RE: How does a client get the server's SAN/DNS strings
Really impressed. I have a lot to learn from that. :-) Thanks again for the link. Much appreciated. Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Viktor Dukhovni Envoyé : dimanche 17 avril 2022 18:17 À : openssl-users@openssl.org Objet : Re: How does a client get the server's SAN/DNS strings > On 17 Apr 2022, at 11:29 am, Michel wrote: > > What a beautiful source code ! > If only all software could be written like this ! The Postfix project aims for code quality, security and backwards compatibility over hastily deployed shiny new features. You'll find many examples of careful/correct use of OpenSSL in: https://github.com/vdukhovni/postfix/tree/master/postfix/src/tls The main "limitation" to keep in mind is that the Postfix concurrency model is multi-process no multi-thread. So issues related to thread-safety don't arise and are not addressed. -- Viktor.
RE: How does a client get the server's SAN/DNS strings
Waouh, waouh, waouh !!! What a beautiful source code ! If only all software could be written like this ! Thanks for the example Viktor. > https://github.com/vdukhovni/postfix/blob/postfix-3.5/postfix/src/tls/tls_cl ient.c#L756-L794 -- Viktor.
RE: How does a client get the server's SAN/DNS strings
My quick answer : int iPos = X509_get_ext_by_NID( pCX509, NID_subject_alt_name, -1 ); if( iPos < 0 ) ...; X509_EXTENSION* pE = X509_get_ext(pCX509, iPos ); pGNames = (GENERAL_NAMES*)X509V3_EXT_d2i( pE ); // (stack of GENERAL_NAME) for( ;; ) pGName = sk_GENERAL_NAME_value( pNames, i ); switch( pGName->type ) { case GEN_EMAIL: case GEN_URI: case GEN_DNS: case GEN_RID: case GEN_IPADD: case GEN_DIRNAME: ... } Look at crypto\X509\v3_genn.c May be there is something new, more straightforward. Hope it helps, it is very late in the night here. Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Hal Murray Envoyé : dimanche 17 avril 2022 00:02 À : openssl-users@openssl.org Objet : Re: How does a client get the server's SAN/DNS strings openssl-us...@dukhovni.org said: > Can you explain *why* you want the list of DNS names? > Is this just for logging.. Yes, just for logging. -- These are my opinions. I hate spam.
RE: How does a client get the server's SAN/DNS strings
Hi Hal, Might be simpler to use the 'X509_VERIFY_PARAM...' interface. Did you see : https://www.openssl.org/docs/man1.1.1/man3/X509_VERIFY_PARAM_set1_host.html Hope it helps, Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Hal Murray Envoyé : samedi 16 avril 2022 22:19 À : openssl-users@openssl.org Objet : How does a client get the server's SAN/DNS strings I can get the subject and issuer with X509_get_subject_name and X509_get_issuer_name I'm looking for something similar to get the SAN/DNS strings used to verify that this certificate is valid for the hostname provided via SSL_set1_host Any API will be slightly complicated since there may be more than one SAN/DNS string. -- These are my opinions. I hate spam.
RE: Query regarding EVP_PKEY_CTX_set_cb
Hi Bala, > Can you please help to understand the use of the callback function that can > be set during key generation ? AFAI remember, nothing special except provide a way to show work is still running (using a progress bar for example) and a mechanism to cancel the generation if it lasts too long. "If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button". (from https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_CTX_set_cb.html) > Is EVP_PKEY_CTX_set_cb API replacement for the deprecated BN_GENCB_set_old No, BN_GENCB_set[...] is a similar mechanism but for Big Number / Prime (not *Key*) generation. (https://www.openssl.org/docs/man3.0/man3/BN_GENCB_set_old.html) Hope it helps, Regards, Michel.
RE: "Expecting: ANY PRIVATE KEY"
Hi Mariano, My quick answer : your key file looks like an (old ?) custom *OpenSSH* format that *OpenSSL* cannot read natively. You should easily find an OpenSSH command or other free tools to converts between formats. Hope it helps, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Mariano Gedisman-Córdoba via openssl-users Envoyé : lundi 28 juin 2021 00:29 À : openssl-users@openssl.org Objet : "Expecting: ANY PRIVATE KEY" Hello everyone! I have googled this error to no avail, but all answers don’t seem to adjust to my particular case, or maybe I’m too novice at figuring it out. I have this key file: -BEGIN OPENSSH PRIVATE KEY—— [key here] -END OPENSSH PRIVATE KEY—— I’m trying to use this key in order to log in to my Google cloud instance through browser console, and I get the following error: "Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. " I googled how to achieve this, and tried the following on my local machine: $ openssl rsa -in id_rsa.txt -out id_rsa.pem -outform PEM Sadly, I run into this error: unable to load Private Key 56081:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.2/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY As I said, Google did throw some clues, but nothing conclusive. Note: I am running OS X El Cap. Can anyone point out what am I doing wrong? Thanks a lot in advance and I wish you a really good week!
RE: Can OpenSSL handle multiple authentication mechanisms on the same SSL context?
> We are trying to support a server that would support PSK and SRP authentication mechanisms. [.] > Would multiple callbacks for different mechanisms work simultaneously on the same SSL context? My quick answer is Yes. In a recent past I did some [multi-threaded] servers using both SRP and PSK on the same context and I don't recall having encountered any problem. I believe it was OpenSSL 1.1.1f using TLS 1.2 under Windows 32bits. Hope it helps, Michel.
TLS 1.3 migration: how to get current SSL session authentication
Hi, By the way : It was possible to get the authentication from a TLS1.2 ciphersuite Using SSL_CIPHER_get_auth_nid(). With a TLS1.3 SSL_CIPHER, the result is logically 'any'. So my question is : Is there any other [new ?] API to get the effective authentication mode from the current SSL session (RSA, PSK, ...) ? Or do we need to rely on a [/PSK like] callback ? Regards, Michel. -Message d'origine- [...] A TLSv1.2 ciphersuite combines the symmetric cipher, with the key exchange algorithm, the authentication algorithm and the hash. In TLSv1.3 we just have the symmetric cipher and hash. [...]
RE: Peer certificate verification in verify_callback
Hi Viktor, Could you please elaborate on "...although doing the latter potentially gives you the opportunity to decorate them with auxiliary trust EKUs." Does it mean "EKUs" "out of" the certificate ? Is it just about using X509_STORE_set_trust() and the like as mentioned in X509_STORE_add_cert man page or something else ? Regards, Michel -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Viktor Dukhovni Envoyé : lundi 30 mars 2020 23:19 À : openssl-users@openssl.org Objet : Re: Peer certificate verification in verify_callback [...] > I set up an X509_STORE object and then cycle through all of the > certificate files in /etc/ssl/certs/, open them, and call > PEM_read_X509() to get an X509 (certificate) object and then call > X509_STORE_add_cert(x509_stor, certificate) to read the certificates > into my trusted store, X509_store object. It would be far simpler to concatenate them into a single CAfile, or use "c_rehash" to create the symlinks need to make the directory into a workable CApath. You should not have to manually load them into your own store, although doing the latter potentially gives you the opportunity to decorate them with auxiliary trust EKUs. > If the user of this CTX is acting as a client and the server presents > a certificate chain, and my trusted store has the root, the connection > will work, as the chain is verified and trusted. [...] -- Viktor.
RE: Questions about signing an intermediate CA
And I am one of those who appreciates very much your explanations/clarifications for a long time. Thank you again Michael. > [...] > And here on the openssl-users list there are people with widely varying > experience with and understanding of these matters; > [...] > So it's useful to try to be very precise in our terminology. > [...] > -- > Michael Wojcik
Re: [openssl-users] Authentication over ECDHE
Thanks Matt for the reminder about the use of PSK in TLS 1.3. This leads me to this other question : Can someone please clarify what is the future of SRP starting with TLS 1.3 ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
[...] > From that point, the only logical conclusion that can be drawn is that > select() is for non-blocking I/O only. [...] Ouahhh, it looks to me as an over-simplistic conclusion ! select() was not designed and written with future TLS state machine implementation in mind. But maybe I shoudn't relaunch a debate... :-) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
Hi Thomas, As mentioned previously, I do NOT "want to block" or "hack" with OpenSSL state machine. And again, I agree with you that non-blocking socket programming is best and more flexible. I just wanted to understand your point and it is now clear for me since I read the BUGS section of http://man7.org/linux/man-pages/man2/select.2.html. Thanks for this, I was not aware of that, I learned something today. :-) However I don't think this is a "common misunderstanding of select()" as it is a *BUG* [hopefully] of only select() under linux. Not a design implementation of *select() and friends* (pselect, poll, epoll, ...) on every other systems. And on this matter, I don't believe that code relying on interface documentation is *bad code* by nature, and - IMHO - a bug should be fixed rather than killing everything around (kind of terrorism programming ? ;-). Anyway, thanks to have shared your opinion and advices with me. Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Thomas J. Hruska Envoyé : lundi 9 octobre 2017 15:32 À : openssl-users@openssl.org Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets On 10/9/2017 1:32 AM, Michel wrote: >> With blocking sockets, you just loop back around and repeat the same >> call > if either of those messages are returned by SSL_get_error(). No > select() required. > > Yes, you have to repeat the same call, but select() is still usefull, > especially with blocking sockets. And leads to incorrect code and weird blocking scenarios. Been there, done that. You're using select() wrong. If you want to block, then block and don't try to hack around it. Otherwise use non-blocking. This common misunderstanding of select() is precisely why calling it with a blocking descriptor should trigger an exception that kills the application. Doing so would bring a quick end to a lot of bad code. -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
> With blocking sockets, you just loop back around and repeat the same call if either of those messages are returned by SSL_get_error(). No select() required. Yes, you have to repeat the same call, but select() is still usefull, especially with blocking sockets. Regards, Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
Hi Thomas, I do not think that non-blocking code is hard to implement, but I am not still convinced there is not some kind of confusion here. Pardon me if I do not understand well your reasoning, but I just want to highlight that SSL_read() contract is not to return TCP data, but SSL/TLS data (if some are available), which is more work. As described in https://www.openssl.org/docs/man1.1.0/ssl/SSL_read.html, you may encounter cases where TCP data is available, but just contains TLS records with no usefull application data. Can this be what you experienced or I missed your point ? Regards, Michel -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Thomas J. Hruska Envoyé : dimanche 8 octobre 2017 22:56 À : openssl-users@openssl.org Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets On 10/8/2017 7:28 AM, Michel wrote: > While I understand that using non-blocking descriptors is a better > practice, I still do not see why select() should NEVER be used for > blocking sockets (except when combined/interfered with the internal > OpenSSL state machine or equivalent mechanism). > > Could you please elaborate or give an example ? > > Regards, > > Michel. Example: You call select(), it returns the descriptor as readable, you pass it into SSL_read(), and SSL_read() blocks. You are worse off than before you used select() since you made the incorrect assumption that you could do something when select() returns and not have a blocking socket block. Just because select() says that something is readable (or writable) does not actually make it so. The function only makes sense for non-blocking descriptors. The use of select() with a blocking descriptor is always wrong. Non-blocking code is actually easier to implement than you think. -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets
While I understand that using non-blocking descriptors is a better practice, I still do not see why select() should NEVER be used for blocking sockets (except when combined/interfered with the internal OpenSSL state machine or equivalent mechanism). Could you please elaborate or give an example ? Regards, Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Personal CA: are cert serial numbers critical?
