RE: Using PCKS Padding in OpenSSL

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of Eric S. Eberhard
> Sent: Tuesday, 07 June, 2011 15:21

> I would point out in that last approach -- encrypting and sending un 
> secure (which is a good idea in many cases) does have a few 
> considerations.  If the data is sensitive (like magnetic strip data 
> from a credit card) this is completely NOT ALLOWED.  PCI and PA-DSS 
> won't allow it to hit the disk.  If you do hit the disk and you care 
> about security on either end, you also need a secure delete  

To be exact, PCI DSS (and therefore PA-DSS) prohibits storing 
magstripe, CVV2 and PIN "after authorization (even if encrypted)". 
Authorization should always be real-time and thus there should be 
no good reason to store on disk during auth, but it isn't specifically 
prohibited. If you do store it, yes you will then need to wipe it. 

But this is not specific to my last approach. The OP's question 
seemed to be about files, and storing this data in a clear file 
securely transferred with FTPS, SFTP, or such would be even worse.

> At 08:44 PM 6/6/2011, Dave Thompson wrote:

> >Another approach is to secure the files themselves,
> >rather than just the transfer. That is, encrypt and
> >perhaps sign the files when (or before) they are
> >placed on the sending system(s), transfer them
> >using plain FTP or HTTP or other, and decrypt and
> >perhaps verify them on the receiving system(s).
> >


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Open SSL Error 14094412

[David Mitchell]

On 05/31/2011 03:02 PM, David Mitchell wrote:
> 
> On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
> 
>>> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
>>> Sent: Friday, 27 May, 2011 12:35
>>
>>> I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I 
>>> have a client
>>> where authentication attempts always fail with the relatively generic
>>> error below. I've tried to figure out what it means with no 
>>> luck. A search
>>> of the source shows that the error code (ultimately 1042) is 
>>> defined but
>>> only used in one place, in ssl_err.c assigns the text version of the
>>> error code.  Can anybody point me to where in the code
>>> this error gets generated? Thanks in advance.
>>>
>> ssl3_read_bytes sets error 1000+alertnum for received fatal alerts.
>> alert 42 is "bad certificate" so error 1042 is "alert: bad certificate".
>>
>> The client is saying it doesn't like the cert the server is supplying.
>> Since other clients are working, the (a?) cert is clearly good.
>>
>> See if the client has more-detailed information in a log or something, 
>> and/or check client configuration especially the CA cert(s) it trusts. 
>> If your server has multiple certs/keys for different algorithms, 
>> check if this client is preferring the same algorithms/ciphersuites 
>> as the (other) clients that work.
> 
> Knowing that it is a client error and not a server error should help point us
> in the right direction. So far the client logs have been mostly worthless.
> That said, we have not been looking at possible trust issues with respect to
> the server certificate being accepted as valid on the client. We will look
> at that next. Thanks for your help.

The client did turn out to be rejecting the server's certificate due to
an unknown CA. Thanks again for your help,

-David Mitchell

> 
> 
> -
> | David Mitchell (mitch...@ucar.edu)   Network Engineer IV  |
> | Tel: (303) 497-1845  National Center for  |
> | FAX: (303) 497-1818  Atmospheric Research |
> -
> 
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Using PCKS Padding in OpenSSL

[Jeffrey Walton]

On Tue, Jun 7, 2011 at 3:21 PM, Eric S. Eberhard  wrote:
> I would point out in that last approach -- encrypting and sending un secure
> (which is a good idea in many cases) does have a few considerations.  If the
> data is sensitive (like magnetic strip data from a credit card) this is
> completely NOT ALLOWED.  PCI and PA-DSS won't allow it to hit the disk.  If
> you do hit the disk and you care about security on either end, you also need
> a secure delete program.  Simply deleting a file does not remove the data
> from the disk.  It takes about 5 lines of C to make a secure delete which if
> anyone likes I can give them.
Are you sure that its 5 lines? iPhone/iPad/iTouch puts my stomach in a
knot due to lack of true background processing. Reliably Erasing Data
>From Flash-Based Solid State Drives,
www.usenix.org/events/fast11/tech/full_papers/Wei.pdf.

