From gagnesh.kumar at INDIA.TECHSPAN.COM Fri Jan 7 13:56:06 2005 From: gagnesh.kumar at INDIA.TECHSPAN.COM (Gagnesh Kumar) Date: Fri, 7 Jan 2005 13:56:06 +0100 Subject: [PYTHON-CRYPTO] Encryption and Python Message-ID: Hi, I would like to encrypt/decrypt my data in Python2.4. What would be the best way to do it. I have been struggling with M2Crypto but there is not much information on the internet about how to install it.The information which I could get from the internet has not been of much help either. I installed A.M Kuchling's Python Cryptography Toolkit but some of the stuff mentioned in the manual does not seem to work for me. I am new to Python and Cryptography. Can someone please suggest the sites/links which has working examples of Cryptography for Python? Regards, Gagnesh From PaulLambert at AIRGONETWORKS.COM Fri Jan 7 19:55:56 2005 From: PaulLambert at AIRGONETWORKS.COM (Paul Lambert) Date: Fri, 7 Jan 2005 10:55:56 -0800 Subject: [PYTHON-CRYPTO] Encryption and Python Message-ID: <3FFBC907DD03A34CA4410C5C745DEB120544987C@wnimail.WoodsideNet.Com> There's also 'cryptopy' on source forge. I wrote it to be 'readable' for the cryptoalgorithms, so it is slower than the C based implementations. It's main benefits is a complete set of 802.11i algorithms. It's pure Python, so the installation is trivial. I'm ovedue to post version 2.0 (faster, RSA, ECC) ... So if you have comments and critiques, it may help push out the next release :-) Paul > -----Original Message----- > From: generic crypto class API for Python > [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Gagnesh Kumar > Sent: Friday, January 07, 2005 4:56 AM > To: PYTHON-CRYPTO at NIC.SURFNET.NL > Subject: Encryption and Python > > Hi, > I would like to encrypt/decrypt my data in Python2.4. > What would be the best way to do it. > I have been struggling with M2Crypto but there is not much > information on the internet about how to install it.The > information which I could get from the internet has not been > of much help either. > I installed A.M Kuchling's Python Cryptography Toolkit but > some of the stuff mentioned in the manual does not seem to > work for me. > I am new to Python and Cryptography. > Can someone please suggest the sites/links which has working > examples of Cryptography for Python? > Regards, > Gagnesh > From harrington_chad at HOTMAIL.COM Sat Jan 8 00:38:00 2005 From: harrington_chad at HOTMAIL.COM (Chad Harrington) Date: Fri, 7 Jan 2005 15:38:00 -0800 Subject: [PYTHON-CRYPTO] unsubscribe References: Message-ID: PYTHON-CRYPTO Digest - 28 Dec 2004 to 7 Jan 2005 (#2005-1)unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajay.brar at GMAIL.COM Sat Jan 8 01:10:05 2005 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Sat, 8 Jan 2005 11:10:05 +1100 Subject: [PYTHON-CRYPTO] Encryption and Python In-Reply-To: References: Message-ID: <4450c49f050107161018d6d995@mail.gmail.com> it would help if you could tell us what stuff in the Python Cryptography Toolkit doesn't work for you? Perhaps you are not using it correctly. I used the toolkit and had no problems whatsoever. you could also use OpenSSL with the Python wrapper for it. But if its only encrypt/decrypt that you want, Kuchling's toolkit is the best. cheers On Fri, 7 Jan 2005 13:56:06 +0100, Gagnesh Kumar wrote: > Hi, > I would like to encrypt/decrypt my data in Python2.4. > What would be the best way to do it. > I have been struggling with M2Crypto but there is not much information on > the internet about how to install it.The information which I could get from > the internet has not been of much help either. > I installed A.M Kuchling's Python Cryptography Toolkit but some of the > stuff mentioned in the manual does not seem to work for me. > I am new to Python and Cryptography. > Can someone please suggest the sites/links which has working examples of > Cryptography for Python? > Regards, > Gagnesh > -- -------------- Ajay Brar http://www.it.usyd.edu.au/~abrar1 http://ravesandrants.blogspot.com From ajay.brar at GMAIL.COM Mon Jan 10 08:13:38 2005 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Mon, 10 Jan 2005 18:13:38 +1100 Subject: [PYTHON-CRYPTO] Encryption and