Re: [openssl-users] How to form a proper hash after writing something into SSL handshake.(Revised)

[Viktor Dukhovni]

> On Dec 29, 2017, at 10:18 PM, Sai Teja Chowdary 
>  wrote:
> 
> I want to send client certificate, client key exchange and client verify in a 
> single handshake message which appears as multiple handshake messages in a 
> single record. But to sent the client verify I need to first make a hash of 
> previous messages(client certificate and client key exchange) to create the 
> signature. I tried framing the record with above three messages and then 
> directly sending the record in the wire using SSL3_write_machine() which is 
> giving me Bad signature error. So i thought of doing a hash of client 
> certificate and client key exchange messages that go before client verify.
> 
> Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX  (or 
> right procedure that needs to be done before creating a certificate verify 
> message)that can do a proper transcript(digest or hash not clear). I tried 
> using ssl3_finish_mac() on the message containing client certificate and 
> client key exchange and then tried to generate the signature in certificate 
> verify message.

There is no such feature, and none is likely to ever be offered.
The reason is that you're essentially trying to write your own
TLS implementation, and SSL library in OpenSSL is provides public
interfaces for SSL users, not for new SSL implementations.

You can of course build your OpenSSL implementation based on the
OpenSSL source code, but figuring out how the code works is then
up to you. :-(

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to form a proper hash after writing something into SSL handshake.(Revised)

[Sai Teja Chowdary]

Hi everyone,

I want to send client certificate, client key exchange and client verify in
a single handshake message which appears as multiple handshake messages in
a single record. But to sent the client verify I need to first make a hash
of previous messages(client certificate and client key exchange) to create
the signature. I tried framing the record with above three messages and
then directly sending the record in the wire using SSL3_write_machine()
which is giving me Bad signature error. So i thought of doing a hash of
client certificate and client key exchange messages that go before client
verify.

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX 
(or right procedure that needs to be done before creating a certificate
verify message)that can do a proper transcript(digest or hash not clear). I
tried using ssl3_finish_mac() on the message containing client certificate
and client key exchange and then tried to generate the signature in
certificate verify message.

But it is giving me a digest check error. I am new to the mailing list want
a bit of help to proceed forward stuck here. Please reply in case if
anything is not clear.

Here is a code snippet, how I am forming the data containing all client
certificate , client key exchange and certificate verify messages inside
write_state_machine().

*if(WPACKET_init(&pkt, s->init_buf)){*
*//Client certificate formation*
* if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){*
*  printf("PROBLEM 1\n");*
*}*
* transition(s);  //transition to next state i.e client key
exchange*
* get_construct_message_f(s, &pkt, &confunc, &mt);*
*//client key exchange formation*
* if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){*
*   printf("PROBLEM 2\n");*
*}*
*//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);*
* st->write_state_work = post_work(s, st->write_state_work);*
* transition(s);  // transition to next state i.e  certificate
verify*
* get_construct_message_f(s, &pkt, &confunc, &mt);*
*//certificate verify message formation.*
* if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) ||
!ssl_close_construct_packet(s,&pkt,mt)){*
*   printf("PROBLEM 3\n");*
*}*
* WPACKET_finish(&pkt);*
*}*

I also tried to do a ssl3_finish_mac() individually after forming Client
certificate and client key exchange (this part is not there in the code but
that way also gave me digest check error.)

Here is the stackoverflow link that i posted the question in. Take a look
at it for the trace snapshot for handshake message that I am trying to form.

Please take a look at it, appreciate every bit of help.

Jordan, thanks for the suggestion i will definitely try to state the error
now on. I am not sure whether SSL_get_error() logs these errors, i tried to
print SSL_get_error() it is returning NULL.

Regards
Saiteja.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Sai Teja Chowdary]

Hi everyone,

I apologize for Comic Sans. And honestly I didn't know using it implies
this many impressions. As I said my other subscription named "Ananthaneni
Saiteja Chowdary" is my outlook account that i use for my office
work(because I am using a QHD resolution my fonts are so small so i
selected the font that looks good for me to read.)  I actually posted two
questions one from this email and other from outlook account. This question
was actually posted through my outlook account in the beginning, and just
as a followup and to include some more information in my question I thought
of asking the question again. So I copied the contents of my previous mail
and added few more info at the end in my Mail app, unfortunately the font
got changed to comic sans. Its not that i knowingly changed the font to
impress or insult. I am a non native English speaker and I sometimes don't
understand the exact emotion or feeling in non-technical conversation.

I am using OpenSSL client to create a custom TLS client which can send or
manipulate the default TLS handshake messages so that i can test for any
bugs in our TLS server implementation. I spent about 4 months in reading
OpenSSL code and making changes and adding new arguments to modify the
default client. So in that process i came across the WPACKET API. For
framing SSL records I had to use it.

