Help on mixed encrypt/decrypt data using C++/java
Hi, We encrypt data using openSSL C++ API, decrypt data using java(default security package). 99.9% of the time, it works fine, but when multi-instances of apps encrypt data at same time, java fails to decrypt . We are using version 1.1.01 (AES/CBC/PKCS5Padding) mpCtx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_init(mpCtx); Thanks for helping, Jason
help on openssl api for encryption
Hi, Tried the example on: https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption On the Linux platform, when I set plaintext to "jason", it works fine. When I set it to "Jason", it returns an empty string. It works fine on windows platform for both cases. Thanks for your help, Jason
Re: Help on Diffie Hellman key exchange
Thanks Rich, On Wed, Nov 13, 2019 at 12:34 PM Salz, Rich wrote: > *>*For using 1.1.0, we only need to call RAND_bytes() ? > > > > Yes. But do check the return value of RAND_bytes. >
Re: Help on Diffie Hellman key exchange
Thanks Rich and Tomas,
Here is the code for creating the key (openssl-0.9.8h)
int AESCipher::createKey(unsigned char *buf, int keySize) {
char seed[256];
::sprintf(seed, "%ldXXX_XXX_H__x__xxx_x_xxx__INCLUDED_",
MiscUtils::generateId());
RAND_seed(seed, ::strlen(seed));
RAND_bytes(buf, keySize / 8);
return keySize / 8;
}
For using 1.1.0, we only need to call RAND_bytes() ?
Jason
On Wed, Nov 13, 2019 at 12:11 PM Salz, Rich wrote:
> *>*RAND_seed(seed, ::strlen(seed));
> >RAND_bytes(buf, keySize / 8);
>
>
>
> I don’t know where you are getting the seed, but it is typically binary
> data, not a C string.
>
>
>
> If you are using 1.1.0 or later, you do not need to seed things.
>
Re: Help on Diffie Hellman key exchange
Hi Tomas, Using DH_compute_key_padded() seems fixed the problem. I have one more question regarding a similar issue but this time is about AES key generation. I think the problem is related to RAND_seed or RAND_bytes (someone also mentioned on another thread). RAND_seed(seed, ::strlen(seed)); RAND_bytes(buf, keySize / 8); What other method do you suggest to use ? Thanks Jason On Tue, Nov 12, 2019 at 10:50 AM Jason Qian wrote: > Thanks Tomas, > > I will try that. > > On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote: > >> On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote: >> > Hi >> > >> >We have an application that does the Diffie Hellman key exchange >> > (OpenSSL/1.1.0f). >> >It works fine, but under heavy loaded conditions, sometimes an >> > invalide secret been generated and other side couldn't decrypt the >> > data (the secret seems offset by one). >> > >> >The client side is c++ and the server side is java. >> > >> > DH_compute_key(secretKey, bnY, m_DH); >> > >> >Someone in the openssl group also talks about a similar issue, but >> > not sure if have a solution. >> >> Could it be a padding issue? I.E. use DH_compute_key_padded() instead. >> >> -- >> Tomáš Mráz >> No matter how far down the wrong road you've gone, turn back. >> Turkish proverb >> [You'll know whether the road is wrong if you carefully listen to your >> conscience.] >> >> >>
Re: Help on Diffie Hellman key exchange
Thanks Tomas, I will try that. On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote: > On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote: > > Hi > > > >We have an application that does the Diffie Hellman key exchange > > (OpenSSL/1.1.0f). > >It works fine, but under heavy loaded conditions, sometimes an > > invalide secret been generated and other side couldn't decrypt the > > data (the secret seems offset by one). > > > >The client side is c++ and the server side is java. > > > > DH_compute_key(secretKey, bnY, m_DH); > > > >Someone in the openssl group also talks about a similar issue, but > > not sure if have a solution. > > Could it be a padding issue? I.E. use DH_compute_key_padded() instead. > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > >
Help on Diffie Hellman key exchange
Hi We have an application that does the Diffie Hellman key exchange (OpenSSL/1.1.0f). It works fine, but under heavy loaded conditions, sometimes an invalide secret been generated and other side couldn't decrypt the data (the secret seems offset by one). The client side is c++ and the server side is java. DH_compute_key(secretKey, bnY, m_DH); Someone in the openssl group also talks about a similar issue, but not sure if have a solution. Thanks for your help, Jason
