RE: How to prevent SSL from blocking from Network interruption
> Not to beat a dead horse, but I forgot to mention that the application > does work "properly" when performing the same operations on non-SSL > connections. In other-words if I use telnet to connect to the server on > the non-SSL port and type nothing in the console and then have a second > client connect (to either the non-SSL or the SSL port) and make a valid > request, the server responds properly. The telnet session is still > connected, but we are not blocked from handling other requests. The WEBs > code uses the socket 'select' mechanism which I presume plays a role in > this working. I do not understand why this same mechanism fails when we > use SSL. Because you forgot to set the socket non-blocking. It is only working for non-SSL by pure luck. (For example, if it was UDP, or you used this same logic in your 'accept' code, it would likely deadlock awfully.) The only way to guarantee that socket operations do not block is to set the socket non-blocking. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to prevent SSL from blocking from Network interruption
> Having only done minimal socket programming, I'm in a bit of a steep > learning curve right now. Other then understanding what a blocking and > non-blocking operation is, I don't fully understand the ramifications of > switching to non-blocking I/O. Compounding this issue is the third party > code, which was clearly written with blocking I/O :( You cannot write a program that serves multiple clients with a single thread and blocking socket operations. Blocking socket operations can block, and when you are blocked you cannot assist another client. If it does this with 'accept', for example, it will break. A TCP connection might be closed after you get a 'select' hit and before you enter 'accept'. In that case, the 'accept' will block until a new connection happens to come in. This can be remotely exploited. You have the same problem with 'write'. Suppose you get a 'select' hit that a socket is writable, but then you write more bytes that the system is willing to accept at that moment. Boom, you block, and you can't handle other clients. This is also remotely-exploitable -- just request a lot of stuff and don't call 'read'. Unfortunately, you will need to fix the broken code. On the bright side, OpenSSL has pointed out to you that the code is broken and now, with luck, you will not ship/deploy code that likely had numerous remotely exploitable denial-of-service vulnerabilities. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to prevent SSL from blocking from Network interruption
Or to put it another way you can use combinations of... Use select() to check network level traffic arrival prior to making the appropriate SSL calls to handle it. Use SSL_Pending() to check if any SSL traffic is in the local buffers before calling select Set all sockets that you open to non-blocking mode prior to making any "slow" calls such as accept, connect, read, write, etc. Typical architectures revolve around select and SSL_Pending, others on this list with more OpenSSL experience may like to chip in with better designs here... It is possible to handle multiple clients using a single thread, but it does get tricky as everything revolves around detecting activity and responding quickly before returning to detection mode again. Its impossible to do it reliably using blocking-mode calls. Regards, Simon Edwards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz Sent: 20 July 2007 09:18 To: openssl-users@openssl.org Subject: RE: How to prevent SSL from blocking from Network interruption > Having only done minimal socket programming, I'm in a bit of a steep > learning curve right now. Other then understanding what a blocking and > non-blocking operation is, I don't fully understand the ramifications > of switching to non-blocking I/O. Compounding this issue is the third > party code, which was clearly written with blocking I/O :( You cannot write a program that serves multiple clients with a single thread and blocking socket operations. Blocking socket operations can block, and when you are blocked you cannot assist another client. If it does this with 'accept', for example, it will break. A TCP connection might be closed after you get a 'select' hit and before you enter 'accept'. In that case, the 'accept' will block until a new connection happens to come in. This can be remotely exploited. You have the same problem with 'write'. Suppose you get a 'select' hit that a socket is writable, but then you write more bytes that the system is willing to accept at that moment. Boom, you block, and you can't handle other clients. This is also remotely-exploitable -- just request a lot of stuff and don't call 'read'. Unfortunately, you will need to fix the broken code. On the bright side, OpenSSL has pointed out to you that the code is broken and now, with luck, you will not ship/deploy code that likely had numerous remotely exploitable denial-of-service vulnerabilities. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This message has been scanned for viruses by MailController - www.MailController.altohiway.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL Visual Studio Workspace
Hi Friends , Can any body tell me from where I can get the MS DEV Visual Studio Workspace for OpenSSL. Best, Abhishek
need help:run des on mips32 and vxworks
hi,all i meet a problem.when i plant the DES to my voip gateway for the purpose of snmpv3 support, it shows decryption error. My gateway is running on vxworks and processor is mips32. i guess it should be something wrong with architecture concerned choice, such as big(little)endian? in md32_common.h how should i choose the ROTATE ? /* * Engage compiler specific rotate intrinsic function if available. */ #undef ROTATE #ifndef PEDANTIC # if defined(_MSC_VER) || defined(__ICC) # define ROTATE(a,n) _lrotl(a,n) # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) # elif defined(__MC68K__) /* Motorola specific tweak. <[EMAIL PROTECTED]> */ # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) # else #ifndef ROTATE #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n #endif in opensslconf.h i choose newer mips,but makes error. #if defined( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL #elif defined( __ultrix ) /* Older MIPS */ # define DES_PTR # define DES_RISC2 # define DES_UNROLL #elif defined( __osf1__ ) /* Alpha */ # define DES_PTR # define DES_RISC2 #elif defined ( _AIX ) /* RS6000 */ /* Unknown */ #elif defined( __hpux ) /* HP-PA */ /* Unknown */ #elif defined( __aux ) /* 68K */ /* Unknown */ #elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ # define DES_UNROLL #elif defined( __sgi ) /* Newer MIPS */ # define DES_PTR # define DES_RISC2 # define DES_UNROLL #elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL #endif /* Systems-specific speed defines */ #endif thank you in advance for your help zhangyao 2007-07-20
LDAP instead of /etc/ssl/certs ?
Hi, is there a way to retrieve certificates from LDAP instead from /etc/ssl/certs ? Didn't find anything in FAQs and man pages... regards Hadmut __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Thanks...Re: How to prevent SSL from blocking from Network interruption
David Schwartz wrote: Not to beat a dead horse, but I forgot to mention that the application does work "properly" when performing the same operations on non-SSL connections. In other-words if I use telnet to connect to the server on the non-SSL port and type nothing in the console and then have a second client connect (to either the non-SSL or the SSL port) and make a valid request, the server responds properly. The telnet session is still connected, but we are not blocked from handling other requests. The WEBs code uses the socket 'select' mechanism which I presume plays a role in this working. I do not understand why this same mechanism fails when we use SSL. Because you forgot to set the socket non-blocking. It is only working for non-SSL by pure luck. (For example, if it was UDP, or you used this same logic in your 'accept' code, it would likely deadlock awfully.) The only way to guarantee that socket operations do not block is to set the socket non-blocking. DS Thanks everyone for taking the time to respond. I'll need to dig deeper into the third party code to see how to fix it. -Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL Visual Studio Workspace
Hi there is install.w32 file that is used to build dlls on windows platform. I am not aware of any workspace file for OpenSSL and also I never needed one as well.. thanks and regards Krishna On 7/20/07, Abhishek Tripathi <[EMAIL PROTECTED]> wrote: Hi Friends , Can any body tell me from where I can get the MS DEV Visual Studio Workspace for OpenSSL. Best, Abhishek __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Passwords for S/MIME certs?
Hi, I want to create S/MIME certs that require a password to use. I've created an RSA key with the -des3 option. It prompted for a password and I entered it. Then I created a CSR and signed it with my CA's cert. Then I exported it in pkcs12 format and imported it into Internet Explorer and Thunderbird. I've sent encrypted and signed mails with Thunderbird and Outlook, they verify and decrypt fine at the other end but neither Outlook nor Thunderbird ask for a password when I'm creating or reading mails! How do I make sure unauthorised people can't use this cert? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: LDAP instead of /etc/ssl/certs ?
Hadmut Danisch schrieb: Hi, is there a way to retrieve certificates from LDAP instead from /etc/ssl/certs ? Didn't find anything in FAQs and man pages... regards Hadmut AFAIK LDAP is not used in OpenSSL tools or library functions. Of course it would be possible (though probably a good bit of coding work) to use a LDAP library like OpenLDAP to fetch the certificates and then use them with OpenSSL library functions. Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: LDAP instead of /etc/ssl/certs ?
On Fri, Jul 20, 2007 at 04:32:08PM +0200, Bernhard Froehlich wrote: > Of course it would be possible (though probably a good bit of coding work) > to use a LDAP library like OpenLDAP to fetch the certificates and then use > them with OpenSSL library functions. > > Hope it helps. Not really, this was just the obvious facts. Doing it yourself is what always works. But since storage of certificates in an LDAP tree is state of the art and more natural than /etc/ssl/certs (keep in mind that originally these X.509 certificates were intended to protect and to be stored in a X.500 directory, which of LDAP is a subset), I wonder why this had never been implemented. regards Hadmut __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem with EVP_CipherFinal_ex
Hi all, i'm trying to write a function to encrypt/decrypt binary buffers
using different algorithms.
I'm getting an error when decrypting it, on the EVP_CipherFinal_ex function.
The error basically is WRONG_FINAL_BLOCK_LENGTH and triggers when i try to
decrypt a buffer that is not multiple of the block length (what is almost
always).
I understand that, when encrypting, the last block have to be padded to
encrypt it and so i do, but i dont save to the encrypted file the padded
bytes, because i need the encrypted data to be the same size than original.
What i dont understand is, if i enable padding on decrypt too, why
EVP_CipherFinal_ex fails to pad it? Should i pad it myself before starting
to decrypt?
I attached the function i'm using.
