Re: Examples of blowfish.h code for C?

2007-11-03 Thread Brad Hards 
On Friday 02 November 2007 12:13, Joel Christner wrote:
> > Please pardon the newbie question.  I was curious if anyone had any links
> > or references that they could point me to for more details on how to use
> > blowfish.h with C?  I've gone through the man pages but was hoping for
> > something more intuitive, step-by-step, or outlining when to use specific
> > methods and such.
Don't use blowfish.h directly, use the EVP interface instead.

Google suggests: http://www.faqs.org/docs/gazette/encryption.html

There is some good stuff in the OReilly Openssl book

Brad


pgpsO3wVLRzjT.pgp
Description: PGP signature

Re: Error while encryption or Decrypting

2007-07-29 Thread Brad Hards 
On Saturday 28 July 2007 01:49, Pink Princess wrote:
> *** glibc detected *** /home/noura/workspace/256OpenSSL/apps/openssl:
> double free or corruption (!prev): 0x0820d170 ***
This is the most likely problem - you are free()ing memory that has already 
been free()d. Maybe you are free()ing memory that openssl is cleaning up 
later.

Try running under valgrind or a debugger.

Brad


pgpZ5SnA8TwGO.pgp
Description: PGP signature

Re: man pages of PKCS12

2006-10-28 Thread Brad Hards 
On Saturday 28 October 2006 01:58, Alexis Lefort wrote:
> I can't find much information about parsing a PKSC12 file, or testing
> the content of a file to know if it is PEM or PKCS12.
Do you want to do this programmatically, or from the command line.

> Where could I find that please?
man pkcs12 will provide the command line tool options

the man pages for 
* PKCS12_create
* PKCS12_parse
will provide details on how to do it programmatically. 

These documents are also available on-line. For example, see:
http://www.openssl.org/docs/crypto/PKCS12_parse.html

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html may also help.

Brad


pgpcxDCE7vE8X.pgp
Description: PGP signature

Re: api for RSA

2006-05-15 Thread Brad Hards 
On Monday 15 May 2006 17:44 pm, you wrote:
> Hi all,
> I have a quick question. Suppose i am doing RSA crypto. I cant seem to
> figure out how i can choose a particular private key/public key. The
> only api that seems to be provided is rsa_generate_key  and the man
> page says use the given api to modify the key. Unf i cant seem to find
> any functions to do that..Any pointers?
Your question is a bit vague to me. Have you looked at the code in apps/rsa.c? 
apps/rsautil.c?
man pages for rsa(3), RSA_private_encrypt and RSA_public_decrypt might also 
help.

> I have antoher issue. I used Bind and dnssec-keygen. The key formats
> produced by dnssec-keygen seem incompatible with that of Openssls
> command line interface(atleast the private key, i tried to add the
> --START PUBLIC key--- thingie to the public key file produced by
> dnssec-keygen).Failed miserably though.Any suggestions on how i can
> convert between the two?
No idea. Sorry.

Brad


pgppPzHioS0ZQ.pgp
Description: PGP signature

Re: How to distinguish between RSA and DSA keys in certificates?

2006-05-14 Thread Brad Hards 
On Sunday 14 May 2006 18:54 pm, sefi wrote:
> If anyone knows a way how to load a certificate from a file and obtain
> it's X509* I would be glad.
PEM_read_bio_X509()

Brad


pgp9HIS1bW880.pgp
Description: PGP signature

Re: OCSP

2006-05-11 Thread Brad Hards 
On Thursday 11 May 2006 23:38 pm, John Pattern wrote:
> I want to generate a simple OCSP request. What are the steps I must
> follow using OpenSSL? Thank you for your help.
There is an openssl tool to do so - see:
http://www.openssl.org/docs/apps/ocsp.html

There is some detail, and a test server at openvalidation.org. In particular, 
you might want to check:
http://www.openvalidation.org/useocspservicenew.htm

If you want to do it programmatically, I'd suggest that you look at the source 
code for the ocsp tool.