Re: [openssl-users] DH_generate_key Hangs
Hi Salz, I have built the 1.1.0f with vc10 ( have to move some header files) Is the OpenSSL 1.1.0f supported version ? Thanks Jason On Thu, Oct 5, 2017 at 3:31 PM, Salz, Rich wrote: > >- Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it >seems no change > > > > Sorry, then try 1.1.0 The HEAPWALK bug/issue is fixed there. > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Hi Jeff, Checked https://rt.openssl.org/Ticket/Display.html?id=2100&user= guest&pass=guest and it seems exactly the same issue I have. I have moved to 1.0.1c. One question is where can I find the patch ? I have the built environment and I can build myself. Thanks for the help Jason On Thu, Oct 5, 2017 at 3:37 PM, Jeffrey Walton wrote: > On Thu, Oct 5, 2017 at 3:27 PM, Jason Qian via openssl-users > wrote: > > Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no > > change > > I believe it was fixed earlier than that. Also see > https://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest > > As Michael suggested, 0.9.8 is the biggest problem. You should > probably solve that problem first. > > Jeff > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Thanks, On Fri, Oct 6, 2017 at 9:36 AM, Salz, Rich wrote: > Okay, you seem to be looking for an answer and there isn’t one. > > > > The release you are using has problems when it decided to walk the heap. > The release you are using WILL NOT BE FIXED. > > > > Change your code, backport the fix, or move to a more modern release. > Sorry, there is no other way. > > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Thanks Jeff,
The challenge is that, we are not directly calling RAND_poll(). We just
call *DH_generate_key* for DH key.
>From the following call stacks, you can see the RAND_poll() is triggered by
ssleay_rand_bytes.
libeay32d.dll!*RAND_poll*() Line 572 C
libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int
num=128, int pseudo=0) Line 395 C
libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0,
int num=128) Line 536 + 0xf bytes C
libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128)
Line 164 + 0x10 bytes C
libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int
bits=1023, int top=0, int bottom=0) Line 152 + 0xd bytes C
> libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int
top=0, int bottom=0) Line 213 + 0x17 bytes C
libeay32d.dll!generate_key(dh_st * dh=0x03316a88) Line 170 + 0x11 bytes C
libeay32d.dll!*DH_generate_key*(dh_st * dh=0x03316a88) Line 84 + 0xf
bytes C
Jason
On Thu, Oct 5, 2017 at 7:52 PM, Jeffrey Walton wrote:
> >> You should avoid calls to RAND_poll altogether on Windows. Do so by
> >> explicitly seeding the random number generator yourself.
> >
> > As a starting point, try something like this:
> >
> > -
> > static ENGINE *rdrand;
> >
> > void init_prng(void) {
> > /* Try to seed the PRNG with the Intel RDRAND on-chip PRNG */
> > OPENSSL_cpuid_setup();
> > ENGINE_load_rdrand();
> > rdrand = ENGINE_by_id("rdrand");
> > if (rdrand) {
> > int success = 0;
> > if (ENGINE_init(rdrand)) {
> > success = ENGINE_set_default(rdrand, ENGINE_METHOD_RAND);
> > }
> >
> > /***
> > Per OpenSSL wiki, call ENGINE_free here regardless of whether
> we're
> > successfully using rdrand. The "functional reference" to rdrand
> will
> > be released when we call ENGINE_finish.
> > ***/
> > ENGINE_free(rdrand);
> > if (! success) ENGINE_finish(rdrand), rdrand = NULL;
> > }
> >
> > if (!rdrand && !RAND_status()){
> > RAND_screen(); /* this isn't really emough entropy, but it's a
> start */
> > if (!RAND_status()) {
> > RAND_poll(); /* try to gather additional entropy */
> > }
> >}
> > }
> >
> > void terminate_engines(void) {
> >if (rdrand) ENGINE_finish(rdrand), rdrand = NULL;
> >/* similarly for any other engines you use */
> >ENGINE_cleanup();
> > }
> > -
> >
> > Call init_prng after your OpenSSL initialization code (e.g. after
> calling OpenSSL_add_all_algorithms), and terminate_engines when you're done
> using OpenSSL (e.g. just before process exit).
> >
> > Note that this code uses RAND_screen if RDRAND isn't available.
> RAND_screen is really not a very good idea; it may be OK on workstations,
> but rarely provides much entropy on servers because they typically aren't
> doing much screen output. And if you still need entropy after the
> RAND_screen call, you'll end up in RAND_poll anyway. The alternative is to
> write your own code that harvests entropy from some source (or sources).
> >
> > Other people may have better suggestions.
>
> Headless servers without hw entropy sources are tough. In this case I
> use hedging. I've got some patches somewhere for 1.0.1, but they won't
> apply to 0.9.8.
>
> Also see:
>
> * When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
> and Hedging Deployed Cryptography,
> http://pages.cs.wisc.edu/~rist/papers/sslhedge.pdf
> * When Virtual is Harder than Real: Security Challenges in Virtual
> Machine Based Computing Environments,
> http://www.usenix.org/legacy/event/hotos05/final_papers/
> full_papers/garfinkel/garfinkel.pdf
>
> Jeff
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
More : The call stacks are from 1.0.1c when calling DH_generate_key. Is any fix in the latest version for this ? Thanks Jason On Thu, Oct 5, 2017 at 3:53 PM, Jason Qian wrote: > We call DH_generate_key(DH *dh) and the RAND_poll() is called > ssleay_rand_bytes > > > libeay32d.dll!RAND_poll() Line 572 C > libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int > num=128, int pseudo=0) Line 395 C > libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * > buf=0x03318fe0, int num=128) Line 536 + 0xf bytes C > libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128) > Line 164 + 0x10 bytes C > libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int > bits=1023, int top=0, int bottom=0) Line 152 + 0xd bytes C > > libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int > top=0, int bottom=0) Line 213 + 0x17 bytes C > libeay32d.dll!generate_key(dh_st * dh=0x03316a88) Line 170 + 0x11 bytes > C > libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88) Line 84 + 0xf > bytes C > > Thanks > Jason > > On Thu, Oct 5, 2017 at 3:33 PM, Jeffrey Walton wrote: > >> On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users >> wrote: >> > Thanks Michael, >> > >> > I saw a lot of discussion for this issue on, >> > >> >https://mta.openssl.org/pipermail/openssl-dev/2015-July/ >> 002210.html >> > >> > Not sure if openSSL has a workaround or a patch ? >> > >> > >> > It hangs on : >> > >> > libeay32.dll!RAND_poll() Line 523 >> > >> > if (heap_first(&hentry, >> > hlist.th32ProcessID, >> > hlist.th32HeapID)) >> >> You should avoid calls to RAND_poll altogether on Windows. Do so by >> explicitly seeding the random number generator yourself. >> >> Also see https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues >> on the OpenSSL wiki. >> >> Jeff >> > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
We call DH_generate_key(DH *dh) and the RAND_poll() is called ssleay_rand_bytes libeay32d.dll!RAND_poll() Line 572 C libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0) Line 395 C libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0, int num=128) Line 536 + 0xf bytes C libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128) Line 164 + 0x10 bytes C libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0) Line 152 + 0xd bytes C > libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0) Line 213 + 0x17 bytes C libeay32d.dll!generate_key(dh_st * dh=0x03316a88) Line 170 + 0x11 bytes C libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88) Line 84 + 0xf bytes C Thanks Jason On Thu, Oct 5, 2017 at 3:33 PM, Jeffrey Walton wrote: > On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users > wrote: > > Thanks Michael, > > > > I saw a lot of discussion for this issue on, > > > >https://mta.openssl.org/pipermail/openssl-dev/2015- > July/002210.html > > > > Not sure if openSSL has a workaround or a patch ? > > > > > > It hangs on : > > > > libeay32.dll!RAND_poll() Line 523 > > > > if (heap_first(&hentry, > > hlist.th32ProcessID, > > hlist.th32HeapID)) > > You should avoid calls to RAND_poll altogether on Windows. Do so by > explicitly seeding the random number generator yourself. > > Also see https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues > on the OpenSSL wiki. > > Jeff > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change Thanks On Thu, Oct 5, 2017 at 2:59 PM, Salz, Rich wrote: > You could try to backport the win_rand file from a more recent release. > > > > Far better, as Michael first said, to move to 1.0.2 or later. > > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Thanks Michael, I saw a lot of discussion for this issue on, https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html Not sure if openSSL has a workaround or a patch ? It hangs on : *libeay32.dll!RAND_poll() Line 523 * if (*heap_first*(&hentry, hlist.th32ProcessID, hlist.th32HeapID)) Jason On Thu, Oct 5, 2017 at 11:59 AM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > As I speculated, it appears you're hanging in random-number generation, > probably due to a blocking CPRNG that can't get the entropy it needs. > > > > This is an operating-system issue, and needs to be referred to your OS > administrator. > > > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > > > > > *From:* Jason Qian [mailto:jq...