From joshi.sanjaya at gmail.com Wed Mar 1 05:34:05 2017 From: joshi.sanjaya at gmail.com (Sanjaya Joshi) Date: Wed, 1 Mar 2017 11:04:05 +0530 Subject: [openssl-users] Reg, TLS over SCTP (SOCK_SEQPACKET) In-Reply-To: <0cd2f7cd66794e7193596f9788981521@usma1ex-dag1mb1.msg.corp.akamai.com> References: <0cd2f7cd66794e7193596f9788981521@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: Hi, Thank you Salz Rich for the confirmation. So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ? Regards, Sanjaya On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich wrote: > > But these calls don't work when SOCK_SEQPACKET (one-to-many connections) > is used. Does openssl provide any alternatives for these calls ? Or an > application need to perform the TLS handshakes manually ? > > This is not supported, and there are no demo's available. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sumanpaul1987 at gmail.com Wed Mar 1 05:55:27 2017 From: sumanpaul1987 at gmail.com (Suman Paul) Date: Tue, 28 Feb 2017 21:55:27 -0800 Subject: [openssl-users] DTLS handshake in WebRTC Message-ID: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> I have been looking at WebRTC DTLS handshake and don?t understand the logic of how it works. My Firefox client has support for both RSA and ECDSA ciphers while my DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see that Firefox sends a ECDSA key during client hello. What ends up happening is that DHE-RSA-AES128-SHA is selected. I would have expected the negotiation to fail due to there being no common ciphers. I also verified this behavior using the OpenSSL s_server and s_client utilities. Seems to me that as long as s_server has a cert and key of the type of cipher I enforce with ?-cipher? option the negotiation succeeds irrespective of the type of key the s_client (provided that cipher is also supported by the client). Can someone educate me as to why same kind of key is not required at both ends? Thanks Suman From matt at openssl.org Wed Mar 1 09:33:06 2017 From: matt at openssl.org (Matt Caswell) Date: Wed, 1 Mar 2017 09:33:06 +0000 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> Message-ID: <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> On 01/03/17 05:55, Suman Paul wrote: > I have been looking at WebRTC DTLS handshake and don?t understand the > logic of how it works. > > My Firefox client has support for both RSA and ECDSA ciphers while my > DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see > that Firefox sends a ECDSA key during client hello. What ends up > happening is that DHE-RSA-AES128-SHA is selected. I would have > expected the negotiation to fail due to there being no common > ciphers. > > I also verified this behavior using the OpenSSL s_server and s_client > utilities. Seems to me that as long as s_server has a cert and key of > the type of cipher I enforce with ?-cipher? option the negotiation > succeeds irrespective of the type of key the s_client (provided that > cipher is also supported by the client). Your terminology is slightly confusing. No keys are sent in the ClientHello at all. You should see a list of all the ciphersuites that the client supports being sent in the ClientHello and then the server should respond with a ServerHello which picks a ciphersuite from that list. Matt From sumanpaul1987 at gmail.com Wed Mar 1 09:39:30 2017 From: sumanpaul1987 at gmail.com (Suman Paul) Date: Wed, 1 Mar 2017 01:39:30 -0800 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> Message-ID: <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com> Sorry, I meant to say when the client sends its certificate, firefox in this case, it has a key of type ECDSA. How does a key of this type work when the cipher selected is of type RSA? Suman > On Mar 1, 2017, at 1:33 AM, Matt Caswell wrote: > > > > On 01/03/17 05:55, Suman Paul wrote: >> I have been looking at WebRTC DTLS handshake and don?t understand the >> logic of how it works. >> >> My Firefox client has support for both RSA and ECDSA ciphers while my >> DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see >> that Firefox sends a ECDSA key during client hello. What ends up >> happening is that DHE-RSA-AES128-SHA is selected. I would have >> expected the negotiation to fail due to there being no common >> ciphers. >> >> I also verified this behavior using the OpenSSL s_server and s_client >> utilities. Seems to me that as long as s_server has a cert and key of >> the type of cipher I enforce with ?-cipher? option the negotiation >> succeeds irrespective of the type of key the s_client (provided that >> cipher is also supported by the client). > > Your terminology is slightly confusing. No keys are sent in the > ClientHello at all. You should see a list of all the ciphersuites that > the client supports being sent in the ClientHello and then the server > should respond with a ServerHello which picks a ciphersuite from that list. > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Mar 1 09:51:05 2017 From: matt at openssl.org (Matt Caswell) Date: Wed, 1 Mar 2017 09:51:05 +0000 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com> References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com> Message-ID: On 01/03/17 09:39, Suman Paul wrote: > Sorry, I meant to say when the client sends its certificate, firefox in > this case, it has a key of type ECDSA. How does a key of this type work > when the cipher selected is of type RSA? Ah, right - you are using client auth. The choice of client certificate has nothing to do with the underlying ciphersuite - it is chosen independently. When client auth is in use you should see the server sending a CertificateRequest message to the client. That CertificateRequest contains within it the list of acceptable certificate types. Matt > > Suman >> On Mar 1, 2017, at 1:33 AM, Matt Caswell > > wrote: >> >> >> >> On 01/03/17 05:55, Suman Paul wrote: >>> I have been looking at WebRTC DTLS handshake and don?t understand the >>> logic of how it works. >>> >>> My Firefox client has support for both RSA and ECDSA ciphers while my >>> DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see >>> that Firefox sends a ECDSA key during client hello. What ends up >>> happening is that DHE-RSA-AES128-SHA is selected. I would have >>> expected the negotiation to fail due to there being no common >>> ciphers. >>> >>> I also verified this behavior using the OpenSSL s_server and s_client >>> utilities. Seems to me that as long as s_server has a cert and key of >>> the type of cipher I enforce with ?-cipher? option the negotiation >>> succeeds irrespective of the type of key the s_client (provided that >>> cipher is also supported by the client). >> >> Your terminology is slightly confusing. No keys are sent in the >> ClientHello at all. You should see a list of all the ciphersuites that >> the client supports being sent in the ClientHello and then the server >> should respond with a ServerHello which picks a ciphersuite from that >> list. >> >> Matt >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > From rsalz at akamai.com Wed Mar 1 12:57:11 2017 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 1 Mar 2017 12:57:11 +0000 Subject: [openssl-users] Reg, TLS over SCTP (SOCK_SEQPACKET) In-Reply-To: References: <0cd2f7cd66794e7193596f9788981521@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ? I said it is not supported by openssl. I doubt it can be made to work, since TLS handshake wants one client and one server. From Michael.Tuexen at lurchi.franken.de Wed Mar 1 13:29:41 2017 From: Michael.Tuexen at lurchi.franken.de (Michael Tuexen) Date: Wed, 1 Mar 2017 14:29:41 +0100 Subject: [openssl-users] Reg, TLS over SCTP (SOCK_SEQPACKET) In-Reply-To: References: <0cd2f7cd66794e7193596f9788981521@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <26E0FB9A-4315-41EF-8345-53DDF4A75474@lurchi.franken.de> > On 1 Mar 2017, at 06:34, Sanjaya Joshi wrote: > > Hi, > Thank you Salz Rich for the confirmation. > So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET is used ? I this the SOCK_SEQPACKET model doesn't fit well to the way the openssl code is layed out. They basically want a one-to-one relation between a bio (for example a socket bio) and a TLS connection. So there is no muxing/demuxing ongoing. I'm wondering why you are sticking to the 1-to-many style sockets and why you are not considering DTLS over SCTP instead of TLS over SCTP. DTLS over SCTP using one-to-one style sockets (SOCK_STREAM) is supported by OpenSSL on Linux and FreeBSD. Best regards Michael > > Regards, > Sanjaya > > On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich wrote: > > But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is used. Does openssl provide any alternatives for these calls ? Or an application need to perform the TLS handshakes manually ? > > This is not supported, and there are no demo's available. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users From openssl-users at dukhovni.org Wed Mar 1 17:26:00 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 1 Mar 2017 12:26:00 -0500 Subject: [openssl-users] [openssl-dev] [Bug, maybe] [master] bin/* no longer find their libraries if installed in non-default locations In-Reply-To: <20170301161324.SoyQL%steffen@sdaoden.eu> References: <20170301161324.SoyQL%steffen@sdaoden.eu> Message-ID: <931B809C-BBAB-4020-8FDB-09F46E49D12B@dukhovni.org> > On Mar 1, 2017, at 11:13 AM, Steffen Nurpmeso wrote: > > $ ldd /home/steffen/usr/opt/.ssl-1.1.0/bin/openssl > ... > libssl.so.1.1 => not found > libcrypto.so.1.1 => not found > > This is new behaviour, until now the installation was always > self-contained when configured via > > ./config --prefix=$(MYPREFIX) zlib-dynamic no-hw shared I sure hope that "$()" was in fact "${}", the former only works in Makefiles, and means something quite different in POSIX shells. You need an "RPATH" setting in the linker flags for the shared libraries to be found in in $PREFIX/lib. Perhaps: ./config --prefix="${MYPREFIX}" -R "${MYPREFIX}/lib" ... Or "-rpath ..." or "-Wl,-R,..." ... -- Viktor. From openssl-users at dukhovni.org Wed Mar 1 17:44:18 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 1 Mar 2017 12:44:18 -0500 Subject: [openssl-users] [openssl-dev] [Bug] apps: -CApath does not fail for non-directories (on Linux) In-Reply-To: <20170301164640.55lz8%steffen@sdaoden.eu> References: <20170301154318.U0FZ5%steffen@sdaoden.eu> <9f399a4828e4479d895aad00cd832ad1@usma1ex-dag1mb1.msg.corp.akamai.com> <20170301164640.55lz8%steffen@sdaoden.eu> Message-ID: > On Mar 1, 2017, at 11:46 AM, Steffen Nurpmeso wrote: > > No, not that i know. But this -- thanks -- lead me to the > following, which is the KISS that you want? > Ciao! > > diff --git a/apps/apps.c b/apps/apps.c > index 216bc797d..3afbbaef2 100644 > --- a/apps/apps.c > +++ b/apps/apps.c > @@ -1221,7 +1221,8 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i > if (lookup == NULL) > goto end; > if (CApath) { > - if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { > + if (!app_isdir(CApath) || > + !X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { > BIO_printf(bio_err, "Error loading directory %s\n", CApath); > goto end; > } We may need to be careful. With OpenSSL <= 1.0.2, one way to suppress the built-in default CApath was to set "-CApath" to a non-existent directory. Users may have scripts relying on this behaviour. Now with 1.1.0 on some platforms OpenSSL already rejects non-existent directories, and we also provide a "-no-CAfile" option, but this change will extend the change to what is likely our most popular platform. So it will at least deserve a comment in the "NEWS"/"CHANGES" files. -- Viktor. From jb-openssl at wisemo.com Wed Mar 1 18:05:27 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Wed, 1 Mar 2017 19:05:27 +0100 Subject: [openssl-users] [openssl-dev] [Bug] apps: -CApath does not fail for non-directories (on Linux) In-Reply-To: References: <20170301154318.U0FZ5%steffen@sdaoden.eu> <9f399a4828e4479d895aad00cd832ad1@usma1ex-dag1mb1.msg.corp.akamai.com> <20170301164640.55lz8%steffen@sdaoden.eu> Message-ID: <40f23502-7774-3a5a-6af0-f90f13843a9e@wisemo.com> On 01/03/2017 18:44, Viktor Dukhovni wrote: >> On Mar 1, 2017, at 11:46 AM, Steffen Nurpmeso wrote: >> >> No, not that i know. But this -- thanks -- lead me to the >> following, which is the KISS that you want? >> Ciao! >> >> diff --git a/apps/apps.c b/apps/apps.c >> index 216bc797d..3afbbaef2 100644 >> --- a/apps/apps.c >> +++ b/apps/apps.c >> @@ -1221,7 +1221,8 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i >> if (lookup == NULL) >> goto end; >> if (CApath) { >> - if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { >> + if (!app_isdir(CApath) || >> + !X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { >> BIO_printf(bio_err, "Error loading directory %s\n", CApath); >> goto end; >> } Shouldn't this be in X509_LOOKUP_add_dir() itself? > We may need to be careful. With OpenSSL <= 1.0.2, one way to suppress the > built-in default CApath was to set "-CApath" to a non-existent directory. > Users may have scripts relying on this behaviour. Now with 1.1.0 on some > platforms OpenSSL already rejects non-existent directories, and we also > provide a "-no-CAfile" option, but this change will extend the change to > what is likely our most popular platform. Since compatibility is important, there should be a list of values that are equivalent to "-no-CApath" for 3rd party apps and scripts that haven't implemented such an option. As a minimum I would suggest: NULL (null string pointer), "" (empty string), " " (single space) "X" (single letter uppercase X with no path) "-" (single dash since stdin/stdout cannot be a path) and anything that maps to the "/dev/null" device of the platform. > So it will at least deserve a comment in the "NEWS"/"CHANGES" files. > Another case to consider are chroot daemons that call X509_LOOKUP_add_dir() before doing a chroot() to the tree containing that directory. Or maybe that is why you want to only do the check in the openssl command line program, because it is known not to do that. Anyway, users of such daemons can work around it by having an empty or arbitrary directory with that name in the old root, provided they are told to do so. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From sumanpaul1987 at gmail.com Wed Mar 1 23:52:06 2017 From: sumanpaul1987 at gmail.com (Suman Paul) Date: Wed, 1 Mar 2017 15:52:06 -0800 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com> Message-ID: What I have seen in my trials with s_server and s_client is that if run s_server with an ECDSA cert/key and I specify one RSA and one ECDSA cipher with the -cipher option, then s_client can only connect to it using the ECDSA cipher. I have been unsuccessful in connecting to this server using a RSA cipher. RSA cipher fail shows up at the s_server as 140480482967256:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1417: Your thoughts on this? Suman > On Mar 1, 2017, at 1:51 AM, Matt Caswell wrote: > > > > On 01/03/17 09:39, Suman Paul wrote: >> Sorry, I meant to say when the client sends its certificate, firefox in >> this case, it has a key of type ECDSA. How does a key of this type work >> when the cipher selected is of type RSA? > > Ah, right - you are using client auth. The choice of client certificate > has nothing to do with the underlying ciphersuite - it is chosen > independently. When client auth is in use you should see the server > sending a CertificateRequest message to the client. That > CertificateRequest contains within it the list of acceptable certificate > types. > > Matt > >> >> Suman >>> On Mar 1, 2017, at 1:33 AM, Matt Caswell >>> >> wrote: >>> >>> >>> >>> On 01/03/17 05:55, Suman Paul wrote: >>>> I have been looking at WebRTC DTLS handshake and don?t understand the >>>> logic of how it works. >>>> >>>> My Firefox client has support for both RSA and ECDSA ciphers while my >>>> DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see >>>> that Firefox sends a ECDSA key during client hello. What ends up >>>> happening is that DHE-RSA-AES128-SHA is selected. I would have >>>> expected the negotiation to fail due to there being no common >>>> ciphers. >>>> >>>> I also verified this behavior using the OpenSSL s_server and s_client >>>> utilities. Seems to me that as long as s_server has a cert and key of >>>> the type of cipher I enforce with ?-cipher? option the negotiation >>>> succeeds irrespective of the type of key the s_client (provided that >>>> cipher is also supported by the client). >>> >>> Your terminology is slightly confusing. No keys are sent in the >>> ClientHello at all. You should see a list of all the ciphersuites that >>> the client supports being sent in the ClientHello and then the server >>> should respond with a ServerHello which picks a ciphersuite from that >>> list. >>> >>> Matt >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Mar 2 00:01:02 2017 From: matt at openssl.org (Matt Caswell) Date: Thu, 2 Mar 2017 00:01:02 +0000 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com>

Message-ID: <5dc5a73f-817d-735d-4745-b51a1e1d32f8@openssl.org> On 01/03/17 23:52, Suman Paul wrote: > What I have seen in my trials with s_server and s_client is that if run > s_server with an ECDSA cert/key and I specify one RSA and one ECDSA > cipher with the -cipher option, then s_client can only connect to it > using the ECDSA cipher. I have been unsuccessful in connecting to this > server using a RSA cipher. RSA cipher fail shows up at the s_server as > > 140480482967256:error:1408A0C1:SSL routines:ssl3_get_client_hello:no > shared cipher:s3_srvr.c:1417: > > Your thoughts on this? Yes, this is expected. The ciphersuite selection is limited by the available server certificate(s). That is different to the client certificate which is independent of the ciphersuite. Matt > > Suman > >> On Mar 1, 2017, at 1:51 AM, Matt Caswell > > wrote: >> >> >> >> On 01/03/17 09:39, Suman Paul wrote: >>> Sorry, I meant to say when the client sends its certificate, firefox in >>> this case, it has a key of type ECDSA. How does a key of this type work >>> when the cipher selected is of type RSA? >> >> Ah, right - you are using client auth. The choice of client certificate >> has nothing to do with the underlying ciphersuite - it is chosen >> independently. When client auth is in use you should see the server >> sending a CertificateRequest message to the client. That >> CertificateRequest contains within it the list of acceptable certificate >> types. >> >> Matt >> >>> >>> Suman >>>> On Mar 1, 2017, at 1:33 AM, Matt Caswell >>> >>>> > wrote: >>>> >>>> >>>> >>>> On 01/03/17 05:55, Suman Paul wrote: >>>>> I have been looking at WebRTC DTLS handshake and don?t understand the >>>>> logic of how it works. >>>>> >>>>> My Firefox client has support for both RSA and ECDSA ciphers while my >>>>> DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see >>>>> that Firefox sends a ECDSA key during client hello. What ends up >>>>> happening is that DHE-RSA-AES128-SHA is selected. I would have >>>>> expected the negotiation to fail due to there being no common >>>>> ciphers. >>>>> >>>>> I also verified this behavior using the OpenSSL s_server and s_client >>>>> utilities. Seems to me that as long as s_server has a cert and key of >>>>> the type of cipher I enforce with ?-cipher? option the negotiation >>>>> succeeds irrespective of the type of key the s_client (provided that >>>>> cipher is also supported by the client). >>>> >>>> Your terminology is slightly confusing. No keys are sent in the >>>> ClientHello at all. You should see a list of all the ciphersuites that >>>> the client supports being sent in the ClientHello and then the server >>>> should respond with a ServerHello which picks a ciphersuite from that >>>> list. >>>> >>>> Matt >>>> -- >>>> openssl-users mailing list >>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >>> >>> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > From MrUmunhum at CruzIO.com Thu Mar 2 00:47:44 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Wed, 1 Mar 2017 16:47:44 -0800 Subject: [openssl-users] error making Private RSA Message-ID: Hello group, I am attempting to create a Private RSA structure with the following code: BIO* PEM = BIO_new_mem_buf( Key, Key_Len ); if( Type == 1 ) PEM_write_bio_RSAPrivateKey( PEM, RSA, NULL, NULL, 0, NULL, NULL ); else PEM_write_bio_RSAPublicKey( PEM, RSA ); if( RSA_check_key( RSA ) != 1 ) { printf( RED "Make %s RSA Failed\n" OFF, Type==1?"Private":"Public" ); int Error = ERR_get_error(); char *MSG = ERR_error_string( Error, NULL); printf( "%s\n", MSG ); } and I get this error: Make Private RSA Failed error:2007507E:lib(32):func(117):reason(126) Can anyone tell me what this error is and how to fix it? -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From matt at openssl.org Thu Mar 2 09:36:55 2017 From: matt at openssl.org (Matt Caswell) Date: Thu, 2 Mar 2017 09:36:55 +0000 Subject: [openssl-users] error making Private RSA In-Reply-To: References: Message-ID: On 02/03/17 00:47, william estrada wrote: > Hello group, > I am attempting to create a Private RSA structure with the following code: > BIO* > PEM = BIO_new_mem_buf( Key, Key_Len ); > > if( Type == 1 ) > PEM_write_bio_RSAPrivateKey( PEM, RSA, NULL, NULL, 0, NULL, NULL ); > else > PEM_write_bio_RSAPublicKey( PEM, RSA ); > > if( RSA_check_key( RSA ) != 1 ) { > printf( RED "Make %s RSA Failed\n" OFF, Type==1?"Private":"Public" ); > int Error = ERR_get_error(); > char *MSG = ERR_error_string( Error, NULL); > printf( "%s\n", MSG ); } > > and I get this error: > Make Private RSA Failed > error:2007507E:lib(32):func(117):reason(126) > Can anyone tell me what this error is and how to fix it? > > $ openssl errstr 2007507E error:2007507E:BIO routines:mem_write:write to read only BIO BIO_new_mem_buf() gives you a read-only BIO. You probably want BIO_new(BIO_s_mem()) instead. See: https://www.openssl.org/docs/man1.1.0/crypto/BIO_s_mem.html Although, that error is coming from one of the PEM_write_bio_* calls (which you are not checking the error return code of), so it doesn't explain why RSA_check_key() fails. You don't show how you generate the RSA structure to start with, so I guess you're not generating it properly. Matt From rsalz at akamai.com Thu Mar 2 13:55:14 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 2 Mar 2017 13:55:14 +0000 Subject: [openssl-users] error making Private RSA In-Reply-To: References: Message-ID: What version of openssl? I'm guessing 1.0.2. Put this line inyour code ERR_load_ERR_strings(); And youll get a more informative message. My main guess is that your allocation for the PEM buffer is too small -- is key/key_len pointing to a static buffer? From sumanpaul1987 at gmail.com Thu Mar 2 19:50:08 2017 From: sumanpaul1987 at gmail.com (Suman Paul) Date: Thu, 2 Mar 2017 11:50:08 -0800 Subject: [openssl-users] DTLS handshake in WebRTC In-Reply-To: <5dc5a73f-817d-735d-4745-b51a1e1d32f8@openssl.org> References: <3A555CBE-9D06-43D3-BE3B-CA06A04575CA@gmail.com> <35f61a63-9038-a6f9-1dca-45bf3951f967@openssl.org> <5A928572-29C4-461F-A5C6-24A6A195A98B@gmail.com>

<5dc5a73f-817d-735d-4745-b51a1e1d32f8@openssl.org> Message-ID: <94D48CD5-5E87-4A77-8AC8-786299E5B00E@gmail.com> The last bit of information makes my life a little hard. In DTLS-SRTP usage, the DTLS server must present it's server fingerprint in SDP before the client support ciphersuites are known, how can a DTLS server support clients that may support only RSA or ECDSA? Suman > On Mar 1, 2017, at 4:01 PM, Matt Caswell wrote: > > > > On 01/03/17 23:52, Suman Paul wrote: >> What I have seen in my trials with s_server and s_client is that if run >> s_server with an ECDSA cert/key and I specify one RSA and one ECDSA >> cipher with the -cipher option, then s_client can only connect to it >> using the ECDSA cipher. I have been unsuccessful in connecting to this >> server using a RSA cipher. RSA cipher fail shows up at the s_server as >> >> 140480482967256:error:1408A0C1:SSL routines:ssl3_get_client_hello:no >> shared cipher:s3_srvr.c:1417: >> >> Your thoughts on this? > > Yes, this is expected. The ciphersuite selection is limited by the > available server certificate(s). That is different to the client > certificate which is independent of the ciphersuite. > > Matt > > >> >> Suman >> >>> On Mar 1, 2017, at 1:51 AM, Matt Caswell >>> >> wrote: >>> >>> >>> >>> On 01/03/17 09:39, Suman Paul wrote: >>>> Sorry, I meant to say when the client sends its certificate, firefox in >>>> this case, it has a key of type ECDSA. How does a key of this type work >>>> when the cipher selected is of type RSA? >>> >>> Ah, right - you are using client auth. The choice of client certificate >>> has nothing to do with the underlying ciphersuite - it is chosen >>> independently. When client auth is in use you should see the server >>> sending a CertificateRequest message to the client. That >>> CertificateRequest contains within it the list of acceptable certificate >>> types. >>> >>> Matt >>> >>>> >>>> Suman >>>>> On Mar 1, 2017, at 1:33 AM, Matt Caswell >>>>> > >>>>> > wrote: >>>>> >>>>> >>>>> >>>>> On 01/03/17 05:55, Suman Paul wrote: >>>>>> I have been looking at WebRTC DTLS handshake and don?t understand the >>>>>> logic of how it works. >>>>>> >>>>>> My Firefox client has support for both RSA and ECDSA ciphers while my >>>>>> DTLS server only supports DHE-RSA-AES128-SHA and has a RSA key. I see >>>>>> that Firefox sends a ECDSA key during client hello. What ends up >>>>>> happening is that DHE-RSA-AES128-SHA is selected. I would have >>>>>> expected the negotiation to fail due to there being no common >>>>>> ciphers. >>>>>> >>>>>> I also verified this behavior using the OpenSSL s_server and s_client >>>>>> utilities. Seems to me that as long as s_server has a cert and key of >>>>>> the type of cipher I enforce with ?-cipher? option the negotiation >>>>>> succeeds irrespective of the type of key the s_client (provided that >>>>>> cipher is also supported by the client). >>>>> >>>>> Your terminology is slightly confusing. No keys are sent in the >>>>> ClientHello at all. You should see a list of all the ciphersuites that >>>>> the client supports being sent in the ClientHello and then the server >>>>> should respond with a ServerHello which picks a ciphersuite from that >>>>> list. >>>>> >>>>> Matt >>>>> -- >>>>> openssl-users mailing list >>>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>>> >>>> >>>> >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From noloader at gmail.com Sun Mar 5 03:41:19 2017 From: noloader at gmail.com (Jeffrey Walton) Date: Sat, 4 Mar 2017 22:41:19 -0500 Subject: [openssl-users] speed test rdrand Message-ID: Hi Everyone, Is it possible to speed test RDRAND and RDSEED generators? If so, then how do we do it? $ openssl speed -engine rdrand engine "rdrand" set. Doing md4 for 3s on 16 size blocks: 8339773 md4's in 3.00s Doing md4 for 3s on 64 size blocks: 6616610 md4's in 3.00s Doing md4 for 3s on 256 size blocks: 4132167 md4's in 3.00s ... Jeff From MrUmunhum at CruzIO.com Sun Mar 5 06:10:17 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Sat, 4 Mar 2017 22:10:17 -0800 Subject: [openssl-users] error making Private RSA Message-ID: <068d3db176da5818af44330510b9655d.squirrel@cruziomail.cruzio.com>

Not sure this is the proper way to use this mailing system? My source can be viewed at: mt-umunhum-wireless.net/Sources/rsa/rsa.c What version of openssl? I'm guessing 1.0.2. Put this line inyour code ERR_load_ERR_strings(); And youll get a more informative message. I'm using: openssl version OpenSSL 1.0.1t 3 May 2016 My main guess is that your allocation for the PEM buffer is too small -- is key/key_len pointing to a static buffer? From MrUmunhum at CruzIO.com Sun Mar 5 18:12:00 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Sun, 5 Mar 2017 10:12:00 -0800 Subject: [openssl-users] I'm not getting an Emails after posting Message-ID: <84649d4c71609ed3f22e2d4ba7dbb4bb.squirrel@cruziomail.cruzio.com> How do I set up to receive Email notices for my post here? -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From MrUmunhum at CruzIO.com Sun Mar 5 23:11:44 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Sun, 5 Mar 2017 15:11:44 -0800 Subject: [openssl-users] I'm not getting an Emails after posting In-Reply-To: <84649d4c71609ed3f22e2d4ba7dbb4bb.squirrel@cruziomail.cruzio.com> References: <84649d4c71609ed3f22e2d4ba7dbb4bb.squirrel@cruziomail.cruzio.com> Message-ID: It's my SPAM filtering, somehow this list go on it. > How do I set up to receive Email notices for my post here? > > > -- > William Estrada > Mt Umunhum, CA, USA, Earth > HTTP:// Mt-Umunhum-Wireless.net > Skype: MrUmunhum > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From traiano at gmail.com Tue Mar 7 07:21:54 2017 From: traiano at gmail.com (Traiano Welcome) Date: Tue, 7 Mar 2017 11:21:54 +0400 Subject: [openssl-users] Non-self-signed SSL certificates for private hosted DNS zones Message-ID: Hi List I have a private DNS zone hosted on AWS route 53, only resolvable from within some specific VPCs. It appears some applications require an SSL certificate associated with the private DNS zone, and this SSL certificate should come from a trusted, external certificate provider (cannot be self-signed). My questions are: a) Is this a known use-case? i.e private dns zones requiring non-self-signed certificates? b) Since the DNS zone is not resolvable on the public internet, how would the certificate validation process occur for applications communicating with systems in the private zone ? c) Do SSL certificate providers issue trusted SSL certificates for private DNS zones? Many thanks in advance for any advice here! Traiano -------------- next part -------------- An HTML attachment was scrubbed... URL: From yu.chen.surf at gmail.com Tue Mar 7 10:28:47 2017 From: yu.chen.surf at gmail.com (Yu Chen) Date: Tue, 7 Mar 2017 18:28:47 +0800 Subject: [openssl-users] How to compile the static binary version of openssl Message-ID: Hi, Currently I'm trying to get a static binary of openssl command via compilng the openssl-1.1.0e. I've tried to configure with no-shared, but the bin/openssl is still dynamic linked. Thus I added -static to the end of CFLAG, it just can not get compiled. Anyone know how to get a static openssl command? thanks in advance. From openssl-users at dukhovni.org Tue Mar 7 15:08:09 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 7 Mar 2017 10:08:09 -0500 Subject: [openssl-users] How to compile the static binary version of openssl In-Reply-To: References: Message-ID: <2B126345-F93B-4818-936C-38591AF2E0F6@dukhovni.org> > On Mar 7, 2017, at 5:28 AM, Yu Chen wrote: > > Currently I'm trying to get a static binary of openssl command via > compilng the openssl-1.1.0e. What do you mean by "static binary"? Is it enough for the "ssl" and "crypto" libraries to be statically linked into the "openssl" executable? Or do you also want the C-library to be statically linked? You may need to disable support for dynamically loadable engines (the "no-engine" option) and dynamic loading of any kind (via the "no-dso" option) in order to get a completely static executable. Is that what you want? > I've tried to configure with no-shared, but the bin/openssl is still > dynamic linked. But it should have static copies of the "ssl" and "crypto" libraries. > Thus I added -static to the end of CFLAG, it just can not get compiled. > Anyone know how to get a static openssl command? thanks in advance. Perhaps "engine" and/or "dso" support requires a dynamic C-library. -- Viktor. From openssl-users at dukhovni.org Tue Mar 7 15:16:35 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 7 Mar 2017 10:16:35 -0500 Subject: [openssl-users] Non-self-signed SSL certificates for private hosted DNS zones In-Reply-To: References: Message-ID: <1F83670F-F34B-40F2-9B8D-694A7A337F7E@dukhovni.org> > On Mar 7, 2017, at 2:21 AM, Traiano Welcome wrote: > > I have a private DNS zone hosted on AWS route 53, only resolvable from > within some specific VPCs. > It appears some applications require an SSL certificate associated with > the private DNS zone, and this SSL certificate should come from a trusted, > external certificate provider (cannot be self-signed). The "trusted external" CA that issues the not-self-signed end-entity cert can almost certainly (with appropriate configuration of the client app) be a private CA that you create and provide to the SSL clients. In which case the question below is moot. > My questions are: > > a) Is this a known use-case? i.e private dns zones requiring non-self-signed > certificates? I usually use private CA certs for use on non-public networks. > b) Since the DNS zone is not resolvable on the public internet, > how would the certificate validation process occur for applications > communicating with systems in the private zone ? There is some prior history of public CAs issuing certificates for private namespaces, but IIRC this practice is discouraged and going away. > c) Do SSL certificate providers issue trusted SSL certificates for private DNS zones? It is not really possible for them to know that the names in question are used in another "private" deployment elsewhere. -- Viktor. From Michael.Wojcik at microfocus.com Tue Mar 7 18:47:10 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Tue, 7 Mar 2017 18:47:10 +0000 Subject: [openssl-users] undefined symbol fabs in file test/ct_test.o in openssl 1.1.0e on solaris In-Reply-To: <569820305.50260.1488908956202.JavaMail.administrator@mtom.nabble.com> References: <569820305.50260.1488908956202.JavaMail.administrator@mtom.nabble.com> Message-ID: > From: markus.sonderegger at juliusbaer.com > [mailto:markus.sonderegger at juliusbaer.com] > Sent: Tuesday, March 07, 2017 10:49 > To: Michael Wojcik > Subject: Re: undefined symbol fabs in file test/ct_test.o in openssl 1.1.0e on > solaris For threads that originated on openssl-users, please send messages to the list, rather than to me directly. > > >> For the record, we've always just changed the Solaris configuration we use >> in Configure to add -lm. > > I am not an experienced C developer so please can you tell me where in the > Configure file I have to add -lm. This has nothing to do with C development. The OpenSSL Configure process, while conceptually related to that used by some other packages, is an OpenSSL invention. And the use of -lm is an artifact of the toolchain (common to many toolchains for UNIX-like systems); it too has nothing to do with the C language. Also, I've just looked at our Configure and apparently I misremembered; we do not add -lm for the Solaris builds. (We make a number of other changes for that platform, though.) It seems it's not needed for the version of OpenSSL we're currently building. Where you would add -lm depends on what configuration you're using, which in turn depends on which system architecture and toolchain you're using. It also may depend on what version of OpenSSL you're building. I don't have that information, obviously. In OpensSSL 1.0.2j's Configure (and generally for all the 1.0.2 releases, I believe), all the Solaris configure entries have -ldl in their library list. So you can search Configure for "solaris (with the double-quote) at the beginning of a line, then add -lm (with a space) after -ldl on each such line. For example, in vi: :%s/^"solaris.* -ldl/& -lm Whether this also applies to OpenSSL 1.1.0 or whatever you're building, I can't say. Michael Wojcik Distinguished Engineer, Micro Focus From MrUmunhum at CruzIO.com Tue Mar 7 22:26:57 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Tue, 7 Mar 2017 14:26:57 -0800 Subject: [openssl-users] error making Private RSA In-Reply-To: <068d3db176da5818af44330510b9655d.squirrel@cruziomail.cruzio.com> References: <068d3db176da5818af44330510b9655d.squirrel@cruziomail.cruzio.com> Message-ID: <32c8b193118a3e53fdba11b8ba7fb585.squirrel@cruziomail.cruzio.com> >

Not sure this is the proper way to use this mailing system? > > My source can be viewed at: mt-umunhum-wireless.net/Sources/rsa/rsa.c > What version of openssl? I'm guessing 1.0.2. > > Put this line inyour code > ERR_load_ERR_strings(); > And youll get a more informative message. Did this and no improvement. > > I'm using: openssl version > OpenSSL 1.0.1t 3 May 2016 openssl version OpenSSL 1.0.2j-fips 26 Sep 2016 > > > My main guess is that your allocation for the PEM buffer is too small -- > is key/key_len pointing to a static buffer? It points to a char string > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From rsalz at akamai.com Tue Mar 7 22:39:29 2017 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 7 Mar 2017 22:39:29 +0000 Subject: [openssl-users] error making Private RSA In-Reply-To: <32c8b193118a3e53fdba11b8ba7fb585.squirrel@cruziomail.cruzio.com> References: <068d3db176da5818af44330510b9655d.squirrel@cruziomail.cruzio.com> <32c8b193118a3e53fdba11b8ba7fb585.squirrel@cruziomail.cruzio.com> Message-ID: > > My source can be viewed at: mt-umunhum-wireless.net/Sources/rsa/rsa.c Gives a 403. > > My main guess is that your allocation for the PEM buffer is too small > > -- is key/key_len pointing to a static buffer? > > It points to a char string Not sure what that means. Please post your code here. It should be something like char key[2048]; int keylen = sizeof key; From traiano at gmail.com Wed Mar 8 05:56:07 2017 From: traiano at gmail.com (Traiano Welcome) Date: Wed, 8 Mar 2017 09:56:07 +0400 Subject: [openssl-users] Non-self-signed SSL certificates for private hosted DNS zones In-Reply-To: <1F83670F-F34B-40F2-9B8D-694A7A337F7E@dukhovni.org> References: <1F83670F-F34B-40F2-9B8D-694A7A337F7E@dukhovni.org> Message-ID: Hi Viktor Thanks for this confirmation. I think the correct approach would be to use our internal CA. On Tue, Mar 7, 2017 at 7:16 PM, Viktor Dukhovni wrote: > > > On Mar 7, 2017, at 2:21 AM, Traiano Welcome wrote: > > > > I have a private DNS zone hosted on AWS route 53, only resolvable from > > within some specific VPCs. > > It appears some applications require an SSL certificate associated with > > the private DNS zone, and this SSL certificate should come from a > trusted, > > external certificate provider (cannot be self-signed). > > The "trusted external" CA that issues the not-self-signed end-entity cert > can almost certainly (with appropriate configuration of the client app) > be a private CA that you create and provide to the SSL clients. > > In which case the question below is moot. > > > My questions are: > > > > a) Is this a known use-case? i.e private dns zones requiring > non-self-signed > > certificates? > > I usually use private CA certs for use on non-public networks. > > > b) Since the DNS zone is not resolvable on the public internet, > > how would the certificate validation process occur for applications > > communicating with systems in the private zone ? > > There is some prior history of public CAs issuing certificates for > private namespaces, but IIRC this practice is discouraged and going > away. > > > c) Do SSL certificate providers issue trusted SSL certificates for > private DNS zones? > > It is not really possible for them to know that the names in question > are used in another "private" deployment elsewhere. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Timothy.Nichols at va.gov Wed Mar 8 20:57:28 2017 From: Timothy.Nichols at va.gov (Nichols, Timothy (Checkpoint)) Date: Wed, 8 Mar 2017 15:57:28 -0500 Subject: [openssl-users] ca's config options -certs vs. -new_certs_dir Message-ID: Hi, I am not understanding the point of the config file's mandatory default -new_certs_dir into which goes what appears to be a copy of the certificate I specifically locate elsewhere in the file system. I am using the -out option from the command line to generate the file named according to the convention I have chosen...and then in the new_certs directory is deposited the .pem file. Of course, I haven't found an explanation as to why this happens in the documentation or the Googlie. Thanks, Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Wed Mar 8 21:39:19 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 8 Mar 2017 21:39:19 +0000 Subject: [openssl-users] ca's config options -certs vs. -new_certs_dir In-Reply-To: References: Message-ID: It's because processing a request can generate multiple certificates. Therefore ca needs a destination where it can write multiple certificates, not just a single one. Note that new_certs_dir is only used if -outdir wasn't specified on the command line. You could create a temporary directory, pass its pathname with -outdir, then remove the directory and its contents after running ca. With -out, all the certificates are just concatenated to the file. Usually they're PEM, so that's OK; the exception is if -spkac is used to specify an SPKAC file. SPKAC is mostly used in conjunction with the HTML KEYGEN element, when interpreted by Firefox and some other browsers. So you could argue that -outdir / new_certs_dir should be optional, since usually the single output file is more or less usable. But it isn't optional, and that's life. Of course, if you're building OpenSSL from source, it wouldn't be hard to make the necessary changes to ca.c. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Nichols, Timothy (Checkpoint) Sent: Wednesday, March 08, 2017 13:57 To: openssl-users at openssl.org Subject: [openssl-users] ca's config options -certs vs. -new_certs_dir Hi, I am not understanding the point of the config file?s mandatory default ?new_certs_dir into which goes what appears to be a copy of the certificate I specifically locate elsewhere in the file system. I am using the ?out option from the command line to generate the file named according to the convention I have chosen?and then in the new_certs directory is deposited the .pem file. Of course, I haven?t found an explanation as to why this happens in the documentation or the Googlie. Thanks, Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From akshar.kanak1 at gmail.com Thu Mar 9 04:35:41 2017 From: akshar.kanak1 at gmail.com (Akshar Kanak) Date: Thu, 9 Mar 2017 10:05:41 +0530 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow Message-ID: Dear team In AES-GCM mode i know that the final counter will be [4 bytes salt which is negotiated between client and serevr ] + [8 bytes of random bytes which are generated using RAND_bytes (nounce_explicit). nounce] + [32 bit counter ] nounce_explicit will be incremented for every TLS packet and will be sent in the packet . * if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )?* I know that it will take 2^64 TLS packets in one direction . It is practically not possible but theoritically possible . 32 bit counter should not be a problem , since individual TLS packet has to be more than 68GB for this counter to overflow or overlap . This will not be possible . Please correct me if I am wrong ? Thanks and regards Akshar -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Thu Mar 9 12:49:00 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 9 Mar 2017 12:49:00 +0000 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: References: Message-ID: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> No, it does not do this automatically. if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Thu Mar 9 13:02:01 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 9 Mar 2017 13:02:01 +0000 Subject: [openssl-users] [openssl-dev] Openssl 1.0.2 stable SNAP 20170309 issue In-Reply-To: <20170309125820.GA27757@doctor.nl2k.ab.ca> References: <20170309125820.GA27757@doctor.nl2k.ab.ca> Message-ID: Already fixed. From doctor at doctor.nl2k.ab.ca Thu Mar 9 12:58:20 2017 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Thu, 9 Mar 2017 05:58:20 -0700 Subject: [openssl-users] Openssl 1.0.2 stable SNAP 20170309 issue Message-ID: <20170309125820.GA27757@doctor.nl2k.ab.ca> Script started on Thu Mar 9 05:45:36 2017 root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170309 # make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/srp... making all in crypto/store... making all in crypto/cmac... if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi `libcrypto.so.1.0.0' is up to date. making all in engines... echo making all in engines/ccgost... making all in ssl... if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libssl.so.1.0.0); fi `libssl.so.1.0.0' is up to date. making all in apps... /usr/local/bin/clang39 -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c enc.c -o enc.o enc.c:93:5: error: use of undeclared identifier 'cipher' cipher = EVP_get_cipherbyname(name->name); ^ enc.c:94:9: error: use of undeclared identifier 'cipher' if (cipher == NULL || ^ enc.c:95:31: error: use of undeclared identifier 'cipher' (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || ^ enc.c:96:29: error: use of undeclared identifier 'cipher' EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) ^ 4 errors generated. *** Error code 1 Stop. make[1]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170309/apps *** Error code 1 Stop. make: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170309 root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170309 # exzit exzit: Command not found. root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170309 # exit exit Script done on Thu Mar 9 05:46:27 2017 Please fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism God is dead! Yahweh lives! Jesus his only begotten Son is the Risen Saviour!! From Michael.Wojcik at microfocus.com Thu Mar 9 15:26:30 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 9 Mar 2017 15:26:30 +0000 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> References: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: And there's no reason for it to do so, because it isn't needed. If you generate one TLS packet every nanosecond, it will take nearly six centuries to overflow, by which time the version of TLS you're using will have been deprecated and all security guarantees are moot anyway. In general, most security experts recommend against keeping a TLS conversation open for years at a time. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Thursday, March 09, 2017 05:49 To: openssl-users at openssl.org Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow No, it does not do this automatically. if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )? -------------- next part -------------- An HTML attachment was scrubbed... URL: From MrUmunhum at CruzIO.com Thu Mar 9 23:01:16 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Thu, 9 Mar 2017 15:01:16 -0800 Subject: [openssl-users] error making Private RSA Message-ID: I have been tiring to keep my posting to a minim but I am not getting across what I am looking to fix. And I have been getting reports that my source code is not viewable. In my Apache logs I see that some people have be using the wrong link, they are tiring to use "http://mt-umunhum-wireless.net/mt-umunhum-wireless.net/Sources" This is wrong! use: "http://mt-umunhum-wireless.net/Sources/rsa" or "216.173.131.138/Sources/rsa" The most recent attempt is the rsapost.c with the output rsapost.txt What I am attempting to do is: 1) generate a RSA key pair, working but always the same keys. 2) remove the public key, working 3) create a RSA structure with the public key, 4 methods, all fail. 4) use the public key to encrypt a sting, don't get here. 5) use the RSA pair to decrypt the string. The code is not clean but here it is: #include #include #include #include #include #include #include #include #include #include #define OFF "\x1B[0;0;0m" #define DEFAULT "\x1B[0;0;0m" #define RED "\x1B[1;31;40m" #define BLUE "\x1B[1;34;40m" #define GREEN "\x1B[1;32;40m" #define YELLOW "\x1B[1;33;40m" #define CLEAR_EOL "\x1B[K" void Dump( char *, int ); typedef unsigned char* UcharP; typedef unsigned char uchar; #define Check_Key( Key, Action ) \ if( RSA_check_key( Key ) != 1 ) { \ printf( RED "%d %s Make Key Failed!\n" OFF, __LINE__, "(Key)" );\ printf( RED "%s\n", \ ERR_error_string( ERR_get_error(), NULL ) ); \ Action ; } \ else { \ printf( BLUE "%d %s check key good\n" OFF , __LINE__, "Key" ); } int main() { // main() ERR_load_ERR_strings(); RSA *My_RSA = RSA_new(); char Str[] = "1234567890"; unsigned char Out[1024]; unsigned char In[ 1024]; int RC, L, RSA_Len; unsigned long Error = ERR_get_error(); char *MSG = ERR_error_string( Error, NULL); const char *MSG2 = ERR_reason_error_string( Error ); char *ErrStr[100]; BIGNUM *bne = BN_new(); BN_set_word( bne, RSA_F4 ); RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL ); BN_free( bne ); Check_Key( My_RSA, "return 1" ); L = strlen( Str ); printf ( BLUE "String: %s" OFF, Str ); Dump( Str, L ); RSA *Pub_RSA = RSA_new(); // Extract Key from RSA Key pair BIO * Key_Bio = BIO_new( BIO_s_mem() ); RC = PEM_write_bio_RSAPublicKey( Key_Bio, My_RSA ); printf( BLUE "%d RC: %d\n" OFF, __LINE__ ); size_t Key_Len = BIO_pending( Key_Bio ); char *Key = malloc( Key_Len + 1 ); RC = BIO_read( Key_Bio, Key, Key_Len ); Key[ Key_Len ] = '\0'; printf( BLUE "%d RC: %d, Len: %d\n" OFF, __LINE__, RC, Key_Len ); // Let's see the data printf( BLUE "\nKey type %s\n" OFF, "Public" ); Dump( (char*) Key, -Key_Len ); // Now try to fill in to RSA using the BIO method BIO* bio = BIO_new( BIO_s_mem() ); bio = BIO_new_mem_buf( (void*)Key, -1 ) ; // Load the RSA key from the BIO printf( "Method 1\n" ); RSA* RSA1 = NULL; RSA1 = PEM_read_bio_RSA_PUBKEY( bio, NULL, NULL, NULL ) ; if( !RSA1 ) printf( RED " ERROR: Could not load PUBLIC KEY!\n" " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, ERR_error_string( ERR_get_error(), NULL ) ) ; else Check_Key( RSA1, ";" ); printf( "Method 2\n" ); RSA *RSA2 = RSA_new(); BIO_new_mem_buf( (void*)Key, -1 ) ; RC = PEM_write_bio_RSA_PUBKEY( bio, RSA2 ) ; if( !RSA2 ) printf( RED " ERROR: Could not load PUBLIC KEY!\n" " PEM_write_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, ERR_error_string( ERR_get_error(), NULL ) ) ; else Check_Key( RSA2, ";" ); // Try Bio method 3 printf( OFF "Method 3\n" ); RSA *RSA3 = RSA_new(); BIO* Pem = BIO_new( BIO_s_mem() ); BIO_puts( Pem, Key ); ERR_print_errors( Pem ); if( RSA3 ) Check_Key( RSA3, ";" ); RC = PEM_write_bio_RSA_PUBKEY( Pem, RSA3 ); printf( OFF "BIO RC: %d\n", RC ); if( RSA3 ) Check_Key( RSA3, ";" ); // Now try to fill in to RSA using the EVP method printf( OFF "Method 4\n" ); RSA *RSA4 = RSA_new(); EVP_PKEY* EVP_PEM_Key; EVP_PKEY* EVP_Pub_Key = d2i_PUBKEY_bio( Pem, NULL); ERR_print_errors( Pem ); if( EVP_Pub_Key == NULL ) { Error = ERR_get_error( ); MSG = (char*) ERR_reason_error_string( Error ); printf( RED "EVP Error: %s" OFF "\n", MSG ); } else { RSA4 = EVP_PKEY_get1_RSA( EVP_Pub_Key ); } Check_Key( RSA4, "return 1;" ); while(1) { if( RSA1 && RSA_check_key( RSA1 ) == 1 ) { Pub_RSA = RSA1;break; } if( RSA2 && RSA_check_key( RSA2 ) == 1 ) { Pub_RSA = RSA2;break; } if( RSA3 && RSA_check_key( RSA3 ) == 1 ) { Pub_RSA = RSA3;break; } if( RSA4 && RSA_check_key( RSA4 ) == 1 ) { Pub_RSA = RSA4;break; } printf( BLUE " No usable RSA structures, quiting\n" OFF ); return 1; } // Free used memory BIO_free( Key_Bio ); BIO_free( Pem ); int In_Len; In_Len = RSA_public_encrypt( L, (uchar*) Str, (uchar*) In, Pub_RSA, RSA_PKCS1_OAEP_PADDING ); printf( BLUE "Encrypted: %d" OFF, In_Len ); Dump( In, In_Len ); int Out_Len; Out_Len = RSA_private_decrypt( RSA_Len, (uchar*) In, (uchar*) Out, My_RSA, RSA_PKCS1_OAEP_PADDING ); printf( BLUE "Decrypted: %d" OFF, Out_Len ); Dump( Out, Out_Len ); if( !memcmp( (char *)Key, (char *)Out, Out_Len ) ) { printf( "Ecrypt/Decrypt failed\n" ); } else { printf( "Ecrypt/Decrypt Passed\n" ); } return 0; } /* -------------------------------------------------------------- */ void Dump( char *P, int Len ) { // Dump() int I, E, C, L, Done, Min, Max; char Buf[20], S[100]; unsigned char D; unsigned char Hex[20] = "0123456789ABCDEF"; if( Len < 0 ) { Len = abs( Len ); Min = .20 *Len; Max = Len-Min; } else { Min = Len; Max = 0; } int Note; Done = 0, Note = 0; printf( "\n" ); for( C = 0; C < Len ; C += 16,Done += L ) { // For() // printf( "C: %d, Min: %d, Max: %d\n", C, Min, Max ); if( C > Min && C < Max ) { if( Note == 0 ) printf( RED ". . " "Output trimed.\n" OFF ); Note = 1; continue; } if( (L = Len -C) > 16 ) L = 16; if( L < 1 ) break; strcpy( Buf, " " ); strcpy( S, " " ); E = 0; for( I = 0; I < L; I++ ) { D = P[ ( I +Done ) ]; if( isprint( D ) ) { Buf[I] = D; } else { Buf[I] = '.'; } if( I && !(I % 4) ) { S[E++] = ' '; } S[E++] = Hex[ D >> 4 ]; S[E++] = Hex[ D & 15 ]; } printf( "%4.4d %4.4x %-35s" BLUE "/*" YELLOW " %16.16s" BLUE " */\n" OFF , Done, Done, S, Buf ); fflush(stdout); } printf( BLUE "End of block - %3d bytes" YELLOW " --------------------- " BLUE " /* " YELLOW "---------------- " BLUE "*/\n" OFF, Done ); printf( OFF ); fflush(NULL); return; } This outputs: 5 Key check key good String: 1234567890 0000 0000 31323334 35363738 3930 /* 1234567890 */ End of block - 10 bytes --------------------- /* ---------------- */ 68 RC: -141075560 75 RC: 426, Len: 426 Key type Public 0000 0000 2D2D2D2D 2D424547 494E2052 53412050 /* -----BEGIN RSA P */ 0016 0010 55424C49 43204B45 592D2D2D 2D2D0A4D /* UBLIC KEY-----.M */ 0032 0020 49494243 674B4341 5145416F 7142344D /* IIBCgKCAQEAoqB4M */ 0048 0030 32307751 467A4972 634E4E39 31454364 /* 20wQFzIrcNN91ECd */ 0064 0040 5344505A 31723259 38346355 43457961 /* SDPZ1r2Y84cUCEya */ 0080 0050 394B585A 6C45475A 516B4245 445A6E0A /* 9KXZlEGZQkBEDZn. */ . . Output trimed. 0352 0160 2B494F0A 6F636748 486A6F44 67746A45 /* +IO.ocgHHjoDgtjE */ 0368 0170 58677779 646A6D31 725A4369 5459722B /* Xgwydjm1rZCiTYr+ */ 0384 0180 3270506F 6C774944 41514142 0A2D2D2D /* 2pPolwIDAQAB.--- */ 0400 0190 2D2D454E 44205253 41205055 424C4943 /* --END RSA PUBLIC */ 0416 01a0 204B4559 2D2D2D2D 2D0A /* KEY-----. */ End of block - 426 bytes --------------------- /* ---------------- */ Method 1 ERROR: Could not load PUBLIC KEY! PEM_read_bio_RSA_PUBKEY FAILED: error:0906D06C:PEM routines:func(109):reason(108) Method 2 107 (Key) Make Key Failed! error:2007507E:BIO routines:func(117):reason(126) Method 3 116 (Key) Make Key Failed! error:0407B093:rsa routines:func(123):reason(147) BIO RC: 1 121 (Key) Make Key Failed! error:0407B093:rsa routines:func(123):reason(147) Method 4 EVP Error: (null) 142 (Key) Make Key Failed! error:0407B093:rsa routines:func(123):reason(147) No usable RSA structures, quiting Hope this clarifies what I am attempting to do? Appreciate any help, thanks for your time. -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From rgm at htt-consult.com Thu Mar 9 23:49:56 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 9 Mar 2017 18:49:56 -0500 Subject: [openssl-users] scripting creating a cert Message-ID: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> I am creating self-signed certs with: openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req Where, for example: your_host_tld=z9m9z.test.htt-consult.com Thing is that this then prompts for a number of fields: Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Is there some 'simple' way to provide these answers? Like with env variables? thanks From dnsands at sandia.gov Fri Mar 10 00:05:09 2017 From: dnsands at sandia.gov (Sands, Daniel) Date: Fri, 10 Mar 2017 00:05:09 +0000 Subject: [openssl-users] [EXTERNAL] Re: error making Private RSA In-Reply-To: References: Message-ID: <1489104309.19430.28.camel@sandia.gov> First, to get intelligible text errors, replace your initial call with ERR_load_crypto_strings(). The ERR_load_ERR_strings call doesn't even seem to be documented, likely because it only loads the strings associated with the ERR API, and you likely need PEM and BIO error strings. When I did this, the error message was "no start line" for method 1. Second, it seems to matter whether you use PEM_load_bio_RSA_PUBKEY vs PEM_load_bio_RSAPublicKey. Next, CheckKey will likely only work when the private key is also read in. Otherwise it segfaults. As a side note, the [n]curses library would be more portable with whatever terminal you run the program over. As for method 4: d2i_xxxx and i2d_xxxx are for DER formatted buffers. You're writing out as PEM format. You need to read it back in as PEM format, as attempted in some of the previous methods. So it makes sense that this method fails. On Thu, 2017-03-09 at 15:01 -0800, william estrada wrote: > I have been tiring to keep my posting to a minim but I am not getting > across what I am looking to > fix. And I have been getting reports that my source code is not > viewable. In my Apache logs I see that some people have be using the > wrong link, they are tiring to use > "http://mt-umunhum-wireless.net/mt-umunhum-wireless.net/Sources" > This is wrong! use: > "http://mt-umunhum-wireless.net/Sources/rsa" > or > "216.173.131.138/Sources/rsa" > > The most recent attempt is the rsapost.c with the output rsapost.txt > > What I am attempting to do is: > 1) generate a RSA key pair, working but always the same keys. > 2) remove the public key, working > 3) create a RSA structure with the public key, 4 methods, all fail. > 4) use the public key to encrypt a sting, don't get here. > 5) use the RSA pair to decrypt the string. > > The code is not clean but here it is: > > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > > #define OFF "\x1B[0;0;0m" > #define DEFAULT "\x1B[0;0;0m" > #define RED "\x1B[1;31;40m" > #define BLUE "\x1B[1;34;40m" > #define GREEN "\x1B[1;32;40m" > #define YELLOW "\x1B[1;33;40m" > #define CLEAR_EOL "\x1B[K" > > void Dump( char *, int ); > typedef unsigned char* UcharP; > typedef unsigned char uchar; > > #define Check_Key( Key, Action ) \ > if( RSA_check_key( Key ) != 1 ) { \ > printf( RED "%d %s Make Key Failed!\n" OFF, __LINE__, "(Key)" );\ > printf( RED "%s\n", \ > ERR_error_string( ERR_get_error(), NULL ) ); \ > Action ; } \ > else { \ > printf( BLUE "%d %s check key good\n" OFF , __LINE__, "Key" ); } > > int main() { // main() > > ERR_load_ERR_strings(); > > RSA *My_RSA = RSA_new(); > > char Str[] = "1234567890"; > unsigned char Out[1024]; > unsigned char In[ 1024]; > int RC, L, RSA_Len; > > unsigned long Error = ERR_get_error(); > char *MSG = ERR_error_string( Error, NULL); > const char *MSG2 = ERR_reason_error_string( Error ); > char *ErrStr[100]; > > BIGNUM *bne = BN_new(); > BN_set_word( bne, RSA_F4 ); > > RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL ); > BN_free( bne ); > > Check_Key( My_RSA, "return 1" ); > > L = strlen( Str ); > printf ( BLUE "String: %s" OFF, Str ); > Dump( Str, L ); > > RSA *Pub_RSA = RSA_new(); > > // Extract Key from RSA Key pair > BIO * Key_Bio = BIO_new( BIO_s_mem() ); > > RC = PEM_write_bio_RSAPublicKey( Key_Bio, My_RSA ); > > printf( BLUE "%d RC: %d\n" OFF, __LINE__ ); > > size_t Key_Len = BIO_pending( Key_Bio ); > char *Key = malloc( Key_Len + 1 ); > RC = BIO_read( Key_Bio, Key, Key_Len ); > Key[ Key_Len ] = '\0'; > > printf( BLUE "%d RC: %d, Len: %d\n" OFF, __LINE__, RC, Key_Len ); > > // Let's see the data > printf( BLUE "\nKey type %s\n" OFF, "Public" ); > Dump( (char*) Key, -Key_Len ); > > // Now try to fill in to RSA using the BIO method > BIO* bio = BIO_new( BIO_s_mem() ); > bio = BIO_new_mem_buf( (void*)Key, -1 ) ; > > // Load the RSA key from the BIO > printf( "Method 1\n" ); > RSA* RSA1 = NULL; > RSA1 = PEM_read_bio_RSA_PUBKEY( bio, NULL, NULL, NULL ) ; > if( !RSA1 ) > printf( RED > " ERROR: Could not load PUBLIC KEY!\n" > " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, > ERR_error_string( ERR_get_error(), NULL ) ) ; > > else Check_Key( RSA1, ";" ); > > printf( "Method 2\n" ); > RSA *RSA2 = RSA_new(); > BIO_new_mem_buf( (void*)Key, -1 ) ; > RC = PEM_write_bio_RSA_PUBKEY( bio, RSA2 ) ; > if( !RSA2 ) > printf( RED > " ERROR: Could not load PUBLIC KEY!\n" > " PEM_write_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, > ERR_error_string( ERR_get_error(), NULL ) ) ; > > else Check_Key( RSA2, ";" ); > > // Try Bio method 3 > printf( OFF "Method 3\n" ); > RSA *RSA3 = RSA_new(); > BIO* Pem = BIO_new( BIO_s_mem() ); > BIO_puts( Pem, Key ); > ERR_print_errors( Pem ); > > if( RSA3 ) Check_Key( RSA3, ";" ); > > RC = PEM_write_bio_RSA_PUBKEY( Pem, RSA3 ); > printf( OFF "BIO RC: %d\n", RC ); > > if( RSA3 ) Check_Key( RSA3, ";" ); > > // Now try to fill in to RSA using the EVP method > > printf( OFF "Method 4\n" ); > > RSA *RSA4 = RSA_new(); > > EVP_PKEY* EVP_PEM_Key; > > EVP_PKEY* EVP_Pub_Key = d2i_PUBKEY_bio( Pem, NULL); > > ERR_print_errors( Pem ); > > if( EVP_Pub_Key == NULL ) { > Error = ERR_get_error( ); > MSG = (char*) ERR_reason_error_string( Error ); > printf( RED "EVP Error: %s" OFF "\n", MSG ); } > else { > RSA4 = EVP_PKEY_get1_RSA( EVP_Pub_Key ); } > > Check_Key( RSA4, "return 1;" ); > > while(1) { > if( RSA1 && RSA_check_key( RSA1 ) == 1 ) { > Pub_RSA = RSA1;break; } > if( RSA2 && RSA_check_key( RSA2 ) == 1 ) { > Pub_RSA = RSA2;break; } > if( RSA3 && RSA_check_key( RSA3 ) == 1 ) { > Pub_RSA = RSA3;break; } > if( RSA4 && RSA_check_key( RSA4 ) == 1 ) { > Pub_RSA = RSA4;break; } > printf( BLUE " No usable RSA structures, quiting\n" OFF ); > return 1; } > > // Free used memory > BIO_free( Key_Bio ); > BIO_free( Pem ); > > int In_Len; > In_Len = RSA_public_encrypt( L, > (uchar*) Str, > (uchar*) In, > Pub_RSA, > RSA_PKCS1_OAEP_PADDING ); > > printf( BLUE "Encrypted: %d" OFF, In_Len ); > Dump( In, In_Len ); > > int Out_Len; > Out_Len = RSA_private_decrypt( RSA_Len, > (uchar*) In, > (uchar*) Out, > My_RSA, > RSA_PKCS1_OAEP_PADDING ); > > printf( BLUE "Decrypted: %d" OFF, Out_Len ); > Dump( Out, Out_Len ); > > if( !memcmp( (char *)Key, (char *)Out, Out_Len ) ) { > printf( "Ecrypt/Decrypt failed\n" ); } > else { > printf( "Ecrypt/Decrypt Passed\n" ); } > > return 0; } > > /* -------------------------------------------------------------- */ > > void > Dump( char *P, int Len ) { // Dump() > > int I, E, C, L, Done, Min, Max; > char Buf[20], S[100]; > > unsigned char D; > > unsigned char Hex[20] = "0123456789ABCDEF"; > > if( Len < 0 ) { > Len = abs( Len ); > Min = .20 *Len; > Max = Len-Min; } > else { > Min = Len; > Max = 0; } > > int Note; > Done = 0, Note = 0; > > printf( "\n" ); > for( C = 0; C < Len ; C += 16,Done += L ) { // For() > > // printf( "C: %d, Min: %d, Max: %d\n", C, Min, Max ); > if( C > Min && C < Max ) { > if( Note == 0 ) > printf( RED ". . " "Output trimed.\n" OFF ); > Note = 1; > continue; } > > if( (L = Len -C) > 16 ) L = 16; > if( L < 1 ) break; > > strcpy( Buf, " " ); > strcpy( S, " " ); > E = 0; > for( I = 0; I < L; I++ ) { > > D = P[ ( I +Done ) ]; > > if( isprint( D ) ) { Buf[I] = D; } > else { Buf[I] = '.'; } > > if( I && !(I % 4) ) { S[E++] = ' '; } > > S[E++] = Hex[ D >> 4 ]; > S[E++] = Hex[ D & 15 ]; } > > printf( "%4.4d %4.4x %-35s" BLUE "/*" YELLOW " %16.16s" BLUE " */\n" > OFF , Done, Done, S, Buf ); fflush(stdout); > > } > > printf( BLUE "End of block - %3d bytes" > YELLOW " --------------------- " > BLUE " /* " > YELLOW "---------------- " > BLUE "*/\n" OFF, Done ); > printf( OFF ); fflush(NULL); > return; } > > This outputs: > > 5 Key check key good > String: 1234567890 > 0000 0000 31323334 35363738 3930 /* 1234567890 */ > End of block - 10 bytes --------------------- /* ---------------- */ > 68 RC: -141075560 > 75 RC: 426, Len: 426 > > Key type Public > > 0000 0000 2D2D2D2D 2D424547 494E2052 53412050 /* -----BEGIN RSA P */ > 0016 0010 55424C49 43204B45 592D2D2D 2D2D0A4D /* UBLIC KEY-----.M */ > 0032 0020 49494243 674B4341 5145416F 7142344D /* IIBCgKCAQEAoqB4M */ > 0048 0030 32307751 467A4972 634E4E39 31454364 /* 20wQFzIrcNN91ECd */ > 0064 0040 5344505A 31723259 38346355 43457961 /* SDPZ1r2Y84cUCEya */ > 0080 0050 394B585A 6C45475A 516B4245 445A6E0A /* 9KXZlEGZQkBEDZn. */ > . . Output trimed. > 0352 0160 2B494F0A 6F636748 486A6F44 67746A45 /* +IO.ocgHHjoDgtjE */ > 0368 0170 58677779 646A6D31 725A4369 5459722B /* Xgwydjm1rZCiTYr+ */ > 0384 0180 3270506F 6C774944 41514142 0A2D2D2D /* 2pPolwIDAQAB.--- */ > 0400 0190 2D2D454E 44205253 41205055 424C4943 /* --END RSA PUBLIC */ > 0416 01a0 204B4559 2D2D2D2D 2D0A /* KEY-----. */ > End of block - 426 bytes --------------------- /* ---------------- */ > Method 1 > ERROR: Could not load PUBLIC KEY! > PEM_read_bio_RSA_PUBKEY FAILED: > error:0906D06C:PEM routines:func(109):reason(108) > Method 2 > 107 (Key) Make Key Failed! > error:2007507E:BIO routines:func(117):reason(126) > Method 3 > 116 (Key) Make Key Failed! > error:0407B093:rsa routines:func(123):reason(147) > BIO RC: 1 > 121 (Key) Make Key Failed! > error:0407B093:rsa routines:func(123):reason(147) > Method 4 > EVP Error: (null) > 142 (Key) Make Key Failed! > error:0407B093:rsa routines:func(123):reason(147) > No usable RSA structures, quiting > > Hope this clarifies what I am attempting to do? > > Appreciate any help, thanks for your time. > > -- > William Estrada > Mt Umunhum, CA, USA, Earth > HTTP:// Mt-Umunhum-Wireless.net > Skype: MrUmunhum > From rsalz at akamai.com Fri Mar 10 00:33:07 2017 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 10 Mar 2017 00:33:07 +0000 Subject: [openssl-users] scripting creating a cert In-Reply-To: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> Message-ID: <2aa6834d141f4244a2c5693483acaa04@usma1ex-dag1mb1.msg.corp.akamai.com> Yes there are easier ways to do this. Set up a conf file and use it (via the -conf flag). You can use env vars, set default values, and so on. Look at the config manpages, https://www.openssl.org/docs/manmaster/man5/ For a fuller example, see https://www.openssl.org/~rsalz/pki.tgz PS -- find me in Chicago and I can answer questions, Robert :) From jan.m.danielsson at gmail.com Fri Mar 10 01:06:54 2017 From: jan.m.danielsson at gmail.com (Jan Danielsson) Date: Fri, 10 Mar 2017 02:06:54 +0100 Subject: [openssl-users] scripting creating a cert In-Reply-To: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> Message-ID: On 03/10/17 00:49, Robert Moskowitz wrote: [---] > Is there some 'simple' way to provide these answers? Like with env > variables? I tend do create response files (one response per line) and then simply pipe to openssl: $ cat foo.params | openssl ... Just make sure openssl doesn't need any password inputs. -- Kind regards, Jan Danielsson From rgm at htt-consult.com Fri Mar 10 01:09:09 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 9 Mar 2017 20:09:09 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: <2aa6834d141f4244a2c5693483acaa04@usma1ex-dag1mb1.msg.corp.akamai.com> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> <2aa6834d141f4244a2c5693483acaa04@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <558eb893-6cef-4d78-d03e-730fa693405f@htt-consult.com> Hi, Rich. Fancy meeting you here. On 03/09/2017 07:33 PM, Salz, Rich via openssl-users wrote: > Yes there are easier ways to do this. Set up a conf file and use it (via the -conf flag). You can use env vars, set default values, and so on. Look at the config manpages, https://www.openssl.org/docs/manmaster/man5/ Not easy enough for me. But I will have to read it some more. > For a fuller example, see https://www.openssl.org/~rsalz/pki.tgz 'Fuller' is putting it mildly. :) > PS -- find me in Chicago and I can answer questions, Robert :) Plan on it! Bob From openssl-users at dukhovni.org Fri Mar 10 01:17:12 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 9 Mar 2017 20:17:12 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> Message-ID: <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> > On Mar 9, 2017, at 6:49 PM, Robert Moskowitz wrote: > > I am creating self-signed certs with: > > openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req > > Where, for example: > > your_host_tld=z9m9z.test.htt-consult.com > > Thing is that this then prompts for a number of fields The simplest solution is to set the subject DN explicitly on the command-line: $ umask 077 # avoid world-readable private keys $ openssl req -new -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key \ -x509 -subj "/CN=$(uname -n)" -out certs/$your_host_tld.crt \ -days 3650 -extensions v3_req Fore more advanced related approaches see: https://raw.githubusercontent.com/openssl/openssl/master/test/certs/mkcert.sh -- Viktor. From rgm at htt-consult.com Fri Mar 10 01:39:59 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 9 Mar 2017 20:39:59 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> Message-ID: <1e04464f-44e8-30f1-bd75-5a2b2913f13b@htt-consult.com> Jan, On 03/09/2017 08:06 PM, Jan Danielsson wrote: > On 03/10/17 00:49, Robert Moskowitz wrote: > [---] >> Is there some 'simple' way to provide these answers? Like with env >> variables? > I tend do create response files (one response per line) and then > simply pipe to openssl: > > $ cat foo.params | openssl ... I will try a few things out with this. thanks > Just make sure openssl doesn't need any password inputs. > It doesn't for this command. From rgm at htt-consult.com Fri Mar 10 01:43:38 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 9 Mar 2017 20:43:38 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> Message-ID: Viktor, On 03/09/2017 08:17 PM, Viktor Dukhovni wrote: >> On Mar 9, 2017, at 6:49 PM, Robert Moskowitz wrote: >> >> I am creating self-signed certs with: >> >> openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req >> >> Where, for example: >> >> your_host_tld=z9m9z.test.htt-consult.com >> >> Thing is that this then prompts for a number of fields > The simplest solution is to set the subject DN explicitly on the command-line: > > $ umask 077 # avoid world-readable private keys Perhaps (no perhaps about it) this is old information, but I picked up that I needed: chmod 640 for the private keys for Apache. (and postfix and others use these certs; at least they are in their confs) > $ openssl req -new -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key \ > -x509 -subj "/CN=$(uname -n)" -out certs/$your_host_tld.crt \ > -days 3650 -extensions v3_req > > Fore more advanced related approaches see: > > https://raw.githubusercontent.com/openssl/openssl/master/test/certs/mkcert.sh Looks like this is pointing me in the direction I want to go. I will dig more into this approach. thank you From openssl-users at dukhovni.org Fri Mar 10 01:53:33 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 9 Mar 2017 20:53:33 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> Message-ID: > On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote: > >> $ umask 077 # avoid world-readable private keys > > Perhaps (no perhaps about it) this is old information, but I picked up that I needed: > > chmod 640 for the private keys for Apache. (and postfix and others use these certs; at least they are in their confs) I strive to avoid the private disclosure race of first creating a world-readable file, and then trying to do a quick chmod before the bad guys get around to opening it. That's why I recommend the umask approach. You can adjust the umask to suit your needs. With OpenSSL 1.1.0, if I recall correctly "keyout" files and the like are automatically opened mode "0600". Rich Salz, who wrote the CLI option processing code for 1.1.0 will correct me, if my memory if faulty. There are still a lot of users with 1.0.2 or earlier, and OpenSSL cannot always figure out which files end up having private keys in them, so the umask approach is a good precaution to keep using. -- Viktor. From jb-openssl at wisemo.com Fri Mar 10 02:04:58 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Fri, 10 Mar 2017 03:04:58 +0100 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: References: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <7d399906-36a1-c480-2edf-570d286526ab@wisemo.com> But if the starting value is random, the number of increments before overflow or wrap will be random too (and could hypothetically, but rarely, be as little as 1). Anyway, I thought TLS records were limited to slightly more than 16K each, so the in-record block counter would not count very far. On 09/03/2017 16:26, Michael Wojcik wrote: > > And there's no reason for it to do so, because it isn't needed. If you > generate one TLS packet every nanosecond, it will take nearly six > centuries to overflow, by which time the version of TLS you're using > will have been deprecated and all security guarantees are moot anyway. > > In general, most security experts recommend against keeping a TLS > conversation open for years at a time. > > Michael Wojcik > Distinguished Engineer, Micro Focus > > *From:*openssl-users [mailto:openssl-users-bounces at openssl.org] *On > Behalf Of *Salz, Rich via openssl-users > *Sent:* Thursday, March 09, 2017 05:49 > *To:* openssl-users at openssl.org > *Subject:* Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit > overflow > > No, it does not do this automatically. > > *if the nounce _explicit overflows or overlaps , then does openssl > code handles it (atleast by initiating renegotiation )?* > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From rgm at htt-consult.com Fri Mar 10 02:08:30 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 9 Mar 2017 21:08:30 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> Message-ID: <01401a5e-5e1b-c3c6-6784-04f3067a18f6@htt-consult.com> On 03/09/2017 08:53 PM, Viktor Dukhovni wrote: >> On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote: >> >>> $ umask 077 # avoid world-readable private keys >> Perhaps (no perhaps about it) this is old information, but I picked up that I needed: >> >> chmod 640 for the private keys for Apache. (and postfix and others use these certs; at least they are in their confs) > I strive to avoid the private disclosure race of first creating > a world-readable file, and then trying to do a quick chmod before > the bad guys get around to opening it. That's why I recommend the > umask approach. > > You can adjust the umask to suit your needs. With OpenSSL 1.1.0, > if I recall correctly "keyout" files and the like are automatically > opened mode "0600". Rich Salz, who wrote the CLI option processing > code for 1.1.0 will correct me, if my memory if faulty. There are > still a lot of users with 1.0.2 or earlier, and OpenSSL cannot > always figure out which files end up having private keys in them, > so the umask approach is a good precaution to keep using. And Rich and I sit down and talk about things all the time at IETF. This time we will have some other items to discuss. And since this will go into a world-readable (eventually) howto, this is good advice that I will work on incorporating. Thanks From Michael.Wojcik at microfocus.com Fri Mar 10 03:34:16 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 10 Mar 2017 03:34:16 +0000 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: <7d399906-36a1-c480-2edf-570d286526ab@wisemo.com> References: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> <7d399906-36a1-c480-2edf-570d286526ab@wisemo.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, March 09, 2017 19:05 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow First, note my original calculation was wrong - I was thinking the counter was 64 bits. In fact the nonce is 64 bits, and the counter is 32. So even if you only generate one packet per millisecond, you could wrap in under 50 days. Can you send a packet per millisecond? Let's assume Ethernet framing, TCP, and IPv4. That's 64 bytes of overhead. TLS adds around 45 bytes of overhead to each packet. I can't be bothered to check now, but let's assume you can send a TLS packet with no application data, so that's 109 bytes per packet. At one per millisecond that's 8.72e5 b/s, so network bandwith isn't a problem (we'll assume this is over a LAN). Can the receiver keep up? (We can't sustain the rate if the receiver's window keeps filling.) Let's hope so; the node's not much use if it can't keep up with its network interface. (Also assume we've disabled Nagle.) Now, 50 days is still a rather long-lived conversation. Maybe we can do one or two orders of magnitude better. We're still fine on bandwidth (for a LAN), so should still be OK on the receiver's stack as well. OpenSSL should be able to verify and decrypt 100,000 messages a second on modern hardware, I'd think; I've never bothered to benchmark that, but it can certainly do the individual operations much faster. So now we're down to about 11 hours. At this point we seem to have a legitimate concern; not for every application, but for some, certainly. I haven't looked to see what the RFC says about AES with GCM combining and what measures implementations should take to avoid the counter wrapping. In any case, my apologies to Akshar Kanak. (And, of course, I may have bungled my back-of-the-envelope calculations again...) > But if the starting value is random, the number of increments > before overflow or wrap will be random too (and could > hypothetically, but rarely, be as little as 1). It should be computed modulo 2**32 (i.e. as an unsigned 64-bit integer). It's not overflow or wrapping past the maximum value that would be a problem; it's wrapping all the way back around so a value is repeated. I note that the recently revealed CIA guidelines for using cryptography (part of Year Zero) say the counter should always start at 0. (The explicit nonce is supposed to avoid ever using the same IV twice with a given key in GCM.) > Anyway, I thought TLS records were limited to slightly more than > 16K each, so the in-record block counter would not count very far. Perhaps it's too late, or perhaps I'm just being dense, but I'm not sure what you're getting at with this. RFC 5246 says the TLSv1.2 record sequence number is a 64-bit value, that it starts at 0, and that if it would wrap you have to renegotiate (or start another six-hundred-year conversation, I guess). Probably I'm just misunderstanding your point here though. Michael Wojcik Distinguished Engineer, Micro Focus From jb-openssl at wisemo.com Fri Mar 10 04:42:45 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Fri, 10 Mar 2017 05:42:45 +0100 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: References: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> <7d399906-36a1-c480-2edf-570d286526ab@wisemo.com> Message-ID: On 10/03/2017 04:34, Michael Wojcik wrote: >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >> Of Jakob Bohm >> Sent: Thursday, March 09, 2017 19:05 >> To: openssl-users at openssl.org >> Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow > First, note my original calculation was wrong - I was thinking the counter was 64 bits. In fact the nonce is 64 bits, and the counter is 32. So even if you only generate one packet per millisecond, you could wrap in under 50 days. > > Can you send a packet per millisecond? Let's assume Ethernet framing, TCP, and IPv4. That's 64 bytes of overhead. TLS adds around 45 bytes of overhead to each packet. I can't be bothered to check now, but let's assume you can send a TLS packet with no application data, so that's 109 bytes per packet. At one per millisecond that's 8.72e5 b/s, so network bandwith isn't a problem (we'll assume this is over a LAN). Can the receiver keep up? (We can't sustain the rate if the receiver's window keeps filling.) Let's hope so; the node's not much use if it can't keep up with its network interface. (Also assume we've disabled Nagle.) > > Now, 50 days is still a rather long-lived conversation. Maybe we can do one or two orders of magnitude better. We're still fine on bandwidth (for a LAN), so should still be OK on the receiver's stack as well. OpenSSL should be able to verify and decrypt 100,000 messages a second on modern hardware, I'd think; I've never bothered to benchmark that, but it can certainly do the individual operations much faster. > > So now we're down to about 11 hours. At this point we seem to have a legitimate concern; not for every application, but for some, certainly. > > I haven't looked to see what the RFC says about AES with GCM combining and what measures implementations should take to avoid the counter wrapping. In any case, my apologies to Akshar Kanak. (And, of course, I may have bungled my back-of-the-envelope calculations again...) > >> But if the starting value is random, the number of increments >> before overflow or wrap will be random too (and could >> hypothetically, but rarely, be as little as 1). > It should be computed modulo 2**32 (i.e. as an unsigned 64-bit integer). It's not overflow or wrapping past the maximum value that would be a problem; it's wrapping all the way back around so a value is repeated. But that's not what you asked, and doing circular mod 2**bitsize is a good solution as long as you don't go full circle. > I note that the recently revealed CIA guidelines for using cryptography (part of Year Zero) say the counter should always start at 0. (The explicit nonce is supposed to avoid ever using the same IV twice with a given key in GCM.) I assumed the counter started at 0 for each record and the 64 bit value was the one incremented. >> Anyway, I thought TLS records were limited to slightly more than >> 16K each, so the in-record block counter would not count very far. > Perhaps it's too late, or perhaps I'm just being dense, but I'm not sure what you're getting at with this. > > RFC 5246 says the TLSv1.2 record sequence number is a 64-bit value, that it starts at 0, and that if it would wrap you have to renegotiate (or start another six-hundred-year conversation, I guess). > > Probably I'm just misunderstanding your point here though. I seem to recall (I haven't looked at GCM details in years) that the 128 bit value is incremented for each 128 bit block of plaintext, plus once more for the mac-like tag. From this I assumed the 32 bit field was the per-128-bit counter and the 64 bit field you asked about was the per-record counter. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From Jochen.Bern at binect.de Fri Mar 10 11:58:24 2017 From: Jochen.Bern at binect.de (Jochen Bern) Date: Fri, 10 Mar 2017 12:58:24 +0100 Subject: [openssl-users] scripting creating a cert In-Reply-To: References: Message-ID: <54ed6a10-5815-b26e-00b9-2fb1d0ecb457@binect.de> On 03/10/2017 01:10 AM, openssl-users-request at openssl.org digested: > Thing is that this then prompts for a number of fields: [...] > Is there some 'simple' way to provide these answers? Like with env > variables? Yes, and as others have already pointed out, there's also the possibility of command line parameters given to OpenSSL. A publicly available set of scripts that makes heavy use of the env var method and might serve as an example would be easyRSA (here, version 3): > # grep EASYRSA_REQ_ openssl-1.0.cnf > commonName_default = $ENV::EASYRSA_REQ_CN > countryName_default = $ENV::EASYRSA_REQ_COUNTRY > stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE > localityName_default = $ENV::EASYRSA_REQ_CITY > 0.organizationName_default = $ENV::EASYRSA_REQ_ORG > organizationalUnitName_default = $ENV::EASYRSA_REQ_OU > commonName_default = $ENV::EASYRSA_REQ_CN > emailAddress_default = $ENV::EASYRSA_REQ_EMAIL > # grep EASYRSA_REQ_ easyrsa | grep -v ';;' > [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" > [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1" > EASYRSA_REQ_CN="$name" > set_var EASYRSA_REQ_COUNTRY "US" > set_var EASYRSA_REQ_PROVINCE "California" > set_var EASYRSA_REQ_CITY "San Francisco" > set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" > set_var EASYRSA_REQ_EMAIL me at example.net > set_var EASYRSA_REQ_OU "My Organizational Unit" > set_var EASYRSA_REQ_CN ChangeMe https://github.com/OpenVPN/easy-rsa Kind regards, -- Jochen Bern Systemingenieur -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4278 bytes Desc: S/MIME Cryptographic Signature URL: From rgm at htt-consult.com Fri Mar 10 13:24:57 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 10 Mar 2017 08:24:57 -0500 Subject: [openssl-users] scripting creating a cert In-Reply-To: <54ed6a10-5815-b26e-00b9-2fb1d0ecb457@binect.de> References: <54ed6a10-5815-b26e-00b9-2fb1d0ecb457@binect.de> Message-ID: <709e17e7-f1dd-6c22-dfef-63cff87ab0d0@htt-consult.com> Very nice. But this looks like it as part of the whole easyRSA effort, not something I can easily feed into the openssl command to create the cert. It would take a fair bit of digging to dig out what I need for now. Definitely something I will look into soon, as providing a simple PKI for a small installation has long been on my list. But the effort name is limiting. What about ECDSA and EDDSA certs? :) On 03/10/2017 06:58 AM, Jochen Bern wrote: > On 03/10/2017 01:10 AM, openssl-users-request at openssl.org digested: >> Thing is that this then prompts for a number of fields: > [...] >> Is there some 'simple' way to provide these answers? Like with env >> variables? > Yes, and as others have already pointed out, there's also the > possibility of command line parameters given to OpenSSL. > > A publicly available set of scripts that makes heavy use of the env var > method and might serve as an example would be easyRSA (here, version 3): > >> # grep EASYRSA_REQ_ openssl-1.0.cnf >> commonName_default = $ENV::EASYRSA_REQ_CN >> countryName_default = $ENV::EASYRSA_REQ_COUNTRY >> stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE >> localityName_default = $ENV::EASYRSA_REQ_CITY >> 0.organizationName_default = $ENV::EASYRSA_REQ_ORG >> organizationalUnitName_default = $ENV::EASYRSA_REQ_OU >> commonName_default = $ENV::EASYRSA_REQ_CN >> emailAddress_default = $ENV::EASYRSA_REQ_EMAIL >> # grep EASYRSA_REQ_ easyrsa | grep -v ';;' >> [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" >> [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1" >> EASYRSA_REQ_CN="$name" >> set_var EASYRSA_REQ_COUNTRY "US" >> set_var EASYRSA_REQ_PROVINCE "California" >> set_var EASYRSA_REQ_CITY "San Francisco" >> set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" >> set_var EASYRSA_REQ_EMAIL me at example.net >> set_var EASYRSA_REQ_OU "My Organizational Unit" >> set_var EASYRSA_REQ_CN ChangeMe > https://github.com/OpenVPN/easy-rsa > > Kind regards, > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Fri Mar 10 14:55:54 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 10 Mar 2017 14:55:54 +0000 Subject: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow In-Reply-To: References: <2c539e663d554fb69e0138af2c454b4d@usma1ex-dag1mb1.msg.corp.akamai.com> <7d399906-36a1-c480-2edf-570d286526ab@wisemo.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, March 09, 2017 21:43 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow > > I seem to recall (I haven't looked at GCM details in years) that > the 128 bit value is incremented for each 128 bit block of plaintext, > plus once more for the mac-like tag. I'll have to check the spec myself; I haven't read it in years either. > From this I assumed the 32 bit field was the per-128-bit counter and the > 64 bit field you asked about was the per-record counter. A minor correction - it wasn't my question. I had followed up after Rich's initial reply. But no matter; it's a discussion now. Thanks, Michael Wojcik Distinguished Engineer, Micro Focus From tantalum73 at gmail.com Fri Mar 10 20:42:01 2017 From: tantalum73 at gmail.com (Ta Chen) Date: Fri, 10 Mar 2017 15:42:01 -0500 Subject: [openssl-users] using OpenSSL on Android Message-ID: <034a01d299de$c5e4eeb0$51aecc10$@gmail.com> Hi, I am trying to write a JAVA program to establish a TLS client connection to a server using openssl FIPS object module on an Android platform. I understand on a high level that I will have to build the FIPS module and write a JNI wrapper to allow the openssl routines to be invoked from JAVA and pass results back. But I am not quite clear about the specifics. In particular, since the private key cannot be extracted in JAVA, how does one give openssl the necessary key materials to use in the TLS handshaking? Do I have to go into the handshaking process and graft the the JAVA part into it? Any help will be appreciated. Thanks Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From ethan.rahn at gmail.com Fri Mar 10 20:58:41 2017 From: ethan.rahn at gmail.com (Ethan Rahn) Date: Fri, 10 Mar 2017 12:58:41 -0800 Subject: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs Message-ID: Hello Openssl-users, I'm trying to write some code that derives the shared secret for 2 elliptic curve keys ( i.e. does ECDH ) I am doing the following to load up both the local and remote EC key ( code shown for local side ): EC_KEY* localEC = EC_KEY_new_by_curve_name( curveName ); EC_KEY_set_private_key( localEC, privateKeyLocal ) EC_KEY_set_public_key_affine_coordinates( localEC, publicXCoordLocal, publicYCoordLocal ) I check the return values for all of these, as well as EC_KEY_check_key at the end. Everything returns non-zero, so I assume that it is good to go. I then do the following to turn the EC_KEY into an EVP_PKEY for ECDH: pkey = EVP_PKEY_new(); EVP_PKEY_set1_EC_KEY( *pkey, localEC ); The same is done for the remote EC, except that the private key is not loaded up. Now this is where things get weird. I run code pretty similar to the example given here ( starting from EVP_PKEY_CTX_new() since I already have the pkey and peerkey. ( https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman ) and it fails on the call to EVP_PKEY_derive()without an error message. I tried running into under gdb() and it gets to ecdh_check() before it's unable to fill in the ecdh_data structure, i.e. it returns it as NULL. If I use the example code to generate the local EVP_PKEY with a random set of points on the correct curve, then run the following line, the key derivation will work with the parameters I read in: ( in this example, pkey is as in the example code, i.e. generated randomly. pkey2 is the one I made via EVP_PKEY_set1_EC_KEY ) EVP_PKEY_set1_EC_KEY( pkey, EVP_PKEY_get1_EC_KEY( pkey2 ) ); It would appear that there is something that EVP_PKEY_set1_EC_KEY is not setting, or perhaps that I need to add, but I'm unclear what that would be. Does anyone on this list have any ideas? Much thanks, Ethan -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Mar 10 21:44:29 2017 From: matt at openssl.org (Matt Caswell) Date: Fri, 10 Mar 2017 21:44:29 +0000 Subject: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs In-Reply-To: References: Message-ID: <2ef2d91b-75c6-8e33-fcf3-8a85810cc00d@openssl.org> On 10/03/17 20:58, Ethan Rahn wrote: > Hello Openssl-users, > > I'm trying to write some code that derives the shared secret for 2 > elliptic curve keys ( i.e. does ECDH ) > > I am doing the following to load up both the local and remote EC key ( > code shown for local side ): > > EC_KEY* localEC = EC_KEY_new_by_curve_name( curveName ); > EC_KEY_set_private_key( localEC, privateKeyLocal ) > EC_KEY_set_public_key_affine_coordinates( localEC, publicXCoordLocal, > publicYCoordLocal ) > > I check the return values for all of these, as well as EC_KEY_check_key > at the end. Everything returns non-zero, so I assume that it is good to > go. I then do the following to turn the EC_KEY into an EVP_PKEY for ECDH: > > pkey = EVP_PKEY_new(); > EVP_PKEY_set1_EC_KEY( *pkey, localEC ); > > The same is done for the remote EC, except that the private key is not > loaded up. > > Now this is where things get weird. > > I run code pretty similar to the example given here ( starting from > EVP_PKEY_CTX_new() since I already have the pkey and peerkey. ( > https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman ) and > it fails on the call to EVP_PKEY_derive()without an error message. I > tried running into under gdb() and it gets to ecdh_check() before it's > unable to fill in the ecdh_data structure, i.e. it returns it as NULL. > > If I use the example code to generate the local EVP_PKEY with a random > set of points on the correct curve, then run the following line, the key > derivation will work with the parameters I read in: > ( in this example, pkey is as in the example code, i.e. generated > randomly. pkey2 is the one I made via EVP_PKEY_set1_EC_KEY ) > > EVP_PKEY_set1_EC_KEY( pkey, EVP_PKEY_get1_EC_KEY( pkey2 ) ); > > It would appear that there is something that EVP_PKEY_set1_EC_KEY is not > setting, or perhaps that I need to add, but I'm unclear what that would > be. Does anyone on this list have any ideas? Which version of OpenSSL are you using? Can you provide a simple reproducer of the problem? Matt From brian at virtru.com Fri Mar 10 22:40:21 2017 From: brian at virtru.com (Brian Jost) Date: Fri, 10 Mar 2017 15:40:21 -0700 Subject: [openssl-users] fips_premain arch invalid Message-ID: I have updated my iOS scripts to build for all archs now using the latest fips-2.0.14 and openssl-1.1.0e. Before I was using 1.0.2h I believe and fips-2.0.12 and didn't have armv7s support added. I needed to add it so I upgrade and adjusted my script accordingly https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c This works great, however I now get an error when building my application in xcode. Undefined symbols for architecture armv7: "_FIPS_text_start", referenced from: _FINGERPRINT_premain in fips_premain.o "_FIPS_signature", referenced from: _FINGERPRINT_premain in fips_premain.o +[VTFipsInfo getEmbeddedFingerprint] in VTFipsInfo.o "_FIPS_incore_fingerprint", referenced from: _FINGERPRINT_premain in fips_premain.o +[VTFipsInfo getExpectedFingerprint] in VTFipsInfo.o ld: symbol(s) not found for architecture armv7 VTFipsInfo.o is my objective-c files that get if FIPS is enabled and gets the hashes to display to the end user. If I try this on our buildkite server it replaces armv7 with x86_64. However running lipo --info on my libssl and libcrypt.a returns Architectures in the fat file: libssl.a are: armv7 i386 armv7s x86_64 arm64 Architectures in the fat file: libcrypto.a are: armv7 i386 armv7s x86_64 arm64 My valid architectures in xcode are armv7, armv7s and armv64. Before I upgraded my openssl and added armv7s support, this wasn't an issue. Any ideas how to fix this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From doctor at doctor.nl2k.ab.ca Sat Mar 11 06:38:06 2017 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Fri, 10 Mar 2017 23:38:06 -0700 Subject: [openssl-users] Openssl 1.0.2 snap STABLE 20170311 issue Message-ID: <20170311063806.GA39422@doctor.nl2k.ab.ca> Script started on Fri Mar 10 23:31:39 2017 You have mail. root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170311 # make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/srp... making all in crypto/store... making all in crypto/cmac... if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi `libcrypto.so.1.0.0' is up to date. making all in engines... echo making all in engines/ccgost... making all in ssl... /usr/local/bin/clang39 -I../crypto -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c ssl_rsa.c -o ssl_rsa.o ssl_rsa.c:105:46: error: no member named 'default_passwd_callback' in 'struct ssl_st' x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback, ~~~ ^ ssl_rsa.c:106:36: error: no member named 'default_passwd_callback_userdata' in 'struct ssl_st' ssl->default_passwd_callback_userdata); ~~~ ^ ssl_rsa.c:264:47: error: no member named 'default_passwd_callback' in 'struct ssl_st' ssl->default_passwd_callback, ~~~ ^ ssl_rsa.c:265:47: error: no member named 'default_passwd_callback_userdata' in 'struct ssl_st' ssl->default_passwd_callback_userdata); ~~~ ^ ssl_rsa.c:337:45: error: no member named 'default_passwd_callback' in 'struct ssl_st' ssl->default_passwd_callback, ~~~ ^ ssl_rsa.c:338:45: error: no member named 'default_passwd_callback_userdata' in 'struct ssl_st' ssl->default_passwd_callback_userdata); ~~~ ^ 6 errors generated. *** Error code 1 Stop. make[1]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170311/ssl *** Error code 1 Stop. make: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170311 root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170311 # exit exit Script done on Fri Mar 10 23:36:32 2017 Please fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism God is dead! Yahweh lives! Jesus his only begotten Son is the Risen Saviour!! From levitte at openssl.org Sat Mar 11 10:28:01 2017 From: levitte at openssl.org (Richard Levitte) Date: Sat, 11 Mar 2017 11:28:01 +0100 (CET) Subject: [openssl-users] [openssl-dev] Openssl 1.0.2 snap STABLE 20170311 issue In-Reply-To: <20170311063806.GA39422@doctor.nl2k.ab.ca> References: <20170311063806.GA39422@doctor.nl2k.ab.ca> Message-ID: <20170311.112801.1371123433919726889.levitte@openssl.org> Fixed: commit 6fe43af8d77b119f8af913c284149bca482ee58c Author: Richard Levitte Date: Sat Mar 11 11:19:20 2017 +0100 Revert "Use the callbacks from the SSL object instead of the SSL_CTX object" This shouldn't have been applied to the 1.0.2 branch. This reverts commit 5247c0388610bfdcc8f44b777d75ab681120753d. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/2907) Cheers, Richard In message <20170311063806.GA39422 at doctor.nl2k.ab.ca> on Fri, 10 Mar 2017 23:38:06 -0700, The Doctor said: doctor> doctor> Script started on Fri Mar 10 23:31:39 2017 doctor> You have mail. doctor> root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170311 # make doctor> doctor> making all in crypto... doctor> making all in crypto/objects... doctor> making all in crypto/md4... doctor> making all in crypto/md5... doctor> making all in crypto/sha... doctor> making all in crypto/mdc2... doctor> making all in crypto/hmac... doctor> making all in crypto/ripemd... doctor> making all in crypto/whrlpool... doctor> making all in crypto/des... doctor> making all in crypto/aes... doctor> making all in crypto/rc2... doctor> making all in crypto/rc4... doctor> making all in crypto/idea... doctor> making all in crypto/bf... doctor> making all in crypto/cast... doctor> making all in crypto/camellia... doctor> making all in crypto/seed... doctor> making all in crypto/modes... doctor> making all in crypto/bn... doctor> making all in crypto/ec... doctor> making all in crypto/rsa... doctor> making all in crypto/dsa... doctor> making all in crypto/ecdsa... doctor> making all in crypto/dh... doctor> making all in crypto/ecdh... doctor> making all in crypto/dso... doctor> making all in crypto/engine... doctor> making all in crypto/buffer... doctor> making all in crypto/bio... doctor> making all in crypto/stack... doctor> making all in crypto/lhash... doctor> making all in crypto/rand... doctor> making all in crypto/err... doctor> making all in crypto/evp... doctor> making all in crypto/asn1... doctor> making all in crypto/pem... doctor> making all in crypto/x509... doctor> making all in crypto/x509v3... doctor> making all in crypto/conf... doctor> making all in crypto/txt_db... doctor> making all in crypto/pkcs7... doctor> making all in crypto/pkcs12... doctor> making all in crypto/comp... doctor> making all in crypto/ocsp... doctor> making all in crypto/ui... doctor> making all in crypto/krb5... doctor> making all in crypto/cms... doctor> making all in crypto/pqueue... doctor> making all in crypto/ts... doctor> making all in crypto/jpake... doctor> making all in crypto/srp... doctor> making all in crypto/store... doctor> making all in crypto/cmac... doctor> if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi doctor> `libcrypto.so.1.0.0' is up to date. doctor> making all in engines... doctor> echo doctor> doctor> making all in engines/ccgost... doctor> making all in ssl... doctor> /usr/local/bin/clang39 -I../crypto -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c ssl_rsa.c -o ssl_rsa.o doctor> ssl_rsa.c:105:46: error: no member named 'default_passwd_callback' in doctor> 'struct ssl_st' doctor> x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback, doctor> ~~~ ^ doctor> ssl_rsa.c:106:36: error: no member named 'default_passwd_callback_userdata' in doctor> 'struct ssl_st' doctor> ssl->default_passwd_callback_userdata); doctor> ~~~ ^ doctor> ssl_rsa.c:264:47: error: no member named 'default_passwd_callback' in doctor> 'struct ssl_st' doctor> ssl->default_passwd_callback, doctor> ~~~ ^ doctor> ssl_rsa.c:265:47: error: no member named 'default_passwd_callback_userdata' in doctor> 'struct ssl_st' doctor> ssl->default_passwd_callback_userdata); doctor> ~~~ ^ doctor> ssl_rsa.c:337:45: error: no member named 'default_passwd_callback' in doctor> 'struct ssl_st' doctor> ssl->default_passwd_callback, doctor> ~~~ ^ doctor> ssl_rsa.c:338:45: error: no member named 'default_passwd_callback_userdata' in doctor> 'struct ssl_st' doctor> ssl->default_passwd_callback_userdata); doctor> ~~~ ^ doctor> 6 errors generated. doctor> *** Error code 1 doctor> doctor> Stop. doctor> make[1]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170311/ssl doctor> *** Error code 1 doctor> doctor> Stop. doctor> make: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170311 doctor> root at doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170311 # exit doctor> doctor> exit doctor> doctor> Script done on Fri Mar 10 23:36:32 2017 doctor> doctor> Please fix. doctor> doctor> -- doctor> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca doctor> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! doctor> http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism doctor> God is dead! Yahweh lives! Jesus his only begotten Son is the Risen Saviour!! doctor> -- doctor> openssl-dev mailing list doctor> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev doctor> From sisyphus1 at optusnet.com.au Sat Mar 11 11:21:05 2017 From: sisyphus1 at optusnet.com.au (sisyphus1 at optusnet.com.au) Date: Sat, 11 Mar 2017 22:21:05 +1100 Subject: [openssl-users] mingw 64-bit build of 1.1.0e Message-ID: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> Hi, Having a spot of bother trying to build a static openssl-1.1.0e using a mingw-w64 64-bit compiler - namely, gcc version 6.3.0 (x86_64-posix-sjlj-rev1, Built by MinGW-W64 project). In the msys2 shell, I run: ./config no-shared zlib -IC:/_64/msys_630/1.0/local/include -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local && make && make test && make install Works beautifully ... except that libssl.a and libcrypto.a turn out to be 32-bit builds !! That is, the built library works fine with the same vendor's 32-bit compiler (gcc version 6.3.0 (i686-posix-sjlj-rev1, Built by MinGW-W64 project)), but the x64 compiler that built the damned things regards them as incompatible. I'm thinking that I just need to specify an -m64 switch in there. How do I do that ? I did try adding the 'os/compiler:mingw64' to the ./config args, but that resulted in: $ ./config no-shared zlib -IC:/_64/msys_630/1.0/local/include -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local os/compiler:mingw64 && make && make test && make install Operating system: x86_64-whatever-mingw Configuring for mingw Configuring OpenSSL version 1.1.0e (0x1010005fL) target already defined - mingw (offending arg: os/compiler:mingw64) Having spent quite a few hours just getting to this diagnosis, I've now settled for simply asking the dumb question. (Sorry.) Cheers, Rob From ethan.rahn at gmail.com Sat Mar 11 18:38:14 2017 From: ethan.rahn at gmail.com (Ethan Rahn) Date: Sat, 11 Mar 2017 10:38:14 -0800 Subject: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs In-Reply-To: <2ef2d91b-75c6-8e33-fcf3-8a85810cc00d@openssl.org> References: <2ef2d91b-75c6-8e33-fcf3-8a85810cc00d@openssl.org> Message-ID: Hey Matt, I'm using openssl-1.0.2j to do this. After a lot of debugging and poking around, I realized that my initial thoughts were not quite correct. Somewhere in trying to come up with an example, I noticed that the problem actually appears to be the buffer I am passing in.. If I use a char array, it will fail to derive the shared secret, if I use a char* it will succeed. I'm not quite sure what is going on there, but I have some code below that shows the issue: static int deriveSharedSecret( EVP_PKEY *pkey, EVP_PKEY *peerkey, char *sharedSecretHex ){ /* * Generalized function to derive shared secret and return the hex format of it. */ unsigned char sharedSecret[ 4096 ] = {0}; size_t sharedSecretLen = 0; // Now derive the Shared Secret EVP_PKEY_CTX *ctx; ctx = EVP_PKEY_CTX_new(pkey, NULL); if (!ctx){ fprintf( stderr, "Failed to make EVP_PKEY ctx\n" ); ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); return 0; } if (EVP_PKEY_derive_init(ctx) <= 0){ fprintf( stderr, "Failed to init EVP_PKEY ctx\n" ); ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); return 0; } if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) { fprintf( stderr, "Failed to set EVP_PKEY peer\n" ); ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); return 0; } int secretLen = 2048; unsigned char *skey; /* Create the buffer */ if(NULL == (skey = OPENSSL_malloc(secretLen))){ fprintf( stderr, "Failed to malloc buffer for secret\n" ); return; } /* Derive the shared secret */ if(1 != (EVP_PKEY_derive(ctx, skey, &secretLen))){ fprintf( stderr, "Failed to derive secret and place into buffer\n" ); return; } else { fprintf( stderr, "Found the darn secret!\n" ); } if (EVP_PKEY_derive(ctx, sharedSecret, &sharedSecretLen) <= 0){ fprintf( stderr, "Failed to derive shared secret\n" ); ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); return 0; } else { fprintf( stderr, "FOUND IT!!!!!\n" ); } bin2hex( sharedSecret, sharedSecretHex, sharedSecretLen ); return 1; } On Fri, Mar 10, 2017 at 1:44 PM, Matt Caswell wrote: > > > On 10/03/17 20:58, Ethan Rahn wrote: > > Hello Openssl-users, > > > > I'm trying to write some code that derives the shared secret for 2 > > elliptic curve keys ( i.e. does ECDH ) > > > > I am doing the following to load up both the local and remote EC key ( > > code shown for local side ): > > > > EC_KEY* localEC = EC_KEY_new_by_curve_name( curveName ); > > EC_KEY_set_private_key( localEC, privateKeyLocal ) > > EC_KEY_set_public_key_affine_coordinates( localEC, publicXCoordLocal, > > publicYCoordLocal ) > > > > I check the return values for all of these, as well as EC_KEY_check_key > > at the end. Everything returns non-zero, so I assume that it is good to > > go. I then do the following to turn the EC_KEY into an EVP_PKEY for ECDH: > > > > pkey = EVP_PKEY_new(); > > EVP_PKEY_set1_EC_KEY( *pkey, localEC ); > > > > The same is done for the remote EC, except that the private key is not > > loaded up. > > > > Now this is where things get weird. > > > > I run code pretty similar to the example given here ( starting from > > EVP_PKEY_CTX_new() since I already have the pkey and peerkey. ( > > https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman ) and > > it fails on the call to EVP_PKEY_derive()without an error message. I > > tried running into under gdb() and it gets to ecdh_check() before it's > > unable to fill in the ecdh_data structure, i.e. it returns it as NULL. > > > > If I use the example code to generate the local EVP_PKEY with a random > > set of points on the correct curve, then run the following line, the key > > derivation will work with the parameters I read in: > > ( in this example, pkey is as in the example code, i.e. generated > > randomly. pkey2 is the one I made via EVP_PKEY_set1_EC_KEY ) > > > > EVP_PKEY_set1_EC_KEY( pkey, EVP_PKEY_get1_EC_KEY( pkey2 ) ); > > > > It would appear that there is something that EVP_PKEY_set1_EC_KEY is not > > setting, or perhaps that I need to add, but I'm unclear what that would > > be. Does anyone on this list have any ideas? > > Which version of OpenSSL are you using? > > Can you provide a simple reproducer of the problem? > > Matt > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Sat Mar 11 20:28:41 2017 From: matt at openssl.org (Matt Caswell) Date: Sat, 11 Mar 2017 20:28:41 +0000 Subject: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs In-Reply-To: References: <2ef2d91b-75c6-8e33-fcf3-8a85810cc00d@openssl.org> Message-ID: <619c9426-7ab0-73da-3041-a454b610134c@openssl.org> On 11/03/17 18:38, Ethan Rahn wrote: > size_t sharedSecretLen = 0; Set this to sizeof(sharedSecret). > > // Now derive the Shared Secret > EVP_PKEY_CTX *ctx; > > ctx = EVP_PKEY_CTX_new(pkey, NULL); > if (!ctx){ > fprintf( stderr, "Failed to make EVP_PKEY ctx\n" ); > ERR_load_crypto_strings(); This should be called once at the start of your program - *before* any calls that might generate an error. > if (EVP_PKEY_derive(ctx, sharedSecret, &sharedSecretLen) <= 0){ >From the EVP_PKEY_derive documentation: https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive.html "If key is not NULL then before the call the keylen parameter should contain the length of the key buffer, if the call is successful the shared secret is written to key and the amount of data written to keylen." Matt From ethan.rahn at gmail.com Sat Mar 11 20:47:58 2017 From: ethan.rahn at gmail.com (Ethan Rahn) Date: Sat, 11 Mar 2017 12:47:58 -0800 Subject: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs In-Reply-To: <619c9426-7ab0-73da-3041-a454b610134c@openssl.org> References: <2ef2d91b-75c6-8e33-fcf3-8a85810cc00d@openssl.org> <619c9426-7ab0-73da-3041-a454b610134c@openssl.org> Message-ID: Wow, That was quite the oversight of mine. That fixed the issue. Thanks so much, I appreciate your patience in dealing with my confusion over the APIs! Cheers, Ethan On Sat, Mar 11, 2017 at 12:28 PM, Matt Caswell wrote: > > > On 11/03/17 18:38, Ethan Rahn wrote: > > size_t sharedSecretLen = 0; > > Set this to sizeof(sharedSecret). > > > > > // Now derive the Shared Secret > > EVP_PKEY_CTX *ctx; > > > > ctx = EVP_PKEY_CTX_new(pkey, NULL); > > if (!ctx){ > > fprintf( stderr, "Failed to make EVP_PKEY ctx\n" ); > > ERR_load_crypto_strings(); > > This should be called once at the start of your program - *before* any > calls that might generate an error. > > > if (EVP_PKEY_derive(ctx, sharedSecret, &sharedSecretLen) <= 0){ > > From the EVP_PKEY_derive documentation: > > https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_derive.html > > "If key is not NULL then before the call the keylen parameter should > contain the length of the key buffer, if the call is successful the > shared secret is written to key and the amount of data written to keylen." > > Matt > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sisyphus1 at optusnet.com.au Sun Mar 12 00:06:35 2017 From: sisyphus1 at optusnet.com.au (sisyphus1 at optusnet.com.au) Date: Sun, 12 Mar 2017 11:06:35 +1100 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> Message-ID: -----Original Message----- From: sisyphus1 at optusnet.com.au Sent: Saturday, March 11, 2017 10:21 PM To: openssl-users at openssl.org Subject: [openssl-users] mingw 64-bit build of 1.1.0e > In the msys2 shell, I run: > > ./config no-shared > zlib -IC:/_64/msys_630/1.0/local/include -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local > && make && make test && make install > > Works beautifully ... except that libssl.a and libcrypto.a turn out to be > 32-bit builds !! > That is, the built library works fine with the same vendor's 32-bit > compiler (gcc version 6.3.0 (i686-posix-sjlj-rev1, Built by MinGW-W64 > project)), but the x64 compiler that built the damned things regards them > as incompatible. > > I'm thinking that I just need to specify an -m64 switch in there. How do I > do that ? After another couple of hours fossicking about, I did it by firstly setting the CC environment variable to 'gcc -m64'. (I would normally do that by specifying 'CC="gcc -m64"' as part of the ./config command, but ./config found that to be objectionable, so I pre-set it in a separate command prior to running ./config.) And I added '-m64' as a ./config arg. I don't know if *both* of those steps were necessary, but it did the trick. Disconcertingly, the summary at the end of ./config still announces "THIRTY_TWO_BIT mode" but, at the end of the build, I definitely have the X64 libraries that I wanted. Cheers, Rob From matt at openssl.org Sun Mar 12 00:13:57 2017 From: matt at openssl.org (Matt Caswell) Date: Sun, 12 Mar 2017 00:13:57 +0000 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> Message-ID: On 12/03/17 00:06, sisyphus1 at optusnet.com.au wrote: > -----Original Message----- From: sisyphus1 at optusnet.com.au > Sent: Saturday, March 11, 2017 10:21 PM > To: openssl-users at openssl.org > Subject: [openssl-users] mingw 64-bit build of 1.1.0e > >> In the msys2 shell, I run: >> >> ./config no-shared zlib -IC:/_64/msys_630/1.0/local/include >> -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local && >> make && make test && make install >> >> Works beautifully ... except that libssl.a and libcrypto.a turn out to >> be 32-bit builds !! >> That is, the built library works fine with the same vendor's 32-bit >> compiler (gcc version 6.3.0 (i686-posix-sjlj-rev1, Built by MinGW-W64 >> project)), but the x64 compiler that built the damned things regards >> them as incompatible. >> >> I'm thinking that I just need to specify an -m64 switch in there. How >> do I do that ? > > After another couple of hours fossicking about, I did it by firstly > setting the CC environment variable to 'gcc -m64'. (I would normally do > that by specifying 'CC="gcc -m64"' as part of the ./config command, but > ./config found that to be objectionable, so I pre-set it in a separate > command prior to running ./config.) > And I added '-m64' as a ./config arg. > > I don't know if *both* of those steps were necessary, but it did the trick. > > Disconcertingly, the summary at the end of ./config still announces > "THIRTY_TWO_BIT mode" but, at the end of the build, I definitely have > the X64 libraries that I wanted. Did you just try: perl Configure mingw64 no-shared zlib Matt From sisyphus1 at optusnet.com.au Sun Mar 12 02:18:39 2017 From: sisyphus1 at optusnet.com.au (sisyphus1 at optusnet.com.au) Date: Sun, 12 Mar 2017 13:18:39 +1100 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> Message-ID: <48187B2179B1447EBAB01B229C060684@OwnerPC311012> -----Original Message----- From: Matt Caswell Sent: Sunday, March 12, 2017 11:13 AM To: openssl-users at openssl.org Subject: Re: [openssl-users] mingw 64-bit build of 1.1.0e > On 12/03/17 00:06, sisyphus1 at optusnet.com.au wrote: >> Disconcertingly, the summary at the end of ./config still announces >> "THIRTY_TWO_BIT mode" but, at the end of the build, I definitely have the >> X64 libraries that I wanted. > >Did you just try: > > perl Configure mingw64 no-shared zlib Aaah ... that looks better. I now get "SIXTY_FOUR_BIT mode". And I don't have to do 'no-asm' which (I forgot to mention) I had to do with my previous incantation. Also, I can clear the CC environment variable. I added '--prefix=C:/_64/msys_630/1.0/local' to ensure that the built library would be installed where I wanted it. That, too, worked fine. But where did it find libz ? I don't see anything in the command that will point to any of the libz installations that I know of. Thanks, Matt !! Cheers, Rob From levitte at openssl.org Sun Mar 12 04:25:37 2017 From: levitte at openssl.org (Richard Levitte) Date: Sun, 12 Mar 2017 05:25:37 +0100 (CET) Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> Message-ID: <20170312.052537.1356614519220878741.levitte@openssl.org> Just add -m64 on the config line, like this: ./config no-shared zlib -m64 -IC:/_64/msys_630/1.0/local/include \ -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local This is weird, though... what config target did you get when configuring? Ideally, you should have gotten 'mingw64', which already uses the -m64 flag, so what gives? If you show us the config output, maybe we can help you figure out what actually goes wrong... Cheers, Richard In message <947E3E0C7B5E4C5A97C3506B97EBC133 at OwnerPC311012> on Sat, 11 Mar 2017 22:21:05 +1100, said: sisyphus1> Hi, sisyphus1> sisyphus1> Having a spot of bother trying to build a static openssl-1.1.0e using sisyphus1> a sisyphus1> mingw-w64 64-bit compiler - namely, gcc version 6.3.0 sisyphus1> (x86_64-posix-sjlj-rev1, Built by MinGW-W64 project). sisyphus1> sisyphus1> In the msys2 shell, I run: sisyphus1> sisyphus1> ./config no-shared sisyphus1> zlib -IC:/_64/msys_630/1.0/local/include sisyphus1> -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local sisyphus1> && make && make test && make install sisyphus1> sisyphus1> Works beautifully ... except that libssl.a and libcrypto.a turn out to sisyphus1> be sisyphus1> 32-bit builds !! sisyphus1> That is, the built library works fine with the same vendor's 32-bit sisyphus1> compiler sisyphus1> (gcc version 6.3.0 (i686-posix-sjlj-rev1, Built by MinGW-W64 sisyphus1> project)), but sisyphus1> the x64 compiler that built the damned things regards them as sisyphus1> incompatible. sisyphus1> sisyphus1> I'm thinking that I just need to specify an -m64 switch in there. How sisyphus1> do I sisyphus1> do that ? sisyphus1> sisyphus1> I did try adding the 'os/compiler:mingw64' to the ./config args, but sisyphus1> that sisyphus1> resulted in: sisyphus1> sisyphus1> $ ./config no-shared sisyphus1> zlib -IC:/_64/msys_630/1.0/local/include sisyphus1> -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local sisyphus1> os/compiler:mingw64 && make && make test && make install sisyphus1> Operating system: x86_64-whatever-mingw sisyphus1> Configuring for mingw sisyphus1> Configuring OpenSSL version 1.1.0e (0x1010005fL) sisyphus1> target already defined - mingw (offending arg: os/compiler:mingw64) sisyphus1> sisyphus1> Having spent quite a few hours just getting to this diagnosis, I've sisyphus1> now sisyphus1> settled for simply asking the dumb question. sisyphus1> (Sorry.) sisyphus1> sisyphus1> Cheers, sisyphus1> Rob sisyphus1> sisyphus1> From sisyphus1 at optusnet.com.au Sun Mar 12 05:15:47 2017 From: sisyphus1 at optusnet.com.au (sisyphus1 at optusnet.com.au) Date: Sun, 12 Mar 2017 16:15:47 +1100 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <20170312.052537.1356614519220878741.levitte@openssl.org> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> <20170312.052537.1356614519220878741.levitte@openssl.org> Message-ID: <8CD5EEA9CC3F4643AAFC6D7DDF6EB449@OwnerPC311012> -----Original Message----- From: Richard Levitte Sent: Sunday, March 12, 2017 3:25 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] mingw 64-bit build of 1.1.0e > Just add -m64 on the config line, like this: > > ./config no-shared zlib -m64 -IC:/_64/msys_630/1.0/local/include \ > -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local > > This is weird, though... what config target did you get when configuring? > Ideally, you should have gotten 'mingw64', which already uses the -m64 > flag, so what gives? If you show us the config output, maybe we can help > you figure out what actually goes wrong... > Hi Richard, The command I originally tried was ./config no-shared zlib -IC:/_64/msys_630/1.0/local/include -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local For that command, the config is in the attached conf0.txt. If I add the '-m64' switch, then the output (see conf1.txt) changes very little. According to diff, the only change is the insertion of '-m64' in the "CFLAG" line. Having included the '-m64' switch, if I then proceed to run 'make', I very quickly get a long list of assembler error messages pertaining to push, pop, pushf and popf: crypto/aes/aes-586.s: Assembler messages: crypto/aes/aes-586.s:969: Error: invalid instruction suffix for `push' ... crypto/aes/aes-586.s:970: Error: invalid instruction suffix for `pop' ... crypto/aes/aes-586.s:2233: Error: invalid instruction suffix for `pushf' ... crypto/aes/aes-586.s:2350: Error: invalid instruction suffix for `popf' ... (Adding the no-asm switch to ./config works around that particular problem.) Matt suggested running 'perl Configure mingw64 no-shared zlib'. The config output for it is in the attached conf2.txt, and is much more in keeping with expectations. I'm quite happy to continue building openssl by running that perl command. I'm also happy to assist with investigating the problem that led to my original post. Cheers, Rob -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: conf0.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: conf1.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: conf2.txt URL: From sisyphus1 at optusnet.com.au Sun Mar 12 07:57:03 2017 From: sisyphus1 at optusnet.com.au (sisyphus1 at optusnet.com.au) Date: Sun, 12 Mar 2017 18:57:03 +1100 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <48187B2179B1447EBAB01B229C060684@OwnerPC311012> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> <48187B2179B1447EBAB01B229C060684@OwnerPC311012> Message-ID: <376FC8FDF8144B52B4905E5C9EE207C4@OwnerPC311012> -----Original Message----- From: sisyphus1 at optusnet.com.au >>Did you just try: >> >> perl Configure mingw64 no-shared zlib > Aaah ... that looks better. [snip] > But where did it find libz ? Heh ... this compiler ships with libz.a (x86_64-w64-mingw32/lib/libz.a). I don't know how long they've been doing that - probably for years. Remove (or rename) that file and 'make' fails because -lz can't be resolved. Cheers, Rob From levitte at openssl.org Sun Mar 12 11:58:06 2017 From: levitte at openssl.org (Richard Levitte) Date: Sun, 12 Mar 2017 12:58:06 +0100 (CET) Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <8CD5EEA9CC3F4643AAFC6D7DDF6EB449@OwnerPC311012> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> <20170312.052537.1356614519220878741.levitte@openssl.org> <8CD5EEA9CC3F4643AAFC6D7DDF6EB449@OwnerPC311012> Message-ID: <20170312.125806.131010014169874240.levitte@openssl.org> In message <8CD5EEA9CC3F4643AAFC6D7DDF6EB449 at OwnerPC311012> on Sun, 12 Mar 2017 16:15:47 +1100, said: sisyphus1> -----Original Message----- From: Richard Levitte sisyphus1> Sent: Sunday, March 12, 2017 3:25 PM sisyphus1> To: openssl-users at openssl.org sisyphus1> Subject: Re: [openssl-users] mingw 64-bit build of 1.1.0e sisyphus1> sisyphus1> > Just add -m64 on the config line, like this: sisyphus1> > sisyphus1> > ./config no-shared zlib -m64 -IC:/_64/msys_630/1.0/local/include \ sisyphus1> > -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local sisyphus1> > sisyphus1> > This is weird, though... what config target did you get when sisyphus1> > configuring? Ideally, you should have gotten 'mingw64', which already sisyphus1> > uses the -m64 flag, so what gives? If you show us the config output, sisyphus1> > maybe we can help you figure out what actually goes wrong... sisyphus1> > sisyphus1> sisyphus1> Hi Richard, sisyphus1> sisyphus1> The command I originally tried was sisyphus1> ./config no-shared zlib -IC:/_64/msys_630/1.0/local/include sisyphus1> -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local sisyphus1> sisyphus1> For that command, the config is in the attached conf0.txt. Thanks for the output, that explains to me what's happening. More precisely, these first two lines: Operating system: x86_64-whatever-mingw Configuring for mingw I just had a look in the script 'config', and learned that it doesn't do anything special with 'x86_64-whatever-mingw', except using its last part ('mingw') as the target to 'Configure'... which seems a bit wrong in my mind, as I would expect (like you've noticed yourself) that 'mingw64' would be a better target specifically on 'x86_64'. So it seems that the 'config' script is a bit lacking, and obviously unusable in a 64-bit mingw environment. Time for a fix, methinks. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From openssl-users at dukhovni.org Sun Mar 12 20:16:35 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sun, 12 Mar 2017 16:16:35 -0400 Subject: [openssl-users] [openssl-security] Removal of 3DES in 1.0.2 Version In-Reply-To: References: <9BE3802FCF53CE48AC59E463ED37258C01929C7C2C@TLVMBX1.verint.corp.verintsystems.com> Message-ID: <564159B6-B503-4DAF-AD45-AF0E892AD623@dukhovni.org> [ The openssl-security is for reporting security issues in OpenSSL. Answer redirected to openssl-users. ] > On Mar 12, 2017, at 3:55 PM, Oren Rosenmann wrote: > > As part of our software, we use OpenSSL 1.0.2 stream. > Due to Sweet32 attacks, security scanners are suggesting > upgrade to 1.1.0, despite the fact that we actually > disable 3DES ciphers in configuration. If you explicitly disable 3DES (in TLS) then you're not vulnerable to Sweet32, and security scanners should not be reporting Sweet32 exposure. > I wanted to ask if the same change done in 1.1.0 is > also planned sometime for 1.0.2 stream (i.e. disable > by default, not just change from High to Medium)? No. That's too big a change for a stable release, and the Sweet32 issue is not a practical issue for most users. It is a reason to walk not run away from 3DES. > https://www.openssl.org/blog/blog/2016/08/24/sweet32/ > > Also, is the change affecting only ciphers used for > communication? If we use DES to encrypt internal > data, is it also being blocked? Sweet32 is an attack on TLS in browsers, where attackers are able to inject known-plaintext traffic. It is not relevant to encryption of data at rest. That said, do migrate from 3DES to AES. The deprecation of ciphersuites from TLS does not affect the availability of the underlying cryptographic functions. The 3DES algorithm is still available in OpenSSL 1.1.0. You can still use 3DES with CMS, or "openssl enc", but don't forget that "openssl enc" does not include integrity protection, so use CMS, or arrange for some sort of MAC on the underlying data or the output of "enc". For large data streams, you'll probably want to generate a "chunked" encoding with a MAC over every chunk. -- Viktor. From MrUmunhum at CruzIO.com Mon Mar 13 00:44:57 2017 From: MrUmunhum at CruzIO.com (william estrada) Date: Sun, 12 Mar 2017 17:44:57 -0700 Subject: [openssl-users] error making Private RSA Message-ID: <7038c703c48eeeb712c798dd40217231.squirrel@cruziomail.cruzio.com> I have solved my create public RSA problem with this code: printf( "Method 1\n" ); RSA* RSA1 = RSA_new(); RSA* RSA2 = RSA_new(); RSA2->n = RSA1->n = My_RSA->n; RSA2->e = RSA1->e = My_RSA->e; RSA2->d = RSA1->d = My_RSA->d; RSA2->p = RSA1->p = My_RSA->p; RSA2->q = RSA1->q = My_RSA->q; RC = PEM_write_bio_RSAPublicKey( bio, RSA1 ) ; printf( "%d RC: %d\n", __LINE__, RC ); RC = PEM_write_bio_RSAPrivateKey( bio, RSA2, NULL, NULL, 0, NULL, NULL ) ; printf( "%d RC: %d\n", __LINE__, RC ); if( !RSA1 ) printf( RED " ERROR: Could not load Public KEY!\n" " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, ERR_error_string( ERR_get_error(), NULL ) ) ; else Check_Key( RSA1, ";" ); if( !RSA2 ) printf( RED " ERROR: Could not load Private KEY!\n" " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF, ERR_error_string( ERR_get_error(), NULL ) ) ; else Check_Key( RSA2, ";" ); -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum -- William Estrada Mt Umunhum, CA, USA, Earth HTTP:// Mt-Umunhum-Wireless.net Skype: MrUmunhum From vsraja at gmail.com Mon Mar 13 06:45:50 2017 From: vsraja at gmail.com (Senthil Raja Velu) Date: Mon, 13 Mar 2017 12:15:50 +0530 Subject: [openssl-users] OpenSSL handshake failure with RSA bad signature error In-Reply-To: References: Message-ID: Hi, Could someone shed some light on this above mentioned RSA bad signature issue. Thanks, Senthil. On Thu, Feb 23, 2017 at 12:31 AM, Senthil Raja Velu wrote: > Hi, > I have recently updated my openssl server version from 1.0.1m to 1.0.2j. > After updating the handshake fails with the client. The client still use > openssl version 1.0.1e-fips. > > Note: With older openssl server version (1.0.1m) the handshake works with > the same set of certificates. > > Here is the complete handshake message sequence from the server side with > all debugs: > > TlsInfoCB HANDSHAKE_START(time:4849) sCount(0) cCount(1) > undefined:before/accept initialization > > TlsInfoCB SSL_accept:before/accept initialization > > TlsMsgCB TLS-MSG: <<< ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 01 00 94 ..... > > TlsMsgCB TLS-MSG: <<< TLSv1.2 Handshake len=148 ClientHello > > TlsHexDumpCB > 0000 - 01 00 00 90 03 03 58 ad-d7 b5 64 af 9e d2 38 c4 ......X...d...8. > 0010 - 4a 8b fc 7c 3b 2f 12 64-68 70 c4 57 73 54 54 ce J..|;/.dhp.WsTT. > 0020 - 82 dd f2 58 c7 85 00 00-24 00 0a 00 2f 00 32 00 ...X....$.../.2. > 0030 - 33 00 35 c0 14 c0 03 c0-04 c0 05 c0 08 c0 09 c0 3.5............. > 0040 - 0a c0 0d c0 0e c0 0f c0-12 c0 13 00 ff 01 00 00 ................ > 0050 - 43 00 0b 00 04 03 00 01-02 00 0a 00 08 00 06 00 C............... > 0060 - 19 00 18 00 17 00 23 00-00 00 0d 00 22 00 20 06 ......#.....". . > 0070 - 01 06 02 06 03 05 01 05-02 05 03 04 01 04 02 04 ................ > 0080 - 03 03 01 03 02 03 03 02-01 02 02 02 03 01 01 00 ................ > 0090 - 0f 00 01 01 .... > > TlsExtCB TLS-EXT: client "EC point formats" (id=11) len=4 > > TlsHexDumpCB > 0000 - 03 00 01 02 .... > > TlsExtCB TLS-EXT: client "elliptic curves" (id=10) len=8 > > TlsHexDumpCB > 0000 - 00 06 00 19 00 18 00 17- ........ > > TlsExtCB TLS-EXT: client "session ticket" (id=35) len=0 > > TlsExtCB TLS-EXT: client "signature algorithms" (id=13) len=34 > > TlsHexDumpCB > 0000 - 00 20 06 01 06 02 06 03-05 01 05 02 05 03 04 01 . .............. > 0010 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 ................ > 0020 - 01 01 .. > > TlsExtCB TLS-EXT: client "heartbeat" (id=15) len=1 > > TlsHexDumpCB > 0000 - 01 . > > TlsInfoCB SSL_accept:SSLv3 read client hello A > > TlsMsgCB TLS-MSG: >>> ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 00 3a ....: > > TlsMsgCB TLS-MSG: >>> TLSv1.2 Handshake len=58 ServerHello > > TlsHexDumpCB > 0000 - 02 00 00 36 03 03 b6 97-ce 9a 96 74 98 52 c0 4a ...6.......t.R.J > 0010 - c4 2e f4 20 1f 47 c0 b3-2e e4 8c ed 79 9e 22 e1 ... .G......y.". > 0020 - 57 f9 1f 56 c4 b5 00 00-0a 00 00 0e ff 01 00 01 W..V............ > 0030 - 00 00 23 00 00 00 0f 00-01 01 ..#....... > > TlsInfoCB SSL_accept:SSLv3 write server hello A > > TlsMsgCB TLS-MSG: >>> ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 04 f1 ..... > > TlsMsgCB TLS-MSG: >>> TLSv1.2 Handshake len=1265 Certificate > > TlsHexDumpCB > 0000 - 0b 00 04 ed 00 04 ea 00-02 15 30 82 02 11 30 82 ..........0...0. > 0010 - 01 7a 02 09 00 aa f8 6d-8b 4d d8 0f f0 30 0d 06 .z.....m.M...0.. > 0020 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 30 4e 31 0b .*.H........0N1. > 0030 - 30 09 06 03 55 04 06 13-02 55 53 31 13 30 11 06 0...U....US1.0.. > 0040 - 03 55 04 08 13 0a 43 61-6c 69 66 6f 72 6e 69 61 .U....California > 0050 - 31 10 30 0e 06 03 55 04-07 13 07 53 61 6e 4a 6f 1.0...U....SanJo > 0060 - 73 65 31 18 30 16 06 03-55 04 03 13 0f 77 77 77 se1.0...U....www > 0070 - 2e 6e 75 61 67 65 43 41-2e 63 6f 6d 30 1e 17 0d .nuageCA.com0... > 0080 - 31 34 30 39 30 34 30 39-35 37 35 30 5a 17 0d 32 140904095750Z..2 > 0090 - 34 30 39 30 31 30 39 35-37 35 30 5a 30 4c 31 0b 40901095750Z0L1. > 00a0 - 30 09 06 03 55 04 06 13-02 55 53 31 13 30 11 06 0...U....US1.0.. > 00b0 - 03 55 04 08 13 0a 43 61-6c 69 66 6f 72 6e 69 61 .U....California > 00c0 - 31 10 30 0e 06 03 55 04-07 13 07 53 61 6e 4a 6f 1.0...U....SanJo > 00d0 - 73 65 31 16 30 14 06 03-55 04 03 13 0d 77 77 77 se1.0...U....www > 00e0 - 2e 6e 75 61 67 65 2e 63-6f 6d 30 81 9f 30 0d 06 .nuage.com0..0.. > 00f0 - 09 2a 86 48 86 f7 0d 01-01 01 05 00 03 81 8d 00 .*.H............ > 0100 - 30 81 89 02 81 81 00 d1-2f 3b 18 80 af 87 aa f3 0......./;...... > 0110 - dd 62 5f 96 d6 69 ba 28-cf f6 56 7f c8 56 62 de .b_..i.(..V..Vb. > 0120 - 7a 9d fc 6d 26 17 df 0d-5f 09 15 5e 24 68 04 37 z..m&..._..^$h.7 > 0130 - e0 02 47 e3 18 64 5c 2e-0a 2e 89 57 f9 54 b0 97 ..G..d\....W.T.. > 0140 - 93 24 06 8b 22 55 54 68-89 ea 8d 1d 97 b0 d2 8b .$.."UTh........ > 0150 - 5b 34 19 ba 41 c0 da ca-49 82 d4 76 a3 de 5f fc [4..A...I..v.._. > 0160 - cf fa 6b 22 6c 8c c9 af-c2 e4 2b 08 75 cf 3d 5a ..k"l.....+.u.=Z > 0170 - eb 32 9c 23 ac 6a 09 a7-7a 7b 67 36 08 17 e0 76 .2.#.j..z{g6...v > 0180 - a0 9c f5 5b dc 0a a1 02-03 01 00 01 30 0d 06 09 ...[........0... > 0190 - 2a 86 48 86 f7 0d 01 01-05 05 00 03 81 81 00 09 *.H............. > 01a0 - ef 65 ee e8 3d b9 5f 11-5c 8a 8b 97 f7 3f 75 78 .e..=._.\....?ux > 01b0 - f3 11 5f 09 0e b8 fe a0-6b 70 53 1e 34 1b 66 55 .._.....kpS.4.fU > 01c0 - c5 7c d6 00 e4 ef 2f 56-7e 0b 0e fe d1 2b f9 42 .|..../V~....+.B > 01d0 - d5 b7 3d 54 52 05 72 52-0b c2 89 3f 0a 5b ad e9 ..=TR.rR...?.[.. > 01e0 - 04 98 c8 c2 0a b7 ec 7c-15 5d 4e 9f 45 70 a5 92 .......|.]N.Ep.. > 01f0 - 3c 7e 1f 59 3b 03 97 c6-8a 45 a7 02 81 f8 4a 35 <~.Y;....E....J5 > 0200 - 24 ed 97 f2 89 0a 23 d2-ea b8 2e ff 12 ec e4 20 $.....#........ > 0210 - 3d ab b4 ae e2 a6 ee a2-92 2b fb 9e b6 f6 3a 00 =........+....:. > 0220 - 02 cf 30 82 02 cb 30 82-02 34 a0 03 02 01 02 02 ..0...0..4...... > 0230 - 09 00 e4 51 8c 52 e2 ce-56 6f 30 0d 06 09 2a 86 ...Q.R..Vo0...*. > 0240 - 48 86 f7 0d 01 01 05 05-00 30 4e 31 0b 30 09 06 H........0N1.0.. > 0250 - 03 55 04 06 13 02 55 53-31 13 30 11 06 03 55 04 .U....US1.0...U. > 0260 - 08 13 0a 43 61 6c 69 66-6f 72 6e 69 61 31 10 30 ...California1.0 > 0270 - 0e 06 03 55 04 07 13 07-53 61 6e 4a 6f 73 65 31 ...U....SanJose1 > 0280 - 18 30 16 06 03 55 04 03-13 0f 77 77 77 2e 6e 75 .0...U....www.nu > 0290 - 61 67 65 43 41 2e 63 6f-6d 30 1e 17 0d 31 34 30 ageCA.com0...140 > 02a0 - 39 30 34 30 39 35 36 32-36 5a 17 0d 32 34 30 39 904095626Z..2409 > 02b0 - 30 31 30 39 35 36 32 36-5a 30 4e 31 0b 30 09 06 01095626Z0N1.0.. > 02c0 - 03 55 04 06 13 02 55 53-31 13 30 11 06 03 55 04 .U....US1.0...U. > 02d0 - 08 13 0a 43 61 6c 69 66-6f 72 6e 69 61 31 10 30 ...California1.0 > 02e0 - 0e 06 03 55 04 07 13 07-53 61 6e 4a 6f 73 65 31 ...U....SanJose1 > 02f0 - 18 30 16 06 03 55 04 03-13 0f 77 77 77 2e 6e 75 .0...U....www.nu > 0300 - 61 67 65 43 41 2e 63 6f-6d 30 81 9f 30 0d 06 09 ageCA.com0..0... > 0310 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 81 8d 00 30 *.H............0 > 0320 - 81 89 02 81 81 00 ac 55-1b d9 c1 d6 17 da 27 fd .......U......'. > 0330 - e8 fb f6 54 88 f0 6a b7-26 60 b3 81 c2 51 57 be ...T..j.&`...QW. > 0340 - 3d 2c 80 1c d2 94 02 90-f2 10 31 af a7 4e 5a c1 =,........1..NZ. > 0350 - fe e7 10 62 f2 2a 52 2f-d1 03 2a 8a 1a 33 8a 11 ...b.*R/..*..3.. > 0360 - e1 c4 96 bd 15 51 a2 f6-23 0f fb 66 3f 3e d9 4e .....Q..#..f?>.N > 0370 - 5d 7b f4 df 77 c6 8b 58-3e bf 09 f9 61 2e 33 40 ]{..w..X>...a.3@ > 0380 - e5 28 6a 42 87 59 02 c0-be 89 7f 9b bc 8b 06 ea .(jB.Y.......... > 0390 - 40 60 1a 44 80 cd 15 e1-9d e7 2b e6 a8 de d7 11 @`.D......+..... > 03a0 - 09 9c 17 b8 7b 07 02 03-01 00 01 a3 81 b0 30 81 ....{.........0. > 03b0 - ad 30 1d 06 03 55 1d 0e-04 16 04 14 7a 59 61 56 .0...U......zYaV > 03c0 - b4 cd 2c 8b b4 b1 03 cf-5b 84 d8 3a 14 76 d8 38 ..,.....[..:.v.8 > 03d0 - 30 7e 06 03 55 1d 23 04-77 30 75 80 14 7a 59 61 0~..U.#.w0u..zYa > 03e0 - 56 b4 cd 2c 8b b4 b1 03-cf 5b 84 d8 3a 14 76 d8 V..,.....[..:.v. > 03f0 - 38 a1 52 a4 50 30 4e 31-0b 30 09 06 03 55 04 06 8.R.P0N1.0...U.. > 0400 - 13 02 55 53 31 13 30 11-06 03 55 04 08 13 0a 43 ..US1.0...U....C > 0410 - 61 6c 69 66 6f 72 6e 69-61 31 10 30 0e 06 03 55 alifornia1.0...U > 0420 - 04 07 13 07 53 61 6e 4a-6f 73 65 31 18 30 16 06 ....SanJose1.0.. > 0430 - 03 55 04 03 13 0f 77 77-77 2e 6e 75 61 67 65 43 .U....www.nuageC > 0440 - 41 2e 63 6f 6d 82 09 00-e4 51 8c 52 e2 ce 56 6f A.com....Q.R..Vo > 0450 - 30 0c 06 03 55 1d 13 04-05 30 03 01 01 ff 30 0d 0...U....0....0. > 0460 - 06 09 2a 86 48 86 f7 0d-01 01 05 05 00 03 81 81 ..*.H........... > 0470 - 00 09 2b 89 da 1c 40 72-c6 17 1b 71 f0 53 bd d8 ..+... at r...q.S.. > 0480 - cc fb c3 fd 50 ae 92 f1-38 3d 8f 83 15 b3 bf 82 ....P...8=...... > 0490 - 1d cf d5 29 91 31 95 a5-13 80 a0 c8 41 35 fc 51 ...).1......A5.Q > 04a0 - 8c 89 eb 42 64 c6 a9 d5-bf 1e b2 1f 99 ce 5c 56 ...Bd.........\V > 04b0 - 12 2d 53 da 7c d5 06 2b-89 cf 59 a4 4b 15 89 ea .-S.|..+..Y.K... > 04c0 - 02 fc 75 c4 92 08 15 ae-79 89 f6 1b b4 98 fe 36 ..u.....y......6 > 04d0 - 5b 74 51 26 46 c7 e0 0b-25 18 8a 55 8b d8 07 78 [tQ&F...%..U...x > 04e0 - 95 9c fa 9e 5c 2c 4c cc-1e c3 ba 99 78 7e 08 36 ....\,L.....x~.6 > 04f0 - 46 F > > TlsInfoCB SSL_accept:SSLv3 write certificate A > > TlsMsgCB TLS-MSG: >>> ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 00 2e ..... > > TlsMsgCB TLS-MSG: >>> TLSv1.2 Handshake len=46 CertificateRequest > > TlsHexDumpCB > 0000 - 0d 00 00 26 03 01 02 40-00 1e 06 01 06 02 06 03 ...&... at ........ > 0010 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02 ................ > 0020 - 03 03 02 01 02 02 02 03-00 00 0e ........... > 002e - > > TlsInfoCB SSL_accept:SSLv3 write certificate request A > > TlsInfoCB SSL_accept:SSLv3 flush data > > TlsInfoCB SSL_accept:error in SSLv3 read client certificate A > > TlsInfoCB SSL_accept:error in SSLv3 read client certificate A > > TlsConnAccept SSL state after: SSLv3 read client certificate A > > TlsMsgCB TLS-MSG: <<< ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 04 f1 ..... > > TlsMsgCB TLS-MSG: <<< TLSv1.2 Handshake len=1265 Certificate > > TlsHexDumpCB > 0000 - 0b 00 04 ed 00 04 ea 00-02 15 30 82 02 11 30 82 ..........0...0. > 0010 - 01 7a 02 09 00 aa f8 6d-8b 4d d8 0f f1 30 0d 06 .z.....m.M...0.. > 0020 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 30 4e 31 0b .*.H........0N1. > 0030 - 30 09 06 03 55 04 06 13-02 55 53 31 13 30 11 06 0...U....US1.0.. > 0040 - 03 55 04 08 13 0a 43 61-6c 69 66 6f 72 6e 69 61 .U....California > 0050 - 31 10 30 0e 06 03 55 04-07 13 07 53 61 6e 4a 6f 1.0...U....SanJo > 0060 - 73 65 31 18 30 16 06 03-55 04 03 13 0f 77 77 77 se1.0...U....www > 0070 - 2e 6e 75 61 67 65 43 41-2e 63 6f 6d 30 1e 17 0d .nuageCA.com0... > 0080 - 31 34 30 39 30 34 30 39-35 37 35 30 5a 17 0d 32 140904095750Z..2 > 0090 - 34 30 39 30 31 30 39 35-37 35 30 5a 30 4c 31 0b 40901095750Z0L1. > 00a0 - 30 09 06 03 55 04 06 13-02 55 53 31 13 30 11 06 0...U....US1.0.. > 00b0 - 03 55 04 08 13 0a 43 61-6c 69 66 6f 72 6e 69 61 .U....California > 00c0 - 31 10 30 0e 06 03 55 04-07 13 07 53 61 6e 4a 6f 1.0...U....SanJo > 00d0 - 73 65 31 16 30 14 06 03-55 04 03 13 0d 77 77 77 se1.0...U....www > 00e0 - 2e 6e 75 61 67 65 2e 63-6f 6d 30 81 9f 30 0d 06 .nuage.com0..0.. > 00f0 - 09 2a 86 48 86 f7 0d 01-01 01 05 00 03 81 8d 00 .*.H............ > 0100 - 30 81 89 02 81 81 00 a8-76 3f f4 6d d1 08 fe 7c 0.......v?.m...| > 0110 - 2a 58 f1 36 68 61 ea 63-c0 7b 05 ba da 76 27 e5 *X.6ha.c.{...v'. > 0120 - ef 6f f2 c4 e2 f4 ee bc-eb 48 21 f0 94 7e 9e 48 .o.......H!..~.H > 0130 - 63 a7 a7 e2 58 d8 41 af-eb ad d4 97 e6 50 af c1 c...X.A......P.. > 0140 - 63 2a 05 19 08 82 cf 79-13 c0 78 4f 0b d7 39 64 c*.....y..xO..9d > 0150 - d8 e0 1e f1 4e 69 8f 41-a9 3a 63 77 2c 9a 8b d5 ....Ni.A.:cw,... > 0160 - 21 65 df f1 30 97 6f 57-93 0e 2b 8d 05 1d 74 d1 !e..0.oW..+...t. > 0170 - 66 61 e7 d4 a4 d4 e1 be-8c d5 67 a8 36 82 63 11 fa........g.6.c. > 0180 - 50 4f fa 7d ad 28 ff 02-03 01 00 01 30 0d 06 09 PO.}.(......0... > 0190 - 2a 86 48 86 f7 0d 01 01-05 05 00 03 81 81 00 4f *.H............O > 01a0 - 33 50 c1 e0 97 48 d3 ad-e0 13 0f 82 62 75 bf 3b 3P...H......bu.; > 01b0 - b9 69 42 f7 5d 60 5f 8a-52 38 80 32 13 b9 81 de .iB.]`_.R8.2.... > 01c0 - 1f 8e e3 6e 35 85 e6 92-51 8d 68 4b aa c0 d9 86 ...n5...Q.hK.... > 01d0 - b8 5a 82 3a 5e 7f 15 56-69 94 33 52 81 0e 59 c9 .Z.:^..Vi.3R..Y. > 01e0 - ea c2 b4 e0 7c c2 74 3d-5b a7 53 d7 63 98 f5 60 ....|.t=[.S.c..` > 01f0 - c2 19 83 f5 b7 54 9e 1d-c8 c4 05 89 80 4f cc a5 .....T.......O.. > 0200 - 02 99 76 5f 67 e8 56 13-76 03 7c cc 85 d1 a3 26 ..v_g.V.v.|....& > 0210 - 3d 7b 67 10 04 d1 54 76-ef 63 7c 4b e0 a3 e3 00 ={g...Tv.c|K.... > 0220 - 02 cf 30 82 02 cb 30 82-02 34 a0 03 02 01 02 02 ..0...0..4...... > 0230 - 09 00 e4 51 8c 52 e2 ce-56 6f 30 0d 06 09 2a 86 ...Q.R..Vo0...*. > 0240 - 48 86 f7 0d 01 01 05 05-00 30 4e 31 0b 30 09 06 H........0N1.0.. > 0250 - 03 55 04 06 13 02 55 53-31 13 30 11 06 03 55 04 .U....US1.0...U. > 0260 - 08 13 0a 43 61 6c 69 66-6f 72 6e 69 61 31 10 30 ...California1.0 > 0270 - 0e 06 03 55 04 07 13 07-53 61 6e 4a 6f 73 65 31 ...U....SanJose1 > 0280 - 18 30 16 06 03 55 04 03-13 0f 77 77 77 2e 6e 75 .0...U....www.nu > 0290 - 61 67 65 43 41 2e 63 6f-6d 30 1e 17 0d 31 34 30 ageCA.com0...140 > 02a0 - 39 30 34 30 39 35 36 32-36 5a 17 0d 32 34 30 39 904095626Z..2409 > 02b0 - 30 31 30 39 35 36 32 36-5a 30 4e 31 0b 30 09 06 01095626Z0N1.0.. > 02c0 - 03 55 04 06 13 02 55 53-31 13 30 11 06 03 55 04 .U....US1.0...U. > 02d0 - 08 13 0a 43 61 6c 69 66-6f 72 6e 69 61 31 10 30 ...California1.0 > 02e0 - 0e 06 03 55 04 07 13 07-53 61 6e 4a 6f 73 65 31 ...U....SanJose1 > 02f0 - 18 30 16 06 03 55 04 03-13 0f 77 77 77 2e 6e 75 .0...U....www.nu > 0300 - 61 67 65 43 41 2e 63 6f-6d 30 81 9f 30 0d 06 09 ageCA.com0..0... > 0310 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 81 8d 00 30 *.H............0 > 0320 - 81 89 02 81 81 00 ac 55-1b d9 c1 d6 17 da 27 fd .......U......'. > 0330 - e8 fb f6 54 88 f0 6a b7-26 60 b3 81 c2 51 57 be ...T..j.&`...QW. > 0340 - 3d 2c 80 1c d2 94 02 90-f2 10 31 af a7 4e 5a c1 =,........1..NZ. > 0350 - fe e7 10 62 f2 2a 52 2f-d1 03 2a 8a 1a 33 8a 11 ...b.*R/..*..3.. > 0360 - e1 c4 96 bd 15 51 a2 f6-23 0f fb 66 3f 3e d9 4e .....Q..#..f?>.N > 0370 - 5d 7b f4 df 77 c6 8b 58-3e bf 09 f9 61 2e 33 40 ]{..w..X>...a.3@ > 0380 - e5 28 6a 42 87 59 02 c0-be 89 7f 9b bc 8b 06 ea .