Jeff

>
> At 08:44 PM 6/6/2011, Dave Thompson wrote:
>>
>> > From: owner-openssl-us...@openssl.org On Behalf Of greenelephant
>> > Sent: Sunday, 05 June, 2011 05:20
>>
>> > Thanks for the reply Dave. I am grateful for your advice. I
>> > am a novice as you have probably gathered.
>> > If I am not wrong in my judgement you seem to have some expertise on
>> > cryptology.
>>
>> Some, not a whole lot.
>>
>> > I have stated SSL in my first post that I would like help
>> > with as you know.
>> > But with your expertise is there a better solution to use
>> > except SSL in
>> > terms of security using openssl?
>>
>> SSL/TLS (preferably the newest version supported, today
>> usually TLS 1.1 or maybe 1.2) is a good general solution
>> for security of Internet endpoint communication
>> (particularly, but not only, web traffic using HTTPS).
>> OpenSSL is a good implementation of SSL/TLS, plus some
>> related (crypto) functionality, but not the only one;
>> any other conforming and well-tested implementation
>> available to you should be fine. For examples, Java
>> includes its own SSL/TLS implementation (for Java),
>> and I understand dot-NET does (for C#, VB, etc.)
>>
>> There are other protocols that may be better in specific
>> situations (e.g. SSH as below) or necessary (e.g. IPsec
>> and DNSsec are done at a level below where SSL can work).
>>
>> > Also is SSL an ideal security solution for secured FTP
>> > transmissions using
>> > the openssl module to enable me to subvert any efforts to
>> > sabotage or breach
>> > security perpetrated by intruders or hackers using the
>> > methods of attacks
>> > (side channeling  for instance) previously mentioned?
>>
>> FTP over SSL (FTPS) is a secure means of file transfer,
>> if supported by both your server(s) and your client(s),
>> which in my experience is not very common. When it is
>> supported, the server and client code determines what
>> module is used; it might be OpenSSL or something else.
>>
>> Another good and in my experience more common method
>> of securing file transfer is SFTP, part of the SSH
>> protocol suite. The crypto used in SSH is generally
>> similar (though not identical) to SSL/TLS, and in fact
>> the most widespread implementation OpenSSH uses libcrypto
>> from OpenSSL, but the trust model is different (simpler).
>> Instead of creating and verifying certificates, SSH
>> requires you to manually verify a key fingerprint on
>> the first connection between a given client and server
>> (or else manually pre-transfer the encoded publickey).
>> This isn't very good for communications with strangers
>> (like sites you found on Google), but works okay for
>> people that already have some contact (like your friends,
>> customers of your company, etc).
>>
>> Another approach is to secure the files themselves,
>> rather than just the transfer. That is, encrypt and
>> perhaps sign the files when (or before) they are
>> placed on the sending system(s), transfer them
>> using plain FTP or HTTP or other, and decrypt and
>> perhaps verify them on the receiving system(s).
>>
>> [SNIP]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Using PCKS Padding in OpenSSL

[Eric S. Eberhard]

I would point out in that last approach -- encrypting and sending un 
secure (which is a good idea in many cases) does have a few 
considerations.  If the data is sensitive (like magnetic strip data 
from a credit card) this is completely NOT ALLOWED.  PCI and PA-DSS 
won't allow it to hit the disk.  If you do hit the disk and you care 
about security on either end, you also need a secure delete 
program.  Simply deleting a file does not remove the data from the 
disk.  It takes about 5 lines of C to make a secure delete which if 
anyone likes I can give them.


Eric


At 08:44 PM 6/6/2011, Dave Thompson wrote:

> From: owner-openssl-us...@openssl.org On Behalf Of greenelephant
> Sent: Sunday, 05 June, 2011 05:20

> Thanks for the reply Dave. I am grateful for your advice. I
> am a novice as you have probably gathered.
> If I am not wrong in my judgement you seem to have some expertise on
> cryptology.

Some, not a whole lot.

