From janzon at gmail.com Sat Oct 1 16:05:32 2016 From: janzon at gmail.com (Daniel Janzon) Date: Sat, 01 Oct 2016 16:05:32 +0000 Subject: [openssl-users] Possible to control session reuse from the client? In-Reply-To: <32126FB1-2531-41E8-B066-6176D12B1E3D@dukhovni.org> References: <32126FB1-2531-41E8-B066-6176D12B1E3D@dukhovni.org> Message-ID: Hm... Thanks, but I think I miss some piece of the puzzle. How does client and server side session differ and how do they interact? I thought the TLS session was always cached on the server side and all the client would have to do was to send its session ID. On Fri, Sep 30, 2016 at 12:00 AM Viktor Dukhovni wrote: > > > On Sep 29, 2016, at 11:55 AM, Daniel Janzon wrote: > > > > For performance testing purposes, I would like to turn off session reuse > in the (homegrown) client I use for testing. Is there a function in the > openssl library to do it? > > > > I tried googling for "openssl client don't send session id" but I didn't > find anything useful. > > Just do nothing. Client sessions are not reused unless you explicitly > arrange for reuse of a session by calling SSL_set_session() before > SSL_connect(). If you're trying to avoid wasting memory on storing > client-side sessions that you'll never reuse then this may help: > > SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_OFF); > > but note this is also the default state, so is also not needed unless > some other code has explicitly enabled client-side caching of sessions. > > Only the server-side cache is enabled by default. > > -- > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sat Oct 1 16:12:56 2016 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 1 Oct 2016 16:12:56 +0000 Subject: [openssl-users] Possible to control session reuse from the client? In-Reply-To: References: <32126FB1-2531-41E8-B066-6176D12B1E3D@dukhovni.org> Message-ID: <2e7367070e36450d9059e8cbbf745493@usma1ex-dag1mb1.msg.corp.akamai.com> Sessions are the server holds the state and the client sends a session-id. Tickets are the client holds the state and sends it to the server. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Sat Oct 1 16:17:36 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 1 Oct 2016 16:17:36 +0000 Subject: [openssl-users] Possible to control session reuse from the client? In-Reply-To: References: <32126FB1-2531-41E8-B066-6176D12B1E3D@dukhovni.org> Message-ID: <20161001161735.GV4670@mournblade.imrryr.org> On Sat, Oct 01, 2016 at 04:05:32PM +0000, Daniel Janzon wrote: > Hm... Thanks, but I think I miss some piece of the puzzle. How does client > and server side session differ and how do they interact? I thought the TLS > session was always cached on the server side and all the client would have > to do was to send its session ID. Well, the client needs a lot more than just an "id". It needs to retain the session master key, protocol version, ... so that if the server agrees to resume the session the client can do so. With session tickets, all the storage is the client side, the client stores the server's session too, encrypted under a key that only the server knows. The client sends along the server's session back to the server in the sessiont ticket extension (RFC 5077). Client session caching is off by default, and in any case there's no automatic resumption. The client must call SSL_set_sesion() to trigger resumption. -- Viktor. From openssl-users at dukhovni.org Sat Oct 1 16:19:53 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 1 Oct 2016 16:19:53 +0000 Subject: [openssl-users] Possible to control session reuse from the client? In-Reply-To: <2e7367070e36450d9059e8cbbf745493@usma1ex-dag1mb1.msg.corp.akamai.com> References: <32126FB1-2531-41E8-B066-6176D12B1E3D@dukhovni.org> <2e7367070e36450d9059e8cbbf745493@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <20161001161953.GW4670@mournblade.imrryr.org> On Sat, Oct 01, 2016 at 04:12:56PM +0000, Salz, Rich wrote: > Sessions are the server holds the state and the client sends a session-id. The client always holds (the client side of the) state. What varies is how much (server) state is also stored at the server. > Tickets are the client holds the state and sends it to the server. With tickets the client also stores the server state, encrypted, so that the server need only hold a decryption key, which is the same for multiple client sessions. -- Viktor. From gjcoram at gmail.com Sat Oct 1 20:32:52 2016 From: gjcoram at gmail.com (Geoffrey Coram) Date: Sat, 1 Oct 2016 16:32:52 -0400 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> References: <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <20161001163252.3AF31C18.gjcoram@gmail.com> On 09/30/2016 09:29, "Salz, Rich" wrote: > > > Is there something more I should do on this issue?? I recall the > OpenSSL terms of use strongly discouraged people from the US from > helping, due to US export restrictions. > > That's kinda outdated. That didn't answer my question. I reported a bug, I'm not a developer / on the developer list; will someone else take this, or is there some bug database that I should enter an issue into? From noloader at gmail.com Sat Oct 1 20:53:33 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Sat, 1 Oct 2016 16:53:33 -0400 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <20161001163252.3AF31C18.gjcoram@gmail.com> References: <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <20161001163252.3AF31C18.gjcoram@gmail.com> Message-ID: On Sat, Oct 1, 2016 at 4:32 PM, Geoffrey Coram wrote: > ....I reported a bug, I'm not a developer > / on the developer list; will someone else take this, or is there some > bug database that I should enter an issue into? If its an OpenSSL bug, then I believe you send an email to rt at openssl.org along with the details. OpenSSL makes it easy on folks. Also see Item 17 in the FAQ: "I think I've found a bug, what should I do?", http://www.openssl.org/docs/faq.html#BUILD17. From noloader at gmail.com Sat Oct 1 21:01:16 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Sat, 1 Oct 2016 17:01:16 -0400 Subject: [openssl-users] OpenSSL and sourc'ing countries (was: calloc vs kssl_calloc) Message-ID: >>> Is there something more I should do on this issue? I recall the OpenSSL >>> terms of use strongly discouraged people from the US from helping, due to US >>> export restrictions. >> >> That's kinda outdated. > > However there are very many OpenSSL users (myself included) > who rely on the legal status of OpenSSL/SSLeay as having no > US origin parts. If this has changed, it needs a big red > banner at the top of the www.openssl.org, every affected > source file with the original EAY copyright boilerplate or > its OpenSSL clone etc. That's kind of interesting. Are you saying there are countries where you can source and import your crypto from some countries, but not other countries? As I understand the US procedures from working with DoC and BIS, you don't need an import license (only an export license). But I'd be interested in hearing how some countries are trying to control the crypto from the import side of the equation. More humorously, does import versus export even matter? The crypto genie is out of the bottle. It can't be put back. Jeff From rsalz at akamai.com Sat Oct 1 21:08:03 2016 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 1 Oct 2016 21:08:03 +0000 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <20161001163252.3AF31C18.gjcoram@gmail.com> References: <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <20161001163252.3AF31C18.gjcoram@gmail.com> Message-ID: <6ba8c1b605354e41be726c1c7dd5a64d@usma1ex-dag1mb1.msg.corp.akamai.com> > That didn't answer my question. I reported a bug, I'm not a developer / on > the developer list; will someone else take this, or is there some bug database > that I should enter an issue into? As it says in https://www.openssl.org/community/, email it to rt at openssl.org It also says this in the README. From rsalz at akamai.com Sat Oct 1 21:18:44 2016 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 1 Oct 2016 21:18:44 +0000 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <5494c531-b77a-e155-cfa6-2effc2de30c5@wisemo.com> References: <20160926115651.6018EB40.gjcoram@gmail.com> <088105a918b245ec9e6d3a34b0c61c51@usma1ex-dag1mb1.msg.corp.akamai.com> <2732dcb1-9ad0-ac48-9f66-7ffc7f5b8237@akamai.com> <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <5494c531-b77a-e155-cfa6-2effc2de30c5@wisemo.com> Message-ID: <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> > However there are very many OpenSSL users (myself included) who rely on > the legal status of OpenSSL/SSLeay as having no US origin parts. If this has > changed, it needs a big red banner at the top of the www.openssl.org, every > affected source file with the original EAY copyright boilerplate or its OpenSSL > clone etc. As of 1.1.0 every single file has modifications by US Citizens because I globally changed the copyright. We are NOT going to mark US/non-US contributions, sorry. OpenSSL and SSLeay has always had US contributions, it's just that we were done indirectly. For example, "git show eb64730" which was early 2000. From noloader at gmail.com Sat Oct 1 23:01:25 2016 From: noloader at gmail.com (Jeffrey Walton) Date: Sat, 1 Oct 2016 19:01:25 -0400 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160926115651.6018EB40.gjcoram@gmail.com> <088105a918b245ec9e6d3a34b0c61c51@usma1ex-dag1mb1.msg.corp.akamai.com> <2732dcb1-9ad0-ac48-9f66-7ffc7f5b8237@akamai.com> <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <5494c531-b77a-e155-cfa6-2effc2de30c5@wisemo.com> <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On Sat, Oct 1, 2016 at 5:18 PM, Salz, Rich wrote: > >> However there are very many OpenSSL users (myself included) who rely on >> the legal status of OpenSSL/SSLeay as having no US origin parts. If this has >> changed, it needs a big red banner at the top of the www.openssl.org, every >> affected source file with the original EAY copyright boilerplate or its OpenSSL >> clone etc. > > We are NOT going to mark US/non-US contributions, sorry. That's kind of a new twist on "Authentication is not X". For Java and Web Apps, its "Authentication is not Authorizations" (Sandboxes and Secure Contexts). For Git is "Authentication is not Code Integrity" (Commit Signing). In the new case, I thinks its "Authentication is not Lawfulness". Or is it Lawlessness? Jeff From rschm2 at unh.newhaven.edu Sun Oct 2 17:17:22 2016 From: rschm2 at unh.newhaven.edu (Schmicker, Robert) Date: Sun, 2 Oct 2016 17:17:22 +0000 Subject: [openssl-users] Properly Reseeding RAND_bytes() Message-ID: Hello, I?m a little unsure on the recommended way to properly reseed the RAND_bytes() function. My output provides random numbers, but only the first 16 bytes. The output of byte 16 and on is just some period of the first 16 bytes and therefore has several duplicated numbers. My inputs are four seeds, each 128 bits in size. A SEED_SIZE with a value of 16 (where I believe the periodicity to be coming from). Then an output buffer of 256 bits containing the random bytes as well as the RAND_SIZE with a value of 64. 1: RAND_seed(s->seed1, SEED_SIZE); 2: RAND_bytes(buffer1, RAND_SIZE); 3: RAND_seed(s->seed2, SEED_SIZE); 4: RAND_bytes(buffer2, RAND_SIZE); 5: RAND_seed(s->seed3, SEED_SIZE); 6: RAND_bytes(buffer3, RAND_SIZE); 7: RAND_seed(s->seed4, SEED_SIZE); 8: RAND_bytes(buffer4, RAND_SIZE); Any reason why four very different seeds are providing the same random numbers, but just in different orders? Thank you for the read and any help, Rob Schmicker From rschm2 at unh.newhaven.edu Sun Oct 2 16:21:04 2016 From: rschm2 at unh.newhaven.edu (Robert Schmicker) Date: Sun, 2 Oct 2016 12:21:04 -0400 Subject: [openssl-users] RAND_bytes() Properly Reseeding Message-ID: <0990c6fc-49d4-45a7-933d-17cb08d61b61@unh.newhaven.edu> Hello, I?m a little unsure on the recommended way to properly reseed the RAND_bytes() function. My output provides random numbers, but only the first 16 bytes. The output of byte 16 and on is just some period of the first 16 bytes and therefore has several duplicated numbers. My inputs are four seeds, each 128 bits in size. A SEED_SIZE with a value of 16 (where I believe the periodicity to be coming from). Then an output buffer of 256 bits containing the random bytes as well as the RAND_SIZE with a value of 64. 