Re: [openssl-users] RSA sign using SHA256 with mgf1 padding

2016-08-31 Thread Mounir IDRASSI
Hi,

I have written a sample few years ago that performs PSS signature using
SHA256 like what you need.
You can get it from
https://www.idrix.fr/Root/Samples/openssl_pss_signature.c
It uses the maximum salt length. You should check that the server
expects this as well.

Cheers,
--
Mounir IDRASSI

Le 29/08/2016 à 10:59, Moshe Wiener (mowiener) a écrit :
>
> Hello,
>
> I’m running an application which runs an authentication session with a
> server. The server provides some random data, and my application needs
> to sign it with its private key, and send back the signature. The
> server which knows the public key verifies the signature, and it good
> then the client which runs my application is authenticated.
>
> This session used to run OK, until the server was changed so instead
> of using PKCS#1_v1.5 now it uses PKCS#1_v2.1
>
> Now, the server uses signature algorithm of SHA256 WITH RSA AN DMGF1.
>
> In my application I use OpenSSL.
>
> I think that I need to use ‘RSA_padding_add_PKCS1_OAEP_mgf1’ but
> couldn’t figure out what to put in each of its arguments.
>
> Is there somewhere a sample code which implements RSA signature with
> mgf1 padding and a SHA256 hash?
>
> Many thanks,
>
> Moshe
>
>  
>
>  
>
>
>

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: Schanner secu

2014-11-19 Thread Mounir IDRASSI

Hi,

The latest Windows update that corrected the WinShock SChannel 
vulnerability brought many changes to the way TLS is performed and among 
the changes is the fact that the Supported Point Formats Extension is 
not sent anymore in the ServerHello during the TLS handshake.


In version of OpenSSL prior to 1.0.0c, the Supported Point Formats 
Extension was expected to be present all the time which ofcourse is not 
correct. I have sent a patch for that in 2010 
(https://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest#txn-26841) 
and the correction was subsequently included in 1.0.0c.


This explains why you are starting to receive TLS handshake errors with 
curl client linked with OpenSSL 1.0.0a and 1.0.0b after the SChannel 
update from Microsoft.


If you are not able to upgrade your clients, then the only solution is 
to ask Microsoft how to force the inclusion of the Supported Point 
Formats Extension in the TLS handshake as it was the case before.
Their SChannel update brought new issues anyway and most certainly 
Microsoft will publish another update to SChannel in order to solve 
them, so there is a possibility for them to restore the old TLS 
handshake behavior unless it causes security issues for them (but I 
can't imagine how).


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 11/14/2014 10:02 PM, Gilles Vollant wrote:


Microsoft just published a patch on their SChannel component (KB 2992611 )


https://technet.microsoft.com/library/security/MS14-066


But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or 
Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a 
/ 1.0.0b !



If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot 
download anything from IIS 7.5/8.0 webserver using https after patching !


OpenSSL 1.0.0c has no problem. But somes clients cannot be updated 
magically!



Curl says:
curl: (35) error:1411809D:SSL 
routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list


I made a report here:

http://www.winimage.com/demo_report_openssl_windows/

I hope Microsoft can (and will) update their fix to allow curl + 
openssl1.0.0(a or b) connect !


regards
Gilles Vollant


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Leak in BN_rand_range?

2014-09-24 Thread Mounir IDRASSI
Hi,

The leak comes from the fact that you are passing a NULL value
parameter to BN_rand_range. This is unexpected as this is where the
result is supposed to be written. Internally, because of this NULL
pointer, OpenSSL allocate temporary BIGNUM that gets lost (allocated in
the call to BN_bin2bn inside the function bnrand at line 199 of bn_rand.c).

To avoid this leak, just allocate your value variable at the begining
and don't free it inside the loop because its value will be updated by
BN_rand_range. So just add value = BN_new(); at the begining and remove
the if block inside the loop.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 9/24/2014 6:27 PM, Jeffrey Walton wrote:
 I've got a program that repeatedly calls BN_rand_range. Valgrind is
 reporting 2.4 MB of leaks.

 If I comment out the loop that generates the range value, then the
 leak summary drops to 0.

 Is there anything else I should be doing below?

 **

  Error checking was removed from the sample, but nothing fails.

 #include assert.h
 #include stdlib.h
 #include errno.h

 #include openssl/bn.h

 #define ITERATIONS 1000UL

 int main(int argc, char* argv[])
 {
 UNUSED(argc), UNUSED(argv);

 int rc = 0, err;
 BIGNUM *range = NULL, *value = NULL;

 range = BN_new();
 rc = BN_set_word(range, 3);

 for(size_t i = 0; i  ITERATIONS; i++)
 {
 if(value) {
 BN_free(value), value = NULL;
 }

 rc = BN_rand_range(value, range);
 }

 if(range) {
 BN_free(range), range = NULL;
 }

 if(value) {
 BN_free(value), value = NULL;
 }

 return 0;
 }
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_check_key failure 0x407b093 (value missing)

2014-06-08 Thread Mounir IDRASSI

On 6/8/2014 1:46 AM, Jeffrey Walton wrote:

OK, does the library provide the CRT solver (I don't believe so, but I
thought I would ask).
Few years ago, I needed such solver to convert from RSA SFM format 
(n,e,d) to CRT representation. Obviously OpenSSL doesn't contain one so 
I implemented it using OpenSSL routines and I released an Open Source 
tool called RsaConverter that provide such functionality 
(http://rsaconverter.sourceforge.net/).


You can have a look at the file librsaconverter.c from its source 
(http://sourceforge.net/p/rsaconverter/code/HEAD/tree/Trunk/src/librsaconverter.c).
In your case, you can use the function SfmToCrt in order to compute the 
CRT parameters, thus making RSA_check_key happy.


Before calling SfmToCrt, I advice to call CheckRsaSfmKey to verify that 
the triplet (n,e,d) are valid for RSA otherwise SfmToCrt can't find the 
CRT parameters (the algorithm is based on random search for a generator 
that exists only for valid RSA parameters). In order to avoid infinite 
loops, I implemented a configurable timeout.


Concerning its performance, the algorithm is fast : for RSA 2048, it 
takes 250 ms on average on a Core i7-2600K and on the older Pentium III 
M it takes 1 second on average.


I don't if there are many people who need use RSA SFM parameters but 
having such conversion functionality inside OpenSSL can be interesting. 
In such case, I can send a patch for it.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL ECCN #

2012-08-20 Thread Mounir IDRASSI

Hi,

There was a similar question years ago. Here is a link to its answer : 
http://marc.info/?l=openssl-usersm=123357572413547

I don't know if it is still relevant.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 8/20/2012 8:38 PM, Alona Rossen wrote:


Hello,

We need OpenSSL ECCN # for our records. Please advise if this 
information can be obtained.


Thank you,

Alona Rossen



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA OAEP with sha256

2012-08-16 Thread Mounir IDRASSI

Hi Martin,

In OpenSSL implementation of OAEP, MGF1 is hardcoded with SHA-1 (look at 
the end of the file rsa_oaep.c). Moreover, the function 
RSA_padding_add_PKCS1_OAEP is using explicitly SHA-1 as the unique 
possible hash. That's why your results are incorrect.


Personally, I overcame these limitations by implementing my own version 
of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF 
implementation. I guess you should do the same.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 8/16/2012 11:27 PM, Martin Kaiser wrote:

Dear all,

I'd like to encrypt some bytes using RSA OAEP with MGF1. Both OAEP and
MGF1 should use sha256 instead of the default sha1.

Does openssl support this at all? I tried something along the lines of

size_t outlen;
int ret;
EVP_PKEY_CTX *ctx;
unsigned char in[] = {  some bytes ... };

EVP_PKEY *key = NULL;
RSA *r = NULL;

unsigned char n[] = { ... };   /* 128 bytes */
unsigned char e[] = { 0x01, 0x00, 0x01 };

key = EVP_PKEY_new();
r = RSA_new();
assert(r);
EVP_PKEY_assign_RSA(key, r);
key-pkey.rsa-n = BN_bin2bn(n, sizeof(n), NULL);
key-pkey.rsa-e = BN_bin2bn(e, sizeof(e), NULL);

ctx = EVP_PKEY_CTX_new(key, NULL);
assert(ctx);

ret = EVP_PKEY_encrypt_init(ctx);
assert(ret=0);

ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
assert(ret=0);

ret = EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_CRYPT,
 EVP_PKEY_CTRL_MD, 0, (void *)EVP_sha256);
assert(ret=0);

ret = EVP_PKEY_encrypt(ctx, out, outlen, in, sizeof(in));
assert(ret=0);
assert(outlen==128);


This doesn't fail on any asserts. I tried

ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());

instead of EVP_PKEY_CTX_ctrl().
This would not work because of a EVP_PKEY_OP_TYPE_... mismatch.

Unfortunately, the output does not seem to be correct, I can't produce
valid messages that are recognized by a receiving side that's known to
work with oeap sha256.

Does anyone see what I'm doing wrong here? Or does anyone have test
vectors so that I can verify my code? I know there's test vectors from
rsasecurity but they're only for oaep sha1.

Thanks in advance for your help,

Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL 1.0.1a tarball ckecksums

2012-04-22 Thread Mounir IDRASSI

Hi,

Your browser is unzipping the archive on the fly. The file you are 
getting is the TAR and not the gzipped TAR.

Try clicking save as on the link to see if you get the real gzipped file.

By the way, all the ckecksums on the page are correct.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 4/22/2012 1:21 PM, Francois Claire wrote:

Hi,


On the openssl download page the size of openssl-1.0.1a.tar.gz is 
4456456 bytes but when I download it (wget 
http://www.openssl.org/source/openssl-1.0.1a.tar.gz) I'm receiving a 
tarball which is 21770240 bytes long.


Of course the SHA1 checksum is different than the one announced on the 
web site:

$ openssl sha1 openssl-1.0.1a.tar.gz
SHA1(openssl-1.0.1a.tar.gz)= e3ba2479b7cc594aff9eba2d9804063cc5f9f43d

Could it be the checksums on the source download page 
(http://www.openssl.org/source/) are wrong ?





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: TLS/SSL Re-Negotiation Vulnerability [CVE-2011-1473]

2011-12-27 Thread Mounir IDRASSI

Hi,

The following blog post explains different mitigation techniques for 
this vulnerability and among them is Rate Limiting :

http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/21/2011 7:40 PM, Hasan, Rezaul (NSN - US/Arlington Heights) wrote:


Hello All,

We have openssl 0.9.8r on our Linux Server. Application thats used is 
httpd.


A Nessus security scan on our Linux server tells us that we may be 
vulnerable to a potential DOS due to SSL/TLS Renegotiation 
Vulnerability [CVE-2011-1473].


The suggestions of mitigating these (we believe) are:

1. Disable Re-Negotiation completely. {We CANNOT use this choice, 
because our system does need to allow Re-Negotiation in some cases. So 
NOT an option for us}


2. Rate-Limit Re-Negotiations.

Can someone please provide detailed information/guidance about exactly 
how to go about Rate-Limiting Re-Negotiation requests on the Linux 
Server? Pointing to a detailed article would also be helpful.


Thanks a bunch in advance.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: TLS 1.0 cracked...

2011-09-21 Thread Mounir IDRASSI

Hi,

This have been already discussed in the openssl-dev mailing list. Go to 
the mailing list archive and take a look at the subject openssl 1.0.1 
and rumors about TLS 1.0 attacks.
To be brief, this attack has been known for 7 years now and OpenSSL 
implemented an effective countermeasure against it since version 0.9.6d 
(insertion of empty fragments). So, an OpenSSL based web server is 
immune from this attack, unless it uses the flag 
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.


Links cited in the dev mailing list :
   - http://www.openssl.org/~bodo/tls-cbc.txt , section 2.
   - 
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887rep=rep1type=pdf 
: a 2006 paper discribing the attack and the OpenSSL countermeasure.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 9/21/2011 4:48 PM, Thomas J. Hruska wrote:
The Register published an article yesterday that some people here 
might be interested in on TLS 1.0 being cracked:


http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/


The Register points their Finger of Blame right at OpenSSL.

Of course, a lot of places then blew this out of proportion with 
headlines along the lines of, ZOMG!  HTTPS/SSL Intertubes Hacked!  i 
can haz your internets?!?!


Right now, no one really knows anything about the research that is 
supposedly going to be published on Friday.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Compile OpenSSL for debug and release in Windows with Visual C++

2011-06-21 Thread Mounir IDRASSI


Yes, this the target configuration for debug under Windows VC++.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 6/22/2011 7:38 AM, ml.vladimbe...@gmail.com wrote:

Is “debug-VC-WIN32” option of configuration an answer to my question?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI

Hi,

This could be related to the slowness of RAND_poll under Windows 7. See 
: http://rt.openssl.org/Ticket/Display.html?id=2100user=guestpass=guest
Your second process is certainly trying to initialize its RNG and that's 
why you see this delay.

Do you confirm that you are executing these processes under Windows 7?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 5/4/2011 7:02 AM, Ashwin Chandra wrote:


I generate an RSA key using RSA_generate_key in one process. I then 
take the RSA structure that is generated and serialize it and send it 
to another process via an RPC mechanism. In the other process I then 
de-serialize the RSA data and use that as input to an 
RSA_private_decrypt function to decrypt some data that was previously 
encrypted with the RSA public key.


This works fine and I am able to decrypt the data successful, HOWEVER, 
it takes a long time to do so, like up to 2 seconds. It is almost as 
if it is doing another key generation in the background. Note that if 
I do this RSA_private_decrypt in the same process as the one that 
generated the key, it takes around 20-30 ms.


This leads me to think that maybe there is some static data that the 
openssl library uses in RSA_private_decrypt that was cached when I 
generated the key and now is not available since it is a new process.


Can anyone enlighten me on this?



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI


Indeed, their have been already a modification to OpenSSL in order to 
limit the observed delay but that doesn't completely solve the problem.
This issue is linked to an internal design of OpenSSL which uses heap 
walking as a mean to gather entropy and unfortunately Windows 7 have 
made this mechanism more expensive than previous Windows versions. So, 
this issue won't be solved unless there is a major change to OpenSSL 
entropy gathering architecture, which doesn't appear to be coming any 
time soon.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 5/4/2011 6:14 PM, Ashwin Chandra wrote:

Okay I read the complete bug report and it looks like there is a fix in
the latest openssl. However I checked it out and it limits the maximum
time RAND_poll will take to a second. 1000ms. Is there any other way to
speed this up?

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: Wednesday, May 04, 2011 4:47 AM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt across processes

Hi,

This could be related to the slowness of RAND_poll under Windows 7. See
:
http://rt.openssl.org/Ticket/Display.html?id=2100user=guestpass=guest
Your second process is certainly trying to initialize its RNG and that's
why you see this delay.
Do you confirm that you are executing these processes under Windows 7?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 5/4/2011 7:02 AM, Ashwin Chandra wrote:

I generate an RSA key using RSA_generate_key in one process. I then
take the RSA structure that is generated and serialize it and send it
to another process via an RPC mechanism. In the other process I then
de-serialize the RSA data and use that as input to an
RSA_private_decrypt function to decrypt some data that was previously
encrypted with the RSA public key.

This works fine and I am able to decrypt the data successful, HOWEVER,
it takes a long time to do so, like up to 2 seconds. It is almost as
if it is doing another key generation in the background. Note that if
I do this RSA_private_decrypt in the same process as the one that
generated the key, it takes around 20-30 ms.

This leads me to think that maybe there is some static data that the
openssl library uses in RSA_private_decrypt that was cached when I
generated the key and now is not available since it is a new process.

Can anyone enlighten me on this?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI


Well, this is not quiet adapted to the situation. OpenSSL is a library 
and it doesn't spawn any process. Moreover, the issue is with the 
internal builtin RNG of OpenSSL and a simple user of OpenSSL can not 
change its implementation.
Apart from a change to OpenSSL internal, the only option is to implement 
an engine that exports its own RNG implementation through a custom 
RAND_METHOD structure.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote:
Start second process as a daemon so it only does the entropy gathering 
at process start-up?




*On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net sent:
*


Indeed, their have been already a modification to OpenSSL in order to
limit the observed delay but that doesn't completely solve the
problem.
This issue is linked to an internal design of OpenSSL which uses heap
walking as a mean to gather entropy and unfortunately Windows 7 have
made this mechanism more expensive than previous Windows versions.
So,
this issue won't be solved unless there is a major change to OpenSSL
entropy gathering architecture, which doesn't appear to be coming any
time soon.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 5/4/2011 6:14 PM, Ashwin Chandra wrote:
 Okay I read the complete bug report and it looks like there is a
fix in
 the latest openssl. However I checked it out and it limits the
maximum
 time RAND_poll will take to a second. 1000ms. Is there any other
way to
 speed this up?

 -Original Message-
 From: owner-openssl-us...@openssl.org
mailto:owner-openssl-us...@openssl.org
 [owner-openssl-us...@openssl.org
mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
 Sent: Wednesday, May 04, 2011 4:47 AM
 To: openssl-users@openssl.org mailto:openssl-users@openssl.org
 Subject: Re: RSA_private_decrypt across processes

 Hi,

 This could be related to the slowness of RAND_poll under Windows
7. See
 :
 http://rt.openssl.org/Ticket/Display.html?id=2100user=guestpass=guest 
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Frt.openssl.org%2FTicket%2FDisplay.html%3Fid%3D2100%26user%3Dguest%26pass%3Dguest
 Your second process is certainly trying to initialize its RNG and
that's
 why you see this delay.
 Do you confirm that you are executing these processes under
Windows 7?

 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.idrix.fr

 On 5/4/2011 7:02 AM, Ashwin Chandra wrote:
 I generate an RSA key using RSA_generate_key in one process. I then
 take the RSA structure that is generated and serialize it and
send it
 to another process via an RPC mechanism. In the other process I then
 de-serialize the RSA data and use that as input to an
 RSA_private_decrypt function to decrypt some data that was
previously
 encrypted with the RSA public key.

 This works fine and I am able to decrypt the data successful,
HOWEVER,
 it takes a long time to do so, like up to 2 seconds. It is almost as
 if it is doing another key generation in the background. Note
that if
 I do this RSA_private_decrypt in the same process as the one that
 generated the key, it takes around 20-30 ms.

 This leads me to think that maybe there is some static data that the
 openssl library uses in RSA_private_decrypt that was cached when I
 generated the key and now is not available since it is a new
process.

 Can anyone enlighten me on this?

 __
 OpenSSL Project http://www.openssl.org

http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org
 User Support Mailing List openssl-users@openssl.org
mailto:openssl-users@openssl.org
 Automated List Manager majord...@openssl.org
mailto:majord...@openssl.org


 __
 OpenSSL Project http://www.openssl.org

http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org
 User Support Mailing List openssl-users@openssl.org
mailto:openssl-users@openssl.org
 Automated List Manager majord...@openssl.org
mailto:majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
mailto:openssl-users@openssl.org
Automated List Manager majord...@openssl.org
mailto:majord...@openssl.org




__
OpenSSL Project http://www.openssl.org
User Support Mailing

Re: issue with p12 creation and network solutions EV SSL

2011-04-26 Thread Mounir IDRASSI
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-END CERTIFICATE-
==

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/26/2011 2:29 PM, James Chase wrote:
Someone suggested it would be helpful to post the chain file and the 
site's public certificate to the list. If it is helpful, here is the 
site cert (and below that their supplied chain file)


-BEGIN CERTIFICATE-
MIIF+TCCBOGgAwIBAgIRAOQNdqGKinmztM0sRh0SkkowDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRVYgU2VydmVyIENBMB4XDTEx
MDQxMzAwMDAwMFoXDTEyMDQyOTIzNTk1OVowggE0MRIwEAYDVQQFEwlWLTU4NTA4
LTAxEzARBgsrBgEEAYI3PAIBAxMCVVMxEzARBgsrBgEEAYI3PAIBAhMCVlQxHTAb
BgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJVUzEOMAwGA1UE
ERMFMDU3NjcxCzAJBgNVBAgTAlZUMRIwEAYDVQQHEwlSb2NoZXN0ZXIxFDASBgNV
BAkTC09uZSBQYXJrIFN0MSswKQYDVQQKEyJJbm5lciBUcmFkaXRpb25zIEludGVy
bmF0aW9uYWwgTHRkMRMwEQYDVQQLEwpCb29rIFNhbGVzMRswGQYDVQQLExJTZWN1
cmUgTGluayBFViBTU0wxIjAgBgNVBAMTGXN0b3JlLmlubmVydHJhZGl0aW9ucy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF66W6jHcsm5vPLFWt
8Vk+CSUINYZCibR8xMMYcgj1OCXArNJTWYJIPVFTcdMY97U0OmOGB/w44zzywKOz
Yd3756/S5QYfokwkZ6A+dibbdOwzQX/qP2yGMD/zRPP8bALbAeiIEu5gnZkyqZVy
UITMY7OnyV/VK0bP15o4/WMcFVMq7J2pZoY/7e3//Bhzd2yj4UtL/MQ+WVBq2Mh9
1XC5o+db2J4IP7HWEd14h5buRBlS+gdR+aPnQRfUgD8msOcrIHMuPo+cK0swGjLl
lvEsvaMHsIdwTG0mnesLxMlYo1gbC0v/zJNbKmTOkcWU26V4rM9/3to+82wd2u2V
XkAXAgMBAAGjggHdMIIB2TAfBgNVHSMEGDAWgBSKNeQ1OrwRoZ779U80ZtVLrExi
aDAdBgNVHQ4EFgQUgUqFpUzoDl9o44trs/oaV2Lv0+swDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMG4G
A1UdIARnMGUwYwYMKwYBBAGGDgECAQgBMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly93
d3cubmV0d29ya3NvbHV0aW9ucy5jb20vbGVnYWwvU1NMLWxlZ2FsLXJlcG9zaXRv
cnktZXYtY3BzLmpzcDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLm5ldHNv
bHNzbC5jb20vTmV0d29ya1NvbHV0aW9uc0VWU2VydmVyQ0EuY3JsMHoGCCsGAQUF
BwEBBG4wbDBDBggrBgEFBQcwAoY3aHR0cDovL3d3dy5uZXRzb2xzc2wuY29tL05l
dHdvcmtTb2x1dGlvbnNFVlNlcnZlckNBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AubmV0c29sc3NsLmNvbTAkBgNVHREEHTAbghlzdG9yZS5pbm5lcnRyYWRp
dGlvbnMuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBusLaUTTTcvQl0up5zKYsfNPoS
YXRsSC0tOEBdKBPvCDHmJlpNkjE/IPYTsRT/oxnWL3QORWKfClz9ygIy9L6AJb8w
BDaopoHEt7oNIPjjyp3ArOyjkGOZTllPJMyv/SznKQVQLmsO8uMEyV5AXIHyW8nm
OC0jMS28dELdFXrBOIPNUGw/e2lsRQbfoaMQY/vuSbLv1nlL28K3vXj3Jn/rSXaa
Zc25pUZPQTGObF5is9CGBPnBW1zrtkj1jV+J05eRb5Qqc3zUMvlgUg58CNZjWraS
pjyc7DtAqYyE//iPI+JBOSGBlc3Q6Qedxs3O/O9TrDpAyVQAffL5f1EgeQey
-END CERTIFICATE-

And the chain file

-BEGIN CERTIFICATE-
MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow
gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0
qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt
KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr
ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX
vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM
vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN
SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D
veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v
Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ
KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy
dAkjOjUlc1heyrl8KPpH7PmgA1hQtlPvjNs55Gfp2MooRtSn4PU4dfjny1y/HRE8
akCbLURW0/f/BSgyDBXIZEWT6CEkjy3aeoR7T8

Re: issue with p12 creation and network solutions EV SSL

2011-04-26 Thread Mounir IDRASSI

Hi James,

I got the the correct certificate chain from my Windows 7 box. Microsoft 
tends to update its trusted CA certificates store more quickly and 
regularly than Mozilla or Linux distros: the latest update was last 
month on March 23rd 2011.
It is sad that even Network Solutions guys are not aware of this 
update...This issue should not have existed at the first place!


