Integrating New Cipher Suite

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Integrating New Cipher Suite

Schmicker, Robert
Hello,

I'm attempting to integrate a customized cipher suite for TLS 1.2,
however no matter what I try I always seem to end up with this error
(client side):

SSL routines:ssl_cipher_list_to_bytes:no ciphers
available:ssl/statem/statem_clnt.c:3567

Can anyone give some further explanation on this?

Here's some snippets from the client and server setup.

client:

SSL_CTX* InitCTX(void)
{   const SSL_METHOD *method;
    SSL_CTX *ctx;

    OpenSSL_add_all_algorithms();  /* Load cryptos, et.al. */
    SSL_load_error_strings();   /* Bring in and register error messages */
    method = SSLv23_client_method();  /* Create new client-method
instance */
    ctx = SSL_CTX_new(method);   /* Create new context */

    /* Set cipher to use */
    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
        printf("Error setting the cipher list.\n");
        exit(0);
    }


    if ( ctx == NULL )
    {
        ERR_print_errors_fp(stderr);
        abort();
    }
    return ctx;
}

server:

SSL_CTX* InitServerCTX(void)
{   const SSL_METHOD *method;
    SSL_CTX *ctx;

    OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
    SSL_load_error_strings();   /* load all error messages */
    method = SSLv23_server_method();  /* create new server-method
instance */
    ctx = SSL_CTX_new(method);   /* create new context from method */
   
    /* Set cipher to use */
    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
        printf("Error setting the cipher list.\n");
        exit(0);
    }

    if ( ctx == NULL )
    {
        ERR_print_errors_fp(stderr);
        abort();
    }
    return ctx;
}

Thank you,
Rob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Matt Caswell-2


On 08/04/17 18:56, Schmicker, Robert wrote:

> Hello,
>
> I'm attempting to integrate a customized cipher suite for TLS 1.2,
> however no matter what I try I always seem to end up with this error
> (client side):
>
> SSL routines:ssl_cipher_list_to_bytes:no ciphers
> available:ssl/statem/statem_clnt.c:3567
>
> Can anyone give some further explanation on this?

There is no way of dynamically adding new TLS1.2 ciphersuites into
OpenSSL. The only way to do this is to modify the source code. If that's
what you've done then you're going to need to provide a lot more
information about the changes you have made before anyone can help!

Matt


>
> Here's some snippets from the client and server setup.
>
> client:
>
> SSL_CTX* InitCTX(void)
> {   const SSL_METHOD *method;
>     SSL_CTX *ctx;
>
>     OpenSSL_add_all_algorithms();  /* Load cryptos, et.al. */
>     SSL_load_error_strings();   /* Bring in and register error messages */
>     method = SSLv23_client_method();  /* Create new client-method
> instance */
>     ctx = SSL_CTX_new(method);   /* Create new context */
>
>     /* Set cipher to use */
>     if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>         printf("Error setting the cipher list.\n");
>         exit(0);
>     }
>
>
>     if ( ctx == NULL )
>     {
>         ERR_print_errors_fp(stderr);
>         abort();
>     }
>     return ctx;
> }
>
> server:
>
> SSL_CTX* InitServerCTX(void)
> {   const SSL_METHOD *method;
>     SSL_CTX *ctx;
>
>     OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
>     SSL_load_error_strings();   /* load all error messages */
>     method = SSLv23_server_method();  /* create new server-method
> instance */
>     ctx = SSL_CTX_new(method);   /* create new context from method */
>    
>     /* Set cipher to use */
>     if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>         printf("Error setting the cipher list.\n");
>         exit(0);
>     }
>
>     if ( ctx == NULL )
>     {
>         ERR_print_errors_fp(stderr);
>         abort();
>     }
>     return ctx;
> }
>
> Thank you,
> Rob
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Dr. Stephen Henson
In reply to this post by Schmicker, Robert
On Sat, Apr 08, 2017, Schmicker, Robert wrote:

> Hello,
>
> I'm attempting to integrate a customized cipher suite for TLS 1.2,
> however no matter what I try I always seem to end up with this error
> (client side):
>
> SSL routines:ssl_cipher_list_to_bytes:no ciphers
> available:ssl/statem/statem_clnt.c:3567
>
> Can anyone give some further explanation on this?
>
> Here's some snippets from the client and server setup.
>
> client:
>

That sounds like the cipher isn't visible.

I'd suggest trying s_client/s_server first.

Which version of OpenSSL are you using?

Does your new cipher appear in "openssl ciphers"? If so does the output look
sensible? Does it appear with the -s option too?

Is the cipher visible using "openssl list -cipher-algorithms" (OpenSSL 1.1.0)
or "openssl list-cipher-algorithms" (OpenSSL 1.0.2).

Is your new cipher usable via the command line utilities like "enc"? Does it
seems to be behaving as expected?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Schmicker, Robert
In reply to this post by Schmicker, Robert
Thank you for the quick replies!

@Matt Caswell

I have attempted to integrate the cipher suite into the source code and here is what I have done so far…

Please keep in mind this was a previous attempt that mimicked a different cipher suite.