Python In-Reply-To: <38F19D4E1BD7464F887B97756830F290370D01@india.techspan.com> References: <38F19D4E1BD7464F887B97756830F290370D01@india.techspan.com> Message-ID: <4450c49f0501092313591c6d94@mail.gmail.com> hi! you need to define your own random function. The toolkit provides a random function in Crypto.Util here is an example: >>> from Crypto.Hash import MD5 >>> from Crypto.PublicKey import RSA >>> from Crypto.Util import randpool >>> random=randpool.RandomPool() >>> RSAkey=RSA.generate(384, random.get_bytes) >>> hash=MD5.new("testing").digest() >>> signature=RSAkey.sign(hash,"") >>> RSAkey.verify(hash, signature) 1 >>> you can also define your own random function. i dont know about any demo directory, the toolkit is quite simple and straightforward and anyways you can look at the source. there is some code to verify a signed file at http://www.cs.usyd.edu.au/~abrar1/hons/prototype_0.6/um/verify.py hope that helps cheers On Mon, 10 Jan 2005 10:59:16 +0530, Gagnesh Kumar wrote: > Thanks Ajay.Would you be able to send some working example of > encryption/decryption. > The link http://www.amk.ca/python/writing/pycrypt/ does mention demo > programs but when I installed the stuff from > http://www.voidspace.org.uk/atlantibots/pythonutils.html#crypto I did not > get any demo directory as mentioned in the previous link. > When I tried this program: > >>> from Crypto.Hash import MD5 > >>> from Crypto.PublicKey import RSA > >>> RSAkey=RSA.generate(384, randfunc) # This will take a while... > >>> hash=MD5.new(plaintext).digest() > >>> signature=RSAkey.sign(hash, "") > >>> signature # Print what an RSA sig looks like--you don't really care. > ('\021\317\313\336\264\315' ...,) > >>> RSAkey.verify(hash, signature) # This sig will check out > 1 > >>> RSAkey.verify(hash[:-1], signature)# This sig will fail > > It failed to find randfunc.Could you please guide me howto compile > this?Would you be having any working example of encrypting/decrypting data > using this toolkit? > Thanks and regards, > Gagnesh > > > -----Original Message----- > From: generic crypto class API for Python > [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL]On Behalf Of Ajay Brar > Sent: Saturday, January 08, 2005 5:40 AM > To: PYTHON-CRYPTO at NIC.SURFNET.NL > Subject: Re: Encryption and Python > > it would help if you could tell us what stuff in the Python > Cryptography Toolkit doesn't work for you? Perhaps you are not using > it correctly. I used the toolkit and had no problems whatsoever. > > you could also use OpenSSL with the Python wrapper for it. But if its > only encrypt/decrypt that you want, Kuchling's toolkit is the best. > > cheers > > On Fri, 7 Jan 2005 13:56:06 +0100, Gagnesh Kumar > wrote: > > Hi, > > I would like to encrypt/decrypt my data in Python2.4. > > What would be the best way to do it. > > I have been struggling with M2Crypto but there is not much information on > > the internet about how to install it.The information which I could get > from > > the internet has not been of much help either. > > I installed A.M Kuchling's Python Cryptography Toolkit but some of the > > stuff mentioned in the manual does not seem to work for me. > > I am new to Python and Cryptography. > > Can someone please suggest the sites/links which has working examples of > > Cryptography for Python? > > Regards, > > Gagnesh > > > > -- > -------------- > Ajay Brar > http://www.it.usyd.edu.au/~abrar1 > http://ravesandrants.blogspot.com > -- -------------- Ajay Brar http://www.it.usyd.edu.au/~abrar1 http://ravesandrants.blogspot.com From ngps at NETMEMETIC.COM Mon Jan 10 08:50:48 2005 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Mon, 10 Jan 2005 15:50:48 +0800 Subject: [PYTHON-CRYPTO] Encryption and Python In-Reply-To: References: Message-ID: <20050110075048.GA308@vista.netmemetic.com> On Fri, Jan 07, 2005 at 01:56:06PM +0100, Gagnesh Kumar wrote: > I have been struggling with M2Crypto but there is not much information on > the internet about how to install it.The information which I could get from > the internet has not been of much help either. Come now, some of that information you got "from the internet" came in my replies to you. I sent you a working setup.py and you never responded when I asked you what errors you get when you run that. You have to help others to help you. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From Gagnesh.Kumar at INDIA.TECHSPAN.COM Mon Jan 10 10:43:21 2005 From: Gagnesh.Kumar at INDIA.TECHSPAN.COM (Gagnesh Kumar) Date: Mon, 10 Jan 2005 15:13:21 +0530 Subject: [PYTHON-CRYPTO] Encryption and Python Message-ID: <38F19D4E1BD7464F887B97756830F290370D03@india.techspan.com> I am sorry for the delay in replying to your mail. I agree that you had tried to help as much as you could but I was looking for some solution for which I wouldn't have to do any tweaking and I found that in pyCrypto.I was looking for something like the following links whereby I could get not only easy to install 'free' software but also the documentation and stuff: http://www.amk.ca/python/code/crypto.html http://www.voidspace.org.uk/atlantibots/pythonutils.html http://www.amk.ca/python/writing/pycrypt/ Thanks again for your help and I am sure that there might be similar links for M2Crypto;it's just that I could not find them. Cheers and thanks again. Gagnesh -----Original Message----- From: Ng Pheng Siong [mailto:ngps at netmemetic.com] Sent: Monday, January 10, 2005 1:21 PM To: Gagnesh Kumar Cc: PYTHON-CRYPTO at NIC.SURFNET.NL Subject: Re: Encryption and Python On Fri, Jan 07, 2005 at 01:56:06PM +0100, Gagnesh Kumar wrote: > I have been struggling with M2Crypto but there is not much information on > the internet about how to install it.The information which I could get from > the internet has not been of much help either. Come now, some of that information you got "from the internet" came in my replies to you. I sent you a working setup.py and you never responded when I asked you what errors you get when you run that. You have to help others to help you. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From heikki at OSAFOUNDATION.ORG Mon Jan 10 20:35:45 2005 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Mon, 10 Jan 2005 11:35:45 -0800 Subject: [PYTHON-CRYPTO] Encryption and Python In-Reply-To: <38F19D4E1BD7464F887B97756830F290370D03@india.techspan.com> References: <38F19D4E1BD7464F887B97756830F290370D03@india.techspan.com> Message-ID: <41E2D911.9020206@osafoundation.org> Gagnesh Kumar wrote: > I agree that you had tried to help as much as you could but I was looking > for some solution for which I wouldn't have to do any tweaking and I found > that in pyCrypto.I was looking for something like the following links > whereby I could get not only easy to install 'free' software but also the > documentation and stuff: > http://www.amk.ca/python/code/crypto.html > http://www.voidspace.org.uk/atlantibots/pythonutils.html > http://www.amk.ca/python/writing/pycrypt/ > > Thanks again for your help and I am sure that there might be similar links > for M2Crypto;it's just that I could not find them. M2Crypto has a lot of documentation for it because it is a wrapper for OpenSSL. The naming convention is very straight forward, so 9 times out of 10 you can find what you want from OpenSSL documentation. The rest of the time you need to look at M2Crypto code to see what it does, and in some rare cases you may need to ask on this list or somewhere... There are even printed books that discuss OpenSSL (some even mention M2Crypto!). "Network Security with OpenSSL" has the most comprehensive documentation. M2Crypto comes with unit tests and demos which are great in telling you how to do things. And if you were looking for M2Crypto homepage it does have one, http://sandbox.rulemaker.net/ngps/m2/. There you can find automatically generated API documentation etc. PS. Ng, you might want to make it clear on M2Crypto website that people can get good documentation from OpenSSL resources (for all the underlaying stuff). http://www.openssl.org/docs/ and http://www.openssl.org/support/ (searching the archives is very useful). -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From asteele at BERKELEY.EDU Wed Jan 12 00:39:51 2005 From: asteele at BERKELEY.EDU (Aaron Steele) Date: Tue, 11 Jan 2005 15:39:51 -0800 Subject: [PYTHON-CRYPTO] install problem in redhat enterprise 3 Message-ID: <1678AE29-642A-11D9-8F10-000A95C0C442@berkeley.edu> hi, i'm trying to install m2crypto-0.13 under redhat enterprise linux 3. here is the verbose: ........................................ In file included from /usr/include/openssl/ssl.h:179, from SWIG/_m2crypto.c:1504: /usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype" /usr/include/openssl/kssl.h:136: syntax error before '*' token /usr/include/openssl/kssl.h:137: syntax error before '}' token /usr/include/openssl/kssl.h:149: syntax error before "kssl_ctx_setstring" /usr/include/openssl/kssl.h:149: syntax error before '*' token /usr/include/openssl/kssl.h:150: syntax error before '*' token /usr/include/openssl/kssl.h:151: syntax error before '*' token /usr/include/openssl/kssl.h:151: syntax error before '*' token /usr/include/openssl/kssl.h:152: syntax error before '*' token /usr/include/openssl/kssl.h:153: syntax error before "kssl_ctx_setprinc" /usr/include/openssl/kssl.h:153: syntax error before '*' token /usr/include/openssl/kssl.h:155: syntax error before "kssl_cget_tkt" /usr/include/openssl/kssl.h:155: syntax error before '*' token /usr/include/openssl/kssl.h:157: syntax error before "kssl_sget_tkt" /usr/include/openssl/kssl.h:157: syntax error before '*' token /usr/include/openssl/kssl.h:159: syntax error before "kssl_ctx_setkey" /usr/include/openssl/kssl.h:159: syntax error before '*' token /usr/include/openssl/kssl.h:161: syntax error before "context" /usr/include/openssl/kssl.h:162: syntax error before "kssl_build_principal_2" /usr/include/openssl/kssl.h:162: syntax error before "context" /usr/include/openssl/kssl.h:165: syntax error before "kssl_validate_times" /usr/include/openssl/kssl.h:165: syntax error before "atime" /usr/include/openssl/kssl.h:167: syntax error before "kssl_check_authent" /usr/include/openssl/kssl.h:167: syntax error before '*' token /usr/include/openssl/kssl.h:169: syntax error before "enctype" In file included from SWIG/_m2crypto.c:1504: /usr/include/openssl/ssl.h:909: syntax error before "KSSL_CTX" /usr/include/openssl/ssl.h:931: syntax error before '}' token error: command 'gcc' failed with exit status 1 ....................................... any initial thoughts? thanks, aaron From ngps at NETMEMETIC.COM Wed Jan 12 02:07:00 2005 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Wed, 12 Jan 2005 09:07:00 +0800 Subject: [PYTHON-CRYPTO] Encryption and Python In-Reply-To: <41E2D911.9020206@osafoundation.org> References: <38F19D4E1BD7464F887B97756830F290370D03@india.techspan.com> <41E2D911.9020206@osafoundation.org> Message-ID: <20050112010700.GA914@vista.netmemetic.com> On Mon, Jan 10, 2005 at 11:35:45AM -0800, Heikki Toivonen wrote: > PS. Ng, you might want to make it clear on M2Crypto website that people > can get good documentation from OpenSSL resources (for all the > underlaying stuff). http://www.openssl.org/docs/ and > http://www.openssl.org/support/ (searching the archives is very useful). That's a very good suggestion, Heikki! I'll do that. Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From lists at INFOSENSE.NO Wed Jan 12 17:43:24 2005 From: lists at INFOSENSE.NO (Ola Natvig) Date: Wed, 12 Jan 2005 17:43:24 +0100 Subject: [PYTHON-CRYPTO] FW: Removing M2Crypto debug data in production code Message-ID: <20050112164324.22C4414144@pluto.i.infosense.no> Hi all I'm writing a SSL server and we are using M2Crypto as our SSL engine. What bothers me is that on every accept it prints a lot of 'junk-data' to my stdout. It would be nice if someone knew a way to get M2Crypto out of debug mode and into a more silent mode. LOOP: SSL accept: before/accept initialization LOOP: SSL accept: SSLv3 read client hello A LOOP: SSL accept: SSLv3 write server hello A LOOP: SSL accept: SSLv3 write certificate A LOOP: SSL accept: SSLv3 write key exchange A LOOP: SSL accept: SSLv3 write server done A LOOP: SSL accept: SSLv3 flush data LOOP: SSL accept: SSLv3 read client key exchange A LOOP: SSL accept: SSLv3 read finished A LOOP: SSL accept: SSLv3 write change cipher spec A LOOP: SSL accept: SSLv3 write finished A LOOP: SSL accept: SSLv3 flush data INFO: SSL accept: SSL negotiation finished successfully regards Ola