HTH

Brad


pgpOCNCkwFMCR.pgp
Description: PGP signature

Re: Phantom Domain Name Mismatch?

2006-04-21 Thread Brad Hards 
On Friday 21 April 2006 06:23 am, Fran Fabrizio wrote:
> "You have attempted to establish a connection to imap.cis.uab.edu.  
> However, the security certificate presented belongs to imap.cis.uab.edu."
Is that exactly how it is written? If so, you might have signed the 
certificate with a FQDN (ending with the "."), but you have asked to talk to 
a relative name (no final dot). That won't match.

Brad


pgpicqNxxAPIY.pgp
Description: PGP signature

Re: Using MD5 in FIPS OpenSSL for RADIUS support

2006-04-16 Thread Brad Hards 
On Sunday 16 April 2006 22:28 pm, Hagai Yaffe wrote:
> I am using OpenSSL version 0.9.7d for cryptographic needs of my
> application, among other uses I am using MD5 to implement RADIUS client.
> I would like to use the FIPS compliant version of OpenSSL but MD5 is not
> one of the certified algorithms, this is a problem since MD5 is part of
> the RADIUS protocol.
MD5 isn't a FIPS algorithm (i.e. it isn't just an openssl problem). You'll 
need to use SHA1 - no idea if there is any way to do that with RADIUS (I've 
only ever seen the authenticator use MD5).

Brad


pgpBfCdf4LE36.pgp
Description: PGP signature

Re: PKCS7_verify() with zero length input

2006-04-13 Thread Brad Hards 
On Thursday 13 April 2006 22:26 pm, Dr. Stephen Henson wrote:
> On Thu, Apr 13, 2006, Brad Hards wrote:
> > I'm trying to do detached CMS signatures and verification using the
> > PKCS7_sign() and PKCS7_verify() functions. It appears to work OK, except
> > that my test case for a zero length array fails to verify() - looks like
> > the signature is OK though.
> >
> > The documentation suggests that PKCS7_verify() isn't expected to work
> > ("indata cannot be NULL"). Are there any alternative functions that I
> > should be looking at? Or is there some workaround?
>
> Have you tried passing it an empty memory BIO?
Yes. Roughly what I'm doing is:
... stuff to set up the keystore and PKCS7 structure...
bi = BIO_new(BIO_s_mem());
BIO_write(bi, in.data(), in.size());
int ret = PKCS7_verify(p7, xs, store, bi, NULL, 0);
It works (ret == 1) for data I've signed using PKCS7_sign, except for the case 
where in.size() == 0 (i.e. an empty string). Then it returns 0.

Brad


pgp5BkQaJ7UMJ.pgp
Description: PGP signature

PKCS7_verify() with zero length input

2006-04-13 Thread Brad Hards 
I'm trying to do detached CMS signatures and verification using the 
PKCS7_sign() and PKCS7_verify() functions. It appears to work OK, except that 
my test case for a zero length array fails to verify() - looks like the 
signature is OK though.

The documentation suggests that PKCS7_verify() isn't expected to work ("indata 
cannot be NULL"). Are there any alternative functions that I should be 
looking at? Or is there some workaround?

Brad


pgpQ0q9bxNz6E.pgp
Description: PGP signature

PKITS test?

2006-02-03 Thread Brad Hards 
Has anyone tried the PKITS suite: 
http://csrc.nist.gov/pki/testing/x509paths.html
against OpenSSL? 
I'm planning to use some of those tests, and it would help if I knew what 
tests are known to fail.

Brad


pgpnrbtMc9Fjw.pgp
Description: PGP signature

Weird indenting in X509_signature_print()

2006-02-02 Thread Brad Hards 
In  openssl-0.9.7g/crypto/asn1/t_509.c, there is this function:

int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
{
unsigned char *s;
int i, n;
if (BIO_puts(bp,"Signature Algorithm: ") <= 0) return 0;
if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;

n=sig->length;
s=sig->data;
for (i=0; ialgorithm) <= 0) return 0;

n=sig->length;
s=sig->data;
for (i=0; i

pgpsKkMAyGbUG.pgp
Description: PGP signature

Re: Determining key size for DSA and DH?

2005-06-05 Thread Brad Hards 
On Sun, 5 Jun 2005 22:03 pm, Brad Hards wrote:
> On Sun, 5 Jun 2005 21:20 pm, Nils Larsch wrote:
> > > Is there a way to determine the keylength for DSA keys and DH keys?
> >
> > in case of a EVP_PKEY object EVP_PKEY_bits, otherwise
>
> As it turns out, I do have a EVP_PKEY, so this is just what I needed.
Not sure how I managed to miss it, but I missed the "huge thanks for the fast 
response" part of my message. Thanks Nils - this saved me a lot of work, and 
is truly appreciated.

Brad


pgpgiruS9Fh4v.pgp
Description: PGP signature

Re: Determining key size for DSA and DH?

2005-06-05 Thread Brad Hards 
On Sun, 5 Jun 2005 21:20 pm, Nils Larsch wrote:
> > Is there a way to determine the keylength for DSA keys and DH keys?
>
> in case of a EVP_PKEY object EVP_PKEY_bits, otherwise
As it turns out, I do have a EVP_PKEY, so this is just what I needed. 

> BN_num_bits(dsa->p). But as the "NOTES" section in the BN_num_bits
> manpage already says this isn't really a satisfying solution, it
> would be better to have functions like
>   size_t DSA_signature_size(const DSA *);
>   size_t DSA_pkey_size(const DSA *);
> for this ... just a thought.
Yeah, that would make it more obvious.  Even without the doco confusion, it is 
still a bit dangerous to have FOO_size() do completely different things.

> You should send a bug report to [EMAIL PROTECTED]
I just forwarded the email train to that address, but if there is a better way 
to do the report, just let me know (pointer to a webpage, whatever).

Brad


pgpR8HYG2pobM.pgp
Description: PGP signature

Re: valgrind errors

2005-06-05 Thread Brad Hards 
On Wed, 1 Jun 2005 23:31 pm, [EMAIL PROTECTED] wrote:
> Hello all,
>
> I develeopped a server which seems to work quite fine. When I use
> Valgrind to check for problems, it returns me thousands of problems wich
> seems to be caused by the OpenSSL librairie!
> follows some of the returns:
There is no assurance that all of the problems are of one kind or another, 
however based on some advice I got on this list, I recompiled openssl with 
the -DPURIFY option, and most of the errors went away. 

The reason is that openssl tries to use uninitialised memory to help get 
randomness. 

Your results may vary.

Brad


pgpey75AOLHra.pgp
Description: PGP signature

Determining key size for DSA and DH?

2005-06-05 Thread Brad Hards 
I'm trying to determine the length (in bits) for my DSA and DH keys.  I'm 
happily using RSA_size() for RSA keys, and I assumed that DSA_size and 
DH_size would do equivalent operations (based on the man page for 
BN_size_bits, which states 'If you want to know the "key size" of such a key, 
either use functions like RSA_size(), DH_size() and DSA_size()'..

However the man page for DSA_size says that it returns the size of the 
signature (which for me is always 48 bytes or 384 bits, irrespective of the 
key parameters)

Is there a way to determine the keylength for DSA keys and DH keys?

Brad


pgpak3U2X8O8k.pgp
Description: PGP signature

Re: Valgrind suppressions?

2005-05-19 Thread Brad Hards 
On Mon, 16 May 2005 02:04 am, Nils Larsch wrote:
> a lot of these warnings are caused by the fact that openssl uses
> uninitialized memory when creating random numbers etc. . They should
> be harmless but you may try to build openssl with the "-DPURIFY" to
> reduce the number of warnings
Thanks Nils - that helped a lot.

Brad


pgppUWBT33BGZ.pgp
Description: PGP signature

Valgrind suppressions?