Added defines in include/openssl/tls1.h:
   # define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384        0x03001306
   # define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384       "ECDHE-ECDSA-MYCHIPHER-SHA384"

Added a define in include/openssl/ssl.h:
   # define SSL_TXT_MYCIPHER       "MYCIPHER"

Integrated into ssl/s3_lib.c:
   static SSL_CIPHER ssl3_ciphers[] = {

   {
    1,
    TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    SSL_kECDHE,
    SSL_aECDSA,
    SSL_MYCIPHER,
    SSL_AEAD,
    TLS1_2_VERSION, TLS1_2_VERSION,
    DTLS1_2_VERSION, DTLS1_2_VERSION,
    SSL_HIGH | SSL_FIPS,
    SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
    64,
    64,
   },


Added the binary representation in ssl/ssl_locl.h:
   # define SSL_MYCIPHER           0x00100000U

Integrated into ssl/ssl_ciph.c:
   #define SSL_ENC_CHACHA_IDX      19
   #define SSL_ENC_MYCIPHER           20
   #define SSL_ENC_NUM_IDX             21

   /* Table of NIDs for each cipher */
   static const ssl_cipher_table
ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
       {SSL_MYCIPHER, NID_MYCIPHER},

   static const SSL_CIPHER cipher_aliases[] = {
       {0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER},

Added the loading of the cipher into ssl/ssl_init.c:
   DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
   {
   #ifdef OPENSSL_INIT_DEBUG
       fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
               "Adding SSL ciphers and digests\n");
   #endif

       EVP_add_cipher(EVP_mycipher());

   #ifndef OPENSSL_NO_DES
       EVP_add_cipher(EVP_des_cbc());
       EVP_add_cipher(EVP_des_ede3_cbc());
   #endif

Am I missing a step in integration?

@Dr. Stephen Henson
I’m using the most current dev branch 1.1.1-dev and thankfully the -enc does work with the EVP interface as expected.
Also, the cipher suite does show up using "openssl ciphers -v”. However, when using the s_server/s_client, I receive the same error. Please see above for my integration steps.

Any help is much appreciated!
Rob Schmicker

> On Apr 10, 2017, at 8:36 PM, [hidden email] wrote:
>
> Send openssl-users mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>   1. Integrating New Cipher Suite (Schmicker, Robert)
>   2. Re: Integrating New Cipher Suite (Matt Caswell)
>   3. Re: RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS
>      (Dr. Stephen Henson)
>   4. Re: Integrating New Cipher Suite (Dr. Stephen Henson)
>   5. ssl_method_st not defined (Stiju Easo)
>   6. Re: ssl_method_st not defined (Salz, Rich)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 8 Apr 2017 17:56:54 +0000
> From: "Schmicker, Robert" <[hidden email]>
> To: "[hidden email]" <[hidden email]>
> Subject: [openssl-users] Integrating New Cipher Suite
> Message-ID:
> <[hidden email]>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello,
>
> I'm attempting to integrate a customized cipher suite for TLS 1.2,
> however no matter what I try I always seem to end up with this error
> (client side):
>
> SSL routines:ssl_cipher_list_to_bytes:no ciphers
> available:ssl/statem/statem_clnt.c:3567
>
> Can anyone give some further explanation on this?
>
> Here's some snippets from the client and server setup.
>
> client:
>
> SSL_CTX* InitCTX(void)
> {   const SSL_METHOD *method;
>    SSL_CTX *ctx;
>
>    OpenSSL_add_all_algorithms();  /* Load cryptos, et.al. */
>    SSL_load_error_strings();   /* Bring in and register error messages */
>    method = SSLv23_client_method();  /* Create new client-method
> instance */
>    ctx = SSL_CTX_new(method);   /* Create new context */
>
>    /* Set cipher to use */
>    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>        printf("Error setting the cipher list.\n");
>        exit(0);
>    }
>
>
>    if ( ctx == NULL )
>    {
>        ERR_print_errors_fp(stderr);
>        abort();
>    }
>    return ctx;
> }
>
> server:
>
> SSL_CTX* InitServerCTX(void)
> {   const SSL_METHOD *method;
>    SSL_CTX *ctx;
>
>    OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
>    SSL_load_error_strings();   /* load all error messages */
>    method = SSLv23_server_method();  /* create new server-method
> instance */
>    ctx = SSL_CTX_new(method);   /* create new context from method */
>
>    /* Set cipher to use */
>    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>        printf("Error setting the cipher list.\n");
>        exit(0);
>    }
>
>    if ( ctx == NULL )
>    {
>        ERR_print_errors_fp(stderr);
>        abort();
>    }
>    return ctx;
> }
>
> Thank you,
> Rob
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Apr 2017 11:03:05 +0100
> From: Matt Caswell <[hidden email]>
> To: [hidden email]
> Subject: Re: [openssl-users] Integrating New Cipher Suite
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=windows-1252
>
>
>
> On 08/04/17 18:56, Schmicker, Robert wrote:
>> Hello,
>>
>> I'm attempting to integrate a customized cipher suite for TLS 1.2,
>> however no matter what I try I always seem to end up with this error
>> (client side):
>>
>> SSL routines:ssl_cipher_list_to_bytes:no ciphers
>> available:ssl/statem/statem_clnt.c:3567
>>
>> Can anyone give some further explanation on this?
>
> There is no way of dynamically adding new TLS1.2 ciphersuites into
> OpenSSL. The only way to do this is to modify the source code. If that's
> what you've done then you're going to need to provide a lot more
> information about the changes you have made before anyone can help!
>
> Matt
>
>
>>
>> Here's some snippets from the client and server setup.
>>
>> client:
>>
>> SSL_CTX* InitCTX(void)
>> {   const SSL_METHOD *method;
>>    SSL_CTX *ctx;
>>
>>    OpenSSL_add_all_algorithms();  /* Load cryptos, et.al. */
>>    SSL_load_error_strings();   /* Bring in and register error messages */
>>    method = SSLv23_client_method();  /* Create new client-method
>> instance */
>>    ctx = SSL_CTX_new(method);   /* Create new context */
>>
>>    /* Set cipher to use */
>>    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>>        printf("Error setting the cipher list.\n");
>>        exit(0);
>>    }
>>
>>
>>    if ( ctx == NULL )
>>    {
>>        ERR_print_errors_fp(stderr);
>>        abort();
>>    }
>>    return ctx;
>> }
>>
>> server:
>>
>> SSL_CTX* InitServerCTX(void)
>> {   const SSL_METHOD *method;
>>    SSL_CTX *ctx;
>>
>>    OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
>>    SSL_load_error_strings();   /* load all error messages */
>>    method = SSLv23_server_method();  /* create new server-method
>> instance */
>>    ctx = SSL_CTX_new(method);   /* create new context from method */
>>
>>    /* Set cipher to use */
>>    if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
>>        printf("Error setting the cipher list.\n");
>>        exit(0);
>>    }
>>
>>    if ( ctx == NULL )
>>    {
>>        ERR_print_errors_fp(stderr);
>>        abort();
>>    }
>>    return ctx;
>> }
>>
>> Thank you,
>> Rob
>>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 10 Apr 2017 13:46:26 +0000
> From: "Dr. Stephen Henson" <[hidden email]>
> To: [hidden email]
> Subject: Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and
> RSASSA-PSS
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Apr 05, 2017, Davy Souza wrote:
>
>> Hi,
>>
>>
>> I'm using RSA, but I need to know if OpenSSL RSA implements PKCS#1 v2.1. I have the following questions:
>>
>>   1) Does OpenSSL support multi-prime?
>>
>
> No.
>
>>   2) Does OpenSSL support RSASSA-PSS?
>>
>
> Yes.
>
>>   3) If so, how can I use it?
>>
>
> In what context do you want to use it? For example CMS, certificates, TLS,
> general application code or via the command line?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 10 Apr 2017 13:56:40 +0000
> From: "Dr. Stephen Henson" <[hidden email]>
> To: [hidden email]
> Subject: Re: [openssl-users] Integrating New Cipher Suite
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> On Sat, Apr 08, 2017, Schmicker, Robert wrote:
>
>> Hello,
>>
>> I'm attempting to integrate a customized cipher suite for TLS 1.2,
>> however no matter what I try I always seem to end up with this error
>> (client side):
>>
>> SSL routines:ssl_cipher_list_to_bytes:no ciphers
>> available:ssl/statem/statem_clnt.c:3567
>>
>> Can anyone give some further explanation on this?
>>
>> Here's some snippets from the client and server setup.
>>
>> client:
>>
>
> That sounds like the cipher isn't visible.
>
> I'd suggest trying s_client/s_server first.
>
> Which version of OpenSSL are you using?
>
> Does your new cipher appear in "openssl ciphers"? If so does the output look
> sensible? Does it appear with the -s option too?
>
> Is the cipher visible using "openssl list -cipher-algorithms" (OpenSSL 1.1.0)
> or "openssl list-cipher-algorithms" (OpenSSL 1.0.2).
>
> Is your new cipher usable via the command line utilities like "enc"? Does it
> seems to be behaving as expected?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 11 Apr 2017 02:20:32 +0530
> From: Stiju Easo <[hidden email]>
> To: [hidden email]
> Subject: [openssl-users] ssl_method_st not defined
> Message-ID:
> <CAD3rvcoR8Kpgfw2F6t_P=[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
>  I am trying to adopt OpenSSL 1.1.0 for my code,
>  I was able to move away from pointers for RSA etc to appropriate
> functions, but i got stuck at session
>
>
> in my code need to assign back the SSL pointer with the cipher, session id
> etc
> as below
>
>  ssl_session->client_version = client_version;
>  ssl_session->session->cipher = ssl_session->s3->tmp.new_cipher =
> pending_cipher;
>  ssl_session->session->session_id_length = ssl_id.getLength();
>
>  as now ssl_method_st  has been moved to ssl_locl.h and I am not supposed
> to include that,
>  is there any API to set these variables?
>  only code reference I saw is ssl/.statem/statem_srvr.c, where it uses
> ssl_locl.h directly.
>
>  My question is 1) is operations like setting Client version , cipher, so
> ,session, allowed with 1.1?
>                  2)so,does API exist for it?
> --
>
>
>          Stiju Easo
>
>
> The unexamined life is not worth living for man.
>      Socrates, in Plato, Dialogues, Apology
>      Greek philosopher in Athens (469 BC - 399 BC)
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170411/839ec228/attachment-0001.html>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 11 Apr 2017 00:36:07 +0000
> From: "Salz, Rich" <[hidden email]>
> To: "[hidden email]" <[hidden email]>
> Subject: Re: [openssl-users] ssl_method_st not defined
> Message-ID:
> <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> No, the functions you want aren?t provided right now.  What are you trying to do?  Why are you modifying the session, outside of the TLS protocol?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170411/ab65e480/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> openssl-users mailing list
> [hidden email]
> https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> ------------------------------
>
> End of openssl-users Digest, Vol 29, Issue 10
> *********************************************

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Dr. Stephen Henson
On Tue, Apr 11, 2017, Schmicker, Robert wrote:

> Added a define in include/openssl/ssl.h:
>    # define SSL_TXT_MYCIPHER       "MYCIPHER"
>
> Integrated into ssl/s3_lib.c:
>    static SSL_CIPHER ssl3_ciphers[] = {
>
>    {
>     1,
>     TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
>     TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
>     SSL_kECDHE,
>     SSL_aECDSA,
>     SSL_MYCIPHER,
>     SSL_AEAD,
>     TLS1_2_VERSION, TLS1_2_VERSION,
>     DTLS1_2_VERSION, DTLS1_2_VERSION,
>     SSL_HIGH | SSL_FIPS,
>     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
>     64,
>     64,
>    },

That's a pretty small number of bits. Do you really mean it to be only 64?

