Re: CMS decryption of message with OAEP using Hardware security module

2020-02-18 Thread Thulasi Goriparthi 
Do you mean RSA OAEP decryption done by HSM fails?

Possible tests:
1. Try RSA OAEP encryption/decryption with HSM. - basic test.
2. Encrypt with HSM and decrypt using openssl crypto library. - To make
sure RSA OAEP encryption of the HSM works fine.
3. If test 2 fails, check if all the parameters (hash, mgf, salt length)
used for OAEP are same on both sides. If they match and decryption still
fails, check with your HSM vendor. If they don't, try fixing the parameters
and repeat test 2.

RSA_NO_PADDING always works as all it does is modular exponentiation.

Thanks,
Thulasi.

On Mon, 17 Feb, 2020, 19:22 RudyAC,  wrote:

> Hi,
>
> I have the requirement to decrypt e-mails where RSA-OAEP padding is used. I
> use the library openssl-1.0.2k and decrypt with CMS container
> (CMS_decrypt).
> This works very well unless the private key is stored in a Hardware
> security
> module and the cryptographic operation is performed via the PKCS11 engine
> from openssl.
>
> When decrypting an email which uses OAEP I got the error message:
>
> 47235129370352:error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
>
> To analyze the problem I encrypted an clear text using OAEP padding and
> setup a decryption function using
> RSA_private_decrypt(). Here I use padding mode "RSA_NO_PADDING" and the
> decryption also works with the PKCS11 engine. Unfortunately CMS does not
> support setting the padding mode.
>
> For any comments I would be very grateful
>
> Regards Rudy
>
>
>
> --
> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>

Re: CMS decryption of message with OAEP using Hardware security module

2020-02-18 Thread RudyAC 
Hello Thulasi,

thank you for your quick response. 

the encryption takes not place in the HSM because we only store the private
keys inside the HSM. For encryption we use the openssl CMS_encrypt()
function. In case of OAEP I use the parameters:
EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, 
oaep_label_l);
and call CMS_final() at last.
For decryption we use the HSM where the private keys are stored and the
openssl PKCS11 engine is used.
Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters
that can be specified at CMS_decrypt().

By default we do encryption and decryption without HSM. Using the same
functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is my
job to do decryption with a HSM (Utimaco). 

My question is if there is a possibility to tell CMS_decrypt() that the
encrypted email uses OAEP padding or is there only a problem at the side of
the HSM provider.

Best regards
Rudy



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

Re: CMS decryption of message with OAEP using Hardware security module

2020-02-18 Thread Thulasi Goriparthi 
https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html

Thanks,
Thulasi.

On Tue, 18 Feb, 2020, 16:43 RudyAC,  wrote:

> Hello Thulasi,
>
> thank you for your quick response.
>
> the encryption takes not place in the HSM because we only store the private
> keys inside the HSM. For encryption we use the openssl CMS_encrypt()
> function. In case of OAEP I use the parameters:
> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label,
> oaep_label_l);
> and call CMS_final() at last.
> For decryption we use the HSM where the private keys are stored and the
> openssl PKCS11 engine is used.
> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters
> that can be specified at CMS_decrypt().
>
> By default we do encryption and decryption without HSM. Using the same
> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is
> my
> job to do decryption with a HSM (Utimaco).
>
> My question is if there is a possibility to tell CMS_decrypt() that the
> encrypted email uses OAEP padding or is there only a problem at the side of
> the HSM provider.
>
> Best regards
> Rudy
>
>
>
> --
> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>

Re: CMS decryption of message with OAEP using Hardware security module

2020-02-18 Thread Thulasi Goriparthi 
Sorry for this. I see that you already knew about it.

On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <
thulasi.goripar...@gmail.com> wrote:

> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
>
> Thanks,
> Thulasi.
>
> On Tue, 18 Feb, 2020, 16:43 RudyAC,  wrote:
>
>> Hello Thulasi,
>>
>> thank you for your quick response.
>>
>> the encryption takes not place in the HSM because we only store the
>> private
>> keys inside the HSM. For encryption we use the openssl CMS_encrypt()
>> function. In case of OAEP I use the parameters:
>> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
>> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
>> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label,
>> oaep_label_l);
>> and call CMS_final() at last.
>> For decryption we use the HSM where the private keys are stored and the
>> openssl PKCS11 engine is used.
>> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP
>> parameters
>> that can be specified at CMS_decrypt().
>>
>> By default we do encryption and decryption without HSM. Using the same
>> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is
>> my
>> job to do decryption with a HSM (Utimaco).
>>
>> My question is if there is a possibility to tell CMS_decrypt() that the
>> encrypted email uses OAEP padding or is there only a problem at the side
>> of
>> the HSM provider.
>>
>> Best regards
>> Rudy
>>
>>
>>
>> --
>> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>>
>

