Re: [openssl-users] convert from PEM to DER format or vice versa

[Carl Young]

Please download the source code and refer to apps/x509.c - this handles the
conversion command, such as:

openssl x509 -in xxx.pem -inform pem -out xxx.cer -outform DER

the function you will look for is i2d_X509_bio

On 12 December 2016 at 09:37, Sairam Rangaswamy -X (sairanga - ARICENT
TECHNOLOGIES MAURIITIUS LIMITED at Cisco)  wrote:

> As I understand, the X509 certificates from CA or self-signed can be
> created in either
>
> PEM or DER format.
>
>
>
> Is there a way to programmatically convert the PEM format file to DER or
> DER to PEM?
>
> Is there a single API or set of APIs available from openssl libraries?
>
>
>
> Regards,
>
> R. Sairam
>
> *Sairam Rangaswamy*
>
> Architect
>
> saira...@cisco.com | Mobile +919880302240 <+91%2098803%2002240> | Office
> +918041068409 <+91%2080%204106%208409>
>
> 
>
>
>
>
>
>
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

RE: client hello difference 1.0.1e vs 1.0.1f

[Carl Young]

Took me a while to see, but the difference is in the last line of the client 
hello. Your working example has MD5+RSA listed as a TLS 1.2 signature pair 
whereas first doesn't.

0302 SHA-224 DSA
0303 SHA-224 ECDSA
0201 SHA-1 RSA
0202 SHA-1 DSA
0203 SHA-1 ECDSA
000F TLS_DH_RSA_WITH_DES_CBC_SHA
0101 (missing from first example) MD5 RSA
0001 TLS_NULL_WITH_NULL_MD5

0130 - 03 02 03 03 02 01 02 02-02 03 00 0f 00 01 01  ...

0130 - 03 02 03 03 02 01 02 02-02 03 01 01 00 0f 00 01   
0140 - 01.

The trailing 1 is compression.

Carl


From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Tristan Hill [tris...@saticed.me.uk]
Sent: 12 November 2014 09:32
To: openssl-users@openssl.org
Subject: client hello difference 1.0.1e vs 1.0.1f

Hi,

Is it possible to make s_client give more detail about the client
hello it sends.  A break down covering the RFC structure would be
useful.

struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-1>;
CompressionMethod compression_methods<1..2^8-1>;
} ClientHello;

I'm trying to work out what is different between these two connections
(and why one works but the other doesn't):

$  ~/Downloads/openssl-1.0.1f/apps/openssl s_client -connect
yum.dev.bbc.co.uk:443 -cert /home/stan/Downloads/hillt08.pem -CAfile
/home/stan/Downloads/ca.pem -debug -state
WARNING: can't open config file:
/home/stan/Downloads/openssl-1.0.1f/prefix/openssl.cnf
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0x1d71d10 [0x1d71d90] (319 bytes => 319 (0x13F))
 - 16 03 01 01 3a 01 00 01-36 03 03 70 e7 e7 64 c8   :...6..p..d.
0010 - 4d 6e 3e 08 a9 f9 98 15-6d c2 64 34 6a 84 c3 f7   Mn>.m.d4j...
0020 - 7d 8a 1b b5 9e ab 79 98-7a 37 ec 00 00 a0 c0 30   }.y.z7.0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3   .,.(.$.".!..
0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32   ...k.j.9.8.2
0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35   ...*.&...=.5
0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d   
0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09   ./.+.'.#
0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32   .g.@.3.2
0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25   .E.D.1.-.).%
00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07   ...<./...A..
00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12   
00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 01 00   
00d0 - 00 6d 00 0b 00 04 03 00-01 02 00 0a 00 34 00 32   .m...4.2
00e0 - 00 0e 00 0d 00 19 00 0b-00 0c 00 18 00 09 00 0a   
00f0 - 00 16 00 17 00 08 00 06-00 07 00 14 00 15 00 04   
0100 - 00 05 00 12 00 13 00 01-00 02 00 03 00 0f 00 10   
0110 - 00 11 00 23 00 00 00 0d-00 20 00 1e 06 01 06 02   ...#. ..
0120 - 06 03 05 01 05 02 05 03-04 01 04 02 04 03 03 01   
0130 - 03 02 03 03 02 01 02 02-02 03 00 0f 00 01 01  ...
SSL_connect:SSLv2/v3 write client hello A
read from 0x1d71d10 [0x1d772f0] (7 bytes => 7 (0x7))
 - 15 03 03 00 02 02 28  ..(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
140550067680928:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:762:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 319 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


