OpenSSL 0.9.4 and preferable seed solution?
I have got openssl 0.9.4 and Net::SSleay 1,05 working on a NT 4. It seem to be a problem with the RANDFILE and the prefered way to go is to implement the egd, (if the openssl 0.9.5 is installed) ... so egd itself is implemented in 0,9,5 so I could change version but if i would like to save this configuration with 0.9.4, how would i do this...? I´ve heard rumors about implementing a catalog like 'dev/urandom' or dev/random'. There is also a file involved in this named '.rnd'. Now these paths and names will be different in Win/NT system: path to 'dev/urandom' will be C:\dev\urandom and the filename '.rnd' is illegal in win/NT som the name will have to change to 'rnd'. In this way the "default" seed system should work for 0.9.4. Please share with your experiences in how to fix the "default" seed system. Thanks everybody for all help this far... Regards, Christian Otrel [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unable to load 'random state' when running CA.pl
When I try to create a new CA a get the following error: root@riemann:/opt-/usr/local/lib/openssl-0.9/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Using configuration from /etc/openssl/openssl.cnf unable to load 'random state' This means that the random number generator has not been seeded with much random data. Generating a 1024 bit RSA private key 25842:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538: 25842:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: root@riemann:/opt- OS is AIX 4.3.3. Any help would be very much appreciated!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Digital Signature Implementation
Oops, I forgot to send the attachments. #include "firma.hh" #include openssl/rand.h #include openssl/rsa.h #include openssl/evp.h #include openssl/blowfish.h #include iostream #include cstdio const int KEY_SIZE = 1024; Bytes_sha Sha1 (string contr); Bytes_sha Blow (Bytes_sha data, Bytes_sha key); void Firma::Generar (string contr, Bytes_sha pub, Bytes_sha priv) { RSA *rsa; RAND_load_file ("/dev/urandom", 2048); unsigned char buf[KEY_SIZE * 10]; unsigned char* iter; int key_len; rsa = RSA_generate_key (KEY_SIZE, RSA_F4, 0, 0); // Generacion de claves // Extraccion de clave publica pub.reset (new Bytes); iter = buf; key_len = i2d_RSAPublicKey (rsa, iter); for (int i = 0; i key_len; i++) pub-push_back (buf[i]); // Extraccion de clave privada y encripcion con blowfish iter = buf; key_len = i2d_RSAPrivateKey (rsa, iter); Bytes_sha tmp (new Bytes); for (int i = 0; i key_len; i++) tmp-push_back (buf[i]); Bytes_sha key = Sha1 (contr); priv = Blow (tmp, key); RSA_free(rsa); } Bytes_sha Firma::Firmar (string texto, const Bytes_sha priv, string contr) { Bytes_sha retr (new Bytes (priv-size())); Bytes_sha key = Sha1 (contr); Bytes_sha priv_un = Blow (priv, key); // Contr. priv. sin encriptar Bytes_sha cipher = Sha1 (texto);// Hash del texto unsigned char* tmp = priv_un-begin(); RSA* rsa = d2i_RSAPrivateKey (0, tmp, priv_un-size()); int ret_len = RSA_private_encrypt (cipher-size(), cipher-begin(), retr-begin(), rsa, RSA_PKCS1_PADDING); retr-resize (ret_len); return retr; } bool Firma::Chequear (string texto, const Bytes_sha firma, const Bytes_sha pub) { Bytes_sha cipher = Sha1 (texto);// Hash del texto unsigned char* tmp = pub-begin(); RSA* rsa = d2i_RSAPublicKey (0, tmp, pub-size()); Bytes res (cipher-size()); RSA_public_decrypt (firma-size(), firma-begin(), res.begin(), rsa, RSA_PKCS1_PADDING); if (*cipher == res) return true; return false; } void Dump (unsigned char* data, unsigned size, string id) { cout id " " size ":\t"; for (unsigned i = 0; i size /* i 40*/; i++) printf ("%02x", data[i]); cout endl; } // *** AUXILIARES *** // Bytes_sha Sha1 (string contr) { EVP_MD* evp = EVP_sha1(); EVP_MD_CTX* ctx = new EVP_MD_CTX; unsigned char hash[EVP_MAX_MD_SIZE]; unsigned hash_size; EVP_DigestInit (ctx, evp); EVP_DigestUpdate (ctx, contr.c_str(), contr.size()); EVP_DigestFinal (ctx, hash, hash_size); Bytes_sha retr (new Bytes); for (unsigned i = 0; i hash_size; i++) retr-push_back (hash[i]); return retr; } Bytes_sha Blow (Bytes_sha data, Bytes_sha key) { Bytes_sha retr (new Bytes); BF_KEY* bf_key = new BF_KEY; BF_set_key (bf_key, key-size(), key-begin()); retr-resize (data-size(), 0); Bytes ivec (8); // 8 Bytes con 0 int num = 0; BF_ofb64_encrypt (data-begin(), retr-begin(), data-size(), bf_key, ivec.begin(), num); return retr; } #if 0 // Obtenido de $ACE_ROOT/ace/SSL/SSL_Context.