(jB.Y.......... > 0390 - 40 60 1a 44 80 cd 15 e1-9d e7 2b e6 a8 de d7 11 @`.D......+..... > 03a0 - 09 9c 17 b8 7b 07 02 03-01 00 01 a3 81 b0 30 81 ....{.........0. > 03b0 - ad 30 1d 06 03 55 1d 0e-04 16 04 14 7a 59 61 56 .0...U......zYaV > 03c0 - b4 cd 2c 8b b4 b1 03 cf-5b 84 d8 3a 14 76 d8 38 ..,.....[..:.v.8 > 03d0 - 30 7e 06 03 55 1d 23 04-77 30 75 80 14 7a 59 61 0~..U.#.w0u..zYa > 03e0 - 56 b4 cd 2c 8b b4 b1 03-cf 5b 84 d8 3a 14 76 d8 V..,.....[..:.v. > 03f0 - 38 a1 52 a4 50 30 4e 31-0b 30 09 06 03 55 04 06 8.R.P0N1.0...U.. > 0400 - 13 02 55 53 31 13 30 11-06 03 55 04 08 13 0a 43 ..US1.0...U....C > 0410 - 61 6c 69 66 6f 72 6e 69-61 31 10 30 0e 06 03 55 alifornia1.0...U > 0420 - 04 07 13 07 53 61 6e 4a-6f 73 65 31 18 30 16 06 ....SanJose1.0.. > 0430 - 03 55 04 03 13 0f 77 77-77 2e 6e 75 61 67 65 43 .U....www.nuageC > 0440 - 41 2e 63 6f 6d 82 09 00-e4 51 8c 52 e2 ce 56 6f A.com....Q.R..Vo > 0450 - 30 0c 06 03 55 1d 13 04-05 30 03 01 01 ff 30 0d 0...U....0....0. > 0460 - 06 09 2a 86 48 86 f7 0d-01 01 05 05 00 03 81 81 ..*.H........... > 0470 - 00 09 2b 89 da 1c 40 72-c6 17 1b 71 f0 53 bd d8 ..+... at r...q.S.. > 0480 - cc fb c3 fd 50 ae 92 f1-38 3d 8f 83 15 b3 bf 82 ....P...8=...... > 0490 - 1d cf d5 29 91 31 95 a5-13 80 a0 c8 41 35 fc 51 ...).1......A5.Q > 04a0 - 8c 89 eb 42 64 c6 a9 d5-bf 1e b2 1f 99 ce 5c 56 ...Bd.........\V > 04b0 - 12 2d 53 da 7c d5 06 2b-89 cf 59 a4 4b 15 89 ea .-S.|..+..Y.K... > 04c0 - 02 fc 75 c4 92 08 15 ae-79 89 f6 1b b4 98 fe 36 ..u.....y......6 > 04d0 - 5b 74 51 26 46 c7 e0 0b-25 18 8a 55 8b d8 07 78 [tQ&F...%..U...x > 04e0 - 95 9c fa 9e 5c 2c 4c cc-1e c3 ba 99 78 7e 08 36 ....\,L.....x~.6 > 04f0 - 46 F > > TlsInfoCB SSL_accept:SSLv3 read client certificate A > > TlsMsgCB TLS-MSG: <<< ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 00 86 ..... > > TlsMsgCB TLS-MSG: <<< TLSv1.2 Handshake len=134 ClientKeyExchange > > TlsHexDumpCB > 0000 - 10 00 00 82 00 80 62 63-f6 b8 00 19 3d 68 8c cd ......bc....=h.. > 0010 - f7 e0 ca b8 d7 d8 f0 15-45 48 fd ca e9 53 27 45 ........EH...S'E > 0020 - b5 ae a0 af 43 05 ec b4-88 12 5d 9b e9 3d 94 c9 ....C.....]..=.. > 0030 - 72 cb 63 47 af e7 a5 a9-de 91 ba 52 fc b4 fc 17 r.cG.......R.... > 0040 - 5c 51 59 4d 43 b3 2e 23-4d 75 fa 4f a9 5b bb 5b \QYMC..#Mu.O.[.[ > 0050 - 20 10 87 9f a8 2e c7 5c-ed 51 30 b2 61 60 c7 ca ......\.Q0.a`.. > 0060 - 7c 2b df ae dd ce 37 d3-55 b2 ec e3 af 10 f3 ce |+....7.U....... > 0070 - 85 c7 5c 46 61 6c b3 33-cb a8 fb 93 22 db 5e 25 ..\Fal.3....".^% > 0080 - 47 11 0d 6b 9c 53 G..k.S > > TlsInfoCB SSL_accept:SSLv3 read client key exchange A > > TlsMsgCB TLS-MSG: <<< ??? len=5 > > TlsHexDumpCB > 0000 - 16 03 03 00 88 ..... > > TlsMsgCB TLS-MSG: <<< TLSv1.2 Handshake len=136 CertificateVerify > > TlsHexDumpCB > 0000 - 0f 00 00 84 06 01 00 80-26 20 60 8a 42 c3 b0 98 ........& `.B... > 0010 - b6 28 04 ab 76 39 0b 9d-41 47 32 d3 29 65 3e c3 .(..v9..AG2.)e>. > 0020 - f6 78 89 b1 09 df a4 fe-9f 6a 4a d0 99 11 27 88 .x.......jJ...'. > 0030 - 76 db 95 ba d1 77 4a 35-7f ae 67 6a cb a6 a7 b7 v....wJ5..gj.... > 0040 - 79 c2 78 63 14 49 e2 2b-68 72 8c 08 02 fa 51 35 y.xc.I.+hr....Q5 > 0050 - 98 4e 70 3b 7a ab 4d e4-c0 3e 49 0d a8 33 58 11 .Np;z.M..>I..3X. > 0060 - 31 23 cd bc 4b 77 55 b6-d3 f5 f1 e3 5c da a6 96 1#..KwU.....\... > 0070 - b8 41 d2 ac df b8 36 43-62 b4 df b4 e6 86 42 5e .A....6Cb.....B^ > 0080 - eb 5c 89 18 51 64 9a 31- .\..Qd.1 > > TlsMsgCB TLS-MSG: >>> ??? len=5 > > TlsHexDumpCB > 0000 - 15 03 03 00 02 ..... > > TlsMsgCB TLS-MSG: >>> TLSv1.2 Alert len=2 fatal decrypt_error > > TlsHexDumpCB > 0000 - 02 33 .3 > > TlsInfoCB SSL3 alert write:fatal:decrypt error > > TlsPrintCB 058880:error:04091068:rsa routines:INT_RSA_VERIFY:bad > signature:/workspace/openssl/crypto/rsa/rsa_sign.c:300: > > TlsInfoCB SSL_accept:failed in error > > TlsPrintCB 058880:error:1408807B:SSL routines:ssl3_get_cert_verify:bad > signature:/workspace/openssl/ssl/s3_srvr.c:3100: > > > Appreciate any pointers on addressing this issue. > > Thanks, > Senthil. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Mar 13 09:26:50 2017 From: matt at openssl.org (Matt Caswell) Date: Mon, 13 Mar 2017 09:26:50 +0000 Subject: [openssl-users] mingw 64-bit build of 1.1.0e In-Reply-To: <376FC8FDF8144B52B4905E5C9EE207C4@OwnerPC311012> References: <947E3E0C7B5E4C5A97C3506B97EBC133@OwnerPC311012> <48187B2179B1447EBAB01B229C060684@OwnerPC311012> <376FC8FDF8144B52B4905E5C9EE207C4@OwnerPC311012> Message-ID: <5d0839d5-30c0-4358-6b1e-a2e3587cc182@openssl.org> On 12/03/17 07:57, sisyphus1 at optusnet.com.au wrote: >> But where did it find libz ? > > Heh ... this compiler ships with libz.a (x86_64-w64-mingw32/lib/libz.a). > I don't know how long they've been doing that - probably for years. > Remove (or rename) that file and 'make' fails because -lz can't be > resolved. You can specify where to find libz with the following Configure options: --with-zlib-include=DIR --with-zlib-lib=LIB Check the INSTALL file for details. Matt From pepone.onrez at gmail.com Mon Mar 13 11:42:00 2017 From: pepone.onrez at gmail.com (pepone.onrez) Date: Mon, 13 Mar 2017 12:42:00 +0100 Subject: [openssl-users] Visual Studio 2015 build failure Message-ID: I trying to build openssl 1.0.2 from OpenSSL_1_0_2-stable branch and keep getting this error perl Configure VC-WIN32 no-asm enable-static-engine ms\do_ms nmake -f ms\ntdll.mak .... link /nologo /subsystem:console /opt:ref /debug /dll /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\Users\ppgut\AppData\Local\Temp\nmE41E.tmp Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp bss_fd.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] bss_file.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] b_dump.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] out32dll\libeay32.dll : fatal error LNK1120: 1 unresolved externals [D:\3.7\openssl\msbuild\openssl.build.targets] NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\amd64\link.EXE"' : return code '0x460' [D:\3.7\openssl\msbuild\openssl.build.targets] Stop. D:\3.7\openssl\msbuild\openssl.build.targets(20,3): error MSB3073: The command "nmake -f ms\ntdll.mak" exited with code 2. From darshanmody at avaya.com Mon Mar 13 12:48:59 2017 From: darshanmody at avaya.com (Mody, Darshan (Darshan)) Date: Mon, 13 Mar 2017 12:48:59 +0000 Subject: [openssl-users] CRL implementation caching Message-ID: <25D2EC755404B4409F263AC6D050FEBB2A1023CD@AZ-FFEXMB03.global.avaya.com> Hi, We have modified our codebase to have CRL verification on the incoming certificates. While doing a negative testing with load of certificates I find that the resident memory for the module. My query is when we have CRL verification enabled does openssl caches incoming certificates? Please note that we have set SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); >From the core file generated I am observing many entries of the far-end certificate serial number. Thanks in Advance Regards Darshan -------------- next part -------------- An HTML attachment was scrubbed... URL: From garyp at firstech.com Mon Mar 13 14:39:08 2017 From: garyp at firstech.com (Gary L Peskin) Date: Mon, 13 Mar 2017 07:39:08 -0700 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key Message-ID: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> My original message accidently included an attachment. Please ignore the attachment. That was not related to this issue. Thanks, Gary From: Gary L Peskin [mailto:garyp at firstech.com] Sent: Monday, March 13, 2017 2:28 AM To: 'openssl-users at openssl.org' Subject: Cannot read exported PKCS12 cert and private key Hello all I exported a certificate and corresponding private key in base 64 encoded DER format from a mainframe system and FTP'd it to my Windows desktop. I tried to read it using OpenSSL 1.0.2.k and 1.1.0d 32-bit and 64-bit on Windows with openssl pkcs12 -in mycert.p12 -noout But I get the following messages: 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1199: 15956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:374:Type=PKCS12 I'm able to import this with the private key into the Windows certificate store with no issues. Can someone please advise as to what I'm doing wrong? Thanks, Gary PS Here is the file: -----BEGIN CERTIFICATE----- MIIKCAIBAzCCCcQGCSqGSIb3DQEHAaCCCbUEggmxMIIJrTCCBE8GCSqGSIb3DQEH BqCCBEAwggQ8AgEAMIIENQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIjdBS +TZF+xQCAgP5gIIECNtJIUg23ab7AXi33MKueO03S1pUkHCQk+kByNK/6f1FgEvu XRqhniR3mdyzeMVBCrCBSx3GhZlpLcW/d6OAd3z8hbXjvw5OC5OLavemfRNtsi+R q9LggkcWT2oCszc2nglKzHYaFnkG80vwxLwUXmROL+UK4ZlYmqp46EjuNAEo/yqQ yEwgia3iP84wiZRfY9kBJMq9yUm+LvowO/1E9v/ycgE6IWe1CrThQzrD6Vm9LaTy 0oZqAbTbzbedZwGsuWZoedw2FtmRijkH5EbRNRpTrUUO/qQMO19v5IKtd4kUAWea dpYrwn1kkD2aInKKsjycCFtGopXPbmrqj2cm335cESN4XePBHQuzaywHgd0WjU5O ++UM+B/5Kpx3af53E412pGAcgnPH/ZQKMa5Zkp73pcFmViLEC7Tn9eNB2iNUfX9p rV3RNRnrEPZlD1MuYEkmBIWA5czUiDKrpyYA1fmrSsFthFMhD5fTVoDMSTBmNXPz 5B8HYW4+aDbo7N2a+BtFNcbMqYJqYwVL7xE2rL6nUedMyN2uKeZfOnLLQuYoUCg7 iYO5k7D/jQNsviyZg022Nzwy4agdPBKqok8oanQge8/pr3NeMrNDDKVyWy8ZBVBv KGi3qaX45ejJxP8XaJxxw88+KOc1OvAMhWhAHlHqpw9d7OiAP1oCV+vRuYnD5N9a YyLspoKy1nk+Htl71QQ4GYCRRGXMl7YsxtRrUSOAZa2+V/5h6ljUsTsib3VhO0eL /jf+BlBxhpWw1J9L0r6sFMYvVS3AsqfqnBLJUFLxeQxYvVsV0Gpx8BonpZACQC91 DB4oV0l6whqtAQ4dJMJEk9nNnP0NYsVceKybF5NvgL3lzALw/Ezv8K7Y69FJaM35 LrT9JlGSt/BJ0oXp4wxqH4UbHikhGpSCteh7k3ZQkbE4fokVhH9lYkMXqBRXqXlI nV9b7hR26NeJY0C7a9VyNXtzIVsP+JiBhDzc7GDafIF99fUHPVfqh15CPnTb5liZ A6QlYw1aVvyhS8ST4I117kALKWUdl9xhe+ui0IFCEQY/mNuQ8O13nlcx+DvGtPxc WCUG0VpP6AkE9Mkd67CghF6sFh/8FqdE1jU2Asj+iCZVU/s0ngH3hAXwMVUwOW9S voxYParz1b0sF7vgrhLteHOZ03TEra7rh7OiOVUCOE6CACG1qV8QXDvpkZp2mGTx 5T7ob8nNF8XQWhIHjULVdKdOBuMh/4dOrHTuU5cFosR29mbzAZDDi0myuzTv37GJ OgyiX0XXvwn5jCmAoaE0ji1fgxrWUs8yVYYHOj3IyQwzU+FydfKtlnhh8ZxHKDBo 8wPqrEAzTXT49bsxvy3cYxUp4Dd1G2ymkoTZonEi7Vir0kN7qjCCBVYGCSqGSIb3 DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI hvcNAQwBAzAOBAh2oqSgVyE4cwICA/EEggTInCkEbWknH/Vojqzmn1jIPRGb7dG+ egxS5YDtk14LxnQuwACTQef2wQnKlosYbfH8dJVIvXRYB19MXroGpd5KJA8Dftqa dWFVAcDIrzV/ZS252aita0fKOVeqjKWo7TkA9jnwDeekAcK+1R5ioIcfXPLJDSUX gdEaza88oQ+g+34+B2o+mnTPT/PM/o1n6cifVRURn2jMASwiB/cwLn58UZibCSgL h3CrcKamWi8AF3eJ2rkpPuK41s8SfqZ1ByNEFSgnsX5UQzJpn8FoBPBOmFnR8FTr XNwtT7GcJJuWDSnf+On2PI2LYT6XAhNeCkfMwdnUa6N1YV2Okelmae4J21sldQlw ATZFiuigyPMFF1X3wUfdvZTwQGC17YFTN+OIYF9/62XTiZUEJ6y0I3nRvAxpaRHS VVyh2KA89e5Llxv+bArgA6brykRHFk5I7e7krrflPoQJ0o1oKhb8DshnxAk65v/H xTPLq9gac81AY8rWnrTCZcO+inCan/IlOKDXnVCUfZATtAOOIQ6Mf9KwuAeyE9xu 4dUO0vF5juFU6hK8SR//apf0JF+zejq5wnEhc1o/sWVpKQkakYayJ+4Hnlx+G6Ra bJ3ZYQv4U/kUx0Q43qvvwhx0qdZ79BUpqPTxLeBzwVG6q5ys8eZY988YcIg11NY9 +qC4cFGBsbMuWSispichDN5wEJ9C9UrdKRGsAztz0j1GTiJcXPnBH+vTeULh7Spx GmLbJWyj3tg+QaefDPo4aaIpZCZV0BFSy41fgoBB+rZ45wNgRiDuDuHue2WY28PC dGrAuXzQTUeEUYqN2zL2DhiYD/6/Y+/BCUS/kO0w3x0J7ityoSlyVJ+cf84FYmtB zmPIqgjDZS/NGC0OWgUBWxzspADETmwpZDCz8MJHK99nbAcYz3AybW6307NCJTKp gPfH6RyTrDzoijIweHUeU2pANpDjbp53UKV5/WyEvbjvy9maf1Jze60zS7EFgZ/n ZEe+eQbSY5SGtTWCB3mMbOTFvDH0QKGbfj6EX2Z+P+RZEeU/xzMOejcBbOO7XpgV +Uryt+NgcocTtg/5YjVkAdMeVz9A/XdGydAy7hE2FwFI1hJTl/aI4ZaAKV34xH2r J4/VstlG8ongv9zMNaS4Xl1n3wk6W3oAUmqWdoYYyDsocIBl1he1oP588Capa7OL NLYDl3llQXbyah1A//xJsH5M8KiB0MlJ0qSSp0U7LXmxDP3dw3kcR9XgOX835Bpi NlOPQDfzYZyKN6sIGDcuxwQPdOg2EQZxI3W5xp+oHTM/yTuqo/5vpOIlMdwqfQ/R HGLVyyQ0yO3oIMxiE56jSnrhjj/H/bJJAMMUBXI6pi18JCv24cTjVsXGjsf4jH7g 9uGmoecX/Sx77Sx+814aO0Qkm0WzadLagKoz1nOV1hmeSan1nFnXkE94VqIJ9YTV qnLrY0JYjpI2ywkW4wCscjVMIxkAfhifc31v4LWUnTMO0Y+xqO89v1hKbSYkZYYs psrxnomXJq/RqjfZBhF3f+0aTNxpvlJnGOjnlT0qX1yHBOr+bmkcTIhL7pKA+qK1 fZD8834wTLrRcFiPD7pX6/zglMEG4PUf1RoDC0+3Ud8qa2SqfyYZeFm8+9yFsFnZ RYFkMTowIwYJKoZIhvcNAQkUMRYeFABDAEEAQwBUAEUAUwBUACAAQwBBMBMGCSqG SIb3DQEJFTEGBAQAAAABMDswHzAHBgUrDgMCGgQUoiKIky5oqgCxt5DnJxWNQvZ1 WecEFDabnXfA8sLdfwIXx9AexvOOS0gpAgID+w== -----END CERTIFICATE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Mon Mar 13 15:58:23 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Mon, 13 Mar 2017 15:58:23 +0000 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> Message-ID: I'll assume you mean you exported it "from a mainframe system" using RACF. RACF has half a dozen export formats for certificates and keys; they're not all supported by OpenSSL. In particular (and despite the PEM delimiters), I suspect what you have here is a PKCS#12 file in PEM format. The openssl pkcs12 utility doesn't support PEM encoding, because that's not normally done. RACF will do it, though, just to be difficult. openssl asn1parse -in file -inform pem shows you have valid ASN.1 data, with a big ol' blob at offset 26; adding -strparse 26 shows encrypted data. So yes, looks like PKCS#12. So, try this: 1. Edit the file and remove the PEM delimiters ("---- BEGIN CERTIFICATE ----" and "----- END CERTIFICATE ----"). 2. Convert the data from Base64 to binary: openssl base64 -d -in file -out file.der 3. Unpack it: openssl pkcs12 -in file.der -nokeys -out file-cert.pem openssl pkcs12 -in file.der -nocerts -out file-key.pem Note the final openssl command will prompt you for the password to encrypt the key file with; if you don't want your private key encrypted, you can also specify -nodes. You can use openssl pkcs12 just once, without the -nokeys / -nocerts options, but that will put your certificate and key in the same file, which is generally not what you want with OpenSSL. Of course, you haven't told us what you're trying to do, so I'm just guessing. Also, I can't verify this, because I don't have the import password for your PKCS#12 file. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Gary L Peskin Sent: Monday, March 13, 2017 08:39 To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key My original message accidently included an attachment. Please ignore the attachment. That was not related to this issue. Thanks, Gary From: Gary L Peskin [mailto:garyp at firstech.com] Sent: Monday, March 13, 2017 2:28 AM To: 'openssl-users at openssl.org' > Subject: Cannot read exported PKCS12 cert and private key Hello all I exported a certificate and corresponding private key in base 64 encoded DER format from a mainframe system and FTP?d it to my Windows desktop. I tried to read it using OpenSSL 1.0.2.k and 1.1.0d 32-bit and 64-bit on Windows with openssl pkcs12 -in mycert.p12 -noout But I get the following messages: 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1199: 15956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:374:Type=PKCS12 I?m able to import this with the private key into the Windows certificate store with no issues. Can someone please advise as to what I?m doing wrong? Thanks, Gary PS Here is the file: -----BEGIN CERTIFICATE----- MIIKCAIBAzCCCcQGCSqGSIb3DQEHAaCCCbUEggmxMIIJrTCCBE8GCSqGSIb3DQEH BqCCBEAwggQ8AgEAMIIENQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIjdBS +TZF+xQCAgP5gIIECNtJIUg23ab7AXi33MKueO03S1pUkHCQk+kByNK/6f1FgEvu XRqhniR3mdyzeMVBCrCBSx3GhZlpLcW/d6OAd3z8hbXjvw5OC5OLavemfRNtsi+R q9LggkcWT2oCszc2nglKzHYaFnkG80vwxLwUXmROL+UK4ZlYmqp46EjuNAEo/yqQ yEwgia3iP84wiZRfY9kBJMq9yUm+LvowO/1E9v/ycgE6IWe1CrThQzrD6Vm9LaTy 0oZqAbTbzbedZwGsuWZoedw2FtmRijkH5EbRNRpTrUUO/qQMO19v5IKtd4kUAWea dpYrwn1kkD2aInKKsjycCFtGopXPbmrqj2cm335cESN4XePBHQuzaywHgd0WjU5O ++UM+B/5Kpx3af53E412pGAcgnPH/ZQKMa5Zkp73pcFmViLEC7Tn9eNB2iNUfX9p rV3RNRnrEPZlD1MuYEkmBIWA5czUiDKrpyYA1fmrSsFthFMhD5fTVoDMSTBmNXPz 5B8HYW4+aDbo7N2a+BtFNcbMqYJqYwVL7xE2rL6nUedMyN2uKeZfOnLLQuYoUCg7 iYO5k7D/jQNsviyZg022Nzwy4agdPBKqok8oanQge8/pr3NeMrNDDKVyWy8ZBVBv KGi3qaX45ejJxP8XaJxxw88+KOc1OvAMhWhAHlHqpw9d7OiAP1oCV+vRuYnD5N9a YyLspoKy1nk+Htl71QQ4GYCRRGXMl7YsxtRrUSOAZa2+V/5h6ljUsTsib3VhO0eL /jf+BlBxhpWw1J9L0r6sFMYvVS3AsqfqnBLJUFLxeQxYvVsV0Gpx8BonpZACQC91 DB4oV0l6whqtAQ4dJMJEk9nNnP0NYsVceKybF5NvgL3lzALw/Ezv8K7Y69FJaM35 LrT9JlGSt/BJ0oXp4wxqH4UbHikhGpSCteh7k3ZQkbE4fokVhH9lYkMXqBRXqXlI nV9b7hR26NeJY0C7a9VyNXtzIVsP+JiBhDzc7GDafIF99fUHPVfqh15CPnTb5liZ A6QlYw1aVvyhS8ST4I117kALKWUdl9xhe+ui0IFCEQY/mNuQ8O13nlcx+DvGtPxc WCUG0VpP6AkE9Mkd67CghF6sFh/8FqdE1jU2Asj+iCZVU/s0ngH3hAXwMVUwOW9S voxYParz1b0sF7vgrhLteHOZ03TEra7rh7OiOVUCOE6CACG1qV8QXDvpkZp2mGTx 5T7ob8nNF8XQWhIHjULVdKdOBuMh/4dOrHTuU5cFosR29mbzAZDDi0myuzTv37GJ OgyiX0XXvwn5jCmAoaE0ji1fgxrWUs8yVYYHOj3IyQwzU+FydfKtlnhh8ZxHKDBo 8wPqrEAzTXT49bsxvy3cYxUp4Dd1G2ymkoTZonEi7Vir0kN7qjCCBVYGCSqGSIb3 DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI hvcNAQwBAzAOBAh2oqSgVyE4cwICA/EEggTInCkEbWknH/Vojqzmn1jIPRGb7dG+ egxS5YDtk14LxnQuwACTQef2wQnKlosYbfH8dJVIvXRYB19MXroGpd5KJA8Dftqa dWFVAcDIrzV/ZS252aita0fKOVeqjKWo7TkA9jnwDeekAcK+1R5ioIcfXPLJDSUX gdEaza88oQ+g+34+B2o+mnTPT/PM/o1n6cifVRURn2jMASwiB/cwLn58UZibCSgL h3CrcKamWi8AF3eJ2rkpPuK41s8SfqZ1ByNEFSgnsX5UQzJpn8FoBPBOmFnR8FTr XNwtT7GcJJuWDSnf+On2PI2LYT6XAhNeCkfMwdnUa6N1YV2Okelmae4J21sldQlw ATZFiuigyPMFF1X3wUfdvZTwQGC17YFTN+OIYF9/62XTiZUEJ6y0I3nRvAxpaRHS VVyh2KA89e5Llxv+bArgA6brykRHFk5I7e7krrflPoQJ0o1oKhb8DshnxAk65v/H xTPLq9gac81AY8rWnrTCZcO+inCan/IlOKDXnVCUfZATtAOOIQ6Mf9KwuAeyE9xu 4dUO0vF5juFU6hK8SR//apf0JF+zejq5wnEhc1o/sWVpKQkakYayJ+4Hnlx+G6Ra bJ3ZYQv4U/kUx0Q43qvvwhx0qdZ79BUpqPTxLeBzwVG6q5ys8eZY988YcIg11NY9 +qC4cFGBsbMuWSispichDN5wEJ9C9UrdKRGsAztz0j1GTiJcXPnBH+vTeULh7Spx GmLbJWyj3tg+QaefDPo4aaIpZCZV0BFSy41fgoBB+rZ45wNgRiDuDuHue2WY28PC dGrAuXzQTUeEUYqN2zL2DhiYD/6/Y+/BCUS/kO0w3x0J7ityoSlyVJ+cf84FYmtB zmPIqgjDZS/NGC0OWgUBWxzspADETmwpZDCz8MJHK99nbAcYz3AybW6307NCJTKp gPfH6RyTrDzoijIweHUeU2pANpDjbp53UKV5/WyEvbjvy9maf1Jze60zS7EFgZ/n ZEe+eQbSY5SGtTWCB3mMbOTFvDH0QKGbfj6EX2Z+P+RZEeU/xzMOejcBbOO7XpgV +Uryt+NgcocTtg/5YjVkAdMeVz9A/XdGydAy7hE2FwFI1hJTl/aI4ZaAKV34xH2r J4/VstlG8ongv9zMNaS4Xl1n3wk6W3oAUmqWdoYYyDsocIBl1he1oP588Capa7OL NLYDl3llQXbyah1A//xJsH5M8KiB0MlJ0qSSp0U7LXmxDP3dw3kcR9XgOX835Bpi NlOPQDfzYZyKN6sIGDcuxwQPdOg2EQZxI3W5xp+oHTM/yTuqo/5vpOIlMdwqfQ/R HGLVyyQ0yO3oIMxiE56jSnrhjj/H/bJJAMMUBXI6pi18JCv24cTjVsXGjsf4jH7g 9uGmoecX/Sx77Sx+814aO0Qkm0WzadLagKoz1nOV1hmeSan1nFnXkE94VqIJ9YTV qnLrY0JYjpI2ywkW4wCscjVMIxkAfhifc31v4LWUnTMO0Y+xqO89v1hKbSYkZYYs psrxnomXJq/RqjfZBhF3f+0aTNxpvlJnGOjnlT0qX1yHBOr+bmkcTIhL7pKA+qK1 fZD8834wTLrRcFiPD7pX6/zglMEG4PUf1RoDC0+3Ud8qa2SqfyYZeFm8+9yFsFnZ RYFkMTowIwYJKoZIhvcNAQkUMRYeFABDAEEAQwBUAEUAUwBUACAAQwBBMBMGCSqG SIb3DQEJFTEGBAQAAAABMDswHzAHBgUrDgMCGgQUoiKIky5oqgCxt5DnJxWNQvZ1 WecEFDabnXfA8sLdfwIXx9AexvOOS0gpAgID+w== -----END CERTIFICATE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From garyp at firstech.com Mon Mar 13 16:26:21 2017 From: garyp at firstech.com (Gary L Peskin) Date: Mon, 13 Mar 2017 09:26:21 -0700 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> Message-ID: <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> Thanks VERY much Michael. That did the trick. This was a homegrown CA cert and I needed it to sign a certificate request for testing purposes. I didn?t realize that the openssl pkcs12 utility didn?t support PEM encoding for input. I was a little confused I guess by the documentation which shows PEM encoding for ?-in filename? but I see now that that?s for when exporting a PKCS#12 file, not for parsing one. Thanks again for clearing this up. It?s weird that MS supports this input format but openssl does not. I thought openssl could do EVERYTHING. ? Thanks, Gary From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik Sent: Monday, March 13, 2017 8:58 AM To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key I'll assume you mean you exported it "from a mainframe system" using RACF. RACF has half a dozen export formats for certificates and keys; they're not all supported by OpenSSL. In particular (and despite the PEM delimiters), I suspect what you have here is a PKCS#12 file in PEM format. The openssl pkcs12 utility doesn't support PEM encoding, because that's not normally done. RACF will do it, though, just to be difficult. openssl asn1parse -in file -inform pem shows you have valid ASN.1 data, with a big ol' blob at offset 26; adding -strparse 26 shows encrypted data. So yes, looks like PKCS#12. So, try this: 1. Edit the file and remove the PEM delimiters ("---- BEGIN CERTIFICATE ----" and "----- END CERTIFICATE ----"). 2. Convert the data from Base64 to binary: openssl base64 -d -in file -out file.der 3. Unpack it: openssl pkcs12 -in file.der -nokeys -out file-cert.pem openssl pkcs12 -in file.der -nocerts -out file-key.pem Note the final openssl command will prompt you for the password to encrypt the key file with; if you don't want your private key encrypted, you can also specify -nodes. You can use openssl pkcs12 just once, without the -nokeys / -nocerts options, but that will put your certificate and key in the same file, which is generally not what you want with OpenSSL. Of course, you haven't told us what you're trying to do, so I'm just guessing. Also, I can't verify this, because I don't have the import password for your PKCS#12 file. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Gary L Peskin Sent: Monday, March 13, 2017 08:39 To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key My original message accidently included an attachment. Please ignore the attachment. That was not related to this issue. Thanks, Gary From: Gary L Peskin [mailto:garyp at firstech.com] Sent: Monday, March 13, 2017 2:28 AM To: 'openssl-users at openssl.org' > Subject: Cannot read exported PKCS12 cert and private key Hello all I exported a certificate and corresponding private key in base 64 encoded DER format from a mainframe system and FTP?d it to my Windows desktop. I tried to read it using OpenSSL 1.0.2.k and 1.1.0d 32-bit and 64-bit on Windows with openssl pkcs12 -in mycert.p12 -noout But I get the following messages: 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1199: 15956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:374:Type=PKCS12 I?m able to import this with the private key into the Windows certificate store with no issues. Can someone please advise as to what I?m doing wrong? Thanks, Gary PS Here is the file: -----BEGIN CERTIFICATE----- MIIKCAIBAzCCCcQGCSqGSIb3DQEHAaCCCbUEggmxMIIJrTCCBE8GCSqGSIb3DQEH BqCCBEAwggQ8AgEAMIIENQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIjdBS +TZF+xQCAgP5gIIECNtJIUg23ab7AXi33MKueO03S1pUkHCQk+kByNK/6f1FgEvu XRqhniR3mdyzeMVBCrCBSx3GhZlpLcW/d6OAd3z8hbXjvw5OC5OLavemfRNtsi+R q9LggkcWT2oCszc2nglKzHYaFnkG80vwxLwUXmROL+UK4ZlYmqp46EjuNAEo/yqQ yEwgia3iP84wiZRfY9kBJMq9yUm+LvowO/1E9v/ycgE6IWe1CrThQzrD6Vm9LaTy 0oZqAbTbzbedZwGsuWZoedw2FtmRijkH5EbRNRpTrUUO/qQMO19v5IKtd4kUAWea dpYrwn1kkD2aInKKsjycCFtGopXPbmrqj2cm335cESN4XePBHQuzaywHgd0WjU5O ++UM+B/5Kpx3af53E412pGAcgnPH/ZQKMa5Zkp73pcFmViLEC7Tn9eNB2iNUfX9p rV3RNRnrEPZlD1MuYEkmBIWA5czUiDKrpyYA1fmrSsFthFMhD5fTVoDMSTBmNXPz 5B8HYW4+aDbo7N2a+BtFNcbMqYJqYwVL7xE2rL6nUedMyN2uKeZfOnLLQuYoUCg7 iYO5k7D/jQNsviyZg022Nzwy4agdPBKqok8oanQge8/pr3NeMrNDDKVyWy8ZBVBv KGi3qaX45ejJxP8XaJxxw88+KOc1OvAMhWhAHlHqpw9d7OiAP1oCV+vRuYnD5N9a YyLspoKy1nk+Htl71QQ4GYCRRGXMl7YsxtRrUSOAZa2+V/5h6ljUsTsib3VhO0eL /jf+BlBxhpWw1J9L0r6sFMYvVS3AsqfqnBLJUFLxeQxYvVsV0Gpx8BonpZACQC91 DB4oV0l6whqtAQ4dJMJEk9nNnP0NYsVceKybF5NvgL3lzALw/Ezv8K7Y69FJaM35 LrT9JlGSt/BJ0oXp4wxqH4UbHikhGpSCteh7k3ZQkbE4fokVhH9lYkMXqBRXqXlI nV9b7hR26NeJY0C7a9VyNXtzIVsP+JiBhDzc7GDafIF99fUHPVfqh15CPnTb5liZ A6QlYw1aVvyhS8ST4I117kALKWUdl9xhe+ui0IFCEQY/mNuQ8O13nlcx+DvGtPxc WCUG0VpP6AkE9Mkd67CghF6sFh/8FqdE1jU2Asj+iCZVU/s0ngH3hAXwMVUwOW9S voxYParz1b0sF7vgrhLteHOZ03TEra7rh7OiOVUCOE6CACG1qV8QXDvpkZp2mGTx 5T7ob8nNF8XQWhIHjULVdKdOBuMh/4dOrHTuU5cFosR29mbzAZDDi0myuzTv37GJ OgyiX0XXvwn5jCmAoaE0ji1fgxrWUs8yVYYHOj3IyQwzU+FydfKtlnhh8ZxHKDBo 8wPqrEAzTXT49bsxvy3cYxUp4Dd1G2ymkoTZonEi7Vir0kN7qjCCBVYGCSqGSIb3 DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI hvcNAQwBAzAOBAh2oqSgVyE4cwICA/EEggTInCkEbWknH/Vojqzmn1jIPRGb7dG+ egxS5YDtk14LxnQuwACTQef2wQnKlosYbfH8dJVIvXRYB19MXroGpd5KJA8Dftqa dWFVAcDIrzV/ZS252aita0fKOVeqjKWo7TkA9jnwDeekAcK+1R5ioIcfXPLJDSUX gdEaza88oQ+g+34+B2o+mnTPT/PM/o1n6cifVRURn2jMASwiB/cwLn58UZibCSgL h3CrcKamWi8AF3eJ2rkpPuK41s8SfqZ1ByNEFSgnsX5UQzJpn8FoBPBOmFnR8FTr XNwtT7GcJJuWDSnf+On2PI2LYT6XAhNeCkfMwdnUa6N1YV2Okelmae4J21sldQlw ATZFiuigyPMFF1X3wUfdvZTwQGC17YFTN+OIYF9/62XTiZUEJ6y0I3nRvAxpaRHS VVyh2KA89e5Llxv+bArgA6brykRHFk5I7e7krrflPoQJ0o1oKhb8DshnxAk65v/H xTPLq9gac81AY8rWnrTCZcO+inCan/IlOKDXnVCUfZATtAOOIQ6Mf9KwuAeyE9xu 4dUO0vF5juFU6hK8SR//apf0JF+zejq5wnEhc1o/sWVpKQkakYayJ+4Hnlx+G6Ra bJ3ZYQv4U/kUx0Q43qvvwhx0qdZ79BUpqPTxLeBzwVG6q5ys8eZY988YcIg11NY9 +qC4cFGBsbMuWSispichDN5wEJ9C9UrdKRGsAztz0j1GTiJcXPnBH+vTeULh7Spx GmLbJWyj3tg+QaefDPo4aaIpZCZV0BFSy41fgoBB+rZ45wNgRiDuDuHue2WY28PC dGrAuXzQTUeEUYqN2zL2DhiYD/6/Y+/BCUS/kO0w3x0J7ityoSlyVJ+cf84FYmtB zmPIqgjDZS/NGC0OWgUBWxzspADETmwpZDCz8MJHK99nbAcYz3AybW6307NCJTKp gPfH6RyTrDzoijIweHUeU2pANpDjbp53UKV5/WyEvbjvy9maf1Jze60zS7EFgZ/n ZEe+eQbSY5SGtTWCB3mMbOTFvDH0QKGbfj6EX2Z+P+RZEeU/xzMOejcBbOO7XpgV +Uryt+NgcocTtg/5YjVkAdMeVz9A/XdGydAy7hE2FwFI1hJTl/aI4ZaAKV34xH2r J4/VstlG8ongv9zMNaS4Xl1n3wk6W3oAUmqWdoYYyDsocIBl1he1oP588Capa7OL NLYDl3llQXbyah1A//xJsH5M8KiB0MlJ0qSSp0U7LXmxDP3dw3kcR9XgOX835Bpi NlOPQDfzYZyKN6sIGDcuxwQPdOg2EQZxI3W5xp+oHTM/yTuqo/5vpOIlMdwqfQ/R HGLVyyQ0yO3oIMxiE56jSnrhjj/H/bJJAMMUBXI6pi18JCv24cTjVsXGjsf4jH7g 9uGmoecX/Sx77Sx+814aO0Qkm0WzadLagKoz1nOV1hmeSan1nFnXkE94VqIJ9YTV qnLrY0JYjpI2ywkW4wCscjVMIxkAfhifc31v4LWUnTMO0Y+xqO89v1hKbSYkZYYs psrxnomXJq/RqjfZBhF3f+0aTNxpvlJnGOjnlT0qX1yHBOr+bmkcTIhL7pKA+qK1 fZD8834wTLrRcFiPD7pX6/zglMEG4PUf1RoDC0+3Ud8qa2SqfyYZeFm8+9yFsFnZ RYFkMTowIwYJKoZIhvcNAQkUMRYeFABDAEEAQwBUAEUAUwBUACAAQwBBMBMGCSqG SIb3DQEJFTEGBAQAAAABMDswHzAHBgUrDgMCGgQUoiKIky5oqgCxt5DnJxWNQvZ1 WecEFDabnXfA8sLdfwIXx9AexvOOS0gpAgID+w== -----END CERTIFICATE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From aerowolf at gmail.com Mon Mar 13 16:56:21 2017 From: aerowolf at gmail.com (Kyle Hamilton) Date: Mon, 13 Mar 2017 09:56:21 -0700 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> Message-ID: Enhancement request: make 'pkcs12' support -inform and -outform. On Mon, Mar 13, 2017 at 9:26 AM, Gary L Peskin wrote: > Thanks VERY much Michael. That did the trick. This was a homegrown CA > cert and I needed it to sign a certificate request for testing purposes. > > > > I didn?t realize that the openssl pkcs12 utility didn?t support PEM > encoding for input. I was a little confused I guess by the documentation > which shows PEM encoding for ?-in filename? but I see now that that?s for > when exporting a PKCS#12 file, not for parsing one. > > > > Thanks again for clearing this up. It?s weird that MS supports this input > format but openssl does not. I thought openssl could do EVERYTHING. ? > > > > Thanks, > > Gary > > > > *From:* openssl-users [mailto:openssl-users-bounces at openssl.org] *On > Behalf Of *Michael Wojcik > *Sent:* Monday, March 13, 2017 8:58 AM > > *To:* openssl-users at openssl.org > *Subject:* Re: [openssl-users] Cannot read exported PKCS12 cert and > private key > > > > I'll assume you mean you exported it "from a mainframe system" using RACF. > RACF has half a dozen export formats for certificates and keys; they're not > all supported by OpenSSL. > > > > In particular (and despite the PEM delimiters), I suspect what you have > here is a PKCS#12 file in PEM format. The openssl pkcs12 utility doesn't > support PEM encoding, because that's not normally done. RACF will do it, > though, just to be difficult. > > > > openssl asn1parse -in *file* -inform pem shows you have valid ASN.1 data, > with a big ol' blob at offset 26; adding -strparse 26 shows encrypted data. > So yes, looks like PKCS#12. > > > > So, try this: > > 1. Edit the file and remove the PEM delimiters ("---- BEGIN CERTIFICATE > ----" and "----- END CERTIFICATE ----"). > > 2. Convert the data from Base64 to binary: > openssl base64 -d -in *file* -out *file.der* > > 3. Unpack it: > > openssl pkcs12 -in *file*.der -nokeys -out *file*-cert.pem > > openssl pkcs12 -in *file*.der -nocerts -out *file*-key.pem > > > > Note the final openssl command will prompt you for the password to encrypt > the key file with; if you don't want your private key encrypted, you can > also specify -nodes. > > > > You can use openssl pkcs12 just once, without the -nokeys / -nocerts > options, but that will put your certificate and key in the same file, which > is generally not what you want with OpenSSL. > > > > Of course, you haven't told us what you're trying to do, so I'm just > guessing. > > > > Also, I can't verify this, because I don't have the import password for > your PKCS#12 file. > > > > > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > > > > > *From:* openssl-users [mailto:openssl-users-bounces at openssl.org > ] *On Behalf Of *Gary L Peskin > *Sent:* Monday, March 13, 2017 08:39 > *To:* openssl-users at openssl.org > *Subject:* Re: [openssl-users] Cannot read exported PKCS12 cert and > private key > > > > My original message accidently included an attachment. Please ignore the > attachment. That was not related to this issue. > > > > Thanks, > > Gary > > > > *From:* Gary L Peskin [mailto:garyp at firstech.com ] > *Sent:* Monday, March 13, 2017 2:28 AM > *To:* 'openssl-users at openssl.org' > *Subject:* Cannot read exported PKCS12 cert and private key > > > > Hello all > > > > I exported a certificate and corresponding private key in base 64 encoded > DER format from a mainframe system and FTP?d it to my Windows desktop. > > > > I tried to read it using OpenSSL 1.0.2.k and 1.1.0d 32-bit and 64-bit on > Windows with > > > > openssl pkcs12 -in mycert.p12 -noout > > > > But I get the following messages: > > > > 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:.\crypto\asn1\tasn_dec.c:1199: > > 15956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:.\crypto\asn1\tasn_dec.c:374:Type=PKCS12 > > > > I?m able to import this with the private key into the Windows certificate > store with no issues. > > > > Can someone please advise as to what I?m doing wrong? > > > > Thanks, > > Gary > > > > PS Here is the file: > > > > -----BEGIN CERTIFICATE----- > > MIIKCAIBAzCCCcQGCSqGSIb3DQEHAaCCCbUEggmxMIIJrTCCBE8GCSqGSIb3DQEH > > BqCCBEAwggQ8AgEAMIIENQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIjdBS > > +TZF+xQCAgP5gIIECNtJIUg23ab7AXi33MKueO03S1pUkHCQk+kByNK/6f1FgEvu > > XRqhniR3mdyzeMVBCrCBSx3GhZlpLcW/d6OAd3z8hbXjvw5OC5OLavemfRNtsi+R > > q9LggkcWT2oCszc2nglKzHYaFnkG80vwxLwUXmROL+UK4ZlYmqp46EjuNAEo/yqQ > > yEwgia3iP84wiZRfY9kBJMq9yUm+LvowO/1E9v/ycgE6IWe1CrThQzrD6Vm9LaTy > > 0oZqAbTbzbedZwGsuWZoedw2FtmRijkH5EbRNRpTrUUO/qQMO19v5IKtd4kUAWea > > dpYrwn1kkD2aInKKsjycCFtGopXPbmrqj2cm335cESN4XePBHQuzaywHgd0WjU5O > > ++UM+B/5Kpx3af53E412pGAcgnPH/ZQKMa5Zkp73pcFmViLEC7Tn9eNB2iNUfX9p > > rV3RNRnrEPZlD1MuYEkmBIWA5czUiDKrpyYA1fmrSsFthFMhD5fTVoDMSTBmNXPz > > 5B8HYW4+aDbo7N2a+BtFNcbMqYJqYwVL7xE2rL6nUedMyN2uKeZfOnLLQuYoUCg7 > > iYO5k7D/jQNsviyZg022Nzwy4agdPBKqok8oanQge8/pr3NeMrNDDKVyWy8ZBVBv > > KGi3qaX45ejJxP8XaJxxw88+KOc1OvAMhWhAHlHqpw9d7OiAP1oCV+vRuYnD5N9a > > YyLspoKy1nk+Htl71QQ4GYCRRGXMl7YsxtRrUSOAZa2+V/5h6ljUsTsib3VhO0eL > > /jf+BlBxhpWw1J9L0r6sFMYvVS3AsqfqnBLJUFLxeQxYvVsV0Gpx8BonpZACQC91 > > DB4oV0l6whqtAQ4dJMJEk9nNnP0NYsVceKybF5NvgL3lzALw/Ezv8K7Y69FJaM35 > > LrT9JlGSt/BJ0oXp4wxqH4UbHikhGpSCteh7k3ZQkbE4fokVhH9lYkMXqBRXqXlI > > nV9b7hR26NeJY0C7a9VyNXtzIVsP+JiBhDzc7GDafIF99fUHPVfqh15CPnTb5liZ > > A6QlYw1aVvyhS8ST4I117kALKWUdl9xhe+ui0IFCEQY/mNuQ8O13nlcx+DvGtPxc > > WCUG0VpP6AkE9Mkd67CghF6sFh/8FqdE1jU2Asj+iCZVU/s0ngH3hAXwMVUwOW9S > > voxYParz1b0sF7vgrhLteHOZ03TEra7rh7OiOVUCOE6CACG1qV8QXDvpkZp2mGTx > > 5T7ob8nNF8XQWhIHjULVdKdOBuMh/4dOrHTuU5cFosR29mbzAZDDi0myuzTv37GJ > > OgyiX0XXvwn5jCmAoaE0ji1fgxrWUs8yVYYHOj3IyQwzU+FydfKtlnhh8ZxHKDBo > > 8wPqrEAzTXT49bsxvy3cYxUp4Dd1G2ymkoTZonEi7Vir0kN7qjCCBVYGCSqGSIb3 > > DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI > > hvcNAQwBAzAOBAh2oqSgVyE4cwICA/EEggTInCkEbWknH/Vojqzmn1jIPRGb7dG+ > > egxS5YDtk14LxnQuwACTQef2wQnKlosYbfH8dJVIvXRYB19MXroGpd5KJA8Dftqa > > dWFVAcDIrzV/ZS252aita0fKOVeqjKWo7TkA9jnwDeekAcK+1R5ioIcfXPLJDSUX > > gdEaza88oQ+g+34+B2o+mnTPT/PM/o1n6cifVRURn2jMASwiB/cwLn58UZibCSgL > > h3CrcKamWi8AF3eJ2rkpPuK41s8SfqZ1ByNEFSgnsX5UQzJpn8FoBPBOmFnR8FTr > > XNwtT7GcJJuWDSnf+On2PI2LYT6XAhNeCkfMwdnUa6N1YV2Okelmae4J21sldQlw > > ATZFiuigyPMFF1X3wUfdvZTwQGC17YFTN+OIYF9/62XTiZUEJ6y0I3nRvAxpaRHS > > VVyh2KA89e5Llxv+bArgA6brykRHFk5I7e7krrflPoQJ0o1oKhb8DshnxAk65v/H > > xTPLq9gac81AY8rWnrTCZcO+inCan/IlOKDXnVCUfZATtAOOIQ6Mf9KwuAeyE9xu > > 4dUO0vF5juFU6hK8SR//apf0JF+zejq5wnEhc1o/sWVpKQkakYayJ+4Hnlx+G6Ra > > bJ3ZYQv4U/kUx0Q43qvvwhx0qdZ79BUpqPTxLeBzwVG6q5ys8eZY988YcIg11NY9 > > +qC4cFGBsbMuWSispichDN5wEJ9C9UrdKRGsAztz0j1GTiJcXPnBH+vTeULh7Spx > > GmLbJWyj3tg+QaefDPo4aaIpZCZV0BFSy41fgoBB+rZ45wNgRiDuDuHue2WY28PC > > dGrAuXzQTUeEUYqN2zL2DhiYD/6/Y+/BCUS/kO0w3x0J7ityoSlyVJ+cf84FYmtB > > zmPIqgjDZS/NGC0OWgUBWxzspADETmwpZDCz8MJHK99nbAcYz3AybW6307NCJTKp > > gPfH6RyTrDzoijIweHUeU2pANpDjbp53UKV5/WyEvbjvy9maf1Jze60zS7EFgZ/n > > ZEe+eQbSY5SGtTWCB3mMbOTFvDH0QKGbfj6EX2Z+P+RZEeU/xzMOejcBbOO7XpgV > > +Uryt+NgcocTtg/5YjVkAdMeVz9A/XdGydAy7hE2FwFI1hJTl/aI4ZaAKV34xH2r > > J4/VstlG8ongv9zMNaS4Xl1n3wk6W3oAUmqWdoYYyDsocIBl1he1oP588Capa7OL > > NLYDl3llQXbyah1A//xJsH5M8KiB0MlJ0qSSp0U7LXmxDP3dw3kcR9XgOX835Bpi > > NlOPQDfzYZyKN6sIGDcuxwQPdOg2EQZxI3W5xp+oHTM/yTuqo/5vpOIlMdwqfQ/R > > HGLVyyQ0yO3oIMxiE56jSnrhjj/H/bJJAMMUBXI6pi18JCv24cTjVsXGjsf4jH7g > > 9uGmoecX/Sx77Sx+814aO0Qkm0WzadLagKoz1nOV1hmeSan1nFnXkE94VqIJ9YTV > > qnLrY0JYjpI2ywkW4wCscjVMIxkAfhifc31v4LWUnTMO0Y+xqO89v1hKbSYkZYYs > > psrxnomXJq/RqjfZBhF3f+0aTNxpvlJnGOjnlT0qX1yHBOr+bmkcTIhL7pKA+qK1 > > fZD8834wTLrRcFiPD7pX6/zglMEG4PUf1RoDC0+3Ud8qa2SqfyYZeFm8+9yFsFnZ > > RYFkMTowIwYJKoZIhvcNAQkUMRYeFABDAEEAQwBUAEUAUwBUACAAQwBBMBMGCSqG > > SIb3DQEJFTEGBAQAAAABMDswHzAHBgUrDgMCGgQUoiKIky5oqgCxt5DnJxWNQvZ1 > > WecEFDabnXfA8sLdfwIXx9AexvOOS0gpAgID+w== > > -----END CERTIFICATE----- > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Mon Mar 13 18:05:01 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Mon, 13 Mar 2017 18:05:01 +0000 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> Message-ID: Glad I could help. To be honest, I had to play around with it for a bit before I remembered that RACF can export PEM-encoded PKCS#12, and how I had handled that the last time I went through this myself. Also, having experience with figuring out what a file is using openssl asn1parse definitely helps. The last time I taught a class on key and certificate handling, we did an entire exercise on this, because we're always getting this sort of thing from customers. "Here's a zip with our key and certificate files", they say, and then there are files in it with names like "file0" and "key1", and it turns out "key1" is actually a certificate. Learning how to match private keys to certificates is also very useful; I actually ended up giving one customer a script to do that, because they'd been copying things from machine to machine and had really confused the situation. Someone needs to write a book like Surviving Cryptography with OpenSSL that covers these things, along the lines of Ivan Risti?'s OpenSSL Cookbook. (I'd volunteer but to be honest it'd never get done.) I guess this sort of thing should go on the wiki; maybe some of it's there already. Anyway, back on the subject: I suppose technically this is not really PEM encoding, because the PEM delimiters lie. "----- BEGIN CERTIFICATE -----" claims that what follows is a Base64-encoded DER-encoded X.509 certificate, not a Base64-encoded DER-encoded PKCS#12 structure. Those are rather different things. I suspect RACF supports this because 1) it was easy and 2) it's convenient to have a text representation (that converts cleanly between EBCDIC and ASCII). But it's not technically correct. That's probably why OpenSSL doesn't support it; fake-PEM-PKCS#12 is a RACF idiosyncracy, as far as I know. I'm guessing Windows just takes whatever's between the PEM delimiters, decodes the Base64, parses it as ASN.1 DER, and then decides what to do. You could argue, by Postel's Interoperability Principle, that openssl should have a "-figure-out-the-format" option for every command that takes files. On the other hand, the Interoperability Principle is a security risk; many vulnerabilities are eliminated simply by requiring inputs that satisfy the specification. With a decent scripting language it's pretty easy to recognize one of these files and automatically extract it into something sensible. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Gary L Peskin Sent: Monday, March 13, 2017 10:26 To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key Thanks VERY much Michael. That did the trick. This was a homegrown CA cert and I needed it to sign a certificate request for testing purposes. I didn?t realize that the openssl pkcs12 utility didn?t support PEM encoding for input. I was a little confused I guess by the documentation which shows PEM encoding for ?-in filename? but I see now that that?s for when exporting a PKCS#12 file, not for parsing one. Thanks again for clearing this up. It?s weird that MS supports this input format but openssl does not. I thought openssl could do EVERYTHING. ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From garyp at firstech.com Mon Mar 13 18:29:35 2017 From: garyp at firstech.com (Gary L Peskin) Date: Mon, 13 Mar 2017 11:29:35 -0700 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> <013001d29c16$8d4e2cd0$a7ea8670$@firstech.com> Message-ID: <000601d29c27$c472ef50$4d58cdf0$@firstech.com> Thanks again. Very clear. I?m thinking maybe of a small utility or even a web site were you could upload the thing and it would tell you what it was looking it. I?ll add that to my never-ending to do list on the off chance that I?ll ever have spare time. Gary From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik Sent: Monday, March 13, 2017 11:05 AM To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key Glad I could help. To be honest, I had to play around with it for a bit before I remembered that RACF can export PEM-encoded PKCS#12, and how I had handled that the last time I went through this myself. Also, having experience with figuring out what a file is using openssl asn1parse definitely helps. The last time I taught a class on key and certificate handling, we did an entire exercise on this, because we're always getting this sort of thing from customers. "Here's a zip with our key and certificate files", they say, and then there are files in it with names like "file0" and "key1", and it turns out "key1" is actually a certificate. Learning how to match private keys to certificates is also very useful; I actually ended up giving one customer a script to do that, because they'd been copying things from machine to machine and had really confused the situation. Someone needs to write a book like Surviving Cryptography with OpenSSL that covers these things, along the lines of Ivan Risti?'s OpenSSL Cookbook. (I'd volunteer but to be honest it'd never get done.) I guess this sort of thing should go on the wiki; maybe some of it's there already. Anyway, back on the subject: I suppose technically this is not really PEM encoding, because the PEM delimiters lie. "----- BEGIN CERTIFICATE -----" claims that what follows is a Base64-encoded DER-encoded X.509 certificate, not a Base64-encoded DER-encoded PKCS#12 structure. Those are rather different things. I suspect RACF supports this because 1) it was easy and 2) it's convenient to have a text representation (that converts cleanly between EBCDIC and ASCII). But it's not technically correct. That's probably why OpenSSL doesn't support it; fake-PEM-PKCS#12 is a RACF idiosyncracy, as far as I know. I'm guessing Windows just takes whatever's between the PEM delimiters, decodes the Base64, parses it as ASN.1 DER, and then decides what to do. You could argue, by Postel's Interoperability Principle, that openssl should have a "-figure-out-the-format" option for every command that takes files. On the other hand, the Interoperability Principle is a security risk; many vulnerabilities are eliminated simply by requiring inputs that satisfy the specification. With a decent scripting language it's pretty easy to recognize one of these files and automatically extract it into something sensible. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Gary L Peskin Sent: Monday, March 13, 2017 10:26 To: openssl-users at openssl.org Subject: Re: [openssl-users] Cannot read exported PKCS12 cert and private key Thanks VERY much Michael. That did the trick. This was a homegrown CA cert and I needed it to sign a certificate request for testing purposes. I didn?t realize that the openssl pkcs12 utility didn?t support PEM encoding for input. I was a little confused I guess by the documentation which shows PEM encoding for ?-in filename? but I see now that that?s for when exporting a PKCS#12 file, not for parsing one. Thanks again for clearing this up. It?s weird that MS supports this input format but openssl does not. I thought openssl could do EVERYTHING. ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From vkaliape at gmail.com Mon Mar 13 18:37:07 2017 From: vkaliape at gmail.com (Vijayakumar Kaliaperumal) Date: Tue, 14 Mar 2017 00:07:07 +0530 Subject: [openssl-users] Extracting Handshake Information Message-ID: Hello, Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake information, like in clienthello, the protocol version, ciphersuites offered, Random, session id etc. Regards, Vijay -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Mon Mar 13 18:42:11 2017 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 13 Mar 2017 18:42:11 +0000 Subject: [openssl-users] Extracting Handshake Information In-Reply-To: References: Message-ID: <73971cd5a82f49d5b4eadd34045cfacb@usma1ex-dag1mb1.msg.corp.akamai.com> > Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake information, like in clienthello, ?the protocol version, ciphersuites offered, Random, ?session id etc. Look at the code in apps/s_client and apps/s_server and see what it prints in various debug modes. From steve at openssl.org Mon Mar 13 19:08:39 2017 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 13 Mar 2017 19:08:39 +0000 Subject: [openssl-users] Extracting Handshake Information In-Reply-To: References: Message-ID: <20170313190839.GA20222@openssl.org> On Tue, Mar 14, 2017, Vijayakumar Kaliaperumal wrote: > Hello, > > Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello, the protocol version, ciphersuites > offered, Random, session id etc. > You can get some useful information with the -trace option to s_client/s_server which needs the configuration option enable-ssl-trace Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rgm at htt-consult.com Mon Mar 13 21:26:29 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 13 Mar 2017 14:26:29 -0700 Subject: [openssl-users] scripting creating a cert In-Reply-To: References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> <608F34F9-1E83-42B1-BBAB-F5E7248A83C8@dukhovni.org> Message-ID: <353d05ec-f456-8f89-44f4-4d5e0680a2a2@htt-consult.com> Viktor, On 03/09/2017 05:53 PM, Viktor Dukhovni wrote: >> On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote: >> >>> $ umask 077 # avoid world-readable private keys >> Perhaps (no perhaps about it) this is old information, but I picked up that I needed: >> >> chmod 640 for the private keys for Apache. (and postfix and others use these certs; at least they are in their confs) > I strive to avoid the private disclosure race of first creating > a world-readable file, and then trying to do a quick chmod before > the bad guys get around to opening it. That's why I recommend the > umask approach. > > You can adjust the umask to suit your needs. With OpenSSL 1.1.0, > if I recall correctly "keyout" files and the like are automatically > opened mode "0600". Rich Salz, who wrote the CLI option processing > code for 1.1.0 will correct me, if my memory if faulty. There are > still a lot of users with 1.0.2 or earlier, and OpenSSL cannot > always figure out which files end up having private keys in them, > so the umask approach is a good precaution to keep using. Rich got me some help and I have put the following together: Set the following variables: countryName= stateOrProvinceName= localityName= organizationName= organizationalUnitName= emailAddress=postmaster@$your_domain_tld Then the following commands create the certs: restore_mask=$(umask -p) umask 077 cd /etc/pki/tls commonName=$your_host_tld openssl req -new -outform PEM -out certs/$commonName.crt -newkey rsa:2048 -nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509 -extensions v3_req -subj "/countryName=$countryName/stateOrProvinceName=$stateOrProvinceName/localityName=$localityName/organizationName=$organizationName/organizationalUnitName=$organizationalUnitName/commonName=$commonName/emailAddress=$emailAddress" chmod 640 private/$commonName.key commonName=webmail$your_domain_tld openssl req -new -outform PEM -out certs/$commonName.crt -newkey rsa:2048 -nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509 -extensions v3_req -subj "/countryName=$countryName/stateOrProvinceName=$stateOrProvinceName/localityName=$localityName/organizationName=$organizationName/organizationalUnitName=$organizationalUnitName/commonName=$commonName/emailAddress=$emailAddress" chmod 640 private/$commonName.key commonName=localhost openssl req -new -outform PEM -out certs/$commonName.crt -newkey rsa:2048 -nodes -keyout private/$commonName.key -keyform PEM -days 3650 -x509 -extensions v3_req -subj "/countryName=$countryName/stateOrProvinceName=$stateOrProvinceName/localityName=$localityName/organizationName=$organizationName/organizationalUnitName=$organizationalUnitName/commonName=$commonName/emailAddress=$emailAddress" chmod 640 private/$commonName.key $restore_mask From musicoliv at gmail.com Tue Mar 14 10:49:05 2017 From: musicoliv at gmail.com (Olivier Meunier) Date: Tue, 14 Mar 2017 11:49:05 +0100 Subject: [openssl-users] X25519: how to generate public key? Message-ID: Hi, using openSSL 1.1.0e, I generate my private key using: openssl genpkey -algorithm x25519 -out x25519.key.pem But I cannot find how to generate the public key. I tried: openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem but got the errors: read EC key unable to load Key 16084:error:0608308E:digital envelope routines:EVP_PKEY_get0_EC_KEY:expecting a ec key:crypto\evp\p_lib.c:319: What is the right command to get the public key? Thanks, Olivier From steve at openssl.org Tue Mar 14 12:43:17 2017 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 14 Mar 2017 12:43:17 +0000 Subject: [openssl-users] X25519: how to generate public key? In-Reply-To: References: Message-ID: <20170314124317.GA5780@openssl.org> On Tue, Mar 14, 2017, Olivier Meunier wrote: > Hi, > > using openSSL 1.1.0e, I generate my private key using: > openssl genpkey -algorithm x25519 -out x25519.key.pem > > But I cannot find how to generate the public key. I tried: > openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem > but got the errors: > read EC key > unable to load Key > 16084:error:0608308E:digital envelope > routines:EVP_PKEY_get0_EC_KEY:expecting a ec > key:crypto\evp\p_lib.c:319: > > What is the right command to get the public key? > Thanks, > X25519 is trteated as a distinct algorithm, not as an EC curve. You don't actually "generate" the public key you can extract or calculate the public key corresponding to a private key though. The pkey command can do this for any supported algorithm: openssl pkey -in privkey.pem -pubout -out pubkey.pem Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From steve at openssl.org Tue Mar 14 13:00:29 2017 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 14 Mar 2017 13:00:29 +0000 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key In-Reply-To: References: <00e101d29c07$934bd3d0$b9e37b70$@firstech.com> Message-ID: <20170314130029.GA6374@openssl.org> On Mon, Mar 13, 2017, Michael Wojcik wrote: > I'll assume you mean you exported it "from a mainframe system" using RACF. RACF has half a dozen export formats for certificates and keys; they're not all supported by OpenSSL. > > In particular (and despite the PEM delimiters), I suspect what you have here is a PKCS#12 file in PEM format. The openssl pkcs12 utility doesn't support PEM encoding, because that's not normally done. RACF will do it, though, just to be difficult. > > openssl asn1parse -in file -inform pem shows you have valid ASN.1 data, with a big ol' blob at offset 26; adding -strparse 26 shows encrypted data. So yes, looks like PKCS#12. > > So, try this: > 1. Edit the file and remove the PEM delimiters ("---- BEGIN CERTIFICATE ----" and "----- END CERTIFICATE ----"). > 2. Convert the data from Base64 to binary: > openssl base64 -d -in file -out file.der Note this can be simplified a bit with: openssl asn1parse -in file.pem -out file.der That should work for any PEM ASN.1 structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From vsbrin at gmail.com Tue Mar 14 13:43:50 2017 From: vsbrin at gmail.com (=?UTF-8?Q?val=C3=A9ry?