RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions
The term 'FIPS compliant' does not refer to the software capability, but to the implementation used to perform the cryptographic operations. If only one end of your connection is in FIPS mode then the full end to end path is not necessarily FIPS compliant. In fact, without some out-of-band mechanism there is no way to determine what implementation is being used on the other end since the wire protocol is the same. Otherwise the most you can say is that your end of the connection is FIPS compliant. You can still utilize FIPS approved algorithms without guaranteeing FIPS compliance. .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of mclellan, dave Sent: Tuesday, November 13, 2012 4:26 PM To: openssl-users@openssl.org Subject: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) and I'd like to test out this set of assumptions (or maybe they are 'assertions') - In the context of OpenSSL, FIPS compliance is all about algorithm choice. In FIPS mode (FIPS_mode_set() returns success), weaker algorithms are disabled and OpenSSL returns an error if use of them is attempted in FIPS mode. - As long as one side of the connection insists that FIPS-approved algorithms be used, and as long as the other side is capable and agrees, then the two negotiate only a FIPS-approved algorithm. o Both sides might be implemented with OpenSSL, but only one of them has to be running in FIPS mode for the negotiation to choose a FIPS algorithm. o If one side is not implemented with OpenSSL, the same is still true: as long as it can negotiate a shared cipher with an process running in FIPS-mode, FIPS compliance is still achieved. - Technically the phrase 'FIPS compliant' refers to the software capability; it does not describe the quality of an end-to-end connection. That is, if a running program is 'FIPS-compliant' it will insure that a safe connection will be negotiated, where 'safe connection' means 'a connection using a FIPS-approved algorithm'. Having written these, they now seem like dumb questions, but I'd rather have affirmation of assertions and appear dumb than do the wrong thing based on a wrong assumption. Thanks for your advice (Steve...) +-+-+-+-+-+-+ Dave McLellan, Symmetrix Software Engineering EMC Corporation, 176 South St, Hopkinton MA Mail Stop 176-B1 1/P-36 office 508-249-1257, fax 508-497-8027 cell 978-500-2546 +-+-+-+-+-+-+
RE: Question about EVP_get_digestbynid and ECDSA
Eh, I had it right all along, but when I dumped it via x509 later it showed a strange OID; seems the directory I was in had an old 0.0.8e OpenSSL.exe... *face palm* Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Monday, November 05, 2012 6:57 PM To: openssl-users@openssl.org Subject: Re: Question about EVP_get_digestbynid and ECDSA On Mon, Nov 05, 2012, Erik Tkal wrote: > I have a tool that is creating a cert using X509_sign. I noticed that > there are no EVP_MD structs that handle ECDSA properly and found this > thread from a while back. > What version of OpenSSL is this for? For OpenSSL 1.0.0 and later you just pass the correct key and digest in. So if you pass an EC key and EVP_sha256() it will use the correct algorithms and set up the ASN1 strutucture appropriately. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Question about EVP_get_digestbynid and ECDSA
I have a tool that is creating a cert using X509_sign. I noticed that there are no EVP_MD structs that handle ECDSA properly and found this thread from a while back. So if the digest passed to X509_sign doesn't indicate the signature algorithm to use, it appears that the proper value needs to be set into the X509 somehow? In the sig_alg member? How is this done (the ASN1 macro stuff makes it hard to decode)? I see a X509_get_signature_type(), but no corresponding _set_ method. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, January 19, 2012 7:36 AM To: openssl-users@openssl.org Subject: Re: Question about EVP_get_digestbynid and ECDSA On Wed, Jan 18, 2012, Keith Welter wrote: > If I call EVP_get_digestbynid with NID_ecdsa_with_SHA256, > NID_ecdsa_with_SHA384 or NID_ecdsa_with_SHA512 it returns null (on > OpenSSL 1.0.0-fips 29 Mar 2010). I expected it to return EVP_sha256, > EVP_sha384 and EVP_sha512 respectively. Am I supplying the wrong NIDs? > Versions of OpenSSL before 1.0.0 had a horrible hack that linked digests to signature algorithms. This was removed in 1.0.0 and later and instead it uses a table mapping signature OIDs to their repective key and digest algorithm OIDs. You can use the function OBJ_find_sigid_algs(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate set of suites? Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, November 01, 2012 10:38 PM To: openssl-users@openssl.org Subject: Re: ECDH-RSA and TLS 1.2 On Fri, Nov 02, 2012, Abhiram Shandilya wrote: > Hi Steve, Thanks for your response. I'm just trying to figure out what > it takes to get this working - are you of the opinion that an SSL > server should not support TLS 1.2 ECDH-RSA cipher suites? Could you also > mention why? > Well one reason is that the fixed ECDH cipher suites do not support forward secrecy because they always use the same ECDH key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: id-aes256-GCM command line encrypt+decrypt fail
I think Steve posted a while back that those ciphers require special handling and do not work with the enc command yet. Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of e...@mit.edu Sent: Thursday, October 11, 2012 12:19 PM To: openssl-users@openssl.org Subject: id-aes256-GCM command line encrypt+decrypt fail Hello, I am trying to encrypt and decrypt a string using command-line openssl (1.0.1c) with the id-aes256-GCM algorithm, but every time it fails echo -n "bla" | openssl enc -e -id-aes256-GCM -nosalt -a -out t.out openssl enc -d -id-aes256-GCM -nosalt -a -in t.out bad decrypt This is true whether I use manually specified key/IV or password, with or without salt. The same commands work with other algorithms. What am I missing? Thanks Mark
RE: libs version are 1.0.0 after compiling openssl 1.0.1c
Wouldn't the binary compatibility only work the other way? I.e. if you have an app written against 1.0.0 and then later drop in 1.0.1 binaries (since maybe some other app needs that), then that should work and your app should not break. If you compile against 1.0.1 headers wouldn't the assumption be that you are now on the leading edge of the compatibility issue and are using a 1.0.1 binary? .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of sa...@zxid.org Sent: Wednesday, September 26, 2012 10:13 AM To: st...@openssl.org; r...@openssl.org Cc: openssl-users@openssl.org; sa...@zxid.org Subject: Re: libs version are 1.0.0 after compiling openssl 1.0.1c "Dr. Stephen Henson" said: > On Tue, Sep 25, 2012, Thakur, Praveen Kumar wrote: > > > I don't see any issue if .so files extension is 1.0.0. However, I wanted to > > confirm that is this a defect with 1.0.1 release? Or am I missing something. > > The 1.0.1 release should be binary compatible with 1.0.0, any > discrepancies should be fixed as they are bugs. For a brief > explanation of the versioning scheme see: When using software compiled against 1.0.1c headers with 1.0.0 libraries from debian, I get following core dump ssl_sess_cert_free, bad reference count (gdb) bt #0 0x0053e416 in ?? () #1 0x002e1c8f in raise () from /lib/i386-linux-gnu/libc.so.6 #2 0x002e52b5 in abort () from /lib/i386-linux-gnu/libc.so.6 #3 0x00624986 in ssl_sess_cert_free (sc=0x90c6510) at ssl_cert.c:275 #4 0x00626888 in SSL_SESSION_free (ss=0x90b44c8) at ssl_sess.c:280 #5 0x0061f58e in SSL_free (s=0x90a3d00) at ssl_lib.c:219 #6 0x0805018f in hi_close_final (hit=0xbfbd4e78, io=0x90a1458, lk=0x81361de "hi_read") at hiios.c:76 #7 0x0804fa2c in hi_close (hit=0xbfbd4e78, io=0x90a1458, lk=0x81361de "hi_read") at hiios.c:76 #8 0x08061e67 in hi_read (hit=0xbfbd4e78, io=0x90a1458) at hiread.c:47 #9 0x0805236c in hi_in_out (hit=0xbfbd4e78, io=0x90a1458) at hiios.c:76 #10 0x080540cd in hi_shuffle (hit=0xbfbd4e78, shf=0x90a0d28) at hiios.c:76 #11 0x0804e96b in main (argc=0, argv=0xbfbd4fc4, env=0xbfbd4fc8) at zxbusd.c:170 (gdb) The core dump does not happen if I statically link against 1.0.1c libraries. The usage is multithreaded server with ClientTLS connection. Nonblocking io with epoll loop and delayed accept. The bug reproduces about 25% of the time. It requires at least 3 threads and two TLS clients to reproduce. Cheers, --Sampo > http://www.openssl.org/support/faq.html#MISC8 > > Steve. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile
I suppose that's a workaround, but doesn't address the root cause. Windows can quite happily handle expired certificates still hanging out in trusted stores; I see this all the time as root updates occur and renewed certificates are installed. It seems that a change in OpenSSL broke the previous behaviour that allowed this as well, though we can't tell if it's the s_client app or the OpenSSL cert store functionality that changed this. .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Thursday, September 13, 2012 9:42 AM To: openssl-users@openssl.org Subject: RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Would it make sense to delete the expired certificate from the Windows store? Duplicate expired/non expired CA certificates sounds to me like a problem waiting to happen. Charles From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ashok C Sent: Thursday, September 13, 2012 12:49 AM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Sending again as the previous email did not appear in list. Is there some problem with the mailing list? -- Ashok On Wed, Sep 12, 2012 at 2:59 PM, Ashok C mailto:ash@gmail.com>> wrote: Hi, I don't think this question was answered. Could you please reply? -- Ashok On Tue, Jul 31, 2012 at 11:13 PM, Klaus Darilion mailto:klaus.mailingli...@pernau.at>> wrote: Hi! I wrote a small program which dumps all root certificates from Windows certificate store into a file. Then I use openssl to connect to Google and validate its certificate: openssl s_client -connect www.google.com:443<http://www.google.com:443> -CAfile dump.crt When using openssl0.9.8k or openssl0.9.8x everything works as expected. When using openssl1.0.0g or openssl 1.0.1c the certificate validation fails with: Verify return code: 10 (certificate has expired) CONNECTED(016C) depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority verify error:num=10:certificate has expired notAfter=Jan 7 23:59:59 2004 GMT verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com<http://www.google.com> i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority When analyzing the cafile with the dumped certificates from Windows certificate store, I found out that there are two certificates for Verisign with identical subject, whereas one is expired, the other not. X.509 Certificate Information: Version: 1 Serial Number (hex): 00e49efdf33ae80ecfa5113e19a4240232 Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Validity: Not Before: Mon Jan 29 00:00:00 UTC 1996 Not After: Wed Jan 07 23:59:59 UTC 2004 Subject: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Subject Public Key Algorithm: RSA X.509 Certificate Information: Version: 1 Serial Number (hex): 70bae41d10d92934b638ca7b03ccbabf Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Validity: Not Before: Mon Jan 29 00:00:00 UTC 1996 Not After: Tue Aug 01 23:59:59 UTC 2028 Subject: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Subject Public Key Algorithm: RSA Thus, it seems that openssl 0.9.8 just ignores the expired certificate and searches if there is another valid one whereas openssl 1.0.0 stop with the first expired certificate. Is the new behavior the intended behavior? Is it possible to have the old behavior also in new openssl versions? Thanks Klaus __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org<mailto:openssl-users@openssl.org> Automated List Manager majord...@openssl.org<mailto:majord...@openssl.org>
RE: openssl on a home LAN
You don't "use OpenSSL" on a home LAN, you use applications or OS layers that might use OpenSSL in their implementation. In general OpenSSL is a toolkit that provides cryptography and SSL/TLS implementations. I think you have to be more specific about what you mean by phrases like "connect Windows with Linux". Do you mean file sharing? Remote desktop? Backup solutions? Remote command prompts? Each usage will use some sort of enabling technology that you would have to research to determine its security, and many of these solutions might just as well already be using OpenSSL. .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 12:36 PM To: openssl-users@openssl.org Subject: openssl on a home LAN I am trying to figure out whether there is any point in using openssl on a home LAN between two computers. Would that improve on security in any way? Would I be limited in the types of OS connections? I mean, could I connect Windows with Linux? Also, if I want to make such a connection between two OS running in virtual machines, could that be done too? Thanks.