I will post the question again in a new thread. Please take a look at it
and help me out.

Regards

Saiteja.

On Sat, Dec 30, 2017 at 12:17 AM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:

>
>
> > On Dec 29, 2017, at 1:34 PM, Michael Wojcik <
> michael.woj...@microfocus.com> wrote:
> >
> > That said, I suspect the larger reason why Saiteja has not had a
> technical response to the original query is that few people on
> openssl-users have experience with using the WPACKET API and other
> low-level operations in the 1.1 codebase. It still might be worth reposting
> without the controversial styling.
>
> More importantly, what problem is the OP really trying to solve?
>
> The WPACKET interface is an internal interface that does not
> appear in any public OpenSSL headers.  It is undocumented and
> subject to change without notice.  The OP should not be using
> this interface, except as part of a code contribution to improve
> the implementation of TLS in the OpenSSL library.
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Viktor Dukhovni]

> On Dec 29, 2017, at 1:34 PM, Michael Wojcik  
> wrote:
> 
> That said, I suspect the larger reason why Saiteja has not had a technical 
> response to the original query is that few people on openssl-users have 
> experience with using the WPACKET API and other low-level operations in the 
> 1.1 codebase. It still might be worth reposting without the controversial 
> styling.

More importantly, what problem is the OP really trying to solve?

The WPACKET interface is an internal interface that does not
appear in any public OpenSSL headers.  It is undocumented and
subject to change without notice.  The OP should not be using
this interface, except as part of a code contribution to improve
the implementation of TLS in the OpenSSL library.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Friday, December 29, 2017 13:04
> 
> > On Dec 29, 2017, at 12:34 PM, Richard Levitte  wrote:
> >
> > Marty, you might want to consider that the values of western society
> > are hardly universal.  Comic Sans isn't as badly seen everywhere, and
> > there's no reason why western society biases should trump any other.
> 
> My issue with the post was that it was just too difficult to read,
> largely as a result of the font.  So I just deleted it and moved on.
> So this has little to do with Western vs. non-Western values.  Written
> communication is most clear when the fonts don't get in the way of the
> content.  Decorative fonts are for party announcements and the like,
> usually in large print on physical posters.

Indeed. This has little to do with "the values of western society", or the 
values of any other community. (Nor, with apologies to Richard, does it have 
much to do with the OpenSSL mailing-list code of conduct; the messages on this 
topic have ranged from curt to civil, but none have been abusive under any 
reasonable definition.)

It has to do with appealing to the intended audience, which of course is one of 
the most critical aspects of writing. I could cite thousands of years of 
rhetorical theory - from cultures European and otherwise - but this is such a 
commonplace that there's no need. Marty's message was a useful, generous, and 
polite response to Saiteja's query. And while his examples were culturally 
specific, his argument was not.

That said, I suspect the larger reason why Saiteja has not had a technical 
response to the original query is that few people on openssl-users have 
experience with using the WPACKET API and other low-level operations in the 1.1 
codebase. It still might be worth reposting without the controversial styling.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Can't build OpenSSL on Windows

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Richard Levitte
> Sent: Friday, December 29, 2017 12:14
> 
> If any of those are newer, 'nmake' will
> automatically reconfigure and ask you to run again.

It's also worth noting that nmake's dependency-graph generation is flaky 
(possibly due to flaws in Windows file timestamping, though I've never tracked 
down the exact cause). I have a number of nmake files that regularly rebuild 
things unnecessarily, and others that sporadically do.

So as Richard said, check the time on the machine and try running nmake again. 
Sometimes it's worth temporarily throttling the CPU to slow the build down a 
bit.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Jordan Brown]

On 12/29/2017 6:00 AM, Marty G wrote:
> For the same reason one doesn't wear a halloween costume to a
> technical meeting, Comic Sans is looked down upon when used outside
> comics and day-care centers.  It is considered a snub to use it in
> non-trivial settings.
>
> Much as lifting up your middle finger has no inherent meaning per se,
> but once one realizes that it definitely has meaning to others and one
> lifts one's middle finger to others anyway, it can only be assumed
> that one has intended to send the message others have assigned to it. 
> So, for whatever vague societal reasons, comic sans has become
> equivalent to wearing a speedo to a formal wedding, giggling
> hysterically during one's performance review, or skipping around the
> track in a tu-tu and clownface during the 440 meter track event at the
> Olympics.  Those are the breaks!  Sorry for your loss of a connotation
> free comic sans.  I feel your pain.  Herd dynamics can be brutal and
> bleak.
>
> http://knowyourmeme.com/memes/comic-sans
> "...While adequate for certain industry sectors like childcare and
> entertainment, its usage in business or professional settings has been
> criticized by many aesthetic-conscious Internet users, who say Comic
> Sans conveys silliness and irreverence that is hardly suitable for
> serious matters:

Committing a fashion faux pas may be gauche, but pointing and laughing
is even more so.  If you think that somebody's choice of fashion is
inappropriate, keep it to yourself or an appropriate gossip forum. 
Congratulations, you've just convinced this newcomer that the
openssl-users group is populated by fashionistas rather than serious
technical people.

The original poster had a technical question.  I don't know enough to
answer it, or I would.  Could somebody who *does* know enough please
take a stab?

Saiteja, one suggestion:  when an error occurs, don't just report that
there was a problem.  Report what the problem was.  Don't these
functions set the results that SSL_get_error( ) returns?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Viktor Dukhovni]

> On Dec 29, 2017, at 12:34 PM, Richard Levitte  wrote:
> 
> Marty, you might want to consider that the values of western society
> are hardly universal.  Comic Sans isn't as badly seen everywhere, and
> there's no reason why western society biases should trump any other.

My issue with the post was that it was just too difficult to read,
largely as a result of the font.  So I just deleted it and moved on.
So this has little to do with Western vs. non-Western values.  Written
communication is most clear when the fonts don't get in the way of the
content.  Decorative fonts are for party announcements and the like,
usually in large print on physical posters.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Richard Levitte]

Marty, you might want to consider that the values of western society
are hardly universal.  Comic Sans isn't as badly seen everywhere, and
there's no reason why western society biases should trump any other.

Also, I'd like to remind everyone that we have a code of conduct,
https://www.openssl.org/community/conduct.html

Cordially,
Richard

In message <7d7e5da5-7ddb-4278-987b-21ce9f7b3...@gmail.com> on Fri, 29 Dec 2017 
09:00:00 -0500, Marty G  said:

martygalyean> For the same reason one doesn't wear a halloween costume to a 
technical meeting, Comic Sans is
martygalyean> looked down upon when used outside comics and day-care centers. 
It is considered a snub to use
martygalyean> it in non-trivial settings.
martygalyean> 
martygalyean> Much as lifting up your middle finger has no inherent meaning per 
se, but once one realizes that it
martygalyean> definitely has meaning to others and one lifts one's middle 
finger to others anyway, it can only be
martygalyean> assumed that one has intended to send the message others have 
assigned to it. So, for whatever
martygalyean> vague societal reasons, comic sans has become equivalent to 
wearing a speedo to a formal
martygalyean> wedding, giggling hysterically during one's performance review, 
or skipping around the track in a
martygalyean> tu-tu and clownface during the 440 meter track event at the 
Olympics. Those are the breaks!
martygalyean> Sorry for your loss of a connotation free comic sans. I feel your 
pain. Herd dynamics can be brutal
martygalyean> and bleak.
martygalyean> 
martygalyean> http://knowyourmeme.com/memes/comic-sans
martygalyean> "...While adequate for certain industry sectors like childcare 
and entertainment, its usage in
martygalyean> business or professional settings has been criticized by many 
aesthetic-conscious Internet users,
martygalyean> who say Comic Sans conveys silliness and irreverence that is 
hardly suitable for serious
martygalyean> matters:
martygalyean> 
martygalyean> On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:
martygalyean> 
martygalyean>  Why? What is the problem with Comic Sans. I like it!
martygalyean> 
martygalyean>  You can say more if you have something useful.
martygalyean> 
martygalyean>  Thanks
martygalyean> 
martygalyean>  Saiteja.
martygalyean> 
martygalyean>  From: Michael Sierchio
martygalyean>  Sent: Friday, December 29, 2017 10:38 AM
martygalyean>  To: openssl-users@openssl.org
martygalyean>  Subject: Re: [openssl-users] How to form a proper hash after 
writing somethinginto SSL
martygalyean>  handshake.
martygalyean> 
martygalyean>  Comic Sans. Need I say more?
martygalyean> 
martygalyean>  On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary 

martygalyean>  wrote:
martygalyean> 
martygalyean>  Hi,
martygalyean> 
martygalyean>  Happy Holidays everyone.
martygalyean> 
martygalyean>  I want to send client certificate, client key exchange and 
client verify in a single handshake
martygalyean>  message which appears as multiple handshake messages in a single 
record. But to sent
martygalyean>  the client verify I need to first make a hash of previous 
messages(client certificate and
martygalyean>  client key exchange) to create the signature.
martygalyean> 
martygalyean>  Can anyone help me to find the function in OpenSSL 1.1.1-dev xx 
XXX  (or right
martygalyean>  procedure that needs to be done before creating a certificate 
verify message)that can do
martygalyean>  a proper transcript(digest or hash not clear). I tried using 
ssl3_finish_mac() on the
martygalyean>  message containing client certificate and client key exchange 
and then tried to generate
martygalyean>  the signature in certificate verify message.
martygalyean> 
martygalyean>  But it is giving me a digest error. I am new to the mailing list 
want a bit of help to proceed
martygalyean>  forward stuck here. Please reply in case if anything is not 
clear.
martygalyean> 
martygalyean>  Here is a code snippet, how I am forming the data containing all 
client certificate , client
martygalyean>  key exchange and certificate verify messages inside 
write_state_machine().
martygalyean> 
martygalyean>  if(WPACKET_init(&pkt, s->init_buf)){
martygalyean> 
martygalyean>  //Client certificate formation
martygalyean> 
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean> 
martygalyean>  printf("PROBLEM\n");
martygalyean> 
martygalyean>  }
martygalyean> 
martygalyean>  transition(s); //transition to next state i.e client key exchange
martygalyean> 
martygalyean>  get_construct_message_f(s, &pkt, &confunc, &mt);
martygalyean> 
martygalyean>  //client key exchange formation
martygalyean> 
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean> 
martygalyean>  printf("AGAIN A PROBLEMO\n");
martygalyean> 
martygalyean>  }
martyg

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Michael Wojcik]

And to be honest, specifying any font for a technical or business email message 
(rather than simply letting the MUA use the user's default) is suspect. It says 
that you believe your stylistic preferences are more important than the 
reader's. That's a poor footing to begin a request for assistance or 
cooperation.

Personally, due to Outlook's terrible handling of HTML email (particularly in 
formatting replies), I am considerably more likely to reply to a plain-text 
message posted to openssl-users than I am to an HTML one. That may well be a 
personal idiosyncrasy, but the general principle of not making your message any 
more complicated than it needs to be is worth keeping in mind.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Can't build OpenSSL on Windows

[Richard Levitte]

In message <20171229145927.2201-1-mar...@eclypsium.com> on Fri, 29 Dec 2017 
11:59:27 -0300, Martin Galvan  said:

omgalvan.86> Well, after a couple more tries it seems to be working now. I 
don't get the
omgalvan.86> same error as before, but rather a complaint about stddef.h not 
being found.
omgalvan.86> I'm guessing that's more of a Visual Studio problem, so I'll look 
into that.

Ok, so this is a timestamp thing.  I had a system once where this
happened, because some of the files configdata.pm depended on were
timestamped in the future.  It turned out that the time of that
systems was badly set (in the past), so it took that time difference
before 'mms' (this was a VMS machine, 'mms' is the 'make' command
there) stopped reconfiguring.

configdata.pm depends on Configure, Configurations/*.conf,
Configurations/*.pl, Configurations/*.tmpl, and all the
build.info files.  If any of those are newer, 'nmake' will
automatically reconfigure and ask you to run again.

Timing is everything ;-)

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Padding for RSA signatures

[Matt Caswell]

Some comments inserted below.

Matt

On 29/12/17 15:20, Gelareh Taban wrote:
> Hi all,
> 
> Any help would be *much* appreciated. I am playing around with RSA
> signatures with different padding options and I have some questions.
> 
> I am trying to define different padding options and so am defining and
> using a EVP_PKEY_CTX . However I am not sure if this padding is getting
> used in the signature since  my Verify outputs OK regardless of which
> option my Sign uses. Which leads to:
> 
> 1 - Do I need to use a EVP_PKEY_CTX with the same options when doing
> verify? If so, I assume I can't reuse the same PKey_Ctx and I have to
> define another one. Right now even when I don't use any EVP_PKEY_CTX in
> Verify, I still verify OK, which makes me question if the padding option
> has been set.

It hasn't. The call to EVP_DigestSignInit() expects an EVP_PKEY_CTX **.
This is because that function creates its *own* EVP_PKEY_CTX * and
stores it in the location you provide (if you give one). In your code
the EVP_PKEY_CTX you are creating is being overwritten by the one
created by EVP_DigestSignInit(). From the documentation:

  EVP_DigestSignInit() sets up signing context ctx to use digest type
  from ENGINE impl and private key pkey. ctx must be created with
  EVP_MD_CTX_new() before calling this function. If pctx is not NULL the
  EVP_PKEY_CTX of the signing operation will be written to *pctx: this
  can be used to set alternative signing options.

Try removing the creation of your own EVP_PKEY_CTX *, and moving the
EVP_PKEY_CTX_set_rsa_padding() call to after EVP_DigestSignInit().

> 
> 2 - Is there a way to figure out what padding/hashing/etc option was
> used for the Sign/verify operation? This way I can be sure what
> algorithm or standard is being used. 
> 
> 3 - Do I need to set the hash function I am using in both EVP_PKEY_CTX 
> as well as EVP_MD_CTX ? Or the latter is what defines this for the
> signing option?

You only need to specify the hash function in
EVP_DigestSignInit()/EVP_DigestVerifyInit().

To answer your question in the code, there is no need to call
EVP_PKEY_CTX_set_signature_md() directly in this scenario. It is called
for you by EVP_DigestSignInit()/EVP_DigestVerifyInit().

> 
> 4 - In general, is there a way of making the Signature/Encryptions in
> OpenSSL be deterministic for debugging/testing purposes? >
> 5 - I noticed that there are two ways of determining the signature size:
> (a) by calling EVP_PKEY_size(rsaKeypair) as I am doing below, as well as
> (b) calling EVP_DigestSignFinal(md_ctx, nil, &sig_len) . Is one better
> than the other? 

The former gives you a maximum bound on the size of the signature before
the signature is created. The latter gives you the *actual* size of the
signature that is generated (which could be smaller).


> 
> My sample code is below for reference. It's in Swift (but it should
> still be close enough to C to be readable). Also in Swift, some of the
> complex macros in OpenSSL have to be broken down to be compilable hence
> my usage of EVP_DigestUpdate instead of EVP_DigestVerifyUpdate .
> 
> Thanks in advance for any insight in the above.
> 
> cheers!
> Gelareh
> 
> 
>         let md_ctx = EVP_MD_CTX_create()
> 
>         let md_ctx_verify = EVP_MD_CTX_create()
> 
>         
> 
>         // To define padding option used in signature
> 
>         let pkey_ctx = EVP_PKEY_CTX_new(rsaKeypair, nil)
> 
>         
> 
>         // EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING) -
> complex macro needs to be replaced
> 
>         EVP_PKEY_CTX_ctrl(pkey_ctx, EVP_PKEY_RSA, -1,
> EVP_PKEY_CTRL_RSA_PADDING, RSA_X931_PADDING, nil)
> 
> 
>         // EVP_PKEY_CTX_set_signature_md() When should this be set?
> 
>         
> 
>         //  SIGN
> 
>         var rc = EVP_DigestSignInit(md_ctx, &pkey_ctx, EVP_sha256(),
> nil, myRSA.rsaKeypair)
> 
>         // EVP_DigestSignUpdate(md_ctx, message, message.count)
> 
>         // Complex macro needs to be replaced
> 
>         rc = EVP_DigestUpdate(md_ctx, message, message.count)
> 
>         
> 
>         // allocate memory for signature
> 
>         var sig_len: Int = Int(EVP_PKEY_size(rsaKeypair))
> 
>         let sig = UnsafeMutablePointer.allocate(capacity: sig_len)
> 
> 
>         rc = EVP_DigestSignFinal(md_ctx, sig, &sig_len)
> 
>       
> 
>         
> 
>         // VERIFY
> 
>         rc = EVP_DigestVerifyInit(md_ctx_verify, nil, EVP_sha256(), nil,
> rsaKeypair)
> 
> 
>         //        rc = EVP_DigestVerifyUpdate(md_ctx_verify, message,
> message.count)
> 
>         rc = EVP_DigestUpdate(md_ctx_verify, message, message.count)
> 
>        
> 
>         rc = EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)
> 
>         print("signature verified = \(rc == 1? "OK": "FAIL")")
> 
>         
> 
> 
> 
> 
> 
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Padding for RSA signatures

[Gelareh Taban]

Hi all,

Any help would be *much* appreciated. I am playing around with RSA
signatures with different padding options and I have some questions.

I am trying to define different padding options and so am defining and
using a EVP_PKEY_CTX . However I am not sure if this padding is getting
used in the signature since  my Verify outputs OK regardless of which
option my Sign uses. Which leads to:

1 - Do I need to use a EVP_PKEY_CTX with the same options when doing
verify? If so, I assume I can't reuse the same PKey_Ctx and I have to
define another one. Right now even when I don't use any EVP_PKEY_CTX in
Verify, I still verify OK, which makes me question if the padding option
has been set.

2 - Is there a way to figure out what padding/hashing/etc option was used
for the Sign/verify operation? This way I can be sure what algorithm or
standard is being used.

3 - Do I need to set the hash function I am using in both EVP_PKEY_CTX  as
well as EVP_MD_CTX ? Or the latter is what defines this for the signing
option?

4 - In general, is there a way of making the Signature/Encryptions in
OpenSSL be deterministic for debugging/testing purposes?

5 - I noticed that there are two ways of determining the signature size:
(a) by calling EVP_PKEY_size(rsaKeypair) as I am doing below, as well as
(b) calling EVP_DigestSignFinal(md_ctx, nil, &sig_len) . Is one better than
the other?

My sample code is below for reference. It's in Swift (but it should still
be close enough to C to be readable). Also in Swift, some of the complex
macros in OpenSSL have to be broken down to be compilable hence my usage of
EVP_DigestUpdate instead of EVP_DigestVerifyUpdate .

Thanks in advance for any insight in the above.

cheers!
Gelareh


let md_ctx = EVP_MD_CTX_create()

let md_ctx_verify = EVP_MD_CTX_create()



// To define padding option used in signature

let pkey_ctx = EVP_PKEY_CTX_new(rsaKeypair, nil)



// EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING) -
complex macro needs to be replaced

EVP_PKEY_CTX_ctrl(pkey_ctx, EVP_PKEY_RSA, -1,
EVP_PKEY_CTRL_RSA_PADDING, RSA_X931_PADDING, nil)


// EVP_PKEY_CTX_set_signature_md() When should this be set?



//  SIGN

var rc = EVP_DigestSignInit(md_ctx, &pkey_ctx, EVP_sha256(), nil,
myRSA.rsaKeypair)

// EVP_DigestSignUpdate(md_ctx, message, message.count)

// Complex macro needs to be replaced

rc = EVP_DigestUpdate(md_ctx, message, message.count)



// allocate memory for signature

var sig_len: Int = Int(EVP_PKEY_size(rsaKeypair))

let sig = UnsafeMutablePointer.allocate(capacity: sig_len)


rc = EVP_DigestSignFinal(md_ctx, sig, &sig_len)





// VERIFY

rc = EVP_DigestVerifyInit(md_ctx_verify, nil, EVP_sha256(), nil,
rsaKeypair)


//rc = EVP_DigestVerifyUpdate(md_ctx_verify, message,
message.count)

rc = EVP_DigestUpdate(md_ctx_verify, message, message.count)



rc = EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)

print("signature verified = \(rc == 1 ? "OK" : "FAIL")")
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Can't build OpenSSL on Windows

[Martin Galvan]

Well, after a couple more tries it seems to be working now. I don't get the
same error as before, but rather a complaint about stddef.h not being found.
I'm guessing that's more of a Visual Studio problem, so I'll look into that.

Thanks.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Can't build OpenSSL on Windows

[Martin Galvan]

Hi Richard,

> You simply need to do exactly what you're told, i.e. run 'nmake'
> again.
>
> If that happens again and again, then you have a problem.  If I were
> in your shoes, I'd look pretty hard at file time stamps to see if I
> could figure it out from there.

I ran it several times and saw the same thing every time. What file timestamps
do I have to look at? What should I figure out from there?

I forgot to mention, I'm on Windows 10, and am building for VC-WIN64A. I also
set a non-standard --prefix when running configure (it's an existing folder
I can write to).
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Marty G]

For the same reason one doesn't wear a halloween costume to a technical 
meeting, Comic Sans is looked down upon when used outside comics and 
day-care centers.  It is considered a snub to use it in non-trivial 
settings.


Much as lifting up your middle finger has no inherent meaning per se, 
but once one realizes that it definitely has meaning to others and one 
lifts one's middle finger to others anyway, it can only be assumed that 
one has intended to send the message others have assigned to it.  So, 
for whatever vague societal reasons, comic sans has become equivalent to 
wearing a speedo to a formal wedding, giggling hysterically during one's 
performance review, or skipping around the track in a tu-tu and 
clownface during the 440 meter track event at the Olympics.  Those are 
the breaks!  Sorry for your loss of a connotation free comic sans.  I 
feel your pain.  Herd dynamics can be brutal and bleak.


http://knowyourmeme.com/memes/comic-sans
"...While adequate for certain industry sectors like childcare and 
entertainment, its usage in business or professional settings has been 
criticized by many aesthetic-conscious Internet users, who say Comic 
Sans conveys silliness and irreverence that is hardly suitable for 
serious matters:


On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:


Why? What is the problem with Comic Sans. I like it!

You can say more if you have something useful.

Thanks

Saiteja.

*From: *Michael Sierchio 
*Sent: *Friday, December 29, 2017 10:38 AM
*To: *openssl-users@openssl.org 
*Subject: *Re: [openssl-users] How to form a proper hash after writing 
somethinginto SSL handshake.


Comic Sans. Need I say more?

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary 
> wrote:


Hi,

Happy Holidays everyone.

I want to send client certificate, client key exchange and client
verify in a single handshake message which appears as multiple
handshake messages in a single record. But to sent the client
verify I need to first make a hash of previous messages(client
certificate and client key exchange) to create the signature.

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx
XXX  (or right procedure that needs to be done before creating
a certificate verify message)that can do a proper
transcript(digest or hash not clear). I tried using
*ssl3_finish_mac() *on the message containing client certificate
and client key exchange and then tried to generate the signature
in certificate verify message.

But it is giving me a digest error. I am new to the mailing list
want a bit of help to proceed forward stuck here. Please reply in
case if anything is not clear.

Here is a code snippet, how I am forming the data containing all
client certificate , client key exchange and certificate verify
messages inside write_state_machine().

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){

printf("PROBLEM\n");

    }

 transition(s); //transition to next state i.e client
key exchange

get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){

   printf("AGAIN A PROBLEMO\n");

    }

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

st->write_state_work = post_work(s, st->write_state_work);

 transition(s);  // transition to next state i.e
 certificate verify

get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
!confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){

   printf("AGAIN A PROBLEMO\n");

    }

WPACKET_finish(&pkt);

Please take a look at it, appreciate every bit of help.

Regards,

Saiteja


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--

"Well," Brahma said, "even after ten thousand explanations, a fool is 
no wiser, but an intelligent person requires only two thousand five 
hundred."



- The Mahābhārata





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

[Sai Teja Chowdary]

Why? What is the problem with Comic Sans. I like it!

You can say more if you have something useful.

Thanks

Saiteja.

From: Michael Sierchio
Sent: Friday, December 29, 2017 10:38 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] How to form a proper hash after writing 
somethinginto SSL handshake.


Comic Sans. Need I say more?

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary 
 wrote:
 
Hi,
 
Happy Holidays everyone.
 
I want to send client certificate, client key exchange and client verify in a 
single handshake message which appears as multiple handshake messages in a 
single record. But to sent the client verify I need to first make a hash of 
previous messages(client certificate and client key exchange) to create the 
signature.
 
Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX  (or 
right procedure that needs to be done before creating a certificate verify 
message)that can do a proper transcript(digest or hash not clear). I tried 
using ssl3_finish_mac() on the message containing client certificate and client 
key exchange and then tried to generate the signature in certificate verify 
message.
But it is giving me a digest error. I am new to the mailing list want a bit of 
help to proceed forward stuck here. Please reply in case if anything is not 
clear.
 
Here is a code snippet, how I am forming the data containing all client 
certificate , client key exchange and certificate verify messages inside 
write_state_machine().
 
if(WPACKET_init(&pkt, s->init_buf)){
//Client certificate formation
 if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||     !ssl_close_construct_packet(s,&pkt,mt)){
  printf("PROBLEM\n");
    }
 transition(s);  //transition to next state i.e client key exchange
 
 get_construct_message_f(s, &pkt, &confunc, &mt);
//client key exchange formation
 if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||     !ssl_close_construct_packet(s,&pkt,mt)){
   printf("AGAIN A PROBLEMO\n");
    }
 
//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
 st->write_state_work = post_work(s, st->write_state_work);
 transition(s);  // transition to next state i.e  certificate verify
 
 get_construct_message_f(s, &pkt, &confunc, &mt);
//certificate verify message formation.
 if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||          
!ssl_close_construct_packet(s,&pkt,mt)){
   printf("AGAIN A PROBLEMO\n");
    }
 WPACKET_finish(&pkt);
 
 
Please take a look at it, appreciate every bit of help.
 
Regards,
Saiteja
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




-- 
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, 
but an intelligent person requires only two thousand five hundred."

- The Mahābhārata

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Can't build OpenSSL on Windows

[Richard Levitte]

In message <20171228221837.2608-1-mar...@eclypsium.com> on Thu, 28 Dec 2017 
19:18:37 -0300, Martin Galvan  said:

omgalvan.86> Hi all,
omgalvan.86> 
omgalvan.86> I'm trying to build OpenSSL on Windows. I'm using the nmake that 
came with
omgalvan.86> Visual Studio 2017, NASM, ActivePerl and have installed the 
Test::More and
omgalvan.86> Test::Template modules. nmake, perl and nasm are all visible in my 
system Path
omgalvan.86> variable. This is what I'm seeing:
omgalvan.86> 
omgalvan.86> C:\Users\e1\openssl\source>perl Configure VC-WIN64A 
--prefix=\c\Users\e1\openssl\install-windows no-comp no-zlib
omgalvan.86> Configuring OpenSSL version 1.1.0g (0x1010007fL)
omgalvan.86> no-asan [default]  OPENSSL_NO_ASAN
omgalvan.86> no-comp [option]   OPENSSL_NO_COMP (skip dir)
omgalvan.86> no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG
omgalvan.86> no-crypto-mdebug-backtrace [default]  
OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
omgalvan.86> no-ec_nistp_64_gcc_128 [default]  
OPENSSL_NO_EC_NISTP_64_GCC_128
omgalvan.86> no-egd  [default]  OPENSSL_NO_EGD
omgalvan.86> no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL
omgalvan.86> no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER
omgalvan.86> no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS
omgalvan.86> no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
omgalvan.86> no-msan [default]  OPENSSL_NO_MSAN
omgalvan.86> no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
omgalvan.86> no-sctp [default]  OPENSSL_NO_SCTP
omgalvan.86> no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE
omgalvan.86> no-ssl3 [default]  OPENSSL_NO_SSL3
omgalvan.86> no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD
omgalvan.86> no-ubsan[default]  OPENSSL_NO_UBSAN
omgalvan.86> no-unit-test[default]  OPENSSL_NO_UNIT_TEST
omgalvan.86> no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS
omgalvan.86> no-zlib [option]
omgalvan.86> no-zlib-dynamic [default]
omgalvan.86> Configuring for VC-WIN64A
omgalvan.86> CC=cl
omgalvan.86> CFLAG =-W3 -wd4090 -Gs0 -GF -Gy -nologo 
-DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-DUNICODE -D_UNICODE /MD /O2
omgalvan.86> SHARED_CFLAG  =
omgalvan.86> DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG 
OPENSSL_THREADS OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 
OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM 
SHA256_ASM SHA512_ASM RC4_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM 
ECP_NISTZ256_ASM PADLOCK_ASM POLY1305_ASM
omgalvan.86> LFLAG =/nologo /debug
omgalvan.86> PLIB_LFLAG=
omgalvan.86> EX_LIBS   =ws2_32.lib gdi32.lib advapi32.lib crypt32.lib 
user32.lib
omgalvan.86> APPS_OBJ  =win32_init.o ../ms/applink.o
omgalvan.86> CPUID_OBJ =x86_64cpuid.o
omgalvan.86> UPLINK_OBJ=../ms/uplink.o uplink-x86_64.o
omgalvan.86> BN_ASM=bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o 
rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
omgalvan.86> EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
omgalvan.86> DES_ENC   =des_enc.o fcrypt_b.o
omgalvan.86> AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o 
aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
omgalvan.86> BF_ENC=bf_enc.o
omgalvan.86> CAST_ENC  =c_enc.o
omgalvan.86> RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
omgalvan.86> RC5_ENC   =rc5_enc.o
omgalvan.86> MD5_OBJ_ASM   =md5-x86_64.o
omgalvan.86> SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o 
sha1-mb-x86_64.o sha256-mb-x86_64.o
omgalvan.86> RMD160_OBJ_ASM=
omgalvan.86> CMLL_ENC  =cmll-x86_64.o cmll_misc.o
omgalvan.86> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
omgalvan.86> PADLOCK_OBJ   =e_padlock-x86_64.o
omgalvan.86> CHACHA_ENC=chacha-x86_64.o
omgalvan.86> POLY1305_OBJ  =poly1305-x86_64.o
omgalvan.86> BLAKE2_OBJ=
omgalvan.86> PROCESSOR =
omgalvan.86> RANLIB=true
omgalvan.86> ARFLAGS   =/nologo
omgalvan.86> PERL  =C:\Perl64\bin\perl.exe
omgalvan.86> 
omgalvan.86> SIXTY_FOUR_BIT mode
omgalvan.86> 
omgalvan.86> Configured for VC-WIN64A.
omgalvan.86> 
omgalvan.86> And then:
omgalvan.86> 
omgalvan.86> C:\Users\e1\openssl\source>nmake
omgalvan.86> 
omgalvan.86> Microsoft (R) Program Maintenance Utility Version 14.11.25547.0
omgalvan.86> Copyright (C) Microsoft Corporation.  All rights reserved.
omgalvan.86> 
omgalvan.86> "Detected changed: ".\Configure" 
"Configurations\windows-makefile.tmpl" "Configurations\common.tmpl"
omgalvan.86> "build.info" "crypto\build.info" "ssl\build.info" 
"engines\build.info" "apps\build.info"
omgalvan.86> "test\build.info" "util\build.info" "tools\build.info" 
"fuzz\build.info" "crypto\objects\build.info"
omgalvan.86> "crypto\md4\build.info" "crypto\md5\build.info" 
"crypto\sha\build.info" "crypto\mdc2\build.info"
omgalvan.86> "crypto\hmac\build.info" "crypto\ripemd\build.