In a day or two we will be moving the mailing list to
mta.opensslfoundation.net
Please add that host to any filtering rules you have.
(Also note that openssl-cvs is being renamed to openssl-commits)
This will also be the server for all openssl.org mail.
We will also be adding reverse-DNS
As we've already said, we are moving to making most OpenSSL data
structures opaque. We deliberately used a non-specific term. :)
As of Matt's commit of the other day, this is starting to happen
now. We know this will inconvenience people as some applications
no longer build. We want to work with
public."
We're excited by these changes, and hope that they provide increased
transparency, and increased engagement with our community. We hope
you're excited too!
-Rich Salz,
Dev Team Member
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Here is the list of old RT tickets that we are closing. We sent email
to all of the originators, and it included the following text:
If you still think it is important for us to consider, please open an
issue on GitHub. Don't be shy! We are closing issues based purely
on the date, and the fact
Sorry if this is a bit OT, can someone explain what is the difference
between
an MS Authenticode certificate, a normal certificate, and a certificate
for signing Netscape object?
The values in the keyUsage and extendedKeyUsage extensions.
/r$
--
Rich Salz, Chief Security Architect
> Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
This question makes no sense. OCSP and LDAP are two differnet protocols.
It's like saying "SMTP over HTTP"
/r$
--
Rich Salz Chief Security Architect
DataPower Tec
"OCSP over LDAP" is documented?
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
__
For example OCSP_CERTID_free
is exported in libcrypto.so but I could not find it in the source code
Look at asn1/asn1.h adn asn1/asn1t.h
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http
code. What is "Par" ?
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
_
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
__
OpenSSL Project
> Anyway, I don't know why I got different hashes
The newline that echo adds. Try
echo -n 1122 | openssl dgst -md5
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/
export rules don't apply for this any more.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
___
Are you padding your data out to the right size?
The code in crypto/apps is a really good way to learn how to use the
OpenSSL library. Learn the commands, find one that does what you want,
and read the source for it.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology
> Many other countries also restrict the export of encryption products.
And some restrict the imports, as well.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.
e OpenSSL/SSLeay
acknowledgement and copyright wherever you show your copyright and
"ownership" statement.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com
now invalid!
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
__
OpenSSL Pro
why not uses pgp
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
__
OpenSSL Project
> char *sBase64[21] // this variable contains the Base64 Encoded string
That's not a char buffer.
I don't know what you're trying to do, but your code doesn't make
sense to me.
Did you see the sample code I posted the other day?
/r$
--
Rich Salz
od trade-off for
your team to make.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
TLS spec discusses some of the implications.
You might also want to look at the "security" in SNMPv3.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/
ly flawed.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
This address will be going away; please use [EMAIL PROTECTED]
__
OpenSSL Project
> Does anyone know why an X509 digest would be different after the X509 is
> written out and read back into another X509 from PEM?
Software bug. No other explanation.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.co
If there is a difference as small as one bit then the digests should be
different.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
This address will be going away; please use [EMAIL PROTECTED
Paradoxically, the more valuable
the certs, the easier it should be to crank up the CA and sign CRL's.
If you really care, have your CA issue a CRL-issuing-certs to someone else.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.
for financial support, so throwing a few bucks
might be a cheap way to get the code done faster.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Secu
h hardware crypto, your CPU
spends most of its time waiting for data to flow to/from the device
(e.g., across the PCI bus). Try running 10 speed tests simultaneously
in the background, or write a multi-threaded test, etc.
/r$
--
Rich Salz, Chief Security Architect
DataPower
an expired certificate in order
to handle this flow
revoke crl-n expire crl-n+1 remove-from-crl-list
make sense?
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products
be in the CRL. The rules say that a revoked cert must
appear in (at least?) one CRL after its expiration period. Without
that, as you point out, there is a gap during which the cert could
appear valid.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology
sed to be in the spirit of crypto
open source (cypherpunkcs, etc) to allow anon posting because
of the whoele ethos thing.