1: RAND_seed(s->seed1, SEED_SIZE); 2: RAND_bytes(buffer1, RAND_SIZE); 3: RAND_seed(s->seed2, SEED_SIZE); 4: RAND_bytes(buffer2, RAND_SIZE); 5: RAND_seed(s->seed3, SEED_SIZE); 6: RAND_bytes(buffer3, RAND_SIZE); 7: RAND_seed(s->seed4, SEED_SIZE); 8: RAND_bytes(buffer4, RAND_SIZE); Any reason why four very different seeds are providing the same random numbers, but just in different orders? Thank you for the read and any help, Rob Schmicker From rsalz at akamai.com Mon Oct 3 14:52:57 2016 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 3 Oct 2016 14:52:57 +0000 Subject: [openssl-users] OpenSSL F2F Message-ID: Sorry, we didn't think to put this out earlier... The OpenSSL dev team is having a face-to-face meeting this week in Berlin, co-located with LinuxCon. If you're in the area, feel free to stop by. In particular, on Tuesday from 16:50-17:40 - "Members of the openssl development team will be available to help with porting applications to 1.1.0, help guide how people can contribute to the project, and be available to discuss other technical issues. Downstream distributions and embedded applications developers should also stop by to introduce themselves" If you're not available during that time, but want to chat, please let us know. /r$ -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From bkaduk at akamai.com Mon Oct 3 16:41:12 2016 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Mon, 3 Oct 2016 11:41:12 -0500 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <20161001163252.3AF31C18.gjcoram@gmail.com> References: <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <20161001163252.3AF31C18.gjcoram@gmail.com> Message-ID: <13634792-2b96-7a56-fa51-62c39870641b@akamai.com> On 10/01/2016 03:32 PM, Geoffrey Coram wrote: > On 09/30/2016 09:29, "Salz, Rich" wrote: >>> Is there something more I should do on this issue? I recall the >> OpenSSL terms of use strongly discouraged people from the US from >> helping, due to US export restrictions. >> >> That's kinda outdated. > > That didn't answer my question. I reported a bug, I'm not a developer > / on the developer list; will someone else take this, or is there some > bug database that I should enter an issue into? The general question has been answered already. In this specific case, the best thing for you to do would be to test https://github.com/openssl/openssl/pull/1622 , which I submitted after making the claim that the calloc usage was "just a bug". -Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From jb-openssl at wisemo.com Mon Oct 3 23:31:23 2016 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 4 Oct 2016 01:31:23 +0200 Subject: [openssl-users] OpenSSL and sourc'ing countries (was: calloc vs kssl_calloc) In-Reply-To: References: Message-ID: <6dfe3783-7554-50bc-916d-fbee8e6b5d2d@wisemo.com> On 01/10/2016 23:01, Jeffrey Walton wrote: >>>> Is there something more I should do on this issue? I recall the OpenSSL >>>> terms of use strongly discouraged people from the US from helping, due to US >>>> export restrictions. >>> That's kinda outdated. >> However there are very many OpenSSL users (myself included) >> who rely on the legal status of OpenSSL/SSLeay as having no >> US origin parts. If this has changed, it needs a big red >> banner at the top of the www.openssl.org, every affected >> source file with the original EAY copyright boilerplate or >> its OpenSSL clone etc. > That's kind of interesting. Are you saying there are countries where > you can source and import your crypto from some countries, but not > other countries? I'm not sure about that either. Part of my point is that when *exporting* or *reexporting* products that include OpenSSL code, the various filings (including DoC/BIS as it happens) tend to include declarations related to the country of origin of the cryptographic software. Therefore (and for other reasons) it is very disconcerting if a project such as OpenSSL, which is actually famous for its non-US origin, silently changes its country of origin. > As I understand the US procedures from working with DoC and BIS, you > don't need an import license (only an export license). But I'd be > interested in hearing how some countries are trying to control the > crypto from the import side of the equation. > > More humorously, does import versus export even matter? The crypto > genie is out of the bottle. It can't be put back. Unfortunately, governments tend to disagree, and we can't all afford to ignore ill-conceived laws. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From jb-openssl at wisemo.com Mon Oct 3 23:48:42 2016 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 4 Oct 2016 01:48:42 +0200 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> References: <20160926115651.6018EB40.gjcoram@gmail.com> <088105a918b245ec9e6d3a34b0c61c51@usma1ex-dag1mb1.msg.corp.akamai.com> <2732dcb1-9ad0-ac48-9f66-7ffc7f5b8237@akamai.com> <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <5494c531-b77a-e155-cfa6-2effc2de30c5@wisemo.com> <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On 01/10/2016 23:18, Salz, Rich wrote: >> However there are very many OpenSSL users (myself included) who rely on >> the legal status of OpenSSL/SSLeay as having no US origin parts. If this has >> changed, it needs a big red banner at the top of the www.openssl.org, every >> affected source file with the original EAY copyright boilerplate or its OpenSSL >> clone etc. > As of 1.1.0 every single file has modifications by US Citizens because I globally changed the copyright. Really, I thought the US team dealt exclusively with the FIPS bureaucracy acting as "cutouts" between US government interests and the non-US developers, never actually touching the code. > We are NOT going to mark US/non-US contributions, sorry. > > OpenSSL and SSLeay has always had US contributions, it's just that we were done indirectly. For example, "git show eb64730" which was early 2000. > This fact was *not* published widely enough to be seen by everyone concerned. It was certainly not published as widely as the fact that SSLeay was created and maintained entirely outside the US, and that this was one of its major attractions. Basically that internal checkin (which I have no idea what is, since I only see the released tarballs) or any earlier US code changes would have been a watershed change. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From rsalz at akamai.com Tue Oct 4 05:56:31 2016 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 4 Oct 2016 05:56:31 +0000 Subject: [openssl-users] calloc vs kssl_calloc In-Reply-To: References: <20160926115651.6018EB40.gjcoram@gmail.com> <088105a918b245ec9e6d3a34b0c61c51@usma1ex-dag1mb1.msg.corp.akamai.com> <2732dcb1-9ad0-ac48-9f66-7ffc7f5b8237@akamai.com> <508981692b7c43cb8172a76f93c17bf6@usma1ex-dag1mb1.msg.corp.akamai.com> <5494c531-b77a-e155-cfa6-2effc2de30c5@wisemo.com> <439c0131ebcd4f64807e3d26fa266aa6@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > This fact was *not* published widely enough to be seen by everyone > concerned. It was certainly not published as widely as the fact that SSLeay > was created and maintained entirely outside the US, and that this was one of > its major attractions. > > Basically that internal checkin (which I have no idea what is, since I only see > the released tarballs) or any earlier US code changes would have been a > watershed change. Well, I can't go back to 2000 and change things. You'll have to decide what you want to do now. From Michael.Wojcik at microfocus.com Tue Oct 4 12:33:37 2016 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Tue, 4 Oct 2016 12:33:37 +0000 Subject: [openssl-users] RAND_bytes() Properly Reseeding In-Reply-To: <0990c6fc-49d4-45a7-933d-17cb08d61b61@unh.newhaven.edu> References: <0990c6fc-49d4-45a7-933d-17cb08d61b61@unh.newhaven.edu> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Robert Schmicker > Sent: Sunday, October 02, 2016 12:21 > > I?m a little unsure on the recommended way to properly reseed the > RAND_bytes() function. My output provides random numbers, but only the > first 16 bytes. The output of byte 16 and on is just some period of the first 16 > bytes and therefore has several duplicated numbers. Do you have a small program that demonstrates the problem? Michael Wojcik Distinguished Engineer, Micro Focus From totszwai at gmail.com Wed Oct 5 18:12:17 2016 From: totszwai at gmail.com (Eric To) Date: Wed, 5 Oct 2016 14:12:17 -0400 Subject: [openssl-users] BN_mod_inverse:no inverse when calling OCSP_basic_sign Message-ID: Version: openssl 1.0.1u OS: RHEL 6.5 Arch: x86_64 GNU/Linux I'm getting a critical error when openssl try to sign the basic response. The overall basic response itself seems fine since openssl can still decode the response if i use -no_signature_verify... Without it, i get: Response Verify Failure 140479349708456:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:186: 140479349708456:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218: 140479349708456:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: Any hint on troubleshooting this would be great. Here is how I call the OCSP_basic_sign: OCSP_BASICRESP *bresp; X509 *signer; EVP_PKEY *key; ... OCSP_basic_sign(bresp, signer, key, EVP_sha1(), NULL, 0); But getting the following error internally from OCSP_basic_sign: OPENSSL ERROR: error:0306E06C:bignum routines:BN_mod_inverse:no inverse OPENSSL ERROR: error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib Running it through dbg, it failed at ASN1_item_sign_ctx In crypto/asn1/a_sign.c 303 if (!EVP_DigestSignUpdate(ctx, buf_in, inl) 304 || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { 305 outl = 0; 306 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); 307 goto err; 308 } (gdb) print inl $1 = 284 (gdb) print outl $2 = 256 (gdb) print *ctx $4 = {digest = 0x7fb2ecf12b80, engine = 0x0, flags = 0, md_data = 0x7fb2ef1629d0, pctx = 0x7fb2ef162970, update = 0x7fb2ecc2515a } (gdb) print *ctx->digest $5 = {type = 64, pkey_type = 65, md_size = 20, flags = 12, init = 0x7fb2ecc2513c , update = 0x7fb2ecc2515a , final = 0x7fb2ecc2518b , copy = 0, cleanup = 0, sign = 0x7fb2ecbf0c70 , verify = 0x7fb2ecbf1568 , required_pkey_type = {6, 19, 0, 0, 0}, block_size = 64, ctx_size = 104, md_ctrl = 0} -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at openssl.org Wed Oct 5 18:52:01 2016 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 5 Oct 2016 18:52:01 +0000 Subject: [openssl-users] BN_mod_inverse:no inverse when calling OCSP_basic_sign In-Reply-To: References: Message-ID: <20161005185201.GA19523@openssl.org> On Wed, Oct 05, 2016, Eric To wrote: > > Any hint on troubleshooting this would be great. Here is how I call the > OCSP_basic_sign: > > OCSP_BASICRESP *bresp; > X509 *signer; > EVP_PKEY *key; > ... > OCSP_basic_sign(bresp, > signer, key, > EVP_sha1(), > NULL, 0); > > But getting the following error internally from OCSP_basic_sign: > > OPENSSL ERROR: error:0306E06C:bignum routines:BN_mod_inverse:no inverse > OPENSSL ERROR: error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP > lib > Where does the key come from? Trying using the -check option to the rsa utility to see if it is valid. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From kgoldman at us.ibm.com Thu Oct 6 13:42:34 2016 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 6 Oct 2016 09:42:34 -0400 Subject: [openssl-users] pod to html Message-ID: Does someone have the precise command to bulk convert the pod files to html, with all the cross references, relative directory, index, etc.? I'd like to have a local copy for times the web site is unavailable. From matt at openssl.org Thu Oct 6 14:11:23 2016 From: matt at openssl.org (Matt Caswell) Date: Thu, 6 Oct 2016 15:11:23 +0100 Subject: [openssl-users] pod to html In-Reply-To: References: Message-ID: <8df8e2a6-7368-87e7-92f7-c06da578e855@openssl.org> On 06/10/16 14:42, Ken Goldman wrote: > Does someone have the precise command to bulk convert the pod files to > html, with all the cross references, relative directory, index, etc.? > > I'd like to have a local copy for times the web site is unavailable. > Just doing "make install_html_docs" should do it. Matt From ajaygargnsit at gmail.com Fri Oct 7 03:21:24 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Fri, 7 Oct 2016 08:51:24 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" Message-ID: Hi All. I understand the basic gist of setting up SSL-connections using OpenSSL, as per http://stackoverflow.com/questions/7698488/turn-a-simple-socket-into-an-ssl-socket However, I am a bit unsure about certain implementations. In particular (let's talk only about the client-side), I wonder how do the following methods work internally :: * SSL_connect (implicitly involving underlying-socket-reads and underlying-socket-writes) * SSL_write (involving underlying-socket-writes) * SSL_read (involving underlying-socket-reads) We have a framework which we have ported to a variety of devices, involving GPRS-connectivity, and devices without operating-systems. I know that there is "no one universal socket-write" and "no one universal socket-read" implementations. With the above in mind, I wonder how the "SSL_connect", "SSL_write", "SSL_read" actually handle the root-level writes/reads (given that we do not pass any "root-level-socket-write" and "root-level-socket-read" callbacks before "SSL_write" and "SSL_read"). Looking forward to some help; I will be grateful for any pointers. Thanks and Regards, Ajay From openssl-users at dukhovni.org Fri Oct 7 03:49:01 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 7 Oct 2016 03:49:01 +0000 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: Message-ID: <20161007034901.GJ4670@mournblade.imrryr.org> On Fri, Oct 07, 2016 at 08:51:24AM +0530, Ajay Garg wrote: > However, I am a bit unsure about certain implementations. > In particular (let's talk only about the client-side), I wonder how do > the following methods work internally :: > > > * SSL_connect (implicitly involving underlying-socket-reads and > underlying-socket-writes) Correct. > * SSL_write (involving underlying-socket-writes) This can also involve socket reads, e.g. when the peer requests renegotiation. Hence, on non-blocking sockets this can fail with SSL_ERROR_WANT_READ. The application should then retry the write (generally with the identitical data) when the socket becomes *readable*. > * SSL_read (involving underlying-socket-reads) This can also involve socket writes, e.g. when the peer requests renegotiation. Hence, on non-blocking sockets this can fail with SSL_ERROR_WANT_WRITE. The application should then retry the read when the socket becomes *writable*. > We have a framework which we have ported to a variety of devices, > involving GPRS-connectivity, and devices without operating-systems. > I know that there is "no one universal socket-write" and "no one > universal socket-read" implementations. No idea what "root-level" means. Perhaps you mean something analogous to a system-call? If so OpenSSL can either be handed the socket to use, or plugged into some other way of moving data via the BIO pair interface. https://www.openssl.org/docs/manmaster/crypto/BIO_s_bio.html -- Viktor. From ajaygargnsit at gmail.com Fri Oct 7 04:39:07 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Fri, 7 Oct 2016 10:09:07 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: <20161007034901.GJ4670@mournblade.imrryr.org> References: <20161007034901.GJ4670@mournblade.imrryr.org> Message-ID: On Fri, Oct 7, 2016 at 9:19 AM, Viktor Dukhovni wrote: > On Fri, Oct 07, 2016 at 08:51:24AM +0530, Ajay Garg wrote: > >> However, I am a bit unsure about certain implementations. >> In particular (let's talk only about the client-side), I wonder how do >> the following methods work internally :: >> >> >> * SSL_connect (implicitly involving underlying-socket-reads and >> underlying-socket-writes) > > Correct. > >> * SSL_write (involving underlying-socket-writes) > > This can also involve socket reads, e.g. when the peer requests > renegotiation. Hence, on non-blocking sockets this can fail with > SSL_ERROR_WANT_READ. The application should then retry the write > (generally with the identitical data) when the socket becomes > *readable*. > >> * SSL_read (involving underlying-socket-reads) > > This can also involve socket writes, e.g. when the peer requests > renegotiation. Hence, on non-blocking sockets this can fail with > SSL_ERROR_WANT_WRITE. The application should then retry the read > when the socket becomes *writable*. > >> We have a framework which we have ported to a variety of devices, >> involving