From rsalz at akamai.com Tue May 1 01:19:05 2018 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 1 May 2018 01:19:05 +0000 Subject: [openssl-users] Call for testing TLS 1.3 In-Reply-To: <080A1B7F-D97E-4192-884D-6D20DEF283E5@dukhovni.org> References: <20180429104326.GA21314@roeckx.be> <8EC62B1C-7FD7-45EB-B03D-9C7B03B96F76@akamai.com> <0e7eb0d1-a0cf-fceb-b997-d2223b5694e7@blastwave.org> <042FBF10-B77A-4441-A5E4-02218D0AA379@akamai.com> <3b56faa2-b145-1496-001e-38ecff7729fe@blastwave.org> <080A1B7F-D97E-4192-884D-6D20DEF283E5@dukhovni.org> Message-ID: > Interoperability issues with middle-boxes or existing software written for TLS 1.2. Facebook, Google, and Mozilla did lots of testing with TLS 1.3 and middleboxes. If something was missed, the whole Internet will have problems. Existing software is the question we are trying to answer. From openssl at openssl.org Tue May 1 13:06:36 2018 From: openssl at openssl.org (OpenSSL) Date: Tue, 1 May 2018 13:06:36 +0000 Subject: [openssl-users] OpenSSL version 1.1.1 pre release 6 published Message-ID: <20180501130636.GA9299@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenSSL version 1.1.1 pre release 6 (beta) =========================================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 6 has now been made available. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.1-notes.html Note: This OpenSSL pre-release has been provided for testing ONLY. It should NOT be used for security critical purposes. The beta release is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.1-pre6.tar.gz Size: 8286337 SHA1 checksum: d9aa6121ea9e8bfc4632566c72b376620c68ece3 SHA256 checksum: 01f91c5370fe210f7172d863c5bdc5dee2450c3faa98b4af2627ee6f7e128d87 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.1-pre6.tar.gz openssl sha256 openssl-1.1.1-pre6.tar.gz Please download and check this beta release as soon as possible. To report a bug, open an issue on GitHub: https://github.com/openssl/openssl/issues Please check the release notes and mailing lists to avoid duplicate reports of known issues. (Of course, the source is also available on GitHub.) Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJa6GGbAAoJENnE0m0OYESRnqwH/jMNw6OXpGYriZphZxLNDBlR YGJcNypVPcW1y5aDPlhBp9GUTAot4NPtbYpbBegPdvWaI4tA5O3+2gnCRh3xoE9e k704SlJP+mmBOJSL2/9xSH1tJHNrSmXkHOpfZCr4nKJfayFDnl/H+vf6yNz3CzeB Oys/VDpLPrV2ev10QNpeypu37es4shNSIRU1OEjH+iDrmTBzt9LzU6dS1rYjtuiV QK/rdKV8ql0SFNIsrpLHNCT2EMfRqT/kbLcqObrczNBSunZXQF98W4XVhp7dlFBT GrE8gc/KY8YGfX6kF+1Vy+9vDDKNwaLyzRKXMKUZRLnxkSBbZBREerfwaQT7m0o= =O0aC -----END PGP SIGNATURE----- From john.sha.jiang at gmail.com Wed May 2 02:48:00 2018 From: john.sha.jiang at gmail.com (John Jiang) Date: Wed, 2 May 2018 10:48:00 +0800 Subject: [openssl-users] OpenSSL version 1.1.1 pre release 6 published In-Reply-To: <20180501130636.GA9299@openssl.org> References: <20180501130636.GA9299@openssl.org> Message-ID: Hi, I don't see the link for openssl-1.1.1-pre6.tar.gz on page https://www.openssl.org/source/ Thanks, John 2018-05-01 21:06 GMT+08:00 OpenSSL : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > OpenSSL version 1.1.1 pre release 6 (beta) > =========================================== > > OpenSSL - The Open Source toolkit for SSL/TLS > https://www.openssl.org/ > > OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 6 has now > been made available. For details of changes and known issues see the > release notes at: > > https://www.openssl.org/news/openssl-1.1.1-notes.html > > Note: This OpenSSL pre-release has been provided for testing ONLY. > It should NOT be used for security critical purposes. > > The beta release is available for download via HTTP and FTP from the > following master locations (you can find the various FTP mirrors under > https://www.openssl.org/source/mirror.html): > > * https://www.openssl.org/source/ > * ftp://ftp.openssl.org/source/ > > The distribution file name is: > > o openssl-1.1.1-pre6.tar.gz > Size: 8286337 > SHA1 checksum: d9aa6121ea9e8bfc4632566c72b376620c68ece3 > SHA256 checksum: 01f91c5370fe210f7172d863c5bdc5 > dee2450c3faa98b4af2627ee6f7e128d87 > > The checksums were calculated using the following commands: > > openssl sha1 openssl-1.1.1-pre6.tar.gz > openssl sha256 openssl-1.1.1-pre6.tar.gz > > Please download and check this beta release as soon as possible. > To report a bug, open an issue on GitHub: > > https://github.com/openssl/openssl/issues > > Please check the release notes and mailing lists to avoid duplicate > reports of known issues. (Of course, the source is also available > on GitHub.) > > Yours, > > The OpenSSL Project Team. > > -----BEGIN PGP SIGNATURE----- > > iQEcBAEBCAAGBQJa6GGbAAoJENnE0m0OYESRnqwH/jMNw6OXpGYriZphZxLNDBlR > YGJcNypVPcW1y5aDPlhBp9GUTAot4NPtbYpbBegPdvWaI4tA5O3+2gnCRh3xoE9e > k704SlJP+mmBOJSL2/9xSH1tJHNrSmXkHOpfZCr4nKJfayFDnl/H+vf6yNz3CzeB > Oys/VDpLPrV2ev10QNpeypu37es4shNSIRU1OEjH+iDrmTBzt9LzU6dS1rYjtuiV > QK/rdKV8ql0SFNIsrpLHNCT2EMfRqT/kbLcqObrczNBSunZXQF98W4XVhp7dlFBT > GrE8gc/KY8YGfX6kF+1Vy+9vDDKNwaLyzRKXMKUZRLnxkSBbZBREerfwaQT7m0o= > =O0aC > -----END PGP SIGNATURE----- > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.sha.jiang at gmail.com Wed May 2 05:53:49 2018 From: john.sha.jiang at gmail.com (John Jiang) Date: Wed, 2 May 2018 13:53:49 +0800 Subject: [openssl-users] OpenSSL version 1.1.1 pre release 6 published In-Reply-To: References: <20180501130636.GA9299@openssl.org> Message-ID: Anyway, I can download it via https://www.openssl.org/source/openssl-1.1.1-pre6.tar.gz John 2018-05-02 10:48 GMT+08:00 John Jiang : > Hi, > I don't see the link for openssl-1.1.1-pre6.tar.gz on page > https://www.openssl.org/source/ > > Thanks, > John > > > 2018-05-01 21:06 GMT+08:00 OpenSSL : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> OpenSSL version 1.1.1 pre release 6 (beta) >> =========================================== >> >> OpenSSL - The Open Source toolkit for SSL/TLS >> https://www.openssl.org/ >> >> OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 6 has now >> been made available. For details of changes and known issues see the >> release notes at: >> >> https://www.openssl.org/news/openssl-1.1.1-notes.html >> >> Note: This OpenSSL pre-release has been provided for testing ONLY. >> It should NOT be used for security critical purposes. >> >> The beta release is available for download via HTTP and FTP from the >> following master locations (you can find the various FTP mirrors under >> https://www.openssl.org/source/mirror.html): >> >> * https://www.openssl.org/source/ >> * ftp://ftp.openssl.org/source/ >> >> The distribution file name is: >> >> o openssl-1.1.1-pre6.tar.gz >> Size: 8286337 >> SHA1 checksum: d9aa6121ea9e8bfc4632566c72b376620c68ece3 >> SHA256 checksum: 01f91c5370fe210f7172d863c5bdc5 >> dee2450c3faa98b4af2627ee6f7e128d87 >> >> The checksums were calculated using the following commands: >> >> openssl sha1 openssl-1.1.1-pre6.tar.gz >> openssl sha256 openssl-1.1.1-pre6.tar.gz >> >> Please download and check this beta release as soon as possible. >> To report a bug, open an issue on GitHub: >> >> https://github.com/openssl/openssl/issues >> >> Please check the release notes and mailing lists to avoid duplicate >> reports of known issues. (Of course, the source is also available >> on GitHub.) >> >> Yours, >> >> The OpenSSL Project Team. >> >> -----BEGIN PGP SIGNATURE----- >> >> iQEcBAEBCAAGBQJa6GGbAAoJENnE0m0OYESRnqwH/jMNw6OXpGYriZphZxLNDBlR >> YGJcNypVPcW1y5aDPlhBp9GUTAot4NPtbYpbBegPdvWaI4tA5O3+2gnCRh3xoE9e >> k704SlJP+mmBOJSL2/9xSH1tJHNrSmXkHOpfZCr4nKJfayFDnl/H+vf6yNz3CzeB >> Oys/VDpLPrV2ev10QNpeypu37es4shNSIRU1OEjH+iDrmTBzt9LzU6dS1rYjtuiV >> QK/rdKV8ql0SFNIsrpLHNCT2EMfRqT/kbLcqObrczNBSunZXQF98W4XVhp7dlFBT >> GrE8gc/KY8YGfX6kF+1Vy+9vDDKNwaLyzRKXMKUZRLnxkSBbZBREerfwaQT7m0o= >> =O0aC >> -----END PGP SIGNATURE----- >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From eldiener at tropicsoft.com Wed May 2 12:19:40 2018 From: eldiener at tropicsoft.com (Edward Diener) Date: Wed, 2 May 2018 08:19:40 -0400 Subject: [openssl-users] OPENSSL_VERSION_NUMBER representation Message-ID: The latest documentation for OPENSSL_VERSION_NUMBER at https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_VERSION_NUMBER.html says that it is 9 hex digits, with the last nibble being a status identifier, while every use I have seen of it in header files treats it as 8 hex digits. Can anybody straighten me out on this ? Also the latest documentation give it as MNNFFPPS: major minor fix patch status where the examples in that documentation clearly show it as MMNNFFPPS: major minor fix patch status Can anybody straighten me out on this ? I would like to use the OPENSSL_VERSION_NUMBER at compile time to choose between functionality for version 1.1.0 and version 1.0.x but the confusion in my mind of how OPENSSL_VERSION_NUMBER actually is specified is making that impossible. From tmraz at redhat.com Wed May 2 12:30:42 2018 From: tmraz at redhat.com (Tomas Mraz) Date: Wed, 02 May 2018 14:30:42 +0200 Subject: [openssl-users] OPENSSL_VERSION_NUMBER representation In-Reply-To: References: Message-ID: <1525264242.3064.27.camel@redhat.com> On Wed, 2018-05-02 at 08:19 -0400, Edward Diener wrote: > The latest documentation for OPENSSL_VERSION_NUMBER at > https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_VERSION_NUMBER.h > tml > says that it is 9 hex digits, with the last nibble being a status > identifier, while every use I have seen of it in header files treats > it > as 8 hex digits. Can anybody straighten me out on this ? > > Also the latest documentation give it as > > MNNFFPPS: major minor fix patch status > > where the examples in that documentation clearly show it as > > MMNNFFPPS: major minor fix patch status > > Can anybody straighten me out on this ? That's because 0x1 and 0x01 are the same numbers. For example version 1.1.0a: 0x01010001f == 0x1010001f -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From eldiener at tropicsoft.com Thu May 3 02:54:18 2018 From: eldiener at tropicsoft.com (Edward Diener) Date: Wed, 2 May 2018 22:54:18 -0400 Subject: [openssl-users] OPENSSL_VERSION_NUMBER representation In-Reply-To: <1525264242.3064.27.camel@redhat.com> References: <1525264242.3064.27.camel@redhat.com> Message-ID: On 5/2/2018 8:30 AM, Tomas Mraz wrote: > On Wed, 2018-05-02 at 08:19 -0400, Edward Diener wrote: >> The latest documentation for OPENSSL_VERSION_NUMBER at >> https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_VERSION_NUMBER.h >> tml >> says that it is 9 hex digits, with the last nibble being a status >> identifier, while every use I have seen of it in header files treats >> it >> as 8 hex digits. Can anybody straighten me out on this ? >> >> Also the latest documentation give it as >> >> MNNFFPPS: major minor fix patch status >> >> where the examples in that documentation clearly show it as >> >> MMNNFFPPS: major minor fix patch status >> >> Can anybody straighten me out on this ? > > That's because 0x1 and 0x01 are the same numbers. > > For example version 1.1.0a: 0x01010001f == 0x1010001f > Thanks ! I guess version 16 of openssl isn't planned for anytime soon . From morthalaanilreddy at gmail.com Thu May 3 07:06:40 2018 From: morthalaanilreddy at gmail.com (Anil kumar Reddy) Date: Thu, 3 May 2018 09:06:40 +0200 Subject: [openssl-users] How to prove a Certificate is Signed or not Message-ID: Hi everyone, I am new to opennssl and now I am completely confused. Please help me out to solve my issue. I have implemented a code to sign the given CSR certificate (certReq.pem), then generate openssl signed Certificate (SignedCertificate.pem) using the details of certReq,pem. The code is like self signing, but I have added new functions to enter additional issuer details. Now I have two private keys one from CA, another from CSR, one CSR (certReq.pem) and Signed Certificate (SignedCertificate.pem). In SignedCertificate.pem, the subject details and the issuer details are different. There is no problem with codes. The issue is: I am unable to find out the exact command lines or c/c++ program functions to prove the SignedCertificate.pem is signed or not. I have spent more than one day on researching, but I am end up with confusion. I do not have any digital certificate chain. Could anyone kindly provide any information regarding this. Thanks in advance, -------------- next part -------------- An HTML attachment was scrubbed... URL: From d3ck0r at gmail.com Thu May 3 07:36:49 2018 From: d3ck0r at gmail.com (J Decker) Date: Thu, 3 May 2018 00:36:49 -0700 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: References: Message-ID: https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 this routine does cert validation but I don't thkn that's what you want this verified on a connection.... https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 which boils down to.... SSL_get_peer_certificate , SSL_get_verify_result On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < morthalaanilreddy at gmail.com> wrote: > Hi everyone, > > I am new to opennssl and now I am completely confused. Please help me out > to solve my issue. > > I have implemented a code to sign the given CSR certificate (certReq.pem), > then generate openssl signed Certificate (SignedCertificate.pem) using the > details of certReq,pem. The code is like self signing, but I have added new > functions to enter additional issuer details. Now I have two private keys > one from CA, another from CSR, one CSR (certReq.pem) and Signed Certificate > (SignedCertificate.pem). In SignedCertificate.pem, the subject details and > the issuer details are different. There is no problem with codes. > > The issue is: > I am unable to find out the exact command lines or c/c++ program functions > to prove the SignedCertificate.pem is signed or not. I have spent more than > one day on researching, but I am end up with confusion. I do not have any > digital certificate chain. > > > Could anyone kindly provide any information regarding this. > > Thanks in advance, > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From morthalaanilreddy at gmail.com Thu May 3 08:23:19 2018 From: morthalaanilreddy at gmail.com (morthalan) Date: Thu, 3 May 2018 01:23:19 -0700 (MST) Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: References: Message-ID: <1525335799770-0.post@n7.nabble.com> No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on Openssl. d3x0r wrote > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 > this routine does cert validation but I don't thkn that's what you want > > this verified on a connection.... > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 > > which boils down to.... > SSL_get_peer_certificate , SSL_get_verify_result > > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < > morthalaanilreddy@ >> wrote: > >> Hi everyone, >> >> I am new to opennssl and now I am completely confused. Please help me out >> to solve my issue. >> >> I have implemented a code to sign the given CSR certificate >> (certReq.pem), >> then generate openssl signed Certificate (SignedCertificate.pem) using >> the >> details of certReq,pem. The code is like self signing, but I have added >> new >> functions to enter additional issuer details. Now I have two private keys >> one from CA, another from CSR, one CSR (certReq.pem) and Signed >> Certificate >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details >> and >> the issuer details are different. There is no problem with codes. >> >> The issue is: >> I am unable to find out the exact command lines or c/c++ program >> functions >> to prove the SignedCertificate.pem is signed or not. I have spent more >> than >> one day on researching, but I am end up with confusion. I do not have any >> digital certificate chain. >> >> >> Could anyone kindly provide any information regarding this. >> >> Thanks in advance, >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users d3x0r wrote > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 > this routine does cert validation but I don't thkn that's what you want > > this verified on a connection.... > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 > > which boils down to.... > SSL_get_peer_certificate , SSL_get_verify_result > > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < > morthalaanilreddy@ >> wrote: > >> Hi everyone, >> >> I am new to opennssl and now I am completely confused. Please help me out >> to solve my issue. >> >> I have implemented a code to sign the given CSR certificate >> (certReq.pem), >> then generate openssl signed Certificate (SignedCertificate.pem) using >> the >> details of certReq,pem. The code is like self signing, but I have added >> new >> functions to enter additional issuer details. Now I have two private keys >> one from CA, another from CSR, one CSR (certReq.pem) and Signed >> Certificate >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details >> and >> the issuer details are different. There is no problem with codes. >> >> The issue is: >> I am unable to find out the exact command lines or c/c++ program >> functions >> to prove the SignedCertificate.pem is signed or not. I have spent more >> than >> one day on researching, but I am end up with confusion. I do not have any >> digital certificate chain. >> >> >> Could anyone kindly provide any information regarding this. >> >> Thanks in advance, >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users d3x0r wrote > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 > this routine does cert validation but I don't thkn that's what you want > > this verified on a connection.... > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 > > which boils down to.... > SSL_get_peer_certificate , SSL_get_verify_result > > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < > morthalaanilreddy@ >> wrote: > >> Hi everyone, >> >> I am new to opennssl and now I am completely confused. Please help me out >> to solve my issue. >> >> I have implemented a code to sign the given CSR certificate >> (certReq.pem), >> then generate openssl signed Certificate (SignedCertificate.pem) using >> the >> details of certReq,pem. The code is like self signing, but I have added >> new >> functions to enter additional issuer details. Now I have two private keys >> one from CA, another from CSR, one CSR (certReq.pem) and Signed >> Certificate >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details >> and >> the issuer details are different. There is no problem with codes. >> >> The issue is: >> I am unable to find out the exact command lines or c/c++ program >> functions >> to prove the SignedCertificate.pem is signed or not. I have spent more >> than >> one day on researching, but I am end up with confusion. I do not have any >> digital certificate chain. >> >> >> Could anyone kindly provide any information regarding this. >> >> Thanks in advance, >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From darshanmody at avaya.com Thu May 3 08:42:50 2018 From: darshanmody at avaya.com (Mody, Darshan (Darshan)) Date: Thu, 3 May 2018 08:42:50 +0000 Subject: [openssl-users] disable session id reuse Message-ID: <25D2EC755404B4409F263AC6D050FEBB2A41FE1B@AZ-FFEXMB03.global.avaya.com> Hi, While doing a openssl s_time command I find that by default it tries for Session Id Reuse. "Now timing with session id reuse." In case if we don't want openssl to reuse session id's how can we configure openssl in the application for the same. The application here is acting as a server. I have set SSL_CTX_set_session_cache_mode to SSL_SESS_CACHE_OFF Thanks Darshan -------------- next part -------------- An HTML attachment was scrubbed... URL: From d3ck0r at gmail.com Thu May 3 08:56:37 2018 From: d3ck0r at gmail.com (J Decker) Date: Thu, 3 May 2018 01:56:37 -0700 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: References: Message-ID: Or using the javascript interface https://www.npmjs.com/package/sack.vfs#interface https://github.com/d3x0r/sack.vfs/blob/master/tests/tlsTest.js#L28 if( vfs.TLS.validate( {cert:signedCert3, chain:signedCert2+cert} ) ) console.log( "Chain is valid." ); On Thu, May 3, 2018 at 12:36 AM, J Decker wrote: > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 > this routine does cert validation but I don't thkn that's what you want > > this verified on a connection.... https://github. > com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 > > which boils down to.... > SSL_get_peer_certificate , SSL_get_verify_result > > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < > morthalaanilreddy at gmail.com> wrote: > >> Hi everyone, >> >> I am new to opennssl and now I am completely confused. Please help me out >> to solve my issue. >> >> I have implemented a code to sign the given CSR certificate >> (certReq.pem), then generate openssl signed Certificate >> (SignedCertificate.pem) using the details of certReq,pem. The code is like >> self signing, but I have added new functions to enter additional issuer >> details. Now I have two private keys one from CA, another from CSR, one CSR >> (certReq.pem) and Signed Certificate (SignedCertificate.pem). In >> SignedCertificate.pem, the subject details and the issuer details are >> different. There is no problem with codes. >> >> The issue is: >> I am unable to find out the exact command lines or c/c++ program >> functions to prove the SignedCertificate.pem is signed or not. I have spent >> more than one day on researching, but I am end up with confusion. I do not >> have any