>> Another requirement is that a TLS server certificate shall have its identity >> (FQDN) in the SAN extension. Use of the commonName attribute has been >> deprecated long ago. > Where is this documented ? Might be of interest : https://stackoverflow.com/questions/5935369/ssl-how-do-common-names-cn-and-subject-alternative-names-san-work-together -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Specify padding scheme with EVP_VerifyFinal
Hi, > Is it possible to specify a different padding scheme (e.g. > RSA_PKCS1_PSS_PADDING) using this API ? > If not, what is the easiest way to work around this "limitation" ? Isn’t it what you are looking for : EVP_PKEY_CTX_set_rsa_padding() ? https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_padding.html and : https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying (OpenSSL version >= 1.0) Hope it helps, Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FW: problem with missing STDINT.H file
> You guys are both important contributors to the project. +1 Personally I have learn a lot from your contributions. Thanks Jakob and Michael. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL with Qt5 on Win7
Hi, As nmake is not in your current path, it looks like you didnt launch the Developer Command Prompt for Visual Studio. Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Peissert, Roland (ext) Envoyé : jeudi 3 novembre 2016 12:59 À : openssl-users@openssl.org Objet : [openssl-users] OpenSSL with Qt5 on Win7 Hello, I want to use OpenSSL with Qt5 on Win 7. Is there any tutorial or how do or documentation, how to install and recompile OpenSSL and Qt5 on Win7 ? 1. I download still install Win 7 with Visual Studio 2015 2. Then I install Q5 with Visual Studio AddOn for Qt 3. Next I download OpenSSL openssl-1.1.0b.tar.gz from here: <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openssl.org_source; d=DgMFAg=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=TcIV5vCdo16l1ad H-s3oU5f_ag12IwoJMP08CDUsKY4=CbQRR31TvWzaITLPL8ei_Qr9Sx1gSemYX9gS51sPSnI => http://www.openssl.org/source 4. And I install Active Perl 5. I made one folder C:\libsopenssl 6. When I compile OpenSSL with this command: perl Configure VC-WIN32 no-asm -prefix=c:\libsopenssl 7.I receive this error: cid:image001.png@01D2359E.43028830 Thank you in advanced. Best Regards Roland Peissert -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] GCM cipher decryption
Hi, Quick answer : as you probably noticed, IV, ciphertext and tag are expected to be distinct buffers. Consequently, ciphertext is just ciphertext (without IV or Tag). Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de c.hol...@ades.at Envoyé : mardi 12 juillet 2016 17:48 À : openssl-users@openssl.org Objet : [openssl-users] GCM cipher decryption Hi! 2 questions about GCM and the following OpenSSL-Sample please. https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti on#Authenticated_Decryption_using_GCM_mode and the function int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad, int aad_len, unsigned char *tag, unsigned char *key, unsigned char *iv, unsigned char *plaintext) * Is ciphertext the pure ciperhtext OR is it with IV and TAG still in the string?? * If the 2nd: The IV is expected to be in front of the ciphertext and the TAG is expected to be past of the ciphertext - correct? | IV | ciphertext | TAG | thanks! Christoph -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] When to use a key or password
Hi, You need to remember a password. Passwords should never be stored. Keys are binary data (even if they look as text because they are hexa or base64 encoded). Secret keys can be 'derived' from a password to be used when encrypting or decrypting. Sometime you need to store an ENCRYPTED secret key (generally using another password). see https://en.wikipedia.org/wiki/Key_(cryptography). IV means 'Initial Vector', which is random binary data needed to 'start' encryption or decryption. See https://en.wikipedia.org/wiki/Initialization_vector Hope it helps, Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Warron French Envoyé : jeudi 7 juillet 2016 22:37 À : openssl-users@openssl.org Objet : [openssl-users] When to use a key or password Is there any good rule of thumb for when to use: -k versus -K Also, what does the term IV refer to in reference to -iv IV? Thanks in advance, Warron -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] good riddance to PayPal
Hi steve, Isn't it conceivable to ask one of the European payment service provider to sponsor you by offering a free account / accesss to their plateform ? I know some which are secured only with the help of your product. They should be proud to help in return. :-) -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Steve Marquess Envoyé : vendredi 6 mai 2016 01:00 À : openssl-users@openssl.org Objet : Re: [openssl-users] good riddance to PayPal Note we would qualify to have a direct "merchant account" with one of the major credit card processors, but found out there is a requirement that the web site on which payments are processed be located in the U.S. Our servers are all in Europe, appropriately so. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Is SHA hashing algorithm reversable?
Hi, > But i saw some online websites giving the original data by reversing the hash data. If they can, this is NOT by reversing the hash data. You will find lots of articles on the web to explain how it can be 'cracked', for example : https://crackstation.net/hashing-security.htm -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Info about size
Hi Alphonso, Did you see that : https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_ of_an_Envelope Hope this helps, Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Alfonso Coscione Envoyé : lundi 21 mars 2016 15:23 À : openssl-users@openssl.org Objet : [openssl-users] Info about size Hi OpenSSL Staff, sorry for disturb. I'm an italian young engineer and I'm working on new software project that wuold want to use yours openssl library to realize an encryption/decryption protocol to use for downloading updates from a server. I try to find on web some informations, but i'm not able to understand about the sizes. I explain better. I've to know, more exactly, how to calculate the dimension of an encrypted text after an encryption with a private key with an RSA protocol.. and so, also the dimension of a decrypted text after an decryption with a public key. I don't know if you can help me.. I would appreciate any help or suggestion. Sorry for disturb and thanks for all your work. -- Alfonso Coscione --- "before giving good advice, we must give good examples..in life it takes consistency .. !!" --- - Please respect the environment before printing this email unless absolutely necessary. - -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] About no-ssl2
-Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Viktor Dukhovni Envoyé : mercredi 16 mars 2016 23:40 À : openssl-users@openssl.org Objet : Re: [openssl-users] About no-ssl2 ... > In what release? Sorry, I forgot to mention : current release 1.1.0 (pre 4) > The "OPENSSL_NO_..." macros specify disabled features, not deleted code. Yes I understand this point, but I was thinking it was also used more generally to inform about [un]available functionalities. Anyway, Thanks for your answer Viktor. Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Questions about OCB and Wrap modes
Thank you again and again Matt, Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Matt Caswell Envoyé : vendredi 18 mars 2016 13:08 À : openssl-users@openssl.org Objet : Re: [openssl-users] Questions about OCB and Wrap modes On 15/03/16 11:12, Michel wrote: > Hi, > > > > As there was some discussion about AEAD, I am still curious to know > why OCB mode isn't flagged as one of them : > > assert( EVP_CIPHER_flags( EVP_aes_128_ocb() ) & > EVP_CIPH_FLAG_AEAD_CIPHER );failed ? > > > > Can someone please explain this to me ? Yes. It's a bug! :-) Now fixed in git. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] About no-ssl2
Hi, IMHO, whether SSL2 is completly removed or disabled, I would have expected opensslconf.h to reflect the situation to applications. But now, it just contains : #ifndef OPENSSL_NO_SSL3 # define OPENSSL_NO_SSL3 #endif Was it really intended ? Regards, Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] enc oddities, bad decrypt, bad magig, too bad
Hi, I had to write a small program which at some point need to encrypt a piece of data that I intended to be able to decrypt later (at least) using OpenSLL. So I started to review the doc about the enc command. I saw that it was possible to use salt, key, IV and/or a passphrase. Though I believed naively it will be a simple task ... but it was not so easy. First I tried : openssl enc-aes-128-cbc -iv ... -K ... -in ... -out ... openssl enc -d -aes-128-cbc -iv ... -K ... -in ... It works as expected. I checked it was possible to retrieve the key and IV given the salt : openssl enc -aes-128-cbc -S ... -P salt=... key=... iv =... It also works as expected. I checked [unfortunately] with a passphrase : openssl enc-aes-128-cbc -S ... -in ... -out ... openssl enc -d -aes-128-cbc -S ... -in ... It works as expected. I was happy with that and confident enouth to start working. Then I tried : openssl enc -d -aes-128-cbc -iv ... -K ... -in ... But it fails with "bad decrypt" So I search for errors in my code. Then trying desperately anything and everything I was surprised that : openssl enc -d -aes-128-cbc -in ... Succeeded ? I started to understand that the salt was stored with the data. Happy again (not for long), I tried : openssl enc-aes-128-cbc -iv ... -K ... -in ... -out ... openssl enc -d -aes-128-cbc -in ... But this time got 'bad magic number'. :-( It was late and I felt down as I didn't see any 'magic', just curse ! Now the reason : Yes the salt is stored with the encrypting data. But not always. And not only when it is not supplied (therefore generated). It is stored when no key is given. And when stored, even good IV and key fails to decrypt. You must enter the password (but are NOT prompted for). In the hope it will save some time to others, Michel. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Developing CA with Openssl library
Hi, Just a suggestion : did you see XCA : http://xca.sourceforge.net/ ? Regards, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de thirumalkumarkanakur...@bel.co.in Envoyé : mercredi 2 mars 2016 09:37 À : openssl-users@openssl.org Objet : [openssl-users] Developing CA with Openssl library Dear users, I want to develop my own CA with openssl library … -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT without SSL_CTX_set_client_CA_list?
Hi Jeff, The test I just ran was done with NO custom callback : SSL_CTX_set_verify( pCtx, AUTH_REQUIRE, NULL ); with AUTH_REQUIRE defined as ( SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT ) -Message d'origine- De : Jeffrey Walton [mailto:noloa...@gmail.com] Envoyé : samedi 27 février 2016 23:48 Does your server use the default verify callback? Or does it have a custom callback? (The original question uses the default verify callback). -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT without SSL_CTX_set_client_CA_list?