Natvig -- -------------------------------------- Ola Natvig infoSense AS / development From ngps at NETMEMETIC.COM Thu Jan 13 02:22:51 2005 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 13 Jan 2005 09:22:51 +0800 Subject: [PYTHON-CRYPTO] FW: Removing M2Crypto debug data in production code In-Reply-To: <20050112164324.22C4414144@pluto.i.infosense.no> References: <20050112164324.22C4414144@pluto.i.infosense.no> Message-ID: <20050113012251.GA794@vista.netmemetic.com> On Wed, Jan 12, 2005 at 05:43:24PM +0100, Ola Natvig wrote: > I'm writing a SSL server and we are using M2Crypto as our SSL engine. > What bothers me is that on every accept it prints a lot of 'junk-data' > to my stdout. It would be nice if someone knew a way to get M2Crypto out > of debug mode and into a more silent mode. Coincidentally, I just answered this in private mail from another person. ;-) My answer cut-n-pasted: Suppose ctx is an SSL.Context instance. Then this statement "ctx.set_info_callback()" turns on what you call verbose mode. Leave that statement out and you won't see all that output. This is also not thread-safe in recent Pythons. Unless I'm imagining things, it used to be in early Python 2.x. HTH. Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From Gagnesh.Kumar at INDIA.TECHSPAN.COM Fri Jan 14 10:09:25 2005 From: Gagnesh.Kumar at INDIA.TECHSPAN.COM (Gagnesh Kumar) Date: Fri, 14 Jan 2005 14:39:25 +0530 Subject: [PYTHON-CRYPTO] key storage for encryption on Windows (Python and pyCrypto) Message-ID: <38F19D4E1BD7464F887B97756830F290370D18@india.techspan.com> If we are encrypting a file/data, then we have to keep the key, because we'll need it later for decryping the file/data. Assuming that the key is written down in the file system, what would be the best way to keep it secure and private to legitimate users on Windows? We want to do this using Python2.4 and pyCrypto. Cheers, Gagnesh From conrad at HEP.CALTECH.EDU Tue Jan 18 20:34:11 2005 From: conrad at HEP.CALTECH.EDU (Conrad Steenberg) Date: Tue, 18 Jan 2005 11:34:11 -0800 Subject: [PYTHON-CRYPTO] Some patches for new features Message-ID: <1106076851.11346.91.camel@heppc22.hep.caltech.edu> Hi I've been maintaining some out of tree patches that may be of interest for testing and eventual merging by others on the list. Compared to the earlier set of patches I sent in December (http://listserv.surfnet.nl/scripts/wa.exe?A2=ind0412&L=python- crypto&F=&S=&P=1293), these enables the user to run a python-scripted CA. This became agonizingly close with the 0.13 release, so I couldn't resist doing the last 1% to get it done :-) 1. m2crypto-0.11.getkey.diff implements a way to get an RSA object from an EVP_PKEY object. Sample use: user_cert=X509.load_cert(cert_file) user_pub_key=user_cert.get_pubkey() user_pub_rsa=RSA.RSA_pub(m2.rsa_from_pkey(user_pub_key)) Obviously it would be nice not to have to go to the low-level m2 interface. Maybe next time... 2. m2crypto-0.13.x509.diff Verify an X509 object using the public key that signed it. Implements m2.x509_set_serial_number to set the serial number of an X509 certificate. Adds the ability to obtain a PEM-formatted version of the X509 cert. Sample use (continuing from above): signer_cert=X509.load_cert(signer_file) m2.x509_verify(user_cert.x509, signer_cert.get_pubkey()) Returns 0 or 1 depending on verification status 3. m2crypto-0.13.asn1.diff Implements m2.asn1_integer_set to set the value of an ASN integer object. this is the opposite of m2.asn1_integer_get. 4. m2crypto-0.13.rsapem.diff Adds the ability to obtain a PEM-encoded version of an RSA private key as a string. It also adds an alias RSA.save_pem() that saves the private key as a PEM file. This is just for symmetry with the X509.save_pem() method. Sample usage: print user_priv_rsa.as_pem(ciper=None) # For no encryption print user_priv_rsa.as_pem() # default cipher='des_ede3_cbc' The patches should be attached to this message, but can also be obtained from http://cvs.sourceforge.net/viewcvs.py/clarens/openpkg/m2crypto/ as soon as the SF public CVS catches up (usually 24 hours). Cheers Conrad -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.11.getkey.diff Type: text/x-patch