September 6th Security Advisory
I noticed that the advisory mentions OpenSSL 0.9.8s, however, I haven't seen an announcement or tarball posted for this version, yet. Can we expect this version to be released or was the mention of OpenSSL 0.9.8s a mere typo?"This issue applies to OpenSSL 0.9.8 through 0.9.8s (experimental "ECCdraft" ciphersuites) and to OpenSSL 1.0.0 through 1.0.0d."Unfortunately, we cannot upgrade to the 1.0.0 series until the new FIPS module is released, since 1.0.0 doesn't compile with the current FIPS module.Thanks!James __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: REMOVE my address from your mailing list, please
unsubscribe here: http://www.openssl.org/support/community.html From: owner-openssl-us...@openssl.org on behalf of Anh Pham Sent: Wed 9/7/2011 3:23 AM To: openssl-users@openssl.org Subject: REMOVE my address from your mailing list, please Remove my address from the mailing list, please
How to deal with new OIDs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, in a project I maintain I have to deal with OIDs not contained within OpenSSL. In particular, I use OpenSSL to parse ASN1 encoded data containing OIDs (using the Macros from asn1t.h) and do switch-case statements on the resulting NIDs. Until now I used to patch OpenSSL (adding the OIDs to objects.txt and running the objects.pl script to generate the NIDs) to contain my OIDs but this approach is far from ideal. I know that I can add new OIDs to OpenSSL internals table using the OBJ_create function. So I could add all my OIDs in a library initialization function and save the resulting NIDs in some global data structure. But, as the man page already mentions, I can't use these NIDs for switch-case statements and probably also not for the ASN1 macros. So I would like to ask if there are any best practices on how to deal with this kind of problem. I'm pretty sure that other people must have already encountered this problem, but I couldn't find any code or documentation on how to deal with it. Best regards, Dominik -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5nqm0ACgkQ8RP9uQqpDVTEEgCbBFj48Nf1MqdcPnqm3z4nQBxd KK0An1sjuz/vOrEsPo1KTgJESlQ8O7Kz =D9st -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Unsupported prf error when reading an RSA private key
(Note: CC'd to the Keyczar mailing list. Apologies to anyone who's on both lists.) I'm getting errors that I don't really understand from PEM_read_vio_PrivateKey on Mac OS X 10.6 (the error does not occur on Linux, so it's version/platform-related). The error is occurring in a unit test in the Keyczar project (http://keyczar.org). The test is trying to export and then import an RSA private key (actually, the same problem shows up when working with DSA and ECDSA keys, but I'm focusing on RSA at the moment). The export is done with: PEM_write_bio_PKCS8PrivateKey(out, key, cipher, NULL, 0, NULL, passphrase); where key is an EVP_PKEY pointer and cipher was obtained by calling EVP_aes_128_cbc(). The export returns 1indicating success. The import is then done by calling: PEM_read_bio_PrivateKey(in, NULL, NULL, passphrase); The error text is: error:0607607D:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported prf error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib It appears to me that openssl is trying to use some pseudo-random function (PRF) that it doesn't have, apparently while trying to generate an IV. But that raises some questions. 1. Why is it trying to generate an IV when trying to _read_ a PEM file. It should be decrypting, not encrypting. 2. Why is it trying to use an algorithm it doesn't have? Is there a way I can tell it to use a different one? 3. Why does this only happen on OS X? Is the Mac version of the lib different in some way? This is with the version of the openssl tools and libs distributed by Apple. openssl version reports OpenSSNL 0.9.8r 8 Feb 2011. I've also tested it with a version of openssl installed via Macports, which reports OpenSSL 1.0.0d 8 Feb 2011. If you want to look at the actual source code, the unit test is in: http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc and the functions that do the reading and writing are in: http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc Thanks, Shawn __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unsupported prf error when reading an RSA private key
On Wed, Sep 07, 2011, Shawn Willden wrote: (Note: CC'd to the Keyczar mailing list. Apologies to anyone who's on both lists.) I'm getting errors that I don't really understand from PEM_read_vio_PrivateKey on Mac OS X 10.6 (the error does not occur on Linux, so it's version/platform-related). The error is occurring in a unit test in the Keyczar project (http://keyczar.org). The test is trying to export and then import an RSA private key (actually, the same problem shows up when working with DSA and ECDSA keys, but I'm focusing on RSA at the moment). The export is done with: PEM_write_bio_PKCS8PrivateKey(out, key, cipher, NULL, 0, NULL, passphrase); where key is an EVP_PKEY pointer and cipher was obtained by calling EVP_aes_128_cbc(). The export returns 1indicating success. The import is then done by calling: PEM_read_bio_PrivateKey(in, NULL, NULL, passphrase); The error text is: error:0607607D:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported prf error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib It appears to me that openssl is trying to use some pseudo-random function (PRF) that it doesn't have, apparently while trying to generate an IV. But that raises some questions. 1. Why is it trying to generate an IV when trying to _read_ a PEM file. It should be decrypting, not encrypting. Well it is technically deriving the key from the passphrase and it needs to generate the same key and IV as used when encrypting: though in the case of that algorithm the IV is in plain text. 2. Why is it trying to use an algorithm it doesn't have? Is there a way I can tell it to use a different one? 3. Why does this only happen on OS X? Is the Mac version of the lib different in some way? Have you included OpenSSL_add_all_algorithms()? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to deal with new OIDs
On Wed, Sep 07, 2011, Dominik Oepen wrote: Hi all, in a project I maintain I have to deal with OIDs not contained within OpenSSL. In particular, I use OpenSSL to parse ASN1 encoded data containing OIDs (using the Macros from asn1t.h) and do switch-case statements on the resulting NIDs. Until now I used to patch OpenSSL (adding the OIDs to objects.txt and running the objects.pl script to generate the NIDs) to contain my OIDs but this approach is far from ideal. I know that I can add new OIDs to OpenSSL internals table using the OBJ_create function. So I could add all my OIDs in a library initialization function and save the resulting NIDs in some global data structure. But, as the man page already mentions, I can't use these NIDs for switch-case statements and probably also not for the ASN1 macros. So I would like to ask if there are any best practices on how to deal with this kind of problem. I'm pretty sure that other people must have already encountered this problem, but I couldn't find any code or documentation on how to deal with it. That is problematical because if you change objects.txt you end up creating new NIDs which are pretty much guaranteed to be incomaptible with future version of OpenSSL that add new OIDs. The best you can do is to check if the OID exists using for example OBJ_txt2nid() and if not create it using OBJ_create(). Using dynamically created nids for any defined by structure isn't currently possible using the macros. I can see two options both a bit messy. One is to manualy encode the relevant field by using the catch all ASN1_TYPE structure. Another is to create the structures needed by the macros i.e an ASN1_ADB_TABLE_st but which is *not* const so you can write the relevant values dynamically at runtime. Looking through the macros that should only require that you redefine the ASN1_ADB macro. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unsupported prf error when reading an RSA private key
On Wed, Sep 7, 2011 at 12:15 PM, Dr. Stephen Henson st...@openssl.orgwrote: Have you included OpenSSL_add_all_algorithms()? Yes. Here's a more complete snippet: // Ciphers table requires to be loaded. OpenSSL_add_all_ciphers(); ScopedEVPPKey evp_pkey; // The first NULL value means we are not implementing our own password // callback function but that we will rely on the default one instead. if (passphrase != NULL) evp_pkey.reset(PEM_read_bio_PrivateKey( in.get(), NULL, NULL, const_castchar*(passphrase-c_str(; else evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL)); // Removes the ciphers from the table. EVP_cleanup(); -- Shawn Willden | Software Engineer | swill...@google.com | Commerce Team
Re: Unsupported prf error when reading an RSA private key
On Wed, Sep 07, 2011, Shawn Willden wrote: On Wed, Sep 7, 2011 at 12:15 PM, Dr. Stephen Henson st...@openssl.orgwrote: Have you included OpenSSL_add_all_algorithms()? Yes. Here's a more complete snippet: // Ciphers table requires to be loaded. OpenSSL_add_all_ciphers(); ScopedEVPPKey evp_pkey; // The first NULL value means we are not implementing our own password // callback function but that we will rely on the default one instead. if (passphrase != NULL) evp_pkey.reset(PEM_read_bio_PrivateKey( in.get(), NULL, NULL, const_castchar*(passphrase-c_str(; else evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL)); // Removes the ciphers from the table. EVP_cleanup(); Hmm... that's peculiar. Do you get the same error with the openssl utility on a private key you created? For example: openssl rsa -in key.pem If you do then please check if a key created on that platform produces that error on another platform. Explanation: I'm trying to see if the problem is writing the encrypted key or reading it in. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org