digital certificate chain. >> >> >> Could anyone kindly provide any information regarding this. >> >> Thanks in advance, >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu May 3 09:24:48 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 May 2018 11:24:48 +0200 (CEST) Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <1525335799770-0.post@n7.nabble.com> References: <1525335799770-0.post@n7.nabble.com> Message-ID: <20180503.112448.1286710673559008677.levitte@openssl.org> openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem Hope that helped Cheers, Richard In message <1525335799770-0.post at n7.nabble.com> on Thu, 3 May 2018 01:23:19 -0700 (MST), morthalan said: morthalaanilreddy> No, technically not. I am just searching for a simple method just to check a morthalaanilreddy> certificate is signed by CA or not. morthalaanilreddy> Because. Something like signing check, I am not quite sure, I do not have morthalaanilreddy> proper knowledge on Openssl. morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> d3x0r wrote morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want morthalaanilreddy> > morthalaanilreddy> > this verified on a connection.... morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 morthalaanilreddy> > morthalaanilreddy> > which boils down to.... morthalaanilreddy> > SSL_get_peer_certificate , SSL_get_verify_result morthalaanilreddy> > morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < morthalaanilreddy> morthalaanilreddy> > morthalaanilreddy@ morthalaanilreddy> morthalaanilreddy> >> wrote: morthalaanilreddy> > morthalaanilreddy> >> Hi everyone, morthalaanilreddy> >> morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out morthalaanilreddy> >> to solve my issue. morthalaanilreddy> >> morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate morthalaanilreddy> >> (certReq.pem), morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using morthalaanilreddy> >> the morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added morthalaanilreddy> >> new morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed morthalaanilreddy> >> Certificate morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details morthalaanilreddy> >> and morthalaanilreddy> >> the issuer details are different. There is no problem with codes. morthalaanilreddy> >> morthalaanilreddy> >> The issue is: morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program morthalaanilreddy> >> functions morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more morthalaanilreddy> >> than morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any morthalaanilreddy> >> digital certificate chain. morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> >> Could anyone kindly provide any information regarding this. morthalaanilreddy> >> morthalaanilreddy> >> Thanks in advance, morthalaanilreddy> >> morthalaanilreddy> >> -- morthalaanilreddy> >> openssl-users mailing list morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> > morthalaanilreddy> > -- morthalaanilreddy> > openssl-users mailing list morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> d3x0r wrote morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want morthalaanilreddy> > morthalaanilreddy> > this verified on a connection.... morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 morthalaanilreddy> > morthalaanilreddy> > which boils down to.... morthalaanilreddy> > SSL_get_peer_certificate , SSL_get_verify_result morthalaanilreddy> > morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < morthalaanilreddy> morthalaanilreddy> > morthalaanilreddy@ morthalaanilreddy> morthalaanilreddy> >> wrote: morthalaanilreddy> > morthalaanilreddy> >> Hi everyone, morthalaanilreddy> >> morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out morthalaanilreddy> >> to solve my issue. morthalaanilreddy> >> morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate morthalaanilreddy> >> (certReq.pem), morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using morthalaanilreddy> >> the morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added morthalaanilreddy> >> new morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed morthalaanilreddy> >> Certificate morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details morthalaanilreddy> >> and morthalaanilreddy> >> the issuer details are different. There is no problem with codes. morthalaanilreddy> >> morthalaanilreddy> >> The issue is: morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program morthalaanilreddy> >> functions morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more morthalaanilreddy> >> than morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any morthalaanilreddy> >> digital certificate chain. morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> >> Could anyone kindly provide any information regarding this. morthalaanilreddy> >> morthalaanilreddy> >> Thanks in advance, morthalaanilreddy> >> morthalaanilreddy> >> -- morthalaanilreddy> >> openssl-users mailing list morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> > morthalaanilreddy> > -- morthalaanilreddy> > openssl-users mailing list morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> d3x0r wrote morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want morthalaanilreddy> > morthalaanilreddy> > this verified on a