$ ~/Downloads/openssl-1.0.1e/apps/openssl s_client -connect
yum.dev.bbc.co.uk:443 -cert /home/stan/Downloads/hillt08.pem -CAfile
/home/stan/Downloads/ca.pem -debug -state
WARNING: can't open config file:
/home/stan/Downloads/openssl-1.0.1e/prefix/openssl.cnf
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0xfa9cf0 [0xfa9d70] (321 bytes => 321 (0x141))
 - 16 03 01 01 3c 01 00 01-38 03 03 54 63 25 81 54   <...8..Tc%.T
0010 - 37 70 1d 7e 32 ad a3 ab-6a 54 2c 18 96 6f f5 59   7p.~2...jT,..o.Y
0020 - f6 49 e1 c7 72 ab a5 06-51 61 29 00 00 a0 c0 30   .I..r...Qa)0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3   .,.(.$.".!..
0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32   ...k.j.9.8.2
0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35   ...*.&...=.5
0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d   
0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09   ./.+.'.#
0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32   .g.@.3.2
0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25   .E.D.1.-.).%
00a0 - c0 0e c0 04 00 

Authority Key ID Extension

[Carl Young]

 Hi,

I am looking for advice for an application using openssl, but it's not an 
openssl problem.

We have a situation where an external company has provided us with 
authentication certificates from a subCA and we have all the cert's back up to 
the root - openssl verify works fine. Another application we use refuses to 
accept the subCA certificate - it is throwing an error because there is no 
subject and serial number in the Authority Key ID Extension, though there is a 
[valid] key ID.

It is my assertion that the issuer name / serial name are optional within this 
extension so the application stating that this certificate is invalid is 
incorrect (though they may have further reasons for requiring this if they 
can't handle KID's, but I think they can).

rfc5280

4.2.1.1.  Authority Key Identifier

   The authority key identifier extension provides a means of
   identifying the public key corresponding to the private key used to
   sign a certificate.  This extension is used where an issuer has
   multiple signing keys (either due to multiple concurrent key pairs or
   due to changeover).  The identification MAY be based on either the
   key identifier (the subject key identifier in the issuer's
   certificate) or the issuer name and serial number.

Any opinions would be greatly appreciated.

Regards,

Carl
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSL_ERROR_SYSCALL errno=0

[Carl Young]

This thread have any relevance to you?

http://stackoverflow.com/questions/12885680/pem-read-rsaprivatekey-returns-illegal-seek-when-decrypting-using-openssl-libs



From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of hhachem [hamze.hac...@deos-ag.com]
Sent: 15 April 2014 10:07
To: openssl-users@openssl.org
Subject: Re: SSL_ERROR_SYSCALL errno=0

Strace shows the following before the error:


ioctl(10, TCGETS, 0x7fffe068)   = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x300
26000
_llseek(0xa, 0, 0, 0x7fffe2f8, 0x1) = -1 ESPIPE (Illegal seek)




--
View this message in context: 
http://openssl.6102.n7.nabble.com/SSL-ERROR-SYSCALL-errno-0-tp49462p49464.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Need understanding on certutil output.

[Carl Young]

>From what I remember offhand, the former:

03 81 81 00 is

03 Bit string
81 Length of contents = 1 byte; the top-bit is set to signify that there are 
more than 127 octets of content
81 the bit string uses 0x81 octets - 129 - corresponds to a 1024 bit key 
extended to 129 octets to stop number being negative
(I would have to assume that the most significant octet would be >= 0x80, which 
would be negative)
00 There are 0 unused bits in the bit-string

and

03 82 01 01 00

03 Bit string
82 There are 2 following bytes to describe length; content greater than 127 
octets
01 01 0x0101 = 257 - corresponds to a 2048-bit key extended to 257 octets (so 
not negative)
00 There are 0 unused bits in the bit-string

It's been a long time since I played with ASN.1 directly, but there's plenty of 
references available via Google (or any other search engines)

Carl


From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Mithun Kumar [mithunsi...@gmail.com]
Sent: 14 March 2014 12:48
To: openssl-users@openssl.org
Subject: Need understanding on certutil output.

What is the difference between these two formats


Below is the ASN output using certuil tool.

Cert1:-

0618:30 0d ; SEQUENCE (d Bytes)
061a:|  06 09 ; OBJECT_ID (9 Bytes)
061c:|  |  2a 86 48 86 f7 0d 01 01  05
|  | ; 1.2.840.113549.1.1.5 sha1RSA
0625:|  05 00 ; NULL (0 Bytes)
0627:03 81 81 ; BIT_STRING (81 Bytes)
062a: 00



Cert2:-

0780:30 0d ; SEQUENCE (d Bytes)
0782:|  06 09 ; OBJECT_ID (9 Bytes)
0784:|  |  2a 86 48 86 f7 0d 01 01  05
|  | ; 1.2.840.113549.1.1.5 sha1RSA
078d:|  05 00 ; NULL (0 Bytes)
078f:03 82 01 01 ; BIT_STRING (101 Bytes)
0793:   00


What does the highlighted values  indicate? Any idea?