Probably not worth supporting any more.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Securi
Why not use IPsec. Why does it have to be in the kernel? It's hard
to see what the security trade-offs are that make this necesary.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapowe
Rich Salz wrote:
Probably not worth supporting any more.
Ben Laurie wrote:
I disagree.
Ben's voice carries way more weight than mine :) I stand down...
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Sec
and
you might be able to make some automated script that does a lot of the
work for you.
If you made that file, then submitted to the openssl developers, they
might be willing to keep it current.
--
Rich Salz Chief Security Architect
DataPower Technology h
r UDP,
where packets can arrive out of order or not at all.
> Each transmission here would probably be some 50-100 bytes, once a
> minute, set to scale for a few thousand servers per tracker.
Run some timing tests on your planned hardware, such as "openssl
speed rsa"
/r
> openssl's genrsa can't do this work,any other tool to do this work?
Are you really sure that the RSA work is so great that you need such a
ridiculously small key size? The security is so weak perhaps you should
just drop SSL altogether.
/r$
--
Rich Salz C
> yes,I am sure,can you give me any advice?:)
Drop SSL.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xml
client. Second, attacker could be get a key because in first
> connection it is going to client as plain text.
The original posting said the clients/agenets were going to connect with
SSL.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://ww
> I need some info about the protocols or standars for securing a CA Root
At the risk of being immodest, you might find this column useful:
http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
/r$
--
Rich Salz Chief Security Architect
DataPower Technol
t;(and get hte new root
distirbuted and used)" would probably have been worth adding.
At any rate, the key point is that if you anchor everything you do under
a single root, than moving your tree underneath something else is a lot
eaiser if only one "root" has to move, rather than
ents
don't.
our old local root to new local root transition was people who decided
to mark the end-user certificate as trusted in their browsers rather
than take the risk of trusting our root.
"If you want PGP you know where to find it."
/r$
--
Rich Salz, Chief Secur
t;proof of
possession" and is a common practice.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
may return "three" extra bytes, knowing
that they will be wasted by the cast. But then it has to allow for that
in the implementation of free(), and that's very hard to do. So malloc
returns a pointer that is already worst-case aligned.
/r$
--
Rich Salz Chief
re calling OpenSSL. Do you get the same growth when openssl isn't
used? Make sure you "xxx_free" every object you "xxx_new".
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40
> I'm not a lawyer either, however as a Manager of Software development
> I have always been told by the legal boys, you MUST enforce a
> copyright and/or patent in ALL cases or you can't enforce it in any.
> US law requires equal treatment to all.
Totally wrong.
___
> As I recall, however, the TLSv.1 Internet-Draft mischeviously cited
> -- as its cannonical RC4 reference -- one of the several Apparently RC4
> (ARC-4) clones.
I believe they did this with the advice/suggestion/concerrence of Rivest.
___
> Can you please tell me what i should be doing
> to avoid patent/license related issues !
Hire a lawyer and have them tell you.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I don't know exactly what the original poster is trying to do, but you
might want to get advice as to if your use violates US patent law.
That is probably a more important issue than export. The RSA patent
expires in September.
> Commercial use as defined by the Feds is *SELLING* the software.
> I hope this is not too far off topic, but does anyone know how I can
> store a DER format certificate request in a MySQL database?
Convert to/from base64.
__
OpenSSL Project http://www.openssl.
> I'm trying to write a server (using OpenSSL) that doesn't use
> patented algorithms.
In all seriousness, why? Is it important that you deploy before September?
Your testing matrix was among the most awesome I have ever seen.
/r$
___
> My question is, how's a typical authentication delegation implemented
> using SSL? I can visualize a point-to-point authetication happening between
> the client and ServiceA. But, how can I control access to ServiceB's
> resources by ServiceA unless ServiceA is acting on behalf of a authoris
> Does mod_ssl or some other materials explains how to hack netscape's browser?