RE: SSL_CTX_set_options not working for SSL_OP_NO_TLSv1_1
Hi Gerhard, I have been playing with those options myself and your scenario should work. Try using s_server -no_ssl2 -no_ssl3 -no_tls1 -no_tls1_1 in conjunction with s_client -tls1_1. This sets exactly the options you indicate and it fails to connect. It's not clear from your code, but make sure you are setting those options on the SSL_CTX before you create an SSL session from that context. Erik Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jahn, Gerhard Sent: Friday, August 31, 2012 5:33 AM To: 'openssl-users@openssl.org' Subject: SSL_CTX_set_options not working for SSL_OP_NO_TLSv1_1 Hello, I'm usinng OpenSSL 1.0.1c in my Server application. This application can be configured to disallow accepting certain SSL/TLS protocols. If only TLS1.2 shall be allowed, the application calls meth=(SSL_METHOD*) SSLv23_server_method(); OpenSSLctx=SSL_CTX_new(meth); . SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv2); // never use SSL2 if (!allowed_ssl3) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv3); if (!allowed_tls1) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1); if (!allowed_tls11) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_1); if (!allowed_tls12) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_2); In the case where: allowed_ssl3 = allowed_tls1 = allowed_tls11 = FALSE and allowed_tls12 = TRUE I'd expect that I cannot establish a TLS11 connection, but it does Same is true if only SSLv3 or TLSv10 is allowed. Am I doing something wrong? Mit freundlichen Grüßen/Regards [cid:image001.jpg@01CD8791.C41153D0] Gerhard Jahn Tel.: +49 (89) 636-44657 Tel.: +49 (211) 399 22891 Fax: +49 (89) 636-45860 mailto:gerhard.j...@atos.net Otto-Hahn-Ring 6 81739 München, Deutschland Germany atos.net [cid:image002.jpg@01CD8791.C41153D0] Atos IT Solutions and Services GmbH Geschäftsführung: Winfried Holz, Udo Littke; Vorsitzender des Aufsichtsrats: Charles Dehelly; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933. Atos IT Solutions and Services GmbH, Legal Form: Limited Liability Company [GmbH]; Managing Directors: Winfried Holz, Udo Littke; Chairman of the Supervisory Board: Charles Dehelly; Registered Office: Munich, Germany; District Court: Munich, HRB 184933. <><>
RE: Negotiating TLS 1.0 from 1.2
TLS 1.1 would be acceptable, but the server is 1.0 (we don't have any
implementing 1.1). The server sends a TLS 1.0 ServerHello, which per the RFC
should work:
A TLS 1.2 client who wishes to negotiate with such older servers will
send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
ClientHello.client_version. If the server does not support this
version, it will respond with a ServerHello containing an older
version number. If the client agrees to use this version, the
negotiation will proceed as appropriate for the negotiated protocol.
What I'm trying to figure out is how to tell OpenSSL that the client agrees to
use this version, whereas now it generates a fatal alert. I cannot use an
SSLv2 handshake, as this is inside EAP-TLS.
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Abhiram Shandilya
Sent: Wednesday, August 29, 2012 2:38 PM
To: openssl-users@openssl.org
Subject: RE: Negotiating TLS 1.0 from 1.2
Hi Erik:
If you only want to allow TLSv1.2 and TLSv1.0 handshakes you will need to try a
connection with the TLSv1_2_client_method and then by TLSv1_client_method. You
can also use SSLv23_client_method to negotiate only TLSv1.2 and TLSv1.0 using
an SSLv2 handshake by explicitly disabling SSLv2, SSLv3 and TLSv1.1 using
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1_1). At
least that's my understanding.
Regards
Abhi
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Erik Tkal
Sent: Wednesday, August 29, 2012 10:47 AM
To: openssl-users@openssl.org
Subject: Negotiating TLS 1.0 from 1.2
I have a client that I want to attempt to negotiate TLS 1.2 but will accept TLS
1.0. What is the magic incantation (e.g. TLSv1_client_method() vs
TLSv1_2_client_method() in conjunction with what options)?
Specifying TLSv1_client_method() seems to only offer TLS 1.0 {3,1}. Specifying
TLSv1_2_client_method() offers TLS 1.2 {3,3}, but then when the server returns
a TLS 1.0 {3,1} ServerHello, the client generates a Protocol Version alert.
How do I tell the client that this is acceptable? Appendix E of RFC 5246
indicates this should be possible.
I am using OpenSSL 1.0.1c.
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Negotiating TLS 1.0 from 1.2
I have a client that I want to attempt to negotiate TLS 1.2 but will accept TLS
1.0. What is the magic incantation (e.g. TLSv1_client_method() vs
TLSv1_2_client_method() in conjunction with what options)?
Specifying TLSv1_client_method() seems to only offer TLS 1.0 {3,1}. Specifying
TLSv1_2_client_method() offers TLS 1.2 {3,3}, but then when the server returns
a TLS 1.0 {3,1} ServerHello, the client generates a Protocol Version alert.
How do I tell the client that this is acceptable? Appendix E of RFC 5246
indicates this should be possible.
I am using OpenSSL 1.0.1c.
Erik Tkal
Juniper OAC/UAC/Pulse Development
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: p2q RSA key augmentation
I don't believe OpenSSL has any mechanism to directly calculate P and Q; this
requires an iterative process. Once you have those, however, calculating the
rest are simple calculations using the BN library.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of David Madden
Sent: Thursday, August 09, 2012 5:11 PM
To: openssl-users@openssl.org
Subject: p2q RSA key augmentation
Hi, I have an RSA key { D, E, N } generated by another library. I can use
OpenSSL to encrypt & decrypt interoperably, but I would like to extend the key
with the other factors OpenSSL uses to work faster (factors P, Q, DMP1, DMQ1,
IQMP). Is there a library function that computes these other factors?