Size: 732 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.13.x509.diff Type: text/x-patch Size: 1666 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.13.asn1.diff Type: text/x-patch Size: 590 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.13.rsapem.diff Type: text/x-patch Size: 663 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2531 bytes Desc: not available URL: From conrad at HEP.CALTECH.EDU Tue Jan 18 20:50:13 2005 From: conrad at HEP.CALTECH.EDU (Conrad Steenberg) Date: Tue, 18 Jan 2005 11:50:13 -0800 Subject: [PYTHON-CRYPTO] M2Crypto CA example Message-ID: <1106077813.11346.95.camel@heppc22.hep.caltech.edu> Hi In my previous message I sent a couple of patches that claimed to make it possible to use M2Crypto as a Certificate Authority (CA). Attached is an example to show how this can be done for the public record :-) Cheers Conrad -------------- next part -------------- A non-text attachment was scrubbed... Name: test_cert.py Type: application/x-python Size: 1622 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2531 bytes Desc: not available URL: From gvanrossum at GMAIL.COM Tue Jan 25 19:43:29 2005 From: gvanrossum at GMAIL.COM (Guido van Rossum) Date: Tue, 25 Jan 2005 10:43:29 -0800 Subject: [PYTHON-CRYPTO] M2Crypto bug when using SSL in concurrent server In-Reply-To: References: Message-ID: I've written a simple SSL server using MCrypto. The server is by nature multi-threaded. Unfortunately, when multiple clients connect to the server simultaneously, there's a serious probability that the server will hang. The hang is always in the same place: File "./svr.py", line 401, in do_POST data = self.rfile.read(size) File "/usr/local/lib/python2.3/site-packages/M2Crypto/BIO.py", line 58, in read return m2.bio_read(self.bio, size) (the first stack frame is my code). Platform info: Python 2.3.4 M2Crypto 0.12 or 0.13.1 (both have the problem) Red Hat Linux (9 or Enterprise 3); different versions have the bug, e.g. Linux nitrogen 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux Linux guido.esi.elementalsecurity.com 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:46:40 EDT 2004 i686 i686 i386 GNU/Linux Any help? This is the first time I've written an SSL server using M2Crypto; I've written several clients and they work fine, even with heavy concurrency. -- --Guido van Rossum (home page: http://www.python.org/~guido/) From ngps at NETMEMETIC.COM Wed Jan 26 02:09:55 2005 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Wed, 26 Jan 2005 09:09:55 +0800 Subject: [PYTHON-CRYPTO] M2Crypto bug when using SSL in concurrent server In-Reply-To: References: Message-ID: <20050126010954.GB811@vista.netmemetic.com> On Tue, Jan 25, 2005 at 10:43:29AM -0800, Guido van Rossum wrote: > I've written a simple SSL server using MCrypto. The server is by > nature multi-threaded. > > Unfortunately, when multiple clients connect to the server > simultaneously, there's a serious probability that the server will > hang. The hang is always in the same place: > > File "./svr.py", line 401, in do_POST Can I look at your server code? Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From ngps at NETMEMETIC.COM Mon Jan 31 16:17:56 2005 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Mon, 31 Jan 2005 23:17:56 +0800 Subject: [PYTHON-CRYPTO] M2Crypto.httpslib.HTTPSConnection only works once? In-Reply-To: <41FAB1CC.3060604@osafoundation.org> References: <41FAB1CC.3060604@osafoundation.org> Message-ID: <20050131151756.GC303@vista.netmemetic.com> On Fri, Jan 28, 2005 at 01:42:36PM -0800, Heikki Toivonen wrote: > M2Crypto.SSL.SSLError: bad write retry > Has anyone else seen this? I suppose your code uses non-blocking sockets. I've just blogged about this very topic here: http://sandbox.rulemaker.net/ngps/199 In essence, "bad write retry" arises from the way OpenSSL behaves in non-blocking mode; specifically, if a write cannot complete (because of SSL-layer protocol happenings) then the operation should be attempted again with the same data. The fix alluded to in my blog post is as follows: - Changed the 'send' method in class https_channel in ZServerSSL's https_server.py to this: def send(self, data): try: if self._wbuf is not None: if len(data) > len(self._wbuf): result = self._send_buffered(self._wbuf) if result > 0: data = data[len(self._wbuf):] self._wbuf = None return self.send(data) else: return 0 else: self._wbuf = None return self.send(data) else: result = self.socket._write_nbio(data) if result <= 0: if result == -1: self._wbuf = data return 0 else: self.server.bytes_out.increment(result) return result except SSL.SSL_ReadWrite_Retry_Error, which: if which[0] == SSL.SSL_ERROR_WANT_READ: self._ssl_writable = None self._ssl_readable = 1 return 0 except SSL.SSLError, why: self.close() self.log_info('send: closing channel %s %s' % (repr(self), why)) return 0 - Added a new method '_send_buffered': def _send_buffered(self, data): try: result = self.socket._write_nbio(data) if result <= 0: return 0 else: self.server.bytes_out.increment(result) return result except SSL.SSL_ReadWrite_Retry_Error, which: if which[0] == SSL.SSL_ERROR_WANT_READ: self._ssl_writable = None self._ssl_readable = 1 return -1 except SSL.SSLError, why: self.close() self.log_info('send: closing channel %s %s' % (repr(self), why)) return -1 - Add the necessary assignment 'self._wbuf = None' in the class's __init__ method. (BTW, Heikki, are you the one who added the "except SSL.SSL_ReadWrite_Retry_Error" stuff?) Now, if you are using blocking sockets, then this will be a very curious situation, because, for the longest time, in SWIG/_ssl.i's bio_set_ssl(): SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); which supposedly means that OpenSSL will retry automatically without bothering the application. Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From heikki at OSAFOUNDATION.ORG Fri Jan 28 22:42:36 2005 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 28 Jan 2005 13:42:36 -0800 Subject: [PYTHON-CRYPTO] M2Crypto.httpslib.HTTPSConnection only works once? Message-ID: <41FAB1CC.3060604@osafoundation.org> I am experiencing some problems with M2Crypto.httpslib.HTTPSConnection. I can open a connection to an SSL server, and do one request, but after that the requests always fail with: File "httplib.py", line 860, in getresponse method=self._method) M2Crypto.SSL.SSLError: bad write retry Has anyone else seen this? The code is part of Chandler, and the file of interest is http://lxr.osafoundation.org/source/chandler/parcels/osaf/framework/sharing/WebDAV.py My test app does this: from osaf.framework.sharing.WebDAV import Client from M2Crypto.SSL import Context class A: username = '' # Fill these in (can be anonymous in some cases) password = '' class U: # Note, you can get a free WebDAV account from Sharemation host = 'www.sharemation.com' port = 443 acct = A() url = U() d=Client(url.host, url.port, acct.username, acct.password, ctx=Context(), useSSL=True) if 1: r= d.getacl('/heikki2/hello.txt') print r.read() # Works so far, but raises exception when I try: r= d.getacl('/heikki2/hello.txt') r.close() -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From heikki at OSAFOUNDATION.ORG Mon Jan 31 20:48:57 2005 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Mon, 31 Jan 2005 11:48:57 -0800 Subject: [PYTHON-CRYPTO] M2Crypto.httpslib.HTTPSConnection only works once? In-Reply-To: <20050131151756.GC303@vista.netmemetic.com> References: <41FAB1CC.3060604@osafoundation.org> <20050131151756.GC303@vista.netmemetic.com> Message-ID: <41FE8BA9.8030706@osafoundation.org> Ng Pheng Siong wrote: > On Fri, Jan 28, 2005 at 01:42:36PM -0800, Heikki Toivonen wrote: >>M2Crypto.SSL.SSLError: bad write retry > > (BTW, Heikki, are you the one who added the > "except SSL.SSL_ReadWrite_Retry_Error" stuff?) No, I don't think so (I haven't touched ZServerSSL). > Now, if you are using blocking sockets, then this will be a very curious > situation, because, for the longest time, in SWIG/_ssl.i's bio_set_ssl(): > > SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); > > which supposedly means that OpenSSL will retry automatically without > bothering the application. Well, I wasn't setting the blocking/nonblocking explicitly anywhere. But I also tried setting it explicitly to blocking, and got same error. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: