for any incoming connection. Once I recieve connection request from the client and connection is accepted using the funtion BIO_do_accept, the handshake process fails. I am using the function BIO_do_handshake() for this. The reason for failure I get is No shared cipher. I found a function which allows us to set the list of ciper suites that we authorize our SSL object to use. The function is SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) where ctx is the context and *str is the list of ciper suites for e.g. str could be ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH. I found that the client uses RC4_MD5 RC4_SHA cipher suites. How to ensure that my SSL context object uses the same cipher suite. What string should I pass to SSL_CTX_set_cipher_list??? For e.g. SSL_CTX_set_cipher_list(ctx, MD5!SHA) ??? Server enforces allowable ciphers. You set at server side ciphers that you trust and client must support one of your ciphers or you disconnect. You may just add using SSL_CTX_set_cipher_list() supported by server ciphers. To list/test ciphers strings you may user openssl command. For example to list what ALL means you may execute: $ openssl ciphers -v ALL or to test what ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH means: $ openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' and next you may build your own ciphers list. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL client through proxy
Hello, I have to connect to my OpenSSL server through proxy server. How can I establish this connection? Establish tcp connection through proxy (connect, socks5, transparent, reverse or any other) and next run SSL on this tcp connection. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: generating CSR
Hello, I want to get the CSR file to purchase an ssl certificate for securing SMTP on Sendmail, OS=Redhat ES5 I ran the following: 1. to generate the private key: openssl genrsa -des3 -out server.key 1024 then i inserted my passphrase 2. to generate CSR: openssl req -key server.key -out server.csr after i enter my passphrase the system hangs on, i need to press CRT-c to back to the system and the CSR is not generated. an ideas: Important: i run this on Fedora 8/openssl 0.9.8b-17 and it works fine! my system is Redhat enterprise linux 5/openssl 0.9.8b-8 Add -new option to openssl req ... command. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL trusted root store
Hello, One of my responsibilities is to ensure that GlobalSign’s roots are embedded within devices and operating systems. Recently a major browser provider indicated the following:- “However, for the most part we integrate with third party SSL/TLS libraries. On these devices we do not generally control what goes into the root store of the device. In these cases I think you will have to talk to the various device manufacturers we integrate with, and sometimes the SSL/TLS library provider. A few typical ones; Certicom, OpenSSL, MatrixSSL, etc.” Can someone point me in the right direction please to ensure future OpenSSL versions have the correct GlobalSign Roots. We’ve recently updated our roots and therefore have new ones to embed. I’m not sure to whom I need to direct my request. OpenSSL, MatrixSSL or GnuTLS are only toolkits/libraries, not applications for end users. You should contact application/system developers which distribute such root certificates in its own products (browsers, linux systems, ...). After new installation (from source) of OpenSSL or MatrixSSL no new certificates appears in any application/system. Best regards, -- Marek Marcola [EMAIL PROTECTED] :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: footprint of openssl
Hello, How can I reduce the size of OpenSSL, to an embedded usage? I need only few cipher, like RSA, SSL 3.0 TLS 1.0...do you if there are some optimization to make for reduce the size of OpenSSL library ? This is old question. If you want to use SSL/TLS from OpenSSL then this is practically not possible (or very complicated) and result may be not satisfied. All what you may try is to use some defines to disable some crypto algorithms. Look at source code for NO_ preprocessor definitions. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i2d_ASN1_INTEGER definition in src code
[EMAIL PROTECTED] wrote on 02/14/2008 05:45:21 PM: Can anyone please help me out on this...Thanks -- Shanku --- Shanku Roy [EMAIL PROTECTED] wrote: Hi Folks, Can anyone please point me to the location of function definition of i2d_ASN1_INTEGER () in OpenSSL source code. I could trace only till the following in the header files: file crypto/asn1/asn1.h: #define I2D_OF(type) int (*)(type *,unsigned char **) Try something like that (after make): $ pwd /tmp/openssl-0.9.8g $ find . -name *.o -exec nm -o --defined-only {} \; | grep d2i_ASN1_INTEGER ../crypto/asn1/tasn_typ.o:1060 T d2i_ASN1_INTEGER $ cd ./crypto/asn1/ $ gcc -E tasn_typ.c | grep d2i_ASN1_INTEGER | indent Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL wants to read on connection?
Hello, I've just started trying to develop a piece of software with OpenSSL and I have a rather strange problem I wondered if anyone here might be able to help explain... I've initialised OpenSSL like this: SSL_library_init(); SSL_load_error_strings() and created a context (error checking omitted for brevity): m_ssl_ctx = SSL_CTX_new( SSLv23_method() ); SSL_CTX_load_verify_locations( m_ssl_ctx, TRUSTED_CERTS_FILE, NULL ); then created two mem buf BIOs and an SSL object, initialised like this: m_rbio = BIO_new( BIO_s_mem() ); m_wbio = BIO_new( BIO_s_mem() ); m_ssl = SSL_new( m_ssl_ctx ); SSL_set_bio( m_ssl, m_rbio, m_wbio ); SSL_set_connect_state( m_ssl ); and then I do the following: ret = SSL_write( m_ssl, buf, buf_lef ); which returns -1, as you'd expect. But (and here's the odd part) when I call: SSL_get_error( m_ssl, ret ) it returns SSL_ERROR_WANT_READ, not SSL_ERROR_WANT_WRITE. How can this be!? The OpenSSL library is setup in client mode, so shouldn't it want to write a client hello to the server first? Like I said, this is my first attempt at using OpenSSL, so forgive me if I'm missing something really obvious! We do not know at what stage handshake stops. Maybe at reading server_hello after successfully writing client_hello ? To check this you may add to your code: /** * TLS connection info callback. * * @paramsslTLS connection socket * @paramtypeconnection type * @paramvalconnection info * @returnnone */ static void tls_connection_info_cb(const SSL * ssl, int type, int val) { if (type SSL_CB_LOOP) { log_tra(tls_state: %s: %s, type SSL_ST_CONNECT ? connect : type SSL_ST_ACCEPT ? accept : undefined, SSL_state_string_long(ssl)); } if (type SSL_CB_ALERT) { log_tra(tls_alert: %s:%s: %s, type SSL_CB_READ ? read : write, SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val)); } } and set connection callback: /* callback for connection information on SSL/TLS session negotiation */ SSL_CTX_set_info_callback(ctx, tls_connection_info_cb); Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with encrypting using ofb
[EMAIL PROTECTED] wrote on 02/11/2008 10:28:32 PM: Im trying to encrypt some test data using CMD line openssl but i keep getting an error around my key/iv input. can someone please point me in the correct direction? C:\OpenSSL\binopenssl enc -e -des-ofb -in c:\Openssl\Test_ofb_data.txt -in c:\o penssl\encrypted_data.enc -k/-iv 0123456789abcdef0123456789abcdef/1234567890abcd ef - 8 unknown option '-k/-iv' Try: ... -k 0123456789abcdef0123456789abcdef -iv 1234567890abcd ... Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: enc-aes-cbc and enc-aes-ecb
Hello, 1)Is there a publication for the way the iv and the key are generated from the text based password? I assume that enc uses the same method for all modes. 2)Is there a publication for how the salt integrates into the cipher, and the determination of the key and iv? I am trying to develop a javascript program that is compatible with openssl in this area. Thus far I have implemented aes-cbc and aes-ecb that takes a key and iv (in the case of cbc). Once I figure out how to generate the key and iv the same openssl does I am set. Using the salt would be an added benefit. Look at PKCS#5 document (especially PBKDF2 function), this function is implemented in OpenSSL as PKCS5_PBKDF2_HMAC_SHA1() function. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: key iv generation?
Hello, How is the key and iv generated? I am using enc -aes256 with a text based password. Is there an stand alone openssl command that will do this? I need to find the code that does this step so that I can replicate it in javascript. Look at EVP_BytesToKey() implementation. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl server + smart card
Hello, In SSL/TLS you encrypt pre_master_secret with server certificate. For that, you do not need smartcard, TLS server will send you certificate and (after verification) you (client) encrypt generated pre_master_secret with server public key send to you by server with certificate. You may use smartcard if TLS server requires client verification, then your (client) private key from smartcard is used to prove your identity. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Here the server is using the smart card and the smart card holds the server certificate and the private key. So the server got the server cert from the smart card and sends it to the client. The client encrypts the pre_master_secret with the public key and sends it to the server. Now the server must use the smart card because the servers private key is only on the smart card. Ok, misunderstanding :-) You may use for that OpenSSL ENGINE interface ( $ man engine ). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl server + smart card
Hello, I writing a TLS server application. That is the easy part. The server certificate is on a smart card. So I get only the public key and the certificate but not the private key from the smart card. So I have to decrypt everything in the TLS handshake, which is encrypted with server public key (the premaster secret), with the smart card . So my question is: How can I control the TLS handshake in openssl so, that the premaster secrete is decypted with the smart card. In SSL/TLS you encrypt pre_master_secret with server certificate. For that, you do not need smartcard, TLS server will send you certificate and (after verification) you (client) encrypt generated pre_master_secret with server public key send to you by server with certificate. You may use smartcard if TLS server requires client verification, then your (client) private key from smartcard is used to prove your identity. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: install openssl from source while rpm is their on RHEL 4
Hello, I have a red hat ES 4 64 bit version installed server with openssl-0.9.7a-43.8 rpm installed. i need to install the openssl 0.9.8g from the source. If I use default prefix whcih is /usr/local/ssl to install config files and all default config options Will it remove any of the libraries which the previous server has installed ? or will it install all components inside --prefix directory. make install will install libraries inside --prefix Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: install openssl from source while rpm is their on RHEL 4
Hello, will install accordingly and hope to move the original /usr/bin/openssl to some other name and to make a soft link to the 0.9.8g binary. appreciate any concerns on this. If you want to use many versions of OpenSSL you may define --prefix as /usr/local/openssl-VERSION, for example: --prefix=/usr/local/openssl-0.9.8g Then, feature/past versions may be installed in its own directory and you be able to switch between them. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_verify problem
Hello, I have tested the sample code and it runs without error however I am still using the default char N[], char E[] and msg[] values in the file. I am unclear what steps I need to take to convert the Modulus and Exponent strings from my XML into a format suitable for this function. In the code it seems that the N and E values are hexadecimal- should this be the hexadecimal conversion of my 128 byte base64 decoded modulus value from the XML and the equivalent for the exponent? I use hex form because BN_hex2bn() function is used here. In your case, you may use binary buffer (after decoding with base64) and function BN_bin2bn(). Also should the 'msg[]' character array be the pure xml string of the SignedInfo element? msg[] is not used, this is from my other examples, ignore it. You should put signature (after base64 decoding) to enc_bin buffer. In my example I test only decryption by creating buffer with all bytes set to 1: /* prepare encrypted data */ enc_len = RSA_size(rsa_pub); memset(enc_bin, 1, enc_len); In your situation, you should put real data here. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]