> I have stated SSL in my first post that I would like help
> with as you know.
> But with your expertise is there a better solution to use
> except SSL in
> terms of security using openssl?

SSL/TLS (preferably the newest version supported, today
usually TLS 1.1 or maybe 1.2) is a good general solution
for security of Internet endpoint communication
(particularly, but not only, web traffic using HTTPS).
OpenSSL is a good implementation of SSL/TLS, plus some
related (crypto) functionality, but not the only one;
any other conforming and well-tested implementation
available to you should be fine. For examples, Java
includes its own SSL/TLS implementation (for Java),
and I understand dot-NET does (for C#, VB, etc.)

There are other protocols that may be better in specific
situations (e.g. SSH as below) or necessary (e.g. IPsec
and DNSsec are done at a level below where SSL can work).

> Also is SSL an ideal security solution for secured FTP
> transmissions using
> the openssl module to enable me to subvert any efforts to
> sabotage or breach
> security perpetrated by intruders or hackers using the
> methods of attacks
> (side channeling  for instance) previously mentioned?

FTP over SSL (FTPS) is a secure means of file transfer,
if supported by both your server(s) and your client(s),
which in my experience is not very common. When it is
supported, the server and client code determines what
module is used; it might be OpenSSL or something else.

Another good and in my experience more common method
of securing file transfer is SFTP, part of the SSH
protocol suite. The crypto used in SSH is generally
similar (though not identical) to SSL/TLS, and in fact
the most widespread implementation OpenSSH uses libcrypto
from OpenSSL, but the trust model is different (simpler).
Instead of creating and verifying certificates, SSH
requires you to manually verify a key fingerprint on
the first connection between a given client and server
(or else manually pre-transfer the encoded publickey).
This isn't very good for communications with strangers
(like sites you found on Google), but works okay for
people that already have some contact (like your friends,
customers of your company, etc).

Another approach is to secure the files themselves,
rather than just the transfer. That is, encrypt and
perhaps sign the files when (or before) they are
placed on the sending system(s), transfer them
using plain FTP or HTTP or other, and decrypt and
perhaps verify them on the receiving system(s).



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



Eric S. Eberhard
(928) 567-3727  Voice
(928) 567-6122  Fax
(928) 301-7537   Cell

Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC

For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com

Pictures of Snake in Spring

http://www.facebook.com/album.php?aid=115547&id=1409661701&l=1c375e1f49

Pictures of Camp Verde

http://www.facebook.com/album.php?aid=12771&id=1409661701&l=fc0e0a2bcf

Pictures of Land Cruiser in Sedona

http://www.facebook.com/album.php?aid=50953&id=1409661701

Pictures of Flagstaff area near our cabin

http://www.facebook.com/album.php?aid=12750&id=1409661701

Pictures of Cheryl in a Horse Show

http://www.facebook.com/album.php?aid=32484&id=1409661701


Pictures of the AZ Desert

http://www.facebook.com/album.php?aid=58827&id=1409661701

(You can see why we love this state :-) )








__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

[Victor Duchovni]

On Tue, Jun 07, 2011 at 10:42:54AM -0500, Erwin Himawan wrote:

> Thanks for your help.  Once I fix my compilation environment, everything
> works ok.

Glad it works for you.

> > > When the code crashes, here are the print outs:
> > >
> > > OPENSSL_VERSION_NUMBER: 9470255
> >
> > Converted to hexadecimal, this is: 0090812F, which is 0.9.8l

Minor correction, 12 hex is of course 18 decimal, so it was "0.9.8r"
not "0.9.8l".

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

[Erwin Himawan]

Viktor,

Thanks for your help.  Once I fix my compilation environment, everything
works ok.

Thanks again.