-mithun

RE: Declare BN_CTX on stack (not BN_CTX*)

[Carl Young]

[Sorry for top-post - Outlook Web Client]

I would say that BN_CTX_init() is deprecated and you should be using BN_CTX * 
ctx = BN_CTX_new();

Indeed, https://www.openssl.org/docs/crypto/BN_CTX_new.html says

BN_CTX_init() (deprecated) initializes an existing uninitialized BN_CTX. This 
should not be used for new programs. Use BN_CTX_new() instead.

Regards,

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Jeffrey Walton [noloa...@gmail.com]
Sent: 16 January 2014 20:28
To: OpenSSL Users List
Subject: Declare BN_CTX on stack (not BN_CTX*)

I'm trying to declare a BN_CTX on the stack (with a subsequent call to
BN_CTX_init) to stay out of the memory manager.

When I do, I get an error:

aggregate ‘BN_CTX’ has incomplete type and cannot be defined

I've included , so I'm kind of surprised I can't
compile. ( has some typedefs and comments about
definitions in ossl_typ.h).

Grepping sources:

$ grep -R BN_CTX_init *
...
crypto/bn/exp.c:BN_CTX_init(&ctx);

does not show me anything interesting because it looks like I'm doing
what exp.c is doing:

BN_CTX ctx;
BIGNUM a,b,c,r,rr,t,l;
...

BN_CTX_init(&ctx);

How do I declare a BN_CTX on the stack?

Thanks in advance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Is aesni-intel module required for openssl

[Carl Young]

>From 
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/ch03s02s03.html

check with root running "openssl engine -c -tt"

Carl


From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of sarav.sars [sarav.s...@gmail.com]
Sent: 07 November 2013 05:48
To: openssl-users@openssl.org
Subject: Is aesni-intel module required for openssl

Is it necessary to load aesni-intel module like 'modprobe aesni-intel' ?
Loading this module makes no difference in openssl speed output.

openssl speed -elapsed -evp aes-128-cbc

before loading aesni-intel module

type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
aes-128-cbc 561737.40k   598685.65k   610372.15k   610802.35k
611521.88k

after loading aesni-intel module

type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
aes-128-cbc 563835.61k   598692.84k   608343.64k   610805.42k
611524.61k




--
View this message in context: 
http://openssl.6102.n7.nabble.com/Is-aesni-intel-module-required-for-openssl-tp47216.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: OpenSSL 1.0.1e build failure using MinGW, multiple definition of OPENSSL_Uplink

[Carl Young]

Forgive me if I am wrong, but I didn't think the FIPS 2.0 code base could be 
used with anything else but MS VC on Windows!? 

The user guide does not state this explicitly as far as I can see, but the 
instructions - for building the canister and linking against it - only mention 
MSVC based commands, which would lead me to believe that MinGW/MSYS are not 
approved/tested (only for canister I mean). See section 4.3, and section 4.3.1 
specifically.

4.3.1 Building the FIPS Object Module from Source

Build the FIPS Object Module from source:

ms\do_fips [no-asm]

where the no-asm option may or may not be present depending on the platform 
(see §3.2.1).
Note that as a condition of the FIPS 140-2 validation no other user specified 
configuration options may be specified.

Regards,

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Thomas J Pinkl [t...@pinkl.com]
Sent: 11 September 2013 15:50
To: openssl-users@openssl.org
Subject: OpenSSL 1.0.1e build failure using MinGW, multiple definition of 
OPENSSL_Uplink

I'm trying to build a FIPS capable OpenSSL 1.0.1e on a 32-bit Windows XP
box using MinGW + Msys.  The FIPS module is version 2.0.5 and it builds
and installs successfully using ./config; make; make install.

I configured OpenSSL 1.0.1e with:

   ./Configure mingw shared fips

And ran:

   make depend; make

I then get this error:

make[4]: Entering directory `/c/dev/openssl-1.0.1e'
Creating library file: libcrypto.dll.a
libcrypto.a(uplink.o):uplink.c:(.text+0x30): multiple definition of
`OPENSSL_Uplink'
c:/OpenSSL/lib/fipscanister.o:uplink.c:(.text+0x3ac20): first defined
here libcrypto.a(uplink-x86.o):uplink-x86.s:(.data+0x0): multiple
definition of `OPENSSL_UplinkTable'
c:/OpenSSL/lib/fipscanister.o:uplink-x86.s:(.data+0x140): first defined
here
c:/sbperl/c/bin/../lib/gcc/i686-w64-mingw32/4.6.3/../../../../i686-w64-mingw32/bin/ld.exe:
c:/OpenSSL/lib/fipscanister.o: bad reloc address 0xa in section
`.text.unlikely'
collect2: ld returned 1 exit status
make[4]: *** [link_a.cygwin] Error 1
make[4]: Leaving directory `/c/dev/openssl-1.0.1e'
make[3]: *** [do_cygwin-shared] Error 2
make[3]: Leaving directory `/c/dev/openssl-1.0.1e'
make[2]: *** [libcrypto.dll.a] Error 2
make[2]: Leaving directory `/c/dev/openssl-1.0.1e'
make[1]: *** [shared] Error 2
make[1]: Leaving directory `/c/dev/openssl-1.0.1e/crypto'
make: *** [build_crypto] Error 1

Can anyone provide some guidance?

--
Thomas J. Pinkl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Using MD5 certificates in OpenSSL FIPS

[Carl Young]

I'm sure Steve may be able to answer more succinctly, but generally...

That [Signature Algorithm: sha1WithRSAEncryption] is the signature on the X.509 
certificate - nothing to do with TLS at this point. When the certificate is 
'sealed', it is done so with a signature - in this case RSA combined with the 
SHA-1 hash algorithm - the signature is the combination of encrypting the SHA1 
hash of the certificate with the associated private key of the signing 
certificate.

When the certificate is "loaded" by OpenSSL, it is simply loaded into memory 
(usually) - no crypto operations are required to load a certificate. The 
private key associated with a certificate may be (and usually) is encrypted in 
some form. If that form uses MD5 or PBKD in any form, then it would not be 
allowed in FIPS mode.

When the certificate's RSA key and the associated is used during TLS (in PRF 
and signing, as Steve pointed out), then they are used in combination with 
SHA-1 and MD5. OpenSSLs access to MD5 at this point is probably private and any 
EVP access to the MD5 functions would be disabled in FIPS140-2 approved mode.

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 26 July 2013 14:10
To: openssl-users@openssl.org
Subject: RE: Using MD5 certificates in OpenSSL FIPS

If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm: 
sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is 
attempting to load it, I assume it's using the MD5-SHA1 combination. If that 
*is* permitted, why am I getting the "disabled for FIPS" error?

Graeme

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dr. Stephen Henson
Sent: Friday, July 26, 2013 7:39 AM
To: openssl-users@openssl.org
Subject: Re: Using MD5 certificates in OpenSSL FIPS

On Fri, Jul 26, 2013, Carl Young wrote:

> As far as I remember, the use of MD5 is only allowed in TLS 1 for the
> specific use within the PRF for key generation as the __combination__ of
> SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still
> disallowed.
>

It is also permitted with the MD5+SHA1 combined RSA signature again because
the combination is not considered weak.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Using MD5 certificates in OpenSSL FIPS

[Carl Young]

As far as I remember, the use of MD5 is only allowed in TLS 1 for the specific 
use within the PRF for key generation as the __combination__ of SHA-1 and MD5 
is not considered weak usage. Use of MD5 elsewhere is still disallowed.

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 25 July 2013 18:40
To: openssl-users@openssl.org
Subject: Using MD5 certificates in OpenSSL FIPS

I am using OpenSSL FIPS module 2.0.5 with OpenSSL 1.0.1e on Windows. After 
calling FIPS_mode_set(1), I cannot call SSL_CTX_use_RSAPrivateKey_file. When I 
debug into it, it is failing when trying to initialize MD5. Apparently the 
private key is encrypted with MD5.

I was under the impression that MD5 was not allowed in FIPS mode **unless** 
it's being used with TLS, which is what I'm doing. Am I wrong, or is there 
something else I have to do to allow MD5 in this case?

Thank you
Graeme Perrow

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Is it possible to grab CA certificate?

[Carl Young]

Sorry for top-post - webmail :(

In TLS, the server should not send the root certificate - it sends the chain up 
to, but not including, the root certificate.

>From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx

Server Certificate Message
The server sends its certificate to the client. The server certificate contains 
the server’s public key. The client uses this key to authenticate the server 
and to encrypt the Premaster Secret. The Server Certificate message includes:
The server’s certificate list. The first certificate in the list is the 
server’s X.509v3 certificate that contains the server’s public key.

Other validating certificates. All other validating certificates, up to but not 
including the root certificate from the CA, signed by the CA.


Carl


From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Cristian Thiago Moecke [cont...@cristiantm.com.br]

Sent: 18 June 2013 11:43

To: openssl-users@openssl.org

Subject: Re: Is it possible to grab CA certificate?









If the only certificate that is shown is the server certificate, the server is 
not providing the certificate chain, only the server certificate. This way, you 
wont be able to get the CA certificate from the SSL connection. Maybe your 
network
 admins want to fix that too. 





What is strange is that exceptions are not working as expected. Is there any 
chance that the certificate is changing from time to time?





I really think you will need to discuss what is happening with the server 
admins. 

















On Tue, Jun 18, 2013 at 3:07 AM, A A  wrote:


When I go to SSL site I see this message in fx:



"You have asked Firefox to connect securely to 
news.ycombinator.com,

but we can't confirm that your connection is secure.



Normally, when you try to connect securely,

sites will present trusted identification to prove that you are

going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could

mean that someone is

trying to impersonate the site, and you shouldn't continue.



news.ycombinator.com uses an invalid security certificate.



The certificate is not trusted because no issuer chain was provided.



(Error code: sec_error_unknown_issuer)"



And then I go to Add exception -> View -> Details tab ->  Certificate

hierarchy but there is only 
news.ycombinator.com present. When I

export it and try to import it into fx I get:



"This is not a certificate authority certificate, so it can't be

imported into the certificate authority list."



So I think this is not CA certificate but a server certificate.



And about recurring errors on the same site: I have a number of server

exceptions in "Servers" list under my company custom CA certificate in

Advanced -> View Certificates -> Servers. All of them are marked

"Permanent". Nevertheless, the error page I described above appears

from time to time even on sites that I have previously added to a

trusted list. It's extremely annoying and I don't know why this

happens. I use Firefox 21.




__

OpenSSL Project 
http://www.openssl.org

User Support Mailing Listopenssl-users@openssl.org

Automated List Manager   
majord...@openssl.org












-- 

--

Cristian Thiago Moecke





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: encrypting video files AES-ECB

[Carl Young]

You would need to tell everyone your exact command line (with key obfuscated, 
etc), but I suspect you are not specifying an [consistent] IV to the encrypt 
and decrypt commands?



Carl


From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Raghunandan BN [raghunandan...@gmail.com]
Sent: 14 May 2013 05:11
To: openssl-users@openssl.org
Subject: encrypting video files AES-ECB

question:
trying to encrypt a uncompressed video file(nv12) with AES128-ECB using openssl 
utility. but once i decrypt the encrypted video file with same key, i'm not 
able to playback the video file. ami missing some thing or is there a known 
limitation?

Thanks,
Raghu

RE: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file?

[Carl Young]

I would hope that one of us could provide you something given a week or so... 
very busy with work currently but  I'm sure I could do something in time.

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of John Zavgren [j...@zavgren.com]
Sent: 14 November 2012 12:08
To: openssl-users@openssl.org
Subject: Re: How can I pass data to a running instance of OpenSSL CLI on 
Windows within a batch file?


Leon: 
I suggest that you write a program that uses file descriptors for IO? I'd write 
it in C.



On Mon, Oct 22, 2012 at 5:51 AM, Funnell, Leon  wrote:

We have Windows application which passes data to OpenSSL.exe to encrypt as a 
Windows command, then scrapes the encrypted data back from the output.  The 
Windows app can call external Windows commands but we cannot call APIs or 
extend the functionality programmatically.   Functionally it works, but it 
doesn’t scale as each time you call OpenSSL.exe it takes about a second and 
spikes the CPU.  The application we are using is required to process 6000 
records every hour.  

I have two tests set up:
1.   A batch file which runs 6000 times, repeatedly running the following 
command:
Openssl.exe aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt

2.   A text file with the following line repeated 6000 times, which I paste 
into the OpenSSL CLI:
aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt

When I use the batch file which invokes OpenSSL.exe 6000 times, it takes 
several hours to complete and spikes the CPU significantly.  It seems to be the 
initialisation of the OpenSSL.exe program rather than the encryption however, 
as if I paste in the text file to the OpenSSL.exe CLI it completes in several 
seconds and takes very little CPU.

What I need is a way of running OpenSSL.exe as a process which I can pass 
parameters to on STDIN, and output parameters to STDOUT.  I would like to be 
able to call another batch file or program with the unencrypted data as the 
input parameter which would then pass this to the running “service”, retrieve 
the  encrypted data result from this “service” and pass it as the output.

Can anyone enlighten me on a potential solution for this?

Thanks and Regards,

Leon Funnell


This e-mail is confidential and intended solely for the use of the 
individual(s) to whom it is addressed. If you are not the intended recipient, 
be advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing, copying of, or any action taken in 
reliance upon it, is strictly prohibited and may be illegal.

Catlin Underwriting Agencies Limited and Catlin Insurance Company (UK) Ltd. are 
authorised and regulated by the Financial Services Authority.

The registered office of Catlin Underwriting Agencies Limited (incorporated and 
registered in England and Wales with company number 1815126) and Catlin 
Insurance Company (UK) Ltd. (incorporated and registered in England and Wales 
with company number 5328622) is 20 Gracechurch Street, London, EC3V 0BG.

Catlin Risk Solutions Limited is an Appointed Representative of Catlin 
Underwriting Agencies Limited.







-- 

No amount of believing makes something a fact. James Randi




John Zavgren
603-371-0513 (home)
603-801-2094 (cell)
johnzavgren (skype)
603-821-0904 (skype)
john@zavgren.com__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file?

[Carl Young]

Do have really have to use OpenSSL.exe or could you create/use a modified 
version of that tool that does exactly what you expect?



Your "scaling" problem is because of the entropy gathering each time OpenSSL is 
launched. This takes a significant amount of time, especially compared to the 
actual encryption operation. I would think that creating a service process that 
responded to a CLI client tool would be more efficacious than trying to scrape 
the OpenSSL output, but that's just my opinion. Without knowing your exact 
restrictions, it's hard to suggest what to do.



If you don't want the overhead of installing services, and everything will be 
run from the same window session, you could have the first instance of your 
process register a global object and stay resident waiting for LRPC calls from 
secondary instances (or even use files and events - whatever floats your boat).



Carl




From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Funnell, Leon [leon.funn...@catlin.com]
Sent: 12 November 2012 11:18
To: openssl-users@openssl.org
Subject: RE: How can I pass data to a running instance of OpenSSL CLI on 
Windows within a batch file?

Got it working (almost) in vbscript.  I have the following problem however:

If I run Openssl.exe on it’s own waiting for input, I can tell it to do one 
encryption only.  See the steps I have followed below:

1.   In Windows, run CMD.exe

2.   Cd to C:\OpenSSL-Win64\bin

3.   Invoke openssl.exe

4.   Type “aes-256-cbc -a -e -K 
656963636D6B6A6439346A66676E697730336C6A6B646C667574636E76333230 -iv 0”

5.   Enter text “12345678” and press Enter

6.   Press Ctrl-Z and enter

7.   Press Ctrl-Z and enter

8.   Outputs “6+gAsG2gj13Jsvujnfyasg==” – this is the encrypted value of 
“12345678” – need this without 

9.   If I the type “aes-256-cbc -a -e -K 
656963636D6B6A6439346A66676E697730336C6A6B646C667574636E76333230 -iv 0” a 
second time, I get “non-hex digit, invalid hex iv value, error in aes-256-cbc”

10.   Then there is no way to exit openssl except pressing CTRL-C

If I follow the same above process in vbscript using oExec.StdIn.Write, I can 
get it to work without the , as it seems to understand the EOT (character 
26) marker on the end of the line.  The problem is, it returns to the Openssl> 
prompt, but again wont work a following time due to the error “non-hex digit, 
invalid hex iv value, error in aes-256-cbc”

Any ideas?  This looks like a bug with the CLI, unless you need to change the 
syntax second time round.

Leon



From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Charles Mills
Sent: Tuesday, October 23, 2012 12:12 AM
To: openssl-users@openssl.org; openssl-users@openssl.org
Subject: RE: How can I pass data to a running instance of OpenSSL CLI on 
Windows within a batch file?

Msdn.com is excellent. Good advice, few flames.
--
Sent from my mobile phone. Please excuse my brevity.

Charles
Jeremy Farrell mailto:jeremy.farr...@oracle.com>> 
wrote:
If you start openssl.exe, that's the mode it's in by default - waiting for 
commands from stdin, writing the output from those commands to stdout. Isn't 
that what you're looking for?

If you're looking for advice on the programming details of attaching to its 
stdin and stdout and sending/receiving that data from another program, you'd 
probably be better asking on a general Windows programming list where there'll 
be more people with that sort of expertise.

Regards,
  jjf

From: Funnell, Leon 
[mailto:leon.funn...@catlin.com]
Sent: Monday, October 22, 2012 10:52 AM
To: openssl-users@openssl.org
Subject: How can I pass data to a running instance of OpenSSL CLI on Windows 
within a batch file?

We have Windows application which passes data to OpenSSL.exe to encrypt as a 
Windows command, then scrapes the encrypted data back from the output.  The 
Windows app can call external Windows commands but we cannot call APIs or 
extend the functionality programmatically.   Functionally it works, but it 
doesn’t scale as each time you call OpenSSL.exe it takes about a second and 
spikes the CPU.  The application we are using is required to process 6000 
records every hour.