GPRS-connectivity, and devices without operating-systems. >> I know that there is "no one universal socket-write" and "no one >> universal socket-read" implementations. > > No idea what "root-level" means. Perhaps you mean something > analogous to a system-call? If so OpenSSL can either be handed > the socket to use, or plugged into some other way of moving data > via the BIO pair interface. > > https://www.openssl.org/docs/manmaster/crypto/BIO_s_bio.html Ahhhh.... let me have a look.. I think this will fit in :) > > -- > Viktor. > --. > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From ajaygargnsit at gmail.com Fri Oct 7 06:58:46 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Fri, 7 Oct 2016 12:28:46 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> Message-ID: Victor, I realise I am still stuck with the original issue. Taking "bio1" as the SSL-facing-bio, and "bio2" as the network-facing-bio, how do we write-into/read-from "bio2"? Are there callbacks available that will allow :: * Writing to network via "bio2" (after "bio1" has internally-transferred the bytes to "bio2") ? * Reading from network via "bio2" (after which "bio1" can internally-pick-up the bytes from "bio2") ? Also, how do "bio1" and "bio2" communicate in case of non-ideal scenarios (timeouts, errors)? On Fri, Oct 7, 2016 at 10:09 AM, Ajay Garg wrote: > On Fri, Oct 7, 2016 at 9:19 AM, Viktor Dukhovni > wrote: >> On Fri, Oct 07, 2016 at 08:51:24AM +0530, Ajay Garg wrote: >> >>> However, I am a bit unsure about certain implementations. >>> In particular (let's talk only about the client-side), I wonder how do >>> the following methods work internally :: >>> >>> >>> * SSL_connect (implicitly involving underlying-socket-reads and >>> underlying-socket-writes) >> >> Correct. >> >>> * SSL_write (involving underlying-socket-writes) >> >> This can also involve socket reads, e.g. when the peer requests >> renegotiation. Hence, on non-blocking sockets this can fail with >> SSL_ERROR_WANT_READ. The application should then retry the write >> (generally with the identitical data) when the socket becomes >> *readable*. >> >>> * SSL_read (involving underlying-socket-reads) >> >> This can also involve socket writes, e.g. when the peer requests >> renegotiation. Hence, on non-blocking sockets this can fail with >> SSL_ERROR_WANT_WRITE. The application should then retry the read >> when the socket becomes *writable*. >> >>> We have a framework which we have ported to a variety of devices, >>> involving GPRS-connectivity, and devices without operating-systems. >>> I know that there is "no one universal socket-write" and "no one >>> universal socket-read" implementations. >> >> No idea what "root-level" means. Perhaps you mean something >> analogous to a system-call? If so OpenSSL can either be handed >> the socket to use, or plugged into some other way of moving data >> via the BIO pair interface. >> >> https://www.openssl.org/docs/manmaster/crypto/BIO_s_bio.html > > > Ahhhh.... let me have a look.. I think this will fit in :) > >> >> -- >> Viktor. >> --. >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > -- > Regards, > Ajay -- Regards, Ajay From astib at mag0.net Fri Oct 7 09:05:34 2016 From: astib at mag0.net (Ales Stibal) Date: Fri, 7 Oct 2016 11:05:34 +0200 Subject: [openssl-users] socket change with SSL_set_fd Message-ID: <75a8c4a1-e833-cb94-8690-cc30f1c46499@mag0.net> Hi folks, I have a small, but important question which affects my project design. May I change underlying socket for SSL with SSL_set_fd when socket was already set and used before? I believe it should not be problem, since in theory it's just the transport channel for OpenSSL where to write, or read from. Am I correct? Many thanks, Ales From openssl-users at dukhovni.org Fri Oct 7 09:55:04 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 7 Oct 2016 09:55:04 +0000 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> Message-ID: <20161007095504.GK4670@mournblade.imrryr.org> On Fri, Oct 07, 2016 at 12:28:46PM +0530, Ajay Garg wrote: > I realise I am still stuck with the original issue. Failure to read the documentation closely. > Also, how do "bio1" and "bio2" communicate in case of non-ideal > scenarios (timeouts, errors)? They don't, you move all the data. All reads/writes by OpenSSL will return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE when the requisite data is not already buffered. At that point you do the requsite I/O and copy data into and out of the network bio. First, do all pending writes: BIO_ctrl_pending(network_bio) BIO_read(network_bio, ...) ... write the opaque ciphertext to the underlying socket-like ... thing when it is writable, take to not block or drop ... the ciphertext on the floor if you do. then if SSL_ERROR_WANT_READ, find out how much OpenSSL wants to read, and read that much data from the underlying socket-like thing and copy its (opaque ciphertext) into the network bio: BIO_ctrl_get_read_request(network_bio) BIO_write(network_bio, ...) A double-buffer (separate read/write) between the socket and SSL may make the logic simpler, but the write side must be flushed whenever to the SSL network BIO becomes empty, to avoid deadlock. And of course avoid blocking on reads when it is OpenSSL's turn to write. In general you have an event loop, a non-blocking socket thingy, and select/poll/... read/write or both depending on SSL_ERROR_WANT_READ/WRITE and the state of any intermediate buffers you're managing. A careful read of the manpage will expose all these facilities. -- Viktor. From hariprasad_mc07 at yahoo.com Fri Oct 7 12:16:28 2016 From: hariprasad_mc07 at yahoo.com (HariPrasad MC) Date: Fri, 7 Oct 2016 12:16:28 +0000 (UTC) Subject: [openssl-users] Building FIPS capable openssl on Android References: <1945032651.25042.1475842588669.ref@mail.yahoo.com> Message-ID: <1945032651.25042.1475842588669@mail.yahoo.com> I'm trying to port the FIPS module to Android openssl. Can someone please suggest the Prerequisite to be followed for linking Fips module(fipscanister) to Android Openssl in Android.mk. From ajaygargnsit at gmail.com Fri Oct 7 14:35:13 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Fri, 7 Oct 2016 20:05:13 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: <20161007095504.GK4670@mournblade.imrryr.org> References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> Message-ID: Hi Viktor. Thanks for your reply, and I am sorry for being idiotic, OpenSSL does seem daunting, but I am learning :) Also, let's not bother too much about the APIs/methods as such. I will be grateful if you could confirm/reject my architectural-understanding so far. Let's say "bio1" is the SSL-BIO, and "bio2" is the In-Memory-BIO, and they have been made a pair, with the architecture being :: App <=> bio1 <=> bio2 <=> device-specific-socket So, for writes, following steps can be made to happen synchronously (even with blocking device-specific-sockets) :: W1. App writes x app-payload-bytes to bio1. W2. Internally, x app-payload-bytes (at bio1) become y app-payload-encrypted-bytes (at bio2). W3. Thereafter, the y app-payload-encrypted-bytes are transferred over the wire via the device-specific-socket. I think W2 is the key-step architecturally. For reads, following steps can be made to happen synchronously (even with blocking device-specific-sockets, carrying read-timeout feature) :: R1. App wants x app-payload-bytes. R2. If bio1 can produce at least x app-payload-bytes, then we are done. Else, we read some (let's say n) app-payload-encrypted-bytes from device-specific-socket, write them into bio2, and again enquire if bio1 can now produce at least x app-payload-bytes. If still not, we keep reading n app-payload-encrypted-bytes from device-specific-socket and writing them into bio2, until bio1 can produce at least x app-payload-bytes. R3. Finally, App reads x app-payload-bytes. Here too, I think R2 is the key-step architecturally. Is my above architectural-understanding of the workflow between App and Device-Specific-Socket correct? Anyway, thanks for your help so far. Thanks and Regards, Ajay On Fri, Oct 7, 2016 at 3:25 PM, Viktor Dukhovni wrote: > On Fri, Oct 07, 2016 at 12:28:46PM +0530, Ajay Garg wrote: > >> I realise I am still stuck with the original issue. > > Failure to read the documentation closely. > >> Also, how do "bio1" and "bio2" communicate in case of non-ideal >> scenarios (timeouts, errors)? > > They don't, you move all the data. All reads/writes by OpenSSL will > return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE when the requisite > data is not already buffered. At that point you do the requsite > I/O and copy data into and out of the network bio. > > First, do all pending writes: > > BIO_ctrl_pending(network_bio) > BIO_read(network_bio, ...) > > ... write the opaque ciphertext to the underlying socket-like > ... thing when it is writable, take to not block or drop > ... the ciphertext on the floor if you do. > > then if SSL_ERROR_WANT_READ, find out how much OpenSSL wants to > read, and read that much data from the underlying socket-like thing > and copy its (opaque ciphertext) into the network bio: > > BIO_ctrl_get_read_request(network_bio) > BIO_write(network_bio, ...) > > A double-buffer (separate read/write) between the socket and SSL > may make the logic simpler, but the write side must be flushed > whenever to the SSL network BIO becomes empty, to avoid deadlock. > And of course avoid blocking on reads when it is OpenSSL's turn to > write. In general you have an event loop, a non-blocking socket > thingy, and select/poll/... read/write or both depending on > SSL_ERROR_WANT_READ/WRITE and the state of any intermediate buffers > you're managing. > > A careful read of the manpage will expose all these facilities. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From jb-openssl at wisemo.com Fri Oct 7 14:57:24 2016 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Fri, 7 Oct 2016 16:57:24 +0200 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> Message-ID: <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> On 07/10/2016 16:35, Ajay Garg wrote: > Hi Viktor. > > Thanks for your reply, and I am sorry for being idiotic, OpenSSL does > seem daunting, but I am learning :) > > Also, let's not bother too much about the APIs/methods as such. > I will be grateful if you could confirm/reject my > architectural-understanding so far. > > Let's say "bio1" is the SSL-BIO, and "bio2" is the In-Memory-BIO, and > they have been made a pair, with the architecture being :: > > App <=> bio1 <=> bio2 <=> device-specific-socket > One caveat for both scenarios below: RW2a: During step R2 or W2, the SSL/TLS protocol may need to transmit some data in the opposite direction in order to handle automatically setting or changing the encryption keys etc. Thus during W2, some data may be read from bio2 and during R2, some data may be written to bio2. This doesn't happen every time, but it always happens for the first app-payload-bytes, and it may happen at any later time subject to changes as the protocol and/or library are improved. > So, for writes, following steps can be made to happen synchronously > (even with blocking device-specific-sockets) :: > > W1. App writes x app-payload-bytes to bio1. > > W2. Internally, x app-payload-bytes (at bio1) become y > app-payload-encrypted-bytes (at bio2). > > W3. Thereafter, the y app-payload-encrypted-bytes are transferred > over the wire via the device-specific-socket. > > I think W2 is the key-step architecturally. > > > For reads, following steps can be made to happen synchronously (even > with blocking device-specific-sockets, carrying read-timeout feature) > :: > > R1. App wants x app-payload-bytes. > > R2. If bio1 can produce at least x app-payload-bytes, then we are done. > > Else, we read some (let's say n) app-payload-encrypted-bytes > from device-specific-socket, write them into bio2, and > again enquire if bio1 can now produce at least x app-payload-bytes. > > If still not, we keep reading n app-payload-encrypted-bytes > from device-specific-socket and writing them into bio2, until > bio1 can produce at least x app-payload-bytes. > > R3. Finally, App reads x app-payload-bytes. > > Here too, I think R2 is the key-step architecturally. > > > > Is my above architectural-understanding of the workflow between App > and Device-Specific-Socket correct? > > > Anyway, thanks for your help so far. > > > Thanks and Regards, > Ajay > > > > > On Fri, Oct 7, 2016 at 3:25 PM, Viktor Dukhovni > wrote: >> On Fri, Oct 07, 2016 at 12:28:46PM +0530, Ajay Garg wrote: >> >>> I realise I am still stuck with the original issue. >> Failure to read the documentation closely. >> >>> Also, how do "bio1" and "bio2" communicate in case of non-ideal >>> scenarios (timeouts, errors)? >> They don't, you move all the data. All reads/writes by OpenSSL will >> return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE when the requisite >> data is not already buffered. At that point you do the requsite >> I/O and copy data into and out of the network bio. >> >> First, do all pending writes: >> >> BIO_ctrl_pending(network_bio) >> BIO_read(network_bio, ...) >> >> ... write the opaque ciphertext to the underlying socket-like >> ... thing when it is writable, take to not block or drop >> ... the ciphertext on the floor if you do. >> >> then if SSL_ERROR_WANT_READ, find out how much OpenSSL wants to >> read, and read that much data from the underlying socket-like thing >> and copy its (opaque ciphertext) into the network bio: >> >> BIO_ctrl_get_read_request(network_bio) >> BIO_write(network_bio, ...) >> >> A double-buffer (separate read/write) between the socket and SSL >> may make the logic simpler, but the write side must be flushed >> whenever to the SSL network BIO becomes empty, to avoid deadlock. >> And of course avoid blocking on reads when it is OpenSSL's turn to >> write. In general you have an event loop, a non-blocking socket >> thingy, and select/poll/... read/write or both depending on >> SSL_ERROR_WANT_READ/WRITE and the state of any intermediate buffers >> you're managing. >> >> A careful read of the manpage will expose all these facilities. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From ajaygargnsit at gmail.com Fri Oct 7 17:00:06 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Fri, 7 Oct 2016 22:30:06 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> Message-ID: Thanks for the reply Viktor. On Fri, Oct 7, 2016 at 8:27 PM, Jakob Bohm wrote: > On 07/10/2016 16:35, Ajay Garg wrote: >> >> Hi Viktor. >> >> Thanks for your reply, and I am sorry for being idiotic, OpenSSL does >> seem daunting, but I am learning :) >> >> Also, let's not bother too much about the APIs/methods as such. >> I will be grateful if you could confirm/reject my >> architectural-understanding so far. >> >> Let's say "bio1" is the SSL-BIO, and "bio2" is the In-Memory-BIO, and >> they have been made a pair, with the architecture being :: >> >> App <=> bio1 <=> bio2 <=> device-specific-socket >> > One caveat for both scenarios below: > > RW2a: During step R2 or W2, the SSL/TLS protocol may need to > transmit some data in the opposite direction in order to handle > automatically setting or changing the encryption keys etc. Thus > during W2, some data may be read from bio2 and during R2, some > data may be written to bio2. > > This doesn't happen every time, but it always happens for the > first app-payload-bytes, and it may happen at any later time > subject to changes as the protocol and/or library are improved. Ok, so for sending app-payload-bytes, we do a bio_write() to "bio1", and if "bio1" requires reading from bio2/peer, bio_write() will return SSL_ERROR_WANT_READ (even for blocking sockets). We then read-in some app-payload-encrypted-bytes from device-socket, put them into "bio2" (thus internally fulfilling bio1's need for read), and then again try bio_write() to "bio1" WITH IDENTICAL APP-PAYLOAD-BYTES. If it again returns SSL_ERROR_WANT_READ, we repeat the cycle. For reading app-payload-bytes, we do a bio_read() from "bio1", and if "bio1" requires writing bytes to bio2/peer, bio_read() will return SSL_ERROR_WANT_WRITE (even for blocking sockets). We then pick up the app-payload-encrypted-bytes from "bio2", transfer them over the wire via device-specific-socket (thus fulfilling bio1's need to send bytes to peer), and then again try bio_read() from "bio1" WITH IDENTICAL APP-PAYLOAD-BYTES. If it again returns SSL_ERROR_WANT_WRITE, we repeat the cycle. Obviously, for the above two sub-plots, the only chance of failure if reading/writing bytes fails over the wire. But that is not the norm; if it does happen, then everything will be restarted from scratch (at least by me). Is my understanding correct (especially for the case if blocking-sockets are being used throughout)? If yes, then it seems everything can be done fully synchronously for blocking-sockets, thus eliminating the need of multiple threads, and thus enabling us to integrate OpenSSL seamlessly in our already existing framework across all devices that we have ported our framework to (devices with/without operating-systems, with/without GPRS/Wifi). So, eagerly awaiting your reply :) Thanks a ton for the lightning-quick help so far !!!! Thanks and Regards, Ajay > > >> So, for writes, following steps can be made to happen synchronously >> (even with blocking device-specific-sockets) :: >> >> W1. App writes x app-payload-bytes to bio1. >> >> W2. Internally, x app-payload-bytes (at bio1) become y >> app-payload-encrypted-bytes (at bio2). >> >> W3. Thereafter, the y app-payload-encrypted-bytes are transferred >> over the wire via the device-specific-socket. >> >> I think W2 is the key-step architecturally. >> >> >> For reads, following steps can be made to happen synchronously (even >> with blocking device-specific-sockets, carrying read-timeout feature) >> :: >> >> R1. App wants x app-payload-bytes. >> >> R2. If bio1 can produce at least x app-payload-bytes, then we are done. >> >> Else, we read some (let's say n) app-payload-encrypted-bytes >> from device-specific-socket, write them into bio2, and >> again enquire if bio1 can now produce at least x >> app-payload-bytes. >> >> If still not, we keep reading n app-payload-encrypted-bytes >> from device-specific-socket and writing them into bio2, until >> bio1 can produce at least x app-payload-bytes. >> >> R3. Finally, App reads x app-payload-bytes. >> >> Here too, I think R2 is the key-step architecturally. >> >> >> >> Is my above architectural-understanding of the workflow between App >> and Device-Specific-Socket correct? >> >> >> Anyway, thanks for your help so far. >> >> >> Thanks and Regards, >> Ajay >> >> >> >> >> On Fri, Oct 7, 2016 at 3:25 PM, Viktor Dukhovni >> wrote: >>> >>> On Fri, Oct 07, 2016 at 12:28:46PM +0530, Ajay Garg wrote: >>> >>>> I realise I am still stuck with the original issue. >>> >>> Failure to read the documentation closely. >>> >>>> Also, how do "bio1" and "bio2" communicate in case of non-ideal >>>> scenarios (timeouts, errors)? >>> >>> They don't, you move all the data. All reads/writes by OpenSSL will >>> return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE when the requisite >>> data is not already buffered. At that point you do the requsite >>> I/O and copy data into and out of the network bio. >>> >>> First, do all pending writes: >>> >>> BIO_ctrl_pending(network_bio) >>> BIO_read(network_bio, ...) >>> >>> ... write the opaque ciphertext to the underlying socket-like >>> ... thing when it is writable, take to not block or drop >>> ... the ciphertext on the floor if you do. >>> >>> then if SSL_ERROR_WANT_READ, find out how much OpenSSL wants to >>> read, and read that much data from the underlying socket-like thing >>> and copy its (opaque ciphertext) into the network bio: >>> >>> BIO_ctrl_get_read_request(network_bio) >>> BIO_write(network_bio, ...) >>> >>> A double-buffer (separate read/write) between the socket and SSL >>> may make the logic simpler, but the write side must be flushed >>> whenever to the SSL network BIO becomes empty, to avoid deadlock. >>> And of course avoid blocking on reads when it is OpenSSL's turn to >>> write. In general you have an event loop, a non-blocking socket >>> thingy, and select/poll/... read/write or both depending on >>> SSL_ERROR_WANT_READ/WRITE and the state of any intermediate buffers >>> you're managing. >>> >>> A careful read of the manpage will expose all these facilities. > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From openssl-users at dukhovni.org Fri Oct 7 17:47:01 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 7 Oct 2016 17:47:01 +0000 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> Message-ID: <20161007174701.GN4670@mournblade.imrryr.org> On Fri, Oct 07, 2016 at 10:30:06PM +0530, Ajay Garg wrote: > Ok, so for sending app-payload-bytes, we do a bio_write() to "bio1", > and if "bio1" requires reading from bio2/peer, bio_write() will return > SSL_ERROR_WANT_READ (even for blocking sockets). We then read-in some > app-payload-encrypted-bytes from device-socket, No, it will *usually* return SSL_ERROR_WANT_WRITE, that's when you write "some" (based on pending data amount from bio2) to the network that you read from bio2. Those writes might be written via a buffer you interpose, however it is important to flush that buffer as much as possible before attempting any network reads (flush fully if the network reads are potentially blocking). However, it might sometimes return SSL_ERROR_WANT_READ, in which case, the SSL layer wants to read, even though the application wants to write. Your job is to do the read on the SSL layer's behalf, and then retry the write. Where "some" is obtained by queried bio2 for the amount of pending data. You can loop reading/sending smaller amounts that if the entire amount is too big to write to the target in one go without blocking. Otherwise, you need a large enough write buffer downstream. If you can't fully drain bio2's output in one go, just keep the socket selected for write and try again later when more space is available. > put them into "bio2" > (thus internally fulfilling bio1's need for read), and then again try > bio_write() to "bio1" WITH IDENTICAL APP-PAYLOAD-BYTES. If it again > returns SSL_ERROR_WANT_READ, we repeat the cycle. Well, you may not fulfill that need, if you don't drain all the pending data, and so the SSL_ERROR_WANT_... may repeat. What you do with bio2 has no direct relationship on the direction of the I/O in bio1. Just keep track of whether the crypto wants to read or write, and whether either bio2 or any buffer you interpose downstream has pending data. Then move data between the network and bio2 as appropriate. > For reading app-payload-bytes, we do a bio_read() from "bio1", and if > "bio1" requires writing bytes to bio2/peer, bio_read() will return > SSL_ERROR_WANT_WRITE (even for blocking sockets). No, it will *usually* return SSL_ERROR_WANT_READ, that's when you read "some" (based on desired read size from bio2) from the network and write the results to bio2. Those reads might be satisfied from a buffer you interpose. However, it might sometimes return SSL_ERROR_WANT_WRITE, in which case, the SSL layer wants to write, even though the application wants to read. Your job is to do the write on the SSL layer's behalf, and then retry the read. > We then pick up the > app-payload-encrypted-bytes from "bio2", transfer them over the wire > via device-specific-socket (thus fulfilling bio1's need to send bytes > to peer), and then again try bio_read() from "bio1" WITH IDENTICAL > APP-PAYLOAD-BYTES. If it again returns SSL_ERROR_WANT_WRITE, we repeat > the cycle. When retrying app-layer reads, you do not need to provide the same buffer or read request size on subsequent attempts. > Obviously, for the above two sub-plots, the only chance of failure if > reading/writing bytes fails over the wire. > But that is not the norm; if it does happen, then everything will be > restarted from scratch (at least by me). > If yes, then it seems everything can be done fully synchronously for > blocking-sockets, No, synchronous operation will not work. The network may not be ready to receive more data when you're ready to write (network layer data), or have more data when you're ready to read. Use of bio-pairs with blocking sockets is highly risky, you'll probably dead-lock with some regularity. > thus eliminating the need of multiple threads, You don't need threads, an event loop will do. Indeed an event loop is generally better, don't know whether the same bio-pair is safe for use by multiple threads. You just need to be able to perform the equivalent of select()/poll()/... on whatever interface you have for moving data to/from the network. -- Viktor. From MHeimlich at Steelcloud.com Fri Oct 7 17:56:35 2016 From: MHeimlich at Steelcloud.com (Matthew Heimlich) Date: Fri, 7 Oct 2016 17:56:35 +0000 Subject: [openssl-users] Building an application with OpenSSL and FIPS support. Message-ID: I'm on RHEL7. I've got a very simple encryption/decryption program that works fine without FIPS support enabled, but fails when it is: #include #include #include #include void handleErrors(void) { ERR_print_errors_fp(stderr); abort(); } int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext) { EVP_CIPHER_CTX *ctx; int len; int ciphertext_len; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); /* Initialise the encryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) handleErrors(); /* Provide the message to be encrypted, and obtain the encrypted output. * EVP_EncryptUpdate can be called multiple times if necessary */ if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) handleErrors(); ciphertext_len = len; /* Finalise the encryption. Further ciphertext bytes may be written at * this stage. */ if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); ciphertext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return ciphertext_len; } int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, unsigned char *iv, unsigned char *plaintext) { EVP_CIPHER_CTX *ctx; int len; int plaintext_len; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); /* Initialise the decryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) handleErrors(); /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) handleErrors(); plaintext_len = len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors(); plaintext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return plaintext_len; } int main (void) { /* Force FIPS initialization */ FIPS_mode_set(1); /* Set up the key and iv. Do I need to say to not hard code these in a * real application? :-) */ /* A 256 bit key */ unsigned char *key = (unsigned char *)"01234567890123456789012345678901"; /* A 128 bit IV */ unsigned char *iv = (unsigned char *)"01234567890123456"; /* Message to be encrypted */ unsigned char *plaintext = (unsigned char *)"The quick brown fox jumps over the lazy dog"; /* Buffer for ciphertext. Ensure the buffer is long enough for the * ciphertext which may be longer than the plaintext, dependant on the * algorithm and mode */ unsigned char ciphertext[128]; /* Buffer for the decrypted text */ unsigned char decryptedtext[128]; int decryptedtext_len, ciphertext_len; /* Initialise the library */ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(NULL); /* Encrypt the plaintext */ ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv, ciphertext); /* Do something useful with the ciphertext here */ printf("Ciphertext is:\n"); BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len); /* Decrypt the ciphertext */ decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv, decryptedtext); /* Add a NULL terminator. We are expecting printable text */ decryptedtext[decryptedtext_len] = '\0'; /* Show the decrypted text */ printf("Decrypted text is:\n"); printf("%s\n", decryptedtext); /* Clean up */ EVP_cleanup(); ERR_free_strings(); return 0; } As you can see, just the demo code with FIPS enabled. Without FIPS, my output is: Ciphertext is: 0000 - e0 6f 63 a7 11 e8 b7 aa-9f 94 40 10 7d 46 80 a1 .oc....... at .}F.. 0010 - 17 99 43 80 ea 31 d2 a2-99 b9 53 02 d4 39 b9 70 ..C..1....S..9.p 0020 - 2c 8e 65 a9 92 36 ec 92-07 04 91 5c f1 a9 8a 44 ,.e..6.....