* ::CRYPTO_set_locking_callback (ACE_SSL_locking_callback); ACE_SSL_locking_callback (int mode, int type, const char*, int) { if (mode CRYPTO_LOCK) ACE_OS::mutex_lock ((ACE_SSL_Context::lock_[type])); else ACE_OS::mutex_unlock ((ACE_SSL_Context::lock_[type])); } #endif #ifndef Firma_hh #define Firma_hh #include string #include vector #include boost/smart_ptr.hpp typedef vectorunsigned charBytes; typedef boost::shared_ptrBytes Bytes_sha; namespace Firma { void Generar (string contr, Bytes_sha pub, Bytes_sha priv); Bytes_sha Firmar (string texto, const Bytes_sha priv, string contr); bool Chequear (string texto, const Bytes_sha firma, const Bytes_sha pub); }; void Dump (unsigned char* data, unsigned size, string id); #endif // Firma_hh #include "firma.hh" #include ctime int main (int argc, char** argv) { Bytes_sha pub, priv, firma; string contr = "El padre angulo"; string texto = "Prueba de texto que se va a firmar."; Firma::Generar (contr, pub, priv); Dump (pub-begin(), pub-size(), "pub: "); cout endl; Dump (priv-begin(), priv-size(), "priv: "); firma = Firma::Firmar (texto, priv, contr); if (Firma::Chequear (texto, firma, pub)) cout "OK" endl; else cout "Falla" endl; cout endl; cout endl; }
Re: put me out of my misery please
On Wed, Nov 01, 2000 at 02:01:01PM -0500, Gregory Nicholls wrote: Umm no it doesn't. At least not on my system. I get an error while it's trying to execute a load_dh_param() function (at line 652 in s_server.c ... trying to fopen() a NULL file). That's why I put in the no_dhe. Hmm. First: it does work. I have tried it myself before posting :-) Having this said, if you don't specify any file with dh-parameters (and there is no server.pem=s_cert_file), s_server uses the compiled in default parameters, see line 660. Server-output= lutzpc 37: /usr/local/ssl/bin/openssl s_server -nocert -cipher ADH-RC4-MD5 Using default temp DH parameters ACCEPT -BEGIN SSL SESSION PARAMETERS- MHUCAQECAgMBBAIAGAQgo15AlCo4PyRACx1vmLt6AnPwazDMVz9RgEgcOzINL88E MMUt+h43t5I9hC5XlQFalJYvDF2KWUGcBx6EpUHNsAi5Dche7TuDx2btOdTOcw6X F6EGAgQ6AHUyogQCAgEspAYEBAE= -END SSL SESSION PARAMETERS- Shared ciphers:ADH-RC4-MD5 CIPHER is ADH-RC4-MD5 ERROR shutting down SSL CONNECTION CLOSED Client-output= lutzpc 29: openssl s_client -cipher ADH-RC4-MD5 CONNECTED(0003) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 275 bytes and written 164 bytes --- New, TLSv1/SSLv3, Cipher is ADH-RC4-MD5 SSL-Session: Protocol : TLSv1 Cipher: ADH-RC4-MD5 Session-ID: A35E40942A383F24400B1D6F98BB7A0273F06B30CC573F5180481C3B320D2FCF Session-ID-ctx: Master-Key: C52DFA1E37B7923D842E5795015A94962F0C5D8A59419C071E84A541CDB008B90DC85EED3B83C766ED39D4CE730E9717 Key-Arg : None Start Time: 973108530 Timeout : 300 (sec) Verify return code 0 (ok) --- Oh, I am talking about OpenSSL 0.9.6. To use ADH ciphers, the PRNG must be seeded. The examples I have just listed were from my Linux-box at home (has /dev/urandom). Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
AW: verify_callback - server verification
First of all thank you Lutz for your help. The result at depth 0 says, that the certificate at level 0 is consistently signed from its CA. The CA itself (at level 1) however failed verification for several reasons. The preverify_ok state only indicates whether the certificate at the actual depth passed or not. It does not say anything about other levels. As you have already seen, the overall result of the verification is CERT_UNTRUSTED, as at least one error occured. I see, the preverify_ok value at depth 0 is 1. That means the peer cert was passed. But the CA cert on level 1 wasn't passed because the preverify_ok value at this depth is 0. But what are the several reasons of the error at depth 0? Confusing for me is the fact, that X509_STOR_CTX_GET_CURRENT_CERT at depth 1 is returning a cert though then preverify_ok value at this depth is 0 (wasn't passed). How can I achieve the goal to proof without doubt that the server I'm connected with is the one I've expected? Maybe you can give me one more hint. Regards, Thomas Thomas Geller [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: put me out of my misery please
grumble must be NT's bloody runtime then. If I try to fopen a NULL filename it blows up. I changed s_server.c so that it only calls load_dh_param() if there's a real file. Guess what. Now it works .. . . Thanks, G. Lutz Jaenicke wrote: On Wed, Nov 01, 2000 at 02:01:01PM -0500, Gregory Nicholls wrote: Umm no it doesn't. At least not on my system. I get an error while it's trying to execute a load_dh_param() function (at line 652 in s_server.c ... trying to fopen() a NULL file). That's why I put in the no_dhe. Hmm. First: it does work. I have tried it myself before posting :-) Having this said, if you don't specify any file with dh-parameters (and there is no server.pem=s_cert_file), s_server uses the compiled in default parameters, see line 660. Server-output= lutzpc 37: /usr/local/ssl/bin/openssl s_server -nocert -cipher ADH-RC4-MD5 Using default temp DH parameters ACCEPT -BEGIN SSL SESSION PARAMETERS- MHUCAQECAgMBBAIAGAQgo15AlCo4PyRACx1vmLt6AnPwazDMVz9RgEgcOzINL88E MMUt+h43t5I9hC5XlQFalJYvDF2KWUGcBx6EpUHNsAi5Dche7TuDx2btOdTOcw6X F6EGAgQ6AHUyogQCAgEspAYEBAE= -END SSL SESSION PARAMETERS- Shared ciphers:ADH-RC4-MD5 CIPHER is ADH-RC4-MD5 ERROR shutting down SSL CONNECTION CLOSED Client-output= lutzpc 29: openssl s_client -cipher ADH-RC4-MD5 CONNECTED(0003) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 275 bytes and written 164 bytes --- New, TLSv1/SSLv3, Cipher is ADH-RC4-MD5 SSL-Session: Protocol : TLSv1 Cipher: ADH-RC4-MD5 Session-ID: A35E40942A383F24400B1D6F98BB7A0273F06B30CC573F5180481C3B320D2FCF Session-ID-ctx: Master-Key: C52DFA1E37B7923D842E5795015A94962F0C5D8A59419C071E84A541CDB008B90DC85EED3B83C766ED39D4CE730E9717 Key-Arg : None Start Time: 973108530 Timeout : 300 (sec) Verify return code 0 (ok) --- Oh, I am talking about OpenSSL 0.9.6. To use ADH ciphers, the PRNG must be seeded. The examples I have just listed were from my Linux-box at home (has /dev/urandom). Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
make error Command arguments too long (v9.0.6, Win32, Borland C++)
I cannot install v 9.0.6 on Windows, because make returns an error. The makefile bcb.mak contains a long CFLAG line which, which, with some more characters before and after, becomes 168 chars and exceeds the length limit, it seems In makefile: CFLAG=-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c - tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 - O2 -ff -fp as called during make process: bcc32 -otmp32\cryptlib.obj -Iinc32 -Itmp32 - DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM - DWINDOWS -DWIN32 -DDSO_WIN32 -O2 -ff -fp -c .\crypto\cryptlib.c Advice? Thanks In detail: [C:\Program Files\openssl-0.9.6] make -f bcb.mak MAKE Version 4.0 Copyright (c) 1987, 1996 Borland International Building OpenSSL mkdir tmp32 Directory already exists mkdir out32 Directory already exists mkdir inc32 Directory already exists mkdir inc32\openssl Directory already exists bcc32 -otmp32\cryptlib.obj -Iinc32 -Itmp32 - DWIN32_LEAN_AND_MEAN -q -w-a us -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 - DDSO_WIN32 -O2 -ff -fp -c .\cr ypto\cryptlib.c Fatal: Command arguments too long [C:\Program Files\openssl-0.9.6] --- JF Delannoy, Ph.D. Adjunct professor, University of Ottawa Information retrieval, computational linguistics www.site.uottawa.ca/~delannoy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: put me out of my misery please
On Wed, Nov 01, 2000 at 03:58:29PM -0500, Gregory Nicholls wrote: grumble must be NT's bloody runtime then. If I try to fopen a NULL filename it blows up. I changed s_server.c so that it only calls load_dh_param() if there's a real file. Guess what. Now it works .. . . That makes sense. When looking into the source, in the case of -nocert, a NULL pointer is passed to load_dh_param() and this NULL pointer is passed via BIO_new_file() to fopen(). [As you already analyzed] The manual page of fopen() does not indicate whether the behaviour of fopen() is defined for NULL as filename argument, so I guess that the behaviour of NT does not match the typical behaviour of Linux (or HP-UX), but NT is not necessarily wrong. Does anybody know whether fopen(NULL, ...) is allowed at all? Otherwise s_server should be fixed... Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Facing problem with SSL_get_peer_certificate() at the server side !!
Hello, I am running the demo client/server implementaation and i am unable to get the SSL_get_peer_certificate() function working at the server side. The server program alsways say "Client does not have the certificate." Eventhough the client.pem file is authenticatedd the data is being send received at either client/server ends, for some reason the server is unable to get the clients certificates. I request someone to help me on this. Do i need to create a special certificate for this??? Regards Laks __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
new non-blocking IO / state-machine demo
Hi there, Given the recent wave of threads on the openssl lists, I thought I'd get round to doing something I meant to do some time ago - and hack up a quick demo. Anyway, I've just committed it into the openssl CVS repository, so it should be present in the next nightly snapshot (downloadable from www.openssl.org) and it's inside the openssl/demos/tunala/ directory. The reason for "tunala" can be found in the header file. :-) Anyway - this was a very fast attempt to get an SSL tunneler up and running to illustrate the idea of having an abstract memory-based state-machine with the application-specifics of network-IO and what-not placed around the outside of it. I've tried to explain where things go and how it works inside the README in that directory as well as sporadic source comments wherever I felt the need or motivation. Now it's there, I'm sure I'll get round to actually testing a few things only to find it is full of bugs, but the principle should be sound. I've based it conceptually around something much more substantial I've been working on lately that itself would be too bulky to stick in as a "demo" and has dependencies on loads of other stuff - but the principle is working fine for me elsewhere so if there's bugs in "tunala", they're probably fixable reasonably straightforwardly. Well, take a look if it is of interest. There's been a lot of discussion lately about a wide array of relevant issues; async-IO as an alternative to threading/forking etc, non-blocking logic and avoiding "deadlocks" with SSL, using OpenSSL in a purely data-only capacity, etc. For some time I thought it would be handy to put my thoughts down in code rather than emails, so please take a fish around inside it if you're curious. Cheers, Geoff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: possible bug in DH_generate_key()
Here is one problem. The value coming out of DH_generate_key() is mod p. This induces the high-order bit to more likely to be a zero than a one. In an extreme case, if p is a prime of the form 1 + 2^n, then the high-order bit is almost certainly a zero. If this bit is one of the bits you use to form your blowfish key, the brute force attack is made easier by a factor of two. Perhaps if you were using a symmetric algorithm which naturally uses mod p keys, you could use the output of DH_generate_key() directly, but neither blowfish nor any of the ciphers in openssl have this property. Greg Stark, [EMAIL PROTECTED] Chief Security Architect Ethentica, Inc. www.ethentica.com - Original Message - From: "Lawrence MacIntyre" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 01, 2000 1:51 PM Subject: Re: possible bug in DH_generate_key() Ulf: ...snip... Just curious, why is the DH shared key insecure before being run through MGF1? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: make error Command args too long (v9.0.6, Win32, Borland C++)