Thanks,
--
Mersenne Law LLC * www.mersenne.com * +1-503-679-1671
- Small Business, Startup and Intellectual Property Law -
1500 SW First Ave. * Suite 1170 * Portland, Oregon 97201
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: ECDSA testing with s_client/s_server
Hi Steve, Thanks, that certainly corrected it. I guess I'm perplexed as to why using ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); would not automatically set that flag since I'm explicitly giving the curve name already? Thanks, Erik .... Erik Tkal Juniper OAC/UAC/Pulse Development On Fri, Aug 03, 2012, Steve wrote: OK, you've got the parameters explicitly encoded instead of using a named curved. When you generate the key try calling: EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA testing with s_client/s_server
Hi Steve, here's the cert: Certificate: Data: Version: 3 (0x2) Serial Number: 34474 (0x86aa) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=eRoot1, OU=Engineering, O=Juniper Networks, Inc., L=Westford, ST=MA, C=US Validity Not Before: Aug 1 19:04:20 2012 GMT Not After : Jul 30 19:04:20 2022 GMT Subject: CN=eServer1, OU=Engineering, O=Juniper Networks, Inc., L=Westford, ST=MA, C=US Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:e9:7e:4c:b3:44:eb:21:a4:15:9d:9a:2e:5e:e3: 3c:09:19:22:36:cf:01:ee:dc:b8:67:1b:78:30:e0: dd:4c:7f:95:38:24:f1:0c:7d:1c:2b:ab:b8:67:b7: ef:42:9c:b6:df:fd:49:fb:1a:85:57:c1:e4:5a:e4: b6:7c:4b:40:3b Field Type: prime-field Prime: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff A: 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fc B: 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: 60:4b Generator (uncompressed): 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: 68:37:bf:51:f5 Order: 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: 63:25:51 Cofactor: 1 (0x1) Seed: c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: b7:81:9f:7e:90 X509v3 extensions: X509v3 Subject Key Identifier: E5:15:BA:0A:AB:56:A3:4C:47:4E:54:6D:21:93:0E:98:3B:CB:E9:3B X509v3 Subject Alternative Name: DNS:eserver1.juniper.net X509v3 Authority Key Identifier: keyid:F8:87:1E:2B:4D:8D:F1:96:B9:9A:D8:BA:15:D0:75:FF:F4:1A:A4:9C DirName:/CN=eRoot1/OU=Engineering/O=Juniper Networks, Inc./L=Westford/ST=MA/C=US serial:D3:27 X509v3 Key Usage: Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://localhost/pkitool/eroot1/eroot1.crl Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:d2:30:0d:5f:5c:61:45:ef:23:a5:ae:04:3a: ca:50:d0:a0:54:ca:ce:93:1c:b7:8a:04:19:b3:9f:ed:b4:1b: f0:02:20:33:7b:55:bd:b8:df:ca:e5:42:db:49:e3:23:8a:f9: 5d:6b:09:d2:b1:13:c8:60:46:0b:99:57:80:4d:ef:19:42 -BEGIN CERTIFICATE- MIIEGjCCA8CgAwIBAgIDAIaqMAoGCCqGSM49BAMCMHUxDzANBgNVBAMTBmVSb290 MTEUMBIGA1UECxMLRW5naW5lZXJpbmcxHzAdBgNVBAoTFkp1bmlwZXIgTmV0d29y a3MsIEluYy4xETAPBgNVBAcTCFdlc3Rmb3JkMQswCQYDVQQIEwJNQTELMAkGA1UE BhMCVVMwHhcNMTIwODAxMTkwNDIwWhcNMjIwNzMwMTkwNDIwWjB3MREwDwYDVQQD EwhlU2VydmVyMTEUMBIGA1UECxMLRW5naW5lZXJpbmcxHzAdBgNVBAoTFkp1bmlw ZXIgTmV0d29ya3MsIEluYy4xETAPBgNVBAcTCFdlc3Rmb3JkMQswCQYDVQQIEwJN QTELMAkGA1UEBhMCVVMwggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEB AiEA/wEAAAD///8wWwQg/wEA AAD///wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw 9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVj pEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3 v1H1AiEA/wD//7zm+q2nF56E87nKwvxjJVECAQEDQgAE6X5M s0TrIaQVnZouXuM8CRkiNs8B7ty4Zxt4MODdTH+VOCTxDH0cK6u4Z7fvQpy23/1J +xqFV8HkWuS2fEtAO6OCAUcwggFDMB0GA1UdDgQWBBTlFboKq1ajTEdOVG0hkw6Y O8vpOzAfBgNVHREEGDAWghRlc2VydmVyMS5qdW5pcGVyLm5ldDCBoQYDVR0jBIGZ MIGWgBT4hx4rTY3xlrma2LoV0HX/9BqknKF5pHcwdTEPMA0GA1UEAxMGZVJvb3Qx MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEfMB0GA1UEChMWSnVuaXBlciBOZXR3b3Jr cywgSW5jLjERMA8GA1UEBxMIV2VzdGZvcmQxCzAJBgNVBAgTAk1BMQswCQYDVQQG EwJVU4IDANMnMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATA7BgNV HR8ENDAyMDCgLqAshipodHRwOi8vbG9jYWxob3N0L3BraXRvb2wvZXJvb3QxL2Vy b290MS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhANIwDV9cYUXvI6WuBDrKUNCgVMrO kxy3igQZs5/ttBvwAiAze1W9uN/K5ULbSeMjivldawnSsRPIYEYLmVeATe8ZQg== -END CERTIFICATE- Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, August 03, 2012 5:57 PM To: op
RE: ECDSA testing with s_client/s_server
I debugged this to see what is happening, and it seems that the server is looking at the configured certificate and key and deciding that the client needs to be sending 0xFF01 (it is finding NID_X9_62_prime_field as the field type). However, the client is sending the full list of standard named curves. I create the key using NID_X9_62_prime256v1 as follows (abbreviated): EVP_PKEY* key = NULL; EC_KEY* eck = NULL; BIGNUM* e = NULL; EC_GROUP* ecgroup = NULL; eck = EC_KEY_new(); if ( !eck ) goto err; ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); if ( !ecgroup ) goto err; if ( !EC_KEY_set_group(eck, ecgroup) ) goto err; if( !EC_KEY_generate_key( eck ) ) goto err; if( !EVP_PKEY_assign_EC_KEY( key, eck ) ) goto err; EC_GROUP_free(ecgroup); Is there something I am doing incorrectly to generate the EC key? Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erik Tkal Sent: Wednesday, August 01, 2012 4:33 PM To: openssl-users@openssl.org Subject: ECDSA testing with s_client/s_server I'm playing around to see if I can observe client and server under various conditions when negotiating TLS 1.2 with newer certs. I created a root and server cert as ecdsa-with-SHA256. openssl s_server -CAfile eroot1.pem -cert eserver1.pem -key eserver1.key -debug openssl s_client -CAfile eroot1.pem -debug However, the server issues a handshake alert and says no shared cipher. I see the client is sending a large set of suites but apparently none that the server wants. How do I do this properly? ACCEPT read from 0x147cb28 [0x1489e60] (11 bytes => 11 (0xB)) - 16 03 01 01 3c 01 00 01-38 03 03 <...8.. read from 0x147cb28 [0x1489e6e] (310 bytes => 310 (0x136)) - 50 19 91 ea 00 45 14 d9-c4 bc 4d 15 a1 e5 0a a3 PEM. 0010 - f4 89 1d a5 98 37 2d 28-14 a2 19 47 b4 92 e8 dd .7-(...G 0020 - 00 00 a0 c0 30 c0 2c c0-28 c0 24 c0 14 c0 0a c0 0.,.(.$. 0030 - 22 c0 21 00 a3 00 9f 00-6b 00 6a 00 39 00 38 00 ".!.k.j.9.8. 0040 - 88 00 87 c0 32 c0 2e c0-2a c0 26 c0 0f c0 05 00 2...*.&. 0050 - 9d 00 3d 00 35 00 84 c0-12 c0 08 c0 1c c0 1b 00 ..=.5... 0060 - 16 00 13 c0 0d c0 03 00-0a c0 2f c0 2b c0 27 c0 ../.+.'. 0070 - 23 c0 13 c0 09 c0 1f c0-1e 00 a2 00 9e 00 67 00 #.g. 0080 - 40 00 33 00 32 00 9a 00-99 00 45 00 44 c0 31 c0 @.3.2.E.D.1. 0090 - 2d c0 29 c0 25 c0 0e c0-04 00 9c 00 3c 00 2f 00 -.).%...<./. 00a0 - 96 00 41 00 07 c0 11 c0-07 c0 0c c0 02 00 05 00 ..A. 00b0 - 04 00 15 00 12 00 09 00-14 00 11 00 08 00 06 00 00c0 - 03 00 ff 01 00 00 6f 00-0b 00 04 03 00 01 02 00 ..o. 00d0 - 0a 00 34 00 32 00 0e 00-0d 00 19 00 0b 00 0c 00 ..4.2... 00e0 - 18 00 09 00 0a 00 16 00-17 00 08 00 06 00 07 00 00f0 - 14 00 15 00 04 00 05 00-12 00 13 00 01 00 02 00 0100 - 03 00 0f 00 10 00 11 00-23 00 00 00 0d 00 22 00 #.". 0110 - 20 06 01 06 02 06 03 05-01 05 02 05 03 04 01 04... 0120 - 02 04 03 03 01 03 02 03-03 02 01 02 02 02 03 01 0130 - 01 00 0f 00 01 01 .. write to 0x147cb28 [0x1493870] (7 bytes => 7 (0x7)) - 15 03 03 00 02 02 28 ..( ERROR 5368:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:.\ssl\s3_srvr.c:1353: shutting down SSL CONNECTION CLOSED .... Erik Tkal Juniper OAC/UAC/Pulse Development __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDSA testing with s_client/s_server
I'm playing around to see if I can observe client and server under various conditions when negotiating TLS 1.2 with newer certs. I created a root and server cert as ecdsa-with-SHA256. openssl s_server -CAfile eroot1.pem -cert eserver1.pem -key eserver1.key -debug openssl s_client -CAfile eroot1.pem -debug However, the server issues a handshake alert and says no shared cipher. I see the client is sending a large set of suites but apparently none that the server wants. How do I do this properly? ACCEPT read from 0x147cb28 [0x1489e60] (11 bytes => 11 (0xB)) - 16 03 01 01 3c 01 00 01-38 03 03 <...8.. read from 0x147cb28 [0x1489e6e] (310 bytes => 310 (0x136)) - 50 19 91 ea 00 45 14 d9-c4 bc 4d 15 a1 e5 0a a3 PEM. 0010 - f4 89 1d a5 98 37 2d 28-14 a2 19 47 b4 92 e8 dd .7-(...G 0020 - 00 00 a0 c0 30 c0 2c c0-28 c0 24 c0 14 c0 0a c0 0.,.(.$. 0030 - 22 c0 21 00 a3 00 9f 00-6b 00 6a 00 39 00 38 00 ".!.k.j.9.8. 0040 - 88 00 87 c0 32 c0 2e c0-2a c0 26 c0 0f c0 05 00 2...*.&. 0050 - 9d 00 3d 00 35 00 84 c0-12 c0 08 c0 1c c0 1b 00 ..=.5... 0060 - 16 00 13 c0 0d c0 03 00-0a c0 2f c0 2b c0 27 c0 ../.+.'. 0070 - 23 c0 13 c0 09 c0 1f c0-1e 00 a2 00 9e 00 67 00 #.g. 0080 - 40 00 33 00 32 00 9a 00-99 00 45 00 44 c0 31 c0 @.3.2.E.D.1. 0090 - 2d c0 29 c0 25 c0 0e c0-04 00 9c 00 3c 00 2f 00 -.).%...<./. 00a0 - 96 00 41 00 07 c0 11 c0-07 c0 0c c0 02 00 05 00 ..A. 00b0 - 04 00 15 00 12 00 09 00-14 00 11 00 08 00 06 00 00c0 - 03 00 ff 01 00 00 6f 00-0b 00 04 03 00 01 02 00 ..o. 00d0 - 0a 00 34 00 32 00 0e 00-0d 00 19 00 0b 00 0c 00 ..4.2... 00e0 - 18 00 09 00 0a 00 16 00-17 00 08 00 06 00 07 00 00f0 - 14 00 15 00 04 00 05 00-12 00 13 00 01 00 02 00 0100 - 03 00 0f 00 10 00 11 00-23 00 00 00 0d 00 22 00 #.". 0110 - 20 06 01 06 02 06 03 05-01 05 02 05 03 04 01 04... 0120 - 02 04 03 03 01 03 02 03-03 02 01 02 02 02 03 01 0130 - 01 00 0f 00 01 01 .. write to 0x147cb28 [0x1493870] (7 bytes => 7 (0x7)) - 15 03 03 00 02 02 28 ..( ERROR 5368:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:.\ssl\s3_srvr.c:1353: shutting down SSL CONNECTION CLOSED .... Erik Tkal Juniper OAC/UAC/Pulse Development __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL compression