\...D Decrypted text is: The quick brown fox jumps over the lazy dog With FIPS, compilation goes fine, but generates the following when run: 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: I've tried both as a C project, and as a C++ project, pointing the CC env variable at both the fipsld script, and the modified fipsld++ from the wiki script as appropriate. My FIPSLD_CC variable points to gcc as noted in the FIPS documentation. What am I missing here?? Thanks, Matt Heimlich ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Fri Oct 7 18:35:24 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Sat, 8 Oct 2016 00:05:24 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: <20161007174701.GN4670@mournblade.imrryr.org> References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: Thanks Viktor. On all our device-types, we are using blocking-sockets, but reads can signal that no data is available (equivalent to SO_RCVTIMEO value set as the socket-option on linux-like systems). It seems you have provided me enough insight to get my hands dirty :) Thanks and Regards, Ajay On Fri, Oct 7, 2016 at 11:17 PM, Viktor Dukhovni wrote: > On Fri, Oct 07, 2016 at 10:30:06PM +0530, Ajay Garg wrote: > >> Ok, so for sending app-payload-bytes, we do a bio_write() to "bio1", >> and if "bio1" requires reading from bio2/peer, bio_write() will return >> SSL_ERROR_WANT_READ (even for blocking sockets). We then read-in some >> app-payload-encrypted-bytes from device-socket, > > No, it will *usually* return SSL_ERROR_WANT_WRITE, that's when you > write "some" (based on pending data amount from bio2) to the network > that you read from bio2. Those writes might be written via a buffer > you interpose, however it is important to flush that buffer as > much as possible before attempting any network reads (flush fully > if the network reads are potentially blocking). > > However, it might sometimes return SSL_ERROR_WANT_READ, in which > case, the SSL layer wants to read, even though the application > wants to write. Your job is to do the read on the SSL layer's > behalf, and then retry the write. > > Where "some" is obtained by queried bio2 for the amount of pending > data. You can loop reading/sending smaller amounts that if the > entire amount is too big to write to the target in one go without > blocking. Otherwise, you need a large enough write buffer downstream. > If you can't fully drain bio2's output in one go, just keep the > socket selected for write and try again later when more space is > available. > >> put them into "bio2" >> (thus internally fulfilling bio1's need for read), and then again try >> bio_write() to "bio1" WITH IDENTICAL APP-PAYLOAD-BYTES. If it again >> returns SSL_ERROR_WANT_READ, we repeat the cycle. > > Well, you may not fulfill that need, if you don't drain all the > pending data, and so the SSL_ERROR_WANT_... may repeat. What you > do with bio2 has no direct relationship on the direction of the > I/O in bio1. Just keep track of whether the crypto wants to read > or write, and whether either bio2 or any buffer you interpose > downstream has pending data. Then move data between the network > and bio2 as appropriate. > >> For reading app-payload-bytes, we do a bio_read() from "bio1", and if >> "bio1" requires writing bytes to bio2/peer, bio_read() will return >> SSL_ERROR_WANT_WRITE (even for blocking sockets). > > No, it will *usually* return SSL_ERROR_WANT_READ, that's when you > read "some" (based on desired read size from bio2) from the network > and write the results to bio2. Those reads might be satisfied from > a buffer you interpose. > > However, it might sometimes return SSL_ERROR_WANT_WRITE, in which > case, the SSL layer wants to write, even though the application wants > to read. Your job is to do the write on the SSL layer's behalf, > and then retry the read. > >> We then pick up the >> app-payload-encrypted-bytes from "bio2", transfer them over the wire >> via device-specific-socket (thus fulfilling bio1's need to send bytes >> to peer), and then again try bio_read() from "bio1" WITH IDENTICAL >> APP-PAYLOAD-BYTES. If it again returns SSL_ERROR_WANT_WRITE, we repeat >> the cycle. > > When retrying app-layer reads, you do not need to provide the same > buffer or read request size on subsequent attempts. > >> Obviously, for the above two sub-plots, the only chance of failure if >> reading/writing bytes fails over the wire. >> But that is not the norm; if it does happen, then everything will be >> restarted from scratch (at least by me). > >> If yes, then it seems everything can be done fully synchronously for >> blocking-sockets, > > No, synchronous operation will not work. The network may not be > ready to receive more data when you're ready to write (network > layer data), or have more data when you're ready to read. Use of > bio-pairs with blocking sockets is highly risky, you'll probably > dead-lock with some regularity. > >> thus eliminating the need of multiple threads, > > You don't need threads, an event loop will do. Indeed an event > loop is generally better, don't know whether the same bio-pair is > safe for use by multiple threads. > > You just need to be able to perform the equivalent of > > select()/poll()/... > > on whatever interface you have for moving data to/from > the network. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From Craig_Weeks at trendmicro.com Fri Oct 7 18:44:41 2016 From: Craig_Weeks at trendmicro.com (Craig_Weeks at trendmicro.com) Date: Fri, 7 Oct 2016 18:44:41 +0000 Subject: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words" Message-ID: I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS architecture on vxWorks. I am getting this error during the link step: ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': : multiple definition of `bn_div_3_words' /usr/local/src/w/branches/zorro/tos390_tls/vendor/openssl-fips-2.0.12_installation/lib//fipscanister.o(.text+0x321c0): first defined here I see that others have encountered this problem in the past, but I have found no explanation or resolution. https://marc.info/?l=openssl-users&m=141216400714219&w=2 Can someone provide guidance for resolving this error? Craig Weeks | Senior Software Engineer, Support Response Team (SRT) craig_weeks at trendmicro.com 14231 Tandem Blvd, Austin TX 78728 www.trendmicro.com 
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part -------------- An HTML attachment was scrubbed... URL: From ethan.rahn at gmail.com Fri Oct 7 20:01:10 2016 From: ethan.rahn at gmail.com (Ethan Rahn) Date: Fri, 7 Oct 2016 13:01:10 -0700 Subject: [openssl-users] Building an application with OpenSSL and FIPS support. In-Reply-To: References: Message-ID: Matt, What part of the selftest fails? Can you step through it with a debugger? Cheers, Ethan On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich wrote: > I'm on RHEL7. I've got a very simple encryption/decryption program that > works fine without FIPS support enabled, but fails when it is: > > #include > #include > #include > #include > > void handleErrors(void) > { > ERR_print_errors_fp(stderr); > abort(); > } > > int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, > unsigned char *iv, unsigned char *ciphertext) > { > EVP_CIPHER_CTX *ctx; > > int len; > > int ciphertext_len; > > /* Create and initialise the context */ > if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); > > /* Initialise the encryption operation. IMPORTANT - ensure you use a key > * and IV size appropriate for your cipher > * In this example we are using 256 bit AES (i.e. a 256 bit key). The > * IV size for *most* modes is the same as the block size. For AES this > * is 128 bits */ > if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) > handleErrors(); > > /* Provide the message to be encrypted, and obtain the encrypted output. > * EVP_EncryptUpdate can be called multiple times if necessary > */ > if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) > handleErrors(); > ciphertext_len = len; > > /* Finalise the encryption. Further ciphertext bytes may be written at > * this stage. > */ > if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); > ciphertext_len += len; > > /* Clean up */ > EVP_CIPHER_CTX_free(ctx); > > return ciphertext_len; > } > > int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, > unsigned char *iv, unsigned char *plaintext) > { > EVP_CIPHER_CTX *ctx; > > int len; > > int plaintext_len; > > /* Create and initialise the context */ > if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); > > /* Initialise the decryption operation. IMPORTANT - ensure you use a key > * and IV size appropriate for your cipher > * In this example we are using 256 bit AES (i.e. a 256 bit key). The > * IV size for *most* modes is the same as the block size. For AES this > * is 128 bits */ > if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) > handleErrors(); > > /* Provide the message to be decrypted, and obtain the plaintext output. > * EVP_DecryptUpdate can be called multiple times if necessary > */ > if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) > handleErrors(); > plaintext_len = len; > > /* Finalise the decryption. Further plaintext bytes may be written at > * this stage. > */ > if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors(); > plaintext_len += len; > > /* Clean up */ > EVP_CIPHER_CTX_free(ctx); > > return plaintext_len; > } > > int main (void) > { > /* Force FIPS initialization */ > FIPS_mode_set(1); > /* Set up the key and iv. Do I need to say to not hard code these in a > * real application? :-) > */ > > /* A 256 bit key */ > unsigned char *key = (unsigned char *)"01234567890123456789012345678901"; > > /* A 128 bit IV */ > unsigned char *iv = (unsigned char *)"01234567890123456"; > > /* Message to be encrypted */ > unsigned char *plaintext = > (unsigned char *)"The quick brown fox jumps over the lazy dog"; > > /* Buffer for ciphertext. Ensure the buffer is long enough for the > * ciphertext which may be longer than the plaintext, dependant on the > * algorithm and mode > */ > unsigned char ciphertext[128]; > > /* Buffer for the decrypted text */ > unsigned char decryptedtext[128]; > > int decryptedtext_len, ciphertext_len; > > /* Initialise the library */ > ERR_load_crypto_strings(); > OpenSSL_add_all_algorithms(); > OPENSSL_config(NULL); > > /* Encrypt the plaintext */ > ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv, > ciphertext); > > /* Do something useful with the ciphertext here */ > printf("Ciphertext is:\n"); > BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len); > > /* Decrypt the ciphertext */ > decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv, > decryptedtext); > > /* Add a NULL terminator. We are expecting printable text */ > decryptedtext[decryptedtext_len] = '\0'; > > /* Show the decrypted text */ > printf("Decrypted text is:\n"); > printf("%s\n", decryptedtext); > > /* Clean up */ > EVP_cleanup(); > ERR_free_strings(); > > return 0; > } > > As you can see, just the demo code with FIPS enabled. Without FIPS, my > output is: > > Ciphertext is: > 0000 - e0 6f 63 a7 11 e8 b7 aa-9f 94 40 10 7d 46 80 a1 .oc....... at .}F.. > 0010 - 17 99 43 80 ea 31 d2 a2-99 b9 53 02 d4 39 b9 70 ..C..1....S..9.p > 0020 - 2c 8e 65 a9 92 36 ec 92-07 04 91 5c f1 a9 8a 44 ,.e..6.....\...D > Decrypted text is: > The quick brown fox jumps over the lazy dog > > With FIPS, compilation goes fine, but generates the following when run: > > 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: > 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: > > I've tried both as a C project, and as a C++ project, pointing the CC env > variable at both the fipsld script, and the modified fipsld++ from the wiki > script as appropriate. My FIPSLD_CC variable points to gcc as noted in the > FIPS documentation. > > What am I missing here?? > > > > Thanks, > > Matt Heimlich ? > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From MHeimlich at Steelcloud.com Fri Oct 7 20:37:01 2016 From: MHeimlich at Steelcloud.com (Matthew Heimlich) Date: Fri, 7 Oct 2016 20:37:01 +0000 Subject: [openssl-users] Building an application with OpenSSL and FIPS support. In-Reply-To: References: , Message-ID: <1475872620756.37526@Steelcloud.com> Running fails specifically on the line: if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); Although I've added some additional debugging code at this point, including this function: int Check_Enable_FIPS(void) { int mode = FIPS_mode(); int ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 /* on */); printf("Attempting to set FIPS mode to 1...\n"); err = ERR_peek_last_error(); printf("Last error was: %lx\n", err); if(ret != 1) { err = ERR_get_error(); } } else { ret = FIPS_mode_set(0 /* off */); if(ret != 1) { err = ERR_get_error(); } } if(ret != 1) { printf("FIPS_mode_set failed: %lx\n", err); } printf("FIPS mode is: %d\n", FIPS_mode()); }?? Which returns Attempting to set FIPS mode to 1... Last error was: 2d06b06f FIPS_mode_set failed: 2d06b06f FIPS mode is: 0? So it would appear that my FIPS mode is never even being set, and walking through the code would seem to confirm this. In addition, the error code doesn't seem to be present in the FIPS documentation, but errstr informs me that it is error:2D06B06F:FIPS routines:DSA_BUILTIN_PARAMGEN2:fingerprint does not match nonpic relocated? Any tips on where to go from here? Thanks, Matt Heimlich ________________________________ From: openssl-users on behalf of Ethan Rahn Sent: Friday, October 7, 2016 4:01 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support. Matt, What part of the selftest fails? Can you step through it with a debugger? Cheers, Ethan On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich > wrote: I'm on RHEL7. I've got a very simple encryption/decryption program that works fine without FIPS support enabled, but fails when it is: #include #include #include #include void handleErrors(void) { ERR_print_errors_fp(stderr); abort(); } int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext) { EVP_CIPHER_CTX *ctx; int len; int ciphertext_len; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); /* Initialise the encryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) handleErrors(); /* Provide the message to be encrypted, and obtain the encrypted output. * EVP_EncryptUpdate can be called multiple times if necessary */ if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) handleErrors(); ciphertext_len = len; /* Finalise the encryption. Further ciphertext bytes may be written at * this stage. */ if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); ciphertext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return ciphertext_len; } int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, unsigned char *iv, unsigned char *plaintext) { EVP_CIPHER_CTX *ctx; int len; int plaintext_len; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); /* Initialise the decryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) handleErrors(); /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) handleErrors(); plaintext_len = len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors(); plaintext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return plaintext_len; } int main (void) { /* Force FIPS initialization */ FIPS_mode_set(1); /* Set up the key and iv. Do I need to say to not hard code these in a * real application? :-) */ /* A 256 bit key */ unsigned char *key = (unsigned char *)"01234567890123456789012345678901"; /* A 128 bit IV */ unsigned char *iv = (unsigned char *)"01234567890123456"; /* Message to be encrypted */ unsigned char *plaintext = (unsigned char *)"The quick brown fox jumps over the lazy dog"; /* Buffer for ciphertext. Ensure the buffer is long enough for the * ciphertext which may be longer than the plaintext, dependant on the * algorithm and mode */ unsigned char ciphertext[128]; /* Buffer for the decrypted text */ unsigned char decryptedtext[128]; int decryptedtext_len, ciphertext_len; /* Initialise the library */ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(NULL); /* Encrypt the plaintext */ ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv, ciphertext); /* Do something useful with the ciphertext here */ printf("Ciphertext is:\n"); BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len); /* Decrypt the ciphertext */ decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv, decryptedtext); /* Add a NULL terminator. We are expecting printable text */ decryptedtext[decryptedtext_len] = '\0'; /* Show the decrypted text */ printf("Decrypted text is:\n"); printf("%s\n", decryptedtext); /* Clean up */ EVP_cleanup(); ERR_free_strings(); return 0; } As you can see, just the demo code with FIPS enabled. Without FIPS, my output is: Ciphertext is: 0000 - e0 6f 63 a7 11 e8 b7 aa-9f 94 40 10 7d 46 80 a1 .oc....... at .}F.. 0010 - 17 99 43 80 ea 31 d2 a2-99 b9 53 02 d4 39 b9 70 ..C..1....S..9.p 0020 - 2c 8e 65 a9 92 36 ec 92-07 04 91 5c f1 a9 8a 44 ,.e..6.....\...D Decrypted text is: The quick brown fox jumps over the lazy dog With FIPS, compilation goes fine, but generates the following when run: 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: 139686960322208:error:2D0A0086:FIPS routines:FIPS_cipher:selftest failed:fips_enc.c:336: I've tried both as a C project, and as a C++ project, pointing the CC env variable at both the fipsld script, and the modified fipsld++ from the wiki script as appropriate. My FIPSLD_CC variable points to gcc as noted in the FIPS documentation. What am I missing here?? Thanks, Matt Heimlich ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From Craig_Weeks at trendmicro.com Fri Oct 7 21:20:27 2016 From: Craig_Weeks at trendmicro.com (Craig_Weeks at trendmicro.com) Date: Fri, 7 Oct 2016 21:20:27 +0000 Subject: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words" Message-ID: I was able to at least make the multiple definition error go away by specifying 'no-asm' as a parameter to the Configure command. Can anyone explain what the implications of such a setting are? From: Craig Weeks (RD-US) Sent: Friday, October 7, 2016 1:45 PM To: 'openssl-users at openssl.org' Subject: Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words" I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS architecture on vxWorks. I am getting this error during the link step: ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': : multiple definition of `bn_div_3_words' /usr/local/src/w/branches/zorro/tos390_tls/vendor/openssl-fips-2.0.12_installation/lib//fipscanister.o(.text+0x321c0): first defined here I see that others have encountered this problem in the past, but I have found no explanation or resolution. https://marc.info/?l=openssl-users&m=141216400714219&w=2 Can someone provide guidance for resolving this error? Craig Weeks | Senior Software Engineer, Support Response Team (SRT) craig_weeks at trendmicro.com 14231 Tandem Blvd, Austin TX 78728 www.trendmicro.com 
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Sun Oct 9 14:47:18 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Sun, 9 Oct 2016 20:17:18 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: <20161007174701.GN4670@mournblade.imrryr.org> References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: Hi Viktor. On Fri, Oct 7, 2016 at 11:17 PM, Viktor Dukhovni wrote: > On Fri, Oct 07, 2016 at 10:30:06PM +0530, Ajay Garg wrote: > >> Ok, so for sending app-payload-bytes, we do a bio_write() to "bio1", >> and if "bio1" requires reading from bio2/peer, bio_write() will return >> SSL_ERROR_WANT_READ (even for blocking sockets). We then read-in some >> app-payload-encrypted-bytes from device-socket, > > No, it will *usually* return SSL_ERROR_WANT_WRITE, that's when you > write "some" (based on pending data amount from bio2) to the network > that you read from bio2. Those writes might be written via a buffer > you interpose, however it is important to flush that buffer as > much as possible before attempting any network reads (flush fully > if the network reads are potentially blocking). > > However, it might sometimes return SSL_ERROR_WANT_READ, in which > case, the SSL layer wants to read, even though the application > wants to write. Your job is to do the read on the SSL layer's > behalf, and then retry the write. For this particular sub-case, let's say SSL-layer wants to obtain "n" bytes from the socket/wire. So, in this case, is it ok to do a blocking-read on the socket, unless "n" bytes are received (of course, a socket "error" will be handled in the blocking-call; it's just that any socket-timeouts will not be considered). I hope the following is NOT happening internally :: * SSL-layer "advertises" that it wants "n" bytes from socket/wire. * However, in reality, it first wants "x" bytes from socket/wire, then actually wants to send "m" bytes, and then finally wants to receive the remaining "n-x" bytes from socket/wire. I am sure it is not happening, just want to confirm :) > > Where "some" is obtained by queried bio2 for the amount of pending > data. You can loop reading/sending smaller amounts that if the > entire amount is too big to write to the target in one go without > blocking. Otherwise, you need a large enough write buffer downstream. > If you can't fully drain bio2's output in one go, just keep the > socket selected for write and try again later when more space is > available. > >> put them into "bio2" >> (thus internally fulfilling bio1's need for read), and then again try >> bio_write() to "bio1" WITH IDENTICAL APP-PAYLOAD-BYTES. If it again >> returns SSL_ERROR_WANT_READ, we repeat the cycle. > > Well, you may not fulfill that need, if you don't drain all the > pending data, and so the SSL_ERROR_WANT_... may repeat. What you > do with bio2 has no direct relationship on the direction of the > I/O in bio1. Just keep track of whether the crypto wants to read > or write, and whether either bio2 or any buffer you interpose > downstream has pending data. Then move data between the network > and bio2 as appropriate. > >> For reading app-payload-bytes, we do a bio_read() from "bio1", and if >> "bio1" requires writing bytes to bio2/peer, bio_read() will return >> SSL_ERROR_WANT_WRITE (even for blocking sockets). > > No, it will *usually* return SSL_ERROR_WANT_READ, that's when you > read "some" (based on desired read size from bio2) from the network > and write the results to bio2. Those reads might be satisfied from > a buffer you interpose. > > However, it might sometimes return SSL_ERROR_WANT_WRITE, in which > case, the SSL layer wants to write, even though the application wants > to read. Your job is to do the write on the SSL layer's behalf, > and then retry the read. > >> We then pick up the >> app-payload-encrypted-bytes from "bio2", transfer them over the wire >> via device-specific-socket (thus fulfilling bio1's need to send bytes >> to peer), and then again try bio_read() from "bio1" WITH IDENTICAL >> APP-PAYLOAD-BYTES. If it again returns SSL_ERROR_WANT_WRITE, we repeat >> the cycle. > > When retrying app-layer reads, you do not need to provide the same > buffer or read request size on subsequent attempts. > >> Obviously, for the above two sub-plots, the only chance of failure if >> reading/writing bytes fails over the wire. >> But that is not the norm; if it does happen, then everything will be >> restarted from scratch (at least by me). > >> If yes, then it seems everything can be done fully synchronously for >> blocking-sockets, > > No, synchronous operation will not work. The network may not be > ready to receive more data when you're ready to write (network > layer data), or have more data when you're ready to read. Use of > bio-pairs with blocking sockets is highly risky, you'll probably > dead-lock with some regularity. > >> thus eliminating the need of multiple threads, > > You don't need threads, an event loop will do. Indeed an event > loop is generally better, don't know whether the same bio-pair is > safe for use by multiple threads. > > You just need to be able to perform the equivalent of > > select()/poll()/... > > on whatever interface you have for moving data to/from > the network. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From openssl-users at dukhovni.org Sun Oct 9 17:25:00 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sun, 9 Oct 2016 13:25:00 -0400 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: > On Oct 9, 2016, at 10:47 AM, Ajay Garg wrote: > >> However, it might sometimes return SSL_ERROR_WANT_READ, in which >> case, the SSL layer wants to read, even though the application >> wants to write. Your job is to do the read on the SSL layer's >> behalf, and then retry the write. > > For this particular sub-case, let's say SSL-layer wants to obtain "n" > bytes from the socket/wire. > > So, in this case, is it ok to do a blocking-read on the socket, unless > "n" bytes are received (of course, a socket "error" will be handled in > the blocking-call; it's just that any socket-timeouts will not be > considered). Yes, you can do a blocking read (provided you have already flushed all pending writes). -- Viktor. From ajaygargnsit at gmail.com Sun Oct 9 18:12:12 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Sun, 9 Oct 2016 23:42:12 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: On Sun, Oct 9, 2016 at 10:55 PM, Viktor Dukhovni wrote: > >> On Oct 9, 2016, at 10:47 AM, Ajay Garg wrote: >> >>> However, it might sometimes return SSL_ERROR_WANT_READ, in which >>> case, the SSL layer wants to read, even though the application >>> wants to write. Your job is to do the read on the SSL layer's >>> behalf, and then retry the write. >> >> For this particular sub-case, let's say SSL-layer wants to obtain "n" >> bytes from the socket/wire. >> >> So, in this case, is it ok to do a blocking-read on the socket, unless >> "n" bytes are received (of course, a socket "error" will be handled in >> the blocking-call; it's just that any socket-timeouts will not be >> considered). > > Yes, you can do a blocking read (provided you have already flushed all > pending writes). Thanks a ton Viktor for the reply. (Yes, in the above case I mentioned, all pending writes would have been flushed). Also, I will be grateful if you could let me know if ANY of the sub-flows in ANY of the flows below is wrong, remembering that "bio1" is the SSL-BIO where the app-payload-bytes are written in, and "bio2" is the IN-MEMORY-BIO where the app-payload-encrypted-bytes emerge. app <==> bio1 <==> bio2 <==> socket Also, for all my cases, Nagle's algorithm has been disabled on the client as well as the server, so every write (at client/server) constitutes a packet-transferred. a) Can BIO_write(bio1, buf, n) return a positive, non-zero return-value other than "n"? In other words, is it possible that only partial-bytes are written? b) Let's say BIO_write(bio1, buf, n) was successful in writing "n" bytes to "bio1". So, will ALL the app-payload-encrypted-bytes be available at "bio2" immediately in a synchronous manner (so that they can be immediately sent to the server over the wire) ? Implicit in this workflow is my assumption that SSL too builds up a packet for every BIO_write done over "bio1". c) Will the following sequence happen exactly as follows :: i) App wants to read some bytes, but in a probing manner (bytes may/may-not have been sent by server). ii) Now, currently, "bio1", "bio2", "socket" are in clean-state. Nothing is pending "in the real sense" to be written/read anywhere. iii) When app does BIO_read(bio1) SSL_ERROR_WANT_READ would be returned (after all, "bio1" cannot provide any app-payload-bytes unless it has received any app-payload-encrypted-bytes from server). iv) Doing BIO_get_read_request(bio2) would return 0. v) So, we try reading 1 byte from the socket (in a non-blocking manner, obviously). IFFFF successful, we write the 1 byte into "bio2" (and so, "bio1" will get the smell of a new encrypted packet). vi) Thereafter, when app again does BIO_read(bio1), (assuming we do not hit any re-negotiation case in this cycle) this time, BIO_get_read_request(bio2) will return a non-zero value "n". vii) We read the "n" bytes over the wire, and write them to "bio2". viii) Finally, the "m" decrypted-packet-bytes will be available at "bio1", from the encrypted-packet of length "n+1" bytes. Is my story of 8-points in case c) correct? :) I am sorry for bothering you so much, but I can take comfort from the fact that such idiotic questions will help noobs like me integrate openssl faster, with better understanding of the internals, which will obviously lead to slicker code. Thanks again to everyone for the help so far .... Thanks and Regards, Ajay > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From Michael.Wojcik at microfocus.com Sun Oct 9 21:09:41 2016 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sun, 9 Oct 2016 21:09:41 +0000 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Ajay Garg > Sent: Sunday, October 09, 2016 14:12 > > Also, for all my cases, Nagle's algorithm has been disabled on the > client as well as the server, so every write (at client/server) > constitutes a packet-transferred. This assumption is incorrect. Nagle is not the only factor which interferes with a 1-to-1 mapping between application sends and (IP) packets on the wire. The peer's receive window, the interface and path MTUs, fragmentation, transient network failures ... many things can either split an application message into multiple IP packets or even multiple TCP segments, or cause multiple application messages to be coalesced into a single TCP segment (which usually is also a single IP packet, now that path MTU determination usually works properly). You should never assume TCP is anything other than a byte-stream service. An application that makes any assumptions about how its send operations translate into TCP segments or IP packets is asking for trouble. -- Michael Wojcik Distinguished Engineer, Micro Focus From ajaygargnsit at gmail.com Mon Oct 10 01:04:31 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 06:34:31 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: Thanks Michael for the reply. And yes, your points are absolutely valid. We do not assume anything at the client/server as such, we just read the byte-streams, and generate (MQTT) packets out of bytestreams as and when the starting- and ending- boundaries of a (new) MQTT-packet are received. Still, I believe all my 3 questions (step a, step b, and the 8-point story in step c) are independent of this, and would like to hear from you experts as to if my understanding of all those 3 steps is correct, including the all important assumption *Implicit in this workflow is my assumption that SSL too builds up a packet for every BIO_write done over "bio1". * I say it the most important, because our application is MQTT-based, and all our communication is request/response based; we send a packet, and expect an acknowledgement. In other words, if my implicit assumption is correct, then every "BIO_write(bio1)" would generate a complete SSL-packet, which would be available at "bio2" instantly and synchronously - ready to be transferred over the wire. Again, would be thankful from the bottom of my heart, to hear confirmations/rejections regarding my theories in step a), step b) and 8-point-story in step c) as per my previous email. Thanks and Regards, Ajay On Mon, Oct 10, 2016 at 2:39 AM, Michael Wojcik wrote: >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >> Of Ajay Garg >> Sent: Sunday, October 09, 2016 14:12 >> >> Also, for all my cases, Nagle's algorithm has been disabled on the >> client as well as the server, so every write (at client/server) >> constitutes a packet-transferred. > > This assumption is incorrect. Nagle is not the only factor which interferes with a 1-to-1 mapping between application sends and (IP) packets on the wire. The peer's receive window, the interface and path MTUs, fragmentation, transient network failures ... many things can either split an application message into multiple IP packets or even multiple TCP segments, or cause multiple application messages to be coalesced into a single TCP segment (which usually is also a single IP packet, now that path MTU determination usually works properly). > > You should never assume TCP is anything other than a byte-stream service. An application that makes any assumptions about how its send operations translate into TCP segments or IP packets is asking for trouble. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay From ajaygargnsit at gmail.com Mon Oct 10 05:25:10 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 10:55:10 +0530 Subject: [openssl-users] Sequence of steps to initialize a ssl-session (only client-mode) Message-ID: Hi All. We are just dealing with the client-side, and following are the steps :: SSL_library_init(); OpenSSL_add_ssl_algorithms(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ERR_load_crypto_strings(); solitary_ssl_ctx = SSL_CTX_new(TLSv1_2_client_method()); if(solitary_ssl_ctx == NULL) { HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context") resetDevice(); } if(!SSL_CTX_use_certificate_file(solitary_ssl_ctx, "/home/sensegrow/cert", SSL_FILETYPE_PEM)) { HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context-Certificate") resetDevice(); } if(!SSL_CTX_use_PrivateKey_file(solitary_ssl_ctx, "/home/sensegrow/key", SSL_FILETYPE_PEM)) { HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context-Key") resetDevice(); } ssl_init_successful = 1; -- Regards, Ajay From ajaygargnsit at gmail.com Mon Oct 10 05:25:44 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 10:55:44 +0530 Subject: [openssl-users] [PLEASE IGNORE] Re: Sequence of steps to initialize a ssl-session (only client-mode) Message-ID: Sorry, the "send" button was clicked accidentally :( On Mon, Oct 10, 2016 at 10:55 AM, Ajay Garg wrote: > Hi All. > > We are just dealing with the client-side, and following are the steps :: > > SSL_library_init(); > OpenSSL_add_ssl_algorithms(); > OpenSSL_add_all_algorithms(); > SSL_load_error_strings(); > ERR_load_crypto_strings(); > > solitary_ssl_ctx = SSL_CTX_new(TLSv1_2_client_method()); > if(solitary_ssl_ctx == NULL) > { > > HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context") > resetDevice(); > } > > if(!SSL_CTX_use_certificate_file(solitary_ssl_ctx, > "/home/sensegrow/cert", SSL_FILETYPE_PEM)) > { > HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context-Certificate") > resetDevice(); > } > > if(!SSL_CTX_use_PrivateKey_file(solitary_ssl_ctx, > "/home/sensegrow/key", SSL_FILETYPE_PEM)) > { > HANDLE_CATASTROPHIC_INIT_ERROR("SSL-Context-Key") > resetDevice(); > } > > ssl_init_successful = 1; > > > > -- > Regards, > Ajay -- Regards, Ajay From openssl-users at dukhovni.org Mon Oct 10 05:30:46 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 10 Oct 2016 01:30:46 -0400 Subject: [openssl-users] Sequence of steps to initialize a ssl-session (only client-mode) In-Reply-To: References: Message-ID: <75E97CC7-1A63-4C9B-B6DA-B5E06185941F@dukhovni.org> > On Oct 10, 2016, at 1:25 AM, Ajay Garg wrote: > > solitary_ssl_ctx = SSL_CTX_new(TLSv1_2_client_method()); Don't use TLSv1_2_client_method(), instead use either: SSLv23_client_method() -- OpenSSL <= 1.0.2 TLS_client_method() -- OpenSSL >= 1.1.0 If you want to disable older protocol versions, do that via the appropriate options. -- Viktor. From ajaygargnsit at gmail.com Mon Oct 10 05:53:14 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 11:23:14 +0530 Subject: [openssl-users] [Version-2] Sequence of steps to initialize a ssl-session (only client-mode) Message-ID: [Thanks Viktor, I made the change as suggested by you in the other incomplete email that I sent accidentally]. Hi All. We are just dealing with the client-side, and following are the steps :: ################################################################################################# SSL_library_init(); OpenSSL_add_ssl_algorithms(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ERR_load_crypto_strings(); solitary_ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if(solitary_ssl_ctx == NULL) { // Control does not reach here. } if(!SSL_CTX_use_certificate_file(solitary_ssl_ctx, "/path/of/certificate", SSL_FILETYPE_PEM)) { // Control does not reach here. } if(!SSL_CTX_use_PrivateKey_file(solitary_ssl_ctx, "/path/of/key", SSL_FILETYPE_PEM)) { // Control does not reach here. } socket->ssl = SSL_new(solitary_ssl_ctx); if(socket->ssl == NULL) { // Control does not reach here. } if (!BIO_new_bio_pair(&(socket->inter_bio), SSL_BUFFER_SIZE, &(socket->network_bio), SSL_BUFFER_SIZE)); { // *CONTROL REACHES HERE* } socket->ssl_bio = BIO_new(BIO_f_ssl()); if (!(socket->ssl_bio)) { // Status Unknown } SSL_set_connect_state(socket->ssl); SSL_set_bio(socket->ssl, socket->inter_bio, socket->inter_bio); (void)BIO_set_ssl(socket->ssl_bio, socket->ssl, BIO_NOCLOSE); ################################################################################################# The socket structure has the following :: ################################################################################################# SSL *ssl; BIO *ssl_bio; // app-payload-bytes will be written by app into it. BIO *inter_bio; // intermediate-bio, have no idea what it really is used for. BIO *network_bio; // app-payload-encrypted-bytes will "emerge" from this bio, ready to be written over the wire ################################################################################################# I have followed the minimal steps (only for client-mode) as per http://opensource.apple.com/source/OpenSSL096/OpenSSL096-6.2/openssl/ssl/ssltest.c So, what am I missing which is causing BIO_new_bio_pair to fail? Thanks and Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Mon Oct 10 05:56:09 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 11:26:09 +0530 Subject: [openssl-users] [Version-2] Sequence of steps to initialize a ssl-session (only client-mode) In-Reply-To: References: Message-ID: Damn the semicolon at the end :( Sorry for the noise. Thanks and Regards, Ajay On Mon, Oct 10, 2016 at 11:23 AM, Ajay Garg wrote: > [Thanks Viktor, I made the change as suggested by you in the other > incomplete email that I sent accidentally]. > > > Hi All. > > We are just dealing with the client-side, and following are the steps :: > > ############################################################ > ##################################### > SSL_library_init(); > OpenSSL_add_ssl_algorithms(); > OpenSSL_add_all_algorithms(); > SSL_load_error_strings(); > ERR_load_crypto_strings(); > > solitary_ssl_ctx = SSL_CTX_new(SSLv23_client_method()); > if(solitary_ssl_ctx == NULL) > { > // Control does not reach here. > } > > if(!SSL_CTX_use_certificate_file(solitary_ssl_ctx, > "/path/of/certificate", SSL_FILETYPE_PEM)) > { > // Control does not reach here. > } > > if(!SSL_CTX_use_PrivateKey_file(solitary_ssl_ctx, "/path/of/key", > SSL_FILETYPE_PEM)) > { > // Control does not reach here. > } > > socket->ssl = SSL_new(solitary_ssl_ctx); > if(socket->ssl == NULL) > { > // Control does not reach here. > } > > if (!BIO_new_bio_pair(&(socket->inter_bio), SSL_BUFFER_SIZE, > &(socket->network_bio), SSL_BUFFER_SIZE)); > { > // *CONTROL REACHES HERE* > } > > socket->ssl_bio = BIO_new(BIO_f_ssl()); > if (!(socket->ssl_bio)) > { > // Status Unknown > } > > SSL_set_connect_state(socket->ssl); > SSL_set_bio(socket->ssl, socket->inter_bio, socket->inter_bio); > (void)BIO_set_ssl(socket->ssl_bio, socket->ssl, BIO_NOCLOSE); > ############################################################ > ##################################### > > > > > The socket structure has the following :: > > ############################################################ > ##################################### > SSL *ssl; > > BIO *ssl_bio; // app-payload-bytes will be > written by app into it. > BIO *inter_bio; // intermediate-bio, have no idea > what it really is used for. > BIO *network_bio; // app-payload-encrypted-bytes will > "emerge" from this bio, ready to be written over the wire > ############################################################ > ##################################### > > > > I have followed the minimal steps (only for client-mode) as per > http://opensource.apple.com/source/OpenSSL096/OpenSSL096- > 6.2/openssl/ssl/ssltest.c > So, what am I missing which is causing > > BIO_new_bio_pair > > to fail? > > > Thanks and Regards, > Ajay > > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Mon Oct 10 06:20:56 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 11:50:56 +0530 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read Message-ID: Hi All. Taking the socket-structure as :: ############################################################ ##################################### SSL *ssl; BIO *ssl_bio; // app-payload-bytes will be written by app into it. BIO *inter_bio; // intermediate-bio, have no idea what it really is used for. BIO *network_bio; // app-payload-encrypted-bytes will "emerge" from this bio, ready to be written over the wire ############################################################ ##################################### and assuming all initialization went fine, what is the correct way to get the retry-reason :: ############################################################ ##################################### if(BIO_should_retry(socket->ssl_bio) != 0) { int reason = BIO_get_retry_reason(socket->ssl_bio); } OR if(BIO_should_retry(socket->ssl_bio) != 0) { int reason = BIO_get_retry_reason(BIO_get_retry_BIO(socket->ssl_bio, NULL)); } ############################################################ ##################################### Right now, I am receiving 0 (zero) as the reason in both the cases, and none of SSL_ERROR_WANT_WRITE or SSL_ERROR_WANT_READ (in either case). Thanks and Regards, Ajay -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Mon Oct 10 06:49:29 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 10 Oct 2016 02:49:29 -0400 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: > On Oct 10, 2016, at 2:20 AM, Ajay Garg wrote: > > BIO *inter_bio; // intermediate-bio, have no idea what it really is used for. The internal BIO from BIO_new_bio_pair must be attached to the SSL handle via: SSL_set_bio(ssl, internal_bio, internal_bio); When SSL writes ciphertext to the internal bio, you can read that via the network_bio. When you write to the network_bio, SSL can read the data via the internal_bio. -- Viktor. From ajaygargnsit at gmail.com Mon Oct 10 06:58:38 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 12:28:38 +0530 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: Hi Viktor, I am already setting that. socket->ssl_bio = BIO_new(BIO_f_ssl()); if (!(socket->ssl_bio)) { HANDLE_CATASTROPHIC_INIT_ERROR("client-ssl-bio") return; } SSL_set_connect_state(socket->ssl); SSL_set_bio(socket->ssl, socket->inter_bio, socket->inter_bio); BIO_set_ssl(socket->ssl_bio, socket->ssl, BIO_NOCLOSE); On Mon, Oct 10, 2016 at 12:19 PM, Viktor Dukhovni < openssl-users at dukhovni.org> wrote: > > > On Oct 10, 2016, at 2:20 AM, Ajay Garg wrote: > > > > BIO *inter_bio; // intermediate-bio, have no > idea what it really is used for. > > The internal BIO from BIO_new_bio_pair must be attached to the SSL > handle via: > > SSL_set_bio(ssl, internal_bio, internal_bio); > > When SSL writes ciphertext to the internal bio, you can read that via > the network_bio. When you write to the network_bio, SSL can read the > data via the internal_bio. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Mon Oct 10 07:52:19 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 13:22:19 +0530 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: Following works : If(BIO_should_read(socket->ssl_bio) != 0) If(BIO_should_write(socket->ssl_bio) != 0) With this, I could get the entire end-to-end workflow to work !!!! Thanks a ton for all the help !!! On Mon, Oct 10, 2016 at 11:50 AM, Ajay Garg wrote: > Hi All. > > Taking the socket-structure as :: > > ############################################################ > ##################################### > SSL *ssl; > > BIO *ssl_bio; // app-payload-bytes will be > written by app into it. > BIO *inter_bio; // intermediate-bio, have no idea > what it really is used for. > BIO *network_bio; // app-payload-encrypted-bytes will > "emerge" from this bio, ready to be written over the wire > ############################################################ > ##################################### > > > > > and assuming all initialization went fine, what is the correct way to get > the retry-reason :: > > ############################################################ > ##################################### > if(BIO_should_retry(socket->ssl_bio) != 0) > { > int reason = BIO_get_retry_reason(socket->ssl_bio); > } > > OR > > if(BIO_should_retry(socket->ssl_bio) != 0) > { > int reason = BIO_get_retry_reason(BIO_get_retry_BIO(socket->ssl_bio, > NULL)); > } > ############################################################ > ##################################### > > > Right now, I am receiving 0 (zero) as the reason in both the cases, and > none of SSL_ERROR_WANT_WRITE or SSL_ERROR_WANT_READ (in either case). > > > Thanks and Regards, > Ajay > > > > -- > Regards, > Ajay > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Mon Oct 10 07:56:19 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 13:26:19 +0530 Subject: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets" In-Reply-To: References: <20161007034901.GJ4670@mournblade.imrryr.org> <20161007095504.GK4670@mournblade.imrryr.org> <623a812f-a42b-5207-50cc-071b53089a3f@wisemo.com> <20161007174701.GN4670@mournblade.imrryr.org> Message-ID: Hi All. I guess all my theories are bang on, as the entire framework was integrated seamlessly making use of the above "theories". Thanks a ton to everyone, and extra thanks to Viktor ? Thanks and Regards, Ajay On 10 Oct 2016 6:34 a.m., "Ajay Garg" wrote: > Thanks Michael for the reply. > > And yes, your points are absolutely valid. > > We do not assume anything at the client/server as such, we just read > the byte-streams, and generate (MQTT) packets out of bytestreams as > and when the starting- and ending- boundaries of a (new) MQTT-packet > are received. > > > Still, I believe all my 3 questions (step a, step b, and the 8-point > story in step c) are independent of this, and would like to hear from > you experts as to if my understanding of all those 3 steps is correct, > including the all important assumption > > *Implicit in this workflow is my assumption that SSL too builds up a > packet for every BIO_write done over "bio1". * > > I say it the most important, because our application is MQTT-based, > and all our communication is request/response based; we send a packet, > and expect an acknowledgement. > > In other words, if my implicit assumption is correct, then every > "BIO_write(bio1)" would generate a complete SSL-packet, which would be > available at "bio2" instantly and synchronously - ready to be > transferred over the wire. > > > Again, would be thankful from the bottom of my heart, to hear > confirmations/rejections regarding my theories in step a), step b) and > 8-point-story in step c) as per my previous email. > > > > Thanks and Regards, > Ajay > > On Mon, Oct 10, 2016 at 2:39 AM, Michael Wojcik > wrote: > >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On > Behalf > >> Of Ajay Garg > >> Sent: Sunday, October 09, 2016 14:12 > >> > >> Also, for all my cases, Nagle's algorithm has been disabled on the > >> client as well as the server, so every write (at client/server) > >> constitutes a packet-transferred. > > > > This assumption is incorrect. Nagle is not the only factor which > interferes with a 1-to-1 mapping between application sends and (IP) packets > on the wire. The peer's receive window, the interface and path MTUs, > fragmentation, transient network failures ... many things can either split > an application message into multiple IP packets or even multiple TCP > segments, or cause multiple application messages to be coalesced into a > single TCP segment (which usually is also a single IP packet, now that path > MTU determination usually works properly). > > > > You should never assume TCP is anything other than a byte-stream > service. An application that makes any assumptions about how its send > operations translate into TCP segments or IP packets is asking for trouble. > > > > -- > > Michael Wojcik > > Distinguished Engineer, Micro Focus > > > > > > > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > -- > Regards, > Ajay > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Mon Oct 10 08:01:22 2016 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 10 Oct 2016 04:01:22 -0400 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: > On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: > > If(BIO_should_read(socket->ssl_bio) != 0) > > If(BIO_should_write(socket->ssl_bio) != 0) In Postfix, we don't bother with the application layer ssl_bio, and just do SSL_read()/SSL_write() directly. You only need this if you specifically want a BIO API to SSL. > With this, I could get the entire end-to-end workflow to work !!!! You might not be done yet. Is the client verifying the server certificate including name checks? Just doing TLS, without certificate checks, only protects against passive attacks. -- Viktor. From ajaygargnsit at gmail.com Mon Oct 10 09:17:54 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 14:47:54 +0530 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni wrote: > > > On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: > > > > If(BIO_should_read(socket->ssl_bio) != 0) > > > > If(BIO_should_write(socket->ssl_bio) != 0) > > In Postfix, we don't bother with the application layer ssl_bio, > and just do SSL_read()/SSL_write() directly. You only need this > if you specifically want a BIO API to SSL. > > > With this, I could get the entire end-to-end workflow to work !!!! > > You might not be done yet. Is the client verifying the server > certificate including name checks? Just doing TLS, without > certificate checks, only protects against passive attacks. > Thanks Viktor. I will add this "enhancement", once I complete the code, in a manner that is portable across "any" device. Please expect a few questions from me on other threads :P Thanks and Regards, Ajay > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajaygargnsit at gmail.com Mon Oct 10 11:23:36 2016 From: ajaygargnsit at gmail.com (Ajay Garg) Date: Mon, 10 Oct 2016 16:53:36 +0530 Subject: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read In-Reply-To: References: Message-ID: On Mon, Oct 10, 2016 at 2:47 PM, Ajay Garg wrote: > > > On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni < > openssl-users at dukhovni.org> wrote: > >> >> > On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: >> > >> > If(BIO_should_read(socket->ssl_bio) != 0) >> > >> > If(BIO_should_write(socket->ssl_bio) != 0) >> >> In Postfix, we don't bother with the application layer ssl_bio, >> and just do SSL_read()/SSL_write() directly. You only need this >> if you specifically want a BIO API to SSL. >> > I am sorry, but I don't get this :( In broad words, is there anything wrong in :: int rc = BIO_write(socket->ssl_bio) / BIO_read(socket->ssl) followed by if(rc < 0) { If(BIO_should_read(socket->ssl_bio) != 0) { } If(BIO_should_write(socket->ssl_bio) != 0) { } } ? > >> > With this, I could get the entire end-to-end workflow to work !!!! >> >> You might not be done yet. Is the client verifying the server >> certificate including name checks? Just doing TLS, without >> certificate checks, only protects against passive attacks. >> > > Thanks Viktor. > > I will add this "enhancement", once I complete the code, in a manner that > is portable across "any" device. > Please expect a few questions from me on other threads :P > > > Thanks and Regards, > Ajay > >> >> -- >> Viktor. >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > > -- > Regards, > Ajay > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at openssl.org Mon Oct 10 12:24:06 2016 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 10 Oct 2016 12:24:06 +0000 Subject: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words" In-Reply-To: References: Message-ID: <20161010122406.GA26450@openssl.org> On Fri, Oct 07, 2016, Craig_Weeks at trendmicro.com wrote: > I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS architecture on vxWorks. I am getting this error during the link step: > > ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': > : multiple definition of `bn_div_3_words' > /usr/local/src/w/branches/zorro/tos390_tls/vendor/openssl-fips-2.0.12_installation/lib//fipscanister.o(.text+0x321c0): first defined here > > I see that others have encountered this problem in the past, but I have found no explanation or resolution. > The FIPS module uses some source from regular OpenSSL. In order to avoid duplicate symbol errors (like the one above) the ones in the FIPS module are renames to FIPS_symbol or fips_symbol. Unfortunately some of these haven't been renamed on some of the less commonly used platforms. The result is the error you see above. We can't just change the symbol name in the FIPS module as that would require a change letter and approval. What you can however do is rename the symbol in regular OpenSSL. The way you do this is to change occurrences of bn_div_3_words to ossl_bn-div_3_words and the recompile regular OpenSSL with this change: without the "fips" option. The reason for this is that you want to ensure you have renamed all the symbols in regular OpenSSL: if you missed any you'll get a linker error. Then you compile a FIPS capable OpenSSL and you shouldn't get a link error any more. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From steve at openssl.org Mon Oct 10 12:44:06 2016 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 10 Oct 2016 12:44:06 +0000 Subject: [openssl-users] Building an application with OpenSSL and FIPS support. In-Reply-To: <1475872620756.37526@Steelcloud.com> References: <1475872620756.37526@Steelcloud.com> Message-ID: <20161010124406.GB26450@openssl.org> On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking through the code would seem to confirm this. In addition, the error code doesn't seem to be present in the FIPS documentation, but errstr informs me that it is > > > error:2D06B06F:FIPS routines:DSA_BUILTIN_PARAMGEN2:fingerprint does not match nonpic relocated??? > > Any tips on where to go from here? > Which versions of the FIPS module and OpenSSL are you using? In the FIPS capable OpenSSL try this: OPENSSL_FIPS=1 openssl md5 /dev/null OPENSSL_FIPS=1 openssl sha1 /dev/null Please give details of any errors you get. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From kgoldman at us.ibm.com Mon Oct 10 13:30:28 2016 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 10 Oct 2016 09:30:28 -0400 Subject: [openssl-users] pod to html In-Reply-To: <8df8e2a6-7368-87e7-92f7-c06da578e855@openssl.org> References: <8df8e2a6-7368-87e7-92f7-c06da578e855@openssl.org> Message-ID: On 10/6/2016 10:11 AM, Matt Caswell wrote: > make install_html_docs That somewhat worked. 1 - I get 100's of errors of the form /usr/bin/pod2html: -: cannot resolve L in paragraph 11. 2 - The links, typically in "SEE ALSO" are not links. 3 - The back navigation at the bottom of the page is missing. I suspect that these are all related, probably to some configuration option that's missing. From MHeimlich at Steelcloud.com Mon Oct 10 14:11:53 2016 From: MHeimlich at Steelcloud.com (Matthew Heimlich) Date: Mon, 10 Oct 2016 14:11:53 +0000 Subject: [openssl-users] Building an application with OpenSSL and FIPS support. In-Reply-To: <20161010124406.GB26450@openssl.org> References: <1475872620756.37526@Steelcloud.com>,<20161010124406.GB26450@openssl.org> Message-ID: <1476108713755.68758@Steelcloud.com> $openssl version returns: OpenSSL 1.0.2j-fips My FIPS module version is openssl-fips-2.0.13 $OPENSSL_FIPS=1 openssl md5 /dev/null returns: Error setting digest md5 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: $OPENSSL_FIPS=1 openssl sha1 /dev/null returns: SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709 Do that appears to be working correctly. Thanks, Matt Heimlich ________________________________________ From: openssl-users on behalf of Dr. Stephen Henson Sent: Monday, October 10, 2016 8:44 AM To: openssl-users at openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support. On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking through the code would seem to confirm this. In addition, the error code doesn't seem to be present in the FIPS documentation, but errstr informs me that it is > > > error:2D06B06F:FIPS routines:DSA_BUILTIN_PARAMGEN2:fingerprint does not match nonpic relocated??? > > Any tips on where to go from here? > Which versions of the FIPS module and OpenSSL are you using? In the FIPS capable OpenSSL try this: OPENSSL_FIPS=1 openssl md5 /dev/null OPENSSL_FIPS=1 openssl sha1 /dev/null Please give details of any errors you get. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users From bkaduk at akamai.com Mon Oct 10 19:05:29 2016 From: bkaduk at akamai.com (Benjamin Kaduk) Date: Mon, 10 Oct 2016 14:05:29 -0500 Subject: [openssl-users] pod to html In-Reply-To: References: <8df8e2a6-7368-87e7-92f7-c06da578e855@openssl.org> Message-ID: <51ced234-846c-a00c-fbca-ae1b307b9cd4@akamai.com> On 10/10/2016 08:30 AM, Ken Goldman wrote: > On 10/6/2016 10:11 AM, Matt Caswell wrote: >> make install_html_docs > > That somewhat worked. > > 1 - I get 100's of errors of the form > > /usr/bin/pod2html: -: cannot resolve L in paragraph 11. > Trying the install locally, at least some of these are "well-known", resulting from links that cross the boundaries amongst apps/, crypto/, and ssl/ -- doc/apps/errstr.pod links to SSL_load_error_strings as the first "cannot resolve" error I see. I forget why this is not trivial to fix, though. > 2 - The links, typically in "SEE ALSO" are not links. > Maybe you should post some of the generated HTML? To reuse my errstr example, errstr.html has a SEE ALSO that is: >

SEE ALSO

> >

err, href="../../crypto/ERR_load_crypto_strings.html">ERR_load_crypto_strings, > SSL_load_error_strings

> which clearly has HTML links, except for the aforementioned SSL_load_error_strings. > 3 - The back navigation at the bottom of the page is missing. > > I suspect that these are all related, probably to some configuration > option that's missing. > > Looking at view-source:https://www.openssl.org/docs/manmaster/apps/errstr.html , the "You are here" hierarchy is in a