Regards,
Erwin


On Tue, Jun 7, 2011 at 10:22 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Tue, Jun 07, 2011 at 10:05:19AM -0500, Erwin Himawan wrote:
>
> > Hi Victor,
> >
> > If I understand these printout correctly, my compilation environment is
> > mixed.  However, can you confirm?
> >
> > When the code crashes, here are the print outs:
> >
> > OPENSSL_VERSION_NUMBER: 9470255
>
> Converted to hexadecimal, this is: 0090812F, which is 0.9.8l
>
> > SSLeay(): 268435535
>
>Converted to hexadecimal, this is: 104F, which is 1.0.0d
>
> > When the code does not crash, here are the print outs:
> >
> > OPENSSL_VERSION_NUMBER: 9470255
> >
> > SSLeay(): 9470255
>
> Here, both the headers and libraries are 0.9.8l
>
> > Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?
>
> Certainly on the platform where the code is built, later the run-time
> can be at a higher patch level. You are linking with OpenSSL 1.0.0,
> but using headers from OpenSSL 0.9.8. This won't work.
>
> --
> Viktor.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

[Victor Duchovni]

On Tue, Jun 07, 2011 at 10:05:19AM -0500, Erwin Himawan wrote:

> Hi Victor,
> 
> If I understand these printout correctly, my compilation environment is
> mixed.  However, can you confirm?
> 
> When the code crashes, here are the print outs:
> 
> OPENSSL_VERSION_NUMBER: 9470255

Converted to hexadecimal, this is: 0090812F, which is 0.9.8l

> SSLeay(): 268435535

Converted to hexadecimal, this is: 104F, which is 1.0.0d

> When the code does not crash, here are the print outs:
> 
> OPENSSL_VERSION_NUMBER: 9470255
> 
> SSLeay(): 9470255

Here, both the headers and libraries are 0.9.8l

> Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?

Certainly on the platform where the code is built, later the run-time
can be at a higher patch level. You are linking with OpenSSL 1.0.0,
but using headers from OpenSSL 0.9.8. This won't work.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

[Erwin Himawan]

Hi Victor,

If I understand these printout correctly, my compilation environment is
mixed.  However, can you confirm?

When the code crashes, here are the print outs:

OPENSSL_VERSION_NUMBER: 9470255
SSLeay(): 268435535

When the code does not crash, here are the print outs:

OPENSSL_VERSION_NUMBER: 9470255

SSLeay(): 9470255


Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?


Thanks,

Erwin

On Mon, Jun 6, 2011 at 7:52 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Mon, Jun 06, 2011 at 06:22:53PM -0500, Erwin Himawan wrote:
>
> > I am using Netbean 7.0 for my IDE.
> > I am using cygwin: CYGWIN_NT-5.1 1.7.9(0.237/5/3) 2011-03-29 10:10 i686
> >
> > My host platform is WindowXP 32 bit.
> > I am building the openssl ver 1.0.0d using the cygwin.
> > The path to the OpenSSL headers included during compilation:
> > C:/cygwin//usr/local/ssl/include/openssl
>
> Can you demonstrate that the headers used are the 1.0.0d version? For
> example, print the values of the compile-time OpenSSL version macro.
> (OPENSSL_VERSION_NUMBER).
>
> > The path to the libraries using when the application was linked (linker
> > configuration): c:/cygwin/usr/local/ssl/lib
> >I am using libcrypto.a and libssl.a
> > The path to the run-time: I am running the executable within the IDE, so
> I
> > believe the IDE uses the same  lib defined in the linker configuration).
>
> Can you demonstrate that the libraries are the 1.0.0d version? For
> example, print the value of the run-time OpenSSL version (SSLeay()).
>
> Can you post the stack strace from the crash and identify the data
> structures involved, ...
>
> Most likely your compilation environment is mixed.
>
> --
> Viktor.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Cross-compilation of openssl-fips-1.2.2

[Luca Bolognini]