Really ? As your post alarmed me, I tried my tests programs again and didn't noticed anything wrong. I have a server code whose context is configured with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT and which do not call SSL_CTX_set_client_CA_list(). In this case, handshake is failing as expected when clients didn't send a certificate. OpenSSL Windows 32 bits version 1.1 from git repo yesterday. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Jeffrey Walton Envoyé : samedi 27 février 2016 22:22 À : OpenSSL Users List Objet : [openssl-users] Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT without SSL_CTX_set_client_CA_list? This came up recently on Stack Overflow. The server code specified SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but failed to call SSL_CTX_set_client_CA_list. The connection did not fail as expected. Looking at the man page for SSL_CTX_set_verify [1] and SSL_CTX_set_client_CA_list [2] it looks like the connection is supposed to fail. From [1]: SSL_VERIFY_FAIL_IF_NO_PEER_CERT Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert... Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT regardless of the interactions with SSL_CTX_set_client_CA_list? Or is there a hidden dependency on SSL_CTX_set_client_CA_list? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PEM_read and write SSL_SESSION
Hi, Quoting Andy about applink : "New code should rather abstain from using above mentioned subset of OpenSSL API (whatever using FILE*)". So using the bio* version instead, PEM_write_bio_SSL_SESSION( bio_st*, ssl_session_st*) PEM_read_bio_SSL_SESSION( bio_st*, ssl_session_st**, int (char*, int, int, void*) *, void* ) are declared and implemented using macros as you can see in include\openssl\pem.h, starting line 156 (or search for "PEM_read/PEM_write functions") You can use them as simply as (s_server.c, s_client.c ) : SSL_SESSION *sess = PEM_read_bio_SSL_SESSION( pBIO, NULL, 0, NULL ); PEM_write_bio_SSL_SESSION( pBIO, SSL_get_session( pSSL ) ); They finally call : PEM_ASN1_write_bio() PEM_ASN1_read_bio() about which more info can be found on http://www.umich.edu/~x509/ssleay/pem_io.html Hope this helps, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Shubham Chauhan Envoyé : vendredi 26 février 2016 12:51 À : openssl-users@openssl.org Objet : [openssl-users] PEM_read and write SSL_SESSION If anyone is familiar with the PEM_read_SSL_SESSION and PEM_write_SSL_SESSION functions, please let me know about the arguments and the usage of these functions, in a bit detailed fashion. It'll be really helpful. Thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Need information on AES encryption and decryption Key and IV type
As Rich already answered : "The IV, key, and ciphertext are all binary arrays of bytes." This is not specific to AES. Converting from or to hex (or Base64) strings is needed only to read from or print to outside your C program. Values passed to EVP_*() calls are expected to be raw (binary) data : unsigned char *key, unsigned char *iv, as documented in https://www.openssl.org/docs/manmaster/crypto/EVP_EncryptInit.html (and do not rely on the 'bogus' key and IV values in the do_crypt() example). -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Sugumar Envoyé : vendredi 26 février 2016 17:30 À : openssl-users@openssl.org Objet : [openssl-users] Need information on AES encryption and decryption Key and IV type Hi,, I am using Openssl for encryption and decryption. I need some information on AES encryption and decryption key and iv type. My doubt is when we are using a openssl in command line we need to pass key and iv as hex strings right? and same when we are EVP calls in C/C++ programming what is the type of Key and Iv. i mean it should a hex string or raw binary values? I saw, openssl command line interface code of openssl in that the hex strings are converted into hex values. But in EVP calls the Key and Iv are used directly. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Problem in decryption using python which cipher text is encrypted in c++
Hi Sugumar, I might misunderstand your need but 'Hex' (as 'Base64') is just an encoding method to ease use of characters that are not printable. Your example hex string IV : "12345678901234567890123456789012" should be converted to : unsigned char IV[16] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0x12, 0x34, 0x56, 0x78, 0x90, 0x12, 0x34, 0x56, 0x78, 0x90, 0x12 }; in other words = { 18, 52, 86, 120, 144, 18, 52, 86, 120, 144, 18, 52, 86, 120, 144, 18 }; (decimal values) -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Sugumar Envoyé : lundi 22 février 2016 06:10 À : openssl-users@openssl.org Objet : Re: [openssl-users] Problem in decryption using python which cipher text is encrypted in c++ Thanks for your reply. Correct me if i am wrong. What i have understood from your point is, i have to read the first 2 char of 32 char IV and convert into a byte array right? For example: my IV "12345678901234567890123456789012" I have read first 2 char i.e "12" then i have to convert it into byte array. Please give me some more clear idea about this. If u have any example for this please post it for our better understanding. Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] (Probably) Silly Application Programming Question
Hi Karl, I believe it could be helpful to have a look at the 509_check_host() and do_x509_check() source code in crypto\x509v3\v3_utl.c. Also, if you want to parse the SAN just for certificate validation, it is now easier to use : https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PARAM_set_flags.html Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Karl Denninger Envoyé : lundi 11 janvier 2016 04:08 À : openssl-users@openssl.org Objet : Re: [openssl-users] (Probably) Silly Application Programming Question Yeah, now I just have to figure out how to parse the X509 Extension data from the certificate to pull out the SubjectAltName information :-) There wouldn't be a snippet of code laying around somewhere that does that given a X509 cert as input would there? It looks a bit arcane ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool
Thanks Viktor for your answer, and Jakob for clarifying my thought. My english isn't good enough to argue with both of you, but obviously, I do agree with what you have proposed. Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Jakob Bohm Envoyé : mardi 27 octobre 2015 02:21 À : openssl-users@openssl.org Objet : Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool On 26/10/2015 14:02, Viktor Dukhovni wrote: > On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: > >> I believe it might be usefull to remind in the documentation that the >> -cipher argment for openssl pkey command line tool is silently ignore when >> combined with -outform DER. >> >> May be it is worth to add a warning too ? > I think a fatal error would be appropriate. If you want encrypted > DER keys, you'll need PKCS#8 or PKCS#12. > But the issue is how to make the key conversion command in the openssl command line tool encrypt the output file, not which encryption format it should use. More specifically, the issue is that the currently recommended command "openssl pkey", allegedly silently omits the encryption when told not to Base64 encode the encrypted key, which is complete nonsense and would be considered a security issue in any other tool. I see no particular reason why the "openssl pkey" command should not encrypt the key in exactly the same way as it does when Base64 encoding the key, in other words the difference between -outform DER and -outform PEM should be *only* the Base64 encoding and the associated decorative text lines. Doing something highly dangerous (outputting a private key unencrypted contrary to user request) in response to an unrelated option (-outform DER) is a really bad thing. While on this subject, it would be most useful if all the openssl command line tools that can output private keys supported the same command line options to indicate encryption or lack thereof, specifically, those commands that currently default to unencrypted should still accept the "-nodes" command, and should complain if invoked with the "-passout" option but no encryption request. 5 to 10 years later, it should then be possible to change the default to encrypted, confident that adding explicit "-nodes" to scripts and examples will not fail on any reasonably maintained systems (including systems where openssl is built by some upstream OS maker). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] suggested enhancement documentation or warning for pkey command line tool
Hi, I believe it might be usefull to remind in the documentation that the -cipher argment for openssl pkey command line tool is silently ignore when combined with -outform DER. May be it is worth to add a warning too ? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions
Hi again Phil, May be I read your mail too quickly. so we don't have the correct encrypted length value to pass to the decryption routine. How is it possible ? If you stored the encrypted data, you should at least know the size of what is in the file or the database column, don't you ? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions
It's me again, :-) If you have to store binary data without a way to get the correct length later, you should instead endode it in a 'textual' form before storage : base64 or hexa. Is it what you were asking for ? -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Michel Envoyé : vendredi 27 mars 2015 18:27 À : openssl-users@openssl.org Objet : Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions Hi again Phil, May be I read your mail too quickly. so we don't have the correct encrypted length value to pass to the decryption routine. How is it possible ? If you stored the encrypted data, you should at least know the size of what is in the file or the database column, don't you ? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions
Hi Phil, First, let me emphasized that Richard was rigth in a previous post : it is not good pratice to compare login info to decrypted password. It is better NOT to keep user password when possible, and compare login to salted hash password instead. As you already know : the encrypted length is length of clear text + size of 1 cipher block if padding is enabled. As a result, the length of the clear text is allways shorter (or equal) than the length of the cipher text. :-) And the EVP_DecryptFinal() function will NOT count the number of padding bytes it has removed in the value returned in the 'outl' parameter. https://www.openssl.org/docs/crypto/EVP_EncryptInit.html So, to retrieve the total clear text length, you can safely do like the example at : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption (in this example, it is obviously named 'plaintext_len') I hope I did not misunderstand you, And hope this helps, Regards, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Philip Bellino Envoyé : vendredi 27 mars 2015 13:48 À : openssl-users@openssl.org Objet : Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions Michel, Thank you very much for your email. The example given in your email works out fine if the encryption and decryption are performed in the same routine. The problem we are having is that we perform the encryption and then at some in the future we need to do the decryption. At that point, we do not have the clear text password available nor do we know the length that was the result of the previous encryption so we don't have the correct encrypted length value to pass to the decryption routine. Some passwords have encrypted results that have nulls embedded in them, so strlen() cannot be used on the encrypted result to get its length. Have you come across a situation such as this or is there something else you can suggest to me? Thanks, Phil ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions
Hi Phil, or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it? It is NOT the case. May not be the answer you expected : The encrypted length is length of clear text + size of 1 cipher block if padding is enabled. https://www.openssl.org/docs/crypto/EVP_EncryptInit.html is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and decrypt ? NO, and It should NOT, especially in multi-threaded applications : A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting. https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html Also : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Philip Bellino Envoyé : jeudi 26 mars 2015 15:53 À : openssl-users@openssl.org Objet : [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords with cipher des_ede3_cbc as follows: encrypt routines: EVP_CIPHER_CTX_init EVP_EncryptInit_ex EVP_EncryptUpdate EVP_EncryptFinal_ex EVP_CIPHER_CTX_cleanup decrypt routines: EVP_CIPHER_CTX_init EVP_DecryptInit_ex EVP_DecryptUpdate EVP_DecryptFinal_ex EVP_CIPHER_CTX_cleanup similar to examples found here: http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES Passwords are encrypted and stored when created, and decrypted at a later time to compare against the password given upon login. None of the examples show determining the length of the encrypted information via an EVP call in order to pass that information to the decryption routines. Should I assume it is incumbent upon the coder to store the encrypted length when storing the encrypted password, for retrieval later? Or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it? I believe from all the information I see that it is the former. Please confirm this for me. Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and decrypt? My encryption and decryption seem to be working without calling those routines but after seeing them used (for examples in test/evp_test.c), I don't understand why. Any insight that can be shared would be most appreciated. Thank you. Phil Bellino Principal Software Engineer | MRV Communications Inc. 300 Apollo Drive | Chelmsford, MA 01824 Phone: 978-674-6870 | Fax: 978-674-6799 www.mrv.com MRV-email http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform Image supprimée par l'expéditeur. E-Banner The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l
Hi Avery, I am afraid your program demonstrates very little. If you load OpenSSL library, you have to call some of the OpenSSL free functions as indicated in a previous post, and if you create a thread, you have to call CloseHandle() : #include windows.h #include crtdbg.h #include openssl/ssl.h #include openssl/err.h DWORD __stdcall thread1( LPVOID l ) { for( int i=0; i7; i++ ) Sleep(1000); ERR_remove_state(0); return 0; } int main( int argc, char* argv[] ) { // _crtBreakAlloc = ...; SSL_library_init(); SSL_load_error_strings(); DWORD t1; HANDLE h1 = CreateThread( 0, 0, thread1, 0, 0, t1 ); for( int i=0; i7; i++ ) Sleep(1000); if( h1 ) { WaitForSingleObject( thread1, INFINITE ); CloseHandle( h1 ); } ERR_remove_state(0); EVP_cleanup(); ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); sk_SSL_COMP_free( SSL_COMP_get_compression_methods()); _CrtDumpMemoryLeaks(); return 0; } Hope it helps, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Avery A. Tarasov Envoyé : samedi 24 janvier 2015 22:34 À : openssl-users@openssl.org Objet : Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l Hi Michel, It doesn't appear to be related to that. I added CloseHandle's and got the same result. Here are my updated findings... The following simple program still causes the same Handle Leaks... Important findings: 1) If SSL_library_init() and SSL_load_error_strings() are removed (which are the only 2 OpenSSL functions I'm using) the handle leaks go away.. 2) If SSL_library_init() and SSL_load_error_strings() are kept but the creation of the thread is removed -- no more handle leaks.. So the problem is something related to the combination of loading OpenSSL and creating a thread (even though that thread does nothing whatsoever related to OpenSSL). Very odd. DWORD __stdcall thread1(LPVOID l) { while(1) { Sleep(1000); } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { SSL_library_init(); // if these 2 lines removed SSL_load_error_strings(); // no more handle leaks DWORD t1; HANDLE h1=CreateThread(0,0,thread1,0,0,t1); if(h1==0) { return 0; } CloseHandle(h1); //if SSL_library_init(); and SSL_load_error_strings(); are kept but this line is removed... no more handle leaks while(1) { Sleep(1000); } } ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l
Hi Avery, In the code I sent over before, I was calling CloseHandle on the thread: HANDLE h1=CreateThread(0,0,thread1,0,0,t1); if(h1==0) { return 0; } CloseHandle(h1); Yes, but you were trying to close the handle of a thread which was still running ! I have not checked what happens in this case. I am not sure to fully understand what your are doing now, but with the modified version I've sent to you, _CrtDumpMemoryLeaks() doesn't report any problem on my Windows 7 64 bits machine. Just another quick idea : why not try _beginthread() instead of CreateThread() ? Michel ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l
Hi Avery, I am afraid your program demonstrates very little. If you load OpenSSL library, you have to call some of the OpenSSL free functions as indicated in a previous post, and if you create a thread, you have to call CloseHandle() : #include windows.h #include crtdbg.h #include openssl/ssl.h #include openssl/err.h DWORD __stdcall thread1( LPVOID l ) { for( int i=0; i7; i++ ) Sleep(1000); ERR_remove_state(0); return 0; } int main( int argc, char* argv[] ) { // _crtBreakAlloc = ...; SSL_library_init(); SSL_load_error_strings(); DWORD t1; HANDLE h1 = CreateThread( 0, 0, thread1, 0, 0, t1 ); for( int i=0; i7; i++ ) Sleep(1000); if( h1 ) { WaitForSingleObject( thread1, INFINITE ); CloseHandle( h1 ); } ERR_remove_state(0); EVP_cleanup(); ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); sk_SSL_COMP_free( SSL_COMP_get_compression_methods()); _CrtDumpMemoryLeaks(); return 0; } Hope it helps, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Avery A. Tarasov Envoyé : samedi 24 janvier 2015 22:34 À : openssl-users@openssl.org Objet : Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l Hi Michel, It doesn't appear to be related to that. I added CloseHandle's and got the same result. Here are my updated findings... The following simple program still causes the same Handle Leaks... Important findings: 1) If SSL_library_init() and SSL_load_error_strings() are removed (which are the only 2 OpenSSL functions I'm using) the handle leaks go away.. 2) If SSL_library_init() and SSL_load_error_strings() are kept but the creation of the thread is removed -- no more handle leaks.. So the problem is something related to the combination of loading OpenSSL and creating a thread (even though that thread does nothing whatsoever related to OpenSSL). Very odd. DWORD __stdcall thread1(LPVOID l) { while(1) { Sleep(1000); } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { SSL_library_init(); // if these 2 lines removed SSL_load_error_strings(); // no more handle leaks DWORD t1; HANDLE h1=CreateThread(0,0,thread1,0,0,t1); if(h1==0) { return 0; } CloseHandle(h1); //if SSL_library_init(); and SSL_load_error_strings(); are kept but this line is removed... no more handle leaks while(1) { Sleep(1000); } } ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l
Hi Avery, In the code I sent over before, I was calling CloseHandle on the thread: HANDLE h1=CreateThread(0,0,thread1,0,0,t1); if(h1==0) { return 0; } CloseHandle(h1); Yes, but you were trying to close the handle of a thread which was still running ! I have not checked what happens in this case. I am not sure to fully understand what your are doing now, but with the modified version I've sent to you, _CrtDumpMemoryLeaks() doesn't report any problem on my Windows 7 64 bits machine. Just another quick idea : why not try _beginthread() instead of CreateThread() ? Michel ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Handle Leaks - shmem-win32.c shmem.c - OpenSSL 1.0.1l
Hi, Just a quick answer : I didn't find any call to CloseHandle() function in your code. Best regards, Michel. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Proper cleanup functions being called?