connection.... morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 morthalaanilreddy> > morthalaanilreddy> > which boils down to.... morthalaanilreddy> > SSL_get_peer_certificate , SSL_get_verify_result morthalaanilreddy> > morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy < morthalaanilreddy> morthalaanilreddy> > morthalaanilreddy@ morthalaanilreddy> morthalaanilreddy> >> wrote: morthalaanilreddy> > morthalaanilreddy> >> Hi everyone, morthalaanilreddy> >> morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out morthalaanilreddy> >> to solve my issue. morthalaanilreddy> >> morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate morthalaanilreddy> >> (certReq.pem), morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using morthalaanilreddy> >> the morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added morthalaanilreddy> >> new morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed morthalaanilreddy> >> Certificate morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details morthalaanilreddy> >> and morthalaanilreddy> >> the issuer details are different. There is no problem with codes. morthalaanilreddy> >> morthalaanilreddy> >> The issue is: morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program morthalaanilreddy> >> functions morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more morthalaanilreddy> >> than morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any morthalaanilreddy> >> digital certificate chain. morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> >> Could anyone kindly provide any information regarding this. morthalaanilreddy> >> morthalaanilreddy> >> Thanks in advance, morthalaanilreddy> >> morthalaanilreddy> >> -- morthalaanilreddy> >> openssl-users mailing list morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> >> morthalaanilreddy> >> morthalaanilreddy> > morthalaanilreddy> > -- morthalaanilreddy> > openssl-users mailing list morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> morthalaanilreddy> -- morthalaanilreddy> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html morthalaanilreddy> From morthalaanilreddy at gmail.com Thu May 3 09:50:43 2018 From: morthalaanilreddy at gmail.com (morthalan) Date: Thu, 3 May 2018 02:50:43 -0700 (MST) Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <20180503.112448.1286710673559008677.levitte@openssl.org> References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> Message-ID: <1525341043613-0.post@n7.nabble.com> But In my case, I do not have any root certificate. I have only one signed certificate (SignedCertificate.pem) and one certificate signing request (certReq.pem) . So when I use it as below openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem I am getting error "error 20 at 0 depth lookup:unable to get local issuer certificate". I believe it is for verifying certificate chain trust. Correct me if I am wrong. Is there anyway to manipulate it? Richard Levitte - VMS Whacker-2 wrote > openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem > > Hope that helped > > Cheers, > Richard > > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From d3ck0r at gmail.com Thu May 3 10:20:11 2018 From: d3ck0r at gmail.com (J Decker) Date: Thu, 3 May 2018 03:20:11 -0700 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <1525341043613-0.post@n7.nabble.com> References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> <1525341043613-0.post@n7.nabble.com> Message-ID: a root cert is the self signed cert. On Thu, May 3, 2018 at 2:50 AM, morthalan wrote: > But In my case, I do not have any root certificate. I have only one signed > certificate (SignedCertificate.pem) and one certificate signing request > (certReq.pem) . So when I use it as below > > openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem > > I am getting error "error 20 at 0 depth lookup:unable to get local issuer > certificate". > I believe it is for verifying certificate chain trust. Correct me if I am > wrong. Is there anyway to manipulate it? > > > Richard Levitte - VMS Whacker-2 wrote > > openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem > > > > Hope that helped > > > > Cheers, > > Richard > > > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Thu May 3 11:18:48 2018 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 3 May 2018 11:18:48 +0000 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <1525335799770-0.post@n7.nabble.com> References: <1525335799770-0.post@n7.nabble.com> Message-ID: <01B09B33-4BEB-49B3-8EE8-B8D9E7494EC2@akamai.com> ?On 5/3/18, 4:24 AM, "morthalan" wrote: No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on Openssl. If you have a cert, and a list of CA's that you trust, look at the verify command. From morthalaanilreddy at gmail.com Thu May 3 12:26:44 2018 From: morthalaanilreddy at gmail.com (morthalan) Date: Thu, 3 May 2018 05:26:44 -0700 (MST) Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> <1525341043613-0.post@n7.nabble.com> Message-ID: <1525350404121-0.post@n7.nabble.com> Sorry for the insufficient explanation on what I did. I have implemented one c++ code(csrReq.cpp) to generate certificate signing request(certReq.pem) along with private key(csrPkey.pem). Another c++ code (signcode.cpp)is to read the user data from certReq.pem and generate the Signed Certificate(SignedCertificate.pem). Here the public key will be included in