I have two tests set up:

1.   A batch file which runs 6000 times, repeatedly running the following 
command:

Openssl.exe aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt



2.   A text file with the following line repeated 6000 times, which I paste 
into the OpenSSL CLI:

aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt

When I use the batch file which invokes OpenSSL.exe 6000 times, it takes 
several hours to complete and spikes the CPU significantly.  It seems to be the 
initialisation of the OpenSSL.exe program rather than the encryption however, 
a

RE: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" when client connects

[Carl Young]

Sorry for top-posting - still getting used to this webmail:

The only way I can see that the server is "reponsible" for this behaviour is 
the certificate you are providing. Has that expired or been invalidated in any 
way at the client?

Carl

From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Jeremy Bratton [yer...@gmail.com]
Sent: 08 November 2012 04:58
To: openssl-users@openssl.org
Subject: Re: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" 
when client connects


I now have an ssldump of an incoming connection. I think it shows the client is 
closing the connection before the handshake is even complete. Is there any way 
the server is responsible for this behavior? Thanks. 


New TCP connection #4: x.com(12900) <-> a.b.c.d(443)
4 1  0.0362 (0.0362)  C>S  Handshake
  ClientHello
Version 3.1 
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
  NULL
4 2  0.0365 (0.0003)  S>C  Handshake
  ServerHello
Version 3.1 
session_id[32]=
  4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d 
  f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0 
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod   NULL
4 3  0.0365 (0.)  S>C  Handshake
  Certificate
4 4  0.0365 (0.)  S>C  Handshake
  ServerHelloDone
40.0600 (0.0234)  C>S  TCP FIN
40.0602 (0.0002)  S>C  TCP FIN



On Tue, Nov 6, 2012 at 8:35 AM, Jeremy Bratton  wrote:

I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian 6.0.2. Client verification is 
disabled. 


I've written a SOAP server app that uses SSL. The only client that connects to 
it is completely out of my control. Though there have been no changes on either 
end that I'm aware of, the client is no longer able to connect to the server. I 
can see from the error message that something is going wrong during the SSL 
handshake, but I have no idea what (the actual server uses ruby & soap4r). I'm 
just getting the error message "SSL_accept SYSCALL returned=5 errno=0 
state=SSLv3 read client certificate A" 


I set up apache on the server and was able to get a more detailed error message 
which is at http://pastebin.com/vvnLi9BQ 


Basically, it seems like the client is sending an EOF before the handshake is 
complete, but I've been assured that the client is working just as it's always 
been. Also this client connects to several other companies' servers and I 
believe they're all still working correctly. I'm pretty sure the client is 
written in Java in case that matters. 


I can connect to the server with a browser just fine. 


Is this a common issue? Any suggestions for a fix or work-around? A web search 
hasn't turned up much of anything. 


Thanks, 
Jeremy__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: FIPS 140-2 and PBKD

[Carl Young]

- Original Message - 
From: "Dr. Stephen Henson" 

To: 
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD



On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:



In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in
particular) when in FIPS enabled mode, it returns an error.



How are you attempting to use it and what error do you get?



Steve,

I have to apologize - the group that supplied me with the OSSL code plus a 
FIPS certified engine have modified it to stop PBKD from working when FIPS 
mode is enabled. This is nothing to do with OpenSSL persay.


The underlying engine (RSA Bsafe) does also disable PBKD functions as well 
though, and its security policy lists PBKD as non-FIPS-approved.


Regards,

Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: pkcs12 command does not work in FIPS mode

[Carl Young]

- Original Message - 
From: "Dr. Stephen Henson" 

On Thu, Jun 18, 2009, Lior Aharoni wrote:


I have encountered a problem when trying to use OpenSSL command to decode
PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS support
enabled.

snip
*

Can someone shed light on why this does not work in FIPS mode? How does 
this

functionality contradict the FIPS requirements?



Most browser output PKCS#12 files use 40 bit RC2 to encrypt certificates. 
That

algorithm is not permitted in FIPS mode.

Steve.


Aren't PKCS#12 files, when they use password bases key-derivation, 
incompatible with FIPS 140-2 full stop?


Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: CMS decryption error with engine

[Carl Young]

- Original Message - 
From: "Dr. Stephen Henson" 

On Tue, Jun 16, 2009, Carl Young wrote:


How would the engine be expected to pick up the IV, aside from the cipher
context?



If you look at EVP_cipher_asn1_to_param() you'll see it calls
get_asn1_parameters in the EVP_CIPHER structure. This is supposed to be 
set to
whatever function the EVP_CIPHER would use to decode the ASN1 and set the 
IV

and parameters (if any).

The IV isn't passed into the context, the EVP_CIPHER should decode it and 
pass

it into itself in whatever way is appropriate.

Some implementations don't bother to handle this case. This means they 
will

work fine in SSL/TLS but will fail in ASN1 cases such as CMS.


Hi Steve,

I see that now, thanks. I will get the engine code checked out and fixed.

Thanks,

Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: CMS decryption error with engine

[Carl Young]

- Original Message - 
From: "Dr. Stephen Henson" 

On Tue, Jun 16, 2009, carlyo...@keycomm.co.uk wrote:


Hi,

I'm getting failures decrypting a CMS (KEK or KTRI) when using an engine
(RSA bsafe).

It appears that when the IV ( from EVP_cipher_asn1_to_param) is set into 
the

context, the engine is not handling this somehow.

The second call to EVP_cipher_init_ex has a NULL IV pointer in
CMS_EncryptedContent_init_bio(), and if I change this to pass in ctx->oiv
temporarily then the decryption succeeds OK. So - I am guessing that the 
IV

is not being passed to the engine somehow.

Is this an OpenSSL issue or an issue with the engine?

ctx->cipher->flags is set to 2 (EVP_CIPH_CBC_MODE). Should it have
EVP_CIPH_CUSTOM_IV set somehow?

Thanks for any guidance/advice.



ENGINE issue, looks like it isn't handling the possible multiple calls to
EVP_CipherInit_ex() correctly. The default OpenSSL ciphers have no 
problems

with this.



Thank you Dr Henson.

CMS_EncryptedContent_init_bio() calls EVP_CipherInit_ex twice() during the 
decrypt phase. In neither case does it pass the IV into EVP_CipherInit_ex().


How would the engine be expected to pick up the IV, aside from the cipher 
context?


Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: FIPS Server

[Carl Young]

No, you are not FIPS compliant at the server just because your clients are 
using FIPS compliant crypto modules and security functions. In this case, the 
client will be using RSA+3TDES in EDE/CBC mode with SHA-1 HMAC, because this is 
the only available cipher suite on XP that is FIPS compliant (supposedly!). TLS 
will allow this to be negotiated as a common cipher suite between client and 
server. Your server, in its current configuration, would allow non-approved 
security functions to be used.

Your server side process must use a certified crypto module and be in FIPS 
compliant enabled mode so that only FIPS approved security functions can be 
used.

Carl
  - Original Message - 
  From: Koripella Srinivas 
  To: openssl-users@openssl.org 
  Sent: Thursday, February 19, 2009 10:01 AM
  Subject: FIPS Server




  Hello all,

  I have a general query regarding FIPS mode. I am running an  simple openssl 
https server based on openssl that services https requests from window clients. 
I have the following setting in my windows XP "Use FIPS comliant
  algorithms for encryption, hashing and signing set to 1" . 
  Using IE on a windows xp client with the above setting i am able to 
communicate with a openssl command line https server. I dont have  FIPS enabled 
on my opessl command line tool. Then how come i am able to handle requests from 
a windows machine which has the FIPS setting to 1.

  Now is it ok to say i am FIPS compliant on the server side becaause i am 
handling FIPS requests from clients?

  thanks in advance for your time.








--
  Add more friends to your messenger and enjoy! Invite them now.


--
  Download prohibited? No problem. CHAT from any browser, without download.

Re: FIPS

[Carl Young]

- Original Message - 
From: "Kyle Hamilton" 

To: "openssl-users" 
Sent: Friday, February 27, 2009 1:14 AM
Subject: Re: FIPS




Take everything I say here with a grain of salt: I'm not a FIPS
expert, and it's entirely possible that I am misinterpreting something
that I read.  If Steve M wants to weigh in and verify or debunk my
interpretation, I would not object! :)



*: You actually can use other FIPS-validated modules to provide
cryptographic services to your application, but if you want to move
key data from one module to another you must first export it, with
encryption, from the one module that has it -- and then import it into
the other module and only then decrypt it.  With OpenSSL, no
key-storage facilities are present, so you don't have much to worry
about on this score -- just remember that FIPS mandates that any
key-storage facilities only release their private and symmetric keys
once they've been encrypted.


Kyle,

Sorry to butt in on this thread. That was an excellent explanation, thanks. 
Where, in FIPS140-2, does it mandate this level of key protection for 
security level 1 or 2? Or, are you talking about the envelope of the process 
using the crypto module rather than the crypto module envelope? NIST SP 
800-57 has recommendations, but I couldn't see this in 140-2.


Thanks,

Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

PKCS#7 symmetric keys

[Carl Young]

Hi all,

With OpenSSL, can I create PKCS#7 CMS messages just using a pre-shared 
symmetric key?


I just need to package the secret with its encryption algorithm identifier, 
and the PKCS#7 envelope looks ideal for this.


The only additional data that I may wish to add to the message may be the 
symmetric key identity, which would be a proprietary identifer. Is there any 
standard compliant way within PKCS#7 to add application specific extensions 
such as this?


Thanks for any assistance,

Carl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org