Good luck,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 4/26/2011 7:07 PM, James Chase wrote:



You've got the wrong chain file.  I understand that NetSol
switched to a new
EV Issuing CA a few months ago.  Are you definitely using the
chain file that
they supplied with your latest site cert?


I am using the chain file that they suggest downloading which already 
has the intermediate files concatenated into a file -- but apparently 
it is wrong. I checked the .crt file that they include with my site 
certificate and they are the same certs that are in the chain file 
they have precompiled. I can't believe how much time I have spent on 
this issue and could the root of the issue be that they are not 
packaging the right files with my new certificate? wtf


Mounir, where did you get those certificates?? The only cert that you 
used that came with my certificate is the last one, 
AddTrustExternalCARoot -- the other two are NOT included and are not 
in NetSol's precompiled chain file. Your chain file works when I test 
with apache, and I have just created a p12 from those chain files and 
that works too! Halellujah.


But seriously, how did you synthesize that chain file? And how would I 
be expected to create that on my own?? I spent an hour and a half on 
the phone with NetSol telling them their was something wrong with 
their files and they just kept saying it was my fault and they will 
bill me $120/hour to fix it.






 On Tue, Apr 26, 2011 at 8:19 AM, James Chase
chase1...@gmail.com mailto:chase1...@gmail.com wrote:
  Well my results are quite different, and I guess point to my
p12 not
  being correctly created. Strangely, the p12 I am running this
test on
  works in production and doesn't produce a warning (I
re-created last
  years certificate as a new p12 using the same process I am
trying with
  this years).
 
  I also tried running this on my test apache site, where I am
just using
  the plain old certificate, key and network solutions supplied
chain file
  -- and the openssl s_client command returns better output but
I still
  get a warning!
 
  [me@myserver ~]$ openssl s_client -connect www.example.com:443
http://www.example.com:443
  CONNECTED(0003)
  depth=0 /serialNumber=03-11-
 
 
1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1
  .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15
http://2.5.4.15=V1.0, Clause
 
  5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One
Park St/O=A
  Company International Ltd
  verify error:num=20:unable to get local issuer certificate
  verify return:1
  depth=0 /serialNumber=03-11-
 
 
1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1
  .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15
http://2.5.4.15=V1.0, Clause
 
  5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One
Park St/O=A
  Company International Ltd
  verify error:num=27:certificate not trusted
  verify return:1
  depth=0 /serialNumber=03-11-
 
 
1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1
  .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15
http://2.5.4.15=V1.0, Clause
 
  5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One
Park St/O=A
  Company International Ltd
  verify error:num=21:unable to verify the first certificate
  verify return:1
  ---
  Certificate chain
 
   0 s:/serialNumber=03-11-
 
 
1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1
  .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15
http://2.5.4.15=V1.0, Clause
 
  5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One
Park St/O=A
  Company International Ltd/OU=Book
 
  Sales/OU=Secure Link EV SSL/CN=www.example.com
http://www.example.com
 
 i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions EV
SSL CA
 
  ---
 
  On Mon, Apr 25, 2011 at 6:16 PM, Rob Stradling
rob.stradl...@comodo.com mailto:rob.stradl...@comodo.comwrote:
  On Monday 25 Apr 2011 20:07:03 James Chase wrote:
   I simplified the issue a bit in order to try and understand
what is
 
  going
 
   on here and found that the SSL certificate that Network
Solutions is
   providing, along with the intermediate chain file cannot be
verified
   by newer installs of Firefox.
 
  Hi James.  That seems

Re: What Random number generator is used in the OpenSSL library?

2011-03-26 Thread Mounir IDRASSI

Hi,

Take a look at : http://www.openssl.org/docs/crypto/rand.html (at 
section INTERNALS). For entropy gathering, RAND_poll is implemented 
for each platform (also RAND_event is available under Windows for that 
purpose). For example, you will find in file crypto/rand/rand_win.c all 
Windows specific PRNG helper functions.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 3/26/2011 10:05 AM, Vladimir Belov wrote:

Hello,
What Random number generator is used in the OpenSSL library?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-24 Thread Mounir IDRASSI

Hi,

Getting the same error (on ts_rsp_sign.c:206) with the file I send means 
that you are not using the right files : I have explicitely tested the 
OpenSSL function referenced in ts_rsp_sign.c and it is working with no 
error. You have to check your configuration in order to point to the 
right key file.


In my tests, I only used OpenSSL code, no mod_tsa or Apache, because I 
was targeting the OpenSSL error you described. I used the latest version 
1.0.0d but I thinks this has nothing to do with your problem since it is 
certainly caused by a configuration issue.
Concerning cnf file, I just modified the usr_cert section in the default 
one in order to add extendedKeyUsage = critical,timeStamping and set 
keyUsage to nonRepudiation, digitalSignature.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/23/2011 3:32 PM, Yessica De Ascencao wrote:

Hello!
Thanks for your help and monitoring.
Yes, I get the same error, I also throws the same when tested with the 
files you sent me.

I think there must be something I missed or did wrong in the installation.
Which version did you use for this package:
openssl
mod_tsa
Apache
mod_ssl
mysql
ts-patch_

Another thing, to generate the certificate for the extension tsa with 
Time Stamping, which. cnf did you use? The openssl.cnf or one created 
for you?


Very grateful!
Thanks

2011/2/22 Mounir IDRASSI mounir.idra...@idrix.net 
mailto:mounir.idra...@idrix.net


Hi,

Are you sure you have the same error description
(lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested
here with a certificate containing Digital Signature, Non
Repudiation key usage and OpenSSL doesn't complain.
I'm attaching the timestamp certificate (with its key and its CA
certificate) that I used. Can you see if it is working for you?


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:

Hi Mounir IDRASSI!
I generated the certificate with ONLY Digital Signature, Non
Repudiation but I still have the same problem.

Thanks!

Certificate:
   Data:
   Version: 3 (0x2)
   Serial Number:
   d8:e6:a3:f6:22:c7:a4:0c
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=ve, ST=distrito capital, O=suscerte,
OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve
mailto:a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve
mailto:a...@suscerte.gob.ve

   Validity
   Not Before: Feb 22 14:08:20 2011 GMT
   Not After : Feb 22 14:08:20 2012 GMT
   Subject: C=ve, ST=distritocapital, L=caracas, O=tss,
OU=suscerte, CN=tsscompany/emailAddress=t...@company.com
mailto:t...@company.com mailto:t...@company.com
mailto:t...@company.com

   Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   RSA Public Key: (2048 bit)
   Modulus (2048 bit):
   00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7:
   00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd:
   56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37:
   6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7:
   6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40:
   b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac:
   1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b:
   36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
   51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71:
   27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc:
   f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb:
   2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b:
   3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c:
   87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c:
   8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19:
   7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8:
   6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7:
   7a:4b
   Exponent: 65537 (0x10001)
   X509v3 extensions:
   X509v3 Basic Constraints:
   CA:FALSE
   X509v3 Key Usage:
   Digital Signature, Non Repudiation
   Netscape Comment:
   OpenSSL Generated Certificate
   X509v3 Subject Key Identifier:
 
 FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17

   X509v3 Authority Key Identifier:
 
 keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76

Re: ecdsa_method missing?

2011-02-23 Thread Mounir IDRASSI


Yes, you should open a ticket on the issue tracker. However, I'm not 
sure if Dr. Stephen Henson will agree to add this change to the current 
stable versions (0.9.8x and 1.0.0x) as he usually delays header changes 
till the 1.1.0 release.


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/23/2011 4:44 PM, Kent Yoder wrote:

Thanks Mounir,

   I'd like to use ECDSA_METHOD to implement a dynamic engine for
ecdsa.  I want to avoid copying the header files from the upstream
source so that my engine package can compile stand-alone.  This should
be in line with the way dynamic engines have worked for other
algorithms since 0.9.8, if I understand correctly.

   Should I open an item in the issue tracker for this?

Thanks,
Kent

On Tue, Feb 22, 2011 at 8:04 PM, Mounir IDRASSI
mounir.idra...@idrix.net  wrote:

Hi,

In the case of RSA_METHOD, it is working because the underlying type
rsa_meth_st is defined in rsa.h, whereas for ECDSA_METHOD, the underlying
type ecdsa_method is not exported by the public headers: it is defined in
the internal OpenSSL header ecs_locl.h found in the source distribution.
That explains why you are getting the compile error.
I don't know why it was done like this, but if you really need this
structure then you'll have to copy its definition from the header I
mentioned above.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/22/2011 6:14 PM, Kent Yoder wrote:

Hi,

   The following RSA code compiles:

#includeopenssl/rsa.h
main() { RSA_METHOD rsa = { test };  }

but this ECDSA code doesn't:

#includeopenssl/ecdsa.h
main() {  ECDSA_METHOD ecdsa = { test }; }

Am I missing a declaration, or is this perhaps a bug?

Thanks,
Kent
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_decrypt without e and d

2011-02-23 Thread Mounir IDRASSI

Hi Victor,

Your analysis is not true because the original poster says he has dmp1, 
dmq1 and iqmp, not only p and q. With these 5 parameters, it is possible 
to recover the plain text from the ciphered text thanks to the Chinese 
Reminder Transformation (CRT). Moreover, it is possible to recover the 
pubic exponent e and the private exponent d from these 5 parameters 
using a mathematical transformation. I have implemented such a 
transformation in an open source tool that I put on SourceForge : you 
can get it along with the mathematics behind it from the following link 
: http://rsaconverter.sourceforge.net/ .


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 2/24/2011 5:48 AM, Victor Duchovni wrote:

On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:


Just to be clear, below is not the actual code, but what I would *like*
to be able to do (or something close).

What you are asking to do is not possible, not because of API limitations,
but as a matter of principle (mathematical property of RSA).


   I have a situation where I have a message that has been encrypted via
RSA_public_encrypt.  On the receiving end I have the n, p, q, dmp1,
dmq1, and iqmp components (I know it might sound odd that I don't have
the e and d components but that is the case).

The RSA algorithm computes a ciphertext M' from a plaintext M via

M' = (M)^e mod n (i.e. mod pq).

decryption is possible when p, q (and implicitly e) are known because

M = (M')^d mod n

provided:

 - M  n (e.g. the message is shorter than the key bit length),
   thus computing the result mod n loses no information.

 - d*e = 1 mod phi(n) = (p-1)(q-1)

http://en.wikipedia.org/wiki/Euler%27s_totient_function

when e, p and q are known, d can be computed via Euclid's algorithm for
finding the multiplicative inverse of a mod b, when a is co-prime to b.

When e is unknown, any M'' obtained from M via some exponent e' is
as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have:

 M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e)

therefore if the public exponent were (d'*e) instead of e, the same
message M' decrypts to M' instead of M. There is no well-defined inverse
to RSA without e, since e is fundamental parameter of the operation
you want to invert.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_decrypt without e and d

2011-02-23 Thread Mounir IDRASSI

Hi Shaheed,

The OpenSSL error you are getting means that OpenSSL decrypted the 
ciphered text but couldn't find the PKCS1 padding byte. This means that 
the wrong CRT parameters were supplied. Usually this comes from the fact 
that the parameters p and q (and the corresponding dmp1, dmq1) must be 
swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1).
In order to check this, you can use a tool I have written and that 
enables you to recover e and d from these 5 parameters. You can get it 
from sourceForge using the following link : 
http://rsaconverter.sourceforge.net/ .
Thanks to it, you can check that these 5 parameters give you the correct 
d and e. In your case, I'm sure you'll get the wrong d and e. Swap the 
parameters and see if you get the correct d this time.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote:


Just to be clear, below is not the actual code, but what I would 
**like** to be able to do (or something close).


*From:*owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed 
Bacchus (sbacchus)

*Sent:* Wednesday, February 23, 2011 9:47 PM
*To:* openssl-users@openssl.org
*Subject:* RSA_private_decrypt without e and d

Hi,

I have a situation where I have a message that has been encrypted via 
RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, 
dmq1, and iqmp components (I know it might sound odd that I don’t have 
the e and d components but that is the case). I’m trying to do 
something like:


If (!(new_key = RSA_new()))

return -1;

new_key-n = BN_bin2bn(n_data, n_data_len, NULL);

new_key-p = BN_bin2bn(p_data, p_data_len, NULL);

new_key-q = BN_bin2bn(q_data, q_data_len, NULL);

new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL);

new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL);

new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL);

resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, 
decrypted, new_key, RSA_PKCS1_PADDING);


This decrypt fails with

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type 
is not 02


Supplying the correct e and d component causes it work properly, but I 
will not have those under normal circumstances. Is there any way to do 
this without d and e?




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-22 Thread Mounir IDRASSI

Hi,

I don't agree : from the error description 
(lib(47):func(131):reason(117):ts_rsp_sign.c:206) it is clear that 
OpenSSL loaded the certificate but the X509_check_purpose(signer, 
X509_PURPOSE_TIMESTAMP_SIGN, 0) call in ts_rsp_sign failed.


Actaully, reading the certificate dump shows that the problem is coming 
from the certificate Key Usage : it MUST NOT contain Key Encipherment.
So, to resolve your problem, set the Key Usage to ONLY Digital 
Signature, Non Repudiation.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/22/2011 2:40 PM, Patrick Patterson wrote:

Hi Yessica:

That error is fairly straightforward - it's can't load the cert (meaning, it 
can't even load the file).

Have you made sure that the permissions are correct? Are you absolutely sure 
that you have the right cert in the right location?

Have fun.

Patrick.

On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote:


Hi!
This is the new certificate:

Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number:
 d8:e6:a3:f6:22:c7:a4:0b
 Signature Algorithm: sha1WithRSAEncryption
 Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, 
CN=ac/emailAddress=a...@suscerte.gob.ve
 Validity
 Not Before: Feb 21 20:15:08 2011 GMT
 Not After : Feb 21 20:15:08 2012 GMT
 Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, 
CN=tsscompany/emailAddress=t...@company.com
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 RSA Public Key: (2048 bit)
 Modulus (2048 bit):
 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7:
 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd:
 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37:
 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7:
 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40:
 b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac:
 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b:
 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71:
 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc:
 f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb:
 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b:
 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c:
 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c:
 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19:
 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8:
 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7:
 7a:4b
 Exponent: 65537 (0x10001)
 X509v3 extensions:
 X509v3 Basic Constraints:
 CA:FALSE
 X509v3 Key Usage:
 Digital Signature, Non Repudiation, Key Encipherment
 Netscape Comment:
 OpenSSL Generated Certificate
 X509v3 Subject Key Identifier:
 FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17
 X509v3 Authority Key Identifier:
 
keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76

 X509v3 Subject Alternative Name:
 email:t...@company.com
 X509v3 Extended Key Usage: critical
 Time Stamping
 Signature Algorithm: sha1WithRSAEncryption
 02:d1:fd:44:de:1e:9f:e0:29:66:35:8f:43:da:e6:b5:20:43:
 52:90:b0:dc:8a:0f:09:92:9e:c2:6b:dc:14:ab:2c:9f:1b:8e:
 02:76:9a:17:08:77:ca:26:06:13:25:9e:4a:e2:bf:bb:2b:4d:
 cf:67:41:c0:2b:3a:1a:d0:ae:a8:88:3c:13:e2:0d:f6:9c:1e:
 e7:ba:ef:22:c6:b8:18:3b:a8:5e:f9:0e:43:b8:de:82:b1:e0:
 be:00:d2:57:9c:f3:d9:48:72:28:70:5d:06:d7:73:84:bc:f7:
 5e:65:27:86:0d:e8:28:b4:dd:72:4d:8e:59:02:cc:39:0f:8d:
 47:87

And this is the error:
[Mon Feb 21 20:15:37 2011] [error] mod_tsa:could not load X.509 certificate: 
/usr/local/ssl/misc/demoCA/tss.pem
[Mon Feb 21 20:15:37 2011] [error] 
mod_tsa:17262:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206:
[Mon Feb 21 20:15:37 2011] [emerg] exiting, fatal error during mod_tsa 
initialisation.

Thanks!!!

2011/2/21 Jaroslav Imrichjaroslav.imr...@gmail.com
Hello Yessica,

please post new certificate and exact error you're getting.

--

Kind Regards / S pozdravom

Jaroslav Imrich
http://www.jariq.sk



On Mon, Feb 21, 2011 at 4:41 PM, Yessica De Ascencaoyessima...@gmail.com  
wrote:
hello!!!
Thanks for the response!

Yes I needed the extension to Time Stamping, however when I load the sample 
certificate in the OpenTSA page, continues to show me the same error. I created 
a certificate with the correct extension and likewise gives me error.

I really do not know what may be happening.

Thank

Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-22 Thread Mounir IDRASSI

Hi,

Are you sure you have the same error description 
(lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here 
with a certificate containing Digital Signature, Non Repudiation key 
usage and OpenSSL doesn't complain.
I'm attaching the timestamp certificate (with its key and its CA 
certificate) that I used. Can you see if it is working for you?


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:

Hi Mounir IDRASSI!
I generated the certificate with ONLY Digital Signature, Non 
Repudiation but I still have the same problem.


Thanks!

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:e6:a3:f6:22:c7:a4:0c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, 
CN=ac/emailAddress=a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve

Validity
Not Before: Feb 22 14:08:20 2011 GMT
Not After : Feb 22 14:08:20 2012 GMT
Subject: C=ve, ST=distritocapital, L=caracas, O=tss, 
OU=suscerte, CN=tsscompany/emailAddress=t...@company.com 
mailto:t...@company.com

Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7:
00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd:
56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37:
6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7:
6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40:
b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac:
1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b:
36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71:
27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc:
f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb:
2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b:
3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c:
87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c:
8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19:
7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8:
6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7:
7a:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:

FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17

X509v3 Authority Key Identifier:

keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76


X509v3 Subject Alternative Name:
email:t...@company.com mailto:email%3a...@company.com
X509v3 Extended Key Usage: critical
Time Stamping
Signature Algorithm: sha1WithRSAEncryption
3d:d4:76:9a:d7:2d:6a:93:62:d7:2c:29:87:cc:9c:72:97:19:
1a:2d:59:b8:fc:6c:86:22:ad:9c:ba:74:de:89:cb:55:c0:f8:
50:02:5d:7d:58:92:cb:0d:c9:9a:30:a9:2a:32:7e:2c:c6:a1:
19:eb:09:30:55:85:c8:30:d4:f1:51:9a:ca:77:58:8e:f8:a6:
b8:d9:92:63:10:fa:ad:06:79:aa:d9:5a:09:9c:5b:91:8b:7a:
04:66:f5:24:0b:25:25:69:a5:66:30:c1:4a:b8:cf:c7:51:e1:
5a:a0:a6:51:cf:b0:26:05:8d:c4:66:cd:3b:c6:08:a5:de:57:
81:af


2011/2/22 Mounir IDRASSI mounir.idra...@idrix.net 
mailto:mounir.idra...@idrix.net


Hi,

I don't agree : from the error description
(lib(47):func(131):reason(117):ts_rsp_sign.c:206) it is clear that
OpenSSL loaded the certificate but the X509_check_purpose(signer,
X509_PURPOSE_TIMESTAMP_SIGN, 0) call in ts_rsp_sign failed.

Actaully, reading the certificate dump shows that the problem is
coming from the certificate Key Usage : it MUST NOT contain Key
Encipherment.
So, to resolve your problem, set the Key Usage to ONLY Digital
Signature, Non Repudiation.

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 2/22/2011 2:40 PM, Patrick Patterson wrote:

Hi Yessica:

That error is fairly straightforward - it's can't load the
cert (meaning, it can't even load the file).

Have you made sure that the permissions are correct? Are you
absolutely sure that you have the right cert in the right
location?

Have fun.

Patrick.

On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote:

Hi!
This is the new certificate:

Certificate:
Data:
Version: 3 (0x2

Re: ecdsa_method missing?

2011-02-22 Thread Mounir IDRASSI

Hi,

In the case of RSA_METHOD, it is working because the underlying type 
rsa_meth_st is defined in rsa.h, whereas for ECDSA_METHOD, the 
underlying type ecdsa_method is not exported by the public headers: it 
is defined in the internal OpenSSL header ecs_locl.h found in the source 
distribution. That explains why you are getting the compile error.
I don't know why it was done like this, but if you really need this 
structure then you'll have to copy its definition from the header I 
mentioned above.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/22/2011 6:14 PM, Kent Yoder wrote:

Hi,

   The following RSA code compiles:

#includeopenssl/rsa.h
main() { RSA_METHOD rsa = { test };  }

but this ECDSA code doesn't:

#includeopenssl/ecdsa.h
main() {  ECDSA_METHOD ecdsa = { test }; }

Am I missing a declaration, or is this perhaps a bug?

Thanks,
Kent
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA public/private keys only work when created programatically.

2011-02-17 Thread Mounir IDRASSI

Hi,

Your command line that create the public key is missing the -pubout 
switch that tells the rsa utility to output a public key. So, this 
command should look like : openssl rsa -in rsaprivatekey.pem -out 
rsapublickey.pem -pubout . Without it, it will just output the private 
key as is.


Moreover, the openssl rsa utility saves the public key using the 
function PEM_write_bio_RSA_PUBKEY and not PEM_write_bio_RSAPubicKey. So, 
if you want your program to be compatible with its output, then you 
should use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY for 
saving/loading public key files.