@tibco.com] > *Sent:* Thursday, October 05, 2017 08:44 > *To:* Michael Wojcik > *Cc:* openssl-users@openssl.org > *Subject:* Re: [openssl-users] DH_generate_key Hangs > > > > > > Here is the stack trace : > > > > libeay32.dll!RAND_poll Normal > > [External Code] > > > > libeay32.dll!RAND_poll() Line 523 > > libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) > Line 395 > > libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) > Line 536 > > > > > > Thanks > > Jason > > > > > > > > On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik < > michael.woj...@microfocus.com> wrote: > > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Jason Qian via openssl-users > > Sent: Wednesday, September 27, 2017 07:00 > > To: openssl-users@openssl.org > > Subject: [openssl-users] DH_generate_key Hangs > > > Need some help, one of our application that hangs when calling > > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded > condition. > > Not sure, if anyone know this issue ? > > The issue is running OpenSSL 0.9.8, which has not been supported since > 2015. > > DH_generate_key can use an engine (at least in supported versions of > OpenSSL - I no longer have any 0.9.8 code around to check), so we really > can't say what it might be doing in your application. But if it's using the > default OpenSSL implementation, then if your DH parameters don't already > include a private key, you'll end up generating random numbers. That can > hang, if OpenSSL is using a blocking CPRNG source such as /dev/random. > > But you haven't provided nearly enough information to do more than > speculate. > > What you need to do: > > 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes > and isn't an LTS release). There's really no point in proceeding unless you > do so. Your application is broken if it's using 0.9.8. > > 2. If the problem still occurs, debug a hanging instance and find out > where *exactly* it's hung. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DH_generate_key Hangs
Here is the stack trace : libeay32.dll!RAND_poll Normal [External Code] libeay32.dll!RAND_poll() Line 523 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536 Thanks Jason On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Jason Qian via openssl-users > > Sent: Wednesday, September 27, 2017 07:00 > > To: openssl-users@openssl.org > > Subject: [openssl-users] DH_generate_key Hangs > > > Need some help, one of our application that hangs when calling > > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded > condition. > > Not sure, if anyone know this issue ? > > The issue is running OpenSSL 0.9.8, which has not been supported since > 2015. > > DH_generate_key can use an engine (at least in supported versions of > OpenSSL - I no longer have any 0.9.8 code around to check), so we really > can't say what it might be doing in your application. But if it's using the > default OpenSSL implementation, then if your DH parameters don't already > include a private key, you'll end up generating random numbers. That can > hang, if OpenSSL is using a blocking CPRNG source such as /dev/random. > > But you haven't provided nearly enough information to do more than > speculate. > > What you need to do: > > 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes > and isn't an LTS release). There's really no point in proceeding unless you > do so. Your application is broken if it's using 0.9.8. > > 2. If the problem still occurs, debug a hanging instance and find out > where *exactly* it's hung. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] DH_generate_key Hangs
Hi, Need some help, one of our application that hangs when calling DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition. Not sure, if anyone know this issue ? Thanks Jason -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Core dump on DSA_free -- libssl.so.1.0.0
Thanks for look into this, void * pKey = LockResource(hHandle); The code works most of the time, only occasionally generates exception and Not sure why on DSA_free(pDSA); On Fri, Aug 11, 2017 at 2:57 PM, Salz, Rich wrote: > > DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey, > dwKeySize); > > Where and how is pKey set? Not that the manpage says it's incremented to > point *past* the object, so you need something like > unsigned char data = .whatever your data source is . > unsigned char *pKey = data > and then use &pKey in your call > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Core dump on DSA_free -- libssl.so.1.0.0
Thanks for the help,
DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey, dwKeySize);
bool bRet = false;
if (pDSA)
{
bRet = DSA_verify(0, signature, 20, (BYTE *) pFile, dwSize, (DSA *) pDSA)
== 1 ? true : false;
DSA_free(pDSA);
}
Jason
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
