Re: Difference in packet contents
Vijay Kotari wrote: @DS Nicely put. So, if I was to try to decrypt/encrypt one of these messages, I would need the key and the iv and something else? Because if just the key and iv are sufficient to encrypt/decrypt the data, then how are the different encrypted messages generated for the same cleartext? http://en.wikipedia.org/wiki/Cipher_block_chaining -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: matching keys
Brian Smith wrote: I'm attempting to write a C function to match a private key to either it's corresponding public key or certificate for both RSA and DSA algorithms. At this point, I have the keys loaded into their corresponding RSA and DSA structures. From here, what parameter checks are necesary to verify that the corresponding keys match? I'm guessing rsa-n would suffice for RSA, would dsa-p and dsa-q be an appropriate choice? Thanks! Brian Simple method, without having to know key internals, is to do a sign followed by a verify on some random digest. If the keys match then the verify should pass. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to resolve the OpenSSL functions while linking
[EMAIL PROTECTED] wrote: Hi Jimmy, Yes,We linked the sharedlibraries libssl and libcrypto while building. This is how my Makefile looks like = LINUX_TARGET =libxauthn.so LINUX_LIBS =-lpthread -lpdxauthn -lpdxauthnutils -lpdauthzn LINUX_CFLAGS =-I. -I/opt/pdwebrte/pdxauthn_adk/include -I/opt/PolicyDirector/include -I/usr/local/ssl/include -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -g LINUX_LFLAGS =-L/opt/pdwebrte/pdxauthn_adk/lib -L/usr/lib *-L/usr/local/ssl/lib/libcrypto.a -L/usr/local/ssl/lib/libssl.a This line above isn't right. The line commented below looks right. '-L' is for library search paths, specify libraries with '-l'. So -lssl -lcrypto is the way to do it. So it seems that you really aren't linking with openssl. *#LINUX_LFLAGS =-L/opt/pdwebrte/pdxauthn_adk/lib -L/usr/lib -lcrypto -lssl LINUX_DCFLAGS =-g2 LINUX_DLFLAGS =-g2 LINUX_CC =gcc LINUX_LD =gcc LINUX_LINK_DLL =gcc -shared LINUX_DELETE =rm -f LINUX_O_EXT=o TARGET =$(LINUX_TARGET) DCFLAGS =$(LINUX_DCFLAGS) DLFLAGS =$(LINUX_DLFLAGS) CFLAGS =$(LINUX_CFLAGS) $(DCFLAGS) IFLAGS =$(LINUX_IFLAGS) LFLAGS =$(LINUX_LFLAGS) $(DLFLAGS) LIBS=$(LINUX_LIBS) CC =$(LINUX_CC) LD =$(LINUX_LD) LINK_DLL=$(LINUX_LINK_DLL) DELETE =$(LINUX_DELETE) O_EXT =$(LINUX_O_EXT) # *** # Main body of the Makefile # *** REQ_OBJS=xauthn.$(O_EXT) CCAIntialize.$(O_EXT) CCAAuthenticate.$(O_EXT) all: $(TARGET) clean: $(DELETE) $(REQ_OBJS) $(TARGET) libxauthn.a: $(REQ_OBJS) $(LINK_DLL) $(LFLAGS) -o $(TARGET) $(REQ_OBJS) $(LIBS) libxauthn.so: $(REQ_OBJS) $(LINK_DLL) $(LFLAGS) -o $(TARGET) $(REQ_OBJS) $(LIBS) libxauthn.sl: $(REQ_OBJS) $(LINK_DLL) $(LFLAGS) -o $(TARGET) $(REQ_OBJS) $(LIBS) === Regards Sunil -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to resolve the OpenSSL functions while linking
[EMAIL PROTECTED] wrote: Hi, I am using the OpenSSL 0.9.7g 11 Apr 2005 on solaris machine for one appliacation.We are porting the same application to the Redhat Linux (Linux tam1 2.4.21-27.ELsmp #1 SMP ). We successfully deployed the above openssl version in the linux box.And we successfully compiled the application. In this application I am using these OpenSSL functions in one shared library.Checked the shared library using ldd command whether these functions are correctly linked or not.That time we are facing undefined symbol errors against the OpenSSL functions.For more calrity please have a look at the below snapshot. === [EMAIL PROTECTED] libcode]# ldd -r libxauthn.so libpthread.so.0 = /lib/tls/libpthread.so.0 (0x00717000) libpdxauthnutils.so = /usr/lib/libpdxauthnutils.so (0x006f) libpdauthzn.so = /usr/lib/libpdauthzn.so (0x00da4000) libc.so.6 = /lib/tls/libc.so.6 (0x0015e000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x002c4000) libdl.so.2 = /lib/libdl.so.2 (0x009d4000) libpdira.so = /usr/lib/libpdira.so (0x002da000) libpdutil.so = /usr/lib/libpdutil.so (0x00423000) libpdauthn.so = /usr/lib/libpdauthn.so (0x00b4f000) undefined symbol: d2i_X509 (./libxauthn.so) undefined symbol: ERR_get_error (./libxauthn.so) undefined symbol: X509_get_issuer_name (./libxauthn.so) undefined symbol: X509_NAME_get_entry (./libxauthn.so) undefined symbol: ASN1_STRING_data (./libxauthn.so) undefined symbol: OBJ_sn2nid(./libxauthn.so) undefined symbol: X509_get_ext_d2i (./libxauthn.so) undefined symbol: sk_num(./libxauthn.so) undefined symbol: sk_value (./libxauthn.so) undefined symbol: ASN1_STRING_length(./libxauthn.so) undefined symbol: regcmp(./libxauthn.so) undefined symbol: regex (./libxauthn.so) undefined symbol: __loc1(./libxauthn.so) undefined symbol: X509_get_subject_name (./libxauthn.so) undefined symbol: X509_NAME_oneline (./libxauthn.so) undefined symbol: BIO_new_fp(./libxauthn.so) undefined symbol: ERR_print_errors_fp (./libxauthn.so) undefined symbol: X509_signature_print (./libxauthn.so) May I know why I am getting there errors And onemore thing is whether the openSSL executable will be different from Unix to Linux operating system.? Please help me out from this situation. So did you link with libssl and libcrypto while building the shared library (libxauthn.so)? Regards Sunil. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Parsing counter signatures - HELP - (UPDATED)
Massimiliano Ziccardi wrote:
I'm sure OpenSSL is able to parse more than one counter signature per
signature.
Can pleas some OpenSSL expert tell me how to do it? I think the code I
sent in the previous
e-mail should be close to the solution. I just need to know how to get
the other counter signatures
(I already did in Java with Bouncycastle, and it has been straightforward).
I've searched through the net for some documentation, but, as stated on
the site, the OpenSSL documentation
is very incomplete, and I couldn't find any useful information.
Many thanks for your help.
Massimiliano Ziccardi
I see that PKCS7_get_attribute() retrieves the first attribute matching
the nid. Maybe something like below will do the trick.