I hope this will help,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/18/2011 4:59 AM, David Henry wrote:
I've written a bare bones enveloping example that takes a string, 
seals it in an envelope, and then goes about opening it. Everything 
works just fine if I generate my RSA keys programatically. 
Unfortunately, it does not work if I encrypt the session keys with an 
RSA public key that was created on the command line like:


 openssl genrsa -out rsaprivatekey.pem
 openssl rsa -in rsaprivatekey.pem -out rsapublickey.pem

I would greatly appreciate if someone could explain why my 
programatically-created keys work, but the command-line ones do not. 
The code that generates usable keys looks like this:


int main() {
// generate  check keys 
RSA* rsa = RSA_generate_key(2048, RSA_F4, NULL, 0);
int check_key = RSA_check_key(rsa);
while (check_key = 0) {
cerr  error generating keys -- regenerating...;
rsa = RSA_generate_key(2048, RSA_F4, NULL, 0);
check_key = RSA_check_key(rsa);
}
RSA_blinding_on(rsa, NULL);

// write out pem-encoded public key 
BIO* rsaPublicBio = BIO_new_file(rsapublickey.pem, w);
PEM_write_bio_RSAPublicKey(rsaPublicBio, rsa);

// write out pem-encoded encrypted private key 
BIO* rsaPrivateBio = BIO_new_file(rsaprivatekey.pem, w);
PEM_write_bio_RSAPrivateKey(rsaPrivateBio, rsa, NULL, NULL, 0, 
NULL, NULL);


BIO_free(rsaPublicBio);
BIO_free(rsaPrivateBio);
RSA_free(rsa);

...

return 0;
}

The program that uses the keys is:

#include cstdio
#include cstring
#include openssl/ssl.h
#include openssl/rand.h
#include openssl/ecdsa.h

#define BUF_SIZE4096
#define BLOCK_SIZE32

int main() {
// uninitialized symmetric cipher context 
EVP_CIPHER_CTX* ctx = new EVP_CIPHER_CTX;

// symmetric cipher 
const EVP_CIPHER* type = EVP_aes_256_cbc();

unsigned char
message[BUF_SIZE] =

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789;

printf(Unencoded string = {%s}\n, message);

int npubk = 1;
unsigned char** ek = new unsigned char*[npubk];
int* ekl = new int[npubk];
EVP_PKEY** pubk = new EVP_PKEY*[npubk];

// read in pem-encoded public key 
BIO* rsa_pub_bio = BIO_new_file(rsapublickey.pem, r);
RSA* rsa_pub = RSA_new();
PEM_read_bio_RSAPublicKey(rsa_pub_bio, rsa_pub, NULL, NULL);
BIO_free(rsa_pub_bio);

// encrypt symmetric session keys 
for (int i = 0; i  npubk; i++) {
pubk[i] = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pubk[i], rsa_pub);
ek[i] = new unsigned char[EVP_PKEY_size(pubk[i])];
ekl[i] = EVP_PKEY_size(pubk[i]);
}

// random initialization vector 
unsigned char* iv = new unsigned char[EVP_MAX_IV_LENGTH];
RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);

int message_len;// initialized by EVP_SealUpdate  EVP_SealFinal
unsigned char encrypt_buf[BUF_SIZE + BLOCK_SIZE];

EVP_SealInit(ctx, type, ek, ekl[0], iv[0], pubk[0], npubk);
// EVP_SealUpdate changes message_len to # bytes in message 
EVP_SealUpdate(ctx, encrypt_buf, message_len, message, 
strlen((const char*) message));

printf(buf_len: %d\n, message_len);
int total_len = message_len;// line must be between SealUpdate 
 SealFinal
// EVP_SealFinal changes message_len value to # bytes of 
encryption overhead 

EVP_SealFinal(ctx, encrypt_buf[message_len], message_len);

int i;
printf(Encoded string = {);
for (i = 0; i  message_len; i++) {
printf(%02x, encrypt_buf[i]);
}

for (i = 0; i  message_len; i++) {
printf(%02x, encrypt_buf[i + total_len]);
}
printf(}\n);

unsigned char decrypt_buf[BUF_SIZE];
int decrypt_len;// initialized by EVP_OpenUpdate  EVP_OpenFinal

// read in pem-encoded encrypted private key 
BIO* rsa_priv_bio = BIO_new_file(rsaprivatekey.pem, r);
RSA* rsa_priv = RSA_new();
PEM_read_bio_RSAPrivateKey(rsa_priv_bio, rsa_priv, NULL, NULL);
BIO_free(rsa_priv_bio);

EVP_PKEY* privk = EVP_PKEY_new();
EVP_PKEY_assign_RSA(privk, rsa_priv);

EVP_OpenInit(ctx, type, *ek, ekl[0], iv[0], privk

Re: OpenSSL and MinGW - Error report

2011-02-16 Thread Mounir IDRASSI

Hi,

Add -leay32 to the end of the gcc command line of order to suppress the 
link errors you are seeing. This will help the gcc linker find the 
missing symbols exported by libeay32.a.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/16/2011 8:07 PM, Rui Fernandes wrote:

I've followed these instructions:
Assuming a default installation (C:\OpenSSL), go to 
'C:\OpenSSL\lib\MinGW' and copy all of the files to your MinGW 'lib' 
directory.


Next, copy everything in the 'C:\OpenSSL\include' directory to your 
MinGW 'include' directory.

I've called the bn.h, with:
#include openssl/bn.h
and I've got the following errors:
C:\MinGW\bingcc fatorialBIG.c -o fatorialBIG.exe
C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0xf): 
undefin

ed reference to `BN_new'
C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x4c): 
undefi

ned reference to `BN_dec2bn'
C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x6a): 
undefi

ned reference to `BN_mul_word'
C:\DOCUME~1\RUIMIG~1\DEFINI~1\Temp\cc7A3ZJd.o:fatorialBIG.c:(.text+0x84): 
undefi

ned reference to `BN_bn2dec'
collect2: ld returned 1 exit status
Any ideas?
Regards,
Rui Fernandes


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Adding non-root certificates to the list of trusted certificates?

2011-02-10 Thread Mounir IDRASSI

Hi Lou,

I think you misunderstood Matthias's question? He is not asking about 
how to make his own CA accepted (from his post, it appears he already 
knows how to do that), but he is rather asking how to make an end entity 
server certificate a trusted anchor for OpenSSL certificate chain 
verification.
As he explained, this is especially interesting if you connect to a 
server for whom you don't the corresponding CA certificate: in this 
case, a trust model like the SSH one is desirable.


Personally I don't think it is possible currently without a change to 
OpenSSL internals or the use of the verify callback. That being said, I 
remember vaguely a post by Dr Stephen Henson related to this where he 
mentioned a planned change in this direction, but I can't find a link to it.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/10/2011 4:46 PM, Lou Picciano wrote:

Matthias,

Generally, when you are 'accepting a cert' in the web browser, you are 
accepting that _server's_ cert, and not automatically saving the CA cert.


For a Certificate Authority of your own to be accepted, you'd have to 
manually install that CA's cert into the root store for that browser.


This, then, would allow SSL to verify the Server's cert against this 
newly-installed CA cert. Thus, your chain is tested.


Lou Picciano

- Original Message -
From: Matthias Meixner mmeix...@hypercom.com
To: openssl-users@openssl.org
Sent: Thursday, February 10, 2011 10:19:03 AM
Subject: Adding non-root certificates to the list of trusted certificates?


Hello!

When you connect to a webserver for which you do not have a trusted CA 
certificate, normally the browser allows you to permanently accept the 
certificate and continue.


How can this be done using OpenSSL? If I add this non-self-signed 
certificate to the list of trusted certificates (e.g. via CAfile), it 
is ignored and verification fails.

I have never had any success if the certificate chain was incomplete.

Example:
I have the following certificates:

   root-ca.cert - ca.cert - server.cert

The server uses server.cert as certificate.

If CAfile contains root-ca.cert, everything works fine.

However, if CAfile only contains server.cert verification fails. But 
this is exactly what most browsers allow: Just accept any certificate 
as long as the user has allowed to accept it.


So how can this be done using OpenSSL? Is there any option I can set? 
Or is there only the brute force way of using the verify callback, 
reading all the certificates from CAfile and comparing them manually 
with the server certificate?


Regards,

   Matthias Meixner

 __
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify return code: 20 (unable to get local issuer certificate)

2011-02-10 Thread Mounir IDRASSI

Hi Lennart,

Issue the following command : openssl version -d
Its output will tell you which directory the openssl binary you are 
calling is using for accessing CA certificates.
If it is not /etc/ssl, then this explains why you are getting this error 
: you are using a binary that looks elsewhere (for example in 
/usr/local/ssl)
On the other hand, if it is /etc/ssl, then you need just to update the 
CAs hashs in /etc/ssl/certs. For that, issue the following command : 
c_rehash /etc/ssl/certs.


I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 2/10/2011 5:07 PM, Lennart van den Dool | fonq.nl wrote:


Hi,

I can’t figure this out and I’ve been searching the net for hours, so 
I hope someone can help.


I want to make an ldaps connection to a remote server, but issuing

openssl s_client -ssl3 -connect [domain]:636 -state -verify

results in: Verify return code: 20 (unable to get local issuer 
certificate).


When I specify the -CAfile 
/etc/ssl/certs/AddTrust_External_CA_Root.pem it works fine.


How can I make openssl use (trust) that CAfile automatically?

Thanks in advance!

Regards,

Lennart



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: problem with creating and signing certificate via API

2011-01-20 Thread Mounir IDRASSI


Hi,

This is a classical C bug : the parameter cert of the function 
createCertificate is passed by value instead of being passed by 
reference as it should be since this function modifies its content. So, 
in order to solve your problem, change the declaration of 
createCertificate as follows :
void createCertificate(X509_NAME *issuerName, X509_NAME 
*serverName, EVP_PKEY *caKey, struct certKey* cert)


and then pass the address of the local variable clientCert in main as 
follows :

  createCertificate(X509_get_subject_name(caCertificate),
X509_get_subject_name(oldCertificate),
caKey,
clientCert);

With these modifications, everything will be OK.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 1/20/2011 2:36 PM, Bret McDanel wrote:

I am trying to load an old certificate, take the subject line and make a
new certificate signed with my self signed certificate.  I am  sure that
it is something obvious that I am overlooking, but no matter what I try
I always fail when I try to check the private key of the new
certificate.

I have a CA cert which works with other things so I am fairly sure
that is done correctly.  I have an old certificate that I read in, and I
can read it with the CLI program so I am fairly sure that too is not
corrupted.

The new certificate is what is giving me problems.  I would appreciate
any pointers on where the problem may be.  Attached is my program, I
tried to redact it as much as possible without totally refactoring it
for fear of introducing new unrelated bugs.  It is most likely something
in createCertificate that I am either not doing and should or doing
and should not.


Thanks for any help,



#includeopenssl/ssl.h


struct certKey {
   EVP_PKEY *keys;
   X509 *certificate;
};


void createCertificate(X509_NAME *issuerName, X509_NAME *serverName,
EVP_PKEY *caKey, struct certKey cert)
{
   RSA *rsaKeyPair  = RSA_generate_key(1024, RSA_F4, NULL, NULL);
   cert.certificate = X509_new();

   X509_set_version(cert.certificate, 3);
   ASN1_INTEGER_set(X509_get_serialNumber(cert.certificate), 1234);
   X509_set_subject_name(cert.certificate, serverName);
   X509_set_issuer_name(cert.certificate, issuerName);

   cert.keys = EVP_PKEY_new();
   EVP_PKEY_assign_RSA(cert.keys, rsaKeyPair);
   X509_set_pubkey(cert.certificate, cert.keys);

   X509_gmtime_adj(X509_get_notBefore(cert.certificate), 0);
   X509_gmtime_adj(X509_get_notAfter(cert.certificate),
   (long)60*60*24*365);

   X509_sign(cert.certificate, caKey, EVP_sha1());
}


X509* loadCertificateFromFile(const char *file)
{
   SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
   SSL_CTX_use_certificate_file(ctx,file,SSL_FILETYPE_PEM);
   return SSL_get_certificate(SSL_new(ctx));
}


EVP_PKEY* loadKeyFromFile(char *file, char *password)
{
   EVP_PKEY *privKey;
   FILE *fp;

   if (!(fp = fopen (file, r))) {
 printf(Error reading private key file\n);
 exit(1);
   }

   if (!(privKey = PEM_read_PrivateKey (fp, NULL, NULL, password))) {
 printf(Error reading private key in file\n);
 exit(1);
   }

   fclose (fp);
   return privKey;
}



main()
{
   X509 *caCertificate;
   EVP_PKEY *caKey;
   char *caCertFile = cacert.pem;
   char *caKeyFile = cakey.pem;
   char *oldCertFile = oldcert.pem;

   X509 *oldCertificate;
   struct certKey clientCert={0};
   SSL_CTX *ctx;
   static int session_id_ctx = 1;

   SSL_library_init();
   OpenSSL_add_all_algorithms();

   caCertificate = loadCertificateFromFile(caCertFile);
   caKey = loadKeyFromFile(caKeyFile,NULL);
   oldCertificate = loadCertificateFromFile(oldCertFile);

   createCertificate(X509_get_subject_name(caCertificate),
 X509_get_subject_name(oldCertificate),
 caKey,
 clientCert);

   ctx = SSL_CTX_new(SSLv23_server_method());;
   SSL_CTX_set_session_id_context(ctx,
  (void*)session_id_ctx,
  sizeof session_id_ctx);
   SSL_CTX_use_certificate(ctx, clientCert.certificate);
   SSL_CTX_use_PrivateKey(ctx, clientCert.keys);


   if (SSL_CTX_check_private_key(ctx) == 0) {
 printf(private key is the fail\n);
   }

}




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How exactly is symmetric key constructed from a passphrase?

2011-01-14 Thread Mounir IDRASSI


Hi,

The function EVP_BytesToKey is used internally by this command (and 
others) in order to create a key from a password. The iteration count is 
set to 1. Look at the following link for more information : 
http://www.openssl.org/docs/crypto/EVP_BytesToKey.html


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 1/14/2011 9:02 AM, Calvert Remillard wrote:

Consider following:

  openssl aes-256-cbc -e -nosalt -pass pass:TEST -in FILE -out 
FILE.enc -P

key=033BD94B1168D7E4F0D644C3C95E35BF98D6BC98DA097F25270DEC053083AACF
iv =8BEAB338FC102B2A12933636C6EB7D59

How does passphrase TEST become 
key=033BD94B1168D7E4F0D644C3C95E35BF98D6BC98DA097F25270DEC053083AACF?
How is it constructed? I've tried all supported hash functions (md5, 
sha1, etc.), but they seem to produce different output.


Thanks a bunch in advance!


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Question on SHA1 Functions

2011-01-10 Thread Mounir IDRASSI


Hi,

SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas 
SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto 
folder) as HASH_UPDATE and HASH_FINAL respectively.


Happy hacking,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 1/10/2011 4:40 PM, Stan Joyner wrote:

Hi,

I am a newbie to openssl and have run into what is probably a stupid 
question. I am using openssl-1.0.0c.


So here it goes.

I wanted to look at how openssl implemented the following functions 
which are defined in the openssl crypto library in openssl/crytpo/sha.h:


int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);

In file sha1.c I only see the function implementation for SHA1 which 
is a wrapper function that invokes SHA1_init, SHA1_Update, and 
SHA1_Final. I was expecting to see the implementations for all four of 
these functions in file sha1_one.c. But I only see the implementation 
for the wrapper function SHA1 in that file.


Where are these functions suppose to be implemented?

[u...@centos sha]$ pwd
/home/user/OPENSSLTEST/openssl-1.0.0c/crypto/sha
[u...@centos sha]$ grep SHA1_Final *
sha1.c: SHA1_Final((md[0]),c);
sha1_one.c: SHA1_Final(md,c);
sha.h:int SHA1_Final(unsigned char *md, SHA_CTX *c);
sha_locl.h:# define HASH_FINAL  SHA1_Final

For instance above I see calls to SHA1_Final; but I don't see the 
actual implementation of that function.


By comparison for the SHA512 case I do see all of the following 
functions in sha512.c in this same directory:


SHA512_Init. SHA512_Update, SHA512_Final,  and of course the wrapper 
function SHA512 implementations can all be found in sha512.c.


For example:

[u...@centos sha]$ grep SHA512_Final *
*sha512.c:int SHA512_Final (unsigned char *md, SHA512_CTX *c)*
sha512.c:{   return SHA512_Final (md,c);   }
sha512.c:   SHA512_Final(md,c);
sha512.c:   SHA512_Final(md,c);
sha.h:int SHA512_Final(unsigned char *md, SHA512_CTX *c);

I don't understand how this works obviously. Any information would be 
appreciated. I want to use this in an embedded application.


I also noticed macros in sha_locl.h for SHA. Is this where the SHA1 
functions are implemented?



Thanks,

Stan Joyner




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Building OpenSSL vs Downloaded

2010-12-24 Thread Mounir IDRASSI


Hi,

Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib 
libeay32.dll) in order to create OMF export libraries instead of the 
COFF ones produced by VC++.

With them, the link will be successful.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/23/2010 11:30 PM, hpenaguz...@aim.com wrote:
I'm going to try that. In the mean time I also tried gcc and MinGW and 
both work fine, but I would like to have it together in Borland since 
it is a part of a project. The other problem I have is that it doesn't 
work with string so I had to use Qt.
Here is the test code, which is very simple just to make sure 
everything works. I'm working with OpenSSL 1.0.0c

I included libraries libeay32.lib and ssleay32.lib into the project.
#include stdio.h
// Cabeceras OpenSSL
#include openssl/bio.h
#include openssl/ssl.h
#include openssl/err.h
int main(int argc,char ** argv){
// Iniciando OpenSSL
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
printf(Hola,  mundo de OpenSSL\n);
return 0;
}
Here is the linker error, I got using dowloaded version with Borland 5.
[Linker Error] 'C:\OPENSSL-WIN32\LIB\LIBEAY32.LIB' contains invalid 
OMF record, type 0x21 (possibly COFF)
I thought I was having this error since I couldn't built it with 
borland, that's why I was asking Building vs Downloaded, but then I 
make it work with MinGW.

-Original Message-
From: Ryan Pfeifle r...@vpi-corp.com
To: openssl-users openssl-users@openssl.org
Sent: Wed, Dec 22, 2010 4:21 pm
Subject: RE: Building OpenSSL vs Downloaded

I use the precompiled DLLs provided by 
http://www.slproweb.com/products/Win32OpenSSL.html.  I do not 
recompile OpenSSL myself, though I do have the source code installed 
for reference.



Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
http://www.vpi-corp.com/
*Immediate Results. Unmatched Value.* http://www.vpi-corp.com/Value^TM
*Tel: *1.805.389.5200 x5297
*Fax: *N/A
*Email: *...@vpi-corp.com mailto:r...@vpi-corp.com
*Web:* www.VPI-corp.com http://www.vpi-corp.com/
Experience the***VPI Value Advantage 
http://www.vpi-corp.com/ValueAdvantage*^TM

^
The information transmitted in this message is intended only for the 
addressee and may contain confidential and/or privileged material. Any 
review, retransmission, dissemination or other use of, or taking of 
any action in reliance upon, this information by persons or entities 
other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete this material from any 
computer.
*From:*owner-openssl-us...@openssl.org 
mailto:owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org 
mailto:owner-openssl-us...@openssl.org?] *On Behalf Of 
*hpenaguz...@aim.com mailto:hpenaguz...@aim.com

*Sent:* Wednesday, December 22, 2010 10:35 AM
*To:* openssl-users@openssl.org mailto:openssl-users@openssl.org
*Subject:* Re: Building OpenSSL vs Downloaded
May I ask which download version are you using?, I tried several and 
couldn't build it and neither use it with Borland, I got a linker error.

Thanks.
-Original Message-
From: Ryan Pfeifle r...@vpi-corp.com mailto:r...@vpi-corp.com
To: openssl-users openssl-users@openssl.org 
mailto:openssl-users@openssl.org

Sent: Tue, Dec 21, 2010 4:08 am
Subject: RE: Building OpenSSL vs Downloaded
You do not need to build the library unless you want to customize it.  
If you do compile it, it can be used with other compilers.  I use the 
downloaded version with Borland C++Builder 5 and 6, though it was 
originally built with VC++, and it works fine.

Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
http://www.vpi-corp.com/
*Immediate Results. Unmatched Value.* http://www.vpi-corp.com/Value^TM
*Tel: *1.805.389.5200 x5297
*Fax: *N/A
*Email: *...@vpi-corp.com_ mailto:r...@vpi-corp.com
*Web:*_www.VPI-corp.com_ http://www.vpi-corp.com/
Experience the***VPI Value Advantage 
http://www.vpi-corp.com/ValueAdvantage*^TM
The information transmitted in this message is intended only for the 
addressee and may contain confidential and/or privileged material. Any 
review, retransmission, dissemination or other use of, or taking of 
any action in reliance upon, this information by persons or entities 
other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete this material from any 
computer.
*From:*_owner-openssl-us...@openssl.org_ 
mailto:owner-openssl-us...@openssl.org 
[_mailto:owner-openssl-us...@openssl.org_ 
mailto:owner-openssl-us...@openssl.org?] *On Behalf Of 
*_hpenaguz...@aim.com_ mailto:hpenaguz...@aim.com

*Sent:* Friday, December 17, 2010 6:59 PM
*To:* _openssl-us...@openssl.org_ mailto:openssl-users@openssl.org
*Subject:* Building OpenSSL vs Downloaded
Have two questions:
1) Is it mandatory to build the OpenSSL library in order to use the 
functionality provided by OpenSSL?, or is it possible to use it with 
the OpenSSL-Win32

Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI
Take a look at : 
http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm


exponent1 = dp
exponent2 = dq
coefficient = qInv

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/23/2010 9:48 PM, Mike Mohr wrote:

Good afternoon,

When generating an RSA key, several components are described in the
output file.  Per the RSA specification on wikipedia, I can identify
the following values:

prime1: p
prime2: q
modulus: N = p * q
publicExponent: e
privateExponent: d

What I'm not clear about is what function these values play:

exponent1: ??
exponent2: ??
coefficient: ??

Can someone explain?

Thanks,
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI


Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c.
Good hack,

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 12/24/2010 12:35 AM, Mike Mohr wrote:

Thanks much for the clarification.  I'm interested in re-implementing
RSA for my own education; can someone point me to the location in the
openssl sources where the RSA keys are actually generated (so I can
see how the BIGNUMs are manipulated)?

Thanks,
Mike

On Thu, Dec 23, 2010 at 1:17 PM, Mounir IDRASSI
mounir.idra...@idrix.net  wrote:

Take a look at :
http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm

exponent1 = dp
exponent2 = dq
coefficient = qInv

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/23/2010 9:48 PM, Mike Mohr wrote:

Good afternoon,

When generating an RSA key, several components are described in the
output file.  Per the RSA specification on wikipedia, I can identify
the following values:

prime1: p
prime2: q
modulus: N = p * q
publicExponent: e
privateExponent: d

What I'm not clear about is what function these values play:

exponent1: ??
exponent2: ??
coefficient: ??

Can someone explain?

Thanks,
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Pls some basic c code to generate key pair using openssl

2010-12-20 Thread Mounir IDRASSI

Hi,

Here are the basic calls needed to generate an ECC key (this example 
uses NSA Suite B curve P-256) :


int curveId = OBJ_sn2nid(prime256v1);
EC_GROUP* pGroup = EC_GROUP_new_by_curve_name(curveId);
EC_KEY* pKey = EC_KEY_new();
EC_KEY_set_group(pKey, pGroup);
EC_KEY_generate_key(pKey));

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/19/2010 8:47 AM, akdin wrote:

I am a new user of openssl. If anybody post basic C code to generate ecc key
pairsusing openssl it will give me an insight to produce further .

Ur help will be highly appreciable.,

regards
akdin


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: opensll-0.9.8q.tar.gz corrupted.

2010-12-03 Thread Mounir IDRASSI

Hi,

There is no problem with the archive.
If you are under Windows, use the latest 7zip (version 9.20). You will 
get a warning but the decompression is OK. The previous version of 7zip 
had a limitation for tar support.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/3/2010 2:28 PM, Brent Evans wrote:

It would appear that the opensll-0.9.8q.tar.gz file is corrupt.
un-tar fails.

Cheers,

Brent



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Private Key from Windows Cert Store

2010-12-03 Thread Mounir IDRASSI

Hi,

In order to enable the CAPI engine, you have to use the enable-capieng 
switch : this will compile the CAPI engine statically inside OpenSSL.
Here is a example of configure command line for this : perl Configure 
VC-WIN32 --prefix=c:/openssl enable-capieng


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/3/2010 6:21 PM, Fili, Tom wrote:

Ok, so I realized if I run Configure with no-static-engine I'll get the
separate dlls. These are the commands I run

C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure
VC-WIN32 --prefix=c:\temp\openssl no-static-engine

ms\do_ms.bat

nmake -f ms\ntdll.mak

Unfortunately I now get the following errors:


 link /debug /nologo /subsystem:console /opt:ref /debug /dll
/out:out32dl
l.dbg\4758cca.dll  @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp
Creating library out32dll.dbg\4758cca.lib and object
out32dll.dbg\4758cca.exp

e_4758cca.obj : error LNK2019: unresolved external symbol
_RSA_get_ex_data referenced in function _cca_rsa_pub_enc
e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size
referenced in function _cca_rsa_pub_enc
e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free
referenced in function _cca_rsa_verify
e_4758cca.obj : error LNK2019: unresolved external symbol
_OPENSSL_cleanse referenced in function _cca_rsa_verify
e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc
referenced in function _cca_rsa_verify
e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG
referenced in function _cca_rsa_verify
e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj
referenced in function _cca_rsa_verify
e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error
referenced in function _ERR_CCA4758_error
e_4758cca.obj : error LNK2019: unresolved external symbol
_ERR_get_next_error_library referenced in function _ERR_CCA4758_error
e_4758cca.obj : error LNK2019: unresolved external symbol
_ERR_set_implementation referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_ex_data_implementation referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_dynlock_create_callback referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_add_lock_callback referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_locking_callback referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_CRYPTO_set_mem_functions referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_get_static_state referenced in function _bind_engine
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_cmd_defns referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_load_pubkey_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_load_privkey_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_ctrl_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_finish_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_init_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_destroy_function referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_RAND referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_RSA referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ENGINE_set_name referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_id
referenced in function _bind_helper
e_4758cca.obj : error LNK2019: unresolved external symbol
_ERR_load_strings referenced in function _ERR_load_CCA4758_strings
e_4758cca.obj : error LNK2019: unresolved external symbol
_ERR_unload_strings referenced in function _ERR_unload_CCA4758_strings
e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_free
referenced in function _ibm_4758_cca_init
e_4758cca.obj : error LNK2019: unresolved external symbol
_RSA_get_ex_new_index referenced in function _ibm_4758_cca_init
e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_bind_func
referenced in function _ibm_4758_cca_init
e_4758cca.obj : error

Re: nist_cp_bn issue

2010-12-03 Thread Mounir IDRASSI


Hi,

What compiler are you using under Windows?
From my side, I have compiled and tested binaries produced by VC++ 2008 
SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW 
(gcc 4.5.0), and in both cases everything is OK (no crash and all tests 
succeed)


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr




On 12/4/2010 1:59 AM, Marcus Carey wrote:
I used openssl to create a server certificate and key.  The s_server 
application never

loads because the error occurs using the default ECDH parameters.  Then I
ran the ecdhtest application to see if there was a problem.

ecdhtest.exe is the test application in the crypto/ecdh directory for
testing elliptic curve Diffe-Hellman routines.  All of the PRIME test
failed.  However, the BINARY test passed.  As long as no other 
applications use these routines it should be okay. I guess.