Does you ciphersuite show up with cipher -s?

It's possible it is being rejected because it has insufficient security. If
the number of bits is really 64 you could try droppping the security level to
0 to allow it.

If that doesn't help enable trace support with enable-ssl-trace and then try
the -trace command ot s_client/s_server and see if the new ciphersuites is
sent in ClientHello

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Schmicker, Robert
In reply to this post by Schmicker, Robert
Added a define in include/openssl/ssl.h:
   # define SSL_TXT_MYCIPHER       "MYCIPHER"

Integrated into ssl/s3_lib.c:
   static SSL_CIPHER ssl3_ciphers[] = {

   {
    1,
    TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    SSL_kECDHE,
    SSL_aECDSA,
    SSL_MYCIPHER,
    SSL_AEAD,
    TLS1_2_VERSION, TLS1_2_VERSION,
    DTLS1_2_VERSION, DTLS1_2_VERSION,
    SSL_HIGH | SSL_FIPS,
    SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
    64,
    64,
   },
>That's a pretty small number of bits. Do you really mean it to be only 64?
>
>Does you ciphersuite show up with cipher -s?
>
>It's possible it is being rejected because it has insufficient security. If
>the number of bits is really 64 you could try droppping the security level to
>0 to allow it.
>
>If that doesn't help enable trace support with enable-ssl-trace and then try
>the -trace command ot s_client/s_server and see if the new ciphersuites is
>sent in ClientHello
>
>Steve.
>--
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
After some debugging (exactly as mentioned above) it appears that the cipher suite does not show up in the ClientHello using the s_client/s_server. I modified the cipher for testing to use 512 bits instead of 64 so that it is ranked highest.

Error server side:
SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979

Error Client side:
SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80

Any idea why the cipher would appear under the list of supported tls1.2 ciphers, yet it does not appear under the ClientHello even if specified with the -cipher option?

Thank you for any leads!
Rob


On 4/12/17 8:06 AM, [hidden email] wrote:
Send openssl-users mailing list submissions to
	[hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
	https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
	[hidden email]

You can reach the person managing the list at
	[hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

   1. Re: Integrating New Cipher Suite (Dr. Stephen Henson)
   2. Re: RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS (Davy Souza)
   3.  Escaped Issuer/Subject ([hidden email])
   4. Multithreading: Global locks causing bottleneck in parallel
      SSL_write calls (dipakgaigole)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Apr 2017 18:54:09 +0000
From: "Dr. Stephen Henson" [hidden email]
To: [hidden email]
Subject: Re: [openssl-users] Integrating New Cipher Suite
Message-ID: [hidden email]
Content-Type: text/plain; charset=us-ascii

On Tue, Apr 11, 2017, Schmicker, Robert wrote:

Added a define in include/openssl/ssl.h:
   # define SSL_TXT_MYCIPHER       "MYCIPHER"

Integrated into ssl/s3_lib.c:
   static SSL_CIPHER ssl3_ciphers[] = {

   {
    1,
    TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
    SSL_kECDHE,
    SSL_aECDSA,
    SSL_MYCIPHER,
    SSL_AEAD,
    TLS1_2_VERSION, TLS1_2_VERSION,
    DTLS1_2_VERSION, DTLS1_2_VERSION,
    SSL_HIGH | SSL_FIPS,
    SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
    64,
    64,
   },
That's a pretty small number of bits. Do you really mean it to be only 64?

Does you ciphersuite show up with cipher -s?

It's possible it is being rejected because it has insufficient security. If
the number of bits is really 64 you could try droppping the security level to
0 to allow it.

If that doesn't help enable trace support with enable-ssl-trace and then try
the -trace command ot s_client/s_server and see if the new ciphersuites is
sent in ClientHello

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


------------------------------

Message: 2
Date: Tue, 11 Apr 2017 12:50:29 +0000
From: Davy Souza [hidden email]
To: [hidden email] [hidden email]
Subject: Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and
	RSASSA-PSS
Message-ID:
	[hidden email]
	
Content-Type: text/plain; charset="iso-8859-1"

In what context do you want to use it? For example CMS, certificates, TLS,
    general application code or via the command line?


It's a C++ embedded application for a POS.  One requirement is to use PKCS#1 v2.1 for RSA functions.


Davy Alves de Souza
Computer Scientist
Federal University of S?o Carlos, Sorocaba / SP - Brazil
________________________________
De: openssl-users [hidden email] em nome de Dr. Stephen Henson [hidden email]
Enviado: segunda-feira, 10 de abril de 2017 10:46:26
Para: [hidden email]
Assunto: Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS

On Wed, Apr 05, 2017, Davy Souza wrote:

Hi,


I'm using RSA, but I need to know if OpenSSL RSA implements PKCS#1 v2.1. I have the following questions:

   1) Does OpenSSL support multi-prime?

No.

   2) Does OpenSSL support RSASSA-PSS?

Yes.

   3) If so, how can I use it?

In what context do you want to use it? For example CMS, certificates, TLS,
general application code or via the command line?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170411/7e8a5420/attachment-0001.html>

------------------------------

Message: 3
Date: Wed, 12 Apr 2017 06:47:25 +0200
From: [hidden email] [hidden email]
To: [hidden email]
Subject: [openssl-users]  Escaped Issuer/Subject
Message-ID: [hidden email]
Content-Type: text/plain; charset=utf-8; format=flowed

I thought about escaping regarding DN itself (LDAP DN).

https://www.ietf.org/rfc/rfc4514.txt

https://www.ibm.com/support/knowledgecenter/en/ssw_i5_54/rzahy/rzahyunderdn.htm

https://msdn.microsoft.com/en-us/library/aa366101%28v=vs.85%29.aspx

Best regards


------------------------------

Message: 4
Date: 12 Apr 2017 10:54:28 -0000
From: "dipakgaigole" [hidden email]
To: [hidden email]
Subject: [openssl-users] Multithreading: Global locks causing
	bottleneck in parallel SSL_write calls
Message-ID: [hidden email]
Content-Type: text/plain; charset="utf-8"

Hi,&nbsp;I have a windows multi-threaded SSL server application which handles each client request in a new thread. The Server handles different types of requests. One of the request type is like &ldquo;send file&rdquo; where server thread has to read a file from local filesystem and send the content to the client.Server configurations:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FIPS: Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSL Protocol: TLSv1.2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cipher: AES256-SHA&nbsp;It was observed that as the number of thread parallelism increases, the throughput decreases.To profile the server, I had recompiled the OpenSSL and FIPS source with debug symbol information. When run under a statistical profiler &ldquo;verysleepy&ldquo; (http://www.codersnotes.com/sleepy) points out below stack (hotspot
 ) which was consuming most of the time.###################################WaitForSingleObjectEx&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; KERNELBASE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [unknown]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x7fefd2610dcCRYPTO_lock&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LIBEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\crypto\cryptlib.c 597&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0xfb0bb26FIPS_lock&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb
 sp;&nbsp; LIBEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\fips_src\openssl-fips-2.0.10\fips\utl\fips_lck.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 69&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0xfceb291fips_drbg_bytes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LIBEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\fips_src\openssl-fips-2.0.10\fips\rand\fips_drbg_rand.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 86&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0xfcfe868RAND_bytes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n
 bsp;&nbsp;&nbsp;&nbsp;&nbsp; LIBEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\crypto\rand\rand_lib.c&nbsp;&nbsp;&nbsp; 159&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0xfc0dbe5tls1_enc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\ssl\t1_enc.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 786&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x3b6675cdo_ssl3_write&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEAY64&nbsp;&nbsp;&nbsp;&nbsp;&
 nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\ssl\s3_pkt.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1042&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x3b4c336ssl3_write_bytes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\ssl\s3_pkt.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 830&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x3b4baddssl3_write&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\ssl\s3_lib.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
 nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4404&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x3b4796cSSL_write&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEAY64&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; c:\openssl_src\openssl-1.0.2f\ssl\ssl_lib.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1047&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x3b7a3e4###################################&nbsp;To check if this behavior can be seen outside of our code, I wrote a standalone multi threaded SSL server which performs same task as &ldquo;send file&rdquo;. And profiling of the standalone server also point out at the similar stack. So I was able to reproduced this behavior in standalone program.File size used: 340 MB&nbsp;To find out how the bottleneck varies with increasing the parallel thread count 
 in standalone SSL server program, I analyzed one thread behavior with different parallelism and here are the results:######################&ldquo;Parallel thread count&rdquo; &nbsp;-&gt; &nbsp;&ldquo;% of time spend in waiting for global lock&rdquo;1 -&gt; 1 %2 -&gt; 2 %5 -&gt; 5 %10 -&gt; 40 %15 -&gt; 46 %20 -&gt; 65 %25 -&gt; 68 %30 -&gt; 70 %######################&nbsp;After digging into the FIPS code found that there is a global lock around the random number generation code which is causing the bottleneck when multiple threads want to perform SSL_write operation in parallel.Code snippet from fips/rand/fips_drbg_rand.c:######################/* Since we only have one global PRNG used at any time in OpenSSL use a global* variable to store context.*/static DRBG_CTX ossl_dctx;&hellip;.&hellip;.static int fips_drbg_bytes(unsigned char *out, int count)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DRBG_CTX *dctx = &amp;ossl_dctx;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int rv = 0;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; unsigned char *adin = NULL;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; size_t adinlen = 0;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CRYPTO_w_lock(CRYPTO_LOCK_RAND);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; &nbsp;&nbsp; &hellip;.&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &hellip;.&nbsp; &nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CRYPTO_w_unlock(CRYPTO_LOCK_RAND);######################&nbsp;As comment from fips_drbg_rand.c says, do we really need to have one global PRNG at any time in OpenSSL? Does any
 one has any suggestion about how starvation (due to the global locks) of parallel SSL_write can be reduced? Any suggestions are welcome :)&nbsp;Thanks,Dipak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170412/70b473ef/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
[hidden email]
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 29, Issue 13
*********************************************