Re: CMS decryption of message with OAEP using Hardware security module

2020-02-18 Thread Thulasi Goriparthi 
CMS_Decrypt doesn't need to feed this information explicitly and it will
part of CMS envelope of the encrypted data.

https://tools.ietf.org/html/rfc3560#page-4

Thanks,
Thulasi.

On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wrote:

> Sorry for this. I see that you already knew about it.
>
> On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <
> thulasi.goripar...@gmail.com> wrote:
>
>> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
>>
>> Thanks,
>> Thulasi.
>>
>> On Tue, 18 Feb, 2020, 16:43 RudyAC,  wrote:
>>
>>> Hello Thulasi,
>>>
>>> thank you for your quick response.
>>>
>>> the encryption takes not place in the HSM because we only store the
>>> private
>>> keys inside the HSM. For encryption we use the openssl CMS_encrypt()
>>> function. In case of OAEP I use the parameters:
>>> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
>>> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
>>> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label,
>>> oaep_label_l);
>>> and call CMS_final() at last.
>>> For decryption we use the HSM where the private keys are stored and the
>>> openssl PKCS11 engine is used.
>>> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP
>>> parameters
>>> that can be specified at CMS_decrypt().
>>>
>>> By default we do encryption and decryption without HSM. Using the same
>>> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it
>>> is my
>>> job to do decryption with a HSM (Utimaco).
>>>
>>> My question is if there is a possibility to tell CMS_decrypt() that the
>>> encrypted email uses OAEP padding or is there only a problem at the side
>>> of
>>> the HSM provider.
>>>
>>> Best regards
>>> Rudy
>>>
>>>
>>>
>>> --
>>> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>>>
>>

Re: Questions about using Elliptic Curve ciphers in OpenSSL

2020-02-18 Thread Jason Schultz 
This comment does spark another question though. Do I need to protect the 
ecparam file I created for us in generating the private key? I know the private 
key should reside in /etc/ssl/private/ as that directory has no read access. 
Right now I have the ecparam generated file in /etc/ssl/dsaparams/, which is 
readable. Should that file also reside in /etc/ssl/private/ so it's protected?

Thanks.



From: Kyle Hamilton 
Sent: Sunday, February 16, 2020 10:49 PM
To: Jason Schultz 
Cc: Thulasi Goriparthi ; openssl-users 

Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL

Be aware that you just posted your certificate's private key, and thus you 
should regenerate a new keypair/certificate to use.  Otherwise, anyone who can 
manipulate traffic to your machine can execute a man-in-the-middle attack.

-Kyle H


On Fri, Feb 14, 2020, 07:40 Jason Schultz 
mailto:jetso...@hotmail.com>> wrote:

Thank you for your response Thulasi, this helped. I'm posting this back to the 
OpenSSL users list in case it helps anyone else, and in case anyone can help 
with my additional questions. While waiting for responses, I've been able to 
find out how my certificate and keys were generated. I'd like to walk through 
that to hopefully verify I'm handling things correctly.

First, here is how my EC parameters file was generated:

openssl ecparam -name prime256v1 -genkey -out myecparamsfile.pem

And the resulting file:


M640A-SAIL:/etc/ssl # openssl ecparam -in myecparamsfile.pem -text

ASN1 OID: prime256v1

NIST CURVE: P-256

-BEGIN EC PARAMETERS-

BggqhkjOPQMBBw==

-END EC PARAMETERS-


 # openssl ecparam -in myecparamsfile.pem -text

ASN1 OID: prime256v1

NIST CURVE: P-256

-BEGIN EC PARAMETERS-

BggqhkjOPQMBBw==

-END EC PARAMETERS-

Is this good so far? Do I need the -genkey?