STACK_OF(X509_ATTRIBUTE) *unauth = PKCS7_get_attributes(si);
/* go thru each elem in unauth */
foreach attr in unauth {
if(attr-object-nid == NID_pkcs9_countersignature){
/* do something here */
}
}
On Tue, May 20, 2008 at 9:25 AM, Massimiliano Ziccardi
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
[snip]
#include openssl/pkcs7.h
#include openssl/bio.h
#include openssl/err.h
#include openssl/x509.h
void parse(char *pszFileName)
{
// Parsing PKCS#7 file
BIO *foo = BIO_new_file(pszFileName, rb);
PKCS7* pP7 = d2i_PKCS7_bio(foo,NULL);
STACK_OF(X509) *pSigners = PKCS7_get0_signers(pP7, NULL, 0);
STACK_OF(PKCS7_SIGNER_INFO) *pSignerInfos =
PKCS7_get_signer_info(pP7);
// Looping through the signatures
for (int i = 0; i sk_PKCS7_SIGNER_INFO_num(pSignerInfos); i++)
{
PKCS7_SIGNER_INFO *si =
sk_PKCS7_SIGNER_INFO_value(pSignerInfos, i);
X509* pSignerCert = sk_X509_value(pSigners, i);
printf (FOUND SIGNATURE : %p\n, si);
// Parsing counter signatures
ASN1_TYPE *pCounterSignatureAttribute =
PKCS7_get_attribute(si, NID_pkcs9_countersignature);
ASN1_STRING *pSequence =
pCounterSignatureAttribute-value.sequence;
if (pSequence != NULL)
{
unsigned char *ps = NULL;
ps = pSequence-data;
PKCS7_SIGNER_INFO *cs = d2i_PKCS7_SIGNER_INFO(NULL,
(const unsigned char**)ps, pSequence-length);
printf (FOUND COUNTER SIGNATURE: %p\n, si);
}
}
}
Regards,
Massimiliano Ziccardi
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Use ssh-format key
Jameson Chema Quinn wrote: Jameson Chema Quinn wrote: I have a public key in the following format: ssh-dss B3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLFQCzrVxVqen0ZQ08EimzTtBimRvvAwAAAIBGqpPGAw9fUcBRMlAGSUMDRthh+vKg5HJx52rupinjpZrptdgSpJRTtQXebAbB0rWQgMh5o/sYZzpHurfFJVKzjdrpBFji2FnCsO5zThSuCn07oDHidr9JEgJ/lHwHB57JQX6f+PT2KK6/N7rw2kwF1+mZDgWbhjxA1AZC4KSUgQAAAIBT41q0iIYSRJD6rB7ywN9rXCVwNtcG/Y8U/Bqh1cc4lYb9R5hNcRSqAkgis0BFxpM3frzZKpgdyX/I7HScGpbiGUlBFf/sX3YnUFsfHHg+OnuVqYzlKL8iEfP+RTpeqnHV/AdWOUELVJzHqk7FD31Tf+IGbt25vI3FjEDkQWYpdg= = that is, ssh-dss followed by a base64-encoded blob which has the following five values, each preceded by their length in bytes: *ssh-dss (again, this time no space) *the four integers that dss uses (p,q,g,y). Well, this part here is defined in RFC 4253. The other formats used to store them are described across various docs. ... I have tried everything I can think of - all combinations of ssh-keygen -if, -ef; openssl dgst -keyform P,S,1,... The problem is that I do not really know what I'm aiming for, as I have no example of signatures working - I can make a signature, but I cannot verify it. As to fixing openssl to read this format natively, I have looked around the code, and am stuck on EVP_PKEY_DSAX - there 5 versions and I do not know which one to use. I guess that I will figure that latter problem out eventually, but I really could use a working keypair for comparison. If I could visually compare in order to figure out the problem with ssh-keygen -e I could just keep two copies of the public key for now. Are you sure that the format is RFC4253? This is the same format as the ssh key, without the -BEGIN stuff; but when I that stuff manually it does not work. Well I'm not sure signing/verifying with ssh keys constitutes a valid use-case; maybe you could describe what you want in detail. In case your problems pertain to dealing with ssh key formats and using them, you maybe better off asking this on the openssh list. [If you just want to programmatically sign/verify using ssh keys that should be easy enough; openssh uses openssl for the cryptographic ops. I gather that you're stuck at making a key structure out of the blob. Take a look at key.c,key.h in the openssh sources] -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Use ssh-format key
Jameson Chema Quinn wrote: I have a public key in the following format: ssh-dss B3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLFQCzrVxVqen0ZQ08EimzTtBimRvvAwAAAIBGqpPGAw9fUcBRMlAGSUMDRthh+vKg5HJx52rupinjpZrptdgSpJRTtQXebAbB0rWQgMh5o/sYZzpHurfFJVKzjdrpBFji2FnCsO5zThSuCn07oDHidr9JEgJ/lHwHB57JQX6f+PT2KK6/N7rw2kwF1+mZDgWbhjxA1AZC4KSUgQAAAIBT41q0iIYSRJD6rB7ywN9rXCVwNtcG/Y8U/Bqh1cc4lYb9R5hNcRSqAkgis0BFxpM3frzZKpgdyX/I7HScGpbiGUlBFf/sX3YnUFsfHHg+OnuVqYzlKL8iEfP+RTpeqnHV/AdWOUELVJzHqk7FD31Tf+IGbt25vI3FjEDkQWYpdg= = that is, ssh-dss followed by a base64-encoded blob which has the following five values, each preceded by their length in bytes: *ssh-dss (again, this time no space) *the four integers that dss uses (p,q,g,y). This is the format outputted by: ssh-keygen -q -t dsa -f %s -C '' -N '' (actually, this is the command used by the Sugar environment for OLPC to make keys, I am trying to use these keys for signatures. Certainly this seems to be a pretty standard way to make a key). If I try openssl dgst -dss1 -verify ... with this key, I get the message unable to load key file Is there any way for me to convert this to a valid key format? If not, is it possible that openssl might/should gain the capability to read this format? I can even make an attempt to write this into openssl myself, but it has been some time since I wrote C and I would really appreciate some pointers from somebody who knows the code as to where I need to change it. Thanks, Jameson Well the key is in SSH format, have you tried any of the ssh utilities? Say does 'ssh-keygen -e' do what your looking for? If you want to write C code to convert the key, the format is described in RFC 4253, and you might want to look at the EVP_PKEY_* functions and load_pubkey() in apps/apps.c (and maybe PEM_read_bio_PUBKEY() for reference). -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Content processing function of d2i_RSAPrivateKey
Shanku Roy wrote:
I have tried following:
crypto/rsa nm --print-file-name *.o | grep d2i_RSAPrivateKey
33:rsa_asn1.o:00ec T d2i_RSAPrivateKey
crypto/rsa gcc -E rsa_asn1.c | grep d2i_RSAPrivateKey
rsa_asn1.c:60:22: cryptlib.h: No such file or directory
3249:RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len); int
i2d_RSAPrivateKey(const RSA *a, unsigned char **out); extern const ASN1_ITEM
RSAPrivateKey_it;
3492:(D2I_OF(void)) d2i_RSAPrivateKey,
3534:RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len) {
return (RSA
*)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len,
((RSAPrivateKey_it))); } int
i2d_RSAPrivateKey(const RSA *a, unsigned char **out) { return
ASN1_item_i2d((ASN1_VALUE *)a, out,
((RSAPrivateKey_it))); }
crypto/rsa
I tried locating line 3249 and 3534 in rsa_asn1.c, but that file donot have
that many lines...it
has only 121 lines:
rsa_asn1.c 121 lines --100%-- 121,2-9
When you grep in the pre-processed file, I think you're also supposed to
look for those lines in the pre-processed file..
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: DH Prime Question
Bernhard Froehlich wrote:
Julian schrieb:
Hi,
I am working on an application that is both a client and a server. The
DH prime is stored in the binary for the server. Since the Server will
exists inside the Client is there a considerable risk of embedding the
DH p into the code? The alternative is to have the Server generate a
1024 bit prime when the Client starts it's Server portion, however as
we know this is painfully slow.
Thanks,
J
As I understand it the prime inportance for DH parameters is that no
attacker can trick you into using a special set of parameters. Insofar
I'd see no problem embedding DH parameters in code, because if an
attacker can modify your code than you'll have bigger problems than DH
parameters.
Any other opinions?
Hope it helps,
Ted
;)
Agree with Bernhard.
Embedding doesn't seem to be a problem; many softwares use well known DH
parameters (eg: ssh). What is important is for your DH params not to be
weak, it might make be worth to look at places like RFC 4419 {Sections
6,7}, RFC2409 {Section 6 gives the Oakley groups}.
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: DH Prime Question
Julian wrote:
My fear is that get a hold of P will allow for someone else to use it to
start a protocol disassembly. For instance anyone could create a
DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of
course if would have to have a cert signed by CA to proceed even if they
have P.