I thank you for any help or even for any hint on what's wrong,
Regards,
int EVP_sym_crypt( unsigned char *buffer, int buflen, crypt_key_t *key,
const EVP_CIPHER *type, int enc_dec )
{
int block_size = EVP_CIPHER_block_size( type );
int key_length = EVP_CIPHER_key_length( type );
EVP_CIPHER_CTX ctx;
unsigned char *result = ( unsigned char * ) malloc( ( buflen +
block_size - 1 ) * sizeof( unsigned char ) );
unsigned char *iv = ( unsigned char * ) malloc( key_length * sizeof(
unsigned char ) );
int length, count = 0, tmp_count = 0;
if ( !type )
{
Warn( "No algorithm" );
free( result );
return -1;
}
/* registers the error strings for all libcrypto functions */
ERR_load_crypto_strings();
memset(iv,0xaf,16);
/*length = buflen - ( buflen % block_size );*/
EVP_CIPHER_CTX_init ( &ctx );
if (! EVP_CipherInit_ex( &ctx, type, NULL, key->key, iv, enc_dec ) )
{
Warn( "Error on EVP_CipherInit_ex" );
ERR_print_errors_fp( stderr );
EVP_CIPHER_CTX_cleanup( &ctx );
free( result );
return -1;
}
EVP_CIPHER_CTX_set_padding( &ctx, 1 );
if ( !EVP_CipherUpdate( &ctx, result, &count, buffer, buflen ) )
{
Warn( "Error on EVP_CipherUpdate" );
ERR_print_errors_fp( stderr );
EVP_CIPHER_CTX_cleanup( &ctx );
free( result );
return -1;
}
/* 15790:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:
*/
/* wrong final block length:evp_enc.c:447: */
if ( !EVP_CipherFinal_ex( &ctx, result + count, &tmp_count ) )
{
Warn( "Error on EVP_CipherFinal_ex" );
ERR_print_errors_fp( stderr );
EVP_CIPHER_CTX_cleanup( &ctx );
free( result );
return -1;
}
count += tmp_count;
EVP_CIPHER_CTX_cleanup( &ctx );
return 0;
}
--
Jorge Fernandez
Re: Problem with EVP_CipherFinal_ex
I understand that, when encrypting, the last block have to be padded to encrypt it and so i do, but i dont save to the encrypted file the padded bytes, because i need the encrypted data to be the same size than original. You have to save the entire encrypted block. cipher_final will tell you the length of the padded and encrypted block. What i dont understand is, if i enable padding on decrypt too, why EVP_CipherFinal_ex fails to pad it? Should i pad it myself before starting to decrypt? The EVP_CIPHER_CTX_set_padding only applies to encryption, and is enabled by default - so you don't need it anywhere. When decrypting cipher_final will tell you the length of the decrypted data. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with EVP_CipherFinal_ex
Thank you for the response, Jim 2007/7/20, Jim Fox <[EMAIL PROTECTED]>: You have to save the entire encrypted block. cipher_final will tell you the length of the padded and encrypted block. So, should i assume that encrypted buffer will always be a multiple of block_size ... I would say that my application can't allow that though. The EVP_CIPHER_CTX_set_padding only applies to encryption, and is enabled by default - so you don't need it anywhere. Yeah, that was just to make sure. When decrypting cipher_final will tell you the length of the decrypted data. But how can i know how many bytes long was the original buffer? (since each one will have different lengths, but when decrypting, all will be padded up to multiple of block size) Jim Thanks -- Jorge Fernandez
Re: LDAP instead of /etc/ssl/certs ?
Hi Hadmut; On Friday 20 July 2007 11:05:37 you wrote: > On Fri, Jul 20, 2007 at 04:32:08PM +0200, Bernhard Froehlich wrote: > > Of course it would be possible (though probably a good bit of coding > > work) to use a LDAP library like OpenLDAP to fetch the certificates and > > then use them with OpenSSL library functions. > > > > Hope it helps. > > Not really, this was just the obvious facts. Doing it yourself is what > always works. > > But since storage of certificates in an LDAP tree is state of the art and > more natural than /etc/ssl/certs (keep in mind that originally these X.509 > certificates were intended to protect and to be stored in a X.500 > directory, which of LDAP is a subset), I wonder why this had never been > implemented. > Well, I believe that it was done this way because the OpenSSL /etc/ssl/certs is just the Unix way of implementing the concept of the Trust Anchor store. The thing is that since those certificates are "trust anchors", then it would be highly insecure to not have these certificates locally, and if the user was to have them locally in a local LDAP Server, then they would need to have an LDAP server that was configured for a very large namespace (it would have to, in essence, mirror Verisign's, Global Trusts, and all of the other Certificate authorities LDAP namespace). Consequently, it is probably highly undesirable to store these trust anchors as something other than a series of CA certificates (think what would happen if you were to look up these certificates somewhere other than locally, and someone were to spoof the DNS entry... since you are looking up these certificates to make a trust decision, it would be possible for an attacker to spoof both the CA and the end entity certificates, and that would be a VERY BAD THING :) Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with EVP_CipherFinal_ex
You have to save the entire encrypted block. cipher_final will tell you the length of the padded and encrypted block. So, should i assume that encrypted buffer will always be a multiple of block_size ... I would say that my application can't allow that though. Why do you care at all? Just make sure your buffer to hold the encrypted data is at least one block_size longer than the original text length. When decrypting cipher_final will tell you the length of the decrypted data. But how can i know how many bytes long was the original buffer? (since each one will have different lengths, but when decrypting, all will be padded up to multiple of block size) Because cipher_final TELLS YOU. The length it returns is the length of the original text. It doesn't do any padding on decryption. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Passwords for S/MIME certs?