Then I take this file and use it when I generate my certificate and private key 
pair, here is the openssl command I used:

openssl req -nodes -sha256 -newkey ec:/etc/ssl/private/myecparamsfile.pem 
-keyout mykeyout.pem -new -out mycertfileout.pem -config /etc/ssl/openssl.cnf 
-x509 -days 365 -outform pem
Generating a EC private key
writing new private key to 'mykeyout.pem'


And the resulting key:

# cat mykeyout.pem
-BEGIN PRIVATE KEY-
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbfUwVhomun9Q5IAY
xTOAn+sDoXZ+k4UWkvUyfshPBJ6hRANCAAQsakFVUTV4JmfVJH31XOvHVhhBodnV
8evYCJSd2Jgo4uOomCSh3oekKL+Tia+LOmynygfvmneOX2YadoNr9uzH
-END PRIVATE KEY-

# openssl ec -noout -text -in mykeyout.pem
read EC key
Private-Key: (256 bit)
priv:
6d:f5:30:56:1a:26:ba:7f:50:e4:80:18:c5:33:80:
9f:eb:03:a1:76:7e:93:85:16:92:f5:32:7e:c8:4f:
04:9e
pub:
04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76:
83:6b:f6:ec:c7
ASN1 OID: prime256v1
NIST CURVE: P-256

And certificate:

M740A-PMM1:/etc/ssl # openssl x509 -text -in mycertfileout.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e2:2f:c6:e4:bf:f1:de:20
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My 
Name/emailAddress=t...@example.com
Validity
Not Before: Feb 13 16:11:39 2020 GMT
Not After : Feb 12 16:11:39 2021 GMT
Subject: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My 
Name/emailAddress=t...@example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76:
83:6b:f6:ec:c7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9
X509v3 Authority Key Identifier:

keyid:D6:8A:F3:3B:4E:A1:F8:F8:34:C1:1B:7A:EC:BF:9B:58:7F:68:4A:D9

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
 30:44:02:20:37:f0:f7:f7:4a:b4:8e:8f:64:72:e4:d1:31:9f:
 a1:36:c5:5d:f3:42:4c:24:37:75:cf:b6:55:b0:66:1b:6e:63:
 02:20:39:18:81:f8:6c:86:3a:57:74:05:cc:99:6c:d9:dc:6a:
 a2:20:98:4c:66:a1:97:d1:c7:ea:42:b4:01:1a:f7:b2

Then I call the APIs as described in my first email to use them:


ctx = SSL_CTX_new(TLS_method());

status = SSL_CTX_use_PrivateKey_file(ctx,,SSL_FILETYPE_PEM);
status = SSL_CTX_use_certificate_file(ctx, ,,SSL_FILETYPE_PEM);


// Verify the cert and key are a pair
status = SSL_CTX_check_private_key(ctx);

Then call the APIs to

Re: Questions about using Elliptic Curve ciphers in OpenSSL

2020-02-18 Thread Nicola Tuveri 
The ec parameters are public anyway, so there is no real need to store such
files somewhere with restricted reading access.

On the other hand, I want to reiterate that if you are using (and this is
highly recommended) one of the named curves (e.g. NIST P-256) you don't
really need at all to generate a ecparam file (which only contains the
name): the private key file already contains the very same name and fully
contains what you need to perform ECDSA signatures that can be validated
against a matching certificate.

In the same way, for the ECDHE part, pick curves that you want to support
(most TLS 1.2 and 1.3 clients will be happy to support P-256 and X25519 key
exchanges) from the named curves: also in this case there is no need to
generate a separate ecparam file.

Hope this helps!

Best regards,

Nicola Tuveri


On Tue, 18 Feb 2020 at 15:27, Jason Schultz  wrote:

> This comment does spark another question though. Do I need to protect the
> ecparam file I created for us in generating the private key? I know the
> private key should reside in /etc/ssl/private/ as that directory has no
> read access. Right now I have the ecparam generated file in
> /etc/ssl/dsaparams/, which is readable. Should that file also reside in
> /etc/ssl/private/ so it's protected?
>
> Thanks.
>
>
> --
> *From:* Kyle Hamilton 
> *Sent:* Sunday, February 16, 2020 10:49 PM
> *To:* Jason Schultz 
> *Cc:* Thulasi Goriparthi ; openssl-users <
> openssl-users@openssl.org>
> *Subject:* Re: Questions about using Elliptic Curve ciphers in OpenSSL
>
> Be aware that you just posted your certificate's private key, and thus you
> should regenerate a new keypair/certificate to use.  Otherwise, anyone who
> can manipulate traffic to your machine can execute a man-in-the-middle
> attack.
>
> -Kyle H
>
>
> On Fri, Feb 14, 2020, 07:40 Jason Schultz  wrote:
>
>
> Thank you for your response Thulasi, this helped. I'm posting this back to
> the OpenSSL users list in case it helps anyone else, and in case anyone can
> help with my additional questions. While waiting for responses, I've been
> able to find out how my certificate and keys were generated. I'd like to
> walk through that to hopefully verify I'm handling things correctly.
>
> First, here is how my EC parameters file was generated:
>
> openssl ecparam -name prime256v1 -genkey -out myecparamsfile.pem
>
> And the resulting file:
>
> M640A-SAIL:/etc/ssl # openssl ecparam -in myecparamsfile.pem -text
>
> ASN1 OID: prime256v1
>
> NIST CURVE: P-256
>
> -BEGIN EC PARAMETERS-
>
> BggqhkjOPQMBBw==
>
> -END EC PARAMETERS-
>
>  # openssl ecparam -in myecparamsfile.pem -text
>
> ASN1 OID: prime256v1
>
> NIST CURVE: P-256
>
> -BEGIN EC PARAMETERS-
>
> BggqhkjOPQMBBw==
>
> -END EC PARAMETERS-
>
> Is this good so far? Do I need the -genkey?
>
> Then I take this file and use it when I generate my certificate and
> private key pair, here is the openssl command I used:
>
> openssl req -nodes -sha256 -newkey ec:/etc/ssl/private/myecparamsfile.pem
> -keyout mykeyout.pem -new -out mycertfileout.pem -config
> /etc/ssl/openssl.cnf -x509 -days 365 -outform pem
> Generating a EC private key
> writing new private key to 'mykeyout.pem'
> 
>
> And the resulting key:
>
> # cat mykeyout.pem
> -BEGIN PRIVATE KEY-
> MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbfUwVhomun9Q5IAY
> xTOAn+sDoXZ+k4UWkvUyfshPBJ6hRANCAAQsakFVUTV4JmfVJH31XOvHVhhBodnV
> 8evYCJSd2Jgo4uOomCSh3oekKL+Tia+LOmynygfvmneOX2YadoNr9uzH
> -END PRIVATE KEY-
>
> # openssl ec -noout -text -in mykeyout.pem
> read EC key
> Private-Key: (256 bit)
> priv:
> 6d:f5:30:56:1a:26:ba:7f:50:e4:80:18:c5:33:80:
> 9f:eb:03:a1:76:7e:93:85:16:92:f5:32:7e:c8:4f:
> 04:9e
> pub:
> 04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
> eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
> 98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
> af:8b:3a:6c:a7:ca:07:ef:9a:77:8e:5f:66:1a:76:
> 83:6b:f6:ec:c7
> ASN1 OID: prime256v1
> NIST CURVE: P-256
>
> And certificate:
>
> M740A-PMM1:/etc/ssl # openssl x509 -text -in mycertfileout.pem
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> e2:2f:c6:e4:bf:f1:de:20
> Signature Algorithm: ecdsa-with-SHA256
> Issuer: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My
> Name/emailAddress=t...@example.com
> Validity
> Not Before: Feb 13 16:11:39 2020 GMT
> Not After : Feb 12 16:11:39 2021 GMT
> Subject: C=US, ST=NY, L=Loc, O=Org, OU=test, CN=My
> Name/emailAddress=t...@example.com
> Subject Public Key Info:
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
> pub:
> 04:2c:6a:41:55:51:35:78:26:67:d5:24:7d:f5:5c:
> eb:c7:56:18:41:a1:d9:d5:f1:eb:d8:08:94:9d:d8:
> 98:28:e2:e3:a8:98:24:a1:de:87:a4:28:bf:93:89:
> af:8b:3a:6c:a7:ca:07:

Re: Questions about using Elliptic Curve ciphers in OpenSSL

2020-02-18 Thread Jason Schultz 
Nicola-

Thanks for your response. It does help, but at the same time it also raises 
questions and maybe conflicts with what I thought I was doing correct earlier 
in this thread. I'm talking mostly about where I landed in this post:

https://www.mail-archive.com/openssl-users@openssl.org/msg87538.html
Re: Questions about using Elliptic Curve ciphers in 
OpenSSL
Thank you for your response Thulasi, this helped. I'm posting this back to the 
OpenSSL users list in case it helps anyone else, and in case anyone can help 
with my additional questions.
www.mail-archive.com


I am only using named curves. You also said:

"...you don't really need at all to generate a ecparam file (which only 
contains the name): the private key file already contains the very same name 
and fully contains what you need to perform ECDSA signatures that can be 
validated against a matching certificate."

Let me apply that and start from the beginning and outline everything (I think) 
I need to do in that case:

1 - Generate a certificate and private key pair. Using the OpenSSL command line:


openssl req -nodes -sha256 -newkey ec:<(openssl ecparam -name prime256v1)
-keyout mykeyout.pem -new -out mycertfileout.pem -config /etc/ssl/openssl.cnf
-x509 -days 365 -outform pem

Note: the "ec:" parameter basically substitutes the openssl command above with 
the file I had created and used in this command. Also, the "-genkey" parameter 
I included in the ecparam command was probably not needed, or potentially bad?

2 - Call the SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() 
to use the certificate and private key pair. (Same as before)

3 - Call the APIs to set the curves and allow the server to pick the 
appropriate curves for the client:


status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256");
status = SSL_CTX_set_ecdh_auto(ctx, 1);

Do I have this right? Is the only difference combining the two commands into 
one in Step 1 above, instead of the intermediate ecparams file? Or is there 
something else I'm missing on the generation of certificate/private key pairs?

Thanks,

Jason





From: Nicola Tuveri 
Sent: Tuesday, February 18, 2020 2:50 PM
To: Jason Schultz 
Cc: Kyle Hamilton ; openssl-users 

Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL

The ec parameters are public anyway, so there is no real need to store such 
files somewhere with restricted reading access.

On the other hand, I want to reiterate that if you are using (and this is 
highly recommended) one of the named curves (e.g. NIST P-256) you don't really 
need at all to generate a ecparam file (which only contains the name): the 
private key file already contains the very same name and fully contains what 
you need to perform ECDSA signatures that can be validated against a matching 
certificate.

In the same way, for the ECDHE part, pick curves that you want to support (most 
TLS 1.2 and 1.3 clients will be happy to support P-256 and X25519 key 
exchanges) from the named curves: also in this case there is no need to 
generate a separate ecparam file.

Hope this helps!

Best regards,

Nicola Tuveri


On Tue, 18 Feb 2020 at 15:27, Jason Schultz 
mailto:jetso...@hotmail.com>> wrote:
This comment does spark another question though. Do I need to protect the 
ecparam file I created for us in generating the private key? I know the private 
key should reside in /etc/ssl/private/ as that directory has no read access. 
Right now I have the ecparam generated file in /etc/ssl/dsaparams/, which is 
readable. Should that file also reside in /etc/ssl/private/ so it's protected?

Thanks.



From: Kyle Hamilton mailto:aerow...@gmail.com>>
Sent: Sunday, February 16, 2020 10:49 PM
To: Jason Schultz mailto:jetso...@hotmail.com>>
Cc: Thulasi Goriparthi 
mailto:thulasi.goripar...@gmail.com>>; 
openssl-users mailto:openssl-users@openssl.org>>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL

Be aware that you just posted your certificate's private key, and thus you 
should regenerate a new keypair/certificate to use.  Otherwise, anyone who can 
manipulate traffic to your machine can execute a man-in-the-middle attack.

-Kyle H


On Fri, Feb 14, 2020, 07:40 Jason Schultz 
mailto:jetso...@hotmail.com>> wrote:

Thank you for your response Thulasi, this helped. I'm posting this back to the 
OpenSSL users list in case it helps anyone else, and in case anyone can help 
with my additional questions. While waiting for responses, I've been able to 
find out how my certificate and keys were generated. I'd like to walk through 
that to hopefully verify I'm handling things correctly.

First, here is how my EC parameters file was generated:

openssl ecparam -name prime256v1 -genkey -out myecparamsfile.pem

And the resulting file:


M640A-SAIL:/etc/ssl # openssl ecparam -in myecparamsfile.pem -text

ASN1 OID: pr

Query regarding SSL_ERROR_SSL during SSL handshake

2020-02-18 Thread Mahendra SP 
Hi All,

We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
sometimes we notice that handshake fails with error SSL_ERROR_SSL.
As per the documentation for this error, it is non recoverable and fatal
error.  Documentation also mentions to check the error queue for further
details. Does it mean, calling SSL_get_error after SSL_ERROR_SSL will give
exact reason for this failure?

Could you please let me know ways to identify the cause of this error?

Thanks
Mahendra