- Original Message - From: Victor Duchovni 
victor.ducho...@morganstanley.com

To: openssl-users@openssl.org
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue



On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:


openssl ecdhtest


What is openssl ecdhtest?


Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe


With what cert/key? Any other options? What client invocation? ...


openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8)  Line 308 + 0x6 C


Sure looks like res is not quite right...


int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask = 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r-top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}


I don't understand the res = ... code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL 1.0.0c released

2010-12-02 Thread Mounir IDRASSI


http://www.openssl.org/news/secadv_20101202.txt

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 12/2/2010 9:03 PM, Erik Tkal wrote:

Can someone point to details on CVE-2010-4180 and CVE-2010-4252?  CVE-2010-3864 
was the reason 1.0.0b was released, but I cannot find any references to the 
other two.



Erik Tkal
Juniper OAC/UAC/Pulse Development


-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of OpenSSL
Sent: Thursday, December 02, 2010 2:17 PM
To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; 
openssl-us...@master.openssl.org
Subject: OpenSSL 1.0.0c released

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


OpenSSL version 1.0.0c released
===

OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/

The OpenSSL project team is pleased to announce the release of
version 1.0.0c of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release. For a complete
list of changes, please see

http://www.openssl.org/source/exp/CHANGES.

The most significant changes are:

   o Fix for security issue CVE-2010-4180
   o Fix for CVE-2010-4252
   o Fix mishandling of absent EC point format extension.
   o Fix various platform compilation issues.
   o Corrected fix for security issue CVE-2010-3864.

We consider OpenSSL 1.0.0c to be the best version of OpenSSL
available and we strongly recommend that users of older versions
upgrade as soon as possible. OpenSSL 1.0.0c is available for
download via HTTP and FTP from the following master locations (you
can find the various FTP mirrors under
http://www.openssl.org/source/mirror.html):

  * http://www.openssl.org/source/
  * ftp://ftp.openssl.org/source/

The distribution file name is:

 o openssl-1.0.0c.tar.gz
   Size: 4023056
   MD5 checksum: ff8fb85610aef328315a9decbb2712e4
   SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1

The checksums were calculated using the following commands:

 openssl md5 openssl-1.0.0c.tar.gz
 openssl sha1 openssl-1.0.0c.tar.gz

Yours,

The OpenSSL Project Team...

 Mark J. Cox Nils Larsch Ulf Möller
 Ralf S. Engelschall Ben Laurie  Andy Polyakov
 Dr. Stephen Henson  Richard Levitte Geoff Thorpe
 Lutz JänickeBodo Möller



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst
VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5
Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO
6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp
xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0
g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg==
=yMGM
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: contribution

2010-11-26 Thread Mounir IDRASSI

Hi,

Contribution are usually done by sending a patch to r...@openssl.org. The 
subject of the email must start with [PATCH].
The patch should be against the latest stable sources or CVS head of the 
branch/branches you are targeting (0.9.8x, 1.0.0x or 1.0.1x).

I hope this will help you enrich OpenSSL with this interesting engine.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 11/26/2010 10:11 AM, flavio vella wrote:

Hello,

we are a team of the department of Computer Science at the University 
of Perugia (Italy).
Recently, we have developed an engine that implements  AES in OpenCL 
(http://www.khronos.org/opencl/). This engine allows to perform AES on 
many-multi core devices (CPU or GPU).
The group's activities will focus on the consolidation of this engine 
and on the development of new ones.



We would like to release it as a contribution to openssl community.
What is the correct  practices to do it?



--
Dott. Flavio Vella
Department of Mathematics and Computer Science


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: creating RSA structure when Private key(E,D,N) known

2010-11-26 Thread Mounir IDRASSI

Hi,

I have developed a while ago a tool that uses OpenSSL in order to 
perform such conversions (between SFM format and CRT format).
I have put it under SourceForge (source and binary): 
http://rsaconverter.sourceforge.net/


The binary is for Windows but the sources (librsaconverter.c and 
librsaconverter.h) are portable and they provide two functions : 
SfmToCrt and CrtToSfm. In your case, you will use the function SfmToCrt 
in order to compute p,q,dp,dq and u.
The mathematics behind are explained on the PDF linked on the project 
page (idea based on Miller factoring algorithm as described on his 1976 
paper).


By the way, is this kind of functionality interesting enough to be 
integrated into OpenSSL code?


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 11/25/2010 1:32 PM, Chir wrote:

Hi guys,

i want to create a RSA structure to pass this to RSA_private_decrypt(). I am
not generating keys i am getting keys from second party. i have got N, D, E
but i dnt know how to generate p, q required to fill the RSA structure.
Please help.

Thanks
Chir


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-25 Thread Mounir IDRASSI

On 11/25/2010 6:32 AM, Victor Duchovni wrote:

Unless we are mistaken, I really think this should have been integrated
into 1.0.0b if not earlier. More important IMHO than backporting removal
of dead variables, which just risks code breakage, and should not go
into the stable release.


I agree.
I'll start a discussion about this on the dev list.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-24 Thread Mounir IDRASSI

Hi,

This is a known issue for which I have sent a patch (under ticket #2240) 
on April 25th 2010. OpenSSL wrongly returns an error if the ServerHello 
is missing the Supported Point Format extension whereas it should 
interpret it as only uncompressed format is supported.

Can you check that this solves the failures you are seeing?

Here is the link on RT with the description of the issue and the patch : 
http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 11/24/2010 11:37 PM, Victor Duchovni wrote:

I see intermitten failures to complete an SMTP STARTTLS handshake
with some servers. This happens when on entry into
ssl_check_serverhello_tlsext() the server proposes a kEECDH
cipher, say:

   (gdb) p *(s-s3-tmp.new_cipher)
   $7 = {valid = 1, name = 0x2a95a0ceea ECDHE-RSA-DES-CBC3-SHA, id = 50380818,
 algorithm_mkey = 128, algorithm_auth = 1, algorithm_enc = 2,
 algorithm_mac = 2, algorithm_ssl = 2, algo_strength = 129,
 algorithm2 = 12336, strength_bits = 168, alg_bits = 168}

but

   (gdb) p s-session-tlsext_ecpointformatlist
   $5 = (unsigned char *) 0x0
   (gdb) p s-session-tlsext_ecpointformatlist_length
   $6 = 0

and so the handshake fails on line 1469 of t1_lib.c:

   (gdb) bt
   #0  ssl_check_serverhello_tlsext (s=0x5745e0) at t1_lib.c:1469
   #1  0x002a959e5ad7 in ssl3_get_server_hello (s=0x5745e0) at s3_clnt.c:940
   #2  0x002a959e9220 in ssl3_connect (s=0x5745e0) at s3_clnt.c:279

(gdb) l
1467if ((s-session-tlsext_ecpointformatlist == NULL) || 
(s-session-tlsext_ecpointformatlist_length == 0))
1468{
1469
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1470return -1;
1471}

Is the server doing something wrong here? I see the same symptoms with
both 1.0.0a and 1.0.0b. Excluding kEECDH ciphers works yielding
EDH-RSA-DES-CBC3-SHA.

The packet dump (if that's useful is below):

TLS cipher list aNULL:ALL:+RC4:@STRENGTH:!eNULL
SSL_connect:before/connect initialization
write to 0054A4D0 [0057C340] (236 bytes =  236 (0xEC))
 16 03 01 00 e7 01 00 00|e3 03 01 4c ed 91 59 da   ...L..Y.
0010 b2 14 bb 72 d2 f0 65 69|84 18 5b 11 41 50 95 1c  ...r..ei ..[.AP..
0020 66 dc bb 5d 45 30 4d 7d|6e 52 00 00 00 76 c0 19  f..]E0M} nR...v..
0030 00 3a 00 89 c0 14 c0 0a|00 39 00 38 00 88 00 87  .:.. .9.8
0040 c0 0f c0 05 00 35 00 84|c0 17 00 1b c0 12 c0 08  .5.. 
0050 00 16 00 13 c0 0d c0 03|00 0a c0 18 00 34 00 9b   .4..
0060 00 46 c0 13 c0 09 00 33|00 32 00 9a 00 99 00 45  .F.3 .2.E
0070 00 44 c0 0e c0 04 00 2f|00 96 00 41 c0 16 00 18  .D./ ...A
0080 c0 11 c0 07 c0 0c c0 02|00 05 00 04 00 1a 00 15   
0090 00 12 00 09 00 19 00 14|00 11 00 08 00 06 00 17   
00a0 00 03 00 ff 01 00 00 44|00 0b 00 04 03 00 01 02  ...D 
00b0 00 0a 00 34 00 32 00 01|00 02 00 03 00 04 00 05  ...4.2.. 
00c0 00 06 00 07 00 08 00 09|00 0a 00 0b 00 0c 00 0d   
00d0 00 0e 00 0f 00 10 00 11|00 12 00 13 00 14 00 15   
00e0 00 16 00 17 00 18 00 19|00 23 .#
00ea -SPACES/NULLS
SSL_connect:SSLv2/v3 write client hello A
read from 0054A4D0 [005818A0] (7 bytes =  -1 (0x))
read from 0054A4D0 [005818A0] (7 bytes =  7 (0x7))
 16 03 01 12 d4 02..
0006 -SPACES/NULLS
read from 0054A4D0 [005818AA] (4818 bytes =  -1 (0x))
read from 0054A4D0 [005818AA] (4818 bytes =  2889 (0xB49))
 00 46 03 01 4c ed 91 59|67 4a d7 63 37 1e a1 b8  .F..L..Y gJ.c7...
0010 ac 62 3e 04 00 66 86 e1|de bb 04 9d 07 b2 ee b2  .b..f.. 
0020 9a 08 94 03 20 4c ed 91|59 49 98 8a 73 e0 bb 2d   L.. YI..s..-
0030 ee 4c ee 70 73 a2 ba 56|bb 8f bd 8a 0e 05 2b 63  .L.ps..V ..+c
0040 1c 31 d0 6a c6 c0 12 00|0b 00 11 cd 00 11 ca 00  .1.j 
0050 04 f2 30 82 04 ee 30 82|03 d6 a0 03 02 01 02 02  ..0...0. 
0060 04 46 45 1a ee 30 0d 06|09 2a 86 48 86 f7 0d 01  .FE..0.. .*.H
0070 01 05 05 00 30 81 ca 31|0b 30 09 06 03 55 04 06  0..1 .0...U..
0080 13 02 55 53 31 10 30 0e|06 03 55 04 08 13 07 41  ..US1.0. ..UA
0090 72 69 7a 6f 6e 61 31 13|30 11 06 03 55 04 07 13  rizona1. 0...U...
00a0 0a 53 63 6f 74 74 73 64|61 6c 65 31 1a 30 18 06  .Scottsd ale1.0..
00b0 03 55 04 0a 13 11 47 6f|44 61 64 64 79 2e 63 6f  .UGo Daddy.co
00c0 6d 2c 20 49 6e 63 2e 31|33 30 31 06 03 55 04 0b  m, Inc.1 301..U..
00d0 13 2a 68 74 74 70 3a 2f|2f 63 65 72 74 69 66 69  .*http:/ /certifi
00e0 63 61 74 65 73 2e 67 6f|64 61 64 64 79 2e 63 6f  cates.go daddy.co
00f0 6d 2f 72 65 70 6f 73 69|74 6f 72 79 31 30 30 2e  m/reposi tory100.
0100 06 03 55 04 03 13 27 47|6f 20 44 61 64 64 79 20  ..U...'G o Daddy
0110 53 65 63 75 72 65 20 43|65 72 74 69 66 69 63 61  Secure C ertifica
0120 74 69 6f 6e 20

Re: OpenSSL 1.0.0b testssl fails

2010-11-16 Thread Mounir IDRASSI
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But 
under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.


I don't see anything OS specific in the changes introduced in t1_lib.c 
or s3_srvr.c. Could it be a gcc bug?


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 11/16/2010 9:56 PM, Dr. Stephen Henson wrote:

On Tue, Nov 16, 2010, Victor Duchovni wrote:


Anyone know why I am seeing the below errors:

../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem 
-no_dhe -num 10 -f -time
Available compression methods:
   NONE
DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse 
tlsext:s3_srvr.c:1043:
10 handshakes of 256 bytes done
Approximate total server time:   0.00 s
Approximate total client time:   0.01 s


Dang, I'm seeing that too now. Why didn't I see that when I tested it
earlier today?

I'll look into it.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: s_server crashes in version 1.0.0a

2010-11-14 Thread Mounir IDRASSI

Hi,

I have no crash here, both with official release and snapshot.
Moreover, it is surprising that the command openssl s_server executes 
on your machine without specifying a key, which means that you have a 
server.pem file on your out32dll directory. In a clean build, there is 
no such file. Maybe you have some malformed key. Can you please check that?


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 11/14/2010 8:57 PM, Marcus Carey wrote:

I tried the latest snap shot before I sent the first email.
OpenSSL 1.0.1-dev xx XXX .

Also, when I ran the test, they all passed.  However, the ectest.exe 
application crashed.



- Original Message - From: Dr. Stephen Henson 
st...@openssl.org

To: openssl-users@openssl.org
Sent: Sunday, November 14, 2010 8:32 AM
Subject: Re: s_server crashes in version 1.0.0a



On Sun, Nov 14, 2010, Marcus Carey wrote:


Windows XP Service Pack 3
OpenSSL version 1.0.0a 1 Jun 2010

C:\openssl-1.0.0a\out32dllopenssl s_server
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters  After this message I get a pop a 
window saying openssl has encountered a problem and needs to close.




Please try a recent snapshot, this should be fixed now.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI


Hi Ariel,

If you want to avoid browsers warning, your only option is to get a 
valid certificate for your users from a commercial CA. You can get them 
for free from StartSSL for example (http://www.startssl.com/).


If you represent an organization, then you can try to qualify for the 
intermediate CA programs offered by commercial CAs. This involves being 
audited and vetted and this comes with some limitations. Of course, the 
price for such a program can be very high depending on your needs.

I hope this clarifies things for you.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/22/2010 7:03 PM, Ariel wrote:

Hi Dave, thanks for your reply but...

On Thu, Oct 21, 2010 at 7:52 PM, Dave Thompson dthomp...@prinpay.com 
mailto:dthomp...@prinpay.com wrote:


   From: owner-openssl-us...@openssl.org
mailto:owner-openssl-us...@openssl.org On Behalf Of Ariel
   Sent: Thursday, 21 October, 2010 16:34

   On Thu, Oct 21, 2010 at 12:44 AM, sandeep kiran p
sandeepkir...@gmail.com mailto:sandeepkir...@gmail.com wrote:
   mydomain.com.crt is an End-Entity certificate and
not a CA
cert. snip

   So basically you mean that I can't use mydomain.com.crt
to sign
and issue
 new certificates for my clients? I thought I can using the bundle or
intermediate
 one they provided to me. Sorry for my ignorance but I don't know
too much
 how does it work and this is annoying to me :S
   I only want to generate and issue new certificates that my
clients
can install
 in their browsers and then provide it to me (SSL Client
certificate) when
they come
 to my site. Is this possible without having to create a
self-sign CA cert
that causes
 browsers to not recognize it as a valid CA? Can I provide a trusted
chained root
 with the certificates I'm trying to issue?

 [sandeep?] So you either need to get a CA cert from GoDaddy or
setup a
test CA
 on your own using OpenSSL. GoDaddy, I am sure would not provide
you with a
CA
 certificate as that would then empower you to snip rest

Do as sandeep said. Create your own private CA with OpenSSL. You issue
certs to clients (who request them) and set your server(s) to
trust your
private root and thus the certs presented by the clients. Your server
presents the cert issued to it under a real CA which the clients
trust.

This means I need to create my own self-signed CA cert, right? And 
this is what I'm trying to avoid Because there is no established 
trust hierarchy leading to a self-signed certificate, it is impossible 
to verify that a self-signed certificate is genuine. [1]


I was reading here [2] because this is what I'm trying to do: SSL 
Client Authentication; but my problem is in how to setup or get a 
valid ca.crt that can use to sign and issue new client certificates 
and that will also validate properly.


Is this possible?

Thanks for your help,

- Ariel


[1] 
http://publib.boulder.ibm.com/infocenter/zos/v1r10/index.jsp?topic=/com.ibm.zos.r10.ikya100/intermed.htm
[2] 
http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-3


The only tricky bit is if your clients need to authenticate themselves
to some *other* server(s) besides yours. Then they need to be able to
select 'key/cert for Ariel' versus other, perhaps public, key/cert(s).
Your server should do SSL_[CTX_]set_client_CA_list to your private
root;
this will send a 'hint' to the client which cert to present --
although
it's up to the client to actually obey this hint, it's not
required to.

Plus of course you need to ensure that the people/machines you issue
certs to are in fact the ones you want as clients. Although if you
make a mistake, you can issue your own CRL(s) which your server
checks.
(And if it's convenient to put your CA on the same machine as your
server,
this greatly simplifies the CRL distribution procedure. G?)


__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
mailto:openssl-users@openssl.org
Automated List Manager majord...@openssl.org
mailto:majord...@openssl.org



--
Ariel Diaz Bermejo
http://www.linkedin.com/in/adiazbermejo



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI
Hi Ariel,

The simple answer to your questions is no. There is no way to workaround
this. Others have already explained why.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Well, I'm trying to do SSL Client Authentication for my website. So I
 bought
 a wildcard cert from GoDaddy and it works pretty well to enable SSL on my
 site. But now I'm trying to use it for SSL Client Auth for my clients.
 Then
 I'm trying to sign, issue and validate client certificates using the one I
 bought to GoDaddy with NO results :( So I'm wondering if it's possible and
 if so, how?

 Btw, the cert I got from GoDaddy has CA:false in its extensions, does it
 mean that I can't use for the purpose I want? Is it possible, in some way,
 to create and sign client certificates using the one I got from GoDaddy?
 How
 can I include or create a chained root certificates in the certificates I
 provide/issue to my clients?

 Hope you can understand my issues.

 Thanks,

 - Ariel

 On Fri, Oct 22, 2010 at 6:04 PM, Eduardo Navarro
 eduardo.nava...@live.comwrote:

 I think you can make your own CA, if you plan to only test this or want
 to
 have people you know and that know you, setup your root as trusted.

 If your purpose is just for using an SSL cert for a website you own,
 then
 you are basically better off just buying one from Verisign, Thawte,
 whoever.

 If you plan to start your own SSL issuing service, then this is a
 different
 story, you will need to look at WebTrust compliance as a starting point.

 -Eduardo

 -Original Message- From: Mounir IDRASSI
 Sent: Friday, October 22, 2010 2:26 PM
 To: openssl-users@openssl.org
 Subject: Re: error: unable to get local issuer certificate



 Hi Ariel,

 If you want to avoid browsers warning, your only option is to get a
 valid certificate for your users from a commercial CA. You can get them
 for free from StartSSL for example (http://www.startssl.com/).

 If you represent an organization, then you can try to qualify for the
 intermediate CA programs offered by commercial CAs. This involves being
 audited and vetted and this comes with some limitations. Of course, the
 price for such a program can be very high depending on your needs.
 I hope this clarifies things for you.

 Cheers,
 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr

 On 10/22/2010 7:03 PM, Ariel wrote:

 Hi Dave, thanks for your reply but...

 On Thu, Oct 21, 2010 at 7:52 PM, Dave Thompson
 dthomp...@prinpay.commailto:
 dthomp...@prinpay.com wrote:

   From: owner-openssl-us...@openssl.org
mailto:owner-openssl-us...@openssl.org On Behalf Of Ariel
   Sent: Thursday, 21 October, 2010 16:34

   On Thu, Oct 21, 2010 at 12:44 AM, sandeep kiran p
sandeepkir...@gmail.com mailto:sandeepkir...@gmail.com wrote:
   mydomain.com.crt is an End-Entity certificate and
not a CA
cert. snip

   So basically you mean that I can't use mydomain.com.crt
to sign
and issue
 new certificates for my clients? I thought I can using the bundle
 or
intermediate
 one they provided to me. Sorry for my ignorance but I don't know
too much
 how does it work and this is annoying to me :S
   I only want to generate and issue new certificates that my
clients
can install
 in their browsers and then provide it to me (SSL Client
certificate) when
they come
 to my site. Is this possible without having to create a
self-sign CA cert
that causes
 browsers to not recognize it as a valid CA? Can I provide a
 trusted
chained root
 with the certificates I'm trying to issue?

 [sandeep?] So you either need to get a CA cert from GoDaddy or
setup a
test CA
 on your own using OpenSSL. GoDaddy, I am sure would not provide
you with a
CA
 certificate as that would then empower you to snip rest

Do as sandeep said. Create your own private CA with OpenSSL. You
 issue
certs to clients (who request them) and set your server(s) to
trust your
private root and thus the certs presented by the clients. Your
 server
presents the cert issued to it under a real CA which the clients
trust.

 This means I need to create my own self-signed CA cert, right? And this
 is
 what I'm trying to avoid Because there is no established trust
 hierarchy
 leading to a self-signed certificate, it is impossible to verify that a
 self-signed certificate is genuine. [1]

 I was reading here [2] because this is what I'm trying to do: SSL
 Client
 Authentication; but my problem is in how to setup or get a valid ca.crt
 that
 can use to sign and issue new client certificates and that will also
 validate properly.

 Is this possible?

 Thanks for your help,

 - Ariel


 [1]
 http://publib.boulder.ibm.com/infocenter/zos/v1r10/index.jsp?topic=/com.ibm.zos.r10.ikya100/intermed.htm
 [2]
 http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-3

The only tricky bit is if your clients need

Re: [patch] LNK4078 and LNK4210 linking with x64 static libs

2010-10-19 Thread Mounir IDRASSI


Hi,

I was not involved in this discussion, but I wanted just to say that 
patches and other development issues are discussed in the openssl-dev 
list and all messages sent to r...@openssl.org are also copied to that 
list not the users list.  Anyone interested in OpenSSL internals should 
join openssl-dev to be kept updated.
That being said, I understand your frustration but the others certainly 
thought you were aware of their discussion in the other list.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/19/2010 1:20 PM, Jakob Bohm wrote:

 On 19-10-2010 12:32, per frykenvall wrote:
 Thanks, Jakob! However, I followed Dr. Stephen Hensons advice 
earlier in this thread and filed a report to the bug tracker, and got 
a resolution from Andy Polyakov a week ago, based on your suggestion. 
I've tested it and am fully satisfied:


[openssl.org #2356] Resolved: LNK4078 and LNK4210 linking with x64 
static libs

http://cvs.openssl.org/chngview?cn=19935

So I wasted my precious time preparing a patch while someone else had 
already posted a

patch off-list.

Thanks to everyone involved for not telling the list that this issue 
had been resolved in another forum!



Of course, that resolution does not include the race condition you 
describe.


Best regards,
Per

On 2010-10-18 17:35, Jakob Bohm wrote:

I have now created an actual patch to fix this.
It turns out to be a small pattern bug in x86_64xlate.pl

Patch attached as openssl-1.0.0a-x86_64attr.patch.

While debugging this patch I ran into an unrelated issue where nmake 
would invoke nasm before the .asm file had been completely output.

This is probably a bug in the perl build used on one of the test
machines, but I think the patch to kludge around that race condition
might be useful too.

Patch attached as openssl-1.0.0a-x86_64cpuid-build-race.patch.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: SSL Negotiation Command Failed when sending mail via TLS

2010-10-13 Thread Mounir IDRASSI

 Hi,

The error string you are giving is not part of the OpenSSL code, so we 
can't help you much.
You have to give us the error code returned by what ever OpenSSL 
function you are using. A stripped down version of your code would also 
help better understand your approach.
Under Windows, some problems can arise because conflicting versions of 
the OpenSSL dlls exist on different directories belonging to the PATH. 
try checking if the machine where the problem exists has only the 
version of dlls you are targeting.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/13/2010 11:23 PM, Roger Eckhard wrote:

I am using the OpenSSL dlls libeay32 and ssleay32 to send SMTP email using TLS. 
 My code works fine on most machines, but on one particular computer, it fails 
with the error:

Start SSL negotiation command failed

Whenever I try to connect to the mail server.   All the machines are connecting 
to the same mail server (Gmail) so its not a problem on the server end.  The 
problem machine is a Windows 7 32 bit install.

Can anyone shed some light on what might cause this, or how I can best debug 
the problem?

Thanks,


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert

2010-10-13 Thread Mounir IDRASSI

 Hi Stefan,

The value of the Basic Constraint extension of this website self-signed 
certificate is End Entity and, more importantly, it is set to 
Critical. So, technically speaking, this certificate can not be a CA and 
it can't certify itself.
The Nokia implementation seems to be strict compared with others but it 
can't be blamed for checking the correctness of a certificate.
The administrators of this website can solve this issue by creating a 
new certificate without the Basic Constraint extension. A more clean 
solution would be to a have the server's certificate issued by a root CA 
of their own, like in any normal PKI architecture.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/13/2010 7:11 PM, Stefan Bauer wrote:

Dear Openssl-Users,

i recently came across a problem with the offered ssl-cert on
www.mastersnet.de

It's a self signed cert and all of the nokia cell phones, i get my
hands on refuse to accept this cert when trying to import it
manually in the cert store. It is working without problems for
example with a signed cert from cacert (where the root-CA-cert is
also not in the default cert store) I'm asking for your help hereby,
if some of you could please have a look at this cert and tell me, if
there is something suspicous, leading to the reported problem.

It might be a bug in the nokia cell phones. It's working with iPhone
or windows mobile devices.

Thanks in advance

Stefan


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to sign new certificates

2010-10-11 Thread Mounir IDRASSI

 Hi Ariel,

You can't achieve what you want because the certificate you bought is 
not a CA one : if you look at its extensions, you will find that the 
value of the Certificate Basic Constraints extension is End Entity and 
that it is set as Critical.
if the contrary was possible, then it would have been a big security 
hole : you could issue valid certificates for domains without 
authorization (like paypal.com) and it will enable you to mount 
sophisticated man-in-the-middle attacks.


To authenticate users in your website, create you own CA, issue 
certificates for them and then configure your webserver to accept only 
client certificates issued by your CA.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/12/2010 5:41 AM, Ariel wrote:

Hi again,

I could enable my site to use SSL with a wildcard certificate bought to
GoDaddy by concatening the mysite.com.crt and the gd_bundle.crt into a
combined one mysite.com.combined.crt (explained in a previous email).
Now I want to enable SSL Client certificate, creating new keypair files, new
certificate signed requests (csr) and signing them using my combined cert
file as the CA.
Is that possible? How can achieve this goal using the command line tool?

Thanks,



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: PEM_write_PUBKEY segfault with 1.0.0 on windows

2010-10-06 Thread Mounir IDRASSI

 Hi,

Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a 
in Release and Debug modes and ran on Windows 7 system (hardware DEP 
enabled).
What compiler are you using? Can you perform a debug build and give us a 
crash trace?


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 06/10/2010 00:31, Kenneth Goldman wrote:

I'm getting a PEM_write_PUBKEY() segfault.  This is existing code that
works
with 0.9.8 with Windows or 1.0.0. with Linux, but fails with 1.0.0. and
Windows.
What's my latent bug?

Here's a small sample that fails:

 RSA *rsa = RSA_generate_key(512, 65537, NULL, NULL);
 EVP_PKEY *pkey = EVP_PKEY_new();
 EVP_PKEY_assign_RSA(pkey, rsa);
 FILE *file = fopen(tmp.pem, wb);

 PEM_write_PUBKEY(file, pkey);

In my actual application, I set rsa-n and rsa-e to bignums that
I generate.  I think that should be enough to write the public key.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: CA cert from .p12 file

2010-09-20 Thread Mounir IDRASSI

 Hi,

Your PKCS#12 file doesn't contain the CA, so the simplest solution is to 
use Windows: since you can use it correctly, there is a big chance that 
the CA is installed under Windows, so go to the IE certificate store, 
double click on your certificate, go to the Certification Path tab and 
from there copy the CA that signed your certificate to a file (Base64 
encoded). You can then transfert this file to your Linux box.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Your

On 9/20/2010 12:45 PM, Sergey Sedov wrote:

Hi,

My ISP provides to me .p12 file containing certs for using TLS for 
wifi connection.

I can install it under Windows and use it.
But when I try to install it under Linux I have some troubles.
NetworkManager wants 3 certs to setup TLS for wifi connection.
I can extract User cert and Private Key, but can't extract CA Cert.
The output file after using this command has zero length:
openssl pkcs12  -in example.p12  -out cacert.pem -cacerts -nokeys
So, I suppose that there is no CA Cert in this .p12 file.
Is there any other way to obtain CA Cert for this ISP or to cheat 
NetworkManager?

Why it works under Windows?

Thanks and best regards,

Sergey 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-19 Thread Mounir IDRASSI
Hi,

The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi

 Thanks for your response. In which lplatform do I compile/execute the below
 CODE?
 I only have UNIX command line and Windows available.

 Regards
 Vivek Panikulam




 
 From: Mounir IDRASSI mounir.idra...@idrix.net
 To: openssl-users@openssl.org
 Sent: Fri, September 17, 2010 10:07:10 PM
 Subject: Re: How to convert RSA public key XML format to PEM or ASCII
 format

 Hi,

 To perform the conversion, use your favorite XML library to extract the
 BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY
 structure from these using the functions I'm pasting below. From here,
 call PEM_write_PUBKEY to create a PEM file that will contain your RSA
 public key and that can be used later by OpenSSL.

 CODE
 unsigned char *fromBase64(const char* szInput, int* pLen)
 {
   BIO *b64, *bmem;
   size_t length = strlen(szInput);
   // The length of BASE64 representation is always bigger
   // than the actual data length, so the size given to
   // the malloc below is sufficient to hold all the
   // decoded data
   unsigned char *buffer = (unsigned char *)malloc(length);

   b64 = BIO_new(BIO_f_base64());
   // No LF on the input string
   BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
   bmem = BIO_new_mem_buf((void*)szInput, length);
   bmem = BIO_push(b64, bmem);

   *pLen = BIO_read(bmem, buffer, length);
   BIO_free_all(bmem);

   return buffer;
 }

 BIGNUM* BN_fromBase64(const char* szBase64)
 {
   BIGNUM* bn = NULL;
   int iLen;
   unsigned char* pbData = fromBase64(szBase64, iLen);
   if (iLen)
   {
       bn = BN_bin2bn(pbData, iLen, NULL);
   }
   free(pbData);
   return bn;
 }

 EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp)
 {
   BIGNUM *n = BN_fromBase64(szModulus);
   BIGNUM *e = BN_fromBase64(szExp);

   if (!n) printf(Invalid encoding for modulus\n);
   if (!e) printf(Invalid encoding for public exponent\n);

   if (e  n)
   {
       EVP_PKEY* pRsaKey = EVP_PKEY_new();
       RSA* rsa = RSA_new();
       rsa-e = e;
       rsa-n = n;
       EVP_PKEY_assign_RSA(pRsaKey, rsa);
       return pRsaKey;
   }
   else
   {
       if (n) BN_free(n);
       if (e) BN_free(e);
       return NULL;
   }
 }
 /CODE

 Cheers,
 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr

 Hi All 

 I have a RSA public key provided in the below format and would like to
 know how
 to convert it into a format like PEM or any other format which can be
 read
 by
 openssl. I didnt find any conclusive solutions for this on www. Will
 the application which generated this key format be capable of generating
 the
 same key in PEM or ASCII format?

   ?xml version=1.0 encoding=UTF-8 ?
 - RSAKeyValue
  
ModulusdhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq/Modulus


   ExponentAQAB/Exponent
   /RSAKeyValue

 Regards
 Vivek Panikulam






 __
 OpenSSL Project                                http://www.openssl.org
 User Support Mailing List                    openssl-users@openssl.org
 Automated List Manager                          majord...@openssl.org





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-18 Thread Mounir IDRASSI
Hi,

The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi

 Thanks for your response. In which platform do I compile/execute the below
 CODE?
 I only have UNIX command line and Windows available.

 Regards
 Vivek Panikulam




 
 From: Mounir IDRASSI mounir.idra...@idrix.net
 To: openssl-users@openssl.org
 Sent: Fri, September 17, 2010 10:07:10 PM
 Subject: Re: How to convert RSA public key XML format to PEM or ASCII
 format

 Hi,

 To perform the conversion, use your favorite XML library to extract the
 BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY
 structure from these using the functions I'm pasting below. From here,
 call PEM_write_PUBKEY to create a PEM file that will contain your RSA
 public key and that can be used later by OpenSSL.

 CODE
 unsigned char *fromBase64(const char* szInput, int* pLen)
 {
   BIO *b64, *bmem;
   size_t length = strlen(szInput);
   // The length of BASE64 representation is always bigger
   // than the actual data length, so the size given to
   // the malloc below is sufficient to hold all the
   // decoded data
   unsigned char *buffer = (unsigned char *)malloc(length);

   b64 = BIO_new(BIO_f_base64());
   // No LF on the input string
   BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
   bmem = BIO_new_mem_buf((void*)szInput, length);
   bmem = BIO_push(b64, bmem);

   *pLen = BIO_read(bmem, buffer, length);
   BIO_free_all(bmem);

   return buffer;
 }

 BIGNUM* BN_fromBase64(const char* szBase64)
 {
   BIGNUM* bn = NULL;
   int iLen;
   unsigned char* pbData = fromBase64(szBase64, iLen);
   if (iLen)
   {
       bn = BN_bin2bn(pbData, iLen, NULL);
   }
   free(pbData);
   return bn;
 }

 EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp)
 {
   BIGNUM *n = BN_fromBase64(szModulus);
   BIGNUM *e = BN_fromBase64(szExp);

   if (!n) printf(Invalid encoding for modulus\n);
   if (!e) printf(Invalid encoding for public exponent\n);

   if (e  n)
   {
       EVP_PKEY* pRsaKey = EVP_PKEY_new();
       RSA* rsa = RSA_new();
       rsa-e = e;
       rsa-n = n;
       EVP_PKEY_assign_RSA(pRsaKey, rsa);
       return pRsaKey;
   }
   else
   {
       if (n) BN_free(n);
       if (e) BN_free(e);
       return NULL;
   }
 }
 /CODE

 Cheers,
 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr

 Hi All 

 I have a RSA public key provided in the below format and would like to
 know how
 to convert it into a format like PEM or any other format which can be
 read
 by
 openssl. I didnt find any conclusive solutions for this on www. Will
 the application which generated this key format be capable of generating
 the
 same key in PEM or ASCII format?

   ?xml version=1.0 encoding=UTF-8 ?
 - RSAKeyValue
  
ModulusdhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq/Modulus


   ExponentAQAB/Exponent
   /RSAKeyValue

 Regards
 Vivek Panikulam






 __
 OpenSSL Project                                http://www.openssl.org
 User Support Mailing List                    openssl-users@openssl.org
 Automated List Manager                          majord...@openssl.org






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Error while trying to get text output from x509 cert file

2010-09-18 Thread Mounir IDRASSI
Hi,

The error says that it didn't find the expected start line for a
certificate which is -BEGIN CERTIFICATE- .
So, check that your certificate is indeed BASE64 encoded and that the
first line is -BEGIN CERTIFICATE- and the last is -END
CERTIFICATE- .

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi

 I am trying to get output from this x509 certificate and am getting the
 below
 error. Please let me know how to resolve this error and generate text
 output
 from this cert file.

 $ openssl x509 -in TestCryptPublic.cert -pubkey
 unable to load certificate
 557096:error:0906D06C:PEM routines:PEM_read_bio:no start
 line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE


 Regards
 Vivek Panikulam





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: cannot create p12 file

2010-09-18 Thread Mounir IDRASSI
Hi,

It hangs because it is waiting for the input certificate that has to be
put with the given key inside the PKCS#12 file. Replace the -certfile
option with -in and everything will be OK. Actually -certfile is for
adding additional certificate, not the main one.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 I am trying to create a .p12 file with pkcs12.



 I created the private key:



 #openssl genrsa -out user.key -des3





 I also create a certificate signing request (openssl req ..) and a
 certificate  (openssl ca.)



 I want to store the user key (and optionally the user certificate) in a
 .p12
 file that can be imported Microsoft IIS.



 #openssl pkcs12 -export -inkey user.key -certfile user.cer -out user.pfx
 -name my key

 Or

 #openssl pkcs12 -export -inkey user.key -out user.pfx  -name my key





 In either case, I get prompted for the pass phase for the key, then the
 process just hangs.  This is with OpenSSL 1.0.0 on Solaris 10 and OpenSSL
 0.9.8l under cygwin.



 I am pretty sure I have do this in the past and not sure what I am doing
 wrong.



 Thanks for you help.








__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Loading and using PKCS#12 in runtime

2010-09-17 Thread Mounir IDRASSI
Hi,

First, OpenSSL_add_all_algorithms is just a define that resolves to
OPENSSL_add_all_algorithms_noconf (or OPENSSL_add_all_algorithms_conf if
you define OPENSSL_LOAD_CONF in your build). It's there on evp.h .

To solve you PKCS#12 problem, all you need is to call
OpenSSL_add_all_algorithms at the start of your program. Which means in
your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and
then call it.

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


 Hello,

For certain reasons I want to load the OpenSSL libraries at run-time
 (rather than at load-time). My application will specifically need to be
 able to load a PKCS#12 file, and fiddle around with the data in it.

The relevant code snippets follows (the code below is just exerts,
 and parts where originally taken from apps/apps.c):

 
 typedef int (OPENSSLCALLCONV *pfnPKCS12_parse)(PKCS12 *p12, const char
 *pass,
   EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
 typedef int (OPENSSLCALLCONV *pfnPKCS12_free)(PKCS12 *p12);
 typedef int (OPENSSLCALLCONV *pfnPKCS12_verify_mac)(PKCS12 *p12,
   const char *pass, int passlen);
 typedef PKCS12 *(OPENSSLCALLCONV *pfnd2i_PKCS12_fp)(FILE *fp, PKCS12
 **p12);


 pfnPKCS12_parse pkcs12_parse = NULL;
 pfnPKCS12_free pkcs12_free = NULL;
 pfnPKCS12_verify_mac pkcs12_verify_mac = NULL;
 pfnd2i_PKCS12_fp d2i_pkcs12_fp = NULL;


 main()
 {
int ret = 0;
void *lib = NULL;
char *error = NULL;

lib = dlopen(fname, RTLD_LAZY);

dlerror();

pkcs12_parse = (pfnPKCS12_parse)dlsym(lib, PKCS12_parse);
pkcs12_free = (pfnPKCS12_free)dlsym(lib, PKCS12_free);
pkcs12_verify_mac = (pfnPKCS12_verify_mac)dlsym(lib,
 PKCS12_verify_mac);
d2i_pkcs12_fp = (pfnd2i_PKCS12_fp)dlsym(lib, d2i_PKCS12_fp);


fpp12file = fopen(p12file, rb);
if(fpp12file == NULL)
{
   printf(Error: Unable to fopen(\%s\)\n, p12file);
   return 1;
}

load_pkcs12(fpp12file, P12 test #1, p12password, NULL, NULL, NULL);

return 0;
 }


 int load_pkcs12(FILE *fp, const char *desc, const char *passwd,
   EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
   int len, ret = 0;
   PKCS12 *p12;

   p12 = d2i_pkcs12_fp(fp, NULL);
   if(p12 == NULL)
   {
   printf(Error: Unable to load PKCS12 file for \%s\\n, desc);
   goto die;
   }
   /* See if an empty password will do */
   if(pkcs12_verify_mac(p12, , 0) || pkcs12_verify_mac(p12, NULL, 0))
   {
   pass = ;
   }
   else
   {
   len = strlen(passwd);
   if(!pkcs12_verify_mac(p12, passwd, len))
   {
   printf(Mac verify error (wrong password?) in PKCS12 
   file for %s\n, desc);
   goto die;
   }
   pass = tpass;
   }
   ret = pkcs12_parse(p12, pass, pkey, cert, ca);
 die:
   if(p12)
   pkcs12_free(p12);
   return ret;
 }
 

I get the Mac verify error (wrong password? ... error.

My initial guess was that I need to initialize the library in some
 manner before I can call functions which perform the verification. A
 quick search led me to
 http://www.ibm.com/developerworks/linux/library/l-openssl.html, which
 stipulates:

``/* Initializing OpenSSL */

  SSL_load_error_strings();
  ERR_load_BIO_strings();
  OpenSSL_add_all_algorithms();''

I nm'd my /usr/lib/libcrypto.so, but it doesn't appear to contain any
 entry for OpenSSL_add_all_algorithms. It does however have:
 0009be20 T OpenSSL_add_all_ciphers
 0009bc90 T OpenSSL_add_all_digests

But I'm beginning to feel that I might be chasing the wrong end here.
 Can anyone find an immediate problem with how I'm using the PKCS#12
 functions?

 --
 Kind regards,
 Jan Danielsson





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-17 Thread Mounir IDRASSI
Hi,

To perform the conversion, use your favorite XML library to extract the
BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY
structure from these using the functions I'm pasting below. From here,
call PEM_write_PUBKEY to create a PEM file that will contain your RSA
public key and that can be used later by OpenSSL.

CODE
unsigned char *fromBase64(const char* szInput, int* pLen)
{
   BIO *b64, *bmem;
   size_t length = strlen(szInput);
   // The length of BASE64 representation is always bigger
   // than the actual data length, so the size given to
   // the malloc below is sufficient to hold all the
   // decoded data
   unsigned char *buffer = (unsigned char *)malloc(length);

   b64 = BIO_new(BIO_f_base64());
   // No LF on the input string
   BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
   bmem = BIO_new_mem_buf((void*)szInput, length);
   bmem = BIO_push(b64, bmem);

   *pLen = BIO_read(bmem, buffer, length);
   BIO_free_all(bmem);

   return buffer;
}

BIGNUM* BN_fromBase64(const char* szBase64)
{
   BIGNUM* bn = NULL;
   int iLen;
   unsigned char* pbData = fromBase64(szBase64, iLen);
   if (iLen)
   {
  bn = BN_bin2bn(pbData, iLen, NULL);
   }
   free(pbData);
   return bn;
}

EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp)
{
   BIGNUM *n = BN_fromBase64(szModulus);
   BIGNUM *e = BN_fromBase64(szExp);

   if (!n) printf(Invalid encoding for modulus\n);
   if (!e) printf(Invalid encoding for public exponent\n);

   if (e  n)
   {
  EVP_PKEY* pRsaKey = EVP_PKEY_new();
  RSA* rsa = RSA_new();
  rsa-e = e;
  rsa-n = n;
  EVP_PKEY_assign_RSA(pRsaKey, rsa);
  return pRsaKey;
   }
   else
   {
  if (n) BN_free(n);
  if (e) BN_free(e);
  return NULL;
   }
}
/CODE

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi All 

 I have a RSA public key provided in the below format and would like to
 know how
 to convert it into a format like PEM or any other format which can be read
 by
 openssl. I didnt find any conclusive solutions for this on www. Will
 the application which generated this key format be capable of generating
 the
 same key in PEM or ASCII format?

   ?xml version=1.0 encoding=UTF-8 ?
 - RSAKeyValue
  
 ModulusdhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq/Modulus

   ExponentAQAB/Exponent
   /RSAKeyValue

 Regards
 Vivek Panikulam






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Intermediate root CA's -- lost and confused :(

2010-09-13 Thread Mounir IDRASSI

 Hi Paul,

Can you test the SSLCertificateChainFile instructions from the following 
site : http://www.cam.ac.uk/cs/tlscerts/deploying-thawte.html?
Your problem could come from the fact that your Apache 
SSLCertificateChainFile configuration is missing the Thawte Cross Root 
CA that links thawte Primary Root CA to Thawte Premium Server CA.


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 9/14/2010 3:32 AM, Paul B. Henson wrote:

On Mon, 13 Sep 2010, Tim Hudson wrote:


Try gnutls without the TLS extensions processing occurring and you will
see that the server is not sending back the certificate chain:

Hmm, so the server isn't volunteering the chain, but if the client is smart
enough to ask for it it will provide it :)?


This fails. You need to correct your server configuration so that it
correctly sends out the chain.

I'm using bog-standard apache with mod_ssl, currently version 2.2.14. The
instructions from Thawte were to use the SSLCACertificateFile directive in
the config pointing to a file they provided containing two certs (the
thawte Primary Root CA followed by the Thawte SSL CA). My server cert
is signed by the Thawte SSL CA, and my openssl client has the Thawte
Premium Server CA cert installed on it.

This didn't work, as you point out it seems the server is not sending the
chain. Per an off list discussion, I've changed my config and am now using
the SSLCertificateChainFile directive instead (which seems to be the better
way to do it). I also reversed the order of the certs in the file per a
forum thread I found indicating they should be in order of verification.

That's still not working, no chain from the server.

Presumably somebody has one of these new Thawte certs installed under
apache working correctly, could one of those somebodies possibly post what
apache configuration directives they are using, and what certificates in
what order are present in the intermediate ca file they are using? That
would be greatly appreciated :).

Thanks...




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Mounir IDRASSI
Hi Peter,

Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length basis without caring about leading zeros.
Specifically, Peter Gutmann in his X.509 Style Guide says this about this
field : If you're writing certificate-handling code, just treat the
serial number as a blob which happens to be an encoded integer.

Moreover, major PKI libraries are tolerant vis-a-vis the encoding of the
serial number field of a certificate and they verify successfully the
certificate chain given by the original poster.

For example, NSS, GnuTLS and CryptoAPI accept the given certificates and
verify successfully their trust.

Supporting or not specific broken implementations have always been the
subject of heated debates. Concerning the specific issue here, it's clear
that OpenSSL is too restrictive compared to other major libraries since
this is a minor deviation from the BER specs (i.e. minimal bytes
representation) and thus hurts deployments of real-world certificates.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


 The encoding is invalid BER.
 The openssl is tolerant but also destructive in copy.

 whenever  you use openssl x509 -in -out ... you remove one leading 0
 octet.

 IMHO openssl should reject the cert because of invalid encoding.


 On 08/29/2010 04:17 AM, Mounir IDRASSI wrote:
  Hi,

 The problem you are encountering is partly caused by the way OpenSSL
 handles integers whose DER encoded value starts with one or more zeros
 : in this case, OpenSSL removes the leading zero when creating the
 corresponding ASN1_INTEGER structure thus leading to the fact that
 computed DER of this structure and the original one will be different!!

 In your case, the certificate you are trying to verify has a DER
 encoded serial number 00 00 65. So, OpenSSL will create an
 ASN1_INTEGER with a value of 00 65. And in the course of the
 certificate signature verification, this structure will be encoded to
 DER which will lead to a encoded value of 00 65. Thus, the generated
 DER of the CertInfo will be different from the original one, which
 explains why the signature verification fails.

 After some digging, I found that part of the problem is caused by the
 functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file
 crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that
 removes any leading zeros. Commenting out these blocks solves the DER
 encoding mismatch but the verification still fails because the
 computed digest is different from the recovered one.

 I will continue my investigation to find all the culprits.
 Meanwhile, the question remains why in the first place the removal of
 the leading zero from the parsed DER encoding was added since this
 clearly have the side effect of making the computed DER different from
 the original one.

 Cheers,
 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr


 On 8/28/2010 10:43 PM, Goran Rakic wrote:
 Hi all,

 I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
 downloaded from http://ca.mup.gov.rs/sertifikati-lat.html

 Certificate path is MUPCARoot  MUPCAGradjani and I would like to
 validate MUPCAGradjani against the other. What I did is to convert both
 to PEM format and rename them by hash as efd6650d.0 (Gradjani) and
 fc5fe32d.0 (Root) using this script:

  #!/bin/bash
  hash=`openssl x509 -in $1 -inform DER -noout -hash`
  echo Saving $1 as $hash.0
  openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM

 Now I run:

  $ openssl verify -CApath . efd6650d.0
  error 7 at 0 depth lookup:certificate signature failure
  16206:error:04077068:rsa routines:RSA_verify:bad
 signature:rsa_sign.c:255:
  16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
 lib:a_verify.c:173:/pre

 Hm, that is not working. What am I doing wrong here?

 I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I
 also have my personal certificate issued by MUPCAGradjani that I would
 like to verify but it is failing with the same error (just one level
 down):

  $ openssl verify -CApath . qualified.pem
  qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike
 Srbije/L=Beograd/C=Republika Srbija (RS)
  error 7 at 1 depth lookup:certificate signature failure
  16258:error:04077068:rsa routines:RSA_verify:bad
 signature:rsa_sign.c:255:
  16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
 lib:a_verify.c:173:/pre

 When I install downloaded certificates in Windows using Internet
 Explorer and doubleclick on my personal certificate (qualified.cer) it
 looks valid. I am not sure, but I believe it is doing certificate chain
 validation so the certificates and paths should be valid. After all
 they
 are issued by a trustful CA.

 Output of openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text
 -in $1 looks reasonable

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-28 Thread Mounir IDRASSI

 Hi,

The problem you are encountering is partly caused by the way OpenSSL 
handles integers whose DER encoded value starts with one or more zeros : 
in this case, OpenSSL removes the leading zero when creating the 
corresponding ASN1_INTEGER structure thus leading to the fact that 
computed DER of this structure and the original one will be different!!


In your case, the certificate you are trying to verify has a DER encoded 
serial number 00 00 65. So, OpenSSL will create an ASN1_INTEGER with a 
value of 00 65. And in the course of the certificate signature 
verification, this structure will be encoded to DER which will lead to a 
encoded value of 00 65. Thus, the generated DER of the CertInfo will 
be different from the original one, which explains why the signature 
verification fails.


After some digging, I found that part of the problem is caused by the 
functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file 
crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that 
removes any leading zeros. Commenting out these blocks solves the DER 
encoding mismatch but the verification still fails because the computed 
digest is different from the recovered one.


I will continue my investigation to find all the culprits.
Meanwhile, the question remains why in the first place the removal of 
the leading zero from the parsed DER encoding was added since this 
clearly have the side effect of making the computed DER different from 
the original one.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 8/28/2010 10:43 PM, Goran Rakic wrote:

Hi all,

I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
downloaded from http://ca.mup.gov.rs/sertifikati-lat.html

Certificate path is MUPCARoot  MUPCAGradjani and I would like to
validate MUPCAGradjani against the other. What I did is to convert both
to PEM format and rename them by hash as efd6650d.0 (Gradjani) and
fc5fe32d.0 (Root) using this script:

 #!/bin/bash
 hash=`openssl x509 -in $1 -inform DER -noout -hash`
 echo Saving $1 as $hash.0
 openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM

Now I run:

 $ openssl verify -CApath . efd6650d.0
 error 7 at 0 depth lookup:certificate signature failure
 16206:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255:
 16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
lib:a_verify.c:173:/pre

Hm, that is not working. What am I doing wrong here?

I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I
also have my personal certificate issued by MUPCAGradjani that I would
like to verify but it is failing with the same error (just one level
down):

 $ openssl verify -CApath . qualified.pem
 qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike 
Srbije/L=Beograd/C=Republika Srbija (RS)
 error 7 at 1 depth lookup:certificate signature failure
 16258:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255:
 16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
lib:a_verify.c:173:/pre

When I install downloaded certificates in Windows using Internet
Explorer and doubleclick on my personal certificate (qualified.cer) it
looks valid. I am not sure, but I believe it is doing certificate chain
validation so the certificates and paths should be valid. After all they
are issued by a trustful CA.

Output of openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text
-in $1 looks reasonable for both downloaded certificates and is the
same before and after conversion to PEM (using -inform DER in the first
case). My take on this is that I am not doing conversion properly or
maybe the original certificates are in some other format requiring extra
argument, but I can not find answer in the docs.

How can I properly validate X.509 certificate from
http://ca.mup.gov.rs/sertifikati-lat.html by certificate chain?

Kind regards,
Goran


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Check the private key

2010-08-20 Thread Mounir IDRASSI

 Hi Ingo,

You are mistaken : this keys is not an encoded RSAPrivateKey as defined 
by PKCS#1 but it's an encoded PrivateKeyInfo as defined in PKCS#8. Here 
is the ASN.1 definitions :


PrivateKeyInfo ::= SEQUENCE {
  version Version,
  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
  privateKey PrivateKey,
  attributes [0] Attributes OPTIONAL }

Version ::= INTEGER {v1(0)} (v1,...)
PrivateKey ::= OCTET STRING

As you can see from the ASN.1 dump, it starts with the version, followed 
by the algorithm identifier and then the RSAPrivateKey encoding inside 
an OctetString.


Concerning Vladimir's question, the answer is simple : your key is OK 
and it was verified successfully by OpenSSL. The error message you are 
getting is due to the fact that in the source code of the rsa utility 
there is a line that dumps the errors on OpenSSL stack and in this case 
there is an error that is harmless and that is caused by the way OpenSSL 
tries to decode the PEM content.

In the file apps/rsa.c, at line 335, there is the following  :
if (r == -1 || ERR_peek_error() != 0) /* should happen only if 
r == -1 */

{
ERR_print_errors(bio_err);
goto end;
}

A more correct version would be to change || in the if test by , 
and thus there will be no misleading error.

I hope this clarifies things.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 8/20/2010 4:25 PM, Ingo Naumann wrote:

Vladimir,

To me, your key looks like a standard 1024 RSA private key, in PKCS#1
format (see below). And, I'm getting the same error when I type

openssl rsa -checkkey

with OpenSSL 1.0.0a, also with other, similar keys.

Ingo

---

RFC 3447 (PKCS#1), A.1.2

http://www.rsa.com/rsalabs/node.asp?id=2125

   RSAPrivateKey ::= SEQUENCE {
   version   Version,
   modulus   INTEGER,  -- n
   publicExponentINTEGER,  -- e
   privateExponent   INTEGER,  -- d
   prime1INTEGER,  -- p
   prime2INTEGER,  -- q
   exponent1 INTEGER,  -- d mod (p-1)
   exponent2 INTEGER,  -- d mod (q-1)
   coefficient   INTEGER,  -- (inverse of q) mod p
   otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Your key:

30 : SEQUENCE (Length: 0x277)
  02 : Integer (Length: 0x01)
   00
  30 : SEQUENCE (Length: 0x0D)
   06 : Object Identifier (OID): 1.2.840.113549.1.1.1 rsaEncryption
   05 : NULL
  04 : Octet String (Length: 0x261)
  30 : SEQUENCE (Length: 0x25D)
   02 : Integer (Length: 0x01)
00
   02 : Integer (Length: 0x81)
00
C5 F1 4E FF 1C 97 02 A2 02 A1 C7 A0 8D E6 9F 9D EF D5 56 87
D7 B2 BF A3 7B 68 73 4E 34 A4 5E FE 41 86 3E 3E 7D 55 6F 9D
F1 42 D6 FB CC 27 BB 0C D3 C6 C8 0E 40 CA 53 F8 5A 81 E2 90
18 A8 94 C0 12 72 15 98 0F 1C A2 8F 75 A9 26 E6 A0 8A 7B AB
[0x0030 bytes skipped.]
   02 : Integer (Length: 0x03)
01 00 01
   02 : Integer (Length: 0x81)
00
90 06 E3 5A 11 2D 78 06 F6 2F 4D 17 EF E8 6D 1F F8 50 9C E3
BE F9 1B 24 13 39 8F 1C CA 85 07 71 AD AF C6 3E A5 E7 B2 8D
93 EC F4 8C C6 A1 EA 22 8D 3D C8 77 46 81 71 D3 F5 D7 28 49
7D 07 BD 23 33 AD 3D A7 76 33 6C 47 D7 A2 5B 62 58 A7 06 5B
[0x0030 bytes skipped.]
   02 : Integer (Length: 0x41)
00
F7 D7 7F 0E C3 04 7D B3 69 AE 54 4F 70 A5 47 E3 D5 1F DC DE
40 AB 99 6D 93 BD 96 4F 31 92 11 F8 43 54 D5 9C EC 3D DF B6
AA 9B AA 3D 60 14 A5 A3 C7 78 DD DE E5 A1 7C C4 5C DF 5F 56
2F EC 41 DB
   02 : Integer (Length: 0x41)
00
CC 75 52 E6 9A 0A 1B B7 35 7C D1 D0 51 65 D8 B0 35 BE EA AE
D3 88 53 7C AF A5 36 C5 41 09 95 CF 66 73 8F 3D 57 87 FB A0
77 7E B1 D2 95 9D 83 5E 92 5B 95 AB 2A CF 9F FA F7 01 2B 69
4D C7 52 C3
   02 : Integer (Length: 0x40)
17 3B 24 D6 BE 62 EA 61 69 D3 84 65 99 DA 74 3D 9F D9 87 BB
71 76 64 40 48 2B EA 2D EC 28 93 F4 A0 63 10 4E D0 3A 10 81
2F C6 BD 93 59 31 36 41 7E CE 0E 85 F9 22 44 EE A7 01 ED 0E
C8 19 2E 27
   02 : Integer (Length: 0x41)
00
BC 97 5F DF 8B A8 D5 45 DA 15 87 67 33 1D D1 91 40 12 19 61
27 87 71 12 EA E5 67 2E ED BD CC AC E1 20 A8 B8 79 5B DA 33
7A E5 A7 5A CA 5C DF 47 45 93 2A EC 16 F2 2A EC 10 18 C9 15
3A 04 28 87
   02 : Integer (Length: 0x40)
20 4C 8C 60 52 94 CA 42 30 DC 1B EF 3D 1E 5F 84 82 40 D1 25
84 BE 1E 18 35 0F F9 4A 5A 40 16 B0 E2 8F 5B 9B C3 FC C5 E7
08 0A BC F0 D1 BA 01 4B 47 08 08 60 15 48 80 A2 C1 98 03 56
FC A4 D9 DC
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL assistance

2010-08-11 Thread Mounir IDRASSI

 Hi,

This kind of error (MAC verification failure) usually indicates that the 
given password is incorrect.
Check your password in the code, maybe there is some encoding problems 
(ASCII vs UTF8).
You can also try to open your pkcs#12 file using another application, 
like Firefox, to see if it's able to open it using this password.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 8/11/2010 5:14 PM, Sashi Dutt wrote:

Hello,

I was wondering if any of you guys ran into the below error and provide some
guidance/assistance?

8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify
failure:p12_kiss.c:121:

code

p12 = d2i_PKCS12_fp(fp, NULL);
   if (!PKCS12_parse(p12, password,pkey,x509,ca))

/code

Basically, I am trying to read in a string, sign it and return its signature
value.

Thanks,

Sashi



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_generate_key

2010-08-03 Thread Mounir IDRASSI
Hi,

I think you are confusing RSA with some sort of symmetric algorithm. RSA
is a public key algorithm that involves two parts : a public part
represented by the modulus and the public exponents, and the private part
which has two possible representations (one is modulus+private exponent
and the other is called CRT). The RSA size is actually the size of the
modulus.

I encourage you to read more about RSA before trying to use OpenSSL
resources for this.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 yes ..i am not able to find the 128 byte RSA key.. how should get
 those information?

 kris

 On Tue, Aug 3, 2010 at 1:15 AM, Michael S. Zick
 open...@morethan.orgwrote:

  On Mon August 2 2010, krishnamurthy santhanam wrote:
  Hi,
 
  i am new to OpenSSL..i have to use RSA_generate key function to
 generate
  key..below is the program and outcome..is this the way to generate
 key?
 
  #includestdio.h
  #includeopenssl/rsa.h
  #includestring.h
  int main()
  {
  char *plain=Sample text; //Sample text (plain text) to
 Encrypt/Decrypt
  char *ciphertext;
  printf(%s\n,plain);
  // Generate RSA key
  RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL);
  // RSA_size() will determine how much memory must be allocated for an
  if(rsa1==NULL) {
  printf(NO RSA!\n\n);
  ERR_load_crypto_strings();
  ERR_print_errors_fp(stdout);
}
else
  {
  printf(RSA OK!\n);
  }
  ciphertext = (char *)malloc(RSA_size(rsa1));
  printf(rsa key = %d\n,rsa1);
  printf(RSA size = %d\n,RSA_size(rsa1));
  RSA_free(rsa1);
  }
 
  $ gcc -o rsa1 rsa1.c -lcrypto
 
  Output
  -
  $ ./rsa1
  Sample text
  RSA OK!
  rsa key = 473608208

  RSA size = 128
 

 Times 8 bits per octet == 1024 bits as requested.

 
  Please correct me if i am missing anything ..
 

 Does your %d recognize a number that is 128 bytes long?

 Mike
 
  kris
  


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Wildcard certs?

2010-07-24 Thread Mounir IDRASSI
Well, your question was who i must do request for... that's why we gave
you links for outside CAs.
If you are dealing with your own CA, then using a wildcard character in
the DN will do the job.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Le vendredi 23 juillet 2010 22:06:44, Kyle Hamilton a écrit :
  There's a company called StartCom (http://www.startssl.com/) who will
 do 2-year validity wildcard certs, upon verification of your identity
 and verification that you have control of the domain for which you are
 requesting certificates.

 Oh, and they're included in the latest Microsoft Root Certificate Update
 for Windows XP, and all later versions; Firefox recognizes them, they're
 part of Apple's certificate store, and it's pretty much only Opera who
 doesn't recognize them for whatever reason.

 -Kyle H

 On 7/23/10 6:24 PM, Mounir IDRASSI wrote:
   Hi,
 
  All major commercial CAs do provide wildcard SSL certificates and the
  price is usually high.
 
  Googling gives the following links for Comodo, Thawte and Verisign :
 -
 http://www.comodo.com/e-commerce/ssl-certificates/wildcard-ssl.php
 - http://www.thawte.com/ssl/wildcard-ssl-certificates/
 -
 http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/
 
  Cheers,
 
  On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote:
  Just wondering
 
  who i must do request for a wildcard cert, for example to accept all
 the
  *.mydomain.com
 
  Regards,
 
  LD
  __
  OpenSSL Project
 http://www.openssl.org
  User Support Mailing List
 openssl-users@openssl.org
  Automated List Manager
 majord...@openssl.org
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org

 I was meaning, for my openssl local installation
 how i may do the request?

 shall i put *.mydomain.com in dn?  or what
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Wildcard certs?

2010-07-23 Thread Mounir IDRASSI

 Hi,

All major commercial CAs do provide wildcard SSL certificates and the 
price is usually high.

Googling gives the following links for Comodo, Thawte and Verisign :
   - http://www.comodo.com/e-commerce/ssl-certificates/wildcard-ssl.php
   - http://www.thawte.com/ssl/wildcard-ssl-certificates/
   - http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote:

Just wondering

who i must do request for a wildcard cert, for example to accept all the
*.mydomain.com

Regards,

LD
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: RSA_private_encrypt does not work with RSA_NO_PADDING option

2010-07-19 Thread Mounir IDRASSI

 Hi,

When calling  RSA_private_encrypt with RSA_NO_PADDING, the input must 
have the same size as the RSA key modulus.
In your case, you are supplying 20 bytes whereas it certainly needs more 
(for example, for a 1024 bit key, input must be 128 bytes long). So, you 
have to add some sort of padding to your data before feeding it to 
RSA_private_encrypt.
The other option is to use a standard padding by calling 
RSA_private_encrypt with RSA_PKCS1_PADDING.


I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 7/19/2010 2:51 PM, anhpham wrote:

Hi all :x
I encountered an error when using function RSA_private_encrypt with
RSA_NO_PADDING option.
I had an unsigned char array a with length = 20, RSA* r,
unsigned char* sig = (unsigned char*) malloc(RSA_size(r)) and then I invoked
function int i = RSA_private_encrypt(20,a ,sign,r,RSA_NO_PADDING ); The
returned value  i = -1 means that this function failed. However, when I
invoked int i = RSA_private_encrypt(20,a,sig,r,RSA_PKCS1_PADDING ), it did
run smoothly. I'm confused whether it is an error of the library or not but
I don't know how to solve this problem.
Please help me :-


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Issue with clients Operating System on certs

2010-07-16 Thread Mounir IDRASSI

 Hi,

You Apache configuration uses SNI (Server Name Indication) which is not 
supported on Windows XP using IE, Safari and Chrome. The client must be 
running under Windows Vista and higher in order for SNI to work.


That being said, you are saying in your message that Firefox fails to 
support SNI under XP and that surprises me because it's supposed to work 
starting from 2.0 and up, independently from the OS. What version of 
Firefox are using under XP?


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 7/16/2010 3:31 PM, Richard Buskirk wrote:


I sent this situation off to the help team but maybe it is either that 
stupid or that hard.


I have installed 2 SSL Certs on my server.

I am using a naming convention for apache configuration for each cert.

*Server:* Windows server 2008, Apache/2.2.14 (Win32) mod_ssl/2.2.14 
OpenSSL/0.9.8k PHP/5.2.11


*httpd-vhost.conf*

___

NameVirtualHost *:443

VirtualHost *:443

SSLEngine on

SSLCertificateFile C:\\certs\\ServerA.crt

SSLCertificateKeyFile C:\\certs\\ ServerA.key

ServerName www. ServerA.com

SSLOptions StrictRequire

SSLProtocol all -SSLv2

ServerAdmin notice@ ServerA.com

DocumentRoot C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\www\\html\\ ServerA 


ErrorLog C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\logs\\ssl-access- ServerA.log


CustomLog logs/access-ssl-www. ServerA.com common

/VirtualHost

VirtualHost *:443

SSLEngine on

SSLCertificateFile C:\\certs\\ ServerB.crt

SSLCertificateKeyFile C:\\certs\\ ServerB.key

ServerName www. ServerB.com

SSLOptions StrictRequire

SSLProtocol all -SSLv2

ServerAdmin notice@ ServerB.com

DocumentRoot C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\www\\html\\ ServerB 


ErrorLog C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\logs\\ssl-access- ServerB.log


CustomLog logs/access-ssl-www. ServerB.com common

/VirtualHost

Here is where my senerio goes very weird. A computer with windows 7 
browses to both location and everything is perfect.


A computer with windows XP browses to the siteA no issue. But if they 
go to siteB, the cert for Site A is used on SiteB’s load every time no 
matter what computer they are on.


The siteB does show the proper site but the cert is the wrong cert. 
This fails in Firefox, IE, Safari, Google Chrome on windows XP.


Any suggestions ?

Does this make sense what I am saying?

Richard L. Buskirk
Senior Software Developer




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: encrypting long strings

2010-07-09 Thread Mounir IDRASSI
Hi,

Of course the randomly-generated symmetric key is not public! Otherwise,
everyone can decrypt your data.
The only thing that is public is the RSA public key.
For decryption, you only need the RSA private key. It will be used to
decrypt the symmetric key and then with the later you will decrypt your
string.

I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi,
 Thanks for the reply Phillip. One quick question. Is the
 randomly-generated
 key PUBLIC? I know the public RSA key to encrypt the key is public, but is
 the randomly-generated key PUBLIC?
 Thanks.

 On Thu, Jul 8, 2010 at 8:43 PM, Phillip Hellewell ssh...@gmail.com
 wrote:

 The general approach is to encrypt data using a symmetric cipher (e.g.,
 AES-256) with a randomly-generated key, and then encrypt that symmetric
 key
 with the RSA (public) key.

 And for the symmetric encryption you'll also have to make a decision
 about
 what mode to use (ECB, CBC, CTR, etc).  Whatever you do, don't use ECB
 :)

 Phillip


 On Thu, Jul 8, 2010 at 7:40 PM, Chuck Pareto chuckda...@gmail.com
 wrote:

 Is there an algorithm that I can use, similar to RSA with
 public/private
 key, that will allow me to encrypt really long strings (like an
 email/text
 file)? Actually no limit on the size would be ideal.






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Compiling a native code using DES

2010-07-03 Thread Mounir IDRASSI
Hi,

libcrypto is enough for basic cryptographic operations like
encryption/decryption with DES, AES, ...etc

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hello all,

 I have a C Code which is making use of DES.h in a JNI Environment.
 I wanted to know if compiling this code with libcrypto will be enough or
 it
 will need libssl as well?



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: verify certificate in c

2010-07-03 Thread Mounir IDRASSI
Hi,

Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your
main and the certificate verification will be OK.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


 Hi, I'm a newbie user of OpenSSL.
 I want to create a simple C program that verify a certificate chain like
 this:
 rootCA-CA-A-client

 i found this example on the internet that should work for two consecutive
 certificate (but it doesn't work for me); i don't known how to create the
 chain...

 [code]
 #include openssl/pem.h
 #include openssl/x509_vfy.h
 #include openssl/x509.h
 #include openssl/ssl.h
 #include openssl/x509v3.h

 int main(int argc,char **argv)
 {

 int i;
 FILE *fp;
 X509 * cert;
 X509_STORE_CTX csc;
 char *strerr;

 fp = fopen (ca-a-cert.pem, r);
 cert = PEM_read_X509 (fp, NULL, NULL, NULL);

 X509_STORE *ctx=NULL;
 ctx=X509_STORE_new();
 X509_STORE_load_locations(ctx, cacert.pem, ./);

 X509_STORE_set_default_paths(ctx);

 X509_STORE_CTX_init(csc,ctx,cert,NULL);

 if (X509_verify_cert(csc) != 1) {
   strerr = (char *) X509_verify_cert_error_string(csc.error);
   printf(Verification error: %s\n, strerr);
   return 1;
   }
 X509_STORE_CTX_cleanup(csc);

 }
 [/code]

 the output is: Verification error: certificate signature failure

 cacert.pem is the certificate of the rootCA, whereas ca-a-cert.pem is
 the CA-A cert.

 the certificate are good because i verify it by the bash command: openssl
 verify -CAfile cacert.pem ca-a-cert.pem

 with output:
 ca-a-cert.pem: OK

 any suggestion?

 p.s. sorry for my bad English :)
 --
 View this message in context:
 http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html
 Sent from the OpenSSL - User mailing list archive at Nabble.com.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: build an application with the openssl source code (not the shared libraries)

2010-06-24 Thread Mounir IDRASSI

Hi Andrei,

What about building the modified OpenSSL as static libraries and then 
link your apps with libcrypto.a and libssl.a?

This way you will have no external dependency.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote:

Hello,

I have somewhat experience with OpenSSL, and I've setup a client and a
server which use SSL connection objects to communicate, but what I want is
to compile my applications with the openssl source code (for example in ssl)
because I've added an extension to the code to allow me to send supplemental
data during the handshake (via a tool named DAA toolkit) and I do not want
to use the shared libraries.
Basically, I'm adding new things to the OpenSSL source, and to run them I
have to first build the shared libraries and then compile my programs
(client/server) with -lssl, -lcrypto and so. I just want to compile my apps
inside to openssl source, without any shared libraries, because otherwise I
always have to replace the original libraries on other systems with the
modified ones I have, in order to compile.

Does anyone know how to do this? Right now, I'm looking into the config
script, makefile... to see what should be changed. Do you know a faster
solution?

Thank you,

   Andrei D.

   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Integrating OpenSSL as a DLL in Windows

2010-06-23 Thread Mounir IDRASSI

Hi Robert,

Take a look at the OpenSSL.NET project on SourceForge : 
http://openssl-net.sourceforge.net/
They have implemented a managed wrapper around libeay32.dll and 
ssleay32.dll.

I think this is what you are looking for.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 6/23/2010 8:23 AM, Strauch, Robert wrote:

Hello,

I've been using OpenSSL for quite a time but now it's time for me to integrate 
some functionality into my own application (C#). That is: decrypting with a 
private key and building hashsums. As far as I understood I need the 
libeay32.dll to achieve this. However I cannot find something like an API 
documentiation which describes how to call OpenSSL functions from this DLL.

Could someone assist me in this?

Sincerely,
Robert
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: questions about RSASSA-PSS

2010-06-21 Thread Mounir IDRASSI
Hi,

The low-level functions RSA_padding_add_PKCS1_PSS and
RSA_verify_PKCS1_PSS will get the job done.
I have wrote last year a sample showing how they work. You can get it
here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c .

For high-level function (maybe EVP interface), I will let other give
their hints.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 6/22/2010 3:26 AM, 芦翔 wrote:
 Hi all,
 Could anybody please tell me the support status of RSASSA-PSS in openssl with 
 the version after 0.9.8l. If there is the implementation, could you please 
 tell me which functions I can call directly for my project purpose. Thank you 
 so much.
 Regards,Xiang   
 _
 MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取!
 http://kaba.msn.com.cn/?k=1
   

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL with OpenPGP

2010-06-06 Thread Mounir IDRASSI
Hi,

I have written a small program that demonstrates how an RSA public key can
be extracted from an OpenPGP public key file and used in OpenSSL.
You can get the source from the following link :
http://www.idrix.fr/Root/Samples/pgp_pubkey.c

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


 is there any way to use an OpenPGP public key with OpenSSL encryption ?
 --
 View this message in context:
 http://old.nabble.com/OpenSSL-with-OpenPGP-tp28707336p28707336.html
 Sent from the OpenSSL - User mailing list archive at Nabble.com.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Detect CRL format

2010-06-03 Thread Mounir IDRASSI

Hi,

One simple and efficient method to distinguish between PEM and DER 
encoding for a CRL or a certificate is to read the first byte : if it's 
equal to 0x30 then this DER (this is the start of an ASN.1 Sequence) , 
otherwise it is PEM encoded.
This works ONLY if you are sure that the given file is either PEM or DER 
encoded and that the encoded object is an ASN.1 Sequence.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 6/3/2010 10:48 AM, Arunkumar Manickam wrote:

Hi,

Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.

Thanks,
Arun

   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Crash bug in 0.9.8n

2010-04-26 Thread Mounir IDRASSI
Hi,

The crash occurs with 0.9.8 because it wrongly calls the function close
instead of closesocket in order to release the client socket. In the
1.0.0 source, this has been corrected but the modification has not been
back-ported to the 0.9.8 source tree.

Also, the crash occurs only if you compile with a recent VC++ runtime
(like VC2008 and VC2005). With VC6 no crash happens. This is because
recent VC++ runtimes call a default handler when a CRT function receives
an invalid parameter and this handler simply aborts the program execution.
This behavior can be changed by setting a custom handler using the
function _set_invalid_parameter_handler.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Thomas J. Hruska schrieb:
 Running 'openssl s_client' on 0.9.8n without any additional arguments
 crashes openssl.exe.

 There is very different behavior between 0.0.8 and 1.0.0 on WinXP Pro SP3:

 openssl version
 OpenSSL 0.9.8j 07 Jan 2009
 openssl s_client
 Loading 'screen' into random state - done
 connect: Bad file descriptor
 connect:errno=10061

 openssl version
 OpenSSL 1.0.0 29 Mar 2010
 openssl s_client
 Loading 'screen' into random state - done
 connect: No error
 connect:errno=0

 its no problem for me. Just for information completion.

 regards,
 Modem Man
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)

2010-04-25 Thread Mounir IDRASSI

Hi,

Try adding the switch /Zi to the CFLAG in the makefile and rebuild the 
dlls. This is mandatory to create a full program database.
I come across the same problem and I solved it with this. The perl 
scripts should be updated to include this flag for the debug build.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 4/25/2010 1:47 PM, Modem Man wrote:

Dear readers,

I know, it's great, sunny whether today, but may be someone would kindly
help, anyway ;-)

*Background:*
I'm just debugging some problem around SSL_CTX_load_verify_locations()
call in my particular environment. Since I'm not able to find the reason
for:
openssl.exe s_client -debug -state  -connect 192.168.0.192:21
is always reporting:
no peer certificate available,
so I think it's best to step into SSL_CTX_load_verify_locations() and to
see, what files and directories are _really_ tried to load and so on.

*Problem:*
But I can't step into _any_ BIO_xxx or SSL_xxx functions.
VS2005 reports, it has the symbols:

 
 \Training\ssl1\debug\libeay32.dll', Symbols loaded.
 blahblah..\msvcr80d.dll', Symbols loaded.
 \Training\ssl1\debug\ssleay32.dll', Symbols loaded.
 

*but on pressing F11 (step into), nothing happens!*

Already copied all *.pdb to the same directory as my local copies of
DLLs are located,
also added \openss1_1.0.0.\out32dll to pdb search path.

I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the
'no-asm' and 'debug' options.
This created in ./out32dll aside others this:

 08.04.2010  19:34 1.363.968 libeay32.dll
 08.04.2010  19:34   315.392 ssleay32.dll
 08.04.2010  19:34   771.324 libeay32.lib
 08.04.2010  19:3456.834 ssleay32.lib
 08.04.2010  19:34 1.944.576 libeay32.pdb
 08.04.2010  19:34   420.864 ssleay32.pdb
 08.04.2010  19:34   385 ssleay32.dll.manifest
 08.04.2010  19:34   385 libeay32.dll.manifest
 08.04.2010  19:34   466.605 libeay32.exp
 08.04.2010  19:3434.068 ssleay32.exp

One question: Is the file size okay for really being DEBUG versions?

Any hint or help is highly appreciated
by Modem Man


   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible user error / memory leak using RSA_new() and RSA_free();

2010-04-19 Thread Mounir IDRASSI

Hi,

Remove the unecessary call to RSA_new and the memory leak will 
disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY)


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/19/2010 11:07 PM, Stuart Weatherby wrote:

Hi List,

I am trying to figure out why there is a memory leak using RSA_new  RSA_free:
Below is a code sample (which will produce a memory leak) and the relevent 
valgrind output. I have checked the documentation but I still fail to see my 
error.

As I understand the docuumentation, RSA_free() is the only required call to 
free memory allocated using the RSA_new() function.

Thanks,

Stuart


int main (void)
{
FILE *fp;
RSA  *p = NULL;
char *pt = hi\0;
char pt_0 = *pt;
int pt_len = strlen(pt);
unsigned char *ct;
int ct_len = 0;

if ((p = RSA_new()) == NULL)
   return 1;
if ((fp = fopen (pub.key, rb)) == NULL)
   return 2;
if ((p = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL)) == NULL)
{
   fclose(fp);
   return 3;
}
fclose(fp);
ct = malloc(RSA_size(p));
if(RSA_public_encrypt(pt_len,(unsigned char *) pt,ct, p, 
RSA_PKCS1_OAEP_PADDING) == -1)
  return 4;
free(ct);
RSA_free(p);
return 0;
}


Here is the valgrind output:

==2330== 528 bytes in 10 blocks are still reachable in loss record 2 of 2
==2330==at 0x4A05809: malloc (vg_replace_malloc.c:149)
==2330==by 0x35156DAD51: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e)
==2330==by 0x351567EAC8: lh_new (in /lib64/libcrypto.so.0.9.8e)
==2330==by 0x351565B4C4: (within /lib64/libcrypto.so.0.9.8e)
==2330==by 0x351565B5E5: (within /lib64/libcrypto.so.0.9.8e)
==2330==by 0x351565B98A: (within /lib64/libcrypto.so.0.9.8e)
==2330==by 0x351566F9B3: RSA_new_method (in /lib64/libcrypto.so.0.9.8e)
==2330==by 0x40083D: main (rsatest.c:24)
==2330==
==2330== LEAK SUMMARY:
==2330==definitely lost: 168 bytes in 1 blocks.
==2330==  possibly lost: 0 bytes in 0 blocks.
==2330==still reachable: 528 bytes in 10 blocks.
==2330== suppressed: 0 bytes in 0 blocks.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: openSSL and PKCS #12 certificates

2010-04-14 Thread Mounir IDRASSI

Bon courage pour la suite!

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote:

Merci beaucoup, Mounir,
but I got the same error.

Given the time constraints I have, I think my path moving forward is to try
another library or two to see if I can find one that uses openSSL properly.

Au plaisir,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 9:09 PM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi Remi,

I don't know what the inputs of your python module are, but from the
error message I guess that it's expecting the PEM file to contain also
the certificate of the private key and the associated CA chain. For
that, I advice you to replace the option -nocerts in your command line
with -nodes. Thus:
- The output PEM file will contain the private key AND its certificate
along with any associated CAs
- You will not be asked for a password a second time because the private
key in the output PEM file will be unencrypted.

After that, you will have to open the output PEM file in a text editor
in order to ensure that the certificate that comes just after the
private key block is the one associated with the key and not a CA
certificate ( a cut and past is almost necessary to put everything in
the right order).

I hope that with all this steps, you will finally be able to perform
your client authentication.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:
   

Mounir,
Thank you so much for your answer.

I did extract the key into a pem file (using command:
 

c:\openssl\bin\openssl
   

pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect
 

using
   

the key file as output.  It got further along in the process - I was
prompted to enter my PEM pass phrase - but a different error came up:

File C:\python26\lib\ssl.py, line 113, in __init__
  cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib

Would you have any insight in regards to the problem here?


I should also note that while I was creating the key file, I noticed that
 

I
   

was prompted to Enter Import Password, but also to Enter PEM pass
phrase.  Does this mean the private key found in the pfx file is actually
in PEM format to begin with?  Does this change your advice at all?

Regards,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 11:29 AM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi,

OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that
contains functions for parsing and exporting private keys and
certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse).

Concerning the error you are getting, it appears that the phython module
you are using is calling SSL_CTX_use_PrivateKey_file by giving it the
PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file
only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
In order to correct this, you have two solutions :
- Either feed the python module with the private key in a PEM file.
- Or modify the source code of this python module in order to use the
PKCS#12 functions I mentioned above to extract the private key as an
EVP_PKEY and then call SSL_use_PrivateKey instead of
SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting
the associated certificate.

The first solution is the easiest because you can simply use the OPENSSL
command line utility in order to extract the private key and its
certificate from the PKCS#12 file as PEM files and then give them as
input to your python module.

I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote:

 

Hello.

I’ve been trying to setup client authentication using a PKCS #12
certificate, and I’ve been having some trouble.  I’m trying to determine
whether its because its something unsupported in openSSL, or if it’s a
problem with the wrapper library I’m using (Python’s httplib).  I’d
appreciate it if anyone might be able to provide some insight.



I’m getting an error raised by the openSSL library when the wrapper class

   

is

 

trying to instantiate and wrap a socket, and from what I’ve been able to
gather to-date, the error appears to be coming from openSSL:



Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib



Is PKCS #12 supposed to be supported by openSSL?  I would guess yes; I
   

dug
   

around in the source and found that “PEM lib” is the error text for
ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB

Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI

Hi,

OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that 
contains functions for parsing and exporting private keys and 
certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse).


Concerning the error you are getting, it appears that the phython module 
you are using is calling SSL_CTX_use_PrivateKey_file by giving it the 
PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file 
only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.

In order to correct this, you have two solutions :
- Either feed the python module with the private key in a PEM file.
- Or modify the source code of this python module in order to use the 
PKCS#12 functions I mentioned above to extract the private key as an 
EVP_PKEY and then call SSL_use_PrivateKey instead of 
SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting 
the associated certificate.


The first solution is the easiest because you can simply use the OPENSSL 
command line utility in order to extract the private key and its 
certificate from the PKCS#12 file as PEM files and then give them as 
input to your python module.


I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote:

Hello.

I’ve been trying to setup client authentication using a PKCS #12
certificate, and I’ve been having some trouble.  I’m trying to determine
whether its because its something unsupported in openSSL, or if it’s a
problem with the wrapper library I’m using (Python’s httplib).  I’d
appreciate it if anyone might be able to provide some insight.



I’m getting an error raised by the openSSL library when the wrapper class is
trying to instantiate and wrap a socket, and from what I’ve been able to
gather to-date, the error appears to be coming from openSSL:



Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib



Is PKCS #12 supposed to be supported by openSSL?  I would guess yes; I dug
around in the source and found that “PEM lib” is the error text for
ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB in
there.  This gives me the impression that openSSL is incorrectly trying to
load the PKCS #12 cert as a PEM cert, and thus the error – which leads me to
believe that the wrapper library may not be calling openSSL properly, if
PKCS #12 certificates should be supported.  (Otherwise, why would openSSL be
returning an error related to PEM certs and not PKCS #12 certs?)



Can anyone tell me whether or not openSSL should be able to work with
PKCS#12 certs?  Any advice anyone might have is welcome. (Sorry if this is
vague; this is the first time I dig into the openSSL project.)



The certificate appears correct, as I’ve tested it by adding it to MSIE and
Firefox and I’m able to connect to the server.



Regards,

Remi.




   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI

Hi Remi,

I don't know what the inputs of your python module are, but from the 
error message I guess that it's expecting the PEM file to contain also 
the certificate of the private key and the associated CA chain. For 
that, I advice you to replace the option -nocerts in your command line 
with -nodes. Thus:
- The output PEM file will contain the private key AND its certificate 
along with any associated CAs
- You will not be asked for a password a second time because the private 
key in the output PEM file will be unencrypted.


After that, you will have to open the output PEM file in a text editor 
in order to ensure that the certificate that comes just after the 
private key block is the one associated with the key and not a CA 
certificate ( a cut and past is almost necessary to put everything in 
the right order).


I hope that with all this steps, you will finally be able to perform 
your client authentication.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:

Mounir,
Thank you so much for your answer.

I did extract the key into a pem file (using command: c:\openssl\bin\openssl
pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect using
the key file as output.  It got further along in the process - I was
prompted to enter my PEM pass phrase - but a different error came up:

   File C:\python26\lib\ssl.py, line 113, in __init__
 cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib

Would you have any insight in regards to the problem here?


I should also note that while I was creating the key file, I noticed that I
was prompted to Enter Import Password, but also to Enter PEM pass
phrase.  Does this mean the private key found in the pfx file is actually
in PEM format to begin with?  Does this change your advice at all?

Regards,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 11:29 AM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi,

OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that
contains functions for parsing and exporting private keys and
certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse).

Concerning the error you are getting, it appears that the phython module
you are using is calling SSL_CTX_use_PrivateKey_file by giving it the
PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file
only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
In order to correct this, you have two solutions :
- Either feed the python module with the private key in a PEM file.
- Or modify the source code of this python module in order to use the
PKCS#12 functions I mentioned above to extract the private key as an
EVP_PKEY and then call SSL_use_PrivateKey instead of
SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting
the associated certificate.

The first solution is the easiest because you can simply use the OPENSSL
command line utility in order to extract the private key and its
certificate from the PKCS#12 file as PEM files and then give them as
input to your python module.

I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote:
   

Hello.

I’ve been trying to setup client authentication using a PKCS #12
certificate, and I’ve been having some trouble.  I’m trying to determine
whether its because its something unsupported in openSSL, or if it’s a
problem with the wrapper library I’m using (Python’s httplib).  I’d
appreciate it if anyone might be able to provide some insight.



I’m getting an error raised by the openSSL library when the wrapper class
 

is
   

trying to instantiate and wrap a socket, and from what I’ve been able to
gather to-date, the error appears to be coming from openSSL:



Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib



Is PKCS #12 supposed to be supported by openSSL?  I would guess yes; I dug
around in the source and found that “PEM lib” is the error text for
ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB
 

in
   

there.  This gives me the impression that openSSL is incorrectly trying to
load the PKCS #12 cert as a PEM cert, and thus the error – which leads me
 

to
   

believe that the wrapper library may not be calling openSSL properly, if
PKCS #12 certificates should be supported.  (Otherwise, why would openSSL
 

be
   

returning an error related to PEM certs and not PKCS #12 certs?)



Can anyone tell me whether or not openSSL should be able to work with
PKCS#12 certs?  Any advice anyone might have is welcome. (Sorry if this is
vague; this is the first time I dig into the openSSL project.)



The certificate appears

Re: Decrypting with key and initialization vector don't decrypt the first 8 bytes?

2010-04-04 Thread Mounir IDRASSI
Hi,

When you encrypted data with a password using openssl command line, the
first 16 bytes of the output are actually a header of the form
'Salted__' where the last 8 bytes represent the salt used to
derive the key and the IV.
So, from here you have to choices :
  - decrypt the encrypted file using the same password. In this case,
openssl will use the header to compute the key and the IV and then
decrypt the remaining data.
  - discard the first 16 bytes of the encrypted file and then give openssl
the value of the key and the IV in order to decrypt the remaining data.

As a rule, if you encrypt using a password, you should decrypt using a
password and if you encrypt using a specific key and IV, then you should
decrypt using the same key and IV: You can't mix the two approaches
without extra processing.

I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hello everybody and thank you all for reading.

 I'm doing some experiments with blowfish and triple DES ciphers.
 I'm encrypting some text files; using a password to generate the key
 and the IV; while using the -p option to let openssl show me the
 salt, the key and the IV onscreen.

 As far as I've understood I could decrypt the output encrypted file
 just supplying the key and the IV.
 And actually if I do that, that is ALMOST what I get. But, the first
 eight characters of the source file didn't get decrypted, or at least
 they doesn't apparently get decoded correctly: I got a bunch of
 unreadable binary bytes instead.

 Here's what I did:
 $ openssl enc -bf -in source.txt -out encrypted -p

 enter bf-cbc encryption password:
 Verifying - enter bf-cbc encryption password:
 salt=FF01D744C268C056
 key=22153E114FB3C2873BAE05873AFBD19C
 iv =F68A9A229A516752

 Then if I try to decode the encrypted file with:

 openssl enc -d -bf -in encrypted -K 22153E114FB3C2873BAE05873AFBD19C
 -iv F68A9A229A516752

 Then the output *of the first eight bytes* isn't even ASCII so I can't
 paste it here! The rest of the file is perfectly decrypted though. I
 tried with files of various length and they are all decrypted
 perfectly but the first chars.

 I tried with versions 0.9.8g (19 Oct 2007) and 0.9.8k (25 Mar 2009)
 with the same results. Using des3 in place of bf doesn't change that
 behaviour too.

 Please kindly help me to understand what I'm missing. Thank you SO much!
 --
 Alfredo Belmonti
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: pkcs7 cert loading, why this code doesn't work?

2010-04-03 Thread Mounir IDRASSI

Hi,

There are two bugs in your code: First, you only need calls to BIO_read 
not BIO_write, and in order to avoid the crash you have to pass a 
pointer equal to inbuf instead of inbuf directly because d2i_PKCS7 
increment the pointer internally.

So, a more correct version of the code will be :

BIO *bio, *b64;
char inbuf[4096];
int inlen = strlen(a);
char* ptr = inbuf[0];
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bio=BIO_new_mem_buf(a, -1);
bio = BIO_push(b64, bio);

inlen=BIO_read(bio, inbuf, 4096);

p7 = d2i_PKCS7(NULL, ptr, inlen);

I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/3/2010 3:06 AM, sean wang wrote:


  Hello,

I have a pkcs7 encoded cert which i want to load. the following code block 
works fine: ( I am doing a base64 decoding first, will explain the reason in 
the second half):

  BIO *bio, *b64;
  PKCS7 * p7;
  b64 = BIO_new(BIO_f_base64());
  BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);

  bio=BIO_new_mem_buf(a, -1);

  bio_out= BIO_new_fp(stderr, BIO_NOCLOSE);
  bio = BIO_push(b64, bio);

  p7 = d2i_PKCS7_bio(bio, NULL);

However, for some interface reasons, I need to pass pass in a base64 decoded 
blob to a legacy function,  so i tried the following code:

BIO *bio, *b64, *bio_out;
char inbuf[4096];
int inlen = strlen(a);
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bio=BIO_new_mem_buf(a, -1);
bio_out= BIO_new_fp(stderr, BIO_NOCLOSE);
bio = BIO_push(b64, bio);

while((inlen=BIO_read(bio, inbuf, 4096))0)
BIO_write(bio_out, inbuf, inlen);

p7 = d2i_PKCS7(NULL,inbuf, inlen);

now this code fails with a segment fault.

So my question is, if i really need to get the based64 decoded blob of a pkcs 7 
cert, what is the right way?
(because the first code worked, I assume the base64 decoding worked fine, but I 
can't pull the data out of 'bio' variable, appears there the data is still 
base64 encoded. how can i get the correct decoded blob?)

test cert I used:

  char cert[] = 
MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\
2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\
AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\
VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\
DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\
BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\
CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\
bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\
dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\
wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\
9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\
BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\
ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\
aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\
kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\
OUP4KRvWhjC/AKEAMQA=;




_
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-24 Thread Mounir IDRASSI

Hi John,

I have already answered your question twice on the list but it seems 
that you didn't receive them for an unknown reason.

Look at the link below of  OpenSSL list archive to reader what I wrote :

http://marc.info/?t=12690119749r=1w=2

Have a nice day,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 3/24/2010 3:14 PM, John Chen wrote:

Hi guys,



I am still searching for the answer of batch mode on openssl pkcs12 but no luck.

Is anyone can help me a work around way to avoid

Enter Export Password:

Verifying - Enter Export Password:



Above to prompts.



Thanks



John











From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of John Chen
Sent: Monday, March 22, 2010 10:01 AM
To: openssl-users@openssl.org
Subject: Need help on: openssl pkcs12 --- avoid or in batch mode



Hi Dr Stephen Henson,

I really could not solve this issue and need your help.

When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out 
new.p12 -export -name xx

It will prompt user for:



Enter Export Password:

Verifying - Enter Export Password:

Is anyway I can manipulate or default or void those two prompts since those 
prompts useless in here.

I checked pkcs12 command options seems there is no batch mode.

I also tried using wrapping script but no help either.

Thanks in advance.

John

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dr. Stephen Henson
Sent: Saturday, March 20, 2010 2:21 PM
To: openssl-users@openssl.org
Subject: Re: Apache client certificate authentication

On Sat, Mar 20, 2010, Graham Leggett wrote:

   

On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
 
   
 
   

Questions:
   
   

Is normal that firefox hangs when it doesn't have a valid certificate
   
   

to provide?
   
   

Openssl output looks OK?(or the error in the end is a exception?)
   
   
 
   

I am not 100% sure of the details, but I do recall a hang being a symptom
 
   

of using a client or a server that did not have the TLS renegotiation bug
 
   

fixed along with a server or client that did.
 
   
 

The only known case is an OpenSSL client without secure renegotiation support

(i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does

support renegotiation. If the server initiates renegotiation you don't get a

a hang.

Steve.

--

Dr Stephen N. Henson. OpenSSL project core developer.

Commercial tech support now available see: http://www.openssl.org

__

OpenSSL Project http://www.openssl.org

User Support Mailing Listopenssl-users@openssl.org

Automated List Manager   majord...@openssl.org


   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-22 Thread Mounir IDRASSI

Hi John,

I have already answered your question on the list two days ago. Here is what I 
wrote :

To avoid the password prompt, you can add the argument -password pass: to the 
command line. This will use an empty password for the PKCS12 file.
For a non empty value, for example 1234, use -password pass:1234 instead.

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 3/22/2010 3:00 PM, John Chen wrote:

Hi Dr Stephen Henson,

I really could not solve this issue and need your help.

When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem -out 
new.p12 -export -name xx
It will prompt user for:

Enter Export Password:
Verifying - Enter Export Password:

Is anyway I can manipulate or default or void those two prompts since those 
prompts useless in here.
I checked pkcs12 command options seems there is no batch mode.
I also tried using wrapping script but no help either.

Thanks in advance.

John

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dr. Stephen Henson
Sent: Saturday, March 20, 2010 2:21 PM
To: openssl-users@openssl.org
Subject: Re: Apache client certificate authentication

On Sat, Mar 20, 2010, Graham Leggett wrote:

   

On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:

 

Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
   

I am not 100% sure of the details, but I do recall a hang being a symptom
of using a client or a server that did not have the TLS renegotiation bug
fixed along with a server or client that did.

 

The only known case is an OpenSSL client without secure renegotiation support
(i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does
support renegotiation. If the server initiates renegotiation you don't get a
a hang.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: need help on: openssl pkcs12 --- avoid or manipulate propmpts

2010-03-20 Thread Mounir IDRASSI
Hi John,

To avoid the password prompt, you can add the argument -password pass:
to the command line. This will use an empty password for the PKCS12 file.
For a non empty value, for example 1234, use -password pass:1234 instead.

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

 Hi,

 Is anyone run through the same issue I have, please help me out. When I
run openssl pkcs12 -in new.crt -inkey new.key -certfile . It will
prompt user for:
 Enter Export Password:
 Verifying - Enter Export Password:

 Is anyway I can manipulate or default or void those two prompts since I
don't need those prompts.

 Thanks in advance.

 John






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify with RSA Public Key Fails

2010-02-27 Thread Mounir IDRASSI

Hi Paul,

You say that the exponent is 1024 bit long. This means you are using the 
private exponent because usually the public exponent is much smaller: 
typically the public exponent is 3 or 65537.
So in order to construct your RSA public key, replace the value of the 
private exponent you are using by the value of the corresponding public 
exponent.
If my guess is correct, then you should be able to verify the signature 
correctly.


Cheers,

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 2/27/2010 3:00 AM, Paul Suhler wrote:


Hi, everyone.

In Openssl 0.9.8i, I'm trying to take an RSA public exponent and 
public modulus, assemble them into an RSA key, and use that to verify 
a signature for a message.  However, EVP_VerifyFinal() always fails, 
apparently because of the wrong use of padding.


My code:

   RSA *   RsaKeyPtr = RSA_new();
   EVP_PKEY *  EvpKeyPtr = EVP_PKEY_new();

   RsaKeyPtr-n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); // 
Public modulus n
   RsaKeyPtr-e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); // 
Public key exponent e

   EvpKeyPtr-type = EVP_PKEY_RSA;
   if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
   {
  EVP_MD_CTX_init(MDContext);
  if(EVP_VerifyInit_ex(MDContext, EvpMdPtr, NULL))
  {
 if(EVP_VerifyUpdate(MDContext, MessagePtr, MessageLength))
 {
if(EVP_VerifyFinal(MDContext, SignaturePtr, 
SignatureLength, EvpKeyPtr))

{
...

The call stack looks like:

RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
...
RSA_eay_public_decrypt()
RSA_padding_check_PKCS1_type_1()

and that last function fails.

Am I assembling the RSA key incorrectly?

The modulus and exponent are each 1024 bits long and the message and 
signature are each 128 bytes long


Thanks very much,

Paul
*___
Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |* 
Office:* 949.856.7748 | _paul.suh...@quantum.com_ 
mailto:paul.suh...@quantum.com



The information contained in this transmission may be confidential. 
Any disclosure, copying, or further distribution of confidential 
information is not permitted unless such privilege is explicitly 
granted in writing by Quantum. Quantum reserves the right to have 
electronic communications, including email and attachments, sent 
across its networks filtered through anti virus and spam software 
programs and retain such messages in order to comply with applicable 
data security and retention requirements. Quantum is not responsible 
for the proper and complete transmission of the substance of this 
communication or for any delay in its receipt.


--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Unable to decrypt without Chinese Remainder Theorem factors ?

2010-02-08 Thread Mounir IDRASSI

Hi,

The problem that you are encountering comes from the fact that the 
function d2i_RSAPrivateKey, that create the key from the PEM content, 
will allocate the p, q, dmp1, dmq1 and iqmp fields and set them to zero, 
which is normal since this is their value on the PEM file. But then, the 
function RSA_eay_private_decrypt will fail with the error you are 
getting because it only tests for NULL pointers for the CRT fields not 
doesn't check if they are zeros.


You have two options here :
- use a patched version of OpenSSL where the implementation of 
RSA_eay_private_decrypt test for NULL pointers and zeros BIGNUMs

- convert your keys to CRT format.

For the later, I have developed an open source tool that converts 
private keys from SFM format (modulus, private exponent, public 
exponent) to CRT format. It's locate on SourceForge : 
http://rsaconverter.sourceforge.net/. It uses OpenSSL BIGNUM 
implementation. Especially, you can look at the file librsaconverter.c 
for the function SfmToCrt where the conversion algorithm is implemented.


For the first option, I can send you a patch for RSA_eay_private_decrypt 
but it's easy to do (just add tests !BN_is_zero between lines 534 and 539).

I hope this will help.

Cheers,

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 2/8/2010 10:12 AM, JB Van Puyvelde wrote:

Hi,

I would like to import and use in OpenSSL RSA key pairs generated by
an other program.

This program can export public and private keys to PEM files, with
X509 and PKCS#7 specifications. But, the private key doesn't contain
Chinese Remainder Theorem factors, only the private exponent and the
modulus.

So, I'm able to encrypt a file with the public key :

C:\openssl rsautl -encrypt -inkey pub.pem -pubin -in hello.txt -out hello.enc
Loading 'screen' into random state - done

But, trying to decrypt causes the following error :

C:\openssl rsautl -decrypt -inkey priv.pem -in hello.enc -out result.txt
Loading 'screen' into random state - done
RSA operation error
2548:error:0306B067:bignum routines:BN_div:div by zero:.\crypto\bn\bn_div.c:213:

I suppose the error comes from the fact that openssl.exe tries to use
the CRT factors to decrypt the file.

Could you confirm this ?

And of course, is there any way to make works decryption with my keys ?

Currently, I'm thinking about three possible solutions :
1) find a way to generates CRT factors from modulus and private
exponent (but I don't know if it's possible)
2) could the use of the RSA C functions, instead of the openssl
binary, solve the problem, because
http://openssl.org/docs/crypto/rsa.html says p, q, dmp1, dmq1 and
iqmp may be NULL in private keys, but the RSA operations are much
faster when these values are available. ?
3) and last, generate the keys with OpenSSL, but honestly I would
really appreciate to not have to do that and continue to generate key
pairs with my first program.

An example of key pair is attached with this e-mail. And for those who
knows, the first program is coded Java, the private key comes from the
PrivateKey class and is exported to PEM file with the PemWriter class
of BountyCastle.

Thanks,

JB
   


--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL Ca

2010-01-12 Thread Mounir IDRASSI

Hi,

What mail client are you using under Windows?
Each mail client has its own storage for private keys (Thunderbird uses 
local NSS key storage, Outlook uses CSP and IE certificate store). So, 
since you generated the key outside the scope of the mail client, you 
will certainly have to create a PKCS#12 file (called also PFX under 
Windows) containing your private key and its signed certificate and then 
import this file into your mail client's key storage (for Outlook, 
you'll have to install the PFX by double-clicking on it).
So, everything depends on your mail client and how it will access your 
private key.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 1/12/2010 12:35 PM, Anton Xuereb wrote:

Hi,

I'm trying to create a private CA with openssl for my enterprise. I 
have generated the CA private key and certificate. I have created a 
key pair and a certificate signing request from a windows pc using 
kleopatra (key management utility that comes with winpgp). I signed 
the request with the CA's key and sent the signed certificate to the 
windows pc and imported the certificate. I exported the public key 
which I sent to my laptop. I imported the certificate of my CA into my 
mail client and trusted it. I then imported the public key as exported 
from the windows pc. It is imported but instead of being put into the 
People category it's sent in the Others section as it apparently does 
not fit in any of the other categories. I am therefore unable to send 
encrypted mail to the windows pc using it's public key as my client 
will not use it to encrypt.


The following are the commands I used in order to get to this point:

In order to generate the private key and ca certificate:

# openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca 
-keyout private/myca.key -out certs/myca.crt -days 1825


I converted the request from DER to PEM format using:

openssl req -in datareq.p10 -inform der -out datareq.csr

In order to sign the request:

# openssl ca -config openssl.my.cnf -policy policy_anything -in 
datareq.csr


I'm at a loss at the moment so any help would be appreciated.

Thanks ,

Anton



--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: About Crypto Library usage and...

2009-11-15 Thread Mounir IDRASSI

Hi,

OpenSSL can definitely be used to implement a port of Crypto API under 
Linux but I advise you to take a look at Winelib from the Wine project 
(http://www.winehq.org/winelib).
They have implemented, among other things, the whole Crypto API 
functions along with MS CSPs. Although it's not based on OpenSSL (they 
use LibTomCrypt and GnuTLS), it's very stable and easy to use in order 
to port existing Crypto API code.
In order to show this, I have written a CryptAPI sample that performs 
RSA key generation, hashing and signature computation along with the 
Linux makefile that enables to compile it using Winelib. You can get it 
from the following link :


http://www.idrix.fr/Root/Samples/capi_wine.tar.gz  (Just type make after 
decompressing)


Under Debian, you get Winelib by typing apt-get install libwine-dev 
and under Ubuntu you've to type apt-get install wine-dev.


I hope this will help.

Cheers
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Gaurav Kumar wrote:

Hi,

I want to port few MS Crypto Api's on Linux.
Here are api's which i want to port.
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptHashData
CryptCreateHash

I want to use the same parameters used for encryption and decryption 
on windows.

For e.g.
CryptDecrypt uses parameters:
hkey ---key to use for the decryption.
hHash ---   Hash handle MD5 or SHA1.
dwFlag-For padding
pbData --- Data to decrypt.
pdwDatalength -- Size of data to decrypt.

Can this be possible using Crypto Library?
Which Crypto Api's in Linux uses key, MD5 or SHA1 and padding to 
decrypt and encrypt the data?


Thanks,
Gaurav

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Padding mode for RSA_private_decrypt()...

2009-11-09 Thread Mounir IDRASSI

Hi,

Take a look at function get_client_master_key in the file s2_srv.c, and 
specifically at the line where a call to ssl_rsa_private_decrypt is made 
: in it, the decision to use RSA_PKCS1_PADDING or RSA_SSLV23_PADDING is 
made depending on the value of the member ssl2_rollback of the 
ssl2_state_st structure. This member is set in the function 
ssl23_get_client_hello in the file s23_srv, depending on the options of 
the SSL options.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

barcaroller wrote:

Michael S. Zick wrote in message

  

The padding is added to the **plain text**
After decryption, the server can determine the padding present.



I'm writing a server and I usually just call RSA_private_decrypt(...,
RSA_PKCS1_PADDING).  Everything works fine most of the time but sometimes I
get that error.  In your last sentence, did you mean that the server can 
determine the padding mode?  If so, how?




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Padding mode for RSA_private_decrypt()...

2009-11-08 Thread Mounir IDRASSI

Hi,

Which version of SSL/TLS are you talking about?
To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2 
padding (in case of SSL V2 rollback, that last eight padding bytes are 
not random and are set to 0x03 but this special case is detect at the 
protocol level).


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

barcaroller wrote:

Mounir IDRASSI wrote in message ...

  
You simply can't guess the padding mode if you don't know it in advance. 
Imagine the security consequences if this was possible : it would mean 
that an attacker can have information about the clear text without having 
access to the private key!!



Okay, but the SSL client uses RSA_public_encrypt() with a padding value that 
is unknown to the SSL server, which uses RSA_private_decrypt() later on. 
How can the SSL server know in advance what padding mode the SSL client is 
going to use?




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Signature Verification

2009-11-07 Thread Mounir IDRASSI

Hi,

In order to help you further, can you post :
  - The data to be hashed which is the content of your variable xmlDat
  - The signature to be verified which is the content of your variable 
sigDat (maybe it's what you posted first)

  - The public key that will be used for the verification
  - The endianess of the the signature. It should be big endian as 
expected by OpenSSL


And just one last confirmation : In your first email, you posted some 
BASE64 data that you say is the signature. This data is 512 bytes long. 
So this would mean that the key used is a 4096 bit RSA key. Is this 
correct?


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Jim Welch wrote:

Hello Again,

The code is there to check for a non-null pkey.  It wasn't copied to 
keep the original message shorter.  I've now made sure that I've 
Base64'd the xml string and Base64'd the signature string.  These are 
what I'm giving to the EVP_VerifyUpdate and EVP_VerifyFinal.  Still 
not verifying.


Thanks Again,

Jim
- Original Message - From: Mounir IDRASSI 
mounir.idra...@idrix.net

To: openssl-users@openssl.org
Sent: Friday, November 06, 2009 5:11 PM
Subject: Re: Signature Verification



Hi,

You must also handle BASE64 decoding in EVP_VerifyUpdate not only 
EVP_VerifyFinal. Those two functions must have as input the byte 
arrays that represent the binary data and the binary signature 
respectively.
Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then 
everything is OK with the public key and you don't have to worry.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Jim Welch wrote:

Hi,

Thank you for the response.  It was sha512 not 256.  I changed it to 
EVP_sha512 in the code but it still won't verify.  On the verify 
final, I've tried it both with and without a Base64 converted string 
(and corresponding length).  I'm not sure from what I've read if the 
PEM_read_PUBKEY does a Base64 conversion on the Public Key or not 
and I'm not sure where to look in the pkey to find out.


Jim

- Original Message - From: Mounir IDRASSI 
mounir.idra...@idrix.net

To: openssl-users@openssl.org
Sent: Friday, November 06, 2009 3:55 PM
Subject: Re: Signature Verification



Hi,

In your description you say that the signature was created with 
SHA256 but in your code you are using SHA-1 through EVP_sha1. 
Replace this with EVP_sha256 to have a correct processing.
Also, your data seems to be BASE64 encoded and you are computing 
the digest directly on the BASE64 string. You should convert this 
BASE64 string to the corresponding byte array and then compute the 
digest on this byte array.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Jim Welch wrote:

Hello,

I've been trying to verify the signature from the following xml data:

license_dataversion1.0/versionserialEC1000-0900018/serialmac00:54:66:18:3A:40/macmodule 
code=impedancestart2000-01-01/startend2099-12-31/end/modulemodule 
code=multimeterstart2000-01-01/startend2099-12-31/end/modulemodule 
code=sulfationstart2000-01-01/startend2099-12-31/end/modulecookieAA80A2A7119FD4F1C122080E1AD17490/cookie/license_data 



using this signature:

C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv 

p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY 

ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf 

Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb 

SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS 

AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2 

dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU 

njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId 

j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo= 



These two strings above are being sent from a server as one file 
which I parse into the two separate strings making sure white 
space has been removed from the xml as that was how it was 
signed.  The signature was created with RSA  SHA512.


I'm using a C program to verify and have tried numerous attemps 
with no sucess.  The openssl release is 0.9.8k.  The vars sigDat 
and xmlDat are the respective strings.  The code is as  follows 
(some parts left out for simplicity):


fp = fopen (filePubKey, r);

pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);

EVP_VerifyInit (md_ctx, EVP_sha1());

EVP_VerifyUpdate (md_ctx, xmlDat, strlen(xmlDat));

err = EVP_VerifyFinal (md_ctx, sigDat, strlen(sigDat), pkey);

EVP_PKEY_free (pkey);

Any ideas as to what is wrong.  Another part of the project here 
involves java and the programmer working on that says that he can 
verify the signature so I know that the data is correct.


Thank You,

Jim Welch






__
OpenSSL Project http://www.openssl.org
User Support

Re: Padding mode for RSA_private_decrypt()...

2009-11-07 Thread Mounir IDRASSI

Hi,

You simply can't guess the padding mode if you don't know it in advance. 
Imagine the security consequences if this was possible : it would mean 
that an attacker can have information about the clear text without 
having access to the private key!!


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

barcaroller wrote:
How can I tell what the padding mode was before I attempt to decrypt data. 
For example, when I use


RSA_private_decrypt(encsize,
encdata,
decdata,
privkey,
RSA_PKCS1_PADDING)


I sometimes (but not always) get the following error:

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is 
not 02




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: export custom key in a PEM format

2009-11-01 Thread Mounir IDRASSI
Hi,

First, you must define a format for the PEM encoding/decoding. If you
don't have any interoperability constraints, you can choose a simple
format consisting of Sequence that contains two integers.
For that, I have written a sample that implements PEM reading/writing
for this simple format. Most of the work is done by the macros
DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source
code from the following link :

http://www.idrix.fr/Root/Samples/custom_pem.c

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

denot...@libero.it wrote:
 Hi all

 I'm working with ID-based signature (SHAMIR 84) and I create a struct 
 as below:

 struct sign
 {
 BIGNUM *s;
 BIGNUM *d;
 }

 How do I export this key into 
 a file in a PEM format??

 Thanks in advance
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
   
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI

Hi,

There are two main mistakes in your code:
   - The output of the MD5 is 16 bytes long but you are allocating 8 
bytes only. This will cause memory corruption.
   - AES-256 expects the key to be 32-bytes long but you want to use an 
MD5 digest as a key which is only 16-bytes. You should use SHA-256 
instead for this purpose.


I hope this will help.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

himas wrote:

Hello, I wrote a source for encrypting and decrypting some text data
with aes_256_cbc:

-- CODE --

void aes256cbc_encrypt(char *text, char *hkey)
{
int i, outlen;
unsigned char *outbuf = (unsigned char*)malloc(1024);
unsigned char *inbuf = (unsigned char*)text;
int inlen = strlen(text);
unsigned char *key = (unsigned char*)hkey;
//unsigned char key[] = somevalue;

EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher;

EVP_CIPHER_CTX_init(ctx);
cipher = EVP_aes_256_cbc();
EVP_EncryptInit(ctx, cipher, key, NULL);

EVP_EncryptUpdate(ctx, outbuf, outlen, inbuf, inlen);
EVP_EncryptFinal(ctx, outbuf + outlen, outlen);

for(i = 0; i  outlen; i++) printf(%02x, outbuf[i]);

EVP_CIPHER_CTX_cleanup(ctx);
free(outbuf);
}

int aes256cbc_decrypt(char *ctext, char *hkey)
{
int i, outlen;
unsigned char *outbuf = (unsigned char*)malloc(1024);
unsigned char *inbuf = (unsigned char*)ctext;
int inlen = strlen(ctext);
unsigned char *key = (unsigned char*)hkey;

printf(cyphered text = %s\nhashed key = %s\n, ctext, hkey);

EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher;

EVP_CIPHER_CTX_init(ctx);
cipher = EVP_aes_256_cbc();
EVP_DecryptInit(ctx, cipher, key, NULL);

EVP_DecryptUpdate(ctx, outbuf, outlen, inbuf, inlen);
EVP_DecryptFinal(ctx, outbuf + outlen, outlen);

printf(\n[*] decryption result\n);
//for(i = 0; i  outlen; i++) printf(%02x, outbuf[i]);
for(i = 0; i  16; i++) printf(%02x, outbuf[i]);
printf(\n%s \n, outbuf);

EVP_CIPHER_CTX_cleanup(ctx);
free(outbuf);
}

main ()
{
char *pass = testtesttesttest;
char *text = testtesttesttest;
char *ctext = fdfb4ca253caf79c683b85787de8d094;

// generating MD5 hash
char *chash = (char*)malloc(8);
MD5_Hash(pass, chash);
//aes256cbc_crypt(text, chash);
aes256cbc_decrypt(ctext, chash);
}

-- CODE --

My questions concerning decryption are:
1. why don't I get outlen value?
2. why don't I get plaintext value after decryption (must be
testtesttesttest)
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI

Hi,

There is a confusion in your code between byte buffers and their HEX 
representation. You should work directly with buffer without trying to 
access them as strings. This will solve all your problems.
So, change the implementation of your function MD5_hash to put the hash 
directly into the chash parameter without converting it to ASCII and 
never call printf directly on byte arrays.
Once you have done these changes and if you still have errors, post your 
code and we will try to help you.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


himas wrote:

Mounir IDRASSI wrote:
  

Hi,

There are two main mistakes in your code:
- The output of the MD5 is 16 bytes long but you are allocating 8 
bytes only. This will cause memory corruption.
- AES-256 expects the key to be 32-bytes long but you want to use an 
MD5 digest as a key which is only 16-bytes. You should use SHA-256 
instead for this purpose.





1. I tried to allocate more, but got some extra-symbols returned with the
hash
char *chash = (char*)malloc(16);
MD5_Hash(pass, chash);
printf(%s \n, chash);

returned:
Р♥3dd0cd797a7399b56c470612887108eb



2. Just for the test I doubled my MD5 digest and send it to Decryption
function and got the same sad result

new ctext = fdfb4ca253caf79c683b85787de8d094
as you can see it remains the same after doubling the hash

-- CODE --
// double the key
char hash[65] = {0};
int i;
for (i = 0; i = 64; i++)
{
if (i = 32) hash[i] = chash[i-32];
else hash[i] = chash[i];
}
hash[65] = '\0';
printf(%s \n, hash);
-- CODE --

Result:
[*] decryption result
ae e3 27 62 c8 8a 9a 76 0b 67 73 1e 17 f8 dc ca
оу'b╚КЪv♂gs▲↨°▄╩tСTUT*ыьЫuУ{╧$Qо



3. I also changed a little my Decryption code:
-- CODE --
int templen;
EVP_DecryptFinal(ctx, outbuf + outlen, templen);
outlen = outlen + templen;
-- CODE --

SO
-- CODE --
for(i = 0; i  outlen; i++) printf(%02x , outbuf[i]);
-- CODE --
Now works fine
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Compile dlls with Borland compiler OR avoid using VC 2008 Redistributable

2009-10-05 Thread Mounir IDRASSI

Hi,

You can build OpenSSL dlls that don't require runtime redistribuable 
using MS Visual Studio. For that, follow the build instruction and 
before calling nmake -f ms\ntdll.mak, edit the file ntdll.mak and 
replace the switch /MD by /MT. After the build, you will have dlls that 
are statically linked to the MS CRT and so they don't require any 
reditribuable on the target machine.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Max Terentiev wrote:

Hi,

I suspect BC will have its own runtime libraries to provide similar 
generic C runtime functionality.


Yes, but BC can link it inside output .dll.

MS VS should link to but I don't know what compiler option
must be set for it.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: about the big number xor

2009-09-13 Thread Mounir IDRASSI
Hi,

There is no explicit function for this but you can use the function
BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials,
the addition is a simple bitwise XOR.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

jaze lee wrote:
  I want to implement xor function of large number . I do not know
 whether the similar function is already been implemented. If so, where
 i can find it . And if not i have to try , thank you !
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
   
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


  1   2   >