Yes.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automa
> The X.509 certificates currently allow only for one signature, right?
> If this is wrong, how can several CAs sign a certificate?
CA's can cross-certify: they sign each other's certs.
/r$
__
OpenSSL Project
On Sun, 7 May 2000, John Byrd wrote:
> while ((i = select(sock + 1, &readfds, NULL, NULL, &tv)) > 0) {
> if ((i = FD_ISSET(sock, &readfds)) < 1) break;
> memset(res, 0, 1024);
> r = read(sock, res, 1023);
> if (r < 1) break;
>
So something like
int openssl_cert_matches_dnsname(X509* cert, const char* name)
? That seems like a good thing.
> There is also the delicate question of exactly what name the app hands to
> the check algorithm as the target host name. The text below is
> unambiguous that it must be "wh
> Is there any
> other technical solution than generating once CRL with information about a
> certificate and then a newer CRL not containing the certificate?
I don't even think you're really "supposed" to do that. Most software
assumes
that once a cert is on a CRL it never comes off.
Many folk
> Hmmm. Doesn't this get really complicated?
It can, yes.
One approach would be for the signer to include an OCSP response "with"
the document they are signing. The OCSP nonce should be a hash of the
document being signed.
> I suppose someone is thinking about how to do all this...
We are all
> sql table. I need to initialize the user/passwd data base with the
> existing data from my current /etc/passwd file (linux).
No can do. The password file format is one-way. You cannot recover the
password from the password file.
/r$
___
> I send a message some time-stamping authority, containing the
> signature and the date and time at which I pretend to sign it; this
> authority will then sign this message with it's own certificate adding the
> date and time at which it signed it.
Peter Sylvester talked about this a day
> Hello again, folks. I have a bit of a dilemma here.
Yes, you do.
You need to look at what you are trying to protect yourself from.
For example, are you worried that someone can download your database?
If so, why are you not worried that they could download your decrypt program?
If they can do
> To build a legally royalty free SSL implementation
> what RSA algorithms do I need to abstain from using?
> When does the RSA patent expire?
*ALL* RSA algorithms are covered by patent until Sept 20.
If you need to work with current browsers, pragmatically speaking you
must have RSA.
> 1. The a
> < if (!RAND_file_name(randfname, 4096)) {
"sizeof randfname" is better.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> Any ideas?
>
> More importantly, do you know why this limitation exists at all? I would
> rather fix the problem than run from it.
The limit exists because the context depends on state derived from each
half of the duplex connection. (Mythical example, for explanation: SSL
periodically sends
I tried to word my reply so that it would be obvious that I didn't want
to spend the time to look it up. Oh well. Cf SSL_pending().
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
> Well, the problem is ...
Sorry, but I think you're in the minority of development environments.
You're not allowed to change your build hierarchy, you can't change
your build flags, and you need to use external packages. Good luck,
but openssl/foo.h is generally the right thing to do and it sh
In the README file there is a section marked PATENTS.
The only thing that really needs to be added, is that the patent on
the RSA algorithm expires on Sept 20, 2000, but then *everybody*
knows that. :)
Tell your boss that OpenSSL has some patented intellectual property
and you need some time with
> run SSL over UDP, with a layer that provides reliable delivery.
> Of course that's duplicating the functionality of TCP, but
> people reinvent the wheel all the time...
But there are times when it is quite appropriate to build a guaranteed
delivery protocol on top of UDP. RPC systems are a goo
SSL/TLS requires a transport protocol that is like TCP: each byte sent
by "A" is received by "B" exactly once, and in order. If you want to
use OpenSSL on top of anything other than a TCP socket, you will have to
write some code that interfaces your transport into the OpenSSL "BIO"
framework.
> I am not _absolutely_ sure if the usage of extern "C" will solve your
> problem, but I think you should at least try if you don't want to use the
> STL or roguewave or similar instead.