certReq.pem. So signcode.cpp will take the public from from certReq.pem then generate SignedCertificate.pem using it. After the generation of SignedCertificate.pem. I would like to write function to verify the SignedCertificate.pem, whether it is signed or not. Is there any possibility to check the signature of SignedCertificate.pem. d3x0r wrote > a root cert is the self signed cert. > > > On Thu, May 3, 2018 at 2:50 AM, morthalan < > morthalaanilreddy@ > > > wrote: > >> But In my case, I do not have any root certificate. I have only one >> signed >> certificate (SignedCertificate.pem) and one certificate signing request >> (certReq.pem) . So when I use it as below >> >> openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem >> >> I am getting error "error 20 at 0 depth lookup:unable to get local >> issuer >> certificate". >> I believe it is for verifying certificate chain trust. Correct me if I am >> wrong. Is there anyway to manipulate it? >> >> >> Richard Levitte - VMS Whacker-2 wrote >> > openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem >> > >> > Hope that helped >> > >> > Cheers, >> > Richard >> > >> > openssl-users mailing list >> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> >> >> >> >> -- >> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From rsalz at akamai.com Thu May 3 12:45:35 2018 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 3 May 2018 12:45:35 +0000 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <1525350404121-0.post@n7.nabble.com> References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> <1525341043613-0.post@n7.nabble.com> <1525350404121-0.post@n7.nabble.com> Message-ID: <3AF315DC-BDBE-4B96-B884-F71E803F9357@akamai.com> > After the generation of SignedCertificate.pem. I would like to write function to verify the SignedCertificate.pem, whether it is signed or not. That is still not an accurate description. By definition, a certificate is *signed data.* It appears as a bitstring in the X509 data structure. Is this want you want to do? You have a certificate, and a CA key or certificate. You want to know if the CA's public key generated the signature that is in the certificate that you have. Look at the X509_verify function. You will need to take your CA cert (or key) and make a key object, but start with that first manpage and follow the references. From felipe at felipegasper.com Thu May 3 11:43:19 2018 From: felipe at felipegasper.com (Felipe Gasper) Date: Thu, 3 May 2018 07:43:19 -0400 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <01B09B33-4BEB-49B3-8EE8-B8D9E7494EC2@akamai.com> References: <1525335799770-0.post@n7.nabble.com> <01B09B33-4BEB-49B3-8EE8-B8D9E7494EC2@akamai.com> Message-ID: <3FFEC0A7-0D0C-4DF9-8497-021DC4565283@felipegasper.com> You could: - Check subject and issuer for sameness. - Verify the signature with the certificate?s own key. A positive verification indicates self-signed. > On May 3, 2018, at 7:18 AM, Salz, Rich via openssl-users wrote: > > > > ?On 5/3/18, 4:24 AM, "morthalan" wrote: > > No, technically not. I am just searching for a simple method just to check a > certificate is signed by CA or not. > Because. Something like signing check, I am not quite sure, I do not have > proper knowledge on Openssl. > > > If you have a cert, and a list of CA's that you trust, look at the verify command. > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users From morthalaanilreddy at gmail.com Thu May 3 13:02:16 2018 From: morthalaanilreddy at gmail.com (morthalan) Date: Thu, 3 May 2018 06:02:16 -0700 (MST) Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <3AF315DC-BDBE-4B96-B884-F71E803F9357@akamai.com> References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> <1525341043613-0.post@n7.nabble.com> <1525350404121-0.post@n7.nabble.com> <3AF315DC-BDBE-4B96-B884-F71E803F9357@akamai.com> Message-ID: <1525352536903-0.post@n7.nabble.com> I got two Ideas. I can verify the certificate by comparing the issuer name char *s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *i = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); int rc = strcmp(s, i); verifying with public key EVP_PKEY *caPubkey = X509_get_pubkey(signCert); X509_REQ_verify(certreq, caPubkey); thanks for the suggestions. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From Michael.Wojcik at microfocus.com Thu May 3 13:03:23 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 3 May 2018 13:03:23 +0000 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: <1525341043613-0.post@n7.nabble.com> References: <1525335799770-0.post@n7.nabble.com> <20180503.112448.1286710673559008677.levitte@openssl.org> <1525341043613-0.post@n7.nabble.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of morthalan > Sent: Thursday, May 03, 2018 05:51 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] How to prove a Certificate is Signed or not > > But In my case, I do not have any root certificate. I have only one signed > certificate (SignedCertificate.pem) and one certificate signing request > (certReq.pem) . To process the CSR and create the entity certificate (what you're calling the "signed certificate", which is redundant, since all certificates are signed), you have to use the CA private key. The CA private key has a corresponding public key, which you would have generated alongside the private key. Verifying the signature on the entity certificate requires that public key. The APIs that verify the signature receive the public key as part of the issuer certificate. You *must* have a CA certificate containing the public key that corresponds to the private key (you used to sign the entity certificate) in order to verify the signature on the entity certificate. It's not optional. Certificate verification also examines other aspects of the certificate used by the issuer to sign the entity certificate, such as its validity dates. So that's another reason why you *must* have the issuer certificate. But then you can't process a CSR without a CA certificate, because when you issue the entity certificate, it has to refer to the CA certificate used to issue it. So if you've generated an entity certificate, there's a corresponding issuing certificate somewhere. I would strongly recommend you find an introduction to X.509 PKI somewhere online before proceeding. X.509 is hideously complicated and fraught with difficulties. Trying to code for it without the basic technical background will be an exercise in frustration and likely lead to errors that greatly weaken the security of your application. -- Michael Wojcik Distinguished Engineer, Micro Focus From bhat.jayalakshmi at gmail.com Thu May 3 14:09:33 2018 From: bhat.jayalakshmi at gmail.com (Jayalakshmi bhat) Date: Thu, 3 May 2018 19:39:33 +0530 Subject: [openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build Message-ID: Hi All, I am building FIPS supported OpenSSL in yocto for ARM architecture. I tried using openssl-fips-2.0.13 and openssl-fips-2.0.4 I am building FIPS externally with the below environmental settings ------------------------ ------------------------ ------------------------ ------------------------ ------------------------ PATH=/yocto/gcc/gcc-linaro-4.9-2016.02-x86_64_arm-linux-gnueabihf/bin:$PATH export PATH export FIPS_SIG=/yocto/openssl-fips-2.0.4/util/incore export MACHINE=armv71 export RELEASE=4.9.13 export SYSTEM=Linux export ARCH=arm export CROSS_COMPILE=arm-linux-gnueabihf- export HOSTCC=gcc export FIPSDIR=/yocto/meta/recipes-connectivity/openssl/fips2.0 Build commands for FIPS library ./config -mfloat-abi=hard make make install ------------------------ Then I am building OpenSSL 1.0.2h with the below environment settings export FIPSDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0" export FIPSLIBDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0/lib/" export FIPS_SIG="/yocto/meta/recipes-connectivity/openssl/fips2.0/bin/incore" Build command to build OpenSSL. perl ./Configure ${EXTRA_OECONF} fips shared --with-fipsdir=${FIPSDIR} --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target Build is successful. without any error. But when I try executing export OPENSSL_FIPS=1 openssl -v I am getting 3069334736:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:244 I am not understand what could be going wrong. Any help is appreciated Regards Jayalakshmi -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Thu May 3 15:11:23 2018 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 3 May 2018 11:11:23 -0400 Subject: [openssl-users] How to prove a Certificate is Signed or not In-Reply-To: References: Message-ID: <63C0F220-1730-4D57-876B-15F65F45050E@dukhovni.org> > On May 3, 2018, at 3:06 AM, Anil kumar Reddy wrote: > > The issue is: > I am unable to find out the exact command lines or c/c++ program functions to prove the SignedCertificate.pem is signed or not. I have spent more than one day on researching, but I am end up with confusion. I do not have any digital certificate chain. To verify the signature on a single certificate using a known issuer public key you call: X509_verify(X509 *cert, EVP_PKEY *pkey) with return values <= 0 indicating failure. To verify a certificate chain against a set of trust anchors you call: X509_verify_cert(X509_STORE_CTX *ctx) where "ctx" is populated with the certificate chain, trust anchors, CRLs, verification parameters, including some types of subject names to check... This is what most applications use to check that something is signed by a trusted certificate with the right identity and purpose. -- Viktor. From bhat.jayalakshmi at gmail.com Thu May 3 15:25:39 2018 From: bhat.jayalakshmi at gmail.com (Jayalakshmi bhat) Date: Thu, 3 May 2018 20:55:39 +0530 Subject: [openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build In-Reply-To: References: Message-ID: Hi All, In addition to the my previous mail, this is additional info objdump -t libcrypto.so.1.0.0 | grep FIPS_signature 001ad8b0 l O .data 00000014 FIPS_signature readelf -a libcrypto.so.1.0.0 | grep FIPS_signature 11812: 001ad8b0 20 OBJECT LOCAL DEFAULT 23 FIPS_signature Regards Jayalakshmi On Thu, May 3, 2018 at 7:39 PM, Jayalakshmi bhat wrote: > Hi All, > > I am building FIPS supported OpenSSL in yocto for ARM architecture. I > tried using openssl-fips-2.0.13 and openssl-fips-2.0.4 > > > I am building FIPS externally with the below environmental settings > ------------------------ ------------------------ ------------------------ > ------------------------ ------------------------ > PATH=/yocto/gcc/gcc-linaro-4.9-2016.02-x86_64_arm-linux- > gnueabihf/bin:$PATH > > export PATH > export FIPS_SIG=/yocto/openssl-fips-2.0.4/util/incore > export MACHINE=armv71 > export RELEASE=4.9.13 > export SYSTEM=Linux > export ARCH=arm