[openssl-users] Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q. These releases will be made available on 20th November 2018 between approximately 1300-1700 UTC. These are bug-fix releases. They also contain the fixes for three LOW severity security issues CVE-2018-0735, CVE-2018-0734 and CVE-2018-5407 which were previously announced here: https://www.openssl.org/news/secadv/20181029.txt https://www.openssl.org/news/secadv/20181030.txt https://www.openssl.org/news/secadv/20181112.txt CVE-2018-0735 only affects the 1.1.0 branch. CVE-2018-0734 affects the 1.1.1, 1.1.0 and 1.0.2 branches. CVE-2018-5407 affects the 1.0.2 branch. It also affects older 1.1.0 releases before 1.1.0i. Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Extracting decrypt key for AES from openssl on client side
> On Nov 14, 2018, at 6:54 AM, Hemant Ranvir wrote: > > My main goal here is to use openssl for initial handshake sequence. Once the > connection is established between server and client, decrypt the incoming > message (this time not using the openssl api but rather by using the decrypt > AES function implemented earlier) This makes no sense, because TLS does not just emit a simple CBC encrypted stream after performing the handshake. So you can't do that. Use SSL_read()/SSL_write, and let the library do the message decryption/encryption for you. When done use SSL_shutdown() to cleanly terminate the stream, and depending on the application protocol, make wait for the peer's SSL_shutdown() in turn to avoid truncation attacks where completion of the stream is not implied by the higher level protocol. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] File permissions on keys, csr, and certificates
root:root, chmod 400. And ideally your Root CA files should not be hosted on your web server, otherwise a server compromise also compromises your root authority. https://redmine.lighttpd.net/projects/1/wiki/docs_ssl Permissions Be careful to keep your .pem file private! Lighttpd reads all pemfiles at startup, before dropping privileges. It is therefore best to make the pem file owned by root and readable by root only: $ chown root:root /etc/lighttpd/ssl/example.org.pem $ chmod 400 /etc/lighttpd/ssl/example.org.pem On Fri, Nov 9, 2018 at 10:04 PM Ikwyl6 via openssl-users wrote: > > Hi - I created a question on Super User about questions on file permissions > and what the file permissions should be on created files. See link here: > > https://superuser.com/questions/1368747/file-permissions-for-openssl-created-files-for-https-web-server-lighttpd > > Could someone comment on what file permissions should be on each file and who > should own them. > > Thank you. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Extracting decrypt key for AES from openssl on client side
I have implemented AES 128 encrypt and decrypt functions and tested it with
sample data and it checks out perfectly. I used the following reference:
https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf
Next I implemented a dummy SSL client and SSL server which uses openssl to
send and receive data. It is working without any error and the messages are
exchanged seamlessly.
My main goal here is to use openssl for initial handshake sequence. Once
the connection is established between server and client, decrypt the
incoming message (this time not using the openssl api but rather by using
the decrypt AES function implemented earlier) and print and similarly for
outgoing message. We will focus on incoming messages.
For this of course I will need the decrypt key and IV. I got the decrypt
key(read key) on client side like following: (ssl is the SSL* structure of
openssl for the established connection, I am accessing the source code
structures of openssl directly)
//following struct copied from crypto/evp/e_aes.c
typedef struct {
union {
double align;
AES_KEY ks;
} ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_AES_KEY;
[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key --> this is the decrypt key
I used this key to decrypt the incoming message with the AES decrypt
function but in vain.
Now AES is symmetric encryption so I thought let me check the
encrypt(write) key on the server side. The encrypt key on server should be
equal to decrypt key on client side. I got the encrypt key on server like
following:
[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key --> this is the encrypt key
To my surprise they are different. Now if I use the above encrypt key of
server to decrypt the message on the client side. The message is decrypted
successfully.(as expected, the key used for encrypting the message is used
to decrypt the message in AES standard).
So I reach the following inferences:
1. The decrypt key which is acquired on the client side is encrypted in
some way in openssl?
2. My method for getting the decrypt key on client side is wrong.
How can I get the decrypt key on the client side which I can use in the AES
decryption routine?
--
Best Regards,
Hemant Ranvir
*"To live a creative life, we must lose our fear of being wrong.**" -
J.C.Pearce*
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