1) Am I correct that I only need to call the SSL_library_init(); and SSL_load_error_strings(); once at the beginning of the program , and not at the beginning of each thread? Yes 2) Should I be doing any other cleanup functions within the threads? Yes, ERR_remove_state() Should I be doing any other cleanup operations ? Probably some of (before exiting main thread only) : EVP_cleanup(); ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); ENGINE_cleanup(); CONF_modules_unload( 1 ); CONF_modules_free(); sk_SSL_COMP_free( SSL_COMP_get_compression_methods()); RAND_cleanup(); Hope it helps, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Avery A. Tarasov Envoyé : jeudi 22 janvier 2015 06:36 À : openssl-users@openssl.org Objet : [openssl-users] Proper cleanup functions being called? Hi All, I am using OpenSSL 1.0.1l in Win32 environment. At the beginning of my program I call SSL_library_init(); SSL_load_error_strings(); Those functions are only called once. Then I have 3 threads which can't possibly be run at the same time due to mutexes I'm setting with WaitForSingleObject and ReleaseMutex. Those 3 threads use these functions below and all variables in those threads are local to the threads (e.g. no globals). SSL_CTX_new SSL_CTX_set_verify SSL_CTX_set_cert_verify_callback BIO_new_connect BIO_do_connect SSL_new SSL_set_bio SSL_get_peer_certificate SSL_write SSL_read SSL_get_error (cleanup functions.. if conditions used to prevent double frees, etc.) X509_free SSL_shutdown SSL_free BIO_free SSL_CTX_free My questions are the following: 1) Am I correct that I only need to call the SSL_library_init(); and SSL_load_error_strings(); once at the beginning of the program , and not at the beginning of each thread? 2) Should I be doing any other cleanup functions within the threads? My program appears to work perfectly but a tool is complaining about memory leaks in _CRYPTO_malloc, _asn1_enc_save, _asn1_item_ex_d2i, _d2i_X509 Handle leaks _shmem_winpthreads_grab _pthread_register_pointer In fact I get memory leaks reported if I just doSSL_library_init(); alone Despite the reports of the leaks my program seems to run fine for days and stay consistent in memory used. But I'm feeling paranoid something just isn't quite right. Should I be doing any other cleanup operations? Thanks for the assistance. Best Regards, -Avery T. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Possibility to cache ca-bundle and reuse it between SSL sessions?
Excerpt from the book : Network Security with OpenSSL : An SSL_CTX object will be a factory for producing SSL connection objects. This context allows us to set connection configuration parameters before the connection is made, such as protocol version, certificate information, and verification requirements. It is easiest to think of SSL_CTX objects as the containers for default values for the SSL connections to be made by a program. ... In general, an application will create just one SSL_CTX object for all of the connections it makes. And Yes, this is also true for multithreaded connections, as long as we are aware of : https://www.openssl.org/docs/crypto/threads.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decryption succeed in GCM mode when tag is truncated
Ok, I have missed that point (and probably many others...) I need to go deeper to better understand things, and I am grateful for your explanations. Le 18/06/2014 20:25, Thulasi Goriparthi a écrit : In the test program, you are feeding a fixed ccm_tag to decryption process. This will not work for CCM, as tag length itself will also be an input for tag generation. Change in tag length, will change the tag produced. I modified the decryption api(aes_ccm_decrypt) to take the tag generated by encryption api(aes_ccm_encrypt). It works fine. Note: Tag length will internally be embedded within the IV(nonce). On Wed, Jun 18, 2014 at 8:12 PM, Michel msa...@paybox.com mailto:msa...@paybox.com wrote: I tried all of 2, 4, 6, 8, 10, 12, 14, 16 values, and always got a Plaintext not available: tag verify failed. Even when tag length of decryption was equal to tag length of encryption. :-( It just works for : tag length of decryption = tag length of encryption = 16.
Re: Decryption succeed in GCM mode when tag is truncated
Hey, thanks Jeff ! I also inadvertently found an interresting article of a certain M. J. W. ... ;-) I should have read more carefully : http://www.codeproject.com/Articles/34380/Authenticated-Encryption particularly when it states : It is up to the receiver to determine whether to accept a tag which is truncated. I take the opportunity to thank the numerous people on this list from whom I have learned a lot reading at their posts, I cannot name them all, but Dave if one of them. Le 19/06/2014 11:19, Jeffrey Walton a écrit : If AEAD schemes are your thing, then you might take a look at David Wagner's http://www.cs.berkeley.edu/~daw/talks/FSE04eax.ppt. Slide 7 has a nice comparison of CCM, CWC, EAX and GCM modes of operation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Decryption succeed in GCM mode when tag is truncated
Hi all, I was surprised that decryption succeeded in GCM mode althought the tag was shorter than the one produced when encrypting, as it is not the case in CCM. Is it the intended behaviour ? In order to rule out a possible bug in my program, I finally used the example code at : https://github.com/openssl/openssl/blob/master/demos/evp/aesccm.c https://github.com/openssl/openssl/blob/master/demos/evp/aesgcm.c using OpenSSL 1.0.1h. When altering line 91 of of aesccm.c with 'sizeof(ccm_tag)-1', decryption failed. But doing the same with aesgcm.c, line 100 : sizeof(gcm_tag)-10, decryption succeeded. Thanks in advance for any assistance with this. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decryption succeed in GCM mode when tag is truncated
Thank for your answer. But isn't this strategy very hazardous ? And why just for GCM and not CCM ? Le 18/06/2014 14:37, Thulasi Goriparthi a écrit : EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag); When you change tag length with the above statement, you are telling the decrypt context to consider only those many number of bytes for tag comparision.
Re: Decryption succeed in GCM mode when tag is truncated
I tried all of 2, 4, 6, 8, 10, 12, 14, 16 values, and always got a Plaintext not available: tag verify failed. Even when tag length of decryption was equal to tag length of encryption. :-( It just works for : tag length of decryption = tag length of encryption = 16. Thanks again for your help. Le 18/06/2014 16:14, Thulasi Goriparthi a écrit : Truncate-able tags gave a way to truncated hmac extension. Haven't gone through CCM RFC 3610 completely. I can see the restriction of possible M values(Tag lengths) to 2, 4, 6, 8, 10, 12, 14, 16. Can you try reducing the tag size accordingly and see if it succeeds. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL windows build fails when no-engine no-hw options
Hi, When configure'd with no-engine and no-hw options, build of OpenSSL 1.0.1h on Windows 7 failed. Although it might not be the best solution, the attached patch solved this (for static linking) by adding or moving up some related preprocessor directives. But still leaves a problem when dynamic linking : LIBEAY32.def : error LNK2001: unresolved external symbol TS_CONF_set_crypto_device LIBEAY32.def : error LNK2001: unresolved external symbol TS_CONF_set_default_engine I tried to modify the libeay.num file for these two symbols (I added 'ENGINE' at the end of the lines 3873 and 4098), but this didn't solved this issue, proving that I still do not understand the whole build process :-( Does anyone know about this matter ? --- ccgost/gost2001.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost2001.c Sun Jun 08 00:09:58 2014 @@ -6,6 +6,9 @@ * Implementation of GOST R 34.10-2001 * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include gost_lcl.h #include gost_params.h #include string.h @@ -341,3 +344,4 @@ return gost2001_compute_public(ec); } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost2001_keyx.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost2001_keyx.c Sun Jun 08 00:07:01 2014 @@ -7,6 +7,9 @@ * based PKCS7/SMIME support* * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include openssl/evp.h #include openssl/rand.h #include string.h @@ -18,8 +21,6 @@ #include gost_lcl.h #include gost2001_keyx.h - - /* Implementation of CryptoPro VKO 34.10-2001 algorithm */ static int VKO_compute_key(unsigned char *shared_key,size_t shared_key_size,const EC_POINT *pub_key,EC_KEY *priv_key,const unsigned char *ukm) { @@ -306,3 +307,5 @@ if (gkt) GOST_KEY_TRANSPORT_free(gkt); return ret; } + +#endif /* !OPENSSL_NO_ENGINE */ --- ccgost/gost94_keyx.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost94_keyx.c Sun Jun 08 00:10:11 2014 @@ -8,6 +8,9 @@ * * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include openssl/dh.h #include openssl/rand.h @@ -289,3 +292,4 @@ return -1; } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_ameth.c Thu Jun 05 11:44:33 2014 +++ ccgost/gost_ameth.c Sun Jun 08 00:07:55 2014 @@ -7,6 +7,9 @@ * for OpenSSL * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include openssl/crypto.h #include openssl/err.h @@ -943,3 +946,5 @@ } return 1; } + +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_asn1.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_asn1.c Sun Jun 08 00:08:07 2014 @@ -6,6 +6,9 @@ * ASN1 structure definition for GOST key transport * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include stdio.h #include openssl/asn1t.h #include openssl/x509.h @@ -53,3 +56,5 @@ } ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_crypt.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_crypt.c Sun Jun 08 00:08:18 2014 @@ -6,6 +6,9 @@ * OpenSSL interface to GOST 28147-89 cipher functions * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include gost89.h #include openssl/rand.h @@ -632,3 +635,4 @@ return 1; } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_ctl.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_ctl.c Sun Jun 08 00:08:42 2014 @@ -6,6 +6,9 @@ *Implementation of control commands for GOST engine * *OpenSSL 0.9.9 libraries required* **/ + +#ifndef OPENSSL_NO_ENGINE + #include stdlib.h #include string.h #include openssl/crypto.h @@ -87,3 +90,5 @@ return 1; } + +#endif /* !OPENSSL_NO_ENGINE */ --- ccgost/gost_eng.c Thu Jun 05 11:44:33 2014 +++ ccgost/gost_eng.c Sun Jun 08 00:08:57 2014 @@ -7,6 +7,9 @@ * for OpenSSL *
Re: encrypt - salt
Hi, It is PKCS5_PBKDF2_HMAC(), in crypto/evp/p5_crpt2.c Le 16/05/2014 10:14, Hooman Fazaeli a écrit : Which openssl function does key derivation based on PKCS#5v2?