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Dr. Stephen Henson
On Fri, Apr 14, 2017, Schmicker, Robert wrote:

>
>
> After some debugging (exactly as mentioned above) it appears that the cipher suite does not show up in the ClientHello using the s_client/s_server. I modified the cipher for testing to use 512 bits instead of 64 so that it is ranked highest.
>
> Error server side:
> SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979
>
> Error Client side:
> SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80
>
> Any idea why the cipher would appear under the list of supported tls1.2 ciphers, yet it does not appear under the ClientHello even if specified with the -cipher option?
>

Hmm... it's not clear why the cipher isn't being sent in client hello. What
output do you get with -security_debug_verbose option? Also try including
@SECLEVEL=0 in the cipher string.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Wallboy
In reply to this post by Schmicker, Robert
Hi,

I'm also interested in adding a few "pseudo" ciphersuites to OpenSSL.
Notably the 16 GREASE ones Chrome currently uses (0x0A0A, 0x1A1A...0xFAFA).

I made similar changes to the files listed in this thread and compiled
successfully (based on 1.1.0f). I see the new cipher when doing "openssl
ciphers ALL:eNULL".

However I had the same issue that when trying to include it using s_client,
the ClientHello message did not actually send it:

openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A" -connect
www.google.com:443 -servername www.google.com

ClientHello contained two ciphersuites. The first one listed and also the
SCSV cipher

I then tried this:

openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A:@SECLEVEL=0"
-connect www.google.com:443 -servername www.google.com

Bingo! But the ClientHello now sends 4 Ciphersuites. The first one listed,
followed by my GREASE pseudo cipher, then TLS_RSA_WITH_RC4_128_MD5, then the
SCSV cipher.

I'm not sure why that RC4 cipher is sent. Although it probably has to do
with the fact I structured that GREASE cipher after it:

     {
     1,
     SSL3_TXT_GREASE1,
     SSL3_CK_GREASE1,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },

If I'm just trying to use it as a pseudo cipher for ClientHello messages,
how should it look in the above struct? And how can I get it to send without
specifying SECLEVEL=0?

Bonus Question: Is it possible to remove the SCSV cipher in the ClientHello?

Thanks for any help
   



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Dr. Stephen Henson
On Sun, Oct 01, 2017, Wallboy wrote:

> Hi,
>
> I'm also interested in adding a few "pseudo" ciphersuites to OpenSSL.
> Notably the 16 GREASE ones Chrome currently uses (0x0A0A, 0x1A1A...0xFAFA).
>
> I made similar changes to the files listed in this thread and compiled
> successfully (based on 1.1.0f). I see the new cipher when doing "openssl
> ciphers ALL:eNULL".
>
> However I had the same issue that when trying to include it using s_client,
> the ClientHello message did not actually send it:
>
> openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A" -connect
> www.google.com:443 -servername www.google.com
>
> ClientHello contained two ciphersuites. The first one listed and also the
> SCSV cipher
>
> I then tried this:
>
> openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A:@SECLEVEL=0"
> -connect www.google.com:443 -servername www.google.com
>
> Bingo! But the ClientHello now sends 4 Ciphersuites. The first one listed,
> followed by my GREASE pseudo cipher, then TLS_RSA_WITH_RC4_128_MD5, then the
> SCSV cipher.
>
> I'm not sure why that RC4 cipher is sent. Although it probably has to do
> with the fact I structured that GREASE cipher after it:
>
>      {
>      1,
>      SSL3_TXT_GREASE1,
>      SSL3_CK_GREASE1,
>      SSL_kRSA,
>      SSL_aRSA,
>      SSL_RC4,
>      SSL_MD5,
>      SSL3_VERSION, TLS1_2_VERSION,
>      0, 0,
>      SSL_NOT_DEFAULT | SSL_MEDIUM,
>      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
>      128,
>      128,
>      },
>
> If I'm just trying to use it as a pseudo cipher for ClientHello messages,
> how should it look in the above struct? And how can I get it to send without
> specifying SECLEVEL=0?
>

If you want to specify the ciphersuites in the cipher string then they need to
be part of the list of ciphers. However these wouldn't be normal ciphersuites:
they'd never be selected by a server for example. Giving them separate
definitions and handling does go against the requirements of GREASE draft
though.

Your problems are because you copied the definitions for that RC4 ciphersuite.
The fact it uses MD5 means it gets rules out at anything other than security
level 0.

If you just want to include them in a client hello you can do something
similar to the scsv code which adds its own pseudo-ciphersuite. In particular
the code in ssl_cipher_list_to_bytes().

> Bonus Question: Is it possible to remove the SCSV cipher in the ClientHello?
>

You can't remove it without making source changes. Again it's in the
ssl_cipher_list_to_bytes() function.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Jakob Bohm-7
On 02/10/2017 00:47, Dr. Stephen Henson wrote:

> On Sun, Oct 01, 2017, Wallboy wrote:
>
>> Hi,
>>
>> ...
>> Bonus Question: Is it possible to remove the SCSV cipher in the ClientHello?
>>
> You can't remove it without making source changes. Again it's in the
> ssl_cipher_list_to_bytes() function.
>
Have you tried clearing SSL_MODE_SEND_FALLBACK_SCSV (in a program),
or (not) using the -fallback_scsv option to s_client?