Without certificates (anon-DH), yes someone could do a man-in-the-middle
attack; with certificates they would be hard pressed, since they
wouldn't have the server's private key. As for listening, no matter what
P you use a listener could easily follow the protocol; but TLS is
designed to be resilient, so he couldn't get hold of the session keys.
The protocol here is TLS where each client is a server, so shouldn't
each client/server have their own DH P?
Or am I looking at this wrong, since I am using distributed PKI, then
exposing P is moot?
P,G are DH parameters which both the server and client need to know.
Normally they are public knowledge; if the server and client don't share
the P,G, then the server sends it to client (DH can't work if both don't
have the same P,G).
So, what happens is
client makes a random value Y which is private.
server makes a random value X which is private.
client uses {P,G} to make public value Y' from Y.
server uses {P,G} to make public value X' from X.
exchanges X',Y' and both arrive at a common value Z.
The security of DH lies in the fact that any attacker given knowledge of
X',Y',G,P cannot derive X or Y (Discrete Logarithm problem) and hence
cannot derive Z. And normally all systems generate X,Y for each DH exchange.
Hope that helps.
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option...
Prabhu S wrote: Hi, The client is configured with SSLv3_client_method. *ctx = SSL_CTX_new(SSLv3_client_method());* Whenever the client tries to connect to server with any CBC ciphers like DES-CBC3-SHA, the SSL handshake is successful but when the client tries to send data to server,say 10 bytes, I see from ethereal that two application records are sent. But the server does not report reading that data. With cipher RC4-MD5, this is not seen. 10 bytes are sent in one application record and server reports the receiving of that particular data. Now when I set the *SSL_CTX_set_options* with* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *(or SSL_OP_ALL), data exchange with CBC ciphers are successful. It's isn't exactly unsuccessful with the empty fragments. (They only apply for block ciphers, so you don't have it with RC4). What is happening here? Can someone please explain the theory behind *SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *option? See http://www.openssl.org/~bodo/tls-cbc.txt -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CRYPTO_add_lock() segmentation fault (core dump included)
Ion Scerbatiuc wrote: Thank you for your reply! I didn't find any refferences to CRYPTO_set_add_lock_callback() in openssl man pages nor the meaning of this functions/callbacks. I didn't understand what does CRYPTO_add_lock () do. CRYPTO_add_lock() does atomic additions (or subtractions). It isn't necessary to set CRYPTO_set_add_lock_callback(), in the absence of add_lock_callback it falls back on CRYPTO_lock(),_unlock() pair to do the job. In your back trace, the code dies in CRYPTO_add_lock(). It could mean the pointer is bad. If you could do a disassembly of CRYPTO_add_lock in gdb, staring at the location of fault *could* point you to the source of error (CRYPTO_add_lock() being a small function). Can you provide some information on this functions and maybe some code examples. Thanks in advance Best regards, Ion -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CRYPTO_add_lock() segmentation fault (core dump included)
jimmy bahuleyan wrote: Ion Scerbatiuc wrote: Thank you for your reply! I didn't find any refferences to CRYPTO_set_add_lock_callback() in openssl man pages nor the meaning of this functions/callbacks. I didn't understand what does CRYPTO_add_lock () do. CRYPTO_add_lock() does atomic additions (or subtractions). It isn't necessary to set CRYPTO_set_add_lock_callback(), in the absence of add_lock_callback it falls back on CRYPTO_lock(),_unlock() pair to do the job. In your back trace, the code dies in CRYPTO_add_lock(). It could mean the pointer is bad. If you could do a disassembly of CRYPTO_add_lock in gdb, staring at the location of fault *could* point you to the source of error (CRYPTO_add_lock() being a small function). Well, thinking about it, the first param to CRYPTO_add_lock() can't be bad (since it's var). You could as well check if add_lock_callback has some (non-zero) value. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl performance
raj H wrote: Thanks Marek for your comments! [snip] I am sorry these questions are really vague and not of challenge for the technical personals. But I believe these are the questions any solution developer or openssl user would have. Isn't the OpenSSL publishes any numbers? Have you tried the command $ openssl s_time -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem after removing memory leak
Wockenfuß wrote: Hi all, I have written a class in C++ to easily access functions from OpenSSL from our products. In the constructor of my class I do the following lines of code: threadSetup(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_algorithms(); ERR_load_PKCS7_strings(); ERR_load_X509_strings(); ERR_load_crypto_strings(); ERR_load_ERR_strings(); RAND_seed( rnd_seed, sizeof(rnd_seed) ); ENGINE_load_builtin_engines(); In the destructor I do the following: ENGINE_cleanup(); RAND_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); threadCleanUp(); This leads to a memory leak, because of the OpenSSL_add_all_...-functions in the constructor. In the online manual I've read that I need to call EVP_cleanup(); in the destructor too. So if I do this all memory leaks are gone, but the function X509_verify_cert() fails with the error 'certificate signature failure '. If I remove the EVP_cleanup() from the destructor the function works as fine as it should work. Could please anyone give me a hint what could be wrong? The destructor is called at least once before the constructor is called again and X509_verify_cert is called. Ideally these steps should be done once per program life-time; constructor steps at start-up, destructor steps at program exit (say in an environment where the OS doesn't clean up the program's memory). Doing it per-object creation is unnecessary and error prone (as maybe the case here). I believe it should be possible to do it once per program lifetime without changing your C++ class too much. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Keys in Triple-DES encryption
Ambarish Mitra wrote: Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined.. Question: So, the question is: How can we generate a key for Triple DES encryption and write out the same in a file? Simple answer for 'how to generate a key for a symmetric cipher' is 'use a pseudo-random generator' to generate key/IV pairs of desired length. --- This will be sufficient for my case. Is there a way to generate the same from the command line, or we have to generate in a program using DES_random_key. I could not find a way to do from the command line. $openssl rand -base64 number of bytes -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Keys in Triple-DES encryption
Ambarish Mitra wrote: Ambarish Mitra wrote: Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined.. Question: So, the question is: How can we generate a key for Triple DES encryption and write out the same in a file? Simple answer for 'how to generate a key for a symmetric cipher' is 'use a pseudo-random generator' to generate key/IV pairs of desired length. --- This will be sufficient for my case. Is there a way to generate the same from the command line, or we have to generate in a program using DES_random_key. I could not find a way to do from the command line. $openssl rand -base64 number of bytes - There are 2 concerns here. 1) When we do this (with number of bytes = 24 for T-DES), and use the same as keys, then how do we know that it is a strong key for t-des encryption? A DES weak key could be checked for using DES_is_weak_key(). 'man des' explains the chances that a random key could be weak. Going by that, you might just want to use a proper PRNG/random source. 2) Also, in the application, we have to do base64 decode, and the resultant may not be ascii. It can have special characters. I am just wondering if sending this key in any decryption function will cause problems. A key isn't meant to be ascii or representable as a C string, treat it as binary data (and it'll treat you well ;) If you want to transmit or convert to ascii-form that's what base64 is for. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help: problem with handshaking