Re: backward compatibility for tls 1.2
Hi, Here is a related previous discussion with some more details : http://openssl.6102.n7.nabble.com/FW-Negotiating-TLS-1-0-from-1-2-td39516.html Le 13/05/2014 12:45, Gayathri Manoj a écrit : Hi All, I am planning to upgrade my tls connection from 1.0 to 1.2. I have made changes from the client side and am able to see the client hello with tls version 1.2. The server supports only 1.0 and the client is not falling back to 1.0 and giving me a fatal that Protocol version alert. Please let me know shall I need to add backward compatibility code separately. If yes then how can i do it. Could you please provide some example for the same. Thanks, Gayathri __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
1.0.2 beta 1 failed to build when no-nextprotoneg defined
Hi, My build failed when compiling openssl 1.0.2 beta 1 with no-nextprotoneg defined : .\ssl\s3_clnt.c(413) : error C2065: 'SSL3_ST_CW_SUPPLEMENTAL_DATA_A' I solved this just by moving line 636 of ssl3.h 3 lines above. Diff file is attached. Regards, --- D:/openssl-1.0.2-beta1/ssl/ssl3.h Fri Feb 28 13:02:46 2014 +++ H:/openssl-1.0.2-beta1/ssl/ssl3.h Mon Feb 24 13:36:16 2014 @@ -630,10 +630,10 @@ #ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_CW_NEXT_PROTO_A(0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B(0x201|SSL_ST_CONNECT) -#endif #ifndef OPENSSL_NO_TLSEXT #define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT) #define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT) +#endif #endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
Re: Prime number generation goes in infinite loop in OpenAT
Hi Nischal, As previously mentioned, I solved my problem using what I assume to be the appropriate parameters. So, it won't help you directly. I was only suggesting that infinite loop in those funtions seems to occur because of misuse/bad call/bad context, ... we would normally expect to return immediatly with an error code and that it may be possible to code the underlying logic with clear end/exit loop condition(s). I was also hoping to draw attention to more qualified people on this matter. Le 21/01/2014 10:45, Nischal a écrit : Hi Michel, In my case, 'add' and 'rem' parameters are NULL I also agree with you, that 'goto' should be avoided, but that is written by OpenSSL guys. Can you please let me know, how did you get rid of this problem. I have checked everywhere, but did not get any solution, which can solve my problem. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Prime number generation goes in infinite loop in OpenAT
I didn't see it before, but in fact, it is stated in the 'bugs' section : |RSA_generate_key()| goes into an infinite loop for illegal input values. Did you read : http://www.openssl.org/docs/crypto/RSA_generate_key.html || Le 21/01/2014 17:50, Michel a écrit : Hi Nischal, As previously mentioned, I solved my problem using what I assume to be the appropriate parameters. So, it won't help you directly. I was only suggesting that infinite loop in those funtions seems to occur because of misuse/bad call/bad context, ... we would normally expect to return immediatly with an error code and that it may be possible to code the underlying logic with clear end/exit loop condition(s). I was also hoping to draw attention to more qualified people on this matter. Le 21/01/2014 10:45, Nischal a écrit : Hi Michel, In my case, 'add' and 'rem' parameters are NULL I also agree with you, that 'goto' should be avoided, but that is written by OpenSSL guys. Can you please let me know, how did you get rid of this problem. I have checked everywhere, but did not get any solution, which can solve my problem. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Prime number generation goes in infinite loop in OpenAT
Hi, I also experienced going into an infinite loop using BN_generate_prime_ex() function. I my case it was because I didn't fully understand how to use 'add' and 'rem' parameters. I am now assuming they should be used as in dh_builtin_genparams(), in dh_gen.c. I am not qualified to discuss how the underlying logic should have been coded, but only considering the programming style, I am quite sure that 'looping' from inside a 'for' instruction using various 'goto' can be avoided. For example : probable_prime(), 'again' and 'loop' tags, line 383 and 390, or probable_prime_dh_safe(), line 476 (OpenSSL v1.0.2). Le 16/01/2014 11:35, Nischal a écrit : Hi, We are using openSSL in OpenAT-FXT modem. the version used is 0.9.8h. When I am calling function to generate keys, it goes into infinite loop inside the function and system got crashed. By entering traces, I checked the flow of code Code is given below const int kBits = 4096; RSA *rsa = RSA_new(); BIGNUM *f4 = BN_new(); BN_GENCB *cb = NULL; BN_set_word(f4, RSA_F4); static const char rnd_seed[] = string to make the random number generator think it has entropy; RAND_seed(rnd_seed, sizeof(rnd_seed)); ret = RSA_generate_key_ex(rsa, kBits, f4, cb); rsa_builtin_keygen(rsa, bits, e_value, cb); BN_generate_prime_ex(rsa-p, bitsp, 0, NULL, NULL, cb)Hi all, i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); //this function returns 0, so it goes back on loop: to make a random number j = witness(check, A, A1, A1_odd, k, ctx, mont); //witness is returning 1 Any help to solve the problem be appreciated __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: how to get a maximum digest length of a specific algorithm by nid
|Did you see EVP_MD_size() at http://www.openssl.org/docs/crypto/EVP_DigestInit.html |Le 12/12/2013 09:29, Dereck Hurtubise a écrit : Hello, Is there an easy way in OpenSSL to call some function which returns the length of the digest/hash it returns? Like SHA256 would return 32 (maximum digest length of 32 bytes). Dereck
Re: OpenSSL and DH parameters
If the negotiated cipher suite for an RSA encrypted client-server session does not involve using the RSA public keys, then when is RSA used in that session ? Not sure to fully understand your question, but the answer may be : 'Just for [server] authentication' Hope this helps.
Re: memory crash when calling X509_free function
Could it be because of a misuse of X509_dup() or CRYPTO_add( ..., 1, CRYPTO_LOCK_X509 ) in a copy constructor or an assignment operator ? #10 0x08052673 in CertificateRemote::cleanup_x509 (this=0x9bb55f0) at syfer/crypto/Certificate.cpp:309 What could be possible reason for the above crash ? Thanks, Sanjay
Re: Does OpenSSL timeout connections waiting for a ClientHello?
Hi Jason, I am afraid you will have to deal with the TCP timeout on your own. Here is a quick and short answer : http://stackoverflow.com/questions/11835203/openssl-ssl-connect-blocks-forever-how-to-set-timeout Most important : http://www.openssl.org/docs/ssl/SSL_get_error.html I am sure your question was often discussed in the past on this list. Search about the OpenSSL 'internal state machine'. Michel Le 11/09/2013 16:39, Jason Schultz a écrit : I have a server that implements secure communication using OpenSSL. The server does a listen() on a port and keeps track of what listens are secure/SSL listens. When a peer opens to that IP addr/port, the server sees that it's for a secure connection and then makes the calls to set up SSL information for the socket: // error checking and extraneous code removed sock = accept(listen_sock, (struct sockaddr*)sa_cli, client_len); SSL_bio = BIO_new(BIO_s_socket()); SSL_obj = SSL_new(SSL_ctx); BIO_set_fd(SSL_bio,sock,BIO_NOCLOSE); SSL_set_bio(SSL_obj, SSL_bio, SSL_bio); SSL_set_verify(SSL_obj,SSL_VERIFY_NONE,verify_callback); SSL_set_accept_state(SSL_obj); At that point, the server should be waiting for the ClientHello, and will use SSL_read/write to perform the handshake. Let's say the client/peer never sends in the ClientHello. In other words, the client probably called connect() but not SSL_connect() or some similar scenario. Does OpenSSL eventually time out this connection and abort it somehow? Are there OpenSSL API calls the server should be using to ensure it does get timed out? Or is this something the server application should keep track of and handle on it's own? Thanks in advance.
RE: SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server
Just wanted to provide an update as I was able to identify the root cause for this error. The issue was related to the users/groups on the new Solaris server not being set up correctly. Basically the user running apache didn't have permission to where the ca was stored. Once we added the apache user to the group securing the directory with the ca it was able to find the ca and the error was resolved. I appreciate the assistance as it has added to my understanding and given me ideas for improvements (and documented a lesson learned for sure). Audrey Michel +1 972.605.8085 / Tel +1 214.770.1896 / Mobile -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Friday, July 19, 2013 4:32 PM To: openssl-users@openssl.org Subject: RE: SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server From: owner-openssl-us...@openssl.org On Behalf Of Michel, Audrey Sent: Friday, 19 July, 2013 11:41 Thanks for the reply and good information as it helped clear up some misunderstanding I had. Here is some additional information based on your responses. -The two servers have different DNS names and have two different servernames in their apache config files. Each server is stand alone and has its own copy of everything - just trying to set up mirror images for now. -I am using an exact copy of the ca cert (verified the second part of the chain using -showcerts and they match). -I have created a new server cert for the new server using the existing server key but changed the CN to match the ip of the new server. And each -showcerts shows the right server cert in the chain. Ah, I didn't realize you were using cert for IP-address not cert for DNS-name like most people do. That means my questions (and your answers) about DNS are irrelevant. -the path used on s_client for the ca is the same one in the ssl.conf file. -when accessing both servers via s_client I am using the same client cert which is present on each server. Works for the old but not for the new so I agree that the issue is locating the ca cert. The client cert doesn't need to be present on the server and is ignored if it is. (If you are as I have assumed using at least one of the servers as your private CA, keeping any issued cert in the CA is sensible though not required.) What matters is that the client cert is issued by (aka under) a CA cert that is on (and in the truststore of) the servers. What confuses me is if -showcerts shows the ca in the chain on both servers why is there a problem locating it when I use the same client cert/arguments only on the old server? I even removed the -CApath from both s_client commands and the old server connects but get the same error with the new server. One thing occurs to me: are you using SSLCertificateChainFile to specify the CA cert file? That's not normally needed but if you're doing so it might be a factor (because then we don't know if server libssl is filling from truststore, see below). s_client -CApath only affects s_client verifying the server, and s_client continues after a verify error anyway. You should have *verify return* 0 on s_client going to the usable=old server with correct -CApath, and 19 (or maybe 20 I forget) without, but still have a successful connection. To the unusable=new server you don't get nice session display with verify return, but you can extract it from the callback info in the output. You mentioned a truststore.. I did a list on the java keystore cacerts on both machines and neither hold my ca. Does apache have its own store? I've never set up apache ssl from scratch and haven't run across anything specific in my searches on that subject. I'm not talking about java. To be sure we're clear, 'apache' without qualification usually means httpd, a web server in C. httpd can (or at least could) use either openssl or gnutls for SSL but mod_ssl means openssl. Apache the organization also has tomcat, a web server in Java, which can use Java's own SSL implementation JSSE, or openssl via APR (Apache Portable Runtime) not mod_ssl. Truststore is a general concept for the set of CA certs something or somebody trusts. In openssl normally, it is a single PEM file containing one or more certs (SSLCACertficateFile in mod_ssl, -CAfile on some commandline utilities) or a directory of one or more PEM files each containing one cert with hash names or links (SSLCACertificatePath or -CApath). Or an application can directly load one or more certs from some other source (a database, an LDAP server, whatever) but that's more work so people rarely do. In addition to using the truststore to validate a peer cert/chain, libssl will also use it to complete its own chain if needed, which is less obvious and can be a little confusing. In Java, a standard keystore file
RE: SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server
Thanks for the reply and good information as it helped clear up some misunderstanding I had. Here is some additional information based on your responses. -The two servers have different DNS names and have two different servernames in their apache config files. Each server is stand alone and has its own copy of everything - just trying to set up mirror images for now. -I am using an exact copy of the ca cert (verified the second part of the chain using -showcerts and they match). -I have created a new server cert for the new server using the existing server key but changed the CN to match the ip of the new server. And each -showcerts shows the right server cert in the chain. -the path used on s_client for the ca is the same one in the ssl.conf file. -when accessing both servers via s_client I am using the same client cert which is present on each server. Works for the old but not for the new so I agree that the issue is locating the ca cert. What confuses me is if -showcerts shows the ca in the chain on both servers why is there a problem locating it when I use the same client cert/arguments only on the old server? I even removed the -CApath from both s_client commands and the old server connects but get the same error with the new server. You mentioned a truststore.. I did a list on the java keystore cacerts on both machines and neither hold my ca. Does apache have its own store? I've never set up apache ssl from scratch and haven't run across anything specific in my searches on that subject. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, July 18, 2013 6:52 PM To: openssl-users@openssl.org Subject: RE: SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server From: owner-openssl-us...@openssl.org On Behalf Of Michel, Audrey Sent: Thursday, 18 July, 2013 15:24 Subject: SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server Aside: the error isn't really in flush-data; it is the server rejecting the received cert and closing, which occurs immediately after and as a result of the flush-data. We currently have a Solaris server running apache that serves as a proxy in front of our glassfish server which we use for web services. We are replacing both the proxy and glassfish servers so are setting the new servers up in parallel. The new proxy server already had apache and openssl installed before I started moving files from the old to the new. The issue I am running into is when I run apache with SSLVerifyClient required on the new server I am receiving 'unknown ca' error. If I run with SSLVerifyClient none the xml content for our web service is displayed (confirming that glassfish is ok). The only configuration difference between the proxy server was I moved the location of the certificate directories on the new server, but adjusted all apache config files to reflect the new structure. My question is does openssl or mod_ssl look anywhere other than the apache ssl configuration to locate the ca? mod_ssl doesn't as far as I know and openssl called from mod_ssl certainly shouldn't. (openssl in some other situations, especially but not only commandline, does.) Thanks in advance for any assistance, server info and log details are below: -We have a single self signed CA which is used to sign the server and client certs. -The old and new server are running apache 2.0.63, Openssl 0.9.7d snip but [openssl] includes additional security patches. snip -I rebuilt all hash files and the filenames generated match those on the old server so the CN's are the same. Did you generate new certskeys or copy existing ones? If you copied then of course everything is the same. If you did new, then the hash-name for a cert actually proves the subject *DN* (which can include more than the CN) is the same in a specific way (equal after canonicalization, not necessarily identical), and says nothing about the issuer (which also can have CN). If you did a new CA keycert (with or without new client and server certs under it) with the exact same name, that can cause problems, depending on whether you (consistently) used SKI/AKI for chaining, and it will certainly cause confusion to people such as you trying to look at it. Don't do that. If you want the same CA use the same one or an exact copy, if want a different CA use a different name. The only certs you need hashes for are CA certs, and you say you have only one CA and thus one CA cert. There is no need for entity certs (server or client) to be in the truststore (SSLCACertPath or File, -CApath or file) or hashed -- although they do no harm since openssl won't ever find them. Either way, are you using the same DNS name for the new server (proxy) as the old, and using resolution
SSL_connect:error in SSLv3 flush data - Certificate Verification: Error (20) when setting up replacement server
We currently have a Solaris server running apache that serves as a proxy in front of our glassfish server which we use for web services. We are replacing both the proxy and glassfish servers so are setting the new servers up in parallel. The new proxy server already had apache and openssl installed before I started moving files from the old to the new. The issue I am running into is when I run apache with SSLVerifyClient required on the new server I am receiving 'unknown ca' error. If I run with SSLVerifyClient none the xml content for our web service is displayed (confirming that glassfish is ok). The only configuration difference between the proxy server was I moved the location of the certificate directories on the new server, but adjusted all apache config files to reflect the new structure. My question is does openssl or mod_ssl look anywhere other than the apache ssl configuration to locate the ca? Thanks in advance for any assistance, server info and log details are below: -We have a single self signed CA which is used to sign the server and client certs. -The old and new server are running apache 2.0.63, Openssl 0.9.7d Apache and openssl were present on the new server before I started bringing files over. I ran the version commands and it show apache to be the same version and compiled options. openssl is the same version but includes additional security patches. OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333) -I rebuilt all hash files and the filenames generated match those on the old server so the CN's are the same. -I compared permissions and file contents for the apache related directories. Using s_client with just -connect and -showcerts parameters returns the CA cert, server cert and my client cert. So I can see they are present on the new server. Below is an abbreviated version of the output when I use the -connect, -cert, -CApath, -showcerts, -state, and -debug parameters. This works without error on the old server (changing only the IP:port). Loading 'screen' into random state - done CONNECTED(0100) SSL_connect:before/connect initialization write to 0x1f03cc0 [0x1f085f0] (210 bytes = 210 (0xD2)) .. SSL_connect:SSLv2/v3 write client hello A read from 0x1f03cc0 [0x1f0db50] (7 bytes = 7 (0x7)) ... SSL_connect:SSLv3 read server hello A read from 0x1f03cc0 [0x1f0db53] (5 bytes = 5 (0x5)) read from 0x1f03cc0 [0x1f0db58] (1957 bytes = 1957 (0x7A5)) depth=1 CN = ALERTIIS Cert Auth, .. details omitted here by me verify error:num=19:self signed certificate in certificate chain verify return:0 SSL_connect:SSLv3 read server certificate A read from 0x1f03cc0 [0x1f0db53] (5 bytes = 5 (0x5)) read from 0x1f03cc0 [0x1f0db58] (525 bytes = 525 (0x20D)) .. SSL_connect:SSLv3 read server key exchange A read from 0x1f03cc0 [0x1f0db53] (5 bytes = 5 (0x5)) read from 0x1f03cc0 [0x1f0db58] (421 bytes = 421 (0x1A5)) .. SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A write to 0x1f03cc0 [0x1f18570] (911 bytes = 911 (0x38F)) .. SSL_connect:SSLv3 write client certificate A write to 0x1f03cc0 [0x1f18570] (139 bytes = 139 (0x8B)) .. SSL_connect:SSLv3 write client key exchange A write to 0x1f03cc0 [0x1f18570] (267 bytes = 267 (0x10B)) .. SSL_connect:SSLv3 write certificate verify A write to 0x1f03cc0 [0x1f18570] (6 bytes = 6 (0x6)) SSL_connect:SSLv3 write change cipher spec A write to 0x1f03cc0 [0x1f18570] (53 bytes = -1 (0x)) SSL_connect:error in SSLv3 flush data SSL_connect:error in SSLv3 flush data write:errno=10053 .. At the end of the appache log I see the following error (all other tags are [debug]: [Thu Jul 18 08:07:07 2013] [error] Certificate Verification: Error (20): unable to get local issuer certificate [Thu Jul 18 08:07:07 2013] [debug] ssl_engine_kernel.c(1749): OpenSSL: Write: SSLv3 read client certificate B [Thu Jul 18 08:07:07 2013] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Jul 18 08:07:07 2013] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Jul 18 08:07:07 2013] [info] SSL library error 1 in handshake (server xxx.xxx.xxx.xxx:443, client xx.xx.xxx.xxx.xx) [Thu Jul 18 08:07:07 2013] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned [Thu Jul 18 08:07:07 2013] [info] Connection to child 2 closed with abortive shutdown(server xxx.xxx.xxx.xxx:443, client xx.xx.xxx.xxx.xx) __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: RSA encryption and Decryption code in C language
Hi Yamini, I would suggest looking at the 'EVP Envelope' API : https://www.openssl.org/docs/crypto/EVP_SealInit.html Le 17/06/2013 19:26, yamini a écrit : Hello, I am implementing the DES algorithm between my client and server systems for encryption. The DES key is transmitted in encrypted form between Client and Server using RSA encryption and decryption. My idea of implementing the above task is creating RSA key (RSA_generate_key) and using the public key for encryption and private key for decryption. I have looked for sample codes to do this in C language but found nothing. So if anyone has any code snippets for this task please post them here. It would be very helpful. The code for RSA encryption and Decryption between client and server(client and server are on different machines). Thanks and Regards, Yamini. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PBKDF2 implementation
PKCS5_PBKDF2_HMAC implementation : [openssl-src-dir]\crypto\evp\p5_crpt2.c in [openssl-src-dir]\crypto\evp\evp.h : PKCS5_SALT_LEN is defined as 8 Le 13/06/2013 08:39, Rengith M. a écrit : Hi, This is to know further about implementation of PBKDF2, PKCS5_PBKDF2_HMAC. 1.Would like to know the maximum salt length allowed. 2.Usage of hash function SHA256 with above function. 3.Which source code file implements the above function. 4.Please provide references to documentation on these, examples. 5.How to build on VC++ 6.0 for windows XP, SP3. i.e., I would like to check the PBKDF2, with key hashed with SHA256 and salt length equal to or greater than 8bytes
Re: PBKDF2 implementation
Hi Rengith, Sorry but I was referring to 1.0.1e source distribution. I am not able to answer about FIPS ones. Le 14/06/2013 11:06, Rengith M. a écrit : Hi Michel, I could not find the p5_crpt2.c under \crypto\evp after I unzipped the openssl-fips-ecp-2.0.4.tar, could you please provide the correct installation script needed for WinXP. Thanks and Regards, Rengith M.
Re: Recommended/allowed private key lengths Reg.
Hope this helps : http://www.keylength.com/en/3/ Le 22/02/2013 08:38, Ashok C a écrit : Hi, What is the current industry standard for private key lengths? As of now, my application supports 2048 bit-wide keys. I'm planning to support higher key lengths now, and want your suggestions on how big a key I should support? -- Ashok __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Compile 0.9.8x for 64bit is missing _SHA* symbols
Found interresting related article from Wikipedia : http://en.wikipedia.org/wiki/Name_mangling Note that the 64-bit convention on Windows (Microsoft C) is no leading underscore. This difference may in some rare cases lead to unresolved externals when porting such code to 64 bits. Le 11/01/2013 01:06, Dave Thompson a écrit : Winx86 has two generally used calling conventions, which are distinguished by different name mangling: cdecl has underscore at the beginning; stdcall has atsign-number (of bytes popped) at the end. (Plus several more that are used more locally.) (I've been told) Winx64 has only one calling convention and doesn't need this mangling, so maybe it isn't done or at least isn't done the same way. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Set up the protocol
Le 12/12/2012 20:12, Alex Chen a écrit : Another question is how to enforce the 'server' side preference of the cipher suite selection? Is it also part of the SSL_CTX_set_options() Isn't this what you are looking for ? : SSL_OP_CIPHER_SERVER_PREFERENCE in http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
EVP_PKEY_sign and EVP_PKEY_CTX_set_signature_md
Before trying to use it, I was misleaded by the documentation (and the example) of the EVP_PKEY_sign() call at : http://www.openssl.org/docs/crypto/EVP_PKEY_sign.html I believed it was [quite] the same behavior than with EVP_DigestSignFinal() before undestanding that the input has to be a digest, not the app data directly. (confirmed by reading this : http://marc.info/?l=openssl-usersm=118150769328614w=2) What is not yet clear to me is : if the input is a previously calculated digest, what is the use of the EVP_PKEY_CTX_set_signature_md() call in the example ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: EVP_PKEY_sign and EVP_PKEY_CTX_set_signature_md
Thank you very much for the answer. Le 30/11/2012 12:54, Dr. Stephen Henson a écrit : On Fri, Nov 30, 2012, Michel wrote: Before trying to use it, I was misleaded by the documentation (and the example) of the EVP_PKEY_sign() call at : http://www.openssl.org/docs/crypto/EVP_PKEY_sign.html I'll add a clarification to the manual page. What is not yet clear to me is : if the input is a previously calculated digest, what is the use of the EVP_PKEY_CTX_set_signature_md() call in the example ? The main reason is that some algorithms (currently only RSA) need to know the message digest algorithm to prepare the signature. The value can also be used as a sanity check to see the digest length is correct (though not all algorithms currently do this). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Use OpenSSL socket as a normal socket