=) Date: Tue, 14 Mar 2017 14:43:50 +0100 Subject: [openssl-users] PKCS#7 Message-ID: Hi, is the following picture correct ? when creating an encrypted PKCS#7 envelope, a random AES key is generated and encrypted with the provided RSA private key. The AES key is used to encrypt the envelope content. The X509 certificate containing the associated public key is included in the envelope attributes. If so, would it be possible in principle to decrypt an encrypted PKCS#7 envelope only knowing which AES key was used ? Thank you- -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Tue Mar 14 14:12:41 2017 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 14 Mar 2017 14:12:41 +0000 Subject: [openssl-users] PKCS#7 In-Reply-To: References: Message-ID: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> > If so, would it be possible in principle to decrypt an encrypted PKCS#7 envelope only knowing which AES key was used ? Yes. But maybe not with the openssl api's :) From musicoliv at gmail.com Tue Mar 14 14:26:19 2017 From: musicoliv at gmail.com (Olivier Meunier) Date: Tue, 14 Mar 2017 15:26:19 +0100 Subject: [openssl-users] X25519: how to generate public key? In-Reply-To: <20170314124317.GA5780@openssl.org> References: <20170314124317.GA5780@openssl.org> Message-ID: <630271cf-af14-32f6-2ded-910681c2b4ea@gmail.com> Thank you for your quick answer. Olivier Le 14/03/2017 ? 13:43, Dr. Stephen Henson a ?crit : > On Tue, Mar 14, 2017, Olivier Meunier wrote: > >> Hi, >> >> using openSSL 1.1.0e, I generate my private key using: >> openssl genpkey -algorithm x25519 -out x25519.key.pem >> >> But I cannot find how to generate the public key. I tried: >> openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem >> but got the errors: >> read EC key >> unable to load Key >> 16084:error:0608308E:digital envelope >> routines:EVP_PKEY_get0_EC_KEY:expecting a ec >> key:crypto\evp\p_lib.c:319: >> >> What is the right command to get the public key? >> Thanks, >> > X25519 is trteated as a distinct algorithm, not as an EC curve. > > You don't actually "generate" the public key you can extract or calculate the > public key corresponding to a private key though. > > The pkey command can do this for any supported algorithm: > > openssl pkey -in privkey.pem -pubout -out pubkey.pem > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org From raja.ashok at huawei.com Tue Mar 14 14:32:27 2017 From: raja.ashok at huawei.com (Raja ashok) Date: Tue, 14 Mar 2017 14:32:27 +0000 Subject: [openssl-users] Doubt regarding Export keying material Message-ID: Hi All, I am having a doubt in usage of Exporting keying material API (SSL_export_keying_material) in OpenSSL. Please provide your suggestions. As per Section 4 in RFC 5705, context length should be passed as uint16_t to PRF function. In that case we should allow only upto max of 2^16 (65535). So user should not pass more than 65535 value to ?plen? in SSL_export_keying_material right ? Please provide your valuable suggestion on this. I am referring 1.0.2k version of OpenSSL. Thanks & Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 6737 bytes Desc: image001.jpg URL: From vsbrin at gmail.com Wed Mar 15 04:13:49 2017 From: vsbrin at gmail.com (=?UTF-8?Q?val=C3=A9ry?=) Date: Wed, 15 Mar 2017 05:13:49 +0100 Subject: [openssl-users] PKCS#7 In-Reply-To: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> References: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: Hi, thank you very much for your response. Say someone would be able to gather several clear text AES keys and their respective asymmetrically encrypted RSA blocks. Would it weakens the security of the RSA key pair ? I mean could it be easier for someone using that information to brute force an RSA key pair ? Thank you On Tue, Mar 14, 2017 at 3:12 PM, Salz, Rich via openssl-users < openssl-users at openssl.org> wrote: > > If so, would it be possible in principle to decrypt an encrypted PKCS#7 > envelope only knowing which AES key was used ? > > Yes. But maybe not with the openssl api's :) > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhat.jayalakshmi at gmail.com Wed Mar 15 09:50:15 2017 From: bhat.jayalakshmi at gmail.com (Jayalakshmi bhat) Date: Wed, 15 Mar 2017 03:50:15 -0600 Subject: [openssl-users] OpenSSL DRBG in FIPS mode confusion. Message-ID: Hi All, OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this. 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation function* 2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf mentions "no derivation function" in one place and in another sections mentions both *Section 4 Modes of Operation and Cryptographic Functionality* Random Number Generation; [SP 800?90] DRBG5 Hash DRBG Symmetric key generation Prediction resistance HMAC DRBG, no reseed supported for all variations CTR DRBG (AES), no derivation function *Section 6 Self?test * DRBG KAT CTR_DRBG: AES, 256 bit with and without derivation function Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function. Regards Jayalakshmi -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matthias.St.Pierre at ncp-e.com Wed Mar 15 10:37:27 2017 From: Matthias.St.Pierre at ncp-e.com (Matthias St. Pierre) Date: Wed, 15 Mar 2017 11:37:27 +0100 Subject: [openssl-users] OpenSSL DRBG in FIPS mode confusion. In-Reply-To: References: Message-ID: On 15.03.2017 10:50, Jayalakshmi bhat wrote: > Hi All, > > OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this. > > 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation function* > 2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf mentions "no derivation function" in one place and in another sections mentions both > *Section 4 Modes of Operation and Cryptographic Functionality* > Random Number Generation; [SP 800?90] DRBG5 Hash DRBG > Symmetric key generation Prediction resistance HMAC DRBG, no reseed > supported for all variations CTR DRBG (AES), no derivation function > *Section 6 Self?test * > DRBG KAT CTR_DRBG: AES, 256 bit with and without derivation function * > * > > Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function. > > Regards > Jayalakshmi > The default is set by the FIPS enabled OpenSSL crypto library (not by the OpenSSL FIPS object module itself) in RAND_init_fips(), rand_lib.c:277: openssl-1.0.2k/crypto/rand/rand_lib.c:277: if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { The default value is DRBG_FLAG_CTR_USE_DF, wich follows from openssl-1.0.2k/crypto/rand/rand_lib.c:251:# ifndef OPENSSL_DRBG_DEFAULT_FLAGS openssl-1.0.2k/crypto/rand/rand_lib.c:252:# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF openssl-1.0.2k/crypto/rand/rand_lib.c:256:static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; openssl-1.0.2k/crypto/rand/rand_lib.c:261: fips_drbg_flags = flags; and you can change it using void RAND_set_fips_drbg_type(int type, int flags). Regards, Matthias St. Pierre From rsalz at akamai.com Wed Mar 15 11:03:48 2017 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 15 Mar 2017 11:03:48 +0000 Subject: [openssl-users] PKCS#7 In-Reply-To: References: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > Say someone would be able to gather several clear text AES keys and their respective asymmetrically encrypted RSA blocks. Would it weakens the security of the RSA key pair ? I mean could it be easier for someone using that information to brute force an RSA key pair ? No From wouter.verhelst at fedict.be Wed Mar 15 12:01:32 2017 From: wouter.verhelst at fedict.be (Wouter Verhelst) Date: Wed, 15 Mar 2017 13:01:32 +0100 Subject: [openssl-users] PKCS#7 In-Reply-To: References: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On 15-03-17 05:13, val?ry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their respective asymmetrically encrypted RSA blocks. Would it weakens > the security of the RSA key pair ? I mean could it be easier for someone > using that information to brute force an RSA key pair ? Think of it this way: As far as the RSA algorithm is concerned, the AES keys are just data. They happen to be AES keys, but they might have been a hash value, an image, or somebody's date of birth. If getting the cleartext as well as the encrypted text for an RSA message would allow you to more easily guess the RSA key, then the RSA algorithm would be seriously flawed. There is no known attack against RSA for which this is true, however, as Rich pointed out. -- Wouter Verhelst From christian_adja at yahoo.it Wed Mar 15 18:03:44 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) Subject: [openssl-users] Request for adding new ciphers References: <1576557894.1332584.1489601024241.ref@mail.yahoo.com> Message-ID: <1576557894.1332584.1489601024241@mail.yahoo.com> Hi everyone, Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Mar 15 18:18:52 2017 From: matt at openssl.org (Matt Caswell) Date: Wed, 15 Mar 2017 18:18:52 +0000 Subject: [openssl-users] Request for adding new ciphers In-Reply-To: <1576557894.1332584.1489601024241@mail.yahoo.com> References: <1576557894.1332584.1489601024241.ref@mail.yahoo.com> <1576557894.1332584.1489601024241@mail.yahoo.com> Message-ID: On 15/03/17 18:03, Christian Adja via openssl-users wrote: > Hi everyone, > > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD > > And modifing the file ssl_ciph.c the functions > ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.c > and finaly ssl_algs.c. > > There are no way to make it works. It continue to give me error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 These ciphersuites already exist in OpenSSL (from version 1.1.0). Matt From jsouthwell at serengeti.com Wed Mar 15 18:18:38 2017 From: jsouthwell at serengeti.com (Joseph Southwell) Date: Wed, 15 Mar 2017 14:18:38 -0400 Subject: [openssl-users] Generating dh parameters multithreaded? Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> On any new install of our software we generate new dh parameters as follows? DH *dh = DH_new(); !DH_generate_parameters_ex(dh, 2048, 2, NULL); int codes = 0; DH_check(dh, &codes); DH_generate_key(dh); It takes a long time. Is there some way to have it use all available cores instead of just the one? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Wed Mar 15 18:21:05 2017 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 15 Mar 2017 18:21:05 +0000 Subject: [openssl-users] Generating dh parameters multithreaded? In-Reply-To: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> References: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> Message-ID: <9ff829cd17f74e4a910ca067196f7d62@usma1ex-dag1mb1.msg.corp.akamai.com> > It takes a long time. Is there some way to have it use all available cores instead of just the one? You'll have to write the code to do that parallelism yourself. From mw at flanga.io Wed Mar 15 18:46:07 2017 From: mw at flanga.io (Moritz Wirth) Date: Wed, 15 Mar 2017 19:46:07 +0100 Subject: [openssl-users] OpenSSL Certificate Cross Signing Message-ID: Good Evening all, I have 2 Root Certificate Authorities which I want to use to cross sign an intermediate certificate. I created a certificate request and signed it with both CAs. I issued an end user certificate with the intermediate CA and added both intermediate CA Certificates (the one from Root1 and the one signed by Root2). If only one CA is trusted, the certificate is still recognized as trusted in Firefox regardless which certificate is on top of the chain (Which is exactly what I want.) I wondered if I can connect both intermediate Certificates to a single certificate or do I always need both certificates? Best Regards, Moritz From vsbrin at gmail.com Wed Mar 15 20:42:50 2017 From: vsbrin at gmail.com (=?UTF-8?Q?val=C3=A9ry?=) Date: Wed, 15 Mar 2017 21:42:50 +0100 Subject: [openssl-users] PKCS#7 In-Reply-To: References: <1c59de5d768f43bf8f0f789d71c0fcab@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: Alright, big thanks to both of you for your input! On Mar 15, 2017 23:01, "Wouter Verhelst" wrote: On 15-03-17 05:13, val?ry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their respective asymmetrically encrypted RSA blocks. Would it weakens > the security of the RSA key pair ? I mean could it be easier for someone > using that information to brute force an RSA key pair ? > Think of it this way: As far as the RSA algorithm is concerned, the AES keys are just data. They happen to be AES keys, but they might have been a hash value, an image, or somebody's date of birth. If getting the cleartext as well as the encrypted text for an RSA message would allow you to more easily guess the RSA key, then the RSA algorithm would be seriously flawed. There is no known attack against RSA for which this is true, however, as Rich pointed out. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsouthwell at serengeti.com Wed Mar 15 21:08:50 2017 From: jsouthwell at serengeti.com (Joseph Southwell) Date: Wed, 15 Mar 2017 17:08:50 -0400 Subject: [openssl-users] Generating dh parameters multithreaded? In-Reply-To: <9ff829cd17f74e4a910ca067196f7d62@usma1ex-dag1mb1.msg.corp.akamai.com> References: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> <9ff829cd17f74e4a910ca067196f7d62@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction? > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users wrote: > >> It takes a long time. Is there some way to have it use all available cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > From rsalz at akamai.com Wed Mar 15 21:15:11 2017 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 15 Mar 2017 21:15:11 +0000 Subject: [openssl-users] Generating dh parameters multithreaded? In-Reply-To: References: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> <9ff829cd17f74e4a910ca067196f7d62@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: <2a86a335027d437ba9531551ce0ea897@usma1ex-dag1mb1.msg.corp.akamai.com> > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the already > exposed functionality? If it is the latter could you point me in the right > direction? OpenSSL code does not do what you want. You'll have to write it From Michael.Wojcik at microfocus.com Wed Mar 15 22:28:34 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 15 Mar 2017 22:28:34 +0000 Subject: [openssl-users] Generating dh parameters multithreaded? In-Reply-To: <2a86a335027d437ba9531551ce0ea897@usma1ex-dag1mb1.msg.corp.akamai.com> References: <56015584-6EDC-4BD6-AA21-F27835281A99@serengeti.com> <9ff829cd17f74e4a910ca067196f7d62@usma1ex-dag1mb1.msg.corp.akamai.com> <2a86a335027d437ba9531551ce0ea897@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Salz, Rich via openssl-users > Sent: Wednesday, March 15, 2017 15:15 > To: Joseph Southwell; openssl-users at openssl.org > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > > > Are you suggesting that I should modify openssl myself to expose that > > functionality or are suggesting that there is a way to do that given the already > > exposed functionality? If it is the latter could you point me in the right > > direction? > > OpenSSL code does not do what you want. You'll have to write it My suggestion, if you were to take that route, would be to use the Engine interface rather than modifying the OpenSSL source. You could take the existing OpenSSL implementation of the functionality, move it into an engine (using one of the existing ones as a template), get that working, and then see about parallelizing it. I created a modified version of the existing CAPI engine, and it wasn't particularly difficult. If memory serves, the OpenSSL wiki has some material on the subject too. -- Michael Wojcik Distinguished Engineer, Micro Focus From rgm at htt-consult.com Thu Mar 16 22:50:56 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 16 Mar 2017 15:50:56 -0700 Subject: [openssl-users] EDDSA certificates Message-ID: Does any version of OpenSSL provide support for EDDSA, particularly creating and displaying the content of them? Right now my interest is seeing what is involved in creating them with EC25519 and evaluating their size and how they parse. Or meet me at the IETF and talk to me about them. thank you From rsalz at akamai.com Thu Mar 16 23:04:57 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 16 Mar 2017 23:04:57 +0000 Subject: [openssl-users] EDDSA certificates In-Reply-To: References: Message-ID: <275dad3d0ada432d9c7b2b5f30db2b8f@usma1ex-dag1mb1.msg.corp.akamai.com> > Does any version of OpenSSL provide support for EDDSA, particularly creating > and displaying the content of them? Not yet. EDDSA for 25519 and 448 would be great to have in the next relese, tho. From rgm at htt-consult.com Thu Mar 16 23:33:19 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 16 Mar 2017 16:33:19 -0700 Subject: [openssl-users] EDDSA certificates In-Reply-To: <275dad3d0ada432d9c7b2b5f30db2b8f@usma1ex-dag1mb1.msg.corp.akamai.com> References: <275dad3d0ada432d9c7b2b5f30db2b8f@usma1ex-dag1mb1.msg.corp.akamai.com> Message-ID: On 03/16/2017 04:04 PM, Salz, Rich via openssl-users wrote: > >> Does any version of OpenSSL provide support for EDDSA, particularly creating >> and displaying the content of them? > Not yet. EDDSA for 25519 and 448 would be great to have in the next relese, tho. Let's talk about it at IETF. From pdrotter at us.ibm.com Fri Mar 17 15:25:36 2017 From: pdrotter at us.ibm.com (Neptune) Date: Fri, 17 Mar 2017 08:25:36 -0700 (MST) Subject: [openssl-users] Static FIPS Library with Address Randomization Message-ID: <1489764336528-70129.post@n7.nabble.com> Platform: Win32 FIPS Object Module: 2.0.13 OpenSSL: 1.0.2j We've been using FIPS-capable OpenSSL for over a year now. Some of our components are .dlls that statically link the libraries. Using the BASE:xxxx linker flag (but not /FIXED) has worked well with only very occasional address clashes. The new year has brought a new requirement: NIAP. One of the NIAP requirements is ASLR - address space layout randomization. Since turning on these linker flags, the FIPS POST has been failing due to dll address being randomized and no longer respecting the requested address in the BASE:xxxxx linker flag. In order to get around this, I've had to add the /FIXED flag. The address is no longer being randomized and the POST succeeds if the dll loads...but therein lies the problem. When linking with the /FIXED flag, if the BASE:xxxx address is not available, the dll will not load which is an unacceptable problem and it is happening far too frequenctly. It seems as though the requirements of FIPS-capable OpenSSL and NIAP address randomization are at odds. Is there any way to satisfy both of these requirements on Win32 and guarantee that the dll load? Thanks - any ideas are greatly appreciated. Even if this is mission impossible, at least I'll have something to report. If we need to apply for an exception to one or more NIAP requirements so be it, but I want to exhaust all possibilities. Thanks, Paul -- View this message in context: http://openssl.6102.n7.nabble.com/Static-FIPS-Library-with-Address-Randomization-tp70129.html Sent from the OpenSSL - User mailing list archive at Nabble.com. From Michael.Wojcik at microfocus.com Fri Mar 17 17:06:19 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 17 Mar 2017 17:06:19 +0000 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: <1489764336528-70129.post@n7.nabble.com> References: <1489764336528-70129.post@n7.nabble.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Neptune > Sent: Friday, March 17, 2017 09:26 > To: openssl-users at openssl.org > Subject: [openssl-users] Static FIPS Library with Address Randomization > > Platform: Win32 > FIPS Object Module: 2.0.13 > OpenSSL: 1.0.2j > > We've been using FIPS-capable OpenSSL for over a year now. Some of our > components are .dlls that statically link the libraries. Using the BASE:xxxx > linker flag (but not /FIXED) has worked well with only very occasional > address clashes. > The new year has brought a new requirement: NIAP. One of the NIAP > requirements is ASLR - address space layout randomization. Since turning on > these linker flags, the FIPS POST has been failing due to dll address being > randomized and no longer respecting the requested address in the BASE:xxxxx > linker flag. In order to get around this, I've had to add the /FIXED flag. > The address is no longer being randomized and the POST succeeds if the dll > loads...but therein lies the problem. When linking with the /FIXED flag, if > the BASE:xxxx address is not available, the dll will not load which is an > unacceptable problem and it is happening far too frequenctly. > It seems as though the requirements of FIPS-capable OpenSSL and NIAP address > randomization are at odds. Is there any way to satisfy both of these > requirements on Win32 and guarantee that the dll load? AIUI, NIAP is just the US implementation of Common Criteria; you're better off using the latter term in general discussion, I think. I don't believe there is a solution to this problem, generally speaking, for 32-bit processes. (A 64-bit address space gives you a much better chance of finding a base address with a very low probability of conflicts.) This is simply one of the many problems with FIPS 140-2, particularly for software implementations. Those problems have been discussed extensively on this list; you can find many others weighing in on them, such as: https://blogs.oracle.com/darren/entry/fips_140_2_actively_harmful For OpenSSL specifically, this specific question has also been discussed elsewhere, for example: http://stackoverflow.com/questions/36268301/consequences-for-adding-relocation-information-in-fips-validated-libeay32-dll/36271778 I'm aware of a few solutions, which probably won't help you at all: - Switch to 64-bit. - Switch to Linux or UNIX. This is primarily (exclusively?) a Windows problem, because of how the PE loader handles relocations; I'm not aware of another OpenSSL platform that has it. Though without looking I don't know which platforms have a recent OpenSSL FIPS validation, either. - Switch to a FIPS-validated hardware crypto implementation, and either wire OpenSSL to it using the ENGINE mechanism, or use a different TLS implementation. - Put more constraints on the loader, for example by statically linking what you can, and forcing other DLLs to load at other addresses (e.g. by setting preferred bases, etc). In specific cases this may give you sufficient control; in the general case it's a losing battle. Load libeay as early as possible. - Put all your TLS processing in a separate service process that includes the bare minimum of code and no DLLs other than OpenSSL; you might even link OpenSSL statically. Use IPC to communicate between this TLS service process and your application. Obviously there are performance and security issues, though they're acceptable for some applications. You can control how the stripped-down service process lays out its memory. All that said, I've never looked into this problem closely (I avoid the FIPS-validated build as much as I possibly can), so someone else may well have better suggestions. Michael Wojcik Distinguished Engineer, Micro Focus From wrowe at rowe-clan.net Tue Mar 21 00:58:39 2017 From: wrowe at rowe-clan.net (William A Rowe Jr) Date: Mon, 20 Mar 2017 19:58:39 -0500 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: References: <1489764336528-70129.post@n7.nabble.com> Message-ID: On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik wrote: > >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >> Of Neptune >> Sent: Friday, March 17, 2017 09:26 >> To: openssl-users at openssl.org >> Subject: [openssl-users] Static FIPS Library with Address Randomization >> >> Platform: Win32 >> FIPS Object Module: 2.0.13 >> OpenSSL: 1.0.2j >> >> We've been using FIPS-capable OpenSSL for over a year now. Some of our >> components are .dlls that statically link the libraries. Using the BASE:xxxx >> linker flag (but not /FIXED) has worked well with only very occasional >> address clashes. >> The new year has brought a new requirement: NIAP. One of the NIAP >> requirements is ASLR - address space layout randomization. Since turning on >> these linker flags, the FIPS POST has been failing due to dll address being >> randomized and no longer respecting the requested address in the BASE:xxxxx >> linker flag. In order to get around this, I've had to add the /FIXED flag. >> The address is no longer being randomized and the POST succeeds if the dll >> loads...but therein lies the problem. When linking with the /FIXED flag, if >> the BASE:xxxx address is not available, the dll will not load which is an >> unacceptable problem and it is happening far too frequenctly. >> It seems as though the requirements of FIPS-capable OpenSSL and NIAP address >> randomization are at odds. Is there any way to satisfy both of these >> requirements on Win32 and guarantee that the dll load? > > AIUI, NIAP is just the US implementation of Common Criteria; you're better off using the latter term in general discussion, I think. > > I don't believe there is a solution to this problem, generally speaking, for 32-bit processes. (A 64-bit address space gives you a much better chance of finding a base address with a very low probability of conflicts.) > > This is simply one of the many problems with FIPS 140-2, particularly for software implementations. Those problems have been discussed extensively on this list; you can find many others weighing in on them, such as: > > https://blogs.oracle.com/darren/entry/fips_140_2_actively_harmful > > For OpenSSL specifically, this specific question has also been discussed elsewhere, for example: > > http://stackoverflow.com/questions/36268301/consequences-for-adding-relocation-information-in-fips-validated-libeay32-dll/36271778 > > I'm aware of a few solutions, which probably won't help you at all: > - Switch to 64-bit. > - Switch to Linux or UNIX. This is primarily (exclusively?) a Windows problem, because of how the PE loader handles relocations; I'm not aware of another OpenSSL platform that has it. Though without looking I don't know which platforms have a recent OpenSSL FIPS validation, either. > - Switch to a FIPS-validated hardware crypto implementation, and either wire OpenSSL to it using the ENGINE mechanism, or use a different TLS implementation. > - Put more constraints on the loader, for example by statically linking what you can, and forcing other DLLs to load at other addresses (e.g. by setting preferred bases, etc). In specific cases this may give you sufficient control; in the general case it's a losing battle. Load libeay as early as possible. > - Put all your TLS processing in a separate service process that includes the bare minimum of code and no DLLs other than OpenSSL; you might even link OpenSSL statically. Use IPC to communicate between this TLS service process and your application. Obviously there are performance and security issues, though they're acceptable for some applications. You can control how the stripped-down service process lays out its memory. > > All that said, I've never looked into this problem closely (I avoid the FIPS-validated build as much as I possibly can), so someone else may well have better suggestions. Note you may not modify the openssl-FIPS build files or process. However, building the openssl host container of the FIPS library build, you may pin the DLL file with link flags and dodge this relocation. From lists at rustichelli.net Tue Mar 21 06:35:51 2017 From: lists at rustichelli.net (lists) Date: Tue, 21 Mar 2017 07:35:51 +0100 Subject: [openssl-users] how to implement functions for STACK OF custom type? Message-ID: Sorry, I first posted this on the -dev list, likely inappropriate... now with an update: I am exploring my options with OpenSSL and specifically I am trying to manage the stacks for some custom objects. Currently, I have this code (sort of) in the headers: typedef struct myThingA_st { ???? ASN1_OBJECT aID; ???? ASN1_OCTET_STRING aOCST; } ???? myThingA; DECLARE_ASN1_ITEM(myThingA) DECLARE_ASN1_FUNCTIONS(myThingA) DECLARE_STACK_OF(myThingA) // the next one seems to be ininfluent for my purpose, is it? DECLARE_ASN1_SET_OF(myThingA) typedef struct myThingB_st { ???? // SEQUENCE OF { ... } ???? STACK_OF(myThingA) myThingA_sk; } ???? myThingB; // DECLARE_ASN1_ITEM(myThingB) DECLARE_STACK_OF(myThingB) // DECLARE_ASN1_FUNCTIONS(myThingB) // the next one seems to be ininfluent for my purpose, is it? DECLARE_ASN1_SET_OF(myThingB) Then, in the .c file... IMPLEMENT_STACK_OF(myThingA) IMPLEMENT_STACK_OF(myThingB) I thought that the basic functions for the stacks to be available (such as sk_myThingA_new, sk_myThingA_push...), yet by compiling a main, for the first one that I try to use I get: ?????? undefined reference to `sk_myThingA_value' What am I doing wrong here? -------------- next part -------------- An HTML attachment was scrubbed... URL: From yu2003w at hotmail.com Mon Mar 20 10:22:18 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Mon, 20 Mar 2017 10:22:18 +0000 Subject: [openssl-users] Is crypto library thread-safe? Message-ID: Hi guys, I want to use some ciphers such as RSA, DES in my application provided by crypto library. However, is crypto library thread-safe? Thanks, Jared, (??? Software developer Interested in open source software, big data, Linux -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Tue Mar 21 13:02:22 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Tue, 21 Mar 2017 13:02:22 +0000 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: References: <1489764336528-70129.post@n7.nabble.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of William A Rowe Jr > Sent: Monday, March 20, 2017 20:59 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] Static FIPS Library with Address Randomization > > Note you may not modify the openssl-FIPS build files or process. > > However, building the openssl host container of the FIPS library build, > you may pin the DLL file with link flags and dodge this relocation. Yes. That's what /BASE:x /FIXED does, which causes the problem (address not available at runtime) which the OP was trying to work around. We're just back where we started. The simple fact of the matter is that the FIPS requirements do not play well with the PE DLL design. Arguably the PE DLL design itself is at fault (PE relocations also inhibit sharing text pages among processes, for example), but it is what it is. In 32-bit, address space is a scarce resource, and OSes make various compromises in managing it. The real problem is that FIPS 140-2 was written primarily for hardware and doesn't accommodate software well. And, many have argued, doesn't really do anything useful anyway - which is no help whatsoever if your customer is required to have it, or insists on it anyway. -- Michael Wojcik Distinguished Engineer, Micro Focus From svineet at kodiakptt.com Tue Mar 21 10:30:32 2017 From: svineet at kodiakptt.com (Vineet Kumar Srivastava) Date: Tue, 21 Mar 2017 10:30:32 +0000 Subject: [openssl-users] regarding memory cleanup at end of each DTLS session Message-ID: Hi Guys, I have a server implementation of DTLS Server using OPENSSL. At the end of each DTLS Session however I see that memory usage of process keeps on increasing. However on running Valgrind with the process no significant leak is observed. So, wanted to know that whether the function calls being done by me on getting DTLS Alerts are proper or not. Version being used is OpenSSL 1.0.1e-fips 11 Feb 2013 On getting DTLS Alert following function calls are being done. SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_free (ssl); ERR_remove_thread_state(0); Where ssl is the SSL* which was created when server got Client Hello for the handshake. Please advise if I am required to do anymore cleanup on getting DTLS Alert. Your advise is highly appreciated. Thanks, Vineet -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Tue Mar 21 13:38:52 2017 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 21 Mar 2017 13:38:52 +0000 Subject: [openssl-users] Is crypto library thread-safe? In-Reply-To: References: Message-ID: <8a3472fb6575453089ce1a3b7202b787@usma1ex-dag1mb1.msg.corp.akamai.com> > However, is crypto library thread-safe? Check out this blog entry: https://www.openssl.org/blog/blog/2017/02/21/threads/ From jb-openssl at wisemo.com Tue Mar 21 14:17:35 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 21 Mar 2017 15:17:35 +0100 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: References: <1489764336528-70129.post@n7.nabble.com> Message-ID: <1a24f29c-1b12-5e43-e932-453e39b47817@wisemo.com> On 21/03/2017 14:02, Michael Wojcik wrote: >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >> Of William A Rowe Jr >> Sent: Monday, March 20, 2017 20:59 >> To: openssl-users at openssl.org >> Subject: Re: [openssl-users] Static FIPS Library with Address Randomization >> >> Note you may not modify the openssl-FIPS build files or process. >> >> However, building the openssl host container of the FIPS library build, >> you may pin the DLL file with link flags and dodge this relocation. > Yes. That's what /BASE:x /FIXED does, which causes the problem (address not available at runtime) which the OP was trying to work around. We're just back where we started. > > The simple fact of the matter is that the FIPS requirements do not play well with the PE DLL design. Arguably the PE DLL design itself is at fault (PE relocations also inhibit sharing text pages among processes, for example), but it is what it is. In 32-bit, address space is a scarce resource, and OSes make various compromises in managing it. The real problem is that FIPS 140-2 was written primarily for hardware and doesn't accommodate software well. And, many have argued, doesn't really do anything useful anyway - which is no help whatsoever if your customer is required to have it, or insists on it anyway. > I don't believe it is a shortcoming of FIPS 140-2 as much as it is a shortcoming of how the OpenSSL library verifies the hash of the FIPS blob. Specifically, that the has verification is done on the runtime-relocated code block, not on it's unrelocated/normalized form. If there is a conformant way to change the code that checks the FIPS blob, so it checks the "relocated-to-base-0" form along with the list of blob-relative relocation offsets used for that normalization, then the blob hash should work fine with runtime relocation to an available address, address-layout randomization etc. The list of relocation offsets could be trivially extracted from the relocation data in any non-fixed PE file linked against that particular blob, sorted by address and filtered to only include those offsets that fall within the blob. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From marquess at openssl.com Tue Mar 21 15:06:26 2017 From: marquess at openssl.com (Steve Marquess) Date: Tue, 21 Mar 2017 11:06:26 -0400 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: <1a24f29c-1b12-5e43-e932-453e39b47817@wisemo.com> References: <1489764336528-70129.post@n7.nabble.com> <1a24f29c-1b12-5e43-e932-453e39b47817@wisemo.com> Message-ID: <5db7e913-c9f9-66cf-7157-92189f02c154@openssl.com> On 03/21/2017 10:17 AM, Jakob Bohm wrote: > On 21/03/2017 14:02, Michael Wojcik wrote: >>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >>> Of William A Rowe Jr >>> Sent: Monday, March 20, 2017 20:59 >>> To: openssl-users at openssl.org >>> Subject: Re: [openssl-users] Static FIPS Library with Address >>> Randomization >>> >>> Note you may not modify the openssl-FIPS build files or process. >>> >>> However, building the openssl host container of the FIPS library build, >>> you may pin the DLL file with link flags and dodge this relocation. >> Yes. That's what /BASE:x /FIXED does, which causes the problem >> (address not available at runtime) which the OP was trying to work >> around. We're just back where we started. >> >> The simple fact of the matter is that the FIPS requirements do not >> play well with the PE DLL design. Arguably the PE DLL design itself is >> at fault (PE relocations also inhibit sharing text pages among >> processes, for example), but it is what it is. In 32-bit, address >> space is a scarce resource, and OSes make various compromises in >> managing it. The real problem is that FIPS 140-2 was written primarily >> for hardware and doesn't accommodate software well. And, many have >> argued, doesn't really do anything useful anyway - which is no help >> whatsoever if your customer is required to have it, or insists on it >> anyway. >> > I don't believe it is a shortcoming of FIPS 140-2 as much as it > is a shortcoming of how the OpenSSL library verifies the hash of > the FIPS blob. Specifically, that the has verification is done > on the runtime-relocated code block, not on it's > unrelocated/normalized form. > > If there is a conformant way to change the code ... And therein lies the rub, because converging on the "incore" scheme we use was a long and tortuous process that left us with what the CMVP would accept, not what we preferred. We discovered that the CMVP had some rather subtle ideological requirements for the integrity digest. The scheme they are most familiar with is a digest over a shared library file. Our first thought was just to do a digest over the application executable file containing the FIPS module (which in many cases would be a shared library), but that was specifically rejected (see section 2.2 of the OpenSSL FIPS module user guide, https://www.openssl.org/docs/fips/UserGuide-2.0.pdf). -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 301 874 2571 marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From jb-openssl at wisemo.com Tue Mar 21 15:41:12 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 21 Mar 2017 16:41:12 +0100 Subject: [openssl-users] Static FIPS Library with Address Randomization In-Reply-To: <5db7e913-c9f9-66cf-7157-92189f02c154@openssl.com> References: <1489764336528-70129.post@n7.nabble.com> <1a24f29c-1b12-5e43-e932-453e39b47817@wisemo.com> <5db7e913-c9f9-66cf-7157-92189f02c154@openssl.com> Message-ID: <64f43bce-8a32-dd38-c3c2-dfe4b7f6410d@wisemo.com> On 21/03/2017 16:06, Steve Marquess wrote: > On 03/21/2017 10:17 AM, Jakob Bohm wrote: >> On 21/03/2017 14:02, Michael Wojcik wrote: >>>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >>>> Of William A Rowe Jr >>>> Sent: Monday, March 20, 2017 20:59 >>>> To: openssl-users at openssl.org >>>> Subject: Re: [openssl-users] Static FIPS Library with Address >>>> Randomization >>>> >>>> Note you may not modify the openssl-FIPS build files or process. >>>> >>>> However, building the openssl host container of the FIPS library build, >>>> you may pin the DLL file with link flags and dodge this relocation. >>> Yes. That's what /BASE:x /FIXED does, which causes the problem >>> (address not available at runtime) which the OP was trying to work >>> around. We're just back where we started. >>> >>> The simple fact of the matter is that the FIPS requirements do not >>> play well with the PE DLL design. Arguably the PE DLL design itself is >>> at fault (PE relocations also inhibit sharing text pages among >>> processes, for example), but it is what it is. In 32-bit, address >>> space is a scarce resource, and OSes make various compromises in >>> managing it. The real problem is that FIPS 140-2 was written primarily >>> for hardware and doesn't accommodate software well. And, many have >>> argued, doesn't really do anything useful anyway - which is no help >>> whatsoever if your customer is required to have it, or insists on it >>> anyway. >>> >> I don't believe it is a shortcoming of FIPS 140-2 as much as it >> is a shortcoming of how the OpenSSL library verifies the hash of >> the FIPS blob. Specifically, that the has verification is done >> on the runtime-relocated code block, not on it's >> unrelocated/normalized form. >> >> If there is a conformant way to change the code ... > And therein lies the rub, because converging on the "incore" scheme we > use was a long and tortuous process that left us with what the CMVP > would accept, not what we preferred. We discovered that the CMVP had > some rather subtle ideological requirements for the integrity digest. > > The scheme they are most familiar with is a digest over a shared library > file. Our first thought was just to do a digest over the application > executable file containing the FIPS module (which in many cases would be > a shared library), but that was specifically rejected (see section 2.2 > of the OpenSSL FIPS module user guide, > https://www.openssl.org/docs/fips/UserGuide-2.0.pdf). > > -Steve M. > Rereading section 2.2 and 2.3 of the UserGuide didn't really give any reason preventing the creation of an algorithm that checks the required code and data segment portions (as it does today), but applies a "normalization" conceptually similar to how signature checking on S/MIME requires line ending normalization before passing data to the hash algorithm. The text did however seem to indicate that the checking code is inside the blob and thus requires an updated validation in order to be modified. An alternative approach would be to somehow coach some Windows compiler into generating truly position-independent code and data for the blob, however that too would probably require revalidation. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From raja.ashok at huawei.com Tue Mar 21 15:24:57 2017 From: raja.ashok at huawei.com (Raja ashok) Date: Tue, 21 Mar 2017 15:24:57 +0000 Subject: [openssl-users] DTLS is not sending alert in case of BAD CCS Message-ID: Hi All, Looks like there is a typo mistake in dtls1_read_bytes, because of this alert is not send for bad CCS. In dtls1_read_bytes, incase of bad change cipher spec we are setting alert code (SSL_AD_ILLEGAL_PARAMETER) to variable ?i? and doing ?goto err?. I feel we are trying to send alert in this case, so we need to set the alert in ?al? and do ?goto f_err?. In case of TLS we are sending alert. Note : I am referring 1.0.2.k version of OpenSSL Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 6737 bytes Desc: image001.jpg URL: From christian_adja at yahoo.it Wed Mar 22 17:48:08 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Wed, 22 Mar 2017 17:48:08 +0000 (UTC) Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: References: Message-ID: <776809560.1321367.1490204889018@mail.yahoo.com> Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1). The public key form in hex = |00|80|83|x point (32 bytes)| Thanks, Best Regards Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request at openssl.org" ha scritto: Send openssl-users mailing list submissions to ??? openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit ??? https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to ??? openssl-users-request at openssl.org You can reach the person managing the list at ??? openssl-users-owner at openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: ? 1. Request for adding new ciphers (Christian Adja) ? 2. Re: Request for adding new ciphers (Matt Caswell) ? 3. Generating dh parameters multithreaded? (Joseph Southwell) ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich) ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth) ? 6. Re: PKCS#7 (val?ry) ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich) ---------------------------------------------------------------------- Message: 1 Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) From: Christian Adja To: "openssl-users at openssl.org" Subject: [openssl-users] Request for adding new ciphers Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com> Content-Type: text/plain; charset="utf-8" Hi everyone, Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Wed, 15 Mar 2017 18:18:52 +0000 From: Matt Caswell To: openssl-users at openssl.org Subject: Re: [openssl-users] Request for adding new ciphers Message-ID: Content-Type: text/plain; charset=windows-1252 On 15/03/17 18:03, Christian Adja via openssl-users wrote: > Hi everyone, > > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM? ? ? ? ? ? 0x0300C0AC >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM? ? ? ? ? ? 0x0300C0AD > > And modifing the file? ssl_ciph.c the functions >? ? ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.c > and finaly ssl_algs.c. > > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 These ciphersuites already exist in OpenSSL (from version 1.1.0). Matt ------------------------------ Message: 3 Date: Wed, 15 Mar 2017 14:18:38 -0400 From: Joseph Southwell To: openssl-users at openssl.org Subject: [openssl-users] Generating dh parameters multithreaded? Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com> Content-Type: text/plain; charset="utf-8" On any new install of our software we generate new dh parameters as follows? DH *dh = DH_new(); !DH_generate_parameters_ex(dh, 2048, 2, NULL); int codes = 0; DH_check(dh, &codes); DH_generate_key(dh); It takes a long time. Is there some way to have it use all available cores instead of just the one? -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Wed, 15 Mar 2017 18:21:05 +0000 From: "Salz, Rich" To: "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="utf-8" > It takes a long time. Is there some way to have it use all available cores instead of just the one? You'll have to write the code to do that parallelism yourself. ------------------------------ Message: 5 Date: Wed, 15 Mar 2017 19:46:07 +0100 From: Moritz Wirth To: openssl-users at openssl.org Subject: [openssl-users] OpenSSL Certificate Cross Signing Message-ID: Content-Type: text/plain; charset=utf-8 Good Evening all, I have 2 Root Certificate Authorities which I want to use to cross sign an intermediate certificate. I created a certificate request and signed it with both CAs. I issued an end user certificate with the intermediate CA and added both intermediate CA Certificates (the one from Root1 and the one signed by Root2). If only one CA is trusted, the certificate is still recognized as trusted in Firefox regardless which certificate is on top of the chain (Which is exactly what I want.) I wondered if I can connect both intermediate Certificates to a single certificate or do I always need both certificates? Best Regards, Moritz ------------------------------ Message: 6 Date: Wed, 15 Mar 2017 21:42:50 +0100 From: val?ry To: openssl-users at openssl.org Subject: Re: [openssl-users] PKCS#7 Message-ID: ??? Content-Type: text/plain; charset="utf-8" Alright, big thanks to both of you for your input! On Mar 15, 2017 23:01, "Wouter Verhelst" wrote: On 15-03-17 05:13, val?ry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their respective asymmetrically encrypted RSA blocks. Would it weakens > the security of the RSA key pair ? I mean could it be easier for someone > using that information to brute force an RSA key pair ? > Think of it this way: As far as the RSA algorithm is concerned, the AES keys are just data. They happen to be AES keys, but they might have been a hash value, an image, or somebody's date of birth. If getting the cleartext as well as the encrypted text for an RSA message would allow you to more easily guess the RSA key, then the RSA algorithm would be seriously flawed. There is no known attack against RSA for which this is true, however, as Rich pointed out. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 7 Date: Wed, 15 Mar 2017 17:08:50 -0400 From: Joseph Southwell To: "Salz, Rich" , openssl-users at openssl.org Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: Content-Type: text/plain; charset=us-ascii Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction? > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users wrote: > >> It takes a long time. Is there some way to have it use all available cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > ------------------------------ Message: 8 Date: Wed, 15 Mar 2017 21:15:11 +0000 From: "Salz, Rich" To: Joseph Southwell , ??? "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="Windows-1252" > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the already > exposed functionality? If it is the latter could you point me in the right > direction? OpenSSL code does not do what you want.? You'll have to write it ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 28, Issue 21 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian_adja at yahoo.it Wed Mar 22 17:59:11 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Wed, 22 Mar 2017 17:59:11 +0000 (UTC) Subject: [openssl-users] unsigned char * public key to evp_pkey o ec_key In-Reply-To: References: Message-ID: <808829684.2632458.1490205551640@mail.yahoo.com> Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1). The public key form in hex = |00|80|83|x point (32 bytes)| Thanks, Best Regards Il Mercoled? 22 Marzo 2017 18:48, "openssl-users-request at openssl.org" ha scritto: Send openssl-users mailing list submissions to ??? openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit ??? https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to ??? openssl-users-request at openssl.org You can reach the person managing the list at ??? openssl-users-owner at openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: ? 1. Re: openssl-users Digest, Vol 28, Issue 21 (Christian Adja) ---------------------------------------------------------------------- Message: 1 Date: Wed, 22 Mar 2017 17:48:08 +0000 (UTC) From: Christian Adja To: "openssl-users at openssl.org" Subject: Re: [openssl-users] openssl-users Digest, Vol 28, Issue 21 Message-ID: <776809560.1321367.1490204889018 at mail.yahoo.com> Content-Type: text/plain; charset="utf-8" Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1). The public key form in hex = |00|80|83|x point (32 bytes)| Thanks, Best Regards ? ? Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request at openssl.org" ha scritto: Send openssl-users mailing list submissions to ??? openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit ??? https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to ??? openssl-users-request at openssl.org You can reach the person managing the list at ??? openssl-users-owner at openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: ? 1. Request for adding new ciphers (Christian Adja) ? 2. Re: Request for adding new ciphers (Matt Caswell) ? 3. Generating dh parameters multithreaded? (Joseph Southwell) ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich) ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth) ? 6. Re: PKCS#7 (val?ry) ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich) ---------------------------------------------------------------------- Message: 1 Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) From: Christian Adja To: "openssl-users at openssl.org" Subject: [openssl-users] Request for adding new ciphers Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com> Content-Type: text/plain; charset="utf-8" Hi everyone, Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Wed, 15 Mar 2017 18:18:52 +0000 From: Matt Caswell To: openssl-users at openssl.org Subject: Re: [openssl-users] Request for adding new ciphers Message-ID: Content-Type: text/plain; charset=windows-1252 On 15/03/17 18:03, Christian Adja via openssl-users wrote: > Hi everyone, > > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM? ? ? ? ? ? 0x0300C0AC >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM? ? ? ? ? ? 0x0300C0AD > > And modifing the file? ssl_ciph.c the functions >? ? ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.c > and finaly ssl_algs.c. > > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 These ciphersuites already exist in OpenSSL (from version 1.1.0). Matt ------------------------------ Message: 3 Date: Wed, 15 Mar 2017 14:18:38 -0400 From: Joseph Southwell To: openssl-users at openssl.org Subject: [openssl-users] Generating dh parameters multithreaded? Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com> Content-Type: text/plain; charset="utf-8" On any new install of our software we generate new dh parameters as follows? DH *dh = DH_new(); !DH_generate_parameters_ex(dh, 2048, 2, NULL); int codes = 0; DH_check(dh, &codes); DH_generate_key(dh); It takes a long time. Is there some way to have it use all available cores instead of just the one? -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Wed, 15 Mar 2017 18:21:05 +0000 From: "Salz, Rich" To: "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="utf-8" > It takes a long time. Is there some way to have it use all available cores instead of just the one? You'll have to write the code to do that parallelism yourself. ------------------------------ Message: 5 Date: Wed, 15 Mar 2017 19:46:07 +0100 From: Moritz Wirth To: openssl-users at openssl.org Subject: [openssl-users] OpenSSL Certificate Cross Signing Message-ID: Content-Type: text/plain; charset=utf-8 Good Evening all, I have 2 Root Certificate Authorities which I want to use to cross sign an intermediate certificate. I created a certificate request and signed it with both CAs. I issued an end user certificate with the intermediate CA and added both intermediate CA Certificates (the one from Root1 and the one signed by Root2). If only one CA is trusted, the certificate is still recognized as trusted in Firefox regardless which certificate is on top of the chain (Which is exactly what I want.) I wondered if I can connect both intermediate Certificates to a single certificate or do I always need both certificates? Best Regards, Moritz ------------------------------ Message: 6 Date: Wed, 15 Mar 2017 21:42:50 +0100 From: val?ry To: openssl-users at openssl.org Subject: Re: [openssl-users] PKCS#7 Message-ID: ??? Content-Type: text/plain; charset="utf-8" Alright, big thanks to both of you for your input! On Mar 15, 2017 23:01, "Wouter Verhelst" wrote: On 15-03-17 05:13, val?ry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their respective asymmetrically encrypted RSA blocks. Would it weakens > the security of the RSA key pair ? I mean could it be easier for someone > using that information to brute force an RSA key pair ? > Think of it this way: As far as the RSA algorithm is concerned, the AES keys are just data. They happen to be AES keys, but they might have been a hash value, an image, or somebody's date of birth. If getting the cleartext as well as the encrypted text for an RSA message would allow you to more easily guess the RSA key, then the RSA algorithm would be seriously flawed. There is no known attack against RSA for which this is true, however, as Rich pointed out. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 7 Date: Wed, 15 Mar 2017 17:08:50 -0400 From: Joseph Southwell To: "Salz, Rich" , openssl-users at openssl.org Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: Content-Type: text/plain; charset=us-ascii Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction? > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users wrote: > >> It takes a long time. Is there some way to have it use all available cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > ------------------------------ Message: 8 Date: Wed, 15 Mar 2017 21:15:11 +0000 From: "Salz, Rich" To: Joseph Southwell , ??? "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="Windows-1252" > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the already > exposed functionality? If it is the latter could you point me in the right > direction? OpenSSL code does not do what you want.? You'll have to write it ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 28, Issue 21 ********************************************* ? -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 28, Issue 25 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From ethan.rahn at gmail.com Wed Mar 22 18:01:41 2017 From: ethan.rahn at gmail.com (Ethan Rahn) Date: Wed, 22 Mar 2017 11:01:41 -0700 Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: <776809560.1321367.1490204889018@mail.yahoo.com> References: <776809560.1321367.1490204889018@mail.yahoo.com> Message-ID: Couldn't you just use EVP_PKEY_get1_EC_KEY? https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_get1_EC_KEY.html Cheers, Ethan On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users < openssl-users at openssl.org> wrote: > Good evening everybody, > I need help about to transform public key (unsigned char *) retrieved from > IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in > compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| > > Thanks, > > Best Regards > > > Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request at openssl.org" < > openssl-users-request at openssl.org> ha scritto: > > > Send openssl-users mailing list submissions to > openssl-users at openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-request at openssl.org > > You can reach the person managing the list at > openssl-users-owner at openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Request for adding new ciphers (Christian Adja) > 2. Re: Request for adding new ciphers (Matt Caswell) > 3. Generating dh parameters multithreaded? (Joseph Southwell) > 4. Re: Generating dh parameters multithreaded? (Salz, Rich) > 5. OpenSSL Certificate Cross Signing (Moritz Wirth) > 6. Re: PKCS#7 (val?ry) > 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) > 8. Re: Generating dh parameters multithreaded? (Salz, Rich) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) > From: Christian Adja > To: "openssl-users at openssl.org" > Subject: [openssl-users] Request for adding new ciphers > Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com> > Content-Type: text/plain; charset="utf-8" > > Hi everyone, > Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM > " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? > I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? > 0x0300C0AC > ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD > And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > thanks. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170315/5ea926a1/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 15 Mar 2017 18:18:52 +0000 > From: Matt Caswell > To: openssl-users at openssl.org > Subject: Re: [openssl-users] Request for adding new ciphers > Message-ID: > Content-Type: text/plain; charset=windows-1252 > > > > On 15/03/17 18:03, Christian Adja via openssl-users wrote: > > Hi everyone, > > > > Someone can help for adding the ciphersuite " > > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > > openssl? > > I tried adding in the file tls1.h > > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC > > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD > > > > And modifing the file ssl_ciph.c the functions > > ssl_load_ciphers() ... > > And modifing the file evp_cipher.c and sssl_locl.c > > and finaly ssl_algs.c. > > > > There are no way to make it works. It continue to give me error: > > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > > > These ciphersuites already exist in OpenSSL (from version 1.1.0). > > Matt > > > > ------------------------------ > > Message: 3 > Date: Wed, 15 Mar 2017 14:18:38 -0400 > From: Joseph Southwell > To: openssl-users at openssl.org > Subject: [openssl-users] Generating dh parameters multithreaded? > Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com> > Content-Type: text/plain; charset="utf-8" > > On any new install of our software we generate new dh parameters as > follows? > > DH *dh = DH_new(); > !DH_generate_parameters_ex(dh, 2048, 2, NULL); > int codes = 0; > DH_check(dh, &codes); > DH_generate_key(dh); > > It takes a long time. Is there some way to have it use all available cores > instead of just the one? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170315/abdcfd11/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Wed, 15 Mar 2017 18:21:05 +0000 > From: "Salz, Rich" > To: "openssl-users at openssl.org" > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com> > Content-Type: text/plain; charset="utf-8" > > > It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > > ------------------------------ > > Message: 5 > Date: Wed, 15 Mar 2017 19:46:07 +0100 > From: Moritz Wirth > To: openssl-users at openssl.org > Subject: [openssl-users] OpenSSL Certificate Cross Signing > Message-ID: > Content-Type: text/plain; charset=utf-8 > > Good Evening all, > > > I have 2 Root Certificate Authorities which I want to use to cross sign > an intermediate certificate. I created a certificate request and signed > it with both CAs. > > I issued an end user certificate with the intermediate CA and added both > intermediate CA Certificates (the one from Root1 and the one signed by > Root2). If only one CA is trusted, the certificate is still recognized > as trusted in Firefox regardless which certificate is on top of the > chain (Which is exactly what I want.) > > I wondered if I can connect both intermediate Certificates to a single > certificate or do I always need both certificates? > > > Best Regards, > > Moritz > > > > ------------------------------ > > Message: 6 > Date: Wed, 15 Mar 2017 21:42:50 +0100 > From: val?ry > To: openssl-users at openssl.org > Subject: Re: [openssl-users] PKCS#7 > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > Alright, big thanks to both of you for your input! > > On Mar 15, 2017 23:01, "Wouter Verhelst" > wrote: > > On 15-03-17 05:13, val?ry wrote: > > > Hi, > > > > thank you very much for your response. > > Say someone would be able to gather several clear text AES keys and > > their respective asymmetrically encrypted RSA blocks. Would it weakens > > the security of the RSA key pair ? I mean could it be easier for someone > > using that information to brute force an RSA key pair ? > > > > Think of it this way: > > As far as the RSA algorithm is concerned, the AES keys are just data. They > happen to be AES keys, but they might have been a hash value, an image, or > somebody's date of birth. > > If getting the cleartext as well as the encrypted text for an RSA message > would allow you to more easily guess the RSA key, then the RSA algorithm > would be seriously flawed. > > There is no known attack against RSA for which this is true, however, as > Rich pointed out. > > -- > Wouter Verhelst > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170315/c5426a43/attachment-0001.html> > > ------------------------------ > > Message: 7 > Date: Wed, 15 Mar 2017 17:08:50 -0400 > From: Joseph Southwell > To: "Salz, Rich" , openssl-users at openssl.org > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > Content-Type: text/plain; charset=us-ascii > > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the > already exposed functionality? If it is the latter could you point me in > the right direction? > > > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users < > openssl-users at openssl.org> wrote: > > > >> It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > > > You'll have to write the code to do that parallelism yourself. > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > ------------------------------ > > Message: 8 > Date: Wed, 15 Mar 2017 21:15:11 +0000 > From: "Salz, Rich" > To: Joseph Southwell , > "openssl-users at openssl.org" > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com> > Content-Type: text/plain; charset="Windows-1252" > > > Are you suggesting that I should modify openssl myself to expose that > > functionality or are suggesting that there is a way to do that given the > already > > exposed functionality? If it is the latter could you point me in the > right > > direction? > > OpenSSL code does not do what you want. You'll have to write it > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 21 > ********************************************* > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian_adja at yahoo.it Wed Mar 22 18:11:27 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Wed, 22 Mar 2017 18:11:27 +0000 (UTC) Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: References: <776809560.1321367.1490204889018@mail.yahoo.com> Message-ID: <787239451.2530096.1490206287248@mail.yahoo.com> cheers, Thanks for the response, but haven't the evp_pkey struct of the public key. I' ve only the an bytes string that i retrieved from IEEE cert with "PEM_bytes_read_bio()". Now in want to form the ec_key struct and then the? evp_pkey struct. Thanks Best regards Christian Adja Il Mercoled? 22 Marzo 2017 19:01, Ethan Rahn ha scritto: Couldn't you just use EVP_PKEY_get1_EC_KEY? https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_get1_EC_KEY.html Cheers, Ethan On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users wrote: Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1). The public key form in hex = |00|80|83|x point (32 bytes)| Thanks, Best Regards Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request@ openssl.org" ha scritto: Send openssl-users mailing list submissions to ??? openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit ??? https://mta.openssl.org/ mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to ??? openssl-users-request at openssl. org You can reach the person managing the list at ??? openssl-users-owner at openssl. org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: ? 1. Request for adding new ciphers (Christian Adja) ? 2. Re: Request for adding new ciphers (Matt Caswell) ? 3. Generating dh parameters multithreaded? (Joseph Southwell) ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich) ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth) ? 6. Re: PKCS#7 (val?ry) ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich) ------------------------------ ------------------------------ ---------- Message: 1 Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) From: Christian Adja To: "openssl-users at openssl.org" Subject: [openssl-users] Request for adding new ciphers Message-ID: <1576557894.1332584. 1489601024241 at mail.yahoo.com> Content-Type: text/plain; charset="utf-8" Hi everyone, Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 128_CCM??????????? 0x0300C0AC ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 256_CCM??????????? 0x0300C0AD And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Wed, 15 Mar 2017 18:18:52 +0000 From: Matt Caswell To: openssl-users at openssl.org Subject: Re: [openssl-users] Request for adding new ciphers Message-ID: Content-Type: text/plain; charset=windows-1252 On 15/03/17 18:03, Christian Adja via openssl-users wrote: > Hi everyone, > > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 128_CCM? ? ? ? ? ? 0x0300C0AC >? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 256_CCM? ? ? ? ? ? 0x0300C0AD > > And modifing the file? ssl_ciph.c the functions >? ? ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.c > and finaly ssl_algs.c. > > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 These ciphersuites already exist in OpenSSL (from version 1.1.0). Matt ------------------------------ Message: 3 Date: Wed, 15 Mar 2017 14:18:38 -0400 From: Joseph Southwell To: openssl-users at openssl.org Subject: [openssl-users] Generating dh parameters multithreaded? Message-ID: <56015584-6EDC-4BD6-AA21- F27835281A99 at serengeti.com> Content-Type: text/plain; charset="utf-8" On any new install of our software we generate new dh parameters as follows? DH *dh = DH_new(); !DH_generate_parameters_ex(dh, 2048, 2, NULL); int codes = 0; DH_check(dh, &codes); DH_generate_key(dh); It takes a long time. Is there some way to have it use all available cores instead of just the one? -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Wed, 15 Mar 2017 18:21:05 +0000 From: "Salz, Rich" To: "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <9ff829cd17f74e4a910ca067196f7 d62 at usma1ex-dag1mb1.msg.corp. akamai.com> Content-Type: text/plain; charset="utf-8" > It takes a long time. Is there some way to have it use all available cores instead of just the one? You'll have to write the code to do that parallelism yourself. ------------------------------ Message: 5 Date: Wed, 15 Mar 2017 19:46:07 +0100 From: Moritz Wirth To: openssl-users at openssl.org Subject: [openssl-users] OpenSSL Certificate Cross Signing Message-ID: Content-Type: text/plain; charset=utf-8 Good Evening all, I have 2 Root Certificate Authorities which I want to use to cross sign an intermediate certificate. I created a certificate request and signed it with both CAs. I issued an end user certificate with the intermediate CA and added both intermediate CA Certificates (the one from Root1 and the one signed by Root2). If only one CA is trusted, the certificate is still recognized as trusted in Firefox regardless which certificate is on top of the chain (Which is exactly what I want.) I wondered if I can connect both intermediate Certificates to a single certificate or do I always need both certificates? Best Regards, Moritz ------------------------------ Message: 6 Date: Wed, 15 Mar 2017 21:42:50 +0100 From: val?ry To: openssl-users at openssl.org Subject: Re: [openssl-users] PKCS#7 Message-ID: ??? Content-Type: text/plain; charset="utf-8" Alright, big thanks to both of you for your input! On Mar 15, 2017 23:01, "Wouter Verhelst" wrote: On 15-03-17 05:13, val?ry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their respective asymmetrically encrypted RSA blocks. Would it weakens > the security of the RSA key pair ? I mean could it be easier for someone > using that information to brute force an RSA key pair ? > Think of it this way: As far as the RSA algorithm is concerned, the AES keys are just data. They happen to be AES keys, but they might have been a hash value, an image, or somebody's date of birth. If getting the cleartext as well as the encrypted text for an RSA message would allow you to more easily guess the RSA key, then the RSA algorithm would be seriously flawed. There is no known attack against RSA for which this is true, however, as Rich pointed out. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 7 Date: Wed, 15 Mar 2017 17:08:50 -0400 From: Joseph Southwell To: "Salz, Rich" , openssl-users at openssl.org Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: Content-Type: text/plain; charset=us-ascii Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction? > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users wrote: > >> It takes a long time. Is there some way to have it use all available cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users > ------------------------------ Message: 8 Date: Wed, 15 Mar 2017 21:15:11 +0000 From: "Salz, Rich" To: Joseph Southwell , ??? "openssl-users at openssl.org" Subject: Re: [openssl-users] Generating dh parameters multithreaded? Message-ID: ??? <2a86a335027d437ba9531551ce0ea 897 at usma1ex-dag1mb1.msg.corp. akamai.com> Content-Type: text/plain; charset="Windows-1252" > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the already > exposed functionality? If it is the latter could you point me in the right > direction? OpenSSL code does not do what you want.? You'll have to write it ------------------------------ Subject: Digest Footer ______________________________ _________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/ mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 28, Issue 21 ****************************** *************** -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Mar 22 19:08:37 2017 From: levitte at openssl.org (Richard Levitte) Date: Wed, 22 Mar 2017 20:08:37 +0100 (CET) Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: <787239451.2530096.1490206287248@mail.yahoo.com> References: <776809560.1321367.1490204889018@mail.yahoo.com> <787239451.2530096.1490206287248@mail.yahoo.com> Message-ID: <20170322.200837.1672873963772680746.levitte@openssl.org> In message <787239451.2530096.1490206287248 at mail.yahoo.com> on Wed, 22 Mar 2017 18:11:27 +0000 (UTC), Christian Adja said: christian_adja> Thanks for the response, but haven't the evp_pkey struct of the public christian_adja> key. I' ve only the an bytes string that i retrieved from IEEE cert christian_adja> with "PEM_bytes_read_bio()". Now in want to form the ec_key struct and christian_adja> then the evp_pkey struct. I'm not sure how IEEE certs differ from X.509 certs... if they don't, you're better off reading the cert with PEM_read_bio_X509() and extracting the public key with X509_get0_pubkey() or X509_get0_pubkey(). If IEEE certs differ in format, you must first know the exact byte content, where the public key is in there, make sure it's encoded in DER, and use d2i_EC_PUBKEY() to make a EC_KEY from those bytes. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From christian_adja at yahoo.it Wed Mar 22 19:18:40 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Wed, 22 Mar 2017 19:18:40 +0000 (UTC) Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: <20170322.200837.1672873963772680746.levitte@openssl.org> References: <776809560.1321367.1490204889018@mail.yahoo.com> <787239451.2530096.1490206287248@mail.yahoo.com> <20170322.200837.1672873963772680746.levitte@openssl.org> Message-ID: <429596455.2772337.1490210320541@mail.yahoo.com> Ok, thanks but the key is not in DER but COER, there are ways to transform it in DER. Thanks Best regards Christian Adja Il Mercoled? 22 Marzo 2017 20:08, Richard Levitte ha scritto: In message <787239451.2530096.1490206287248 at mail.yahoo.com> on Wed, 22 Mar 2017 18:11:27 +0000 (UTC), Christian Adja said: christian_adja> Thanks for the response, but haven't the evp_pkey struct of the public christian_adja> key. I' ve only the an bytes string that i retrieved from IEEE cert christian_adja> with "PEM_bytes_read_bio()". Now in want to form the ec_key struct and christian_adja> then the evp_pkey struct. I'm not sure how IEEE certs differ from X.509 certs...? if they don't, you're better off reading the cert with PEM_read_bio_X509() and extracting the public key with X509_get0_pubkey() or X509_get0_pubkey(). If IEEE certs differ in format, you must first know the exact byte content, where the public key is in there, make sure it's encoded in DER, and use d2i_EC_PUBKEY() to make a EC_KEY from those bytes. Cheers, Richard -- Richard Levitte? ? ? ? levitte at openssl.org OpenSSL Project? ? ? ? http://www.openssl.org/~levitte/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From yu2003w at hotmail.com Thu Mar 23 02:43:58 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Thu, 23 Mar 2017 02:43:58 +0000 Subject: [openssl-users] Test message Message-ID: Thanks, Jared, (??? Software developer Interested in open source software, big data, Linux -------------- next part -------------- An HTML attachment was scrubbed... URL: From yu2003w at hotmail.com Wed Mar 22 17:20:42 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Wed, 22 Mar 2017 17:20:42 +0000 Subject: [openssl-users] One question about RSA decrypt with private key Message-ID: Hi guys, I generated RSA private key and public key as below, openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in pri.key -out pub.key And encrypted text file as below, openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt Then I wrote below program to decrypt the encryted file. However, it seemed that decrypt didn't work as expected. #include #include #include #include #include #include using namespace std; void cleanup() { EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); } int main(int argc, char** argv) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(nullptr); cout<<"Initialize crypto library done"< From kane.huang at ericsson.com Thu Mar 23 03:47:06 2017 From: kane.huang at ericsson.com (Kane Huang) Date: Thu, 23 Mar 2017 03:47:06 +0000 Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: <429596455.2772337.1490210320541@mail.yahoo.com> References: <776809560.1321367.1490204889018@mail.yahoo.com> <787239451.2530096.1490206287248@mail.yahoo.com> <20170322.200837.1672873963772680746.levitte@openssl.org> <429596455.2772337.1490210320541@mail.yahoo.com> Message-ID: Hi guys, I want to use "multiblock" introduced from 1.0.2 to improve performance of ipsec packet process, which use aes_cbc_hmac_sha as main algorithm. I have try openssl speed test with ?-mb? and I observe that the test code use big buffer size from 8192 to 131072, that show dramatic performance improvement My questions are: 1) Can i get so much improvement when use multiblock on single stream with small data ,like date with size 512 or 1024 bytes. 2) How to use the multiblock APIs? From speed.c , I saw some APIs call like EVP_CIPHER_CTX_ctrl() with type EVP_CTRL_TLS1_1_MULTIBLOCK_AAD and EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, is there any document regarding these? Many thanks in advance for any advice here! Thanks, kane Software developer, Ericsson -------------- next part -------------- An HTML attachment was scrubbed... URL: From yu2003w at hotmail.com Thu Mar 23 05:29:30 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Thu, 23 Mar 2017 05:29:30 +0000 Subject: [openssl-users] One question about RSA decrypt with private key In-Reply-To: References: Message-ID: After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING)", it worked well. However, I still quite understand the usage of "RSA_NO_PADDING". Who could kindly explain this? Thanks, Jared, (??? Software developer Interested in open source software, big data, Linux ________________________________ From: openssl-users on behalf of Yu Wei Sent: Thursday, March 23, 2017 1:20:42 AM To: openssl-users at openssl.org Subject: [openssl-users] One question about RSA decrypt with private key Hi guys, I generated RSA private key and public key as below, openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in pri.key -out pub.key And encrypted text file as below, openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt Then I wrote below program to decrypt the encryted file. However, it seemed that decrypt didn't work as expected. #include #include #include #include #include #include using namespace std; void cleanup() { EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); } int main(int argc, char** argv) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(nullptr); cout<<"Initialize crypto library done"< From matt at openssl.org Thu Mar 23 09:40:58 2017 From: matt at openssl.org (Matt Caswell) Date: Thu, 23 Mar 2017 09:40:58 +0000 Subject: [openssl-users] unsigned char * public key to evp_pkey o ec_key In-Reply-To: <808829684.2632458.1490205551640@mail.yahoo.com> References: <808829684.2632458.1490205551640@mail.yahoo.com> Message-ID: <95f0188b-5fe0-8c5f-1df1-8dac267670f0@openssl.org> On 22/03/17 17:59, Christian Adja via openssl-users wrote: > Good evening everybody,I need help about to transform public key > (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The > public key is an ecdsaNistP256 in compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| You could use BN_bin2bn() to load the x value into a BIGNUM: https://www.openssl.org/docs/man1.1.0/crypto/BN_bin2bn.html Then you could use EC_POINT_set_compressed_coordinates_GFp() to create the EC_POINT for that public key: https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_set_compressed_coordinates_GFp.html Finally you can create an EC_KEY from the EC_POINT using EC_KEY_set_public_key(): https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_set_public_key.html Matt > Thanks, > Best Regards > > > Il Mercoled? 22 Marzo 2017 18:48, "openssl-users-request at openssl.org" > ha scritto: > > > Send openssl-users mailing list submissions to > openssl-users at openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-request at openssl.org > > > You can reach the person managing the list at > openssl-users-owner at openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Re: openssl-users Digest, Vol 28, Issue 21 (Christian Adja) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 22 Mar 2017 17:48:08 +0000 (UTC) > From: Christian Adja > > To: "openssl-users at openssl.org " > > > Subject: Re: [openssl-users] openssl-users Digest, Vol 28, Issue 21 > Message-ID: <776809560.1321367.1490204889018 at mail.yahoo.com > > > Content-Type: text/plain; charset="utf-8" > > Good evening everybody,I need help about to transform public key > (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The > public key is an ecdsaNistP256 in compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| > Thanks, > Best Regards > > > Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request at openssl.org > " > > ha scritto: > > > Send openssl-users mailing list submissions to > ??? openssl-users at openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > ??? https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > ??? openssl-users-request at openssl.org > > > You can reach the person managing the list at > ??? openssl-users-owner at openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > ? 1. Request for adding new ciphers (Christian Adja) > ? 2. Re: Request for adding new ciphers (Matt Caswell) > ? 3. Generating dh parameters multithreaded? (Joseph Southwell) > ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich) > ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth) > ? 6. Re: PKCS#7 (val?ry) > ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) > ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) > From: Christian Adja > > To: "openssl-users at openssl.org " > > > Subject: [openssl-users] Request for adding new ciphers > Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com > > > Content-Type: text/plain; charset="utf-8" > > Hi everyone, > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h??? # define > TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC > ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD > And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() > ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > thanks. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > > ------------------------------ > > Message: 2 > Date: Wed, 15 Mar 2017 18:18:52 +0000 > From: Matt Caswell > > To: openssl-users at openssl.org > Subject: Re: [openssl-users] Request for adding new ciphers > Message-ID: > > Content-Type: text/plain; charset=windows-1252 > > > > On 15/03/17 18:03, Christian Adja via openssl-users wrote: >> Hi everyone, >> >> Someone can help for adding the ciphersuite " >> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in >> openssl? >> I tried adding in the file tls1.h >>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM? ? ? ? ? ? 0x0300C0AC >>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM? ? ? ? ? ? 0x0300C0AD >> >> And modifing the file? ssl_ciph.c the functions >>? ? ssl_load_ciphers() ... >> And modifing the file evp_cipher.c and sssl_locl.c >> and finaly ssl_algs.c. >> >> There are no way to make it works. It continue to give me? error: >> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > > > These ciphersuites already exist in OpenSSL (from version 1.1.0). > > Matt > > > > ------------------------------ > > Message: 3 > Date: Wed, 15 Mar 2017 14:18:38 -0400 > From: Joseph Southwell > > To: openssl-users at openssl.org > Subject: [openssl-users] Generating dh parameters multithreaded? > Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com > > > Content-Type: text/plain; charset="utf-8" > > On any new install of our software we generate new dh parameters as follows? > > DH *dh = DH_new(); > !DH_generate_parameters_ex(dh, 2048, 2, NULL); > int codes = 0; > DH_check(dh, &codes); > DH_generate_key(dh); > > It takes a long time. Is there some way to have it use all available > cores instead of just the one? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > > ------------------------------ > > Message: 4 > Date: Wed, 15 Mar 2017 18:21:05 +0000 > From: "Salz, Rich" > > To: "openssl-users at openssl.org " > > > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > ??? > <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com > > > Content-Type: text/plain; charset="utf-8" > >> It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > > ------------------------------ > > Message: 5 > Date: Wed, 15 Mar 2017 19:46:07 +0100 > From: Moritz Wirth > > To: openssl-users at openssl.org > Subject: [openssl-users] OpenSSL Certificate Cross Signing > Message-ID: > > Content-Type: text/plain; charset=utf-8 > > Good Evening all, > > > I have 2 Root Certificate Authorities which I want to use to cross sign > an intermediate certificate. I created a certificate request and signed > it with both CAs. > > I issued an end user certificate with the intermediate CA and added both > intermediate CA Certificates (the one from Root1 and the one signed by > Root2). If only one CA is trusted, the certificate is still recognized > as trusted in Firefox regardless which certificate is on top of the > chain (Which is exactly what I want.) > > I wondered if I can connect both intermediate Certificates to a single > certificate or do I always need both certificates? > > > Best Regards, > > Moritz > > > > ------------------------------ > > Message: 6 > Date: Wed, 15 Mar 2017 21:42:50 +0100 > From: val?ry > > To: openssl-users at openssl.org > Subject: Re: [openssl-users] PKCS#7 > Message-ID: > ??? > > Content-Type: text/plain; charset="utf-8" > > Alright, big thanks to both of you for your input! > > On Mar 15, 2017 23:01, "Wouter Verhelst" > wrote: > > On 15-03-17 05:13, val?ry wrote: > >> Hi, >> >> thank you very much for your response. >> Say someone would be able to gather several clear text AES keys and >> their respective asymmetrically encrypted RSA blocks. Would it weakens >> the security of the RSA key pair ? I mean could it be easier for someone >> using that information to brute force an RSA key pair ? >> > > Think of it this way: > > As far as the RSA algorithm is concerned, the AES keys are just data. They > happen to be AES keys, but they might have been a hash value, an image, or > somebody's date of birth. > > If getting the cleartext as well as the encrypted text for an RSA message > would allow you to more easily guess the RSA key, then the RSA algorithm > would be seriously flawed. > > There is no known attack against RSA for which this is true, however, as > Rich pointed out. > > -- > Wouter Verhelst > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > > ------------------------------ > > Message: 7 > Date: Wed, 15 Mar 2017 17:08:50 -0400 > From: Joseph Southwell > > To: "Salz, Rich" >, > openssl-users at openssl.org > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > > Content-Type: text/plain; charset=us-ascii > > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the > already exposed functionality? If it is the latter could you point me in > the right direction? > >> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users > > wrote: >> >>> It takes a long time. Is there some way to have it use all available > cores instead of just the one? >> >> You'll have to write the code to do that parallelism yourself. >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > > ------------------------------ > > Message: 8 > Date: Wed, 15 Mar 2017 21:15:11 +0000 > From: "Salz, Rich" > > To: Joseph Southwell >, > ??? "openssl-users at openssl.org " > > > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > ??? > <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com > > > Content-Type: text/plain; charset="Windows-1252" > >> Are you suggesting that I should modify openssl myself to expose that >> functionality or are suggesting that there is a way to do that given > the already >> exposed functionality? If it is the latter could you point me in the right >> direction? > > OpenSSL code does not do what you want.? You'll have to write it > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 21 > ********************************************* > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 25 > ********************************************* > > > > From matt at openssl.org Thu Mar 23 10:05:43 2017 From: matt at openssl.org (Matt Caswell) Date: Thu, 23 Mar 2017 10:05:43 +0000 Subject: [openssl-users] One question about RSA decrypt with private key In-Reply-To: References: Message-ID: On 23/03/17 05:29, Yu Wei wrote: > After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx, > RSA_NO_PADDING)", it worked well. > > > However, I still quite understand the usage of "RSA_NO_PADDING". > > > Who could kindly explain this? > RSA_NO_PADDING gives you "raw" RSA encryption. From the manual: RSA_NO_PADDING Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure. https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_encrypt.html Basically, unless you are implementing a new RSA padding mode, or really know what you are doing, don't use it. Matt > Thanks, > > Jared, (??? > Software developer > Interested in open source software, big data, Linux > > ------------------------------------------------------------------------ > *From:* openssl-users on behalf of > Yu Wei > *Sent:* Thursday, March 23, 2017 1:20:42 AM > *To:* openssl-users at openssl.org > *Subject:* [openssl-users] One question about RSA decrypt with private key > > > Hi guys, > > > I generated RSA private key and public key as below, > > openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 > > openssl rsa -pubout -in pri.key -out pub.key > > > And encrypted text file as below, > > openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt > > > Then I wrote below program to decrypt the encryted file. However, it > seemed that decrypt didn't work as expected. > > > #include > #include > #include > #include > #include > #include > > using namespace std; > > void > cleanup() > { > EVP_cleanup(); > CRYPTO_cleanup_all_ex_data(); > ERR_free_strings(); > } > > int > main(int argc, char** argv) > { > ERR_load_crypto_strings(); > OpenSSL_add_all_algorithms(); > OPENSSL_config(nullptr); > > cout<<"Initialize crypto library done"< > EVP_PKEY * key = EVP_PKEY_new(); > if (key == nullptr) { > cout<<"Failed to contruct new key"< return 1; > } > FILE * fpri = nullptr; > fpri = fopen("/home/stack/pri.key", "r"); > if (fpri == nullptr) { > cout<<"Failed to load private key"< return 1; > } > key = PEM_read_PrivateKey(fpri, &key, nullptr, nullptr); > if (key == nullptr) { > std::cout<<"Read private key failed"< return 1; > } > cout<<"load private key successfully"< EVP_PKEY_CTX *ctx = nullptr; > ctx = EVP_PKEY_CTX_new(key, nullptr); > EVP_PKEY_decrypt_init(ctx); > EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING); > > size_t outlen = 0, inlen = 0; > unsigned char * out = nullptr, * in = nullptr; > > char buf[1024]; > FILE * fe = nullptr; > fe = fopen("/home/stack/1e.txt", "r"); > size_t len = fread(buf, 1, sizeof(buf), fe); > cout<<"data input length is "< EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen); > cout<<"outlen is "< > out = (unsigned char*)OPENSSL_malloc(outlen); > EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen); > cout<<"decrypted data "< cleanup(); > > return 0; > > } > > > When executing the code, the result is as below, > > [stack at agent ~]$ ./test > Initialize crypto library done > load private key successfully > data input length is 256 > outlen is 256 > decrypted data > > > Is there anything missed? > > > Thanks, > > Jared, (??? > Software developer > Interested in open source software, big data, Linux > > > From matt at openssl.org Thu Mar 23 10:32:29 2017 From: matt at openssl.org (Matt Caswell) Date: Thu, 23 Mar 2017 10:32:29 +0000 Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 21 In-Reply-To: References: <776809560.1321367.1490204889018@mail.yahoo.com> <787239451.2530096.1490206287248@mail.yahoo.com> <20170322.200837.1672873963772680746.levitte@openssl.org> <429596455.2772337.1490210320541@mail.yahoo.com> Message-ID: <7d1ef3fc-8d21-377a-d79e-efbfe29441da@openssl.org> On 23/03/17 03:47, Kane Huang wrote: > Hi guys, > > I want to use "multiblock" introduced from 1.0.2 to improve performance > of ipsec packet process, which use aes_cbc_hmac_sha as main algorithm. > > I have try openssl speed test with ?