In your client app are you setting the options on the SSL_CTX *before* you call SSL_new()? Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sebastian Raymond Sent: Tuesday, July 31, 2012 4:18 PM To: openssl-users@openssl.org Subject: Re: SSL compression Its not yet clear for me. What should be done to disable the compression? Since, the server is not going to be the openssl s_server. On Tue, Jul 31, 2012 at 7:35 PM, Sebastian Raymond mailto:ray.s...@gmail.com>> wrote: Hello, I have tried following: 1. $openssl s_server -accept 443 -cert server.crt -key server.key Result-> Client offered deflate compression and server selected compression method. 2. $openssl s_server -accept 443 -cert server.crt -key server.key -no_comp Result-> Client offered deflate compression and this time, server selected null method. On Tue, Jul 31, 2012 at 7:16 PM, Dr. Stephen Henson mailto:st...@openssl.org>> wrote: On Tue, Jul 31, 2012, Sebastian Raymond wrote: > Hello, > > I have written a SSL client program to talk with SSL server. > > I have a linux machine and Openssl 1.0.0e is installed with zlib enabled. > That means, deflate compression method is supported. > > I want to transfer the data without compression. Therefore, I used > following to disable the compression. > > SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); > > Where ctx is SSL_CTX object. > > When I inspect the traffic in Wireshark, I still see that my client program > is offering deflate compression method and server is replying with server > hello that chooses deflate as compression. > What happens if you try this with the s_server utility and the -no_comp command line option? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org<mailto:openssl-users@openssl.org> Automated List Manager majord...@openssl.org<mailto:majord...@openssl.org> -- Regards, Sebastian -- Regards, Sebastian
RE: OpenSSL Library: Only BIGNUM functions
If you build the OpenSSL crypto as a static library you should be able to utilize it without including everything else in your app, depending on your compiler/linker options. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of chip...@gmx.de Sent: Friday, June 22, 2012 9:08 AM To: openssl-users@openssl.org Subject: Re: OpenSSL Library: Only BIGNUM functions Thank you, that sounds interesting. I'll look at it. But is there really no possibilty to get OpenSSL library smaller, only with BIGNUMs. I ask that because I did very much with these functions. Thank you. Original-Nachricht > Datum: Fri, 22 Jun 2012 13:04:02 +0100 > Von: "Matt Caswell (fr...@baggins.org)" > An: openssl-users@openssl.org > Betreff: Re: OpenSSL Library: Only BIGNUM functions > As an alternative have you considered using the GMP library? That > library is much more focussed on providing multi-precision arithmetic > as opposed to crypto , so I would expect it to be a lot smaller. > > http://gmplib.org/ > > Matt > > On 22 June 2012 12:57, wrote: > > Hi, > > > > I have to create a program, which has to be as small as possible, > > but it > should use the BIGNUM functions from the OpenSSL library, because it > has to work with large numbers. Is there a possibilty to compile a > library, which just contains the BIGNUMs functions. I don't need any > special features like rsa or dsa. > > At the moment I build the OpenSSL library with as little ciphers as > possible. Unfortunately I cannot deactivate all of them, because then > the library doesn't compile. The library is now about 1,59Mb and I > think this is just a little bit too much for only the BIGNUM functions. > > Another possibilty could be to just copy the source code which is in > > the > bn-directory. But it doesn't compile because there are many > dependencies from other parts around this directory. > > Has anyone a version which just contains the BIGNUM functions? > > > > Thank you for your help. > > -- > > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen > > Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de > > > > __ OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > majord...@openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Error: can't resolve symbol 'X509_sign_ctx'
In fact a quick compare of x509.h shows that the X509_sign_ctx entry point is new in OpenSSL 1.0.1. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erik Tkal Sent: Tuesday, June 12, 2012 8:02 AM To: openssl-users@openssl.org Subject: RE: Error: can't resolve symbol 'X509_sign_ctx' Hi Eric, So it looks like your /usr/bin/openssl binary is built from OpenSSL 1.0.1, but the shared libraries in /usr/lib are from 1.0.0? I'm not too familiar with how linux library resolution works, but don't you need the 1.0.1 libs copied to the /usr/lib folder? I don't think 1.0.1 and 1.0.0 are binary compatible (only the sub-releases that are lettered). .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of exvance Sent: Monday, June 11, 2012 3:40 PM To: openssl-users@openssl.org Subject: RE: Error: can't resolve symbol 'X509_sign_ctx' Hi Erik, Here is the output: ~~# which openssl /usr/bin/openssl root@ph:~# openssl version OpenSSL 1.0.1c 10 May 2012 (Library: OpenSSL 1.0.0e 6 Sep 2011) Thanks for any info you can provide! Eric Erik Tkal wrote: > > What's the output of 'which openssl' and 'openssl version'? > > > > Erik Tkal > Juniper OAC/UAC/Pulse Development > > > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of exvance > Sent: Saturday, June 09, 2012 12:50 PM > To: openssl-users@openssl.org > Subject: Re: Error: can't resolve symbol 'X509_sign_ctx' > > > Hi Alexander, > > Thanks for the reply!! Here is my output: > > ldd `which openssl` > libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x2b384000) > libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2b3d4000) > libdl.so.0 => /lib/libdl.so.0 (0x2b4f4000) > libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2b507000) > libc.so.0 => /lib/libc.so.0 (0x2b52a000) > ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2b36c000) > > Is that what you are looking for? > > Thanks, > > Eric > > > Alexander Komyagin-3 wrote: >> >> Hi! Can you post the output for >> >> $ldd `which openssl` >> >> command (run it without leading $)? >> >> -- >> Best wishes, >> Alexander Komyagin >> >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> >> > -- > View this message in context: > http://old.nabble.com/Error%3A-can%27t-resolve-symbol-%27X509_sign_ctx > %27-tp33984978p33986612.html Sent from the OpenSSL - User mailing list > archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Error%3A-can%27t-resolve-symbol-%27X509_sign_ctx%27-tp33984978p33995851.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Error: can't resolve symbol 'X509_sign_ctx'
Hi Eric, So it looks like your /usr/bin/openssl binary is built from OpenSSL 1.0.1, but the shared libraries in /usr/lib are from 1.0.0? I'm not too familiar with how linux library resolution works, but don't you need the 1.0.1 libs copied to the /usr/lib folder? I don't think 1.0.1 and 1.0.0 are binary compatible (only the sub-releases that are lettered). .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of exvance Sent: Monday, June 11, 2012 3:40 PM To: openssl-users@openssl.org Subject: RE: Error: can't resolve symbol 'X509_sign_ctx' Hi Erik, Here is the output: ~~# which openssl /usr/bin/openssl root@ph:~# openssl version OpenSSL 1.0.1c 10 May 2012 (Library: OpenSSL 1.0.0e 6 Sep 2011) Thanks for any info you can provide! Eric Erik Tkal wrote: > > What's the output of 'which openssl' and 'openssl version'? > > > > Erik Tkal > Juniper OAC/UAC/Pulse Development > > > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of exvance > Sent: Saturday, June 09, 2012 12:50 PM > To: openssl-users@openssl.org > Subject: Re: Error: can't resolve symbol 'X509_sign_ctx' > > > Hi Alexander, > > Thanks for the reply!! Here is my output: > > ldd `which openssl` > libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x2b384000) > libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2b3d4000) > libdl.so.0 => /lib/libdl.so.0 (0x2b4f4000) > libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2b507000) > libc.so.0 => /lib/libc.so.0 (0x2b52a000) > ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2b36c000) > > Is that what you are looking for? > > Thanks, > > Eric > > > Alexander Komyagin-3 wrote: >> >> Hi! Can you post the output for >> >> $ldd `which openssl` >> >> command (run it without leading $)? >> >> -- >> Best wishes, >> Alexander Komyagin >> >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> >> > -- > View this message in context: > http://old.nabble.com/Error%3A-can%27t-resolve-symbol-%27X509_sign_ctx > %27-tp33984978p33986612.html Sent from the OpenSSL - User mailing list > archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Error%3A-can%27t-resolve-symbol-%27X509_sign_ctx%27-tp33984978p33995851.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Error: can't resolve symbol 'X509_sign_ctx'
What's the output of 'which openssl' and 'openssl version'? .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of exvance Sent: Saturday, June 09, 2012 12:50 PM To: openssl-users@openssl.org Subject: Re: Error: can't resolve symbol 'X509_sign_ctx' Hi Alexander, Thanks for the reply!! Here is my output: ldd `which openssl` libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x2b384000) libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x2b3d4000) libdl.so.0 => /lib/libdl.so.0 (0x2b4f4000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2b507000) libc.so.0 => /lib/libc.so.0 (0x2b52a000) ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2b36c000) Is that what you are looking for? Thanks, Eric Alexander Komyagin-3 wrote: > > Hi! Can you post the output for > > $ldd `which openssl` > > command (run it without leading $)? > > -- > Best wishes, > Alexander Komyagin > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Error%3A-can%27t-resolve-symbol-%27X509_sign_ctx%27-tp33984978p33986612.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: A Question on Cipher Format.
I'm not sure that answers the question as to significance as opposed to defining the acronyms. TLS_DHE_RSA_WITH_AES_128_CBC_SHA is a cipher suite defined for use with TLS that uses 128-bit AES in CBC mode for the data encryption and SHA-1 for message authentication. The encryption keys are generated using Ephemeral Diffie-Hellman, signed using RSA (since DH is subject to MitM attacks). Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell (fr...@baggins.org) Sent: Friday, May 11, 2012 5:01 AM To: openssl-users@openssl.org Subject: Re: A Question on Cipher Format. TLS = Transport Layer Security DHE = Diffie Hellman Ephemeral RSA = Public Key Cryptography algorithm named after inventors, Rivest, Shamir & Adleman AES_128 = Advanced Encryption Standard using 128bit key CBC = Cipher Block Chaining (a block cipher mode of operation) SHA = Secure Hash Algorithm Matt On 11 May 2012 09:51, Mr.Rout wrote: > > Dear All, > > What is the significance of each phrase in the below cipher suite ? > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA > > > May be this is a dump question. But i am interested to know each phrase. > > Best Regards, > Siba Shankar Rout > -- > View this message in context: > http://old.nabble.com/A-Question-on-Cipher-Format.-tp33772869p33772869 > .html Sent from the OpenSSL - User mailing list archive at Nabble.com. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: P-256 curve not supported in openssl 1.0.1?
Hi Bin, The OpenSSL names for P-256 and P-384 are prime256v1 and secp384r1. Erik Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bin Lu Sent: Monday, March 05, 2012 3:26 PM To: openssl-users@openssl.org Subject: P-256 curve not supported in openssl 1.0.1? When I run the following command: % openssl ecparam -list_curves It lists ... secp192k1 : SECG curve over a 192 bit prime field secp224k1 : SECG curve over a 224 bit prime field secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field ... "secp256k1" is supported but not "secp256r1". The later is standardized and required by Suite B. Is it not supported in openssl-1.0.1? Why "secp256k1" instead of "secp256r1"? Thanks, -binlu
RE: cert chain out of order breaks openssl
The SSL specification indicates that the ServerCertificate message should contain: certificate_list: This is a sequence (chain) of X.509.v3 certificates, ordered with the sender's certificate first followed by any certificate authority certificates proceeding sequentially upward. The TLS RFC has: certificate_list This is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate which specifies the root certificate authority may optionally be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. So the web server is sending the list incorrectly. I once used a product that just sent the certs in the order contained in the configured .PFX file, so the easiest workaround was to repackage the .PFX. Erik .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Timothy Kay Sent: Tuesday, February 14, 2012 12:46 PM To: openssl-users@openssl.org Subject: cert chain out of order breaks openssl We have been baffled for a long time that curl cannot access websites that work just fine in the browser (unless we use --insecure, of course). The curl documentation points you to http://curl.haxx.se/docs/sslcerts.html, which explains that your server has out of date certificates. It's not true! The problem is that the troublesome websites send the certificate chain that is out of order, and openssl fails to validate these chains, even though /etc/ssl/certs contains appropriate root certificates. $ curl -v https://catalog.cincinnatilibrary.org * About to connect() to catalog.cincinnatilibrary.org<http://catalog.cincinnatilibrary.org> port 443 (#0) * Trying 66.213.10.111... connected * Connected to catalog.cincinnatilibrary.org<http://catalog.cincinnatilibrary.org> (66.213.10.111) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Note that the CA path is set to /etc/ssl/certs. The certificate verification fails. I will now show that the system is configured correctly, and that the problem is with openssl. Searching the web, we find several mentions of out of order certificate chains, but I have found no mention that openssl is at fault for not handling it properly regardless. I am looking to this group to confirm my findings, then we can work to fix openssl.
RE: creating Master-Key for encryption/decryption
Hmmm, but he said he was writing both the client and server components and
assuming both are using OpenSSL (I know, when you *assume*...) the mechanism
would be the same...
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Gayathri Sundar
Sent: Wednesday, August 24, 2011 2:59 PM
To: openssl-users@openssl.org
Subject: Re: creating Master-Key for encryption/decryption
I think the problem this person seem to have is not finding a way to extract
the master secret on the client side, which is why I suggested he can send it
as a payload from the server as part of the app data, since its the exactly
the same. Also, krishna, pls understand that the master secret is not used for
eny/dec, its used to derive the actualy auth and enc keys using specific
methods as mentioned in the RFC. These keys are unique per connection basis,
mixed by some randoms. The master secret is unique for a session. A session can
contain many connections each represented by a SSL OBJ, and the enc/dec keys
are different for every connection, which can be obtained from the SSL OBJ.
Please understand TLS as such from the RFC.
Thanks
--Gayathri
On Wed, Aug 24, 2011 at 9:43 AM, Erik Tkal
mailto:et...@juniper.net>> wrote:
I'm not sure you are understanding this. Both sides derive the same master
key, so there is no need to send it. After the handshake the SSL code will use
that key to generate specific encryption keys and perform encryption of further
traffic through the tunnel. If you are only using the handshake to generate
the master key to be used elsewhere (e.g. for proprietary encryption), then you
can get it from the SSL_SESSION object (not sure if there's a get method).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org>
[mailto:owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org>]
On Behalf Of krishnamurthy santhanam
Sent: Wednesday, August 24, 2011 12:51 AM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: Re: creating Master-Key for encryption/decryption
Thanks. As per my understanding,Before sending master key to client , server
has to maintain the master key. How i can get this in server side? is there any
code sample or snippet to get this key?
Krishna
On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Master key is unique per session, and its same for both client and server,
thats the concept behind the SSL handshake. The RFC would state the information
accurately. Perhaps you can send the master secret as part of ur application
data, to the client, which can decrypt and use.
Thanks
--Gayathri
On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
Thanks. I gone through the RFC 2246 and understood the Master key generation
part. The Master key is generated and able to print the client side(test C
program) using ssl strucure.
printf("session A\n");
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
for (i=0; i<(unsigned int)session->master_key_length; i++)
{
BIO_printf(bp,"%02X",session->master_key[i]) );
}
How i can get the same Master key in server side?
in my scenario, server side program is running in C. JDBC clients will
establish the connection to the server. will the same Mester key generated in
the cross platforms(JDBC client side)?
Any help will be great.
Thanks for your time,
Krishnamurthy
On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Please read the RFC, it would clearly explain how the master secret is dervied,
and from that how the read and write keys are derived. With that you can get to
know how to extract the read n write keys. Meanwhile the read and wirte keys
are available as part of the ssl object.
Check that structure out.
Thanks
--Gayathri
On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
I have more than 100 clients that will connect to my server and communicate the
data. I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers certificate.
Once the mutual authentication has completed I have to generate master key for
encryption and decryption. I am going to use AES for encryption and decryption.
I had generated the client and server certificates using the bellow commands
and signed by the root,
1. CLIENT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
usr_cert -CA rootcert.pem -CAk
RE: creating Master-Key for encryption/decryption
I'm not sure you are understanding this. Both sides derive the same master
key, so there is no need to send it. After the handshake the SSL code will use
that key to generate specific encryption keys and perform encryption of further
traffic through the tunnel. If you are only using the handshake to generate
the master key to be used elsewhere (e.g. for proprietary encryption), then you
can get it from the SSL_SESSION object (not sure if there's a get method).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of krishnamurthy santhanam
Sent: Wednesday, August 24, 2011 12:51 AM
To: openssl-users@openssl.org
Subject: Re: creating Master-Key for encryption/decryption
Thanks. As per my understanding,Before sending master key to client , server
has to maintain the master key. How i can get this in server side? is there any
code sample or snippet to get this key?
Krishna
On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Master key is unique per session, and its same for both client and server,
thats the concept behind the SSL handshake. The RFC would state the information
accurately. Perhaps you can send the master secret as part of ur application
data, to the client, which can decrypt and use.
Thanks
--Gayathri
On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
Thanks. I gone through the RFC 2246 and understood the Master key generation
part. The Master key is generated and able to print the client side(test C
program) using ssl strucure.
printf("session A\n");
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
for (i=0; i<(unsigned int)session->master_key_length; i++)
{
BIO_printf(bp,"%02X",session->master_key[i]) );
}
How i can get the same Master key in server side?
in my scenario, server side program is running in C. JDBC clients will
establish the connection to the server. will the same Mester key generated in
the cross platforms(JDBC client side)?
Any help will be great.
Thanks for your time,
Krishnamurthy
On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Please read the RFC, it would clearly explain how the master secret is dervied,
and from that how the read and write keys are derived. With that you can get to
know how to extract the read n write keys. Meanwhile the read and wirte keys
are available as part of the ssl object.
Check that structure out.
Thanks
--Gayathri
On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
I have more than 100 clients that will connect to my server and communicate the
data. I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers certificate.
Once the mutual authentication has completed I have to generate master key for
encryption and decryption. I am going to use AES for encryption and decryption.
I had generated the client and server certificates using the bellow commands
and signed by the root,
1. CLIENT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
clientcert.pem
cat clientkey.pem clientcert.pem rootcert.pem > client.pem
openssl x509 -subject -issuer -noout -in client.pem
2. SERVER CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem
openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_
cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem
cat serverkey.pem servercert.pem rootcert.pem > server.pem
openssl x509 -subject -issuer -noout -in server.pem
3. ROOT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -sig
nkey rootkey.pem -out rootcert.pem
cat rootcert.pem rootkey.pem > root.pem
openssl x509 -subject -issuer -noout -in root.pem
Initially I am writing ssl/tls programming for server and client. In this I am
able to communicate the data between client and server.
I was struck on master key generation, I have added the below LOC to programs
to get MASTER KEY,
printf("session A\n");
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
It is printing like this ,
session A
SSL-Session:
Protocol : TLSv1
Cipher: AES256-SHA
Session-ID: 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
Session-ID-ctx:
Master-Key: 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
6B602878597465
RE: creating Master-Key for encryption/decryption
I'm not sure you are understanding this. Both sides derive the same master
key, so there is no need to send it. After the handshake the SSL code will use
that key to generate specific encryption keys and perform encryption of further
traffic through the tunnel. If you are only using the handshake to generate
the master key to be used elsewhere (e.g. for proprietary encryption), then you
can get it from the SSL_SESSION object (not sure if there's a get method).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of krishnamurthy santhanam
Sent: Wednesday, August 24, 2011 12:51 AM
To: openssl-users@openssl.org
Subject: Re: creating Master-Key for encryption/decryption
Thanks. As per my understanding,Before sending master key to client , server
has to maintain the master key. How i can get this in server side? is there any
code sample or snippet to get this key?
Krishna
On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Master key is unique per session, and its same for both client and server,
thats the concept behind the SSL handshake. The RFC would state the information
accurately. Perhaps you can send the master secret as part of ur application
data, to the client, which can decrypt and use.
Thanks
--Gayathri
On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
Thanks. I gone through the RFC 2246 and understood the Master key generation
part. The Master key is generated and able to print the client side(test C
program) using ssl strucure.
printf("session A\n");
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
for (i=0; i<(unsigned int)session->master_key_length; i++)
{
BIO_printf(bp,"%02X",session->master_key[i]) );
}
How i can get the same Master key in server side?
in my scenario, server side program is running in C. JDBC clients will
establish the connection to the server. will the same Mester key generated in
the cross platforms(JDBC client side)?
Any help will be great.
Thanks for your time,
Krishnamurthy
On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar
mailto:suraj...@gmail.com>> wrote:
Please read the RFC, it would clearly explain how the master secret is dervied,
and from that how the read and write keys are derived. With that you can get to
know how to extract the read n write keys. Meanwhile the read and wirte keys
are available as part of the ssl object.
Check that structure out.
Thanks
--Gayathri
On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam
mailto:krishnamurth...@gmail.com>> wrote:
I have more than 100 clients that will connect to my server and communicate the
data. I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers certificate.
Once the mutual authentication has completed I have to generate master key for
encryption and decryption. I am going to use AES for encryption and decryption.
I had generated the client and server certificates using the bellow commands
and signed by the root,
1. CLIENT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
clientcert.pem
cat clientkey.pem clientcert.pem rootcert.pem > client.pem
openssl x509 -subject -issuer -noout -in client.pem
2. SERVER CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem
openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_
cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem
cat serverkey.pem servercert.pem rootcert.pem > server.pem
openssl x509 -subject -issuer -noout -in server.pem
3. ROOT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -sig
nkey rootkey.pem -out rootcert.pem
cat rootcert.pem rootkey.pem > root.pem
openssl x509 -subject -issuer -noout -in root.pem
Initially I am writing ssl/tls programming for server and client. In this I am
able to communicate the data between client and server.
I was struck on master key generation, I have added the below LOC to programs
to get MASTER KEY,
printf("session A\n");
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
It is printing like this ,
session A
SSL-Session:
Protocol : TLSv1
Cipher: AES256-SHA
Session-ID: 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
Session-ID-ctx:
Master-Key: 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
6B602878597465
RE: revoking crt
Self-signed certs cannot be revoked, because if the private key were compromised then CRLs could be forged. Trusted roots by definition are explicitly trusted, and are usually placed in a secure location (e.g. local system trusted root store), and this set is usually updated as part of the OS. Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of y...@inbox.lv Sent: Monday, July 18, 2011 2:10 PM To: openssl-users@openssl.org Subject: Re: revoking crt is that really a self signed certificate? For self signed certificates names of issuer are the same as names of subject. In your example OU and CN are not the same. Also, according to wikipedia, self signed certificates (root certificates) cannot be revoked, although I do not understand why. (CRL could be signed by certificates own key). Citējot Daniel Spannbauer <mailto:d...@marco.de>: Hello, I use self-signed certificates for my VPN. Now, I try to revoke a crt. I called: openssl ca -revoke edge.crt -config vpn.conf But I get the error: "ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge am/emailAddress=xxx" The header of the crt: Certificate: Data: Version: 3 (0x2) Serial Number: 8 (0x8) Signature Algorithm: md5WithRSAEncryption Issuer: C=DE, ST=BY, L=yyy, O=xxx, OU=gate tun1, CN=gate tun1/Email=xxx Validity Not Before: May 14 11:12:27 2010 GMT Not After : May 11 11:12:27 2020 GMT Subject: C=DE, ST=BY, O=xxx, OU=edge am, CN=edge am/Email=xxx Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) The entry in index.txt: V 20051227Z 08 unknown /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge am/Email=xxx In my opinion, there is no error in crt or index.txt. Can anybody help me to find the error? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL - Great Project
Umm, what else would you like it to do? :-D I guess the obvious answer is primarily to provide secure communications between any two parties, whether that be web-server-like or anything else. It can protect credentials being passed for remote authentication, such as in EAP-TLS/TTLS/PEAP/FAST. It provides general purpose cryptographic capabilities, with the ability to replace the implementation with anything you like, including dedicated hardware. It provides general purpose certificate processing capabilities. I'm sure I missed a bunch of stuff... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of andre505 Sent: Monday, May 16, 2011 9:29 PM To: openssl-users@openssl.org Subject: OpenSSL - Great Project Hello I think Open SSL is a great project. I would however like to know what it is capable of, apart from creating applications that can communicate using SSL/TSL. Thanks and keep up the good work. -- View this message in context: http://old.nabble.com/OpenSSL---Great-Project-tp31634272p31634272.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Application is failing with cipher or hash unavailable
I think that means you have not enabled the cipher or hash that is required at that point. Did you forget to call something like OpenSSL_add_all_algorithms() in your app? Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of pradeepreddy Sent: Wednesday, May 11, 2011 3:55 PM To: openssl-users@openssl.org Subject: Application is failing with cipher or hash unavailable Hi , My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo linux: >uname -a Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must be set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel GNU/Linux But ssl hand shake is failing with below error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable But on same linux, "openssl s_client -connect "server:8443" -cert client.pem -CAfile ca-win.pem", is wokring CONNECTED(0003) --- Certificate chain 0 s:/C=/ST=/L=/O=/OU=DGM/DC=CN=A1 1 s:/DC=/DC=/DC=/DC=/CN=A1 i:/DC=/DC=/DC=/DC=/CN=A1 --- Server certificate -BEGIN CERTIFICATE- MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBd4LfcDl5d3ODPjBBDy7bL YX6uDP6yG+RdbwR9ul4WRhOUXqb0jkHbaGy/Qlz70TGqfSme81yvLsYmChKTFloU 3NDIRAqagGntPXyaR6WjbV652SYtENTL7RONZhxGyeqDF0ns5fLUAdE2eGYN9f3Y X/k/vFrFnKEmEBEWlciwQjr7vag21YGBtIEeopqnRqN64HCGUVKWqap0sQXAJD/4 -END CERTIFICATE- subject=/C=/ST=/L=/O=/OU=/CN=XY2 issuer=/DC=/DC=/DC=dev/DC=/CN=A1 --- Acceptable client certificate CA names /DC=/DC=/DC=/DC=/CN=A1 --- SSL handshake has read 3241 bytes and written 3148 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: Session-ID-ctx: Master-Key: C47BF1691AB846E449B5FA9E29EC4E25312D4C501 Key-Arg : None Start Time: 1305122070 Timeout : 300 (sec) Verify return code: 0 (ok) --- -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31597508.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Replace renewed intermediate certificate in the keystore chain
No, that should not be true - as long as the subject name of the issuer does not change and the key pair is reused, then any previously issued certificates should still verify against the issuer. Note that the thumbprint will be different, in case that is used anywhere to track the cert. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John R Pierce Sent: Wednesday, May 11, 2011 12:47 PM To: openssl-users@openssl.org Subject: Re: Replace renewed intermediate certificate in the keystore chain On 05/10/11 11:03 PM, Mohan Radhakrishnan wrote: > > Hi, > > I have checked my keystore and truststore and the intermediate > certificate alone is going to expire. > as I understand it (vaguely at best), if the intermediate certfiicate expires, that invalidates any certificates it generated, so you will need to regenerate and replace all child certificates too. ... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Can openssl support EAP-TLS?
OpensSSL supports TLS; you need to parse the EAP packets in your own application and feed the TLS bits into OpenSSL. Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Neo Liu Sent: Wednesday, May 11, 2011 12:59 AM To: openssl-users@openssl.org Subject: Can openssl support EAP-TLS? Hi, everyone: I wanna know that if openssl support EAP-TLS protocol?
RE: Date format for X.509 certificate
110419141516Z = 2011 04(April) 19th 14:15:16Z(UTC) Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt C Sent: Tuesday, April 19, 2011 5:19 PM To: openssl-users@openssl.org Subject: Date format for X.509 certificate I've extracted a date from a public certificate using the PHP command openssl_x509_parse. The date looks like this: 110419141516Z Can someone tell me how to make sense of this date (in PHP if possible). Thank you! Matt
RE: How is MD5 fingerprint on X509 created?
The thumbprint is the hash of the certificate data in DER format. For example, the following commands would work for both forms: openssl x509 -in user.pem -fingerprint -md5 -noout openssl x509 -in user.cer -inform der -fingerprint -md5 -noout But I f you want to use a raw hash then only the second of the following would work: openssl md5 < user.pem (wrong format input) openssl md5 < user.cer .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt C Sent: Tuesday, April 19, 2011 1:56 PM To: openssl-users@openssl.org Subject: How is MD5 fingerprint on X509 created? Hello, I am able to generate an MD5 fingerprint with the following command. openssl x509 -in user.pem -fingerprint -md5 -noout This fingerprint matches the fingerprint displayed by Thunderbird/Firefox. I am trying to generate an MD5 using a hash function in PHP, http://nl2.php.net/manual/en/function.openssl-digest.php The results I am getting from the PHP function are not the same as using the other methods. I'm sure I'm not putting the right data into the hash function. Should I be hashing the entire contents of the PEM file, only part, or is there additional data I need to add? Thank you, Matt
RE: openssl-SNAP-20110412.tar.gz corrupted?
WinZip handles it just fine... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Paul Suhler Sent: Tuesday, April 12, 2011 11:53 AM To: openssl-users@openssl.org Subject: openssl-SNAP-20110412.tar.gz corrupted? Is anyone else having trouble opening openssl-SNAP-20110411.tar.gz<ftp://ftp.openssl.org/snapshot/openssl-SNAP-20110411.tar.gz> and openssl-SNAP-20110412.tar.gz<ftp://ftp.openssl.org/snapshot/openssl-SNAP-20110412.tar.gz>? I can extract the .tar file, but then 7Zip says that it can't be opened as an archive. Thanks, Paul _ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com<mailto:paul.suh...@quantum.com> Preserving the World's Most Important Data. Yours.(tm)
RE: DH_generate_key issue
Hi Viktor,
If you perform BN_mod_exp you will find that mathematically the public key is
correct. I suppose there is a 1 in 256 chance that the high order byte would
be 0, so that explains your result of it happening when you do large numbers of
such operations.
BTW, you can also use BN_rand instead of RAND_bytes to avoid the conversion...
Regards,
Erik
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Viktor Krikun
Sent: Wednesday, March 02, 2011 6:53 AM
To: openssl-users@openssl.org
Subject: DH_generate_key issue
Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong.
I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode
it works just perfect, but during stress-testing I have discovered "strange"
behavior: I sequentially start X00 DH calculations and it randomly fails to
generate public key correctly. This is my test-case:
START_TEST(openssl_dh_stress) {
BIGNUM*g_p3072 = NULL;
unsigned i;
g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL);
for (i=0; i<400; i++) {
int ssl_res;
unsigned char random_bytes[64];
DH *tmp_ctx = NULL;
tmp_ctx = DH_new();
ck_assert(NULL != tmp_ctx);
tmp_ctx->p = BN_dup(g_p3072);
tmp_ctx->g = BN_new();
BN_set_word(tmp_ctx->g, DH_GENERATOR_2);
RAND_bytes(random_bytes, 256/8);
tmp_ctx->priv_key = BN_bin2bn(random_bytes, 256/8, NULL);
ssl_res = DH_generate_key(tmp_ctx);
ck_assert_int_eq(1, ssl_res);
unsigned pub_key_size = BN_num_bytes(tmp_ctx->pub_key);
if (pub_key_size != 3072/8) {
printf("FAILURE. DH 3K, %i-s iteration failed to compute
correct PV length.\n", i);
}
ck_assert_int_eq(pub_key_size, 3072/8);
DH_free(tmp_ctx);
}
}
END_TEST
Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest
the calculations later in the sources). It's not reproducible with 1, 10
or 50 iterations, but when i >= 200 it's 100% reproducible.
I have briefly reviewed openssl dh key generation sources and couldn't
find anything what looks strange. Empirically I discovered that the
problem disappears when I comment out "RAND_bytes(random_bytes,
256/8);", but still assign private key manually to prevent OpenSSL from
generating it automatically.
I'm using single-thread environment.
I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same
behavior.
Have you ever experienced with similar problem in your projects? Am I
doing something wrong?
Thanks in advance for for your help!
--
Kind Regards,
Viktor
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: using openssl without config file
You can use the -config option to specify a desired config file.
...
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of felix farcas
Sent: Friday, December 17, 2010 5:29 AM
To: openssl-users@openssl.org
Subject: Re: using openssl without config file
Hello Patrick
thank you for the answer
Is it possible to use a special openssl.cnf file in the same commnad,
without using the initial *.cnf file from openssl?
Thank you
Felix
On 16.12.2010 20:32, Patrick Patterson wrote:
> Hi Felix:
>
> What you want is the -subj command line option.
>
> Have fun.
>
> Patrick.
>
> On 2010-12-16, at 8:13 AM, felix farcas wrote:
>
>> Hello
>>
>> I want to make a form with a submit button.
>>
>> For this I would like to creat a req_user.pem over a secure Internet.
>>
>> Than I want this file to be send to an e-ail addres.
>>
>> I need to introduce per command line the following variables
>>
>> � Domain Component:
>> � Domain Component:
>> � Organisation []:
>> � Common Name (eg. YOUR name) []:
>> � A challenge password []:
>> How may I introduce them in this commnad line?
>>
>> openssl req -new -key key_user.pem -out req_user.pem
>>
>> Thank you
>> Felix
> ---
> Patrick Patterson
> Chief PKI Architect
> Carillon Information Security Inc.
> http://www.carillon.ca
>
>
>
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
> __ NOD32 5709 (20101216) Information __
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
:��I"Ϯ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: Using DH parameters from OpenSSL
DER encoding of numeric data should always be network byte order MSB...LSB. Note that if the high order bit is set then an additional 0 byte is prepended. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mike Mohr Sent: Tuesday, December 14, 2010 3:42 PM To: openssl-users@openssl.org Subject: Using DH parameters from OpenSSL Good afternoon, I'm trying to understand the data format that OpenSSL writes out its DH parameters in. I am aware that the actual data is encoded using ASN.1 DER and have a way to parse the container. My question really amounts to byte ordering when DH parameters are generated like this: openssl dhparam -outform DER -5 -out parameters.dh 4096 Take, for example, the safe prime 'p' in parameters.dh. Are its bytes stored in MSB...LSB form, such that the number is interpreted similarly to a human reading base 10 numbers on paper? That is to say, left to right 1 byte at a time? Thanks for any clarification, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Remove me please
Go to http://www.openssl.org/support/community.html Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Richard Buskirk Sent: Friday, December 03, 2010 2:39 PM To: openssl-users@openssl.org Subject: Remove me please Sorry to use this list for this. But I have tried every way I know to get off the list suggestions?? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Friday, December 03, 2010 1:04 PM To: openssl-users@openssl.org Subject: Re: Private Key from Windows Cert Store Hi, In order to enable the CAPI engine, you have to use the enable-capieng switch : this will compile the CAPI engine statically inside OpenSSL. Here is a example of configure command line for this : perl Configure VC-WIN32 --prefix=c:/openssl enable-capieng I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: > Ok, so I realized if I run Configure with no-static-engine I'll get > the separate dlls. These are the commands I run > > C:\Documents and Settings\tfili\Desktop\openssl-0.9.8k>perl Configure > VC-WIN32 --prefix=c:\temp\openssl no-static-engine > > ms\do_ms.bat > > nmake -f ms\ntdll.mak > > Unfortunately I now get the following errors: > > > link /debug /nologo /subsystem:console /opt:ref /debug /dll > /out:out32dl l.dbg\4758cca.dll > @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp > Creating library out32dll.dbg\4758cca.lib and object > out32dll.dbg\4758cca.exp > > e_4758cca.obj : error LNK2019: unresolved external symbol > _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj > : error LNK2019: unresolved external symbol _RSA_size referenced in > function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved > external symbol _CRYPTO_free referenced in function _cca_rsa_verify > e_4758cca.obj : error LNK2019: unresolved external symbol > _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj > : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced > in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved > external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify > e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj > referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: > unresolved external symbol _ERR_put_error referenced in function > _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external > symbol _ERR_get_next_error_library referenced in function > _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external > symbol _ERR_set_implementation referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_ex_data_implementation referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_dynlock_destroy_callback referenced in function > _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_dynlock_create_callback referenced in function > _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_add_lock_callback referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_locking_callback referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _CRYPTO_set_mem_functions referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_get_static_state referenced in function _bind_engine > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_cmd_defns referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_load_pubkey_function referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_load_privkey_function referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_ctrl_function referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_finish_function referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_init_function referenced in function _bind_helper > e_4758cca.obj : error LNK2019: unresolved external symbol > _ENGINE_set_destroy_
RE: OpenSSL 1.0.0c released
That's a pretty bold statement and doesn't always apply in a product environment. I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a and have to decide whether to patch the vulnerabilities, or risk updating OpenSSL completely and retesting all of its consumers. Erik -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Thursday, December 02, 2010 6:09 PM [...] 1.0.0c contains important non-security bug fixes for 1.0.0b, so you should deploy 1.0.0c anyway. [...] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL 1.0.0c released
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of OpenSSL Sent: Thursday, December 02, 2010 2:17 PM To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 o Fix mishandling of absent EC point format extension. o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. We consider OpenSSL 1.0.0c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0c.tar.gz Size: 4023056 MD5 checksum: ff8fb85610aef328315a9decbb2712e4 SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0c.tar.gz openssl sha1 openssl-1.0.0c.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5 Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO 6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0 g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg== =yMGM -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl-1.0.0b - include\openssl empty headers files
Some zip programs do not restore the links properly. Regardless, when you first build, those header files should be recreated from their actual locations (e.g. openssl-1.0.0b/ssl/ssl.h). Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of EnigmaTrader Sent: Tuesday, November 23, 2010 10:38 PM To: openssl-users@openssl.org Subject: openssl-1.0.0b - include\openssl empty headers files openssl-1.0.0b - include\openssl header All header files in there are zero length. Tried 0.9.8p.tar.gz also... Has to be something I am doing. Never run into this before. Using 7zip. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: compiling openssl dev-c++
Are you linking with ws2_32.lib? Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of g A b R i E L Sent: Friday, November 12, 2010 10:56 AM To: openssl-users@openssl.org Subject: compiling openssl dev-c++ Hi Users. How I can compiling openssl in dev-c++ for Windows? I tried with -lssl and -lcrypto in linker option (Project->Project Options->Parameters->Linker), but it not work. Part of Compile log is: " C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x40):bss_conn.c: undefined reference to `conn...@12' C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0xe4):bss_conn.c: undefined reference to `setsock...@20' C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x192):bss_conn.c: undefined reference to `ht...@4' C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x1bf):bss_conn.c: undefined reference to `ht...@4' C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x1d5):bss_conn.c: undefined reference to `soc...@12' ... " I have installed the OpenSSL 0.9.8a package for Dev-C++ Thanks!! gabriel
RE: openssl verify fails
Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is an error if the whole chain cannot be built up." .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bruce Stephens Sent: Wednesday, November 03, 2010 12:59 PM To: openssl-users@openssl.org Subject: Re: openssl verify fails Erik Tkal writes: > Hi Michael, > > Your "rootcacert" is not a root cert, as it was issued by "C=US, > ST=UT, L=Salt Lake City, O=The USERTRUST Network, > OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication > and Email". You need to append that cert as well to your CAfile. That seems to be a change in behaviour. 0.9.8o is happy: brs% openssl version OpenSSL 0.9.8o 01 Jun 2010 brs% openssl verify -verbose -CAfile rootcacert.pem subcacert.pem subcacert.pem: OK brs% openssl verify -issuer_checks -CAfile rootcacert.pem subcacert.pem subcacert.pem: /C=DE/O=SCA Deutsche Post Com GmbH/CN=Signtrust CERT Class 3 CA 3:PN error 29 at 0 depth lookup:subject issuer mismatch /C=DE/O=SCA Deutsche Post Com GmbH/CN=Signtrust CERT Class 3 CA 3:PN error 29 at 0 depth lookup:subject issuer mismatch /C=DE/O=SCA Deutsche Post Com GmbH/CN=Signtrust CERT Class 3 CA 3:PN error 29 at 0 depth lookup:subject issuer mismatch /C=DE/O=SCA Deutsche Post Com GmbH/CN=Signtrust CERT Root CA 1:PN error 29 at 0 depth lookup:subject issuer mismatch OK [...] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl verify fails
Hi Michael, Your "rootcacert" is not a root cert, as it was issued by "C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email". You need to append that cert as well to your CAfile. Erik .... Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael Ströder Sent: Wednesday, November 03, 2010 12:23 PM To: openssl-users@openssl.org Subject: openssl verify fails HI! I'm feeling dumb since this simple command fails and I cannot see why: $ openssl verify -CAfile rootcacert.pem subcacert.pem subcacert.pem: C = DE, O = SCA Deutsche Post Com GmbH, CN = Signtrust CERT Root CA 1:PN error 2 at 1 depth lookup:unable to get issuer certificate I've attached the certs (publicly downloadable). I've checked subject-/issuer names and the subject and authority key ids. Maybe I'm still overlooking something obvious? Many thanks in advance. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How can I load a PEM key stored in a string instead from a file?
How about using the d2i_ functions?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Leandro Santiago
Sent: Friday, October 29, 2010 7:26 AM
To: openssl-users@openssl.org
Subject: Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string.
I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey().
But now I've seen that it works well with PEM keys, and now I'm trying
to use a DER key, again from a string. Is there something like
DER_read_bio_PrivateKey()?
2010/10/27 Dr. Stephen Henson :
> On Wed, Oct 27, 2010, Leandro Santiago wrote:
>
>> Ok. I've found the implementation of that function:
>>
>> EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb
>> *cb, void *u)
>> {
>> BIO *b;
>> EVP_PKEY *ret;
>>
>> if ((b=BIO_new(BIO_s_file())) == NULL)
>> {
>> PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
>> return(0);
>> }
>> BIO_set_fp(b,fp,BIO_NOCLOSE);
>> ret=PEM_read_bio_PrivateKey(b,x,cb,u);
>> BIO_free(b);
>> return(ret);
>> }
>>
>> So if I need to implement a function which opens a char string as a
>> key I need to write something as the code above, but changing the
>> functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something
>> which load from that string instead from a FILE*?
>>
>> ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very
>> hard to beginners. thx
>>
>
> As others have indicated you can use PEM_read_bio_PrivateKey() instead as
> this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a
> BIO from a character string using BIO_new_mem_buf().
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Error while trying to get text output from x509 cert file
Hi Vivek, There is no "x509 format" in that context; an x509 certificate encoding can be represented in DER (binary) or PEM (text) mode. Try: openssl x509 -in TestCryptPublic.cert -inform DER -text .... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Panikulam Vivek Sent: Monday, September 20, 2010 10:55 AM To: openssl-users@openssl.org Subject: Re: Error while trying to get text output from x509 cert file Thanks for your response. It looks like the .cert file is not in the required format. It is a binary file and I assumed that it is in x509 format. Regards Vivek Panikulam From: Mounir IDRASSI To: openssl-users@openssl.org Sent: Sat, September 18, 2010 11:13:05 PM Subject: Re: Error while trying to get text output from x509 cert file Hi, The error says that it didn't find the expected start line for a certificate which is -BEGIN CERTIFICATE- . So, check that your certificate is indeed BASE64 encoded and that the first line is -BEGIN CERTIFICATE- and the last is -END CERTIFICATE- . Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi > > I am trying to get output from this x509 certificate and am getting the > below > error. Please let me know how to resolve this error and generate text > output > from this cert file. > > $ openssl x509 -in TestCryptPublic.cert -pubkey > unable to load certificate > 557096:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE > > > Regards > Vivek Panikulam > > > __ OpenSSL Projecthttp://www.openssl.org User Support Mailing List openssl-users@openssl.org<mailto:openssl-users@openssl.org> Automated List Manager majord...@openssl.org<mailto:majord...@openssl.org>
RE: Problem verifying a chain...
Hi John, Your CAfile must contain the chain that issued your cert (i.e. the intermediate(s) and the root). The error is indicating that it is unable to locate the issuer of the intermediate. Erik Tkal -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Doe Sent: Thursday, September 02, 2010 12:39 PM To: openssl-users@openssl.org Subject: Problem verifying a chain... Hi, I have some issues with chained certificates. I am trying to verify my certificate with the intermediate certificate of my registrar... my.crt: Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=my.site.com gandi.crt: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware Subject: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA # openssl verify -CAfile gandi.crt my.crt my.crt: /C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA error 2 at 1 depth lookup:unable to get issuer certificate Is it the right command to test...? Is the error about gandi or usertrust? Thx, JD __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: AES in counter mode no support in openssl
Hi Sagar,
No, I do not see any engine support. That code appears to use AES_encrypt
directly, and evp.h has hints but nothing enabled:
#if 0
const EVP_CIPHER *EVP_aes_128_ctr(void);
#endif
Also, if the hardware you have (you didn't say what it was) is not supported by
OpenSSL then the hardware vendor (or yourself) would have to implement engine
code to perform the operations.
Erik
From: sagar gupta
Subject: Re: RE: AES in counter mode no support in openssl
can that aes_ctr.c be used to connect to hardware driver. I have a hardware
driver which can implement the encryption method for more performance.
Thanks
On Thu, 02 Sep 2010 03:30:20 +0530 wrote
>
OpenSSL 1.0.0a has aes_ctr.c in the crypto/aes directory.
Erik Tkal
Subject: AES in counter mode
no support in openssl
hi all,
I was working on the Openssl1.0.0 version for AES cryptographic support in
counter mode i.e; AES-CTR mode. I did not find any support added to the
openssl1.0.0 version. I wanted to ask that is there support for AES counter
mode in openssl?? if Yes which version of Openssl support AES counter mode?? if
no I wanted to know why the support for AES counter mode is not added into the
openssl??
Any help or answers in this regard will be really useful for me. Thanks for all
in Advance. please do give me some answers for my questions.
:��I"Ϯ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: AES in counter mode no support in openssl
OpenSSL 1.0.0a has aes_ctr.c in the crypto/aes directory. Erik Tkal Subject: AES in counter mode no support in openssl hi all, I was working on the Openssl1.0.0 version for AES cryptographic support in counter mode i.e; AES-CTR mode. I did not find any support added to the openssl1.0.0 version. I wanted to ask that is there support for AES counter mode in openssl?? if Yes which version of Openssl support AES counter mode?? if no I wanted to know why the support for AES counter mode is not added into the openssl?? Any help or answers in this regard will be really useful for me. Thanks for all in Advance. please do give me some answers for my questions.
RE: Request on AES 512 bit encryption Configuration in Openssl.
AES by definition has a 128-bit block size and uses either a 128, 192 or 256-bit key. If you mean the Rijndael algorithm, that is more flexible and can have a block size up to 256 bits, with no key size limit. I do not believe OpenSSL has the generic support (older versions may have from pre-AES days). Erik Tkal Hi, Is it possible to have AES 512 bit encryption in latest release of openssl. Regards, Uday,
RE: Cipher selection
Many applications have a configuration for that, either via a range (high/medium/low security), or by explicitly listing the cipher suites. The configuration may be in a file, Windows registry, or anywhere; it's completely up to the application implementation. Remember that the client offers the cipher suite list, and the server picks one of these. Also note that you cannot modify the cipher suite list in the Client Hello in flight, as that would be detected in the handshake processing. Erik Tkal -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Tim Cloud Sent: Wednesday, August 11, 2010 11:14 PM To: openssl-users@openssl.org Subject: RE: Cipher selection Let's pretend for a moment that an out of the box application uses openssl to provide access not through a browser, but rather through a SOAP client like Eclipse. And let's also say that you have no access to the code internal to that application. Is there any other way to limit the ciphers? Some kind of config file or a special way to compile the executable? From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton [aerow...@gmail.com] Sent: Wednesday, August 11, 2010 9:11 PM To: openssl-users@openssl.org Cc: Alex Chen Subject: Re: Cipher selection No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: > Does openssl choose the cipher from the pem file? If so, which section of the > following pem file sets the cipher for communication? - CONFIDENTIALITY NOTICE This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited. If you receive this e-mail in error, please notify me immediately by replying to this e-mail. - __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Tolerating no client Certificate message in TLS
RFC 2246 says:
7.4.6. Client certificate
When this message will be sent:
This is the first message the client can send after receiving a
server hello done message. This message is only sent if the
server requests a certificate. If no suitable certificate is
available, the client should send a certificate message
containing no certificates.
Note that the wording is that the client SHOULD send certificate message, not MUST.
Yet, in s3_srvr.c when it gets to the ClientKeyExchange msg if no cert msg was sent,
/* If tls asked for a client cert, the client must return a 0 list */
if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
al=SSL_AD_UNEXPECTED_MESSAGE;
goto f_err;
}
And the handshake fails. Should the code really be more tolerant and handle a client
that does not send the certificate message at all?
Erik Tkal
Funk Software, inc
replies to etkal(at)funk(dot)com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