2005-05-15 Thread Brad Hards 
I'm coming across a lot of valgrind warnings for the BN code. Eg: 
==20718== Conditional jump or move depends on uninitialised value(s)
==20718==at 0x4E34666D: bn_mul_recursive (bn_mul.c:111)
==20718==by 0x4E3475D2: BN_mul (bn_mul.c:708)
==20718==by 0x4E34D1CC: BN_mod_mul_montgomery (bn_mont.c:89)
==20718==by 0x4E3448B0: BN_mod_exp_mont (bn_exp.c:411)
==20718==by 0x4E353A04: RSA_eay_public_encrypt (rsa_eay.c:172)
==20718==by 0x4E3557BF: RSA_public_encrypt (rsa_lib.c:280)
==20718==by 0x4E37CD79: EVP_PKEY_encrypt (p_enc.c:82)
==20718==by 0x4E3AE53E: PKCS7_dataInit (pk7_doit.c:234)
==20718==by 0x4E3B0353: PKCS7_encrypt (pk7_smime.c:396)

or 
==20718== Conditional jump or move depends on uninitialised value(s)
==20718==at 0x4E346115: bn_cmp_words (bn_lib.c:784)
==20718==by 0x4E346639: bn_mul_recursive (bn_mul.c:108)
==20718==by 0x4E3475D2: BN_mul (bn_mul.c:708)
==20718==by 0x4E34D1CC: BN_mod_mul_montgomery (bn_mont.c:89)
==20718==by 0x4E3448B0: BN_mod_exp_mont (bn_exp.c:411)
==20718==by 0x4E353A04: RSA_eay_public_encrypt (rsa_eay.c:172)
==20718==by 0x4E3557BF: RSA_public_encrypt (rsa_lib.c:280)
==20718==by 0x4E37CD79: EVP_PKEY_encrypt (p_enc.c:82)
==20718==by 0x4E3AE53E: PKCS7_dataInit (pk7_doit.c:234)
==20718==by 0x4E3B0353: PKCS7_encrypt (pk7_smime.c:396)

(I've got lots! - mainly in BN as shown above, but also "use of uninitialised 
value of size 4" in DES/PKCS7. especially in dx86-elf.s)

I'd rather not just suppress all of these, because they might indicate where 
I'm doing something wrong, rather than an openssl issue. 

Does anyone have a set of valgrind suppressions for openssl 0.9.7 (any 
version, ideally 0.9.7g though)? Would you be willing to make them available?

Brad


pgpz5qu3xNHTu.pgp
Description: PGP signature

Re: Seeking permission to use "openssl" in a product name

2005-03-14 Thread Brad Hards 
On Mon, 14 Mar 2005 07:27 pm, Ted Mittelstaedt wrote:
> Hmm - well this doesen't look to me like a request for permission, merely
> a request for opinion of whether or not you need to request permission.
Sorry, that wasn't the intent.

> So, in answer to that, no.  You must request permission to do so by
> writing [EMAIL PROTECTED]  (and only openssl-core)
Thanks.

Brad


pgpHVm5f3ZglA.pgp
Description: PGP signature

Seeking permission to use "openssl" in a product name

2005-03-13 Thread Brad Hards 
I am working on an cryptographic abstraction layer for Qt, imaginatively 
called the Qt Cryptographic Architecture (QCA). One of the back-end plugins 
that is in development links to OpenSSL. Right now, the directory name is 
"qca-openssl". When it gets released, each backend will probably be released 
separately to the rest of QCA. 

I note the following clause in the OpenSSL Copyright statement:
 * 5. Products derived from this software may not be called "OpenSSL"
 *nor may "OpenSSL" appear in their names without prior written
 *permission of the OpenSSL Project.

It is permissable to use "qca-openssl" as a package name for an open-source 
package that links to OpenSSL.

Brad


pgpFakVoFqq9g.pgp
Description: PGP signature

Re: DH parameters

2005-01-24 Thread Brad Hards 
On Tue, 25 Jan 2005 06:50 am, Michael D'Errico wrote:
> Michael D'Errico wrote:
> > How often should a server generate new DH parameters?
>
> Is this a dumb question?  Sorry if it is.
1. 36 hours isn't much time to wait for a response.
2. You broke threading, rather than starting a new thread.
3. It depends on a lot of factors, none of which you bothered to tell us. 
Start by explaining your exact security goals, your acceptable risk profile, 
your encryption architecture, your integrity architecture, and your budget.

Brad


pgpHJAxx3MxFj.pgp
Description: PGP signature

Re: SSL (or alike) over UDP

2005-01-14 Thread Brad Hards 
On Fri, 14 Jan 2005 21:10 pm, Eduardo Pérez wrote:
> Do you know if it's possible to use SSL (or some other protocol) over
> UDP running totally in user space.
Not possible to use SSL. Some other protocol is potentially possible, but you 
haven't told us what you are trying to accomplish, so it hard to tell what is 
appropriate.

> I'd also like to use reliable delivery and a stream unreliable delivery
> protocol over the same connection-oriented base secure protocol.
To do what?

> It would be like using IPSEC totally in user space but without anything
> to do with IP.
I'm still confused. What security problem are you trying to solve.

Brad


pgpLnmA0Z94YR.pgp
Description: PGP signature

Re: OpenSSL Window Platform

2004-12-22 Thread Brad Hards 
On Thu, 23 Dec 2004 04:13 am, Amy Wong wrote:
> I really appreciate if you can show me where to get the Open SSL in window
> platform (or if there is any documentation out there).
I recently bought the OpenSSL book from O'Reilly - 
http://www.oreilly.com/catalog/openssl/

Not fully up to date with 0.9.7, but a much more readable introduction than 
the man pages / web site.

Brad


pgpK9pE40Rad6.pgp
Description: PGP signature

Re: HMAC-128

2004-11-23 Thread Brad Hards 
On Wed, 24 Nov 2004 02:34 am, Elie Lalo wrote:
> I know that OpenSSL has the following HMAC(EVP_sha1 (), ) which
> supports 160 bits. But does OpenSSL support HMAC-128 as well? If yes, could
> you please tell me where/how I can get information about it.
You should be able to use whatever MAC algorithm is required. I don't know 
what MAC "HMAC-128" is though, because your question doesn't have enough 
context. Perhaps MD5, less likely RIPEMD. So you would just use EVP_md5() 
instead of EVP_sha1() in the init call:
MAC_Init_ex( &c, key_data, key_size, EVP_md5(), 0 );

HTH

Brad


pgp3GGdXWobp5.pgp
Description: PGP signature

EVP_DecryptUpdate returns zero length

2004-11-15 Thread Brad Hards 
In a larger application (Qt Cryptographic Architecture), I'm trying to
wrap some  OpenSSL crypto primitives in C++. However I'm having
a problem with EVP_DecryptUpdate(). I've done up a quick'n'dirty
test case, see below. Now for EVP_EncryptUpdate, this gives me
16. But for EVP_DecryptUpdate(), it gives back zero. That isn't
what I expected from the man page. Now the data is there
(ie result points to a filled in char array), I just can't tell how
long it is. Can anyone give me a hint?

Brad

#include 
#include 
#include 

int main()
{

  unsigned char *key;
  unsigned char *iv;
  unsigned char *data;
  unsigned char *result;
  EVP_CIPHER_CTX context;
  unsigned int outputSize;

  key = (unsigned char *)malloc(16);
  memset( key, 0x0, 16 );
  iv = (unsigned char *)malloc(16);
  memset( iv, 0x0, 16 );
  data = (unsigned char *)malloc(16);
  memset( data, 0x0, 16 );
  result = (unsigned char *)malloc(16);

  EVP_CIPHER_CTX_init( &context );
  EVP_DecryptInit_ex( &context, EVP_aes_128_ecb(), 0, key,iv );
  if (0 == EVP_DecryptUpdate( &context, result, &(outputSize), data, 16 ) ) 
abort();
  printf( "Output len: %u\n",outputSize );

  free(key);
  free(data);
  free(iv);
  free(result);

  return 0;
}


pgpVLnQpYbgz0.pgp
Description: PGP signature