-mb? and I observe that the test > code use big buffer size from 8192 to 131072, that show dramatic > performance improvement > > My questions are: > > 1) Can i get so much improvement when use multiblock on single > stream with small data ,like date with size 512 or 1024 bytes. Multiblock works by sending multiple TLS records to be encrypted in one go - either 4 or 8 records depending on how much data you send in one go. Basically it looks at the amount of data you passed to SSL_write() and sees how many records it needs to divide it up into (with a record being max_send_fragment bytes long; by default max_send_fragment is 16k although you can change that value). If there are at least 4 records worth of data then multiblock will be used (assuming the negotiated ciphersuite supports it). A stream of small records like you describe would not satisfy the above criteria, so multi-block would not kick in. > > 2) How to use the multiblock APIs? From speed.c , I saw some APIs > call like EVP_CIPHER_CTX_ctrl() with type > EVP_CTRL_TLS1_1_MULTIBLOCK_AAD and EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, > is there any document regarding these? Unfortunately not, no. However it depends on what you are trying to achieve. If you just want to use the built-in ciphersuites that support this then you need to: 1) Make sure you are on a platform that supports it (IIRC AESNI support is required for these to work - Andy Polyakov can probably clarify) 2) Ensure TLS negotiates a multiblock capable ciphersuite 3) Ensure your application sends sufficient data in one go for multi-block to kick in If you satisfy all of the above then no API is required. It should just work. If, on the other hand, you want to implement a new cipher that supports multiblock then you will probably want to do it as an engine and use the implementations of e_aes_cbc_hmac_sha1.c and e_aes_cbc_hmac_sha256.c as a guide. Ciphers that implement multiblock need to be TLS "aware", in that they must output the appropriate record headers too. If you're going down this route then I'd like to point out the similar facility that we have in OpenSSL 1.1.0 known as pipelining: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_max_pipelines.html This gives you a bit more control over how the data is split up into records and the ciphers do not need to be TLS aware. Also both encryption and decryption is supported. However there are no built-in ciphersuites that use this as yet. Matt From rsalz at akamai.com Thu Mar 23 10:58:48 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 23 Mar 2017 10:58:48 +0000 Subject: [openssl-users] One question about RSA decrypt with private key In-Reply-To: References: Message-ID: <7cb2facc176c48219c2736a5708a8ae2@usma1ex-dag1mb1.msg.corp.akamai.com> > After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING)",? it worked well. You need to do some reading about basic RSA cryptography. Signatures are padded out to the keysize. From yu2003w at hotmail.com Thu Mar 23 10:12:46 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Thu, 23 Mar 2017 10:12:46 +0000 Subject: [openssl-users] One question about RSA decrypt with private key In-Reply-To: References: , Message-ID: Hi Matt, I checked openssl source code. It seems that PKCS#1 is default padding mode. For encrypting user data such as user's password, could I use PKCS#1 or OAEP padding mode? Thanks, Jared, (??? Software developer Interested in open source software, big data, Linux ________________________________ From: openssl-users on behalf of Matt Caswell Sent: Thursday, March 23, 2017 6:05:43 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] One question about RSA decrypt with private key On 23/03/17 05:29, Yu Wei wrote: > After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx, > RSA_NO_PADDING)", it worked well. > > > However, I still quite understand the usage of "RSA_NO_PADDING". > > > Who could kindly explain this? > RSA_NO_PADDING gives you "raw" RSA encryption. From the manual: RSA_NO_PADDING Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure. https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_encrypt.html Basically, unless you are implementing a new RSA padding mode, or really know what you are doing, don't use it. Matt > Thanks, > > Jared, (??? > Software developer > Interested in open source software, big data, Linux > > ------------------------------------------------------------------------ > *From:* openssl-users on behalf of > Yu Wei > *Sent:* Thursday, March 23, 2017 1:20:42 AM > *To:* openssl-users at openssl.org > *Subject:* [openssl-users] One question about RSA decrypt with private key > > > Hi guys, > > > I generated RSA private key and public key as below, > > openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 > > openssl rsa -pubout -in pri.key -out pub.key > > > And encrypted text file as below, > > openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt > > > Then I wrote below program to decrypt the encryted file. However, it > seemed that decrypt didn't work as expected. > > > #include > #include > #include > #include > #include > #include > > using namespace std; > > void > cleanup() > { > EVP_cleanup(); > CRYPTO_cleanup_all_ex_data(); > ERR_free_strings(); > } > > int > main(int argc, char** argv) > { > ERR_load_crypto_strings(); > OpenSSL_add_all_algorithms(); > OPENSSL_config(nullptr); > > cout<<"Initialize crypto library done"< > EVP_PKEY * key = EVP_PKEY_new(); > if (key == nullptr) { > cout<<"Failed to contruct new key"< return 1; > } > FILE * fpri = nullptr; > fpri = fopen("/home/stack/pri.key", "r"); > if (fpri == nullptr) { > cout<<"Failed to load private key"< return 1; > } > key = PEM_read_PrivateKey(fpri, &key, nullptr, nullptr); > if (key == nullptr) { > std::cout<<"Read private key failed"< return 1; > } > cout<<"load private key successfully"< EVP_PKEY_CTX *ctx = nullptr; > ctx = EVP_PKEY_CTX_new(key, nullptr); > EVP_PKEY_decrypt_init(ctx); > EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING); > > size_t outlen = 0, inlen = 0; > unsigned char * out = nullptr, * in = nullptr; > > char buf[1024]; > FILE * fe = nullptr; > fe = fopen("/home/stack/1e.txt", "r"); > size_t len = fread(buf, 1, sizeof(buf), fe); > cout<<"data input length is "< EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen); > cout<<"outlen is "< > out = (unsigned char*)OPENSSL_malloc(outlen); > EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen); > cout<<"decrypted data "< cleanup(); > > return 0; > > } > > > When executing the code, the result is as below, > > [stack at agent ~]$ ./test > Initialize crypto library done > load private key successfully > data input length is 256 > outlen is 256 > decrypted data > > > Is there anything missed? > > > Thanks, > > Jared, (??? > Software developer > Interested in open source software, big data, Linux > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From svineet at kodiakptt.com Thu Mar 23 11:51:19 2017 From: svineet at kodiakptt.com (svineet) Date: Thu, 23 Mar 2017 04:51:19 -0700 (MST) Subject: [openssl-users] regarding memory cleanup at end of each DTLS session In-Reply-To: References: Message-ID: <1490269879459-70176.post@n7.nabble.com> I did try dumping the memory state after freeing the ssl session at the end of each call using CRYPTO_mem_leaks_fp(stderr); Keep getting on the console alternately 74372 bytes leaked in 32 chunks [18:27:48] 2830 file=pqueue.c, line=95, thread=139766236079872, number=16, address=7F1D6CA32060 [18:27:48] 3013 file=asn1_lib.c, line=425, thread=139766236079872, number=24, address=7F1D6CA505B0 [18:27:22] 406 file=bn_lib.c, line=317, thread=139766236079872, number=256, address=7F1D6CA3CC10 [18:27:48] 2829 file=pqueue.c, line=95, thread=139766236079872, number=16, address=7F1D6CA31FD0 [18:27:48] 3028 file=buffer.c, line=121, thread=139766236079872, number=140, address=7F1D6CA51520 [18:27:48] 3008 file=a_object.c, line=335, thread=139766236079872, number=3, address=7F1D6CA504C0 [18:27:48] 2828 file=pqueue.c, line=95, thread=139766236079872, number=16, address=7F1D6CA31F40 [18:27:48] 3023 file=asn1_lib.c, line=386, thread=139766236079872, number=13, address=7F1D6CA51490 And 112191 bytes leaked in 221 chunks [18:27:22] 1009 file=lhash.c, line=193, thread=139766236079872, number=24, address=7F1D6CA311E0 [18:27:22] 36 file=lhash.c, line=193, thread=139766236079872, number=24, address=7F1D6CA329B0 [18:27:22] 404 file=bn_lib.c, line=317, thread=139766236079872, number=264, address=7F1D6CA3B480 [18:27:22] 400 file=bn_mont.c, line=325, thread=139766236079872, number=104, address=7F1D6CA3BC80 [18:27:22] 401 file=bn_lib.c, line=317, thread=139766236079872, number=128, address=7F1D6CA3AE20 [18:27:22] 1012 file=s3_both.c, line=708, thread=139766236079872, number=17744, address=7F1D6CA42580 [18:27:22] 1008 file=err.c, line=1019, thread=139766236079872, number=600, address=7F1D6CA21C00 [18:27:22] 329 file=bn_lib.c, line=317, thread=139766236079872, number=256, address=7F1D6CA39FF0 [18:27:22] 363 file=bn_lib.c, line=317, thread=139766236079872, number=256, address=7F1D6CA3B160 Is this data conclusive to arrive at a position ?? -- View this message in context: http://openssl.6102.n7.nabble.com/regarding-memory-cleanup-at-end-of-each-DTLS-session-tp70145p70176.html Sent from the OpenSSL - User mailing list archive at Nabble.com. From rsalz at akamai.com Thu Mar 23 11:59:42 2017 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 23 Mar 2017 11:59:42 +0000 Subject: [openssl-users] One question about RSA decrypt with private key In-Reply-To: References: , Message-ID: <61b51881dc5648779958479b8913de68@usma1ex-dag1mb1.msg.corp.akamai.com> > For encrypting user data such as user's password, could I use PKCS#1 or OAEP padding mode? If you do not know what you are doing, use the defaults. From yu2003w at hotmail.com Thu Mar 23 03:22:59 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Thu, 23 Mar 2017 03:22:59 +0000 Subject: [openssl-users] decrypt data with rsa privated key failed Message-ID: Hi guys, I generated RSA private key and public key as below, openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in pri.key -out pub.key And encrypted text file as below, openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt Then I wrote below program to decrypt the encryted file. However, it didn't work as expected. #include #include #include #include #include #include using namespace std; void cleanup() { EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); } int main(int argc, char** argv) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(nullptr); cout<<"Initialize crypto library done"< From yu2003w at hotmail.com Wed Mar 22 17:33:22 2017 From: yu2003w at hotmail.com (Yu Wei) Date: Wed, 22 Mar 2017 17:33:22 +0000 Subject: [openssl-users] decrypt with RSA private key failed Message-ID: Hi guys, I generated RSA private key and public key as below, openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in pri.key -out pub.key And encrypted text file as below, openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt Then I wrote below program to decrypt the encryted file. However, it seemed that decrypt didn't work as expected. #include #include #include #include #include #include using namespace std; void cleanup() { EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); } int main(int argc, char** argv) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(nullptr); cout<<"Initialize crypto library done"< From reachme at kajasweb.com Fri Mar 24 13:40:41 2017 From: reachme at kajasweb.com (R Kaja Mohideen) Date: Fri, 24 Mar 2017 19:10:41 +0530 Subject: [openssl-users] OpenSSL sending close_notify right after responding to a heartbeat request Message-ID: Hi, We have a TLS Server (Written in C) and Client (Written in Java using Netty + OpenSSL). I see that when Server sends a TLS extension Heartbeat request to client - OpenSSL responds to it and sends a close_notify alert right after it - causing the server to close the session with client. I don't have any callback registered in client (HB request recipient side - Java/Netty doesn't really have that support) and so I'm sure that it is OpenSSL by itself is responding to that heartbeat request. But, who or what is making OpenSSL to send an alert & close the session upon responding to heartbeat remains a mystery. Any help / suggestions to investigate this issue is highly appreciated. Thanks & regards, R Kaja Mohideen From steve at openssl.org Fri Mar 24 17:46:28 2017 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 24 Mar 2017 17:46:28 +0000 Subject: [openssl-users] how to implement functions for STACK OF custom type? In-Reply-To: References: Message-ID: <20170324174628.GA16753@openssl.org> On Tue, Mar 21, 2017, lists wrote: > Sorry, I first posted this on the -dev list, likely inappropriate... now with an update: > > I am exploring my options with OpenSSL and specifically I am trying to manage the stacks for some custom objects. > Currently, I have this code (sort of) in the headers: > > typedef struct myThingA_st > { > ???? ASN1_OBJECT aID; > ???? ASN1_OCTET_STRING aOCST; > } > ???? myThingA; > > DECLARE_ASN1_ITEM(myThingA) > DECLARE_ASN1_FUNCTIONS(myThingA) > DECLARE_STACK_OF(myThingA) > // the next one seems to be ininfluent for my purpose, is it? > DECLARE_ASN1_SET_OF(myThingA) > > typedef struct myThingB_st > { > ???? // SEQUENCE OF { ... } > ???? STACK_OF(myThingA) myThingA_sk; > } > ???? myThingB; > > // DECLARE_ASN1_ITEM(myThingB) > DECLARE_STACK_OF(myThingB) > // DECLARE_ASN1_FUNCTIONS(myThingB) > // the next one seems to be ininfluent for my purpose, is it? > DECLARE_ASN1_SET_OF(myThingB) > > Then, in the .c file... > > IMPLEMENT_STACK_OF(myThingA) > IMPLEMENT_STACK_OF(myThingB) > > I thought that the basic functions for the stacks to be available (such as sk_myThingA_new, sk_myThingA_push...), yet by compiling a main, for > the first one that I try to use I get: > > ?????? undefined reference to `sk_myThingA_value' > > What am I doing wrong here? If you're using OpenSSL 1.1.0 you need to include: DEFINE_STACK_OF(FOO) in a header file and that should be it. That implements a set of inline functions that do the right thing. For OpenSSL versions before 1.1.0 it's a bit messier. The type specific STACK_OF functions are actually macros which are generated by the mkstack.pl script and appear in the safestack.h header file. If you want to create your own one way is to extract a type specific section from safestack.h, copy it to your own header file and do a search/replace for the new type. So for example extract the sk_OPENSSL_BLOCK macros and replace OPENSSL_BLOCK with FOO. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From leikong at msn.com Fri Mar 24 21:51:07 2017 From: leikong at msn.com (Lei Kong) Date: Fri, 24 Mar 2017 21:51:07 +0000 Subject: [openssl-users] TLSv1_2_method Message-ID: Can processes running with TLSv1_2_method talk to processes running with something older, e.g. TLSv1_1_method? Along the same lines, will new TLS versions be backward compatible with TLSv1_2_method ? I would like to make my code proof, is there something like TLS_latest_method()? I have a cluster of nodes that talk to each other with TLS, currently the version is hardcoded to TLSv1_2_method. Suppose TLSv1_2 is deprecated by TLS_new one day, I update my service to use TLS_new node by node, during this time, some old nodes are running with TLSv1_2, some new nodes are running with new TLS_new, will the communication between old and new nodes work? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Sat Mar 25 07:19:55 2017 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 25 Mar 2017 03:19:55 -0400 Subject: [openssl-users] TLSv1_2_method In-Reply-To: References: Message-ID: <5D881D46-87A5-4053-B166-F1EE4AA52619@dukhovni.org> > On Mar 24, 2017, at 5:51 PM, Lei Kong wrote: > > TLS_latest_method https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html ... TLS_method(), TLS_server_method(), TLS_client_method() These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. Applications should use these methods, and avoid the version-specific methods described below. With OpenSSL 1.0.2 these are called SSLv23_method(), ... https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html -- Viktor. From ghanashyam.satpathy at gmail.com Sat Mar 25 14:05:06 2017 From: ghanashyam.satpathy at gmail.com (ghanashyam satpathy) Date: Sat, 25 Mar 2017 19:35:06 +0530 Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl 7.50.3 Message-ID: I use libcurl 7.50.3 as statically linked in my application dll , along with openssl 1.1.0b also statically linked. The dll is dynamically loaded using LoadLibrary() and unloaded using FreeLibrary() inside application exe. I observed a TLS index is not getting freed which was allocated inside openssl. To narrow down the issue I have following exported function, which I call from my application exe. After FreeLibrary() I see the TLS leak through APplication verifier. extern "C" __declspec(dllexport) void CurlSetup() { curl_global_init(CURL_GLOBAL_DEFAULT); curl_global_cleanup(); return; } An early reply in this context is appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sat Mar 25 14:13:47 2017 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 25 Mar 2017 14:13:47 +0000 Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl 7.50.3 In-Reply-To: References: Message-ID: <6d87957f6c654825a6a6c6f0d3d4a20a@usma1ex-dag1mb1.msg.corp.akamai.com> Those are curl functions, not openssl -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richsalz at jabber.at Twitter: RichSalz From: ghanashyam satpathy [mailto:ghanashyam.satpathy at gmail.com] Sent: Saturday, March 25, 2017 10:05 AM To: openssl-users at openssl.org Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl 7.50.3 I use libcurl 7.50.3 as statically linked in my application dll , along with openssl 1.1.0b also statically linked. The dll is dynamically loaded using LoadLibrary() and unloaded using FreeLibrary() inside application exe. I observed a TLS index is not getting freed which was allocated inside openssl. To narrow down the issue I have following exported function, which I call from my application exe. After FreeLibrary() I see the TLS leak through APplication verifier. extern "C" __declspec(dllexport) void CurlSetup() { curl_global_init(CURL_GLOBAL_DEFAULT); curl_global_cleanup(); return; } An early reply in this context is appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From ghanashyam.satpathy at gmail.com Sat Mar 25 15:29:10 2017 From: ghanashyam.satpathy at gmail.com (ghanashyam satpathy) Date: Sat, 25 Mar 2017 20:59:10 +0530 Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 33 In-Reply-To: References: Message-ID: However this type of TLS leak was not there when my application was using OpenSSL 1.0.2 Noticed after using OpenSSL 1.1.0b On Sat, Mar 25, 2017 at 8:12 PM, wrote: > Send openssl-users mailing list submissions to > openssl-users at openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-request at openssl.org > > You can reach the person managing the list at > openssl-users-owner at openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. OpenSSL sending close_notify right after responding to a > heartbeat request (R Kaja Mohideen) > 2. Re: how to implement functions for STACK OF custom type? > (Dr. Stephen Henson) > 3. TLSv1_2_method (Lei Kong) > 4. Re: TLSv1_2_method (Viktor Dukhovni) > 5. TLS leak for openssl 1.1.0b with libcurl 7.50.3 > (ghanashyam satpathy) > 6. Re: TLS leak for openssl 1.1.0b with libcurl 7.50.3 (Salz, Rich) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 24 Mar 2017 19:10:41 +0530 > From: R Kaja Mohideen > To: openssl-users at openssl.org > Subject: [openssl-users] OpenSSL sending close_notify right after > responding to a heartbeat request > Message-ID: > mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Hi, > > We have a TLS Server (Written in C) and Client (Written in Java using > Netty + OpenSSL). > > I see that when Server sends a TLS extension Heartbeat request to > client - OpenSSL responds to it and sends a close_notify alert right > after it - causing the server to close the session with client. > > I don't have any callback registered in client (HB request recipient > side - Java/Netty doesn't really have that support) and so I'm sure > that it is OpenSSL by itself is responding to that heartbeat request. > But, who or what is making OpenSSL to send an alert & close the > session upon responding to heartbeat remains a mystery. > > Any help / suggestions to investigate this issue is highly appreciated. > > Thanks & regards, > R Kaja Mohideen > > > ------------------------------ > > Message: 2 > Date: Fri, 24 Mar 2017 17:46:28 +0000 > From: "Dr. Stephen Henson" > To: openssl-users at openssl.org > Subject: Re: [openssl-users] how to implement functions for STACK OF > custom type? > Message-ID: <20170324174628.GA16753 at openssl.org> > Content-Type: text/plain; charset=iso-8859-1 > > On Tue, Mar 21, 2017, lists wrote: > > > Sorry, I first posted this on the -dev list, likely inappropriate... now > with an update: > > > > I am exploring my options with OpenSSL and specifically I am trying to > manage the stacks for some custom objects. > > Currently, I have this code (sort of) in the headers: > > > > typedef struct myThingA_st > > { > > ???? ASN1_OBJECT aID; > > ???? ASN1_OCTET_STRING aOCST; > > } > > ???? myThingA; > > > > DECLARE_ASN1_ITEM(myThingA) > > DECLARE_ASN1_FUNCTIONS(myThingA) > > DECLARE_STACK_OF(myThingA) > > // the next one seems to be ininfluent for my purpose, is it? > > DECLARE_ASN1_SET_OF(myThingA) > > > > typedef struct myThingB_st > > { > > ???? // SEQUENCE OF { ... } > > ???? STACK_OF(myThingA) myThingA_sk; > > } > > ???? myThingB; > > > > // DECLARE_ASN1_ITEM(myThingB) > > DECLARE_STACK_OF(myThingB) > > // DECLARE_ASN1_FUNCTIONS(myThingB) > > // the next one seems to be ininfluent for my purpose, is it? > > DECLARE_ASN1_SET_OF(myThingB) > > > > Then, in the .c file... > > > > IMPLEMENT_STACK_OF(myThingA) > > IMPLEMENT_STACK_OF(myThingB) > > > > I thought that the basic functions for the stacks to be available (such > as sk_myThingA_new, sk_myThingA_push...), yet by compiling a main, for > > the first one that I try to use I get: > > > > ?????? undefined reference to `sk_myThingA_value' > > > > What am I doing wrong here? > > If you're using OpenSSL 1.1.0 you need to include: > > DEFINE_STACK_OF(FOO) > > in a header file and that should be it. That implements a set of inline > functions that do the right thing. > > For OpenSSL versions before 1.1.0 it's a bit messier. The type specific > STACK_OF functions are actually macros which are generated by the > mkstack.pl > script and appear in the safestack.h header file. If you want to create > your > own one way is to extract a type specific section from safestack.h, copy it > to your own header file and do a search/replace for the new type. > > So for example extract the sk_OPENSSL_BLOCK macros and replace > OPENSSL_BLOCK > with FOO. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > > > ------------------------------ > > Message: 3 > Date: Fri, 24 Mar 2017 21:51:07 +0000 > From: Lei Kong > To: "openssl-users at openssl.org" > Subject: [openssl-users] TLSv1_2_method > Message-ID: > exchangelabs.com> > > Content-Type: text/plain; charset="us-ascii" > > Can processes running with TLSv1_2_method talk to processes running with > something older, e.g. TLSv1_1_method? Along the same lines, will new TLS > versions be backward compatible with TLSv1_2_method ? > > I would like to make my code proof, is there something like > TLS_latest_method()? > > I have a cluster of nodes that talk to each other with TLS, currently the > version is hardcoded to TLSv1_2_method. Suppose TLSv1_2 is deprecated by > TLS_new one day, I update my service to use TLS_new node by node, during > this time, some old nodes are running with TLSv1_2, some new nodes are > running with new TLS_new, will the communication between old and new nodes > work? > > Thanks. > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170324/1f4d53f0/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Sat, 25 Mar 2017 03:19:55 -0400 > From: Viktor Dukhovni > To: openssl-users at openssl.org > Subject: Re: [openssl-users] TLSv1_2_method > Message-ID: <5D881D46-87A5-4053-B166-F1EE4AA52619 at dukhovni.org> > Content-Type: text/plain; charset=us-ascii > > > > On Mar 24, 2017, at 5:51 PM, Lei Kong wrote: > > > > TLS_latest_method > > https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html > > ... > > TLS_method(), TLS_server_method(), TLS_client_method() > > These are the general-purpose version-flexible SSL/TLS methods. > The actual protocol version used will be negotiated to the > highest version mutually supported by the client and the server. > The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. > Applications should use these methods, and avoid the version-specific > methods described below. > > With OpenSSL 1.0.2 these are called SSLv23_method(), ... > > https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html > > -- > Viktor. > > > > ------------------------------ > > Message: 5 > Date: Sat, 25 Mar 2017 19:35:06 +0530 > From: ghanashyam satpathy > To: openssl-users at openssl.org > Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl > 7.50.3 > Message-ID: > gmail.com> > Content-Type: text/plain; charset="utf-8" > > I use libcurl 7.50.3 as statically linked in my application dll , along > with openssl 1.1.0b also statically linked. The dll is dynamically loaded > using LoadLibrary() and unloaded using FreeLibrary() inside application > exe. I observed a TLS index is not getting freed which was allocated inside > openssl. To narrow down the issue I have following exported function, which > I call from my application exe. After FreeLibrary() I see the TLS leak > through APplication verifier. > > extern "C" __declspec(dllexport) > void CurlSetup() > { > > curl_global_init(CURL_GLOBAL_DEFAULT); > curl_global_cleanup(); > return; > > } > > An early reply in this context is appreciated. > > Thanks > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170325/12c0ccde/attachment-0001.html> > > ------------------------------ > > Message: 6 > Date: Sat, 25 Mar 2017 14:13:47 +0000 > From: "Salz, Rich" > To: "openssl-users at openssl.org" > Subject: Re: [openssl-users] TLS leak for openssl 1.1.0b with libcurl > 7.50.3 > Message-ID: > <6d87957f6c654825a6a6c6f0d3d4a20a at usma1ex-dag1mb1.msg.corp. > akamai.com> > Content-Type: text/plain; charset="utf-8" > > Those are curl functions, not openssl > > -- > Senior Architect, Akamai Technologies > Member, OpenSSL Dev Team > IM: richsalz at jabber.at Twitter: RichSalz > > From: ghanashyam satpathy [mailto:ghanashyam.satpathy at gmail.com] > Sent: Saturday, March 25, 2017 10:05 AM > To: openssl-users at openssl.org > Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl 7.50.3 > > I use libcurl 7.50.3 as statically linked in my application dll , along > with openssl 1.1.0b also statically linked. The dll is dynamically loaded > using LoadLibrary() and unloaded using FreeLibrary() inside application > exe. I observed a TLS index is not getting freed which was allocated inside > openssl. To narrow down the issue I have following exported function, which > I call from my application exe. After FreeLibrary() I see the TLS leak > through APplication verifier. > > extern "C" __declspec(dllexport) > void CurlSetup() > { > > curl_global_init(CURL_GLOBAL_DEFAULT); > curl_global_cleanup(); > return; > > } > > An early reply in this context is appreciated. > > Thanks > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170325/1a5b8980/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 33 > ********************************************* > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ghanashyam.satpathy at gmail.com Sat Mar 25 16:37:15 2017 From: ghanashyam.satpathy at gmail.com (ghanashyam satpathy) Date: Sat, 25 Mar 2017 22:07:15 +0530 Subject: [openssl-users] openssl-users Digest, Vol 28, Issue 33 In-Reply-To: References: Message-ID: It seems any TLS being allocated from the call stack of ERR_get_state() is not getting freed. I used an OPENSSL sample demos\bio\server-cmod.c and it reproduces the issue. Any tips to resolve this issue is appreciated. > testConsoleApplication.exe!CRYPTO_THREAD_init_local(unsigned long * key, void (void *) * cleanup) Line 93 C testConsoleApplication.exe!err_do_init() Line 637 C testConsoleApplication.exe!err_do_init_ossl_() Line 634 C testConsoleApplication.exe!CRYPTO_THREAD_run_once(long * once, void (void) * init) Line 82 C testConsoleApplication.exe!ERR_get_state() Line 643 C testConsoleApplication.exe!ERR_put_error(int lib, int func, int reason, const char * file, int line) Line 358 C testConsoleApplication.exe!BIO_new_file(const char * filename, const char * mode) Line 75 C testConsoleApplication.exe!def_load(conf_st * conf, const char * name, long * line) Line 140 C testConsoleApplication.exe!NCONF_load(conf_st * conf, const char * file, long * eline) Line 217 C testConsoleApplication.exe!CONF_modules_load_file(const char * filename, const char * appname, unsigned long flags) Line 129 C testConsoleApplication.exe!main(int argc, char * * argv) Line 120 C++ [External Code] //demos\bio\server-cmod.c #include #include #include #include #include int main(int argc, char *argv[]) { unsigned char buf[512]; char *port = "*:4433"; BIO *in = NULL; BIO *ssl_bio, *tmp; SSL_CTX *ctx; int ret = 1, i; ctx = SSL_CTX_new(TLS_server_method()); if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { fprintf(stderr, "Error processing config file\n"); goto err; } if (SSL_CTX_config(ctx, "server") == 0) { fprintf(stderr, "Error configuring server.\n"); goto err; } /* Setup server side SSL bio */ ssl_bio = BIO_new_ssl(ctx, 0); if ((in = BIO_new_accept(port)) == NULL) goto err; /* * This means that when a new connection is accepted on 'in', The ssl_bio * will be 'duplicated' and have the new socket BIO push into it. * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); again: /* * The first call will setup the accept socket, and the second will get a * socket. In this loop, the first actual accept will occur in the * BIO_read() function. */ if (BIO_do_accept(in) <= 0) goto err; for (;;) { i = BIO_read(in, buf, sizeof(buf)); if (i == 0) { /* * If we have finished, remove the underlying BIO stack so the * next time we call any function for this BIO, it will attempt * to do an accept */ printf("Done\n"); tmp = BIO_pop(in); BIO_free_all(tmp); goto again; } if (i < 0) { if (BIO_should_retry(in)) continue; goto err; } fwrite(buf, 1, i, stdout); fflush(stdout); } ret = 0; err: if (ret) { ERR_print_errors_fp(stderr); } BIO_free(in); exit(ret); return (!ret); } On Sat, Mar 25, 2017 at 8:59 PM, ghanashyam satpathy < ghanashyam.satpathy at gmail.com> wrote: > However this type of TLS leak was not there when my application was using > OpenSSL 1.0.2 > Noticed after using OpenSSL 1.1.0b > > On Sat, Mar 25, 2017 at 8:12 PM, > wrote: > >> Send openssl-users mailing list submissions to >> openssl-users at openssl.org >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://mta.openssl.org/mailman/listinfo/openssl-users >> or, via email, send a message with subject or body 'help' to >> openssl-users-request at openssl.org >> >> You can reach the person managing the list at >> openssl-users-owner at openssl.org >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of openssl-users digest..." >> >> >> Today's Topics: >> >> 1. OpenSSL sending close_notify right after responding to a >> heartbeat request (R Kaja Mohideen) >> 2. Re: how to implement functions for STACK OF custom type? >> (Dr. Stephen Henson) >> 3. TLSv1_2_method (Lei Kong) >> 4. Re: TLSv1_2_method (Viktor Dukhovni) >> 5. TLS leak for openssl 1.1.0b with libcurl 7.50.3 >> (ghanashyam satpathy) >> 6. Re: TLS leak for openssl 1.1.0b with libcurl 7.50.3 (Salz, Rich) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Fri, 24 Mar 2017 19:10:41 +0530 >> From: R Kaja Mohideen >> To: openssl-users at openssl.org >> Subject: [openssl-users] OpenSSL sending close_notify right after >> responding to a heartbeat request >> Message-ID: >> > gmail.com> >> Content-Type: text/plain; charset=UTF-8 >> >> Hi, >> >> We have a TLS Server (Written in C) and Client (Written in Java using >> Netty + OpenSSL). >> >> I see that when Server sends a TLS extension Heartbeat request to >> client - OpenSSL responds to it and sends a close_notify alert right >> after it - causing the server to close the session with client. >> >> I don't have any callback registered in client (HB request recipient >> side - Java/Netty doesn't really have that support) and so I'm sure >> that it is OpenSSL by itself is responding to that heartbeat request. >> But, who or what is making OpenSSL to send an alert & close the >> session upon responding to heartbeat remains a mystery. >> >> Any help / suggestions to investigate this issue is highly appreciated. >> >> Thanks & regards, >> R Kaja Mohideen >> >> >> ------------------------------ >> >> Message: 2 >> Date: Fri, 24 Mar 2017 17:46:28 +0000 >> From: "Dr. Stephen Henson" >> To: openssl-users at openssl.org >> Subject: Re: [openssl-users] how to implement functions for STACK OF >> custom type? >> Message-ID: <20170324174628.GA16753 at openssl.org> >> Content-Type: text/plain; charset=iso-8859-1 >> >> On Tue, Mar 21, 2017, lists wrote: >> >> > Sorry, I first posted this on the -dev list, likely inappropriate... >> now with an update: >> > >> > I am exploring my options with OpenSSL and specifically I am trying to >> manage the stacks for some custom objects. >> > Currently, I have this code (sort of) in the headers: >> > >> > typedef struct myThingA_st >> > { >> > ???? ASN1_OBJECT aID; >> > ???? ASN1_OCTET_STRING aOCST; >> > } >> > ???? myThingA; >> > >> > DECLARE_ASN1_ITEM(myThingA) >> > DECLARE_ASN1_FUNCTIONS(myThingA) >> > DECLARE_STACK_OF(myThingA) >> > // the next one seems to be ininfluent for my purpose, is it? >> > DECLARE_ASN1_SET_OF(myThingA) >> > >> > typedef struct myThingB_st >> > { >> > ???? // SEQUENCE OF { ... } >> > ???? STACK_OF(myThingA) myThingA_sk; >> > } >> > ???? myThingB; >> > >> > // DECLARE_ASN1_ITEM(myThingB) >> > DECLARE_STACK_OF(myThingB) >> > // DECLARE_ASN1_FUNCTIONS(myThingB) >> > // the next one seems to be ininfluent for my purpose, is it? >> > DECLARE_ASN1_SET_OF(myThingB) >> > >> > Then, in the .c file... >> > >> > IMPLEMENT_STACK_OF(myThingA) >> > IMPLEMENT_STACK_OF(myThingB) >> > >> > I thought that the basic functions for the stacks to be available (such >> as sk_myThingA_new, sk_myThingA_push...), yet by compiling a main, for >> > the first one that I try to use I get: >> > >> > ?????? undefined reference to `sk_myThingA_value' >> > >> > What am I doing wrong here? >> >> If you're using OpenSSL 1.1.0 you need to include: >> >> DEFINE_STACK_OF(FOO) >> >> in a header file and that should be it. That implements a set of inline >> functions that do the right thing. >> >> For OpenSSL versions before 1.1.0 it's a bit messier. The type specific >> STACK_OF functions are actually macros which are generated by the >> mkstack.pl >> script and appear in the safestack.h header file. If you want to create >> your >> own one way is to extract a type specific section from safestack.h, copy >> it >> to your own header file and do a search/replace for the new type. >> >> So for example extract the sk_OPENSSL_BLOCK macros and replace >> OPENSSL_BLOCK >> with FOO. >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> >> >> ------------------------------ >> >> Message: 3 >> Date: Fri, 24 Mar 2017 21:51:07 +0000 >> From: Lei Kong >> To: "openssl-users at openssl.org" >> Subject: [openssl-users] TLSv1_2_method >> Message-ID: >> > hangelabs.com> >> >> Content-Type: text/plain; charset="us-ascii" >> >> Can processes running with TLSv1_2_method talk to processes running with >> something older, e.g. TLSv1_1_method? Along the same lines, will new TLS >> versions be backward compatible with TLSv1_2_method ? >> >> I would like to make my code proof, is there something like >> TLS_latest_method()? >> >> I have a cluster of nodes that talk to each other with TLS, currently the >> version is hardcoded to TLSv1_2_method. Suppose TLSv1_2 is deprecated by >> TLS_new one day, I update my service to use TLS_new node by node, during >> this time, some old nodes are running with TLSv1_2, some new nodes are >> running with new TLS_new, will the communication between old and new nodes >> work? >> >> Thanks. >> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: > 20170324/1f4d53f0/attachment-0001.html> >> >> ------------------------------ >> >> Message: 4 >> Date: Sat, 25 Mar 2017 03:19:55 -0400 >> From: Viktor Dukhovni >> To: openssl-users at openssl.org >> Subject: Re: [openssl-users] TLSv1_2_method >> Message-ID: <5D881D46-87A5-4053-B166-F1EE4AA52619 at dukhovni.org> >> Content-Type: text/plain; charset=us-ascii >> >> >> > On Mar 24, 2017, at 5:51 PM, Lei Kong wrote: >> > >> > TLS_latest_method >> >> https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html >> >> ... >> >> TLS_method(), TLS_server_method(), TLS_client_method() >> >> These are the general-purpose version-flexible SSL/TLS methods. >> The actual protocol version used will be negotiated to the >> highest version mutually supported by the client and the server. >> The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. >> Applications should use these methods, and avoid the version-specific >> methods described below. >> >> With OpenSSL 1.0.2 these are called SSLv23_method(), ... >> >> https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html >> >> -- >> Viktor. >> >> >> >> ------------------------------ >> >> Message: 5 >> Date: Sat, 25 Mar 2017 19:35:06 +0530 >> From: ghanashyam satpathy >> To: openssl-users at openssl.org >> Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl >> 7.50.3 >> Message-ID: >> > ail.com> >> Content-Type: text/plain; charset="utf-8" >> >> I use libcurl 7.50.3 as statically linked in my application dll , along >> with openssl 1.1.0b also statically linked. The dll is dynamically loaded >> using LoadLibrary() and unloaded using FreeLibrary() inside application >> exe. I observed a TLS index is not getting freed which was allocated >> inside >> openssl. To narrow down the issue I have following exported function, >> which >> I call from my application exe. After FreeLibrary() I see the TLS leak >> through APplication verifier. >> >> extern "C" __declspec(dllexport) >> void CurlSetup() >> { >> >> curl_global_init(CURL_GLOBAL_DEFAULT); >> curl_global_cleanup(); >> return; >> >> } >> >> An early reply in this context is appreciated. >> >> Thanks >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: > 20170325/12c0ccde/attachment-0001.html> >> >> ------------------------------ >> >> Message: 6 >> Date: Sat, 25 Mar 2017 14:13:47 +0000 >> From: "Salz, Rich" >> To: "openssl-users at openssl.org" >> Subject: Re: [openssl-users] TLS leak for openssl 1.1.0b with libcurl >> 7.50.3 >> Message-ID: >> <6d87957f6c654825a6a6c6f0d3d4a20a at usma1ex-dag1mb1.msg.corp.a >> kamai.com> >> Content-Type: text/plain; charset="utf-8" >> >> Those are curl functions, not openssl >> >> -- >> Senior Architect, Akamai Technologies >> Member, OpenSSL Dev Team >> IM: richsalz at jabber.at Twitter: RichSalz >> >> From: ghanashyam satpathy [mailto:ghanashyam.satpathy at gmail.com] >> Sent: Saturday, March 25, 2017 10:05 AM >> To: openssl-users at openssl.org >> Subject: [openssl-users] TLS leak for openssl 1.1.0b with libcurl 7.50.3 >> >> I use libcurl 7.50.3 as statically linked in my application dll , along >> with openssl 1.1.0b also statically linked. The dll is dynamically loaded >> using LoadLibrary() and unloaded using FreeLibrary() inside application >> exe. I observed a TLS index is not getting freed which was allocated >> inside >> openssl. To narrow down the issue I have following exported function, >> which >> I call from my application exe. After FreeLibrary() I see the TLS leak >> through APplication verifier. >> >> extern "C" __declspec(dllexport) >> void CurlSetup() >> { >> >> curl_global_init(CURL_GLOBAL_DEFAULT); >> curl_global_cleanup(); >> return; >> >> } >> >> An early reply in this context is appreciated. >> >> Thanks >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: > 20170325/1a5b8980/attachment.html> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> openssl-users mailing list >> openssl-users at openssl.org >> https://mta.openssl.org/mailman/listinfo/openssl-users >> >> >> ------------------------------ >> >> End of openssl-users Digest, Vol 28, Issue 33 >> ********************************************* >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chintuhema at gmail.com Mon Mar 27 06:29:16 2017 From: chintuhema at gmail.com (Hema Murthy) Date: Mon, 27 Mar 2017 11:59:16 +0530 Subject: [openssl-users] SSL cipher list to disable TLS 1.0 & TLS 1.1 In-Reply-To: References: Message-ID: Hi, My system is FreeBSD 10.2 OpenSSL 1.0.2h lighttpd :lighttpd-1.4.23 Am trying to disable TLS1.0 and TLS1.1 through lighttpd.conf but am not sure of what is the equivalent cipher list to be used. I followed the below link and it didnt work for me. In case of Appweb Server,I was able to successfully disable TLS1.0 & Above and TLS1.1 & Above using SSLProtocol = "ALL -SSLV2 -SSLV3 -TLSV1" SSLProtocol = "ALL -SSLV2 -SSLV3 -TLSV1.1" But the same cipher is not working for lighttpd. Am very new to this and do not know how to proceed further. Would be great and appreciate if anyone can give me pointers on this. Please help. Thanks & Regards, Hema -------------- next part -------------- An HTML attachment was scrubbed... URL: From raja.ashok at huawei.com Mon Mar 27 08:25:16 2017 From: raja.ashok at huawei.com (Raja ashok) Date: Mon, 27 Mar 2017 08:25:16 +0000 Subject: [openssl-users] In ssl3_write_bytes, some checks related to hanlding write failure are missing Message-ID: Hi, I feel there is a check missing in ssl3_write_bytes, in case of handling write failure. Consider SSL_write is called with 20000 bytes buffer, then internally in ssl3_write_bytes we try to send it as two record (16384 and 3616). If TCP send failed for the second record then we store the states internally (wnum, wpend_tot and wpend_buf) and return back the result. Later application has to call SSL_write with same buffer, if it calls with different buffer of length 100 byte then we fail that in ssl3_write_bytes using the check (len < tot). But consider application calls with buffer of size 18000 bytes and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is enabled. Then (len < tot) will not succeed as tot is 16384. Then it will call ssl3_write_pending to send the remaining 3616 record. If it succeeds we are incrementing tot, (tot += i). Now tot will have 20000. Later there is a check (tot == len), this will not succeed. Then directly we are doing n = (len - tot), this will overflow and store a value close to 2^32 in n. Then it will cause out of bound access to the application buffer "buf". I hope we should have one more check (len < (tot + s->s3->wpend_tot)) before calling ssl3_write_pending. if ((len < tot) || (len < (tot + s->s3->wpend_tot))){ SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } Note : I am referring 1.0.2k version of OpenSSL. Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 6737 bytes Desc: image001.jpg URL: From joshi.sanjaya at gmail.com Mon Mar 27 12:07:46 2017 From: joshi.sanjaya at gmail.com (Sanjaya Joshi) Date: Mon, 27 Mar 2017 17:37:46 +0530 Subject: [openssl-users] Reg, TLS over SCTP (SOCK_SEQPACKET) In-Reply-To: <26E0FB9A-4315-41EF-8345-53DDF4A75474@lurchi.franken.de> References: <0cd2f7cd66794e7193596f9788981521@usma1ex-dag1mb1.msg.corp.akamai.com> <26E0FB9A-4315-41EF-8345-53DDF4A75474@lurchi.franken.de> Message-ID: Hi, Thanks for the pointers. We will consider that option. Regards, Sanjaya On Wed, Mar 1, 2017 at 6:59 PM, Michael Tuexen < Michael.Tuexen at lurchi.franken.de> wrote: > > On 1 Mar 2017, at 06:34, Sanjaya Joshi wrote: > > > > Hi, > > Thank you Salz Rich for the confirmation. > > So, whether application can perform manual TLS handshakes when > SOCK_SEQPACKET is used ? > I this the SOCK_SEQPACKET model doesn't fit well to the way the openssl > code is layed out. > They basically want a one-to-one relation between a bio (for example a > socket bio) and > a TLS connection. So there is no muxing/demuxing ongoing. > > I'm wondering why you are sticking to the 1-to-many style sockets and why > you are not > considering DTLS over SCTP instead of TLS over SCTP. DTLS over SCTP using > one-to-one > style sockets (SOCK_STREAM) is supported by OpenSSL on Linux and FreeBSD. > > Best regards > Michael > > > > Regards, > > Sanjaya > > > > On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich wrote: > > > But these calls don't work when SOCK_SEQPACKET (one-to-many > connections) is used. Does openssl provide any alternatives for these calls > ? Or an application need to perform the TLS handshakes manually ? > > > > This is not supported, and there are no demo's available. > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From reachme at kajasweb.com Mon Mar 27 17:54:36 2017 From: reachme at kajasweb.com (R Kaja Mohideen) Date: Mon, 27 Mar 2017 23:24:36 +0530 Subject: [openssl-users] OpenSSL sending close_notify right after responding to a heartbeat request In-Reply-To: References: Message-ID: I have used backtrace function (execinfo.h) as documented here (http://www.gnu.org/software/libc/manual/html_node/Backtraces.html) in couple of OpenSSL source files - ssl_lib.c (ssl_shutdown) and s3_pkt.c (ssl3_send_alert). I have actually used the exact same example from that page for getting the stack trace printed from those two functions. When I reproduce the issue - following is the stacktrace I got Obtained 3 stack frames. /OpenSSL/libssl.so.1.0.0(printStackTrace+0x2d) [0x7f13927f482d] /OpenSSL/libssl.so.1.0.0(SSL_shutdown+0x9) [0x7f13927f74a9] [0x7f14a901f9e4] Obtained 4 stack frames. /OpenSSL/libssl.so.1.0.0(printStackTrace1+0x2d) [0x7f13927da4dd] /OpenSSL/libssl.so.1.0.0(ssl3_send_alert+0x11) [0x7f13927dbe11] /OpenSSL/libssl.so.1.0.0(ssl3_shutdown+0xa2) [0x7f13927d8662] [0x7f14a901f9e4] I'm surprised to see that I'm not able to get the caller details using backtrace. Is it due to architecture of OpenSSL or something which makes OpenSSL to use a new thread for invoking ssl_shutdown? Any OpenSSL developers? // Kaja On Fri, Mar 24, 2017 at 7:10 PM, R Kaja Mohideen wrote: > Hi, > > We have a TLS Server (Written in C) and Client (Written in Java using > Netty + OpenSSL). > > I see that when Server sends a TLS extension Heartbeat request to > client - OpenSSL responds to it and sends a close_notify alert right > after it - causing the server to close the session with client. > > I don't have any callback registered in client (HB request recipient > side - Java/Netty doesn't really have that support) and so I'm sure > that it is OpenSSL by itself is responding to that heartbeat request. > But, who or what is making OpenSSL to send an alert & close the > session upon responding to heartbeat remains a mystery. > > Any help / suggestions to investigate this issue is highly appreciated. > > Thanks & regards, > R Kaja Mohideen From lists at rustichelli.net Mon Mar 27 18:01:12 2017 From: lists at rustichelli.net (lists) Date: Mon, 27 Mar 2017 20:01:12 +0200 Subject: [openssl-users] how to implement functions for STACK OF custom type? In-Reply-To: <20170324174628.GA16753@openssl.org> References: <20170324174628.GA16753@openssl.org> Message-ID: On 03/24/2017 06:46 PM, Dr. Stephen Henson wrote: > On Tue, Mar 21, 2017, lists wrote: > >> Sorry, I first posted this on the -dev list, likely inappropriate... now with an update: >> >> I am exploring my options with OpenSSL and specifically I am trying to manage the stacks for some custom objects. >> Currently, I have this code (sort of) in the headers: >> >> typedef struct myThingA_st >> { >> ASN1_OBJECT aID; >> ASN1_OCTET_STRING aOCST; >> } >> myThingA; >> >> DECLARE_ASN1_ITEM(myThingA) >> DECLARE_ASN1_FUNCTIONS(myThingA) >> DECLARE_STACK_OF(myThingA) >> [...] > If you're using OpenSSL 1.1.0 you need to include: > > DEFINE_STACK_OF(FOO) > > in a header file and that should be it. That implements a set of inline > functions that do the right thing. > > For OpenSSL versions before 1.1.0 it's a bit messier. The type specific > STACK_OF functions are actually macros which are generated by the mkstack.pl > script and appear in the safestack.h header file. If you want to create your > own one way is to extract a type specific section from safestack.h, copy it > to your own header file and do a search/replace for the new type. > > So for example extract the sk_OPENSSL_BLOCK macros and replace OPENSSL_BLOCK > with FOO. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org Thank you very much, Steve. Seems I'm progressing now. From christian_adja at yahoo.it Tue Mar 28 09:25:35 2017 From: christian_adja at yahoo.it (Christian Adja) Date: Tue, 28 Mar 2017 09:25:35 +0000 (UTC) Subject: [openssl-users] Functions for retrive public key from x509 cert In-Reply-To: References: Message-ID: <1443144006.8724303.1490693135385@mail.yahoo.com> Dear friends, Someone can tell me what function is called for retrieve public key from x509 cert? in the case of EC public key? Best regards. Il Luned? 27 Marzo 2017 10:26, "openssl-users-request at openssl.org" ha scritto: Send openssl-users mailing list submissions to ??? openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit ??? https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to ??? openssl-users-request at openssl.org You can reach the person managing the list at ??? openssl-users-owner at openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: ? 1. SSL cipher list to disable TLS 1.0 & TLS 1.1 (Hema Murthy) ? 2. In ssl3_write_bytes, some checks related to hanlding write ? ? ? failure are missing (Raja ashok) ---------------------------------------------------------------------- Message: 1 Date: Mon, 27 Mar 2017 11:59:16 +0530 From: Hema Murthy To: openssl-users at openssl.org Subject: [openssl-users] SSL cipher list to disable TLS 1.0 & TLS 1.1 Message-ID: ??? Content-Type: text/plain; charset="utf-8" Hi, My system is FreeBSD 10.2 OpenSSL 1.0.2h lighttpd :lighttpd-1.4.23 Am trying to disable TLS1.0 and TLS1.1 through lighttpd.conf but am not sure of what is the equivalent cipher list to be used. I followed the below link and it didnt work for me. In case of Appweb Server,I was able to successfully disable TLS1.0 & Above and TLS1.1 & Above using SSLProtocol = "ALL -SSLV2 -SSLV3 -TLSV1" SSLProtocol = "ALL -SSLV2 -SSLV3 -TLSV1.1" But the same cipher is not working for lighttpd. Am very new to this and do not know how to proceed further. Would be great and appreciate if anyone can give me pointers on this. Please help. Thanks & Regards, Hema -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Mon, 27 Mar 2017 08:25:16 +0000 From: Raja ashok To: "openssl-users at openssl.org" , ??? "openssl-dev at openssl.org" Subject: [openssl-users] In ssl3_write_bytes, some checks related to ??? hanlding write failure are missing Message-ID: Content-Type: text/plain; charset="gb2312" Hi, I feel there is a check missing in ssl3_write_bytes, in case of handling write failure. Consider SSL_write is called with 20000 bytes buffer, then internally in ssl3_write_bytes we try to send it as two record (16384 and 3616). If TCP send failed for the second record then we store the states internally (wnum, wpend_tot and wpend_buf) and return back the result. Later application has to call SSL_write with same buffer, if it calls with different buffer of length 100 byte then we fail that in ssl3_write_bytes using the check (len < tot). But consider application calls with buffer of size 18000 bytes and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is enabled. Then (len < tot) will not succeed as tot is 16384. Then it will call ssl3_write_pending to send the remaining 3616 record. If it succeeds we are incrementing tot, (tot += i). Now tot will have 20000. Later there is a check (tot == len), this will not succeed. Then directly we are doing n = (len - tot), this will overflow and store a value close to 2^32 in n. Then it will cause out of bound access to the application buffer "buf". I hope we should have one more check (len < (tot + s->s3->wpend_tot)) before calling ssl3_write_pending. ? ? if ((len < tot) || (len < (tot + s->s3->wpend_tot))){ ? ? ? ? SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); ? ? ? ? return (-1); } Note : I am referring 1.0.2k version of OpenSSL. Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 6737 bytes Desc: image001.jpg URL: ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 28, Issue 35 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Tue Mar 28 13:18:28 2017 From: kgoldman at us.ibm.com (Ken Goldman) Date: Tue, 28 Mar 2017 09:18:28 -0400 Subject: [openssl-users] Functions for retrive public key from x509 cert In-Reply-To: <1443144006.8724303.1490693135385@mail.yahoo.com> References: <1443144006.8724303.1490693135385@mail.yahoo.com> Message-ID: On 3/28/2017 5:25 AM, Christian Adja via openssl-users wrote: > > Someone can tell me what function is called for retrieve public key from > x509 cert? in the case of EC public key? X509_get_pubkey() From Michael.Wojcik at microfocus.com Tue Mar 28 14:18:24 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Tue, 28 Mar 2017 14:18:24 +0000 Subject: [openssl-users] OpenSSL sending close_notify right after responding to a heartbeat request In-Reply-To: References: Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of R Kaja Mohideen > Sent: Monday, March 27, 2017 13:55 > > I'm surprised to see that I'm not able to get the caller details using > backtrace. Is it due to architecture of OpenSSL or something which > makes OpenSSL to use a new thread for invoking ssl_shutdown? I suspect it's due to compiler optimization, a lack of symbols in the caller, or some other generic obstacle to backtracing, and not anything OpenSSL is doing. Michael Wojcik Distinguished Engineer, Micro Focus From reachme at kajasweb.com Tue Mar 28 14:29:59 2017 From: reachme at kajasweb.com (Kaja Mohideen) Date: Tue, 28 Mar 2017 19:59:59 +0530 Subject: [openssl-users] OpenSSL sending close_notify right afterresponding to a heartbeat request In-Reply-To: References: Message-ID: <58da7367.8490620a.6f6d7.34d4@mx.google.com> Thanks for the response, Micheal Wojcik. Any idea what is making OpenSSL close the session after responding to Heartbeat request? -----Original Message----- From: "Michael Wojcik" Sent: ?28-?03-?2017 07:46 PM To: "openssl-users at openssl.org" Subject: Re: [openssl-users] OpenSSL sending close_notify right afterresponding to a heartbeat request > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of R Kaja Mohideen > Sent: Monday, March 27, 2017 13:55 > > I'm surprised to see that I'm not able to get the caller details using > backtrace. Is it due to architecture of OpenSSL or something which > makes OpenSSL to use a new thread for invoking ssl_shutdown? I suspect it's due to compiler optimization, a lack of symbols in the caller, or some other generic obstacle to backtracing, and not anything OpenSSL is doing. Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Tue Mar 28 17:02:35 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Tue, 28 Mar 2017 17:02:35 +0000 Subject: [openssl-users] OpenSSL sending close_notify right afterresponding to a heartbeat request In-Reply-To: <58da7367.8490620a.6f6d7.34d4@mx.google.com> References: <58da7367.8490620a.6f6d7.34d4@mx.google.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Kaja Mohideen > Sent: Tuesday, March 28, 2017 10:30 > Any idea what is making OpenSSL close the session after responding to Heartbeat request? I'm afraid not. I haven't seen that problem myself, and I've not looked at heartbeat processing in the OpenSSL source code (aside from the quick glance I, like many people, took when Heartbleed was disclosed). Michael Wojcik Distinguished Engineer, Micro Focus From jb-openssl at wisemo.com Tue Mar 28 18:48:27 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Tue, 28 Mar 2017 20:48:27 +0200 Subject: [openssl-users] OpenSSL sending close_notify right afterresponding to a heartbeat request In-Reply-To: <58da7367.8490620a.6f6d7.34d4@mx.google.com> References: <58da7367.8490620a.6f6d7.34d4@mx.google.com> Message-ID: Just to clarify: Does it respond to the heartbeat before closing the session, or does it just close the session when you try to trigger the heartbeat/bleed code? On 28/03/2017 16:29, Kaja Mohideen wrote: > Thanks for the response, Micheal Wojcik. Any idea what is making > OpenSSL close the session after responding to Heartbeat request? > ------------------------------------------------------------------------ > From: Michael Wojcik > Sent: ?28-?03-?2017 07:46 PM > To: openssl-users at openssl.org > Subject: Re: [openssl-users] OpenSSL sending close_notify right > afterresponding to a heartbeat request > > > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > > Of R Kaja Mohideen > > Sent: Monday, March 27, 2017 13:55 > > > > I'm surprised to see that I'm not able to get the caller details using > > backtrace. Is it due to architecture of OpenSSL or something which > > makes OpenSSL to use a new thread for invoking ssl_shutdown? > > I suspect it's due to compiler optimization, a lack of symbols in the > caller, or some other generic obstacle to backtracing, and not > anything OpenSSL is doing. > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From reachme at kajasweb.com Wed Mar 29 01:17:14 2017 From: reachme at kajasweb.com (Kaja Mohideen) Date: Wed, 29 Mar 2017 06:47:14 +0530 Subject: [openssl-users] OpenSSL sending close_notify rightafterresponding to a heartbeat request In-Reply-To: References: <58da7367.8490620a.6f6d7.34d4@mx.google.com> Message-ID: <58db0b1a.d0d9620a.ecbd6.9842@mx.google.com> It responds and then closes. -----Original Message----- From: "Jakob Bohm" Sent: ?29-?03-?2017 12:19 AM To: "openssl-users at openssl.org" Subject: Re: [openssl-users] OpenSSL sending close_notify rightafterresponding to a heartbeat request Just to clarify: Does it respond to the heartbeat before closing the session, or does it just close the session when you try to trigger the heartbeat/bleed code? On 28/03/2017 16:29, Kaja Mohideen wrote: > Thanks for the response, Micheal Wojcik. Any idea what is making > OpenSSL close the session after responding to Heartbeat request? > ------------------------------------------------------------------------ > From: Michael Wojcik > Sent: ?28-?03-?2017 07:46 PM > To: openssl-users at openssl.org > Subject: Re: [openssl-users] OpenSSL sending close_notify right > afterresponding to a heartbeat request > > > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > > Of R Kaja Mohideen > > Sent: Monday, March 27, 2017 13:55 > > > > I'm surprised to see that I'm not able to get the caller details using > > backtrace. Is it due to architecture of OpenSSL or something which > > makes OpenSSL to use a new thread for invoking ssl_shutdown? > > I suspect it's due to compiler optimization, a lack of symbols in the > caller, or some other generic obstacle to backtracing, and not > anything OpenSSL is doing. > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From noloader at gmail.com Wed Mar 29 08:43:11 2017 From: noloader at gmail.com (Jeffrey Walton) Date: Wed, 29 Mar 2017 04:43:11 -0400 Subject: [openssl-users] install libcrypto.so.1.1 -> /usr/local//usr/local/lib64/libcrypto.so.1.1 ? Message-ID: I'm working with OpenSSL 1.1.0. I'm trying to set prefix=/usr/local, openssldir=/usr/local and libdir=/usr/local/lib64. The configure looks like: INSTALL_PREFIX=/usr/local INSTALL_LIBDIR=$INSTALL_PREFIX/lib64 KERNEL_BITS=64 ./config no-ssl2 no-ssl3 no-comp shared \ enable-ec_nistp_64_gcc_128 -Wl,-rpath,$INSTALL_LIBDIR --prefix=$INSTALL_PREFIX \ --openssldir=$INSTALL_PREFIX --libdir=$INSTALL_LIBDIR When I look at the tail of the compile and install I see: ... install ./include/openssl/x509.h -> /usr/local/include/openssl/x509.h install ./include/openssl/x509_vfy.h -> /usr/local/include/openssl/x509_vfy.h install ./include/openssl/x509v3.h -> /usr/local/include/openssl/x509v3.h install libcrypto.a -> /usr/local//usr/local/lib64/libcrypto.a install libssl.a -> /usr/local//usr/local/lib64/libssl.a install libcrypto.so.1.1 -> /usr/local//usr/local/lib64/libcrypto.so.1.1 link /usr/local//usr/local/lib64/libcrypto.so -> /usr/local//usr/local/lib64/libcrypto.so.1.1 install libssl.so.1.1 -> /usr/local//usr/local/lib64/libssl.so.1.1 link /usr/local//usr/local/lib64/libssl.so -> /usr/local//usr/local/lib64/libssl.so.1.1 install libcrypto.pc -> /usr/local//usr/local/lib64/pkgconfig/libcrypto.pc install libssl.pc -> /usr/local//usr/local/lib64/pkgconfig/libssl.pc install openssl.pc -> /usr/local//usr/local/lib64/pkgconfig/openssl.pc *** Installing engines install engines/capi.so -> /usr/local/usr/local/lib64/engines-1.1/capi.so install engines/padlock.so -> /usr/local/usr/local/lib64/engines-1.1/padlock.so *** Installing runtime files install libcrypto.so.1.1 -> /usr/local//usr/local/lib64/libcrypto.so.1.1 install libssl.so.1.1 -> /usr/local//usr/local/lib64/libssl.so.1.1 install apps/openssl -> /usr/local/bin/openssl install ./tools/c_rehash -> /usr/local/bin/c_rehash I believe OpenSSL 1.0.2 is a little better behaved. I don't recall seeing this when using it, but I might be wrong. Any ideas how to get OpenSSL to use /usr/local as a prefix, but place its libraries in /usr/local/lib64? Jeff From matt at openssl.org Wed Mar 29 08:48:36 2017 From: matt at openssl.org (Matt Caswell) Date: Wed, 29 Mar 2017 09:48:36 +0100 Subject: [openssl-users] install libcrypto.so.1.1 -> /usr/local//usr/local/lib64/libcrypto.so.1.1 ? In-Reply-To: References: Message-ID: <76ccfade-37c0-81f8-3c05-c0211ddee828@openssl.org> On 29/03/17 09:43, Jeffrey Walton wrote: > Any ideas how to get OpenSSL to use /usr/local as a prefix, but place > its libraries in /usr/local/lib64? libdir is relative to prefix, to just use "--libdir=lib64" >From INSTALL: --libdir=DIR The name of the directory under the top of the installation directory tree (see the --prefix option) where libraries will be installed. By default this is "lib". Note that on Windows only ".lib" files will be stored in this location. dll files will always be installed to the "bin" directory. Matt From kane.huang at ericsson.com Wed Mar 29 09:24:28 2017 From: kane.huang at ericsson.com (Kane Huang) Date: Wed, 29 Mar 2017 09:24:28 +0000 Subject: [openssl-users] how to get digest for stitched AES-HMAC-SHA Message-ID: Hi guys, I try to use build-in cipher suite EVP_aes_128_cbc_hmac_sha1 to get the benefit of function stitch. There some some questions : 1) Case this cipher stitch AESNI and HAMC-SHA1 in one go, how to get the hamc digest? 2) In some case, like ESP package ,the Encryption and Auth start from different offset of same buffer, is there any APIs to specify the offset between Auth and Encryption for stitched cipher? ------------------------------------------------- IPv4 |orig IP hdr | ESP | | ESP | ESP| |(any options) | Hdr | TCP Data | Trailer |Auth| ------------------------------------------------- |<----- encrypted --------->| |<------ authenticated ------------> | Thanks in advance for any advice! BR Kane Software developer, Ericsson -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at rustichelli.net Wed Mar 29 10:05:38 2017 From: lists at rustichelli.net (lists) Date: Wed, 29 Mar 2017 12:05:38 +0200 Subject: [openssl-users] how to implement functions for STACK OF custom type? In-Reply-To: <20170324174628.GA16753@openssl.org> References: <20170324174628.GA16753@openssl.org> Message-ID: On 03/24/2017 06:46 PM, Dr. Stephen Henson wrote: > On Tue, Mar 21, 2017, lists wrote: > > On Tue, Mar 21, 2017, lists wrote: > >> [...] >> I am exploring my options with OpenSSL and specifically I am trying to manage the stacks for some custom objects. >> [...] >> What am I doing wrong here? > > [...] > > For OpenSSL versions before 1.1.0 it's a bit messier. The type specific > STACK_OF functions are actually macros which are generated by the mkstack.pl > script and appear in the safestack.h header file. If you want to create your > own one way is to extract a type specific section from safestack.h, copy it > to your own header file and do a search/replace for the new type. > > So for example extract the sk_OPENSSL_BLOCK macros and replace OPENSSL_BLOCK > with FOO. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org Sorry but it seems I still got something wrong, now that I am more practically addressing qcStatements (as in RFC 3039, for the moment, not yet RFC 3739). I put here almost all of the code because it may be useful to some other who want to cover this attribute. Question number one: is there a document/tutorial about ASN.1 to OpenSSL macros mapping? Question number two: why does the code that I add in the end of the message miserably fails when I execute const unsigned char *tmpMovingPt = oneExt->value->data; // d2i_UC_qcStatements returns NULL here! It cannot parse it? // Is X509_EXTENSION *oneExt->value->data the right thing to pass here? qcstt = d2i_UC_qcStatements(NULL, &tmpMovingPt, oneExt->value->length); and I know for sure that X509_EXTENSION *oneExt is qcStatements? Specifically, the qcStatements should be RFC 3039-compliant because all of the entries only have statementId and statementInfo. Here the rest of the code for OpenSSL 1.0, something must be wrong or maybe I have to implement something more: (.h) // -- QCStatement // I use this odd name to avoid confusion with qcStatements (with the "s"), for the moment typedef struct UC_QcsAtom_st { // statementId OBJECT IDENTIFIER ASN1_OBJECT *statementId; // statementInfo ANY DEFINED BY statementId OPTIONAL ASN1_TYPE *statementInfo; } UC_QcsAtom; DECLARE_STACK_OF(UC_QcsAtom) DECLARE_ASN1_ITEM(UC_QcsAtom) DECLARE_ASN1_FUNCTIONS(UC_QcsAtom) #define sk_UC_QcsAtom_new(cmp) SKM_sk_new(UC_QcsAtom, (cmp)) #define sk_UC_QcsAtom_new_null() SKM_sk_new_null(UC_QcsAtom) #define sk_UC_QcsAtom_free(st) SKM_sk_free(UC_QcsAtom, (st)) #define sk_UC_QcsAtom_num(st) SKM_sk_num(UC_QcsAtom, (st)) #define sk_UC_QcsAtom_value(st, i) SKM_sk_value(UC_QcsAtom, (st), (i)) #define sk_UC_QcsAtom_set(st, i, val) SKM_sk_set(UC_QcsAtom, (st), (i), (val)) [...many more...] // -- QCStatements typedef struct UC_qcStatements_st { // SEQUENCE OF QCStatement STACK_OF(UC_QcsAtom) *statements_sk; } UC_qcStatements; DECLARE_ASN1_FUNCTIONS(UC_qcStatements) (.c) // -- QCStatament aka UC_QcsAtom ASN1_SEQUENCE(UC_QcsAtom) = { ASN1_SIMPLE(UC_QcsAtom, statementId, ASN1_OBJECT), ASN1_OPT(UC_QcsAtom, statementInfo, ASN1_ANY) } ASN1_SEQUENCE_END(UC_QcsAtom) IMPLEMENT_ASN1_FUNCTIONS(UC_QcsAtom) IMPLEMENT_ASN1_DUP_FUNCTION(UC_QcsAtom) IMPLEMENT_STACK_OF(UC_QcsAtom) // -- qcStataments aka QCStatements aka UC_qcStatements ASN1_SEQUENCE(UC_qcStatements) = { ASN1_SEQUENCE_OF(UC_qcStatements, statements_sk, UC_QcsAtom) } ASN1_SEQUENCE_END(UC_qcStatements) IMPLEMENT_ASN1_FUNCTIONS(UC_qcStatements) IMPLEMENT_ASN1_DUP_FUNCTION(UC_qcStatements) /* ...is it required to implement something like this?...: UC_QcsAtom *d2i_UC_QcsAtom_bio(BIO *bp, UC_QcsAtom **a) { return ASN1_d2i_bio_of(UC_QcsAtom, UC_QcsAtom_new, d2i_UC_QcsAtom, bp, a); } etc.? */ From sarvesh.renghe at brickandbyte.in Wed Mar 29 11:31:33 2017 From: sarvesh.renghe at brickandbyte.in (Sarvesh Renghe) Date: Wed, 29 Mar 2017 17:01:33 +0530 Subject: [openssl-users] https using OpenSSL for embedded device and java server Message-ID: <010f01d2a880$05f135e0$11d3a1a0$@brickandbyte.in> Dear all, I have application specific query as below. We have a solution for remote data monitoring. It picks up the data from remote sites using a modem, forms a string of data values, connects to server on GPRS/Ethernet using socket and pushes data to server periodically. The modem is having firmware developed in embedded c on top of RTOS. The server has tomcat application server which hosts a data server class (in java) listening on a configurable port. The listener listens to this port and parses the data to store in database. Now we want to send this data from modem to server in a secured way. Once option is to encrypt the data using RSAEncyptor before sending and decrypt the data using RSADescryptor after receiving. Second option could be to use https protocol so that it is more standardized. So if we have to use second option, what should be the approach? Are there readymade libraries available to send it on https from modem in embedded C? Are there corresponding libraries available in java to receive it on server? What should be overall architecture. We though OpenSSL can help in this. I am new to this and may not have given all the information required. Feel free to let me know if you need any more inputs. Also you may direct me to appropriate forum, if this is not the right forum. Thanks & Regards, Sarvesh. Mobile: +91 9820921719 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -------------- next part -------------- An HTML attachment was scrubbed... URL: From glosterj9 at gmail.com Wed Mar 29 15:17:34 2017 From: glosterj9 at gmail.com (john gloster) Date: Wed, 29 Mar 2017 20:47:34 +0530 Subject: [openssl-users] Certificate path validation. Message-ID: Is there any API to retrieve the values of BasicConstraint extention of a certificate? Needed to find out whether it is a CA certificate and Path Length constraint. Could someone please provide me with sample code? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard.stanek at rockwellcollins.com Wed Mar 29 16:01:53 2017 From: richard.stanek at rockwellcollins.com (Richard Stanek) Date: Wed, 29 Mar 2017 11:01:53 -0500 Subject: [openssl-users] Certificate path validation. In-Reply-To: References: Message-ID: static bool IsCACertificate(X509* cert) { // (U) Initialize to false. bool bRetVal = false; BASIC_CONSTRAINTS* bsCA = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); if (bsCA) { // (U) Could be a CA. if (bsCA->ca) { // (U) Is a CA. bRetVal = true; } else { // (U) Is NOT a CA. Return value set. } BASIC_CONSTRAINTS_free(bsCA); } else { // (U) Not a CA. Return value set. } // (U) return the results. return bRetVal; } On Wed, Mar 29, 2017 at 10:17 AM, john gloster wrote: > Is there any API to retrieve the values of BasicConstraint extention of a > certificate? > > Needed to find out whether it is a CA certificate and Path Length > constraint. > > Could someone please provide me with sample code? > > Thanks. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > From murugesh.pitchaiah at gmail.com Thu Mar 30 06:57:48 2017 From: murugesh.pitchaiah at gmail.com (murugesh pitchaiah) Date: Thu, 30 Mar 2017 12:27:48 +0530 Subject: [openssl-users] Certificate path validation. In-Reply-To: References: Message-ID: Hi, To find CA or not, "X509_check_ca" may be used. Thanks, Murugesh P. On 3/29/17, Richard Stanek wrote: > static bool IsCACertificate(X509* cert) > { > // (U) Initialize to false. > bool bRetVal = false; > > BASIC_CONSTRAINTS* bsCA = > (BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints, > NULL, NULL); > if (bsCA) > { > // (U) Could be a CA. > if (bsCA->ca) > { > // (U) Is a CA. > bRetVal = true; > } > else > { > // (U) Is NOT a CA. Return value set. > } > BASIC_CONSTRAINTS_free(bsCA); > } > else > { > // (U) Not a CA. Return value set. > } > > // (U) return the results. > return bRetVal; > } > > On Wed, Mar 29, 2017 at 10:17 AM, john gloster wrote: >> Is there any API to retrieve the values of BasicConstraint extention of a >> certificate? >> >> Needed to find out whether it is a CA certificate and Path Length >> constraint. >> >> Could someone please provide me with sample code? >> >> Thanks. >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > From Michael.Wojcik at microfocus.com Thu Mar 30 13:22:16 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 30 Mar 2017 13:22:16 +0000 Subject: [openssl-users] https using OpenSSL for embedded device and java server In-Reply-To: <010f01d2a880$05f135e0$11d3a1a0$@brickandbyte.in> References: <010f01d2a880$05f135e0$11d3a1a0$@brickandbyte.in> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Sarvesh Renghe > Sent: Wednesday, March 29, 2017 07:32 > Now we want to send this data from modem to server in a secured way. Once option is to encrypt the data using > RSAEncyptor before sending and decrypt the data using RSADescryptor after receiving. This would be an inappropriate use of asymmetric cryptography. Don't use a chisel as a screwdriver. More importantly: Don't roll your own cryptography, including cryptographic primitives, cryptographic protocols composed from primitives, application protocols composed from cryptographic protocols, and so on. Don't do that if you don't know why you shouldn't. Don't do it even if you do know why you shouldn't. Unless you're a professional cryptographer and protocol designer with a deep understanding of why you shouldn't do it, don't do it. > Second option could be to use https protocol so that it is more standardized. So if we have to use second option, what > should be the approach? Why are there only two approaches? There are a lot of secure application protocols. HTTPS is a viable one for some applications, but not for all. What about SSH, for example? You've reduced this to a false dichotomy between "do something with a cryptographic primitive" and "HTTPS". That suggests what you actually need to do is: 1. Understand your users' threat models. 2. Understand the attack space defined by the attack surface of your device / application and those threat models. 3. Determine what risks in that space can be remediated by cryptography, and from that a list of cryptographic requirements. 4. Decide what existing cryptographic application protocol will satisfy those requirements, as much as is feasible with reasonable cost. ("Cost" here includes money, your effort, the work and cognitive load required of customers, etc.) 5. Look for suitable implementations. Cryptography is difficult. Implementing it successfully requires special expertise. > Are there readymade libraries available to send it on https from modem in embedded C? Not a question for this list, I'm afraid. > Are there corresponding libraries available in java to receive it on server? Nor is this. There is a vast amount of information available online and in books regarding cryptography in general and HTTPS in particular for Java. > What should be overall architecture. We though OpenSSL can help in this. The OpenSSL software? The OpenSSL organization? The community? I'm afraid the best advice is to acquire expertise in cryptography and IT security. Whether you do that in-house by studying or hire it in, that's the only viable path to a solution that's actually secure. > I am new to this and may not have given all the information required. Sure. Everyone's new at first. Unfortunately this is not an area in which you can get a quick answer that's of much use. (Say someone says "just use HTTPS". That's fine, but how will you manage certificates? How do you handle errors? How do you unlock private keys at startup?) > Also you may direct me to appropriate forum, if this is not the right forum. No forum will suffice, if you want to do this right. You have to start with cryptography and security basics, and those are best learned through books or courses. And it's not possible, except by chance, to recommend an approach without knowing the threat model. Do you need to provide confidentiality, integrity, identity, non-repudiation, timestamping? Against what threats, and with what cost to the attacker? Will all the product's users have similar threat models, or are there a variety? Do some of them have regulatory or other requirements (PCI-DSS, HIPPA, FIPS 140-2, ...) that have to be met? Michael Wojcik Distinguished Engineer, Micro Focus From cipetpet5 at yandex.com Thu Mar 30 17:44:46 2017 From: cipetpet5 at yandex.com (ebe ebe) Date: Thu, 30 Mar 2017 20:44:46 +0300 Subject: [openssl-users] openssl verify with 1B certificates Message-ID: <2441651490895886@web25g.yandex.ru> Hello, I am a CS graduate student and doing a measurement study regarding the SSL ecosystem. I have approximately 1 billion SSL certificates and I would like to run openssl verify on each certificate to sift out invalid certificates. My major concern, as you might guess, is whether doing this verification is feasible given the size of my dataset. An alternative idea I have is to replicate the verification steps of openssl. More specifically, I am working with a Hadoop infrastructure and I can perform some of the verification steps without running into scalability issues (e.g is certificate between notBefore-notAfter timestamps, subject key&authority key identifier checks). However, with this approach I feel like verifying the signature would be a big challenge. Any ideas on how I can tackle these problems? Regards, Ceyhun From richmoore44 at gmail.com Thu Mar 30 20:10:03 2017 From: richmoore44 at gmail.com (Richard Moore) Date: Thu, 30 Mar 2017 21:10:03 +0100 Subject: [openssl-users] openssl verify with 1B certificates In-Reply-To: <2441651490895886@web25g.yandex.ru> References: <2441651490895886@web25g.yandex.ru> Message-ID: Depends what information you need - if you just need a binary valid/not valid then prune it first then verify. If you want a more fine grained data set then don't. Write some code - forking and running openssl verify each time will be insanely slow - don't do that. I doubt you really have a billion unique certificates - avoid testing duplicates. Also don't forget that you really need certificate chains, so I hope you captured the intermediate certificates too! Cheers Rich. On 30 March 2017 at 18:44, ebe ebe wrote: > Hello, > > I am a CS graduate student and doing a measurement study regarding the SSL > ecosystem. I have approximately 1 billion SSL certificates and I would like > to run openssl verify on each certificate to sift out invalid certificates. > My major concern, as you might guess, is whether doing this verification is > feasible given the size of my dataset. An alternative idea I have is to > replicate the verification steps of openssl. More specifically, I am > working with a Hadoop infrastructure and I can perform some of the > verification steps without running into scalability issues (e.g is > certificate between notBefore-notAfter timestamps, subject key&authority > key identifier checks). However, with this approach I feel like verifying > the signature would be a big challenge. Any ideas on how I can tackle these > problems? > > Regards, > Ceyhun > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jb-openssl at wisemo.com Fri Mar 31 12:41:09 2017 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Fri, 31 Mar 2017 14:41:09 +0200 Subject: [openssl-users] openssl verify with 1B certificates In-Reply-To: References: <2441651490895886@web25g.yandex.ru> Message-ID: Also consider using the functions that the "openssl verify" command uses (source file: apps/verify.c), perhaps from a bulk process that can be run on each CPU node on your compute cluster. With a little thought, these can be done efficiently, with lots of reused (i.e. not repeated) actions, such as setting up parameters, loading known CA and intermediary certs, opening files that contain multiple certs, etc. On 30/03/2017 22:10, Richard Moore wrote: > Depends what information you need - if you just need a binary > valid/not valid then prune it first then verify. If you want a more > fine grained data set then don't. Write some code - forking and > running openssl verify each time will be insanely slow - don't do > that. I doubt you really have a billion unique certificates - avoid > testing duplicates. Also don't forget that you really need certificate > chains, so I hope you captured the intermediate certificates too! > > Cheers > > Rich. > > On 30 March 2017 at 18:44, ebe ebe >wrote: > > Hello, > > I am a CS graduate student and doing a measurement study regarding > the SSL ecosystem. I have approximately 1 billion SSL certificates > and I would like to run openssl verify on each certificate to sift > out invalid certificates. My major concern, as you might guess, is > whether doing this verification is feasible given the size of my > dataset. An alternative idea I have is to replicate the > verification steps of openssl. More specifically, I am working > with a Hadoop infrastructure and I can perform some of the > verification steps without running into scalability issues (e.g is > certificate between notBefore-notAfter timestamps, subject > key&authority key identifier checks). However, with this approach > I feel like verifying the signature would be a big challenge. Any > ideas on how I can tackle these problems? > > -- Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From Michael.Wojcik at microfocus.com Fri Mar 31 14:17:40 2017 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 31 Mar 2017 14:17:40 +0000 Subject: [openssl-users] openssl verify with 1B certificates In-Reply-To: References: <2441651490895886@web25g.yandex.ru> Message-ID: A lot depends on what you mean by "verify", too. TLS endpoints should perform a large number of checks on certificates; some of them aren't relevant for your purposes, and others might not be. For example, a TLS client such as a browser will check whether the received entity certificate identifies the peer it wants to connect to - generally checking the subjAltName extensions, and possibly falling back on e.g. the CN of the subject DN if the certificate isn't X.509v3. That's not relevant in your case. And then there are things like CRLs and OCSP checks. If you don't care about those, obviously that's work you don't have to do. What about, oh, certificate purpose, for example? Do you care about the chain length? So what are you checking? My guess is the list is something like this: 1. Object is a valid X.509 certificate (ASN.1 parsing doesn't show any errors, structure is appropriate, contains required fields...). 2. Within the validity period, as you noted in your original message. 3. Valid signature. This means you'll need the public key of the signing certificate, of course. Are you going to chase it all the way to the root? Do you care about whether the root's in some collection of trust anchors? That's a lot simpler than verifying a peer certificate for TLS - my checklist for that is 11 steps, and recurses as it walks the chain. But it's still a fair bit of work. Personally, for a project like this, as I harvested public keys I'd put them in a NoSQL key-value store, with the certificate subject DN as the key. Then I wouldn't have to find and parse the signing certificate for step 3, if I'd already stored the corresponding key. Michael Wojcik Distinguished Engineer, Micro Focus From Timothy.Nichols at va.gov Fri Mar 31 17:41:41 2017 From: Timothy.Nichols at va.gov (Nichols, Timothy (Checkpoint)) Date: Fri, 31 Mar 2017 13:41:41 -0400 Subject: [openssl-users] [EXTERNAL] scripting creating a cert In-Reply-To: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> References: <6708e891-05e0-e1ea-f062-5ee851f25191@htt-consult.com> Message-ID: Hi, did you get your answer to this? I just discovered 134 messages in the folder I'd set up for receiving said messages...and promptly forgot to check for same. I just went through this exercise and have set up my configuration files and bash script to generate certificates. -TN (Tim) -----Original Message----- From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Robert Moskowitz Sent: Thursday, March 09, 2017 15:50 To: openssl-users at openssl.org Subject: [EXTERNAL] [openssl-users] scripting creating a cert I am creating self-signed certs with: openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req Where, for example: your_host_tld=z9m9z.test.htt-consult.com Thing is that this then prompts for a number of fields: Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Is there some 'simple' way to provide these answers? Like with env variables? thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users From raja.ashok at huawei.com Fri Mar 31 17:54:20 2017 From: raja.ashok at huawei.com (Raja ashok) Date: Fri, 31 Mar 2017 17:54:20 +0000 Subject: [openssl-users] In ssl3_write_bytes, some checks related to hanlding write failure are missing Message-ID: Hi All, In ssl3_write_bytes, if (len < tot) we are returning failure with SSL_R_BAD_LENGTH error. In this place I hope we should set ?tot? back to ?s->s3->wnum?. Otherwise when application calls back SSL_write with correct buffer, it causes serious problem (?tot? is 0 and iLeft is not NULL). I hope we should do like below. if (len < tot) { s->s3->wnum = tot; SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } And also we should do one additional check for ?len? as mentioned in my previous mail. if ((len < tot) || ((tot != 0) && (len < (tot + s->s3->wpend_tot)))){ s->s3->wnum = tot; SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! From: Raja ashok Sent: 27 March 2017 13:55 To: 'openssl-users at openssl.org'; 'openssl-dev at openssl.org' Subject: In ssl3_write_bytes, some checks related to hanlding write failure are missing Hi, I feel there is a check missing in ssl3_write_bytes, in case of handling write failure. Consider SSL_write is called with 20000 bytes buffer, then internally in ssl3_write_bytes we try to send it as two record (16384 and 3616). If TCP send failed for the second record then we store the states internally (wnum, wpend_tot and wpend_buf) and return back the result. Later application has to call SSL_write with same buffer, if it calls with different buffer of length 100 byte then we fail that in ssl3_write_bytes using the check (len < tot). But consider application calls with buffer of size 18000 bytes and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is enabled. Then (len < tot) will not succeed as tot is 16384. Then it will call ssl3_write_pending to send the remaining 3616 record. If it succeeds we are incrementing tot, (tot += i). Now tot will have 20000. Later there is a check (tot == len), this will not succeed. Then directly we are doing n = (len - tot), this will overflow and store a value close to 2^32 in n. Then it will cause out of bound access to the application buffer "buf". I hope we should have one more check (len < (tot + s->s3->wpend_tot)) before calling ssl3_write_pending. if ((len < tot) || (len < (tot + s->s3->wpend_tot))){ SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } Note : I am referring 1.0.2k version of OpenSSL. Regards, Ashok ________________________________ [Company_logo] Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com ________________________________ ???????????????????????????????????????? ???????????????????????????????????????? ??????????????????????????????????? This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 6737 bytes Desc: image002.jpg URL: From Timothy.Nichols at va.gov Fri Mar 31 19:44:56 2017 From: Timothy.Nichols at va.gov (Nichols, Timothy (Checkpoint)) Date: Fri, 31 Mar 2017 15:44:56 -0400 Subject: [openssl-users] ca's config options -certs vs. -new_certs_dir In-Reply-To: References: Message-ID: Thank you, sir. I was attacking this from the standpoint of needing to generate several thousand certificates for testing purposes and so unique certificates went to unique files. I think I must have used -out by itself, though I believe I tried the -outdir option at the end when I tried to tighten up my script. I didn't think when I undertook this effort that it would turn into such a slog wherein I'd need to understand all this minutia. Now, much to my surprise, I love this stuff... -TN From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik Sent: Wednesday, March 08, 2017 13:39 To: openssl-users at openssl.org Subject: [EXTERNAL] Re: [openssl-users] ca's config options -certs vs. -new_certs_dir It's because processing a request can generate multiple certificates. Therefore ca needs a destination where it can write multiple certificates, not just a single one. Note that new_certs_dir is only used if -outdir wasn't specified on the command line. You could create a temporary directory, pass its pathname with -outdir, then remove the directory and its contents after running ca. With -out, all the certificates are just concatenated to the file. Usually they're PEM, so that's OK; the exception is if -spkac is used to specify an SPKAC file. SPKAC is mostly used in conjunction with the HTML KEYGEN element, when interpreted by Firefox and some other browsers. So you could argue that -outdir / new_certs_dir should be optional, since usually the single output file is more or less usable. But it isn't optional, and that's life. Of course, if you're building OpenSSL from source, it wouldn't be hard to make the necessary changes to ca.c. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Nichols, Timothy (Checkpoint) Sent: Wednesday, March 08, 2017 13:57 To: openssl-users at openssl.org Subject: [openssl-users] ca's config options -certs vs. -new_certs_dir Hi, I am not understanding the point of the config file's mandatory default -new_certs_dir into which goes what appears to be a copy of the certificate I specifically locate elsewhere in the file system. I am using the -out option from the command line to generate the file named according to the convention I have chosen...and then in the new_certs directory is deposited the .pem file. Of course, I haven't found an explanation as to why this happens in the documentation or the Googlie. Thanks, Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From garyp at firstech.com Mon Mar 13 09:35:46 2017 From: garyp at firstech.com (Gary L Peskin) Date: Mon, 13 Mar 2017 09:35:46 -0000 Subject: [openssl-users] Cannot read exported PKCS12 cert and private key Message-ID: <007901d29bdc$0fba6570$2f2f3050$@firstech.com> Hello all I exported a certificate and corresponding private key in base 64 encoded DER format from a mainframe system and FTP'd it to my Windows desktop. I tried to read it using OpenSSL 1.0.2.k and 1.1.0d 32-bit and 64-bit on Windows with openssl pkcs12 -in mycert.p12 -noout But I get the following messages: 15956:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1199: 15956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:374:Type=PKCS12 I'm able to import this with the private key into the Windows certificate store with no issues. Can someone please advise as to what I'm doing wrong? Thanks, Gary PS Here is the file: -----BEGIN CERTIFICATE----- MIIKCAIBAzCCCcQGCSqGSIb3DQEHAaCCCbUEggmxMIIJrTCCBE8GCSqGSIb3DQEH BqCCBEAwggQ8AgEAMIIENQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIjdBS +TZF+xQCAgP5gIIECNtJIUg23ab7AXi33MKueO03S1pUkHCQk+kByNK/6f1FgEvu XRqhniR3mdyzeMVBCrCBSx3GhZlpLcW/d6OAd3z8hbXjvw5OC5OLavemfRNtsi+R q9LggkcWT2oCszc2nglKzHYaFnkG80vwxLwUXmROL+UK4ZlYmqp46EjuNAEo/yqQ yEwgia3iP84wiZRfY9kBJMq9yUm+LvowO/1E9v/ycgE6IWe1CrThQzrD6Vm9LaTy 0oZqAbTbzbedZwGsuWZoedw2FtmRijkH5EbRNRpTrUUO/qQMO19v5IKtd4kUAWea dpYrwn1kkD2aInKKsjycCFtGopXPbmrqj2cm335cESN4XePBHQuzaywHgd0WjU5O ++UM+B/5Kpx3af53E412pGAcgnPH/ZQKMa5Zkp73pcFmViLEC7Tn9eNB2iNUfX9p rV3RNRnrEPZlD1MuYEkmBIWA5czUiDKrpyYA1fmrSsFthFMhD5fTVoDMSTBmNXPz 5B8HYW4+aDbo7N2a+BtFNcbMqYJqYwVL7xE2rL6nUedMyN2uKeZfOnLLQuYoUCg7 iYO5k7D/jQNsviyZg022Nzwy4agdPBKqok8oanQge8/pr3NeMrNDDKVyWy8ZBVBv KGi3qaX45ejJxP8XaJxxw88+KOc1OvAMhWhAHlHqpw9d7OiAP1oCV+vRuYnD5N9a YyLspoKy1nk+Htl71QQ4GYCRRGXMl7YsxtRrUSOAZa2+V/5h6ljUsTsib3VhO0eL /jf+BlBxhpWw1J9L0r6sFMYvVS3AsqfqnBLJUFLxeQxYvVsV0Gpx8BonpZACQC91 DB4oV0l6whqtAQ4dJMJEk9nNnP0NYsVceKybF5NvgL3lzALw/Ezv8K7Y69FJaM35 LrT9JlGSt/BJ0oXp4wxqH4UbHikhGpSCteh7k3ZQkbE4fokVhH9lYkMXqBRXqXlI nV9b7hR26NeJY0C7a9VyNXtzIVsP+JiBhDzc7GDafIF99fUHPVfqh15CPnTb5liZ A6QlYw1aVvyhS8ST4I117kALKWUdl9xhe+ui0IFCEQY/mNuQ8O13nlcx+DvGtPxc WCUG0VpP6AkE9Mkd67CghF6sFh/8FqdE1jU2Asj+iCZVU/s0ngH3hAXwMVUwOW9S voxYParz1b0sF7vgrhLteHOZ03TEra7rh7OiOVUCOE6CACG1qV8QXDvpkZp2mGTx 5T7ob8nNF8XQWhIHjULVdKdOBuMh/4dOrHTuU5cFosR29mbzAZDDi0myuzTv37GJ OgyiX0XXvwn5jCmAoaE0ji1fgxrWUs8yVYYHOj3IyQwzU+FydfKtlnhh8ZxHKDBo 8wPqrEAzTXT49bsxvy3cYxUp4Dd1G2ymkoTZonEi7Vir0kN7qjCCBVYGCSqGSIb3 DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI hvcNAQwBAzAOBAh2oqSgVyE4cwICA/EEggTInCkEbWknH/Vojqzmn1jIPRGb7dG+ egxS5YDtk14LxnQuwACTQef2wQnKlosYbfH8dJVIvXRYB19MXroGpd5KJA8Dftqa dWFVAcDIrzV/ZS252aita0fKOVeqjKWo7TkA9jnwDeekAcK+1R5ioIcfXPLJDSUX gdEaza88oQ+g+34+B2o+mnTPT/PM/o1n6cifVRURn2jMASwiB/cwLn58UZibCSgL h3CrcKamWi8AF3eJ2rkpPuK41s8SfqZ1ByNEFSgnsX5UQzJpn8FoBPBOmFnR8FTr XNwtT7GcJJuWDSnf+On2PI2LYT6XAhNeCkfMwdnUa6N1YV2Okelmae4J21sldQlw ATZFiuigyPMFF1X3wUfdvZTwQGC17YFTN+OIYF9/62XTiZUEJ6y0I3nRvAxpaRHS VVyh2KA89e5Llxv+bArgA6brykRHFk5I7e7krrflPoQJ0o1oKhb8DshnxAk65v/H xTPLq9gac81AY8rWnrTCZcO+inCan/IlOKDXnVCUfZATtAOOIQ6Mf9KwuAeyE9xu 4dUO0vF5juFU6hK8SR//apf0JF+zejq5wnEhc1o/sWVpKQkakYayJ+4Hnlx+G6Ra bJ3ZYQv4U/kUx0Q43qvvwhx0qdZ79BUpqPTxLeBzwVG6q5ys8eZY988YcIg11NY9 +qC4cFGBsbMuWSispichDN5wEJ9C9UrdKRGsAztz0j1GTiJcXPnBH+vTeULh7Spx GmLbJWyj3tg+QaefDPo4aaIpZCZV0BFSy41fgoBB+rZ45wNgRiDuDuHue2WY28PC dGrAuXzQTUeEUYqN2zL2DhiYD/6/Y+/BCUS/kO0w3x0J7ityoSlyVJ+cf84FYmtB zmPIqgjDZS/NGC0OWgUBWxzspADETmwpZDCz8MJHK99nbAcYz3AybW6307NCJTKp gPfH6RyTrDzoijIweHUeU2pANpDjbp53UKV5/WyEvbjvy9maf1Jze60zS7EFgZ/n ZEe+eQbSY5SGtTWCB3mMbOTFvDH0QKGbfj6EX2Z+P+RZEeU/xzMOejcBbOO7XpgV +Uryt+NgcocTtg/5YjVkAdMeVz9A/XdGydAy7hE2FwFI1hJTl/aI4ZaAKV34xH2r J4/VstlG8ongv9zMNaS4Xl1n3wk6W3oAUmqWdoYYyDsocIBl1he1oP588Capa7OL NLYDl3llQXbyah1A//xJsH5M8KiB0MlJ0qSSp0U7LXmxDP3dw3kcR9XgOX835Bpi NlOPQDfzYZyKN6sIGDcuxwQPdOg2EQZxI3W5xp+oHTM/yTuqo/5vpOIlMdwqfQ/R HGLVyyQ0yO3oIMxiE56jSnrhjj/H/bJJAMMUBXI6pi18JCv24cTjVsXGjsf4jH7g 9uGmoecX/Sx77Sx+814aO0Qkm0WzadLagKoz1nOV1hmeSan1nFnXkE94VqIJ9YTV qnLrY0JYjpI2ywkW4wCscjVMIxkAfhifc31v4LWUnTMO0Y+xqO89v1hKbSYkZYYs psrxnomXJq/RqjfZBhF3f+0aTNxpvlJnGOjnlT0qX1yHBOr+bmkcTIhL7pKA+qK1 fZD8834wTLrRcFiPD7pX6/zglMEG4PUf1RoDC0+3Ud8qa2SqfyYZeFm8+9yFsFnZ RYFkMTowIwYJKoZIhvcNAQkUMRYeFABDAEEAQwBUAEUAUwBUACAAQwBBMBMGCSqG SIb3DQEJFTEGBAQAAAABMDswHzAHBgUrDgMCGgQUoiKIky5oqgCxt5DnJxWNQvZ1 WecEFDabnXfA8sLdfwIXx9AexvOOS0gpAgID+w== -----END CERTIFICATE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: SelfReg-0.4.txt URL: