The breaking of SHA1

[thomas . beckmann]

Hello everybody,

I am not quite sure which list to address so I chose both.

Regarding the news around the "breaking" of SHA1, I wonder if it is planned
or already in work to implement other hash algorithms like SHA256 into
OpenSSL.

Best Regards

Thomas Beckmann
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Multiple Threads accessing an SSL connection

[David Schwartz]

>I read many posts about multiple threads accessing
> a single SSL connection for read/write. I am still
> confused about the usage. What exactly is the truth?

You cannot access the same SSL connection from more than one thread at a
time.

> If I have a client SSL connection that has 3 to 4
> threads accessing the same SSL connection for
> read/write to the server, will it cause a problem??

Yes, if they're accessing it at the same time. I can't imagine how two
writes or two reads would be useful, so the only issue should be a read and
a write at the same time. While that could be useful, you must not do that.

> If
> yes, then can I make use of mutex locks to allow only
> one thread access  the SSL connection (for read/write)
> at a time??? If no, I am happy :)

Yes, you can.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Multiple Threads accessing an SSL connection

[Sanjay Acharya]

Hey Thanks a lot for the answer David.

Sanjay

--- David Schwartz <[EMAIL PROTECTED]> wrote:
> 
> >I read many posts about multiple threads
> accessing
> > a single SSL connection for read/write. I am still
> > confused about the usage. What exactly is the
> truth?
> 
>   You cannot access the same SSL connection from more
> than one thread at a
> time.
> 
> > If I have a client SSL connection that has 3
> to 4
> > threads accessing the same SSL connection for
> > read/write to the server, will it cause a
> problem??
> 
>   Yes, if they're accessing it at the same time. I
> can't imagine how two
> writes or two reads would be useful, so the only
> issue should be a read and
> a write at the same time. While that could be
> useful, you must not do that.
> 
> > If
> > yes, then can I make use of mutex locks to allow
> only
> > one thread access  the SSL connection (for
> read/write)
> > at a time??? If no, I am happy :)
> 
>   Yes, you can.
> 
>   DS
> 
> 
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> openssl-users@openssl.org
> Automated List Manager  
> [EMAIL PROTECTED]
> 




__ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

EVP_SignFinal() throws access violation - wrong documentation

[Karsten Ohme]

Hello
I have problems running an application under Windows XP, which uses EVP
functionality.
EVP_SignFinal() always fails.
After some days of lost time I compiled a debugable version of OpenSSL 
and the error always occurred in line 86 in the file p_sign.c

int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int 
*siglen,
	 EVP_PKEY *pkey)
	{
	unsigned char m[EVP_MAX_MD_SIZE];
	unsigned int m_len;
	int i,ok=0,v;
	MS_STATIC EVP_MD_CTX tmp_ctx;

*siglen=0;
The problem is the the wrong documentation.
There is written (http://www.openssl.org/docs/crypto/EVP_SignInit.html#):
"EVP_SignFinal() signs the data in ctx using the private key pkey and 
places the signature in sig. If the s parameter is not NULL then the 
number of bytes of data written (i.e. the length of the signature) will 
be written to the integer at s, at most EVP_PKEY_size(pkey) bytes will 
be written."

This is NOT true. If you see the function, if ever the parameter s is 
NULL there is an access violation, because it is a NULL pointer. Maybe 
also the behavior of this function in this case should be changed.

Apart from this, have you ever thought of a documentation system like 
Doxygen?

Could the possibility of a debug build during the generation of the 
Makefile be included?

I had to change manually the flags in the ntddl.mak
CFLAG= /MD /W3 /WX /G5 /Od /Gs0 /GF /Gy /nologo /ZI 
-DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 
-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_NO_KRB5

LFLAGS=/nologo /subsystem:console /machine:I386 /debug /opt:ref
MLFLAGS= /nologo /subsystem:console /debug /machine:I386 /opt:ref /dll
Bye, Karsten
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

SSL connection behind proxy

[Aftab Alam]

Hi all,

I am trying to establish SSL connection behind proxy using https. But could
not figure it out how will it be possible.
As for as http based connection behind proxy is concerned I connected to
proxy and set the request URI to the URL
To which non SSL http based connection is to be made. But as far as the SSL
enabled connection behind proxy is 
concerned I need to know Whether the proxy should be SSL enabled and what
type of connection will be made with proxy
SSL or non SSL and if non SSL then how my connection will become SSL enabled
even if I use CONNECT method as the 
http RFC suggests. I have seen few function in bio.h. like 

BIO_set_proxies
BIO_set_proxy_cb
BIO_set_proxy_header
 
Can any one help me how to use these function and whether they will help in
SSL enabled connection behind proxy. 

In http connection i connected to proxy

m_pSocket = BIO_new_connect(proxy:port);

BIO_do_connect((m_pSocket))

and then sent following header
and it worked

POST http://abc.com/asd http/1.0=\r\n
host: abc.com:83\r\n
Content-Type: application/ocsp-request\r\n
Content-length: 1590\r\n\r\n 

Regards,
Muhammad Aftab Alam



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Is it possible to set IV length in EVP_Cipher?

[Antonio Ruiz Martínez]

Hello!
   I have been looking at how I can set the length of the iv parameters 
in a cipher algorithm.
   I saw that we can put the IV with EVP_CipherInit_ex(ctx, NULL, NULL, 
key, iv, do_decrypt);
   However this length, in RC2_CBC, is 8 bytes I don't know if it is 
possible to use another different length. I think that it is possible 
because Mozilla uses it, but I'm not sure if a mistake of its 
implementation.
   I would like to use 12 bytes like mozilla. How could I set the iv 
length in Openssl for any algorithm?
   Could you help me, please?
   Regards,
   Antonio.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: The breaking of SHA1

[Thomas J. Hruska]

At 10:23 AM 3/8/2005 +0100, [EMAIL PROTECTED] writeth:
>Hello everybody,
>
>I am not quite sure which list to address so I chose both.
>
>Regarding the news around the "breaking" of SHA1, I wonder if it is planned
>or already in work to implement other hash algorithms like SHA256 into
>OpenSSL.
>
>Best Regards
>
>Thomas Beckmann

Well, implementing those algorithms is pretty much worthless for most users
if the browsers won't implement them.  Still worth a shot to try to get
them to forward implement...but there will be a lot of incompatibility for
a while.  Personally, I'd just be happy with SHA512.  Of course, I'm the
sort of person who uses "overkill" as a noun.

It is interesting to note that SHA256 is nearly identical in implementation
to SHA384 and SHA512 (i.e. once SHA256 is broken, SHA384 and SHA512 will be
"broken" in the same paper in theoretical terms of SHA256).  SHA384 and
SHA512 are exactly identical except for starting conditions.

I'm actually more favorably disposed towards using a non-MD4 lookalike.
SHAx looks and feels too much like MD4/MD5.  Unfortunately, not very many
cryptographic hashes exist that haven't been broken in some way.
Development of cryptographic hashes pretty much halted back in late 1999.

I've been wondering for a while if it is possible to use multiple hashes
for data needing thumbprint verification.  There is a relative analogy of
two metals that, separate, are weak, but when melted and made into an alloy
are stronger than their separate components total strength.  Applying this
idea to hashes, first use a hash like MD5, which has one family of known
weaknesses.  Then, use a second hash like SHA-1, which has a different,
non-overlapping family of known weaknesses.  The idea is that when the two
cryptographically weak hashes are combined, there is no _known_ family of
weakness.  This means that there could still be some weaknesses, but they
haven't been found yet.  Obviously, _if_ this is a valid concept, the basic
principle could be applied to stronger hash algorithms that haven't been
broken yet to make them that much more resilient to cryptanalysis attacks.
Note that I'm not a cryptanalyst*, but this seems very logical to me from
my point of view.

* Of course, I'm sticking my nose into an area I'm a relative "newbie" in,
so I'm already well prepared to insert foot in mouth.

Just a thought.


Thomas J. Hruska
[EMAIL PROTECTED]

Shining Light Productions
Home of the Nuclear Vision scripting language and ProtoNova web server.
http://www.slproweb.com/

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Is it possible to set IV length in EVP_Cipher?

[Dr. Stephen Henson]

On Tue, Mar 08, 2005, Antonio Ruiz Martínez wrote:

> Hello!
> 
>I have been looking at how I can set the length of the iv parameters 
> in a cipher algorithm.
>I saw that we can put the IV with EVP_CipherInit_ex(ctx, NULL, NULL, 
> key, iv, do_decrypt);
>However this length, in RC2_CBC, is 8 bytes I don't know if it is 
> possible to use another different length. I think that it is possible 
> because Mozilla uses it, but I'm not sure if a mistake of its 
> implementation.
>I would like to use 12 bytes like mozilla. How could I set the iv 
> length in Openssl for any algorithm?

The obvious question is why?

I'm not sure what you mean about Mozilla.

For the cipher modes that use an IV the IV length is equal to the block length
of the cipher. That's fixed by standards and there's no way to change it.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Whya are there .so.2, .so.4 and .so.0?

[tj]

I am condused, really a normal state for me :-). I have a slackware 
install and it has libssl.so.0, but some apps require libssl.so.2 or 
libssl.so.4. I go to www.openssl.org and find that 0.9.7m is the latest 
release.

Where are the .2 and .4 major numbers  coming from and what 
distinquishes them from one another? I am trying to build h323 apps and 
getting all sorts of  "library not found errors" concerning .so.2 and .so.4.

tj
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Whya are there .so.2, .so.4 and .so.0?

[Tan Eng Ten]

I think one of them is the default that came along with your OS. This is 
to avoid conflict when user installs a different version of the lib 
later on. Just my guess.

tj wrote:
I am condused, really a normal state for me :-). I have a slackware 
install and it has libssl.so.0, but some apps require libssl.so.2 or 
libssl.so.4. I go to www.openssl.org and find that 0.9.7m is the latest 
release.

Where are the .2 and .4 major numbers  coming from and what 
distinquishes them from one another? I am trying to build h323 apps and 
getting all sorts of  "library not found errors" concerning .so.2 and 
.so.4.

tj
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

configuration file seems to have priority over command line?

[Joel]

I have the following in the coniguration file:
(B
(B[ req ]
(B{...}
(Bprompt = no
(B{...}
(B[ req_distinguished_name ]
(BC = JP
(BST = Hyogo
(BCN = example
(BemailAddress = [EMAIL PROTECTED]
(B
(Band I try this on the command line:
(B
(Bopenssl req -new -newkey rsa:2048 -nodes -out herbie9_request.pem -subj 
(B"/CN=herbie9/[EMAIL PROTECTED]" -keyout herbie9.key -config 
(Bd:\data\weiss_ca\bin\weiss_user_openssl.cfg -batch 
(B
(BThe result is that common name gets set to "example" and emailAddress to
(B"[EMAIL PROTECTED]" instead of the values I'm trying to pass through the
(B-subj option on the command line.
(B
(BI tried commenting out the CN and emailAddress lines in the
(Bconfiguration file, but now verifying gives me the following:
(B
(BThe commonName field needed to be supplied and was missing
(B
(BFor now, I suppose I can resort to building a template file on the fly.
(BI don't much care to build template files with MS-DOS batch files, but
(Bthis should be fairly straightforward. (Boss does not want to install
(Bperl on MSWxx.)
(B
(BIs there some way to make the -subj on the command line override the
(Bcontents of the configuration file?
(B
(B--
(BJoel Rees   <[EMAIL PROTECTED]>
(Bdigitcom, inc.   $B3t<02qhttp://www.ddcom.co.jp> **
(B
(B__
(BOpenSSL Project http://www.openssl.org
(BUser Support Mailing Listopenssl-users@openssl.org
(BAutomated List Manager   [EMAIL PROTECTED]

RE: configuration file seems to have priority over command line?

[Ted Mittelstaedt]

How about creating a config file that does not have the CN and
(BemailAddress
(Bfields?
(B
(BTed
(B
(B> -Original Message-
(B> From: [EMAIL PROTECTED]
(B> [mailto:[EMAIL PROTECTED] Behalf Of Joel
(B> Sent: Tuesday, March 08, 2005 6:02 PM
(B> To: openssl-users@openssl.org
(B> Subject: configuration file seems to have priority over command line?
(B>
(B>
(B> I have the following in the coniguration file:
(B>
(B> [ req ]
(B> {...}
(B> prompt = no
(B> {...}
(B> [ req_distinguished_name ]
(B> C = JP
(B> ST = Hyogo
(B> CN = example
(B> emailAddress = [EMAIL PROTECTED]
(B>
(B> and I try this on the command line:
(B>
(B> openssl req -new -newkey rsa:2048 -nodes -out
(B> herbie9_request.pem -subj
(B> "/CN=herbie9/[EMAIL PROTECTED]" -keyout
(B> herbie9.key -config d:\data\weiss_ca\bin\weiss_user_openssl.cfg -batch
(B>
(B> The result is that common name gets set to "example" and
(B> emailAddress to
(B> "[EMAIL PROTECTED]" instead of the values I'm trying to pass through the
(B> -subj option on the command line.
(B>
(B> I tried commenting out the CN and emailAddress lines in the
(B> configuration file, but now verifying gives me the following:
(B>
(B> The commonName field needed to be supplied and was missing
(B>
(B> For now, I suppose I can resort to building a template file on the fly.
(B> I don't much care to build template files with MS-DOS batch files, but
(B> this should be fairly straightforward. (Boss does not want to install
(B> perl on MSWxx.)
(B>
(B> Is there some way to make the -subj on the command line override the
(B> contents of the configuration file?
(B>
(B> --
(B> Joel Rees   <[EMAIL PROTECTED]>
(B> digitcom, inc.   $B3t<02q Kobe, Japan   +81-78-672-8800
(B> **  **
(B>
(B> __
(B> OpenSSL Project http://www.openssl.org
(B> User Support Mailing Listopenssl-users@openssl.org
(B> Automated List Manager   [EMAIL PROTECTED]
(B>
(B
(B__
(BOpenSSL Project http://www.openssl.org
(BUser Support Mailing Listopenssl-users@openssl.org
(BAutomated List Manager   [EMAIL PROTECTED]

RE: The breaking of SHA1

[Ted Mittelstaedt]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Thomas J. Hruska
> Sent: Tuesday, March 08, 2005 12:34 PM
> To: openssl-users@openssl.org
> Subject: Re: The breaking of SHA1
>
>
> I'm actually more favorably disposed towards using a non-MD4 lookalike.
> SHAx looks and feels too much like MD4/MD5.  Unfortunately,
> not very many
> cryptographic hashes exist that haven't been broken in some way.
> Development of cryptographic hashes pretty much halted back in
> late 1999.
>

All that most people want is encryption that is "pretty much unbreakable
for
most people"  The 56 bit DES and other weak and crackable algorithms are
enough to keep the casual cracker out like the 15 year old kid.  3DES
with
a bad randomizer generating keys is good enough to block your
criminal types wanting to steal credit card #s.  None of these present
much of an obstacle to governments, but most people aren't worried if
the government can spy on their data.  Oh, they will give lip service
readily
enough, but when it comes to putting their money where their mouths are,
espically if that means switching to different application that uses a
better algorithm, most of them won't switch.  Nor will they pay a royalty
to use a completely secure algorithm when a free and less secure one is
available.

Ted

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]