Hi, Perhaps I misunderstand you, but wouldn't it be easier to just choose eNULL cipher when no encryption is needed ? Le 09/11/2012 06:08, Derek Cole a écrit : Hello, I have a server running that I am accepting both SSL and non SSL traffic. Currently I check the traffic first and if the first part of the TCP data looks like an SSL header, I send it off to an OpenSSL socket to be read. If it's plaintext, I just read it right there on that socket. Is it possible to skip the SSL header check and just send all traffic to an SSL socket, and reliably be able to read the traffic regardless whether it's encryprted or not? just to be clear, I do have the SSL context set up properly and don't have a problem reading it, it's just annoying that I Have to check my traffic in a separate step, and send it down the flow path of SSL if it's encrypted. Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Use OpenSSL socket as a normal socket
Ok, I understand your point now. But it sounds strange to me accepting on the same port incoming SSL protected data and native TCP unprotected socket... I am curious what other can tell about that. Le 09/11/2012 14:19, Derek Cole a écrit : Well that would still require an SSL handshake right? My client that sends the unencrypted traffic knows nothing of SSL at all, and I can't modify it, so it is just coming in a normal TCP stream. On Fri, Nov 9, 2012 at 6:44 AM, Michel msa...@paybox.com wrote: Hi, Perhaps I misunderstand you, but wouldn't it be easier to just choose eNULL cipher when no encryption is needed ? Le 09/11/2012 06:08, Derek Cole a écrit : Hello, I have a server running that I am accepting both SSL and non SSL traffic. Currently I check the traffic first and if the first part of the TCP data looks like an SSL header, I send it off to an OpenSSL socket to be read. If it's plaintext, I just read it right there on that socket. Is it possible to skip the SSL header check and just send all traffic to an SSL socket, and reliably be able to read the traffic regardless whether it's encryprted or not? just to be clear, I do have the SSL context set up properly and don't have a problem reading it, it's just annoying that I Have to check my traffic in a separate step, and send it down the flow path of SSL if it's encrypted. Thanks __**__**__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Passing TLS sessions between programs
I found in doc/ssleay.txt : [...] The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will write to a file pointer in base64 encoding. What you can do with this, is pass session information between separate processes. [...] Le 06/11/2012 12:11, Eisenacher, Patrick a écrit Once you have the SSL_SESSION, convert it to ASN1 (via i2d_SSL_SESSION) and dump it to a file. Read that file in with your second program and convert it back from ASN1 to SSL_SESSION(via d2i_SSL_SESSION) and add it to the SSL_SESSION cache of the SSL_CTX (via SSL_CTX_add_session). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
Thanks, Also it can be usefull to go back to the book 'Network Security with OpenSSL', pages 128 to 138. Michel. Le 27/10/2012 17:00, Alban D. a écrit : Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. Thanks, Alban D. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: id-aes256-GCM command line encrypt+decrypt fail
Thanks for the explanation Mr. Henson. I do not wish to take up too much of your time, but as I am still trying to understand OpenSSL, I would be grateful if you can add a few words on how you cope with this in TLS, and point me to the corresponding source code. Thanks again, Michel. Le 12/10/2012 19:26, Dr. Stephen Henson a écrit : On Fri, Oct 12, 2012, Michel wrote: I am guessing that 'special handling' is linked to the 'no additional authentication data' issue discussed in : http://incog-izick.blogspot.fr/2011_08_01_archive.html It's to do with the fact that additional parameters are required with GCM and how the tag should be handled. It might be appropriate to handle this by appending it to the output but that adds complications on decrypt in that you don't know in advance where the tag is and would need to buffer tag bytes of data until you hit EOF. None of this is handled by the cipher BIO used by the enc command some additional functionality will be needed for this (and CCM). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: id-aes256-GCM command line encrypt+decrypt fail
I am guessing that 'special handling' is linked to the 'no additional authentication data' issue discussed in : http://incog-izick.blogspot.fr/2011_08_01_archive.html Le 11/10/2012 22:33, Erik Tkal a écrit : I think Steve posted a while back that those ciphers require special handling and do not work with the enc command yet. Erik Tkal Juniper OAC/UAC/Pulse Development __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
enc command sometimes fail to encrypt (XTS) or decrypt (GCM)
Hello, I am using the the OpenSSL enc command to encrypt and decrypt a test file. When using AES-GCM mode, I can encrypt but cannot decrypt the result. Even though I succeed with all other modes. Example is as follow : openssl enc -e -a -aes-128-gcm -nosalt -p -K 28C65581AABBBA0EBFC1DB5D5C614FEA -iv D2D136CA54FEB7C48C9E4358 -in test.dat -out enc.txt openssl enc -d -a -aes-128-gcm -nosalt -p -K 28C65581AABBBA0EBFC1DB5D5C614FEA -iv D2D136CA54FEB7C48C9E4358 -in enc.txt Get a : 'bad decrypt' output Test file contains bla bla bla bla bla bla bla bla bla'. Using OpenSSL 1.0.1c downloaded from source code, and compiled under Windows 7. Also, if text file contains shorter data ( 16 bytes), I cannot encrypt in AES-XTS mode. (no output) Did I miss something ? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Memory issues with ssl handshake
Hi Thomas, I don't know if it makes a real difference concerning memory leaks, but I would have freed the TLS session *BEFORE* freing the context : SSL_free(ssl); ... SSL_CTX_free(ssl-ctx); Does your app setup and free a context each time a client is connecting ? Le 12/09/2012 16:58, Thomas Eckert a écrit : Hi, Valgrind gives me a *lot* of messages like this ==19021== 2,056 bytes in 2 blocks are indirectly lost in loss record 186 of 190 ==19021==at 0x68EAC8B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19021==by 0x6C472DB: default_malloc_ex (mem.c:79) ==19021==by 0x6C4795F: CRYPTO_malloc (mem.c:306) ==19021==by 0x6C73940: bn_expand_internal (bn_lib.c:336) ==19021==by 0x6C73AE0: bn_expand2 (bn_lib.c:451) ==19021==by 0x6C73BB2: BN_set_bit (bn_lib.c:730) ==19021==by 0x6C7E16E: BN_MONT_CTX_set (bn_mont.c:514) ==19021==by 0x6C7E402: BN_MONT_CTX_set_locked (bn_mont.c:552) ==19021==by 0x6C97053: RSA_eay_public_decrypt (rsa_eay.c:693) ==19021==by 0x6C97F1F: RSA_public_decrypt (rsa_lib.c:309) ==19021==by 0x6C98BEB: int_rsa_verify (rsa_sign.c:182) ==19021==by 0x6C98F57: RSA_verify (rsa_sign.c:284) ==19021==by 0x6949E16: ssl3_get_key_exchange (s3_clnt.c:1562) ==19021==by 0x694BF5F: ssl3_connect (s3_clnt.c:335) ==19021==by 0x6964AB9: SSL_connect (ssl_lib.c:933) ==19021==by 0x6953FDD: ssl23_connect (s23_clnt.c:693) ==19021==by 0x6963FBC: SSL_do_handshake (ssl_lib.c:2368) ==19021==by 0x8060D14: ssl_connect (ssl.c:1078) Compared to the above they vary only in one line, e.g. ==19021== 1,024 bytes in 2 blocks are indirectly lost in loss record 181 of 190 ==19021==at 0x68EAC8B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19021==by 0x6C472DB: default_malloc_ex (mem.c:79) ==19021==by 0x6C4795F: CRYPTO_malloc (mem.c:306) ==19021==by 0x6C73940: bn_expand_internal (bn_lib.c:336) ==19021==by 0x6C73AE0: bn_expand2 (bn_lib.c:451) ==19021==by 0x6C73D53: BN_copy (bn_lib.c:506) ==19021==by 0x6C7DFCA: BN_MONT_CTX_set (bn_mont.c:421) ==19021==by 0x6C7E402: BN_MONT_CTX_set_locked (bn_mont.c:552) ==19021==by 0x6C97053: RSA_eay_public_decrypt (rsa_eay.c:693) ==19021==by 0x6C97F1F: RSA_public_decrypt (rsa_lib.c:309) ==19021==by 0x6C98BEB: int_rsa_verify (rsa_sign.c:182) ==19021==by 0x6C98F57: RSA_verify (rsa_sign.c:284) ==19021==by 0x6949E16: ssl3_get_key_exchange (s3_clnt.c:1562) ==19021==by 0x694BF5F: ssl3_connect (s3_clnt.c:335) ==19021==by 0x6964AB9: SSL_connect (ssl_lib.c:933) ==19021==by 0x6953FDD: ssl23_connect (s23_clnt.c:693) ==19021==by 0x6963FBC: SSL_do_handshake (ssl_lib.c:2368) ==19021==by 0x8060D14: ssl_connect (ssl.c:1078) The application in question is a http proxy and is leaking memory heavily. Actually, Valgrind also reports many entries as still reachable instead of indirectly lost but even those regions are mentioned by Valgrind like the above two blocks. I doubt OpenSSL has such blatant memory leaks but I have been searching for the leaks for some time now and just cannot find anything - also due to the fact that Valgrind reports all the leaks like above, which is not really helpful. I do realize that for detailed help I would need to give some code on how the connections are set up but that code is pretty large. So best would be some hint as to where to look for or what regions of code to supply. Looking for hints as to what is going wrong I went through some of the OpenSSL functions mentioned above and after leaving my code and entering OpenSSL code the only thing being passed around the functions is the actual SSL object - and no buffers of any kind. So I suppose the source of the problem lies in setting up the object, it's context or what ever is stuck to it. The first thing I checked on was how the SSL connections are torn down in my application: ERR_remove_state(0); SSL_CTX_free(ssl-ctx); SSL_free(ssl); The first line was added only after starting the search for the leaks and I'm still not sure if that line doesn't break anything. I did find some minor leaks in my code along the way (e.g. a forgotten ASN1_INTEGER_free()) but they were neither easy to find - because Valgrind also reported them like the above two blocks, meaning in the wrong place! - nor did they change much. Does anyone have some tips for me ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Memory issues with ssl handshake
Hi again Thomas, Do you really need to free your context each time you free your TLS session ? I believe it is not needed and at least not usual. If you need several *DIFFERENT* contexts, implying different TLS configurations/setup, wich, I think, is not so common, you can keep them 'alive' during all your app 'run', even in multi-threaded programs. It would allow you to access some activity informations like the ones documented in : http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html Hope this helps, Regards Le 13/09/2012 10:39, Thomas a écrit : Hi Michel, Thanks for trying to help, I really appreciate it :-) Does your app setup and free a context each time a client is connecting ? The context is created only when a client requests a HTTPS connection and is destroyed together with the SSL session once the connection goes down. It is rather related to connections then to clients since one client can open several connections but I think you implied one connection per client and then the answer is 'yes'. I will try freeing the session before the context and come back with the results. Regards, Thomas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH exchange socket BIOs
Hi Carolin, It is just about half the length of the ... [very] Quick response : Hex value is twice the lengh of binary data : Have you checked the value of 'size' arg ? Not sure this helps ... Le 24/08/2012 16:38, Carolin Latze a écrit : (sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) Hi all I try to implement a DH exchange using socket BIOs. Here is what I do: On the server - I initialize a DH structure with DH_new - I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 - I generate the keys using DH_generate_key(dh) Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: int size = DH_size(dh); char* prime = (char*) malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); prime = BN_bn2hex(dh-p); afterwards I open a socket BIO that allows a client to connect: bio = BIO_new_accept(port); Now, when a client connects, I write those three values to the BIO. Example for p: BIO_do_accept(bio); cbio = BIO_pop(bio); BIO_write(cbio,prime,size); Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: prime = (char*)malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); BIO_read(bio,prime,size); If I print out prime on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: DH *dh = DH_new(); BN_hex2bn((dh-p),prime); If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? Any hints would be appreciated Regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to extend key usage
Hi Eric, Perhaps you should have a look at the 'X509V3 Extension code: programmers guide' section in \doc\OpenssLtxt file. I found also this link helpful : http://kahdev.wordpress.com/2008/11/29/stack_of-subject-alternate-name-and-extended-key-usage-extensions/ Hope this helps. Michel Le 16/08/2012 19:24, Eric Fowler a écrit : I am a relative OpenSSL newbie, and I have had a task assigned to me which entails some SSL knowledge. My task is to take existing code, and add to it one of the capabilities in the table. I have a X509V3_CTX struct and it has been passed to X509V3_set_ctx(). I suspect the next step involves X509V3_add_value() but am not sure of that, nor of the exact procedure. Can anyone talk me through this? If I add (say) clientAuth through this method, is it going to work? Thanks Eric Value Meaning - --- serverAuth SSL/TLS Web Server Authentication. clientAuth SSL/TLS Web Client Authentication. codeSigning Code signing. emailProtection E-mail Protection (S/MIME). timeStamping Trusted Timestamping msCodeInd Microsoft Individual Code Signing (authenticode) msCodeCom Microsoft Commercial Code Signing (authenticode) msCTLSign Microsoft Trust List Signing msSGC Microsoft Server Gated Crypto msEFS Microsoft Encrypted File System nsSGC Netscape Server Gated Crypto __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: symmetric key generation..
Hi Mr Newbie, Joshua is right when saying you should be carefull using tech's you might not fully understand ( just like me, ;-) ) Perhaps RAND_bytes() is enough for your needs ? http://www.openssl.org/docs/crypto/RAND_bytes.html I am guessing it could be profitable for you to read : http://csrc.nist.gov/publications/drafts/800-133/Draft-SP-800-133_Key-Generation.pdf, (chapter 5), and perhaps : ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2_1.pdf The OpenSSL implementation is PKCS5_PBKDF2_HMAC() in crypto/evp/p5_crpt2.c (as far as I know, not documented) Hope this will help, Michel Le 12/06/2012 11:32, Joshua Bowman a écrit : On 6/10/2012 11:18 PM, vinayak.T.K wrote: presently i m working on the project which includes the generation of symmetric key from the public keyi m just a begginerso can u please help me out. Victor Duchovni wrote: On Wed, Nov 21, 2007 at 04:21:18AM -0800, Ramkumar Ganapathy wrote: I am trying to use the OpenSSL crypto C libraries to generate symmetric and assymetric keys. This is part of development of a key management server. The library as such do not have any functions for symmetric key generation. That is, all the generate_key functions are based out of assymetric crypto algorithms. Wheras I see functions in the JCE(java cryptographic extension) and the likes that has symmetric key generation utilities. Does OpenSSL support what I am looking for? Any pointer to this will be much appreciated ! Symmetric keys are just an array of random bytes of the right length. OpenSSL includes a PRNG interface seeded by external entropy sources (often /dev/urandom). -- Viktor. The symmetric and asymmetric keys have nothing to do with each other, and you don't generate one from the other. The only purpose of the asymmetric key is to protect the symmetric key during the initial exchange; after that all communication is encrypted by the symmetric key alone. You can use any bits you want for the symmetric, although it helps if it's generated by a hardware or well-known software randomizer like openssl uses. If you really wanted to, I suppose you could generate the symmetric key by hashing the private RSA key, or the concatenation of the public and private keys. I don't think that would make a difference with a sufficiently strong hash, but I can't mathematically prove it is safe, either. But generating it from the public key alone sounds like begging for a major breach the minute anyone figures out what algorithm you use; if you don't understand how this all works, please read up on it, or just use TLS instead of inventing your own key exchange. Joshua Bowman __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Detecting available ciphers/hash/encryption mode
Hello Mr. RIHAN, You should find some clues searching around OBJ_NAME_do_all_sorted() or looking at apps/enc.c, crypto/evp/names.c, crypto/objects/o_names.c. Good luck. Le 03/06/2012 09:00, Adnan RIHAN a écrit : Hello again! Nobody knows ? -- Le jeudi 31 mai 2012 à 17:03, Adnan RIHAN a écrit : Hello ! I want to make a C++ library, based on OpenSSL. I'm looking for the BEST way to check ciphers availability, hash and encryption mode availability, in order to show on demand, a list of available hash/ciphers. Does anyone know ? Thank you ! -- Cordialement, Adnan RIHAN. Président-Fondateur de l'association (de loi 1901) Virtual-Info (http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux. Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de Gestion. Ambassadeur Qt (http://lyt.me/7E) (Projet Tag-PG (http://rihan.fr/fr/projets/tagpg)). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use PKCS5_PBKDF2_HMAC_SHA1()
If I don't misunderstand you, perhaps this little windows software could help you : http://sectools.free.fr/img/CryptoSym-EN.png http://sectools.free.fr/CryptoSym-EN.txt http://sectools.free.fr/CryptoSym-EN.zip Hope this help... Le 20/03/2012 05:35, pkumarn a écrit : Now coming to the original question, how do i make sure PKCS5_PBKDF2_HMAC_SHA1() is generating the correct result of my i/p data? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Help in Generating Chained ROOT Certificate
Hi, Perhaps you should have a look at : http://www.cs.odu.edu/~cs772/sourcecode/NSwO/v1.3/NSwO-1.3/ssl/ The Makefile and *.cnf are used to generate root, CA, server and client certificates and keys for test purpose. Hope this example ( from http://www.opensslbook.com/code.html ) will inspire you. Michel Le 03/11/2011 05:57, Mr.Rout a écrit : Thanks Dave. Probably i have not understood the things properly. After surfing through Google i got confused. Actually I am doing TLS Client Testing which authenticate the Server(www.https.com in my example). Steps I followed to achieve this: 1) Created a Self signed Certificate where Issuer Subject are having Same CN i.e. www.https.com 2) Then i import Server.pem file on TLS Client and same at Server also. Here are the Openssl Commands to generate Self-Signed-Certificate. openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Question here is : Can we create Certficate Hirearchy ? Like ROOT( Issuer=X Subect=X) --- SubCA(Issuer=X Subect=Y) Please help me in generating this hierarchies . Thanks in advance . -Best Regards, Rout __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Adding Multiple Root certificates in Openssl
Hi Mayur Hope the links below help answer your question : http://www.openssl.org/docs/crypto/pem.html http://www.umich.edu/~x509/ssleay/x509_store.html http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html# Best regards Michel Le 18/07/2011 05:38, Mayur Premi a écrit : [Mayur]--- Is there any openSSL api which helps parsing this file[say myStorageFile] which has all my root certificates in it. ? Also my intention as mentioned in the scenario in previous mail is that I ll be passing a chain A --B and would like to find C [self signed ,root certificate] from myStorageFile .* * [Mayur]After storing links to my PEM format Certificate files how do I parse the folder having links to get root C for my chain A --B ?
Re: How is key calculated from passphrase
Hi Dan, You should look at : http://www.rsa.com/rsalabs/node.asp?id=2127 http://www.openssl.org/docs/crypto/EVP_BytesToKey.html and a better OpenSSL implementation using PKCS5_PBKDF2_HMAC() in crypto\evp\p5_crpt2.c Le 01/07/2011 14:58, Daniel Wambold a écrit : Hello list. I started poring over the source but I haven't yet found the conversion from passphrase to key. Could someone point me to the code snippet or simply summarize the procedure for me so I can code the same thing into my app? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to embed a CA certificate in a program ?
Hi Albrecht, I'm still wondering though how I could have found that out myself. :-( Unfortunately http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_store.html reads: Currently no detailed documentation on how to use the X509_STORE object is available. Is there some more documentation available elsewhere, or am I supposed to read the sources? If you go out of the usual tracks and need something other than the common TLS client/server application examples, I am afraid the most valuable resource are the help Dave, Steve, and other nice guys from OpenSSL team hands out in this mailing list (many thanks, may the Force be with them !). It is just a pity there is nobody to gather all this information to build a more consistent documentation. That's what we call 'collaborative work' ! I resolve to do that as soon as I will have spare time and will understand enough of computer security. I mean when I will retire, around OpenSSL version n° 9.487.12 or year 2039, whichever comes first. But you'll need hundreds of people fixing my typos and poor English sentences... Hi Michel, many thanks for this very quick reply ! If I saved you some time, great ! It was my pleasure. Michel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to embed a CA certificate in a program ?
Hi Albrecht, I might be wrong, but I think you should use instead SSL_CTX_get_cert_store() and then *X509_STORE_add_cert* to add the certificate to the list of trusted ones that will be used for verification. Cerificates added using SSL_CTX_add_extra_chain_cert() are not trusted. http://www.openssl.org/docs/ssl/SSL_CTX_add_extra_chain_cert.html# Regards Le 06/06/2011 13:19, Albrecht Schlosser a écrit : Hi, I'm creating a client/server application with OpenSSL, using self-signed certificates. The client and server shall verify each other's certificate, and this works well, if I use certificate files. Now I'd like to embed the CA certificate in the client's code for easier installation. Hence I'm (naively?) looking for a replacement of this line of code: SSL_CTX_load_verify_locations(ctx, ca.crt, NULL); where ca.crt is the CA's certificate file, and it is searched for in the current working directory. This works well. What I did: I converted the file to a X509 certificate (see code below), and tried to load it with: SSL_CTX_add_extra_chain_cert(ctx, Cert); but when I call SSL_connect(), this fails with the following output from ERR_print_errors_fp(stderr): 4860:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1059: My conclusion is that the certificate chain is incomplete or something went wrong, but I have no idea how to do it correctly. Could anybody help how to do it, or does it not work as I want to do it? Please note that I removed all error checking and variable declarations from the following code for brevity, in the hope that someone can see an obvious fault. In the real code all function calls are checked. Here is the shortened code: code SSL_library_init(); SSL_load_error_strings(); meth = (SSL_METHOD*)TLSv1_method(); ctx = SSL_CTX_new(meth); SSL_CTX_use_certificate_file(ctx, client.crt, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, client.key, SSL_FILETYPE_PEM); SSL_CTX_check_private_key(ctx); #if ! EMBED_CA_CERT SSL_CTX_load_verify_locations(ctx, ca.crt, NULL); #else /* EMBED_CA_CERT */ X509 *Cert = d2i_X509(NULL, p_buf, sizeof(ca_cert_asn1)); char *str = X509_NAME_oneline(X509_get_subject_name(Cert),0,0); printf (subject: %s\n, str); /* [1] */ SSL_CTX_add_extra_chain_cert(ctx, Cert); #endif /* EMBED_CA_CERT */ SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); SSL_CTX_set_verify_depth(ctx,1); ssl = SSL_new (ctx); sbio = BIO_new_socket(existing_socket, BIO_NOCLOSE); SSL_set_bio(ssl, sbio, sbio); SSL_connect(ssl); // breaks here if EMBED_CA_CERT = 1 server_cert = SSL_get_peer_certificate (ssl); str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); printf (subject: %s\n, str); /code Note that everything works fine if EMBED_CA_CERT is 0, but breaks in SSL_connect() with the error shown above if EMBED_CA_CERT is 1. The printf() marked with [1] displays correct data from the ca.crt file. FWIW: The conversion of the file ca.crt was done as follows: openssl x509 -outform DER -in ca.crt \ | od -t x1 | cut -b 8-99 | sed -e 's/ /,0x/g' \ | sed -e '1,1s/^,/ /' and the output is included between... static unsigned char ca_cert_asn1 [] = { 0x30,0x82,0x04,0x65,0x30,0x82, ... /* included data bytes */ }; Any help would be appreciated!
Re: PKCS12 - Why Encrypted?
Hi, I am no expert on the matter, but on my humble opinion, I think you can rely on this book because most of its content is about fundamental concepts, not implementation details ( padding, message encoding, ... ) for which you can find updates on RSA Labs PKCS http://www.rsa.com/rsalabs/node.asp?id=2124 or other web sites. Michel Le 21/04/2011 16:09, Patrick Rutkowski a écrit : Wow, awesome. I just read the foreword and the preface before getting to work. They're very well written, and now I'm excited for the coming chapters for sure :-) I'll probably read it over the coming week or two. But I'm mildly worried about the date the book was written, which was 1996; and though it was updated in 2001, that was still a long time ago now. I wonder to what degree the material will be outdated, or to what degree modern day material will be completely missing. -Patrick On Apr 21, 2011, at 8:55 AM, Michel (PAYBOX) wrote: I believe this [freely available] book should interest you : Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12 - Why Encrypted?
I believe this [freely available] book should interest you : Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ Le 21/04/2011 00:03, Patrick Rutkowski a écrit : I'm pretty new to this PKI stuff, but I'm very confused about why pkcs12 files are encrypted. As I understand it, a basic p12 file contains within it two things: (1) A private key (private.pem in my case, an RSA key created with genrsa) (2) An x509 certificate (cert.pem in my case, created with req -new -x509 -key private.pem etc...) When you create the x509 certificate it isn't encrypted, because all it stores inside of it is the public key which is generated from the given private.pem; and that's not sensitive data. As far as I can see, there aren't even any options in the openssl req sub-utility to encrypt the cert created by -new -x509. Now, if I understand correctly, when you take cert.pem and private.pem and store them together into a p12 file, the pkcs12 sub-utility defaults to encrypting the p12 file as a whole, even beyond the fact that the internal private key is already encrypted, and despite the fact that (I think) the certificate doesn't need to be encrypted. I'm guessing I'm probably missing something here. It's not just that I think encrypting the cert would be silly and paranoid, it's that I don't understand why it needs to be encrypted in principle. Many thanks in advance for any help in clearing up a newbie's confusion, -Patrick P.S. If there are any de facto standard books to read on the subjecst of RSA and PKI, I would be curious to hear a tip. I'm not necessarily just interested in learning how to use these technologies from a user-end perspective. I'm pretty solid with mathematics, so I would be curious to learn about the theory of the implementation details as well. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Intermediate CA
Hi Jijo, I believe interesting information can be found here : http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html Regards Le 13/01/2011 17:16, Jijo a écrit : Thanks for the response.. You have to get the IC to the client somehow. The usual method is to have the server send it. Does the server software provide a way to supply a certificate chain? What do you mean by server sending it? is it on TLS negotiation? What do you mean by certificate chain? is it rootCA and IntermediateCA combined in a pem file?. Thanks Jijo __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: sample client-server code withh ssl
the source code available here was also usefull for me : http://www.opensslbook.com/ excerpt from the book can be found online with google preview Le 06/01/2011 00:00, Bhola Ray a écrit : Hello, Can anyone provide me with a working client-server code with SSL. If there is a pointer to a site from which I can download that's fine also. Any input would be greatly appreciated. Thanks in advance, Warm regards, bhola
Re: Is it possible to generate RSA private and public keys by Opensssl in XML format
Pehaps you should rather look at the XMLSec project : http://www.aleksey.com/xmlsec/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org