Tom, I tried: - Get a newer make utility? - from MS this is the latest - Use GNU make - cant install/compile. It needs a file cl, and only mentions MS C; I have Borland C. - Get the cygwin package and build under that? - tried; lengthy process, voluminous, does not work. I'll retry the original way, i.e. MS nmake, but on Windows NT to avoid the max-commandline-length problem. Thanks for the suggestions. Cheers On 1 Nov 00, at 16:53, Tom Biggs wrote: At 04:23 PM 11/1/00 -0500, JF wrote: I cannot install v 9.0.6 on Windows, because make returns an error. The makefile bcb.mak contains a long CFLAG line which, which, with some more characters before and after, becomes 168 chars and exceeds the length limit, it seems In detail: [C:\Program Files\openssl-0.9.6] make -f bcb.mak MAKE Version 4.0 Copyright (c) 1987, 1996 Borland International Building OpenSSL mkdir tmp32 Directory already exists mkdir out32 Directory already exists mkdir inc32 Directory already exists mkdir inc32\openssl Directory already exists bcc32 -otmp32\cryptlib.obj -Iinc32 -Itmp32 - DWIN32_LEAN_AND_MEAN -q -w-a us -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 - DDSO_WIN32 -O2 -ff -fp -c .\cr ypto\cryptlib.c Fatal: Command arguments too long [C:\Program Files\openssl-0.9.6] Get a newer make utility? Use GNU make? Get the cygwin package and build under that? I thought tiny command lines went out with MSDOS, but I guess not. Tom Biggs '89 FJ1200 DoD #1146 "The whole aim of practical politics is to keep the populace alarmed - and hence clamorous to be led to safety - by menacing it with an endless series of hobgoblins, all of them imaginary." -- H.L. Mencken __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] --- JF Delannoy, Ph.D. Adjunct professor, University of Ottawa Information retrieval, computational linguistics www.site.uottawa.ca/~delannoy __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Error Installing on Win Nt 4.0
when I run nmake I get the error NMAKE:fatal error U1073: don't know how to make '.\crypto\cryptlib.h' My enviornment is fine.And it does make 3 folders but are empty. Sanjiv __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: certificate chaos...
If you do write these docs, please publish them somewhere that others can get at them. I'm still a couple of steps behind you with implementation and I expect there will be many others following again that would appreciate not re-inventing-the-wheel when it comes to user guidance docs. -Original Message- From: Michael Dingler [mailto:[EMAIL PROTECTED]] Sent: 27 October 2000 21:45 To: [EMAIL PROTECTED] Subject: Re: certificate chaos... You need to do... openssl pkcs12 -in xxx.p12 -clcerts -out xxx.pem to only extract client certificates and possibly openssl pkcs12 -in xxx.p12 -cacerts -nokeys -out cas.pem to extract CA certificates. Oh thanks, that did it. With just the client certificate it now runs perfectly. What FM should I have read to gather this? Maybe this should get into some kind of FAQ... I haven't seen much information about client setup on the net, most of the times they're even trying to _import_ certs into Netscape. I'll write some documentation about this, if just for my co-workers. ...Michael... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
help needed with extended keyUsage v3 attrib.
Hi, anyone know how to sign a X.509 cert with the attribute: extended keyUsage set to TLS Web server authentication with the CA command? I'm trying to set up an IPsec session between a win2000 and a Cisco router using IKE with X.509 certs. It seems that win2000 start to look for a certificate with the extended keyUsege set to TLS Web server autentication, what Microsoft call a machine cert. Without that exension win2000 is unable to use a certificate as a 'machine certificate'. Thx, Corrado. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]