Since OpenSSL is written in standard C, then wrapping all OpenSSL
#include
files with "extern "C"" should work
> The certificate has no effect on the type of symmetric encryption that SSL
> negotiates.
Except that if you have to support older "export-strength crypto"
browsers, then you can only have a 512bit key.
__
OpenSSL Project
> In a LDAP directory, certificates can be stored as binary
> data under the attribute "userCertificate".
>
> Which of the certificate formats that OpenSSL can produce is
> the correct one to use for this?
The DER (binary) format. Usually transmitted through ldap via a base64
encoding thereof.
>I've got to the point where I can happily generate keys and sign
> data. Hurrah! Now all I need to do is find a way to store keys.
look at the d2i and i2d functions declared in rsa.h
In general, for any complicated structure you need to serialize (also
known as flattening or marshalling
> Does anybody know whether fopen(NULL, ...) is allowed at all?
> Otherwise s_server should be fixed...
It's undefined and can certainly coredump. I strongly believe that anything
other than a coredump is an error in that C library.
s_server should be fixed.
> Can I release my
> code which uses OpenSSL under GPL or not?
You should, in your LICENSE file, explicitly grant permission to link against
openssl.
/r$
__
OpenSSL Project http://www.opens
> I would imagine that either OpenSSL already supports it, or the standard is
> so dated as to have been superseded by other developments.
At a previous employer we, we looked at ISO 9796. It's a clever padding
scheme. I forget the details, except that it's used by EU financial
organizations, a
I am generating my own keys and certs for Apache/mod_ssl. I can connect
via s_client fine. Using Netscape on Linux pops up a dialog that says
"The security library has encountered an improperly-formatted DER
message." and the Apache error_log says:
[Tue Dec 26 11:11:35 2000] [error] mod_
> make sure you common name ie. www.yahoo.com in the cert is the
> resolved dns name you are using to pull up the site. Also make sure
> you have a server certificate or intermediate.ca configured.
that's why I attached the data, so folks could see that I did that.
I don't have basic constraints
> The reason is that somehow you've managed to get sha1WithRSAEncryption
> as the OID in the RSA encrypted DigestInfo structure instead of SHA1.
Thank you. I knew that you'd know the answer. :)
We are doing things at a low-level and I'm gonna smack that boy when
he comes back. :)
/r$
> Is there any way to fix the already-generated CA certificate, or do I need
> to make a new one?
You can keep the current keys, but generate a new cert.
There is no 'binary patch' for certs. We hope. :)
/r$
__
OpenSSL
The RSA patent has expired, so use the RSA code that openssl includes.
/r$
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated
> the CN and Email are separated by a "/" while all other DN components are
> separated by ", ". Is there a reason for this behaviour?
Because the openssl code 'knows' about some RDNs, and then it just gloms
the rest on the end. :)
/r$
_
OpenSSL interoperates with whatever SSL IIS has. You need to read about
configuring IIS and its SSL stuff; Microsoft docs, not OpenSSL docs.
You might find it easiest to pay someone (like Verisign) to sign the
cert that you will have IIS generate. It will take you less time to do
that, tha
Let me summarize his report:
I fooled the test root CA into signing a cert with the cert-sign bit.
I betcha this works with the production CA."
Let me respond:
I betcha it doesn't work.
__
OpenSSL Project
No, Bob wants to know:
Does PKCS#7 support additional signed attributes?
The answer is yes.
/r$
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> actually UDP/IP max_size is 512 Bytes
no; you're ignoring fragmentation which has been cmmon since 1980 or so.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Are you hashing a file opened in text, not binary, mode?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Catherine Goldin wrote:
> But I meant Software acceleration. I have a high-performance RSA
> library, and my purpose is to integrate it into OpenSSL. Does engine
> version suit for this?