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Integrating New Cipher Suite

Schmicker, Robert
In reply to this post by Schmicker, Robert
Not sure if I'm late to the party on this one but check out this link:

I wrote this up a few months back so let me know if you have any questions.

Rob

Sent: Wednesday, October 4, 4:29 AM
Subject: openssl-users Digest, Vol 35, Issue 2
Send openssl-users mailing list submissions to [hidden email] To subscribe or unsubscribe via the World Wide Web, visit https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmta.openssl.org%2Fmailman%2Flistinfo%2Fopenssl-users&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=nwv%2FYJCbDn6efXDt5aLvRnrx0yZNb6CO96bSR7i7KpE%3D&reserved=0 or, via email, send a message with subject or body 'help' to [hidden email] You can reach the person managing the list at [hidden email] When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: 1. Re: Integrating New Cipher Suite (Jakob Bohm) 2. Re: FIPS Object Module 2.0, fipsalgtest.pl fails (Diaz de Grenu, Jose) 3. Re: FIPS Object Module 2.0, fipsalgtest.pl fails (Steve Marquess) 4. Engine configuration (Dmitry Belyavsky) 5. Re: Engine configuration (Dr. Stephen Henson) 6. AES CMAC with given iv (Stefan Gr?nwald) 7. Re: FIPS Object Module 2.0, fipsalgtest.pl fails (Diaz de Grenu, Jose) 8. Re: Storing private key on tokens (lists) ---------------------------------------------------------------------- Message: 1 Date: Mon, 2 Oct 2017 13:52:18 +0200 From: Jakob Bohm To: [hidden email] Subject: Re: [openssl-users] Integrating New Cipher Suite Message-ID: Content-Type: text/plain; charset=utf-8; format=flowed On 02/10/2017 00:47, Dr. Stephen Henson wrote: > On Sun, Oct 01, 2017, Wallboy wrote: > >> Hi, >> >> ... >> Bonus Question: Is it possible to remove the SCSV cipher in the ClientHello? >> > You can't remove it without making source changes. Again it's in the > ssl_cipher_list_to_bytes() function. > Have you tried clearing SSL_MODE_SEND_FALLBACK_SCSV (in a program), or (not) using the -fallback_scsv option to s_client? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wisemo.com&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=LVMC1kSp3iqPTwUPFYLAfNrPzByVOBFdcH3qMS3P5TY%3D&reserved=0 Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ------------------------------ Message: 2 Date: Mon, 2 Oct 2017 14:29:06 +0000 From: "Diaz de Grenu, Jose" To: "[hidden email]" Subject: Re: [openssl-users] FIPS Object Module 2.0, fipsalgtest.pl fails Message-ID: Content-Type: text/plain; charset="us-ascii" > The FIPS module and test suite software (fipsalgtest.pl) are designed to work with exactly those algorithm tests relevant to the associated validations > (#1747/2398/2473). The test labs generate a unique set of test vectors for each platform validation; those test vectors must be of the expected format to > be successfully processed. Often they are not, either because they we incorrectly specified or due to errors. Figuring out such discrepancies can be lots of > fun (not!). > You will want to compare your test vectors with a known good set from https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenssl.com%2Ftesting%2Fvalidation-2.0%2Ftestvectors%2F&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=9Eh2AW%2FpJaCMJba4mKGOFEB%2F0VORUG8aocNuMZQnWQw%3D&reserved=0. Pick a recent set, as the format of the test vectors changes over time. Note that as > a result frequent adjustment of fipsalgtest.pl is often necessary. I have tried with all the tarballs but I am not able to find one which works without errors. Is there any way to check which test vector were used for FIPS Object Module 2.0.16? ------------------------------ Message: 3 Date: Mon, 2 Oct 2017 11:39:11 -0400 From: Steve Marquess To: [hidden email] Subject: Re: [openssl-users] FIPS Object Module 2.0, fipsalgtest.pl fails Message-ID: Content-Type: text/plain; charset=utf-8 On 10/02/2017 10:29 AM, Diaz de Grenu, Jose wrote: > >> The FIPS module and test suite software (fipsalgtest.pl) are designed to work with exactly those algorithm tests relevant to the associated validations >> (#1747/2398/2473). The test labs generate a unique set of test vectors for each platform validation; those test vectors must be of the expected format to >> be successfully processed. Often they are not, either because they we incorrectly specified or due to errors. Figuring out such discrepancies can be lots of > > fun (not!). > >> You will want to compare your test vectors with a known good set from https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenssl.com%2Ftesting%2Fvalidation-2.0%2Ftestvectors%2F&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=9Eh2AW%2FpJaCMJba4mKGOFEB%2F0VORUG8aocNuMZQnWQw%3D&reserved=0. Pick a recent set, as the format of the test vectors changes over time. Note that as >> a result frequent adjustment of fipsalgtest.pl is often necessary. > > I have tried with all the tarballs but I am not able to find one which works without errors. You reprocessed all of the hundreds of test vectors? I'm impressed. That must have taken many days of compute time. > > Is there any way to check which test vector were used for FIPS Object Module 2.0.16? > The most recent set of test vectors used for a 2.0.16 OE is: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenssl.com%2Ftesting%2Fvalidation-2.0%2Ftestvectors%2FOVS_2859_OE82.results.tar.gz&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=fW9XGPMi0WRLYelNRQhwhID1bzm3ysI98RO7sghAHhU%3D&reserved=0 You have no way of knowing that because we don't publish a mapping of test vectors to OEs (and most FIPS 140 module vendors don't publish anything at all). And before you ask, no, while we're delighted to be an open source model for other validations I'm not keen on spending time specifically supporting proprietary validations that don't benefit the OpenSSL community as a whole. Please note that if you're trying to do your own "private label" validation you'll have to use a new unique set of test vectors provided by your accredited test lab; reprocessing a previously used set doesn't buy you much. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 301 874 2571 [hidden email] gpg/pgp key: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenssl.com%2Fdocs%2F0x6D1892F5.asc&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=5TJfkgEQ75JT2IrsJWwY3NDQ6JntXtQB3nL94RxrSeo%3D&reserved=0 ------------------------------ Message: 4 Date: Mon, 2 Oct 2017 23:02:32 +0300 From: Dmitry Belyavsky To: [hidden email] Subject: [openssl-users] Engine configuration Message-ID: Content-Type: text/plain; charset="utf-8" Hello, I have a question regarding engine configuration. We need to implement such behaviour: - on load the engine is configured with the commands from config file, but the values can be overwritten via environment - application can change the engine's configuration via ENGINE_ctrl_string functions. Is there any way to distinguish whether engine is configured via the config file or via direct calls to ENGINE_ctrl* functions? Thank you! -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 5 Date: Mon, 2 Oct 2017 21:16:10 +0000 From: "Dr. Stephen Henson" To: [hidden email] Subject: Re: [openssl-users] Engine configuration Message-ID: Content-Type: text/plain; charset=us-ascii On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: > Hello, > > I have a question regarding engine configuration. > > We need to implement such behaviour: > - on load the engine is configured with the commands from config file, but > the values can be overwritten via environment That part can be done with the config file syntax see config(5) > - application can change the engine's configuration via ENGINE_ctrl_string > functions. > > Is there any way to distinguish whether engine is configured via the config > file or via direct calls to ENGINE_ctrl* functions? > Not currently no: the config file calls the relevant control operations. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=Gxzc9T8L%2FC4VWZ3zrO80EhQiXnSp%2BUefxC5mmzODvQ0%3D&reserved=0 ------------------------------ Message: 6 Date: Tue, 3 Oct 2017 08:33:46 +0200 From: Stefan Gr?nwald To: [hidden email] Subject: [openssl-users] AES CMAC with given iv Message-ID: Content-Type: text/plain; charset=utf-8; format=flowed Hi, I need to calculate an AES CMAC with a given iv and also get the new iv after the calculation. On the internet I found some examples how to calculate the CMAC but if I read the code correctly it always starts with a zero iv. I also found the CMAC_resume function which restores the iv but it also doesn't take the iv as an input parameter. Is there any chance to set and get the iv? The only way I would see at the moment is an ugly hack by setting the tbl field of the context struct in memory before calling CMAC_resume. Thanks, Stefan ------------------------------ Message: 7 Date: Tue, 3 Oct 2017 21:26:06 +0000 From: "Diaz de Grenu, Jose" To: "[hidden email]" Subject: Re: [openssl-users] FIPS Object Module 2.0, fipsalgtest.pl fails Message-ID: Content-Type: text/plain; charset="us-ascii" > You reprocessed all of the hundreds of test vectors? I'm impressed. That > must have taken many days of compute time. Sorry, the download script I set up seg faulted after some time, and I didn't noticed. In fact it only tested a few tarballs. > The most recent set of test vectors used for a 2.0.16 OE is: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenssl.com%2Ftesting%2Fvalidation-2.0%2Ftestvectors%2FOVS_2859_OE82.results.tar.gz&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=fW9XGPMi0WRLYelNRQhwhID1bzm3ysI98RO7sghAHhU%3D&reserved=0 That one also fails. Thanks for all the information anyways. I will keep trying with other test vector, just in case. ------------------------------ Message: 8 Date: Wed, 4 Oct 2017 10:17:32 +0200 From: lists To: [hidden email] Subject: Re: [openssl-users] Storing private key on tokens Message-ID: Content-Type: text/plain; charset=utf-8; format=flowed On 09/27/2017 11:13 PM, Ken Goldman wrote: > On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote: >> >>> On 27 Sep 2017, at 20:02, Michael Wojcik >>> >>> The tokens / HSMs I've used don't let you generate a key somewhere >>> else and install it on the token. They insist on doing the key >>> generation locally. That is, after all, part of the point of using >>> a token - the key never leaves it. >> >> I've found that the Feitian ePass2000's and the Yubico keys allow for >> importing of the private key. They do usually want the 'extra' flags >> to specify use: > > FWIW, the TPM hardware also permits key import.? It does validate > attributes, so users will know that the key was not generated on chip. > Most smart cards (G&D, Oberthur and InCard) I've dealt with allow for external generation of RSA keys and import into the token. Currently I mostly use InCard cards sold in Italy, I can't tell if the other brands are still easily purchaseable. ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list [hidden email] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmta.openssl.org%2Fmailman%2Flistinfo%2Fopenssl-users&data=02%7C01%7Crschm2%40unh.newhaven.edu%7C50cde6976b254f2c412e08d50b021142%7C3c71cbabb5ed4f3bac0d95509d6c0e93%7C0%7C0%7C636427025869613510&sdata=nwv%2FYJCbDn6efXDt5aLvRnrx0yZNb6CO96bSR7i7KpE%3D&reserved=0 ------------------------------ End of openssl-users Digest, Vol 35, Issue 2 ********************************************


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users