陳秀虹 wrote: Thanks for the explanation. I am having problem with Encrypted Alert. At first I thought it's because the Session ID length 0 is not correct. If this is not the problem, I really can't tell where it went wrong from packets I captured. I searched the web and I think Encrypted Alert means that the alert is being encrypted. Is there any way I can decrypted the alert message? Can someone give me any hint? Attached is the .cap file. Thanks in advance. Here is what I have. from Client : Client Hello from Server: Server Hello, Certificate, Server Hello Done from Client : Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message from Server: Change Cipher Spec from Server: Encrypted Handshake Message from Server: Encrypted Alert From your capture file, - I can see that your server certificate has a few problems (expiry date, name, etc.). Well if your client ignores all this and the key is good then we may progress. - Probably the server is failing in the Client_Pre_Master check, so it maybe using a random value and then eventually failing when verifying the Client Finished message, and sends an alert. So either the client doesn't send a proper pre-master encrypted with server's RSA public key; or you have a problem on the server side. If so, you can check the server logs or better if you can debug server (then you could check what happens in ssl3_get_client_key_exchange()). -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating Keys in Triple-DES encryption
Ambarish Mitra wrote: Hi all, Background: My application reads an encrpyted-base64 password from a config file and decrypts the same inside the application. The password is encryped using Triple-DES algorithm. To encrypt and base64 the actual password, a stand-alone utility is provided. We run this utility, and then copy-paste the generated password in the config file. Of course, the key, the IV (Salt not used) are same (hard-coded) in both the applications. So far, so good. Now, we have to make the keys available in another file (Which will be kept under more security). Both the applications are to read the key from the file. Now, we have to generate the key and then write out the key in the file. Question: So, the question is: How can we generate a key for Triple DES encryption and write out the same in a file? Simple answer for 'how to generate a key for a symmetric cipher' is 'use a pseudo-random generator' to generate key/IV pairs of desired length. A more complicated answer would depend on 'if you want the key generation to be deterministic based on a set of given parameters', then you'd have to make the key generation a secure function of these parameters (else look at the simple answer). Examples would pbe, key generation in SSL sessions (well not exactly, but given the same random values you do get the same keys). Formulating this function is better left to a security expert; better still use one of the standard or established techniques. How to write out to a file? Simple answer: base64, or raw binary, or etc.. Have you considered if PKCS12 or PEM would suite your application's needs? I tried the genrsa and dsa options but they seem to generate keys for RSA/DSA encryptions. Also, we can specify the length of modulus in those keys. But they will not map well in T-Des case. Don't know how rsa/dsa can help with DES ;) Any pointers would be welcome. Thanks. -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL performance hit + buffer sizes
Urjit Gokhale wrote: Hello everyone, I would like to know your view on Would the performance impact for transmitting 'X' bytes of unencrypted data over SSLized channel be almost same irrespective of the number of SSL_* calls ? Consider I am using a buffer of size 'buf_size' for SSL_read/write (SSL_read(ssl_obj,buf,buf_size) ): If buf_size 'X' I would require more number of SSL_reads/writes. If buf_size 'X' a single SSL_read/write should suffice. So would the performance hit for end to end transmission of this 'X' bytes of data be the same in the cases mentioned above? I am assuming ideal network (no network latency etc) and 'X' is not big enough to fill kernel buffers on either side. ~ Urjit My view; it has a similar performance impact as if you'd sent X bytes over TCP with TCP_NODELAY set each time only sending Y bytes, where X is pretty big and Y is a small number (Y corresponds to your buf_size above). I don't remember SSL having an option to make it wait for a certain buffer size before sending it down to the network (some trick in the BIO? maybe someone can correct me). -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help: problem with handshaking
陳秀虹 wrote: Hi, I have ported openssl 0.9.8g to our platform in linux. When I tried to connect to a server with SSL enabled, it always give me Handshake Failure. I checked the packet when Client Hello was sent. The session ID length is 0. I traced the source code in ssl3_get_client_method(), but I really don't know where went wrong. When is session id assigned? Can anyone help? Thanks in advance. HH Session ID is assigned by server, so client sends a 0 length id (unless it is resuming a prior session). -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problem by d2i_ECDSA_SIG
Helios Nguyen wrote:
Hi everyone,
i have problem with ECDSA_do_sign() and ECDSA_do_verify().
After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG()
to decode this signature and verify it. is that true?
But there is a error: Segmentation fault (core dumped) when i do
d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you?
Thanks in advance.
Nguyen.
Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To
verify the signature you can just pass the output ECDSA_SIG * from
ECDSA_do_sign() to ECDSA_do_verify().
There is some sample code in the ecdsa man page which seems to indicate
as much. A careful look at the function prototypes would also point you
to your errors (compiler warnings too).
Here is my code:
unsigned int olen, sig_len;
unsigned char *digest, *sig_buf;
int ires;
EC_KEY *ecprivkey=NULL;
EVP_PKEY *pkey;
EC_KEY* hpubkey;
ECDSA_SIG *ret;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_load_EC_strings();
/*Get public key from file to verify*/
FILE *fp = fopen(/var/www/210308eccert.pem, r);
X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
pkey=X509_get_pubkey(cert);
hpubkey = EVP_PKEY_get1_EC_KEY(pkey);
if (!hpubkey) {printf(can't get public\n );}
/*file to compute digest string*/
FILE *f=fopen(/var/www/test_dgst.txt,r);
process_file(f,olen);
if (!digest)
{
fclose(f);
printf(error by compute digest\n);
}
print_hex(digest,olen);
printf(\n);
/*private key file to sign on digest string */
FILE *fpkey=fopen(/var/www/210308keyec.pem,r);
ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);
/*sign digest string and return poniter ret to ECDSA_SIG*/
ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);
if (ret=NULL){printf(sign error\n);}
/*decodes a DER encoded ECDSA signature*/
ECDSA_SIG *s = ECDSA_SIG_new();
if (s==NULL) {printf(ECDSA_SIG_new error\n);}
s=d2i_ECDSA_SIG(ret, sig_buf, sig_len);
if (s==NULL){ printf(convert error\n);}
/*verify signature with public key*/
ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);
printf(vaue of ires %d\n,ires);
and here is error:
[EMAIL PROTECTED]:~/OpenSSl$ ./test
c9c300ff35fca10408ff2500a20408ff
Segmentation fault (core dumped)
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: core dump occasionally in method openssl_add_all_ciphers
Krishna Puttaswamy wrote: sorry for the typo in my last mail's subject. Also, just wanted to mention that the problem below is on a linux box running CentOS. Thanks On Fri, Mar 21, 2008 at 4:48 PM, Krishna Puttaswamy [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello all, I have written some code to encrypt/decrypt data and to generate digest of a message using openssl. I am using the openssl version OpenSSL 0.9.7a Feb 19 2003, and occasionally my program dumps core, always inside the method openssl_add_all_ciphers. The result of the stack trace from the core is below... can someone please give me some suggestions as to how to fix this problem? Note that this crash happens occasionally and I am not able to figure out when it happens. These crashes are driving me nuts... is this a bug in this version of the library or is there a more stable version that i should be using or something? I did a lot of google search and found nothing on this one... Is it possible to valgrind your application? Or run with environment variable MALLOC_CHECK_=2? It is possible that the heap could have been corrupted earlier and the effects are showing up just now. As for a newer version, both 0.9.7 and 0.9.8 series are available. here is the stack trace: #0 0x004927a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x004d3815 in raise () from /lib/tls/libc.so.6 #2 0x004d53d1 in abort () from /lib/tls/libc.so.6 #3 0x00507cca in __libc_message () from /lib/tls/libc.so.6 #4 0x0050e55f in _int_free () from /lib/tls/libc.so.6 #5 0x0050ff01 in _int_realloc () from /lib/tls/libc.so.6 #6 0x005110fc in realloc () from /lib/tls/libc.so.6 #7 0x05a774e9 in CRYPTO_get_new_dynlockid () from /lib/libcrypto.so.4 #8 0x05a77b6a in CRYPTO_realloc () from /lib/libcrypto.so.4 #9 0x05abe770 in lh_insert () from /lib/libcrypto.so.4 #10 0x05ac2135 in OBJ_NAME_add () from /lib/libcrypto.so.4 #11 0x05ac9788 in OpenSSL_add_all_ciphers () from /lib/libcrypto.so.4 #12 address of my code... Thanks, -KP -- Thanks, -KP -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: the decrypted data is truncated.