Hello, --On Freitag, Juli 20, 2007 14:49:54 + nobody <[EMAIL PROTECTED]> wrote: [...] Then I exported it in pkcs12 format and imported it into Internet Explorer and Thunderbird. I've sent encrypted and signed mails with Thunderbird and Outlook, they verify and decrypt fine at the other end but neither Outlook nor Thunderbird ask for a password when I'm creating or reading mails! How do I make sure unauthorised people can't use this cert? Tell your program you use to send mails that it should protect imported key data with a pass phrase. How to do that is outside the scope of this list. (In Thunderbird it is the master pass phrase, I don't care for Outluck...) Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many pgpIsqLPFl6mC.pgp Description: PGP signature
Re: LDAP instead of /etc/ssl/certs ?
On Fri, Jul 20, 2007 at 12:04:18PM -0400, Patrick Patterson wrote: > Hi Hadmut; > > On Friday 20 July 2007 11:05:37 you wrote: > > On Fri, Jul 20, 2007 at 04:32:08PM +0200, Bernhard Froehlich wrote: > > > Of course it would be possible (though probably a good bit of coding > > > work) to use a LDAP library like OpenLDAP to fetch the certificates and > > > then use them with OpenSSL library functions. > > > > > > Hope it helps. > > > > Not really, this was just the obvious facts. Doing it yourself is what > > always works. > > > > But since storage of certificates in an LDAP tree is state of the art and > > more natural than /etc/ssl/certs (keep in mind that originally these X.509 > > certificates were intended to protect and to be stored in a X.500 > > directory, which of LDAP is a subset), I wonder why this had never been > > implemented. Possibly because everyone is waiting for you to contribute the code. :-/ > Well, I believe that it was done this way because the OpenSSL /etc/ssl/certs > is just the Unix way of implementing the concept of the Trust Anchor store. > The thing is that since those certificates are "trust anchors", then it would > be highly insecure to not have these certificates locally, and if the user Define "locally". In my LDAP server behind my firewall is one arguably reasonable definition of "locally". > was to have them locally in a local LDAP Server, then they would need to have > an LDAP server that was configured for a very large namespace (it would have > to, in essence, mirror Verisign's, Global Trusts, and all of the other > Certificate authorities LDAP namespace). Okay, why? > Consequently, it is probably highly > undesirable to store these trust anchors as something other than a series of > CA certificates Tell Novell and Microsoft, who've been storing certificates in their directory products since late last century. > (think what would happen if you were to look up these > certificates somewhere other than locally, and someone were to spoof the DNS > entry... since you are looking up these certificates to make a trust > decision, it would be possible for an attacker to spoof both the CA and the > end entity certificates, and that would be a VERY BAD THING :) Well, that's what DNSSEC is for. Not to mention mutual authentication between the directory and client. I don't see why this CANNOT be secured. I agree that it takes careful attention to detail if it is to be secured. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite. pgpZJcxMK3gG2.pgp Description: PGP signature
Re: Passwords for S/MIME certs?
On Fri, Jul 20, 2007, Goetz Babin-Ebell wrote: > Hello, > > --On Freitag, Juli 20, 2007 14:49:54 + nobody <[EMAIL PROTECTED]> wrote: > > [...] > >Then I exported it in pkcs12 format and imported it into Internet > >Explorer and Thunderbird. I've sent encrypted and signed mails with > >Thunderbird and Outlook, they verify and decrypt fine at the other end > >but neither Outlook nor Thunderbird ask for a password when I'm > >creating or reading mails! How do I make sure unauthorised people can't > >use this cert? > > Tell your program you use to send mails that it should protect > imported key data with a pass phrase. > How to do that is outside the scope of this list. > (In Thunderbird it is the master pass phrase, I don't care for Outluck...) > > With CryptoAPI (which includes Outlook) the certificate import Wizard will have an option saying something like "enable strong key protection" then when you are prompted for the security level you have to set it to "high". Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