Yes. Geoff Thorpe recently posted a GMP (gnu multi-precision math
library) software engine that might offe
> I did some work on a project a while back that might be relevant to your
> search:
>
> http://crypto.stanford.edu/~dabo/ITTC/
This work is way cool. (At a previous company I had some email
exchanges with Dan :)
One interesting application would be to integrate it into BIND so that
you cou
> I want to separate the OpenSSL project in two parts (Client and Server),
There is a high-level API that can be separated this way: SSL_accept,
and SSL_connect. But is SSL_read a client or a server function? It's
both. And, in fact, most of the openssl source code is used in both
client a
> Just to add my thoughts to the cooking pot, FIPS-140 probably isn't worth a
> string of beans.
You are technically savvy enough to decide that for yourself. Many
folks are not -- who, really, is equipped to run RNG tests and
understand the importance for keygen?
The FIPS-140 specs are remar
> I have need of having the sha & sha1 digests.
Are you SURE you need both? SHA1 exists because SHA (or SHA0:) had bugs.
The fix happned so quickly that many folks say SHA when they mean SHA1
/r$
__
OpenSSL Project
> Don't claim to support a platform if you don't intend on supporting it.
> You have a Win32 version...so support it - completely.
Two points: First, You must be knew to this whole open source thing.
"Completely support"? Come on, I'll betcha not even Shining Light
Productions complete suppor
> Should the certificate that signs the CRL be the same cert that signs the
> end-entity's certificates?
It can be, yes. In many cases it is.
> or Can any other certificate(ie., authorised to do so) can sign the CRL?
Yes, the CA can sign another cert that gives it the authority.
There are va
> > Or use the trick we created for Identrus: make the nonce be the hash of
> > the document that made you first do the OCSP query.
>
> That doesn't prevent a replay attack, in general, of course.
If the document isn't public, then it's as good as arbitrary random bytes.
If the document *is* p
> I was unclear - I meant as a general technique it doesn't
True.
> though unless
> you are guaranteed to answer the same at all points in the future, I
> don't see how the timestamp helps.
OCSP includes a "generatedAt" timestamp, so the future doesn't matter. :)
/r$
___
>>"How important is the PRNG seed to the
>>total security of your program ?"
How quickly they forget... :(
Your SSL connections can be broken. Several years ago Netscape used a
poor random seed (like getpid() or'd into the time() or some such), and
Dave Wagner (et al) at Berkeley wer
Ultimately, you cannot prevent it; as long as the user has control of
their machine, they can "spoof" anything they want. You can, however,
make it more difficult/inconvenient for them.
For example, encode the DER form of your CA key directly into your
executable, then call d2i_xxx to get the
Data may be coalesced. It does not HAVE to happen but it MAY happen.
Note that TCP does not preserve record boundaries: two writes may end up
being read in three parts, e.g.
What you're seeing is just a circumstance of your network setup. No
guarantees.
/r$
_
> I'm not quite sure what this means, but "What key
> management algorithms, including modulus sizes, are
> supported by OpenSSL?"
Oooh, it means someone's applying for an export license. :)
Include a copy of the TLS RFC in your application, and refer them to that.
They won't actually read it, th
> How do you place a constraint on a certificate to allow it to sign only
> certificate lower in X400 naming scheme, or containing a special naming
> scheme...
Your best way to get a reasonable understanding of this is to read the
IETF PKIX profile. For example, http://www.ietf.org/rfc/rfc3280.tx
> They usually come from pre-built sources. Technically end-users should do
> the compilation of OpenSSL for their systems and companies should not
> incorporate OpenSSL into their product lines because of import and export
> regulations (legal issues just get messy in regards to cryptography
> so
> I still see it as a problem, since the data then
> potentially sticks around for a longer time, and is therefore
> retrievable for anyone who cracked root if that would happen.
Anyone who can crack root will just install a trojan openssl library,
anyway. Seems little point in holding up a relea
1 - 100 of 221 matches
Mail list logo