lauding wrote: Hi: My system is centos 5.0, the openssl version is openssl-0.9.8b-8.3.el5_0.2. which is installed by yum mod_ssl. [snip] AES_cbc_encrypt(szSorPlainText, szCipherText, iInputLen, key, szIniVec, AES_ENCRYPT); iCipherLen = strlen(szCipherText); Your problem lies in treating binary data as a C-string. Binary data can have 0s in between, so don't use str*() friends on it. Please consider using EVP_Encrypt*() functions; for documentation read the EVP_EncryptInit() man page and the example given in it. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssL error:
Arp22 wrote: hi i am getting the following error when i run the command: gcc -o client client.o -lcrypto -lssl In function 'main': undefined reference to 'init_OpenSSL' undefined reference to 'handle_error' --- what shud i do? please help! I hope the fact that these are not Openssl functions should clear things up for you. So, basically find the code for those two missing functions and add it to your build. (Or you could remove references to the two functions; your action should depend on your code) -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Interface selection BIO_do_connect
[EMAIL PROTECTED] wrote: With openSSL, what is the usual way to select a network interface on a multihomed device? I know that with a regular socket I could use ioctl SIOCSIFNAME. But I don't see a way to do that for a client SSL connection. BIO* conn = BIO_new_connect(addr); BIO_do_connect(conn); // == socket gets created connected; // interface selection is not under program control ssl = SSL_new(ctx); SSL_set_bio(ssl, conn, conn); err = SSL_connect(ssl); I hope I don't have to write my own BIO. Any ideas? Why don't you use the regular socket creation method (using ioctl) that you have combined with BIO_new_socket()? Of course then you'd have do the connection part manually; but you don't have write a new BIO! -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Ask for help on the TLS connections
Jurko Gospodnetić wrote: Hi all. I met one quesion on the usage of TLS connection. After the SSL/TLS connection is establelished, If the GPRS connection or TCP/IP connection is disconnected and connected again, is it possble to keep the TLS session as before if the appliation use openssl? When a connection is established, a 48 bytes password will be used as the data exchanged. If the session is kept and loaded again, maybe it could. Anyone have any example-code/demo/proof-of-concept for this? Security analysis? I know how I could wrap SSL functionality to achieve similar effects (but actually establishing a new TCP/SSL connection internally) but this suggestion just made me curious... :-) Best regards, Jurko Gospodnetić Well I guess he meant 'Session Resumption' which is a standard SSL feature. Example: use s_client with -reconnect. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL connections in persistent TCP connection.
Prabhu S wrote: On 2/20/08, *David Schwartz* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: But, the application code tries to clear out/shutdown existing SSL session with orderly bi-directional alerts. Once shutdown it creates a new SSL object 'ssl' [ssl = SSL_new (ctx)] for the next session in persistent connection.. This is nearly impossible to do. It's possible that you did it correctly, but very unlikely. The basic problem is this -- when you call 'read' to get the last message of the first session, how do you make sure you also don't get all or part of the first message of the second session? I do not think it is very difficult. The application initiates SSL sessions sequentially in a established socket connection.One cycle of SSL_connect - DataExchange-SSL_shutdown is followed by another cycle of SSL_connect - DataExchange-SSL_shutdown. As such there shouldn't be issue of session mix up.At least that is what is observed with say 400-500 clients connecting to server simultaneously. Isn't it possible you got lucky under just the 'right' conditions? Can you guarantee it will always work? When the app simulates limited clients , say, 100, each client makes hundreds of unique SSL sessions successfully in persistent connection. It is under stress of ~800 clients , that I run into issues. Also, the bi-directional alerts do not happen always under high stress..could this be the reason? a possible session data mix up? Either your code properly separates the sessions or it doesn't. My bet is that it doesn't because this is very hard to do right. Yes. I believe so..I am able to establish hundreds of cycles of new sessions in persistent connection. The trouble is under high stress sessions fail as indicated by ethereal trace.Sometimes server complains of Bad_MAC error on receiving Finished message from client. Why do you do things this way? It's just plain wrong. Either layer on top of SSL or don't, but splitting the difference and sort of layering between SSL and TCP is just plain crazy. Multiple sessions are tried in a single TCP connect to reduce the overhead of TCP handshake and termination if the client wishes to do multiple 'new' SSL connects to server. Have you quantified this overhead? What percentage of session establishment is TCP handshake overhead? Thanks, Prabhu. S Good luck! -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL connections in persistent TCP connection.
Prabhu S wrote: Hi Jimmy, I think some details of my system would explain better. When the client connects to the server, the server opens another connection to a host server. The data that is sent by client is passed on to the host servers. The host servers responds to client requests via server. The connection b/w server and host is plain TCP. From what I've seen of SSL, the cryptographic negotiation of SSL takes much longer than any TCP handshake over a sane network. Unless you're doing session resumption in which case it would drastically come down (but still be a bit more than TCP?). If you've really measured TCP connection establishment dominating SSL negotiation, ...then I need to look at my numbers again :) (What you've described here sounds roughly like port-forwarding in SSH.) Now there is a config in server, which determines when should server open connection to host server. It can do so as soon as TCP handshakes completes with the client or when SSL handshake is complete with server. In the latter case , there are no issues what so ever in persistent connection. All SSL handshakes are successful. In the former case I run in to issues I have mentioned. [ a valid question is, how can server config change affect client?] But why should client abruptly send FIN and RSTs and in correct finish messages? So successful SSL handshakes in persistent connection should be possible 'every time'. I do not think it can happen by accident. The over head becomes significant under stress test of server when we consider that the server is capable of taking in 500 session/sec and each session should not last more that 3 sec. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSLv23_server_method and SSL_pending
[EMAIL PROTECTED] wrote: Hi, I am using openssl-0.9.8. I have a non-blocking multi-threaded application running as a proxy and I am using BIO pairs and a filter (SSL)BIO for doing the SSL part ( similar to ssltest.c ). Since I want to be able to allow both sslv3 and tlsv1, I am passing SSLv23_server_method to SSL_CTX_new. In my application, I am calling BIO_ctrl_pending on the SSL BIO and this in turn calls the ssl_pending function pointer and this pointer is initialized to ssl_undefined_const_function for SSLv23_server_method. The result is that an error gets generated in the current thread's error queue, in spite of BIO_ctrl_pending returning the correct value and my BIO_read fails at a later ( random ) time due to the above error. I have set both the static and dynamic locking callbacks using CRYPTO_set_locking_callback and CRYPTO_set_dynlock_lock_callback. I wanted to know why is ssl_pending initialized to ssl_undefined_const_function for SSLv23_server_method? but it is defined correctly for SSLv3_server_method and TLSv1_server_method? I believe that ssl23 doesn't do the SSL stuff completely, just enough to read the Client Hello message and figure out which protocol is being talked, then it switches over to the appropriate Protocol_server_method(). From your error it seems that phase is still not over. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Error while execution of ERR_print_errors_fp()
Parag Jhavery wrote:
Hi Group,
I am trying to create a SSL server with the following code.
I am using the function ERR_print_errors_fp to get the last error in case
of any failure. I want to divert the output to standard output stdout.
For e.g.
if(!SSL_CTX_use_PrivateKey_file(ctx, privatee.key, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
I am using the OpenSSL 0.9.8g available from
http://www.shininglightpro.com/download/Win32OpenSSL-0_9_8g.exe
This is a Visual studio 6.0 project and I have included the following
libraries in the Project Setting - Link - Object\Library module.
1. libeay32MD.lib
2. libeay32MDd.lib
3. libeay32MT.lib
4. libeay32MTd.lib
5. ssleay32MD.lib
6. ssleay32MDd.lib
7. ssleay32MT.lib
8. ssleay32MTd.lib
The compilation and linking process is done without any error.
But while exection the application exits/crashes when execution
ERR_print_errors_fp(stdout).
Any idea what I am doing wrong?
Thanks,
Parag Jhavery
Parag,
You have to choose one of the library versions depending on what kind of
application you're building - {Static, Dynamic} {Single Threaded,
Multi-threaded} {Debug, Non-debug}.
Using the wrong library can cause problems, either link errors or
runtime problems. While your crash may or may not be due to this, it is
better to try again with proper build settings.
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: possible SSL_write bug
Alessandro Pivi - GLOBALcom engineering wrote: You are right, it is just a signal I should ignore. Now it works perfectly. Maybe the fact that the SSL_write might rise a SIGPIPE should be in the documentation, because it happens only in particular situations (2 writes in a row with connection closed remotely), and it might cause occasional crashes of an application, which are harder to solve. Thanks for your help. I guess it's implicit in the sense that /if/ the underlying BIO uses a socket then the scenario you described (writing into a broken connection) can generate a SIGPIPE. I wouldn't call it SSL_write()'s property. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem in porting open ssl library
Ajeet kumar.S wrote: Hi all; I want to port open ssl on VDK(VDSP compiler, BF533 Processor).For that purpose I down load Open ssl from openssl.org (openssl-0.9.8g). Actually above project having so man folder like crypto, apps, cert, engine, demo, etc. Let me know which folder I will port in VDK(RTOS) for secure connection. Please reply me. Thnx. Regards; Ajeet Kumar Singh I dunno about porting folders, but you might want to take a look at the files e_os.h and e_os2.h. It's very difficult to make out what you want from your mail. I would advise you to look at the documentation in Openssl (or those on the net) first. -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Compiling in VisualC++
shrinivas balulad wrote: Hi I have dowloaded Openssl 9.8g. I want compile the code in Microsoft VisualC++ (VC6 or VS2005). I am not able to find the project workspace in the downloaded files. Please help me how to get it and also steps to follow in compiling. Can we get ssleay32.lib and libeay32.lib directly without compiling. I need these dlls to use CPJNSMTPConnection project. Please help me. Thanks in advance. Regards, shrinivas Have you tried reading the file named INSTALL.W32? -jb -- Don't have a sig to call my own; care to donate a fortune? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding openssl function ssl3_handshake_mac
Suchindra Chandrahas wrote:
Hi All,
Just went through this in openssl source in s3_enc.c:
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
[snip]..
This seems to be the function for generating the final md5 and sha
hashes for client_finished messages. However, i am not able to find the
handshake messages in the above EVP_DigestUpdates. But in RFC, the
handshake messages are needed it says. Am i missing something here, or
is this fine for an MD5 or SHA hash to be sent in client_finished
message? Please let me know if i am wrong!!!
Thanks and Regards,
Suchindra Chandrahas
The partial hashes of handshake messages are accumulated during the
handshake. You may want to take a look at ssl3_finish_mac() and where it
is called.
-jb
--
Don't have a sig to call my own; care to donate a fortune?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Regarding construction of MasterSecret in ssl v3 handshake
Suchindra Chandrahas wrote: Hi All, I am trying to write an SSL v3 handshake without using openssl libraries. I have some problem with creation of MasterSecret in SSL v3. Here is the code snippet of hardcoded client that i am experimenting with: client_random is 28 bytes of 0x66 as of now My Server Random is stored in ssl-server_random[28] array (excluding gmt 4 bytes) My Client Random is stored in ssl-client_random[28] array (excluding gmt 4 bytes) Note: I am guessing that client random and server random are 28 bytes long. I am excluding the 4 bytes of gmt time spec from the random for calculating the Master Secret Why are you excluding the 4 bytes of time stamp? The client_random is part of prf calculation which means client_random is 32 bytes, and that implies time-stamp is part of PRF calculation. Is something wrong with the MasterSecret calculation algorithm? Can i use a generic OpenSSL v3 PRF function to calculate the same, without defining the other parameters of ssl connection structure (because i am only required to calculate the MasterSecret)? You can use the PRF function code from openssl, tls1_PRF doesn't require any connection parameters as input. Thanks and Regards, Suchindra Chandrahas -jb -- Don't have a sig to call my own; care to donate a fortune? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding construction of MasterSecret in ssl v3 handshake
Suchindra Chandrahas wrote: Hi Jimmy, Yes i changed the no. of bytes to 32 (both client and server random). Also, is it ok to use openssl tls1_prf for ssl v3 handshake? if you only want to do the prf calculation tls1_PRF() does just that for you. It does the PRF as specified in rfc-2246, if that is what you have in mind tls1_PRF() should work. -jb -- Don't have a sig to call my own; care to donate a fortune? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding construction of MasterSecret in ssl v3 handshake
Suchindra Chandrahas wrote:
Hi Jimmy,
RFC-2246 is for TLS v1. However, i am going for SSL
v3. I don't know whether there is any function for the same. I went
through ssl3_enc.c in openssl code:
ssl3_generate_master_secret() is the equivalent one for ssl3. Although
it takes some of the needed parameters from the SSL structure passed to
it; so you can't use it the same way as tls1_PRF(). But you could use
the code as reference for your PRF code.
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned
char *p,
int len)
{
static const unsigned char *salt[3]={
#ifndef CHARSET_EBCDIC
(const unsigned char *)A,
(const unsigned char *)BB,
(const unsigned char *)CCC,
#else
(const unsigned char *)\x41,
(const unsigned char *)\x42\x42,
(const unsigned char *)\x43\x43\x43,
#endif
};
unsigned char buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
int i,ret=0;
unsigned int n;
EVP_MD_CTX_init(ctx);
for (i=0; i3; i++)
{
EVP_DigestInit_ex(ctx,s-ctx-sha1, NULL);
EVP_DigestUpdate(ctx,salt[i],strlen((const char
*)salt[i]));
EVP_DigestUpdate(ctx,p,len);
EVP_DigestUpdate(ctx,(s-s3-client_random[0]),
SSL3_RANDOM_SIZE);
EVP_DigestUpdate(ctx,(s-s3-server_random[0]),
SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(ctx,buf,n);
EVP_DigestInit_ex(ctx,s-ctx-md5, NULL);
EVP_DigestUpdate(ctx,p,len);
EVP_DigestUpdate(ctx,buf,n);
EVP_DigestFinal_ex(ctx,out,n);
out+=n;
ret+=n;
}
EVP_MD_CTX_cleanup(ctx);
return(ret);
}
I guess *p above is pointer to premaster secret. I am doing the same
thing here, only that EVP_Digest_Update is replaced
MD5_Update/SHA_Update. I am not still sure whether my algorithm is
correct or not!
you can call the specific _Update functions; provided you don't forget
to also call the corresponding _Init function.
-jb
--
Don't have a sig to call my own; care to donate a fortune?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: last function in ssl connection
Koza wrote: Hi, I would like my web server inform me when the connection with the client is lost (for example using (f)printf). But unfortunately I cannot find the last function called in ssl transaction between client-server. I tried SSL_shutdown and BIO_free but these don't work. Can you please help me? Thank you in advance! Best regards, Koza If you mean you want to detect closures due to alerts from peer then the cleanest way would be thorugh the 'info_callback'. Try looking at SSL_CTX_set_info_callback(). If it's socket closures, then your app code could do the logging. -jb -- Armor's Axiom: Virtue is the failure to achieve vice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: compiling openssl only with passwd application
Ranjeet Kumar wrote: Hi, I need openssl only with passwd application. Could you please help me in compiling for this purpose. Because, I don't dependencies. Thanks, Ranjeet Unless you're clearer about what you want to achieve it's unlikely that reposting will get you any useful replies. -jb -- Armor's Axiom: Virtue is the failure to achieve vice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Memory usage
David Schwartz wrote: I have an application using openSSL version 0.9.7d. I am able to create 20,000 TLS connections, but my heap size is at 1.5GB. It looks like it is the SSL context. Is there anyway to reduce the memory fotprint? I'm not 100% sure I understand your question. But if I understand it correctly, the obvious answer is: use the same SSL context for all 20,000 connections. DS or in case the application is a server, try flushing sessions to get rid of timed out ones from the cache. -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have checked for proper library files usage during the signature verification. Even we have compared the file size of the library used in working and non- working machine and found both are exactly same. Even the checksum matches for the files. In Solaris 5.7 also it works fine. The problem is in only one Solaris 5.8 box. i'm assuming the scenario is: build libs, application on 5.7, test it = works fine. build libs, application on 5.8, test it = works fine except one machine. signature, key is same in all cases. 1) What all shared system library files we need to check which could be the possible reason for getting this error? 2) What are the machine configuration we need to check if that would cause the failure? what I meant was, if your building the application on one particular 5.8 machine and then using it to run on other 5.8s, it could /possibly/ happen that one of the test machines may not have the proper library at the path that you're expecting. If you've already checked all of these, then it shouldn't be a problem. 3) Is there any specific OS patch that could create an problem? If yes, please let me know. Well, wrt to OS patches I assume you're keeping all your machines at the same patch level whatever it maybe. Thanks in advance, Regards Ashith If all of these lead you no where, I'm out of clues. You could probably try debug with the hints provided by Marek earlier. -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have complied the code in an Solaris 5.7 machine. We have the same set of binaries working fine in all the Solaris 5.8 machines. I am getting the error ONLY in ONE Solaris 5.8 machine. i believe your saying that the same application code, same set of openssl libraries AND the same signature works on all but one Solaris 5.8. Have you checked that the proper library is picked up on this machine (or if shared libs are used, the proper library is loaded). Could possibly be a machine config issue if all the above hold true.. (I haven't got 5.7 thing. Is it that you have also checked the code on a 5.7 found it to be working properly?) Does anyone have a separate test program where we can test only the signature verification? Regards Ashith -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL handshake problem.
Sukanta Panigrahi wrote: I have a basic question here: Is it mandatory to have the server configured with ciphers/certificates for SSL handshake? Thanks / Sukant well, ciphers - yes. If you don't do it, openssl gives you a default cipher list. certificates - not all the time. If you're using a ADH cipher, certificates are not needed, but then most of the time you need identity verification which means you need to use certs. -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl backward compatibility
Kaushalye Kapuruge wrote: jimmy bahuleyan wrote: Kaushalye Kapuruge wrote: Hi Listers, I'm having a problem shipping my (xml security)library, which is based on openssl crypto implementation. I have statically linked it with the ssl and crypto libraries (-lssl -lcrypto). Are you sure you have statically linked in the Openssl libraries? If it was, then I don't think you'd get link errors for these symbols. I also believe all versions of 0.9.x to be binary compatible for the same 'x'. Correction: It's not statically linked. :) My bad But why I'm getting this error even if its dynamically linked, on another machine with 0.9.8c? What's the meaning of 0.9.8e in OpenSSL 0.9.8c 05 Sep 2006 (Library: OpenSSL 0.9.8e 23 Feb 2007) when I issue %openssl version Well, if I understand things correctly here, that means your executable was built with 0.9.8c while the shared object available on the system is 0.9.8e. ($/openssl/apps/version.c). What possible actions I can take to ship my library so that it'll work on any 0.9.8x (rather than linking statically) ? Thanks for the reply. :) Cheers, Kau As far as my knowledge goes if your build didn't do anything esoteric, then 0.9.8x libraries are binary compatible. Check if your executable has the proper dependencies and the openssl library installed is proper. Or maybe someone else can throw some light on this problem ;) -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl backward compatibility
Kaushalye Kapuruge wrote: Hi Listers, I'm having a problem shipping my (xml security)library, which is based on openssl crypto implementation. I have statically linked it with the ssl and crypto libraries (-lssl -lcrypto). Are you sure you have statically linked in the Openssl libraries? If it was, then I don't think you'd get link errors for these symbols. I also believe all versions of 0.9.x to be binary compatible for the same 'x'. And my openssl version is OpenSSL 0.9.8c 05 Sep 2006 (Library: OpenSSL 0.9.8e 23 Feb 2007) When I compile and create binaries in my machine it simply won't work with another machine with the same openssl version 0.9.8.c. But in that machine I don't get the library version as 0.9.8e. And gives this error libomopenssl.so.0: symbol EVP_CIPHER_CTX_key_length, version OPENSSL_0.9.8 not defined in file libcrypto.so.0.9.8 with link time reference When I list symbols in my library as %nm libomopenssl.so | grep EVP_CIPHER_CTX I get U EVP_CIPHER_CTX_block_size@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_cleanup@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_init@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_iv_length@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_key_length@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_set_padding@@OPENSSL_0.9.8 But in the other machine I get U EVP_CIPHER_CTX_block_size U EVP_CIPHER_CTX_cleanup@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_init@@OPENSSL_0.9.8 U EVP_CIPHER_CTX_iv_length U EVP_CIPHER_CTX_key_length U EVP_CIPHER_CTX_set_padding@@OPENSSL_0.9.8 Note that these symbols are different for EVP_CIPHER_CTX_key_length So, my question is, How do I make my library work with another machine with the same openssl version? What instructions I have to give? Should I ask them to use 0.9.8e? How's the backward compatibility of openssl? Cheers, Kaushalye -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: compiler ssl application
Khanh Nguyen wrote: I open*.h files in /usr/local/openssl/include, but the error message is Couldn't display /usr/local/openssl/include/openssl/ssl.h . Do I install openssl correctly? Do these files exist there? Are you sure that they were indeed copied to that path? Check for read permissions? I downloaded the openssl-0.9.8e and then, I installed as follow: $ ./config $ make $ make test $ make install -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: connection termiated (LINUX)
Milan Křápek wrote: Well I tryed to do recogniting of abort connection by select. But it does not help. I try to wait on the third set of select function that may contains the filedescriptors that determines sockets on which is reported some error. But it does not work too. It looks like the socket is ok. Why I thing when I disrupt the conection the certain socket must throw any error. Or am I totaly disinformated? How about waiting on the first set of the select() function and watching the error/return code of recv()? -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: connection termiated (LINUX)
Milan Křápek wrote: Hi, I have problem. I am creating client application that send to server some data via TCP or TLS protocol. For both the TCP and TLS I use the openssl library. I am using unblocking BIO. And I have this problem with recognizing if connection is aborted. I am trying to read from bio each 5 seconds to recognize if the connection is aborted. I try this example. I started my application and connected to the server. Than I sent some data each way. While I was sending I pull out the network cable. The expected result was that my application recognizes that connction was interrupted and throws a connection error event. My way to do this was, that after each sending or reading that return some error value I called BIO_should_retry and if this method returned false I take it as conection error. But under linux when I pull out the network cable. Reading or writing returns error code as I was expecting but when I call BIO_should_retry it says me that I should retry. Is there any other way to recognize if the connection is interrupted? Have anybody had the same problem as me? The proper way to detect events on a non-blocking fd would be to do a select() / poll() on it. It's seems that you;re not doing that. In case you pull out the cable (disrupt connection in some way) during a SSL read/write, it's quite possible that SSL gets a -1 from the syscall and records the fact that it was in mid-read (hence should_retry). I think it's plainly up to the application code to handle system level errors. -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: leaking ?
kris vandercapellen wrote: Well, not like I'm doing it now anyway : Initthread - array of connections - push thread - array of connections - cleanup thread I guess I must be missing something :) I think the best bet would be to valgrind with some minimal connections and identify the source of the leak. Then someone here would be able to help you out. OR You could post the code so that people could look for obvious mistakes. Option 1 seems better to me ;) -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: leaking ?
kris vandercapellen wrote:
Hi,
I have been working on a httpsd for the past week.
It does the following :
StartupThreads are getting a incomming connection, create a
SSL_new(ctx), create a BIO_new(BIO_s_socket()), BIO_set_fd, and
SSL_set_bio. Then they SSL_accept(ssl), and SSL_read what is comming
in.
So far so good.
When the input is something this httpsd should react to, i put a
user class in an array, with bio, ssl and socket as class variables.
To pass them on to a worker thread, which loops over this array and
SSL_writes to the ssl. (once every second)
When SSL_write 1, the socket gets closed and gets set to -1 and the
destructor for that user gets called by cleanup thread.
This is what is in there :
if(bio) BIO_ssl_shutdown(bio);
if(ssl){
ERR_clear_error(); //added and removed these, no difference
ERR_remove_state(0); //idem
SSL_shutdown(ssl);
SSL_free(ssl);
}
you're freeing SSL objects. Since you're running a server would an
occasional call to SSL_CTX_flush_sessions() work help?
tried valgrind-ing or something similar?
So what is the problem here : It works fine, it just leaves a lot of
used memory behind (memory leak ?)
-jb
--
No snowflake in an avalanche ever feels responsible.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Regarding OpenSSL communication
Suchindra Chandrahas wrote: Thanks a lot Marek! I was making mistake at: 16 - SSL3/TLS1 handshake packet (was not including this) Now i understood the whole process completely, thanks to your guidance!. If there is any document or any such thing that has such details, it would be great if you could forward it to me. I'm not sure how you missed the document RFC 2246, oh well.. You could also read the fine book by Eric Rescorla - SSL and TLS: Designing and Building Secure Systems. -jb -- Baruch's Observation: If all you have is a hammer, everything looks like a nail. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem handling unexpected SSL shutdown
Shaw Graham George wrote: Hi, We have an application that provides HTTPS, either as client or server, for our customers. At the moment I am doing some testing between our client and our server, as a result of a problem with one of our customers, and there is a particular sequence of events, that involves an unexpected SSL shutdown, that is giving an unexpected behaviour (at least to me). The sequence of events goes like this: 1. The SSL handshake proceeds as normal. 2. The client puts an HTTP request 3. The server gets the HTTP request 4. The client then executes an (unexpected) SSL shutdown Is this only a SSL_shutdown() or is SSL_shutdown() followed by a socket close by the client? Well if you had been listening for a read, both the SSL_shutdown and the socket close are capable of generating read events in select() If it was only a SSL_shutdown, i suppose you should be getting SSL_ERROR_ZERO_RETURN. In the other case SSL_ERROR_SYSCALL with errno=EPIPE seems possible. 5. The server puts the HTTP response Here I might expect the put to fail, but all appears normal. 6. As an HTTP Keep-Alive request has been made, the server enters a wait for the next read event. 7. The read event occurs (presumably due to the SSL shutdown), and now the get fails. SSL_get_error() returns SSL_ERROR_SYSCALL (I would expect Did you check errno here? SSL_ERROR_ZERO_RETURN for an SSL shutdown). ERR_get_error() returns 0. (SSL_get_shutdown() SSL_RECEIVED_SHUTDOWN) returns 0. Is this the expected behaviour? What I am looking for is a way of identifying the shutdown at the server, so that I can close the connection softly. The version is 0.9.8e. All sockets are non-blocking. The test platform is Windows - but our application runs on many platforms, I can test on those as well if required. Thanks in advance, G. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem handling unexpected SSL shutdown
jimmy bahuleyan wrote: Shaw Graham George wrote: Hi, We have an application that provides HTTPS, either as client or server, for our customers. At the moment I am doing some testing between our client and our server, as a result of a problem with one of our customers, and there is a particular sequence of events, that involves an unexpected SSL shutdown, that is giving an unexpected behaviour (at least to me). The sequence of events goes like this: 1. The SSL handshake proceeds as normal. 2. The client puts an HTTP request 3. The server gets the HTTP request 4. The client then executes an (unexpected) SSL shutdown Is this only a SSL_shutdown() or is SSL_shutdown() followed by a socket close by the client? Well if you had been listening for a read, both the SSL_shutdown and the socket close are capable of generating read events in select() If it was only a SSL_shutdown, i suppose you should be getting SSL_ERROR_ZERO_RETURN. In the other case SSL_ERROR_SYSCALL with errno=EPIPE seems possible. 5. The server puts the HTTP response Here I might expect the put to fail, but all appears normal. 6. As an HTTP Keep-Alive request has been made, the server enters a wait for the next read event. 7. The read event occurs (presumably due to the SSL shutdown), and now the get fails. SSL_get_error() returns SSL_ERROR_SYSCALL (I would expect Did you check errno here? i mean WSAGetLastError() or whatever. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to create an open-ssl executable file?
Ines Alvarez wrote: Hi all, I searched in the site and I couldn´t find an executable of the files, they are all source code Is there any website where I can download this executable file, or a tutorial telling the instructions to compile the code? download source code read the files INSTALL, README. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
Patrick Parsons wrote: Hello, I have noticed when generating rsa keys that the first 10 digits or so are identical or nearly identical. Is this normal or is something wrong? Does this issue occur for anyone else? could you post the bytes that you're referring to. (my guess is that it's the ASN.1 stuff again) -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What my SSL_CTX_get_timeout() does not work?
Hi, Ian jonhson wrote: Hi, I wrote a function to fetch the lifetime (expire time) of a certificate. But it seems not to work right. I think you've misunderstood what SSL_CTX_get_timeout() does. This timeout is the SSL session timeout which lets you decide how long an SSL session can stay in cache before it becomes non-resumable. The openssl manual pages have sufficient info. [snip..] $ ./my_test_code Session ID timeout value = 7200 what is the meaning of 7200? I have set the expire time of certificate 12 hours, but 7200 is not the right time if it is calculated by seconds. 7200 secs = 2 hrs, which is the default timeout from ssl/s3_lib.c: ssl3_default_timeout() You can override it though. And it hasn't got anything to do with ur certificates. What is wrong in my codes? Could anybody give me some advices? nothing in fact is wrong with ur code in a sense, it is printing the timeout value of the session :) -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What my SSL_CTX_get_timeout() does not work?
Ian jonhson wrote: Thank you for your answering. I think you've misunderstood what SSL_CTX_get_timeout() does. This timeout is the SSL session timeout which lets you decide how long an SSL session can stay in cache before it becomes non-resumable. The openssl manual pages have sufficient info. According to your words, then which function should I take to get or set the expire time of exist certificate? X509_gmtime_adj() ? Is X509_get_notAfter() what you're looking for? In practice you cannot change the expiry date of an existing certificate because the certificate is signed by a CA at the time of issuing (when the date is decided). -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Multiples read with ssl
Lidia Fernández wrote: Hello all! I'm working with xsupplicant (Open1x) and i have a problem with SSL. By default, xsupplicant waits a message with 1.000 bytes, but i have modificated this because i need a messages with 10.000 bytes or more. Before: rc=SSL_read(mytls_vars-ssl, out_data,1000); and now, i want to do a loop like... while (rc 0) rc=SSL_read(mytls_vars-ssl, out_data,1000); but this gives a error WANT_TO_READ or WANT_TO_WRITE, i don't know why. SSL_ERROR_WANT_READ means that more socket data was needed by the SSL protocol. This is not a fatal error, just means that you have to redo the SSL_read() when data becomes available. IIRC, there was long thread on this list, not long ago, about using SSL_read/write for partial read/write etc. Do You can't do multiples read with ssl?? Yes, you definitely can. But handle cases like the above correctly. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i2d_DSAPublicKey
Hi, Edward Chan wrote: When I call this function, I can see from the generated binary data that the format is the public key, followed by the P param, followed by 3 bytes which I don't know what they are, followed by the Q param, followed by the G param. You have got an ASN.1 DER encoding which is Tag || Length || Value Since P, Q, G are integers they'll encoded with the tag of an integer (0x2 i think), followed by a length and then the value bytes. I haven't tried generating more than one DSA pub/priv key pair yet using these params so I don't know if these 3 bytes are the same all the time, but does someone know off hand what those bytes are? If you can tell what those bytes are which are confusing you maybe someone can confirm that you are indeed seeing the ASN.1 tag|length. Is there some standard encoding for how a public key and private key are stored? i.e. do the params always come after the pub/priv key, or before? And do they always appear in the order of P,Q,G? Yes, it is a standard. Please refer to RFC 3279 for DSSParms. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