Hallo,I'm trying to cross-compile openssl-fips-1.2.2 for an arm embedded 
device.These are the steps I followed:[bolognini@davinci17 
~/software/openssl-fips-1.2.2]$ export 
CROSS_COMPILE=/opt/ti/codesourcery/bin/arm-none-linux-gnueabi-[bolognini@davinci17
 ~/software/openssl-fips-1.2.2]$ export 
HOSTCC=/usr/lib/ccache/gcc[bolognini@davinci17 ~/software/openssl-fips-1.2.2]$ 
tar zxf openssl-fips-1.2.2.tar.gz[bolognini@davinci17 
~/software/openssl-fips-1.2.2]$ cd openssl-fips-1.2.2[bolognini@davinci17 
~/software/openssl-fips-1.2.2/openssl-fips-1.2.2]$ ./config fipscanisterbuild 
no-asm[bolognini@davinci17 ~/software/openssl-fips-1.2.2/openssl-fips-1.2.2]$ 
makemake[2]: Entering directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2'fips/fipsld: 
line 121: fips/../fips/fips_premain_dso: cannot execute binary filemake[2]: *** 
[link_a.gnu] Error 126make[2]: Leaving directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2'make[1]: *** 
[do_linux-shared] Error 2make[1]: Leaving directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2'make: *** 
[libcrypto.so.0.9.8] Error 2
Then I exported the FIPS_SIG variable:[bolognini@davinci17 
~/software/openssl-fips-1.2.2/openssl-fips-1.2.2]$ export 
FIPS_SIG=/home/bolognini/software/openssl-fips-1.2.2/incoreI put "DEBUG=1" 
inside incore shell script[bolognini@davinci17 
~/software/openssl-fips-1.2.2/openssl-fips-1.2.2]$ makemake[2]: Entering 
directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2/test'TARGET: 
elf32-littlearmFIPS_rodata_end=00042A18FIPS_rodata_start=0003D740FIPS_signature=0004D5ACFIPS_text_end=0003BFFCFIPS_text_start=A728FINGERPRINT_ascii_value=0003D554DOTrodata=0003D550DOTrodata_OFF=00035550DOTtext=90A4DOTtext_OFF=10A4TSTART
 5764TLEN 202964TOFF 10016INCORE_ADJUST -8RSTART 496RLEN 21208ROFF 218944FSTART 
4FLEN 40FOFF 218452embedded:?have to make sure this string is 
uniquecalculated:arm-none-linux-gnueabi-gcc: 
acd69d50872524a1eae4989eb733eba4a173b3a7": No such file or 
directory: warning: missing terminating " 
character../fips/fips_premain.c:71: error: missing terminating " 
character../fips/fips_premain.c:71: error: expected expression before ';' 
token../fips/fips_premain.c: In function 
'FINGERPRINT_premain':../fips/fips_premain.c:92: warning: implicit declaration 
of function 'FIPS_text_start'../fips/fips_premain.c:92: warning: comparison 
between pointer and integermake[2]: *** [link_app.gnu] Error 1make[2]: Leaving 
directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2/test'make[1]: 
*** [fips_shatest] Error 2make[1]: Leaving directory 
`/home/bolognini/software/openssl-fips-1.2.2/openssl-fips-1.2.2/test'make: *** 
[build_tests] Error 1
Can anyone give some hints on this cross-compile procedure?What can cause the 
'missing terminating " character' error?
Thank you in advance,Luca
-Luca bologninil.bologn...@hotmail.it


  

Re: How to embed a CA certificate in a program ?

[Michel]

Hi Albrecht,


I'm still wondering though how I could have found that out myself. :-(

Unfortunately 


reads: "Currently no detailed documentation on how to use the X509_STORE
object is available." Is there some more documentation available
elsewhere, or am I supposed to read the sources?


If you go out of the usual tracks and need something other than the
common TLS client/server application examples, I am afraid the most valuable
resource are the help Dave, Steve, and other nice guys from OpenSSL team
hands out in this mailing list (many thanks, may the Force be with them !).

It is just a pity there is nobody to gather all this information to build a
more consistent documentation. That's what we call 'collaborative work' !

I resolve to do that as soon as I will have spare time and will understand
enough of computer security. I mean when I will retire, around OpenSSL version
n° 9.487.12 or year 2039, whichever comes first.
But you'll need hundreds of people fixing my typos and poor English
sentences...



Hi Michel,
many thanks for this very quick reply !


If I saved you some time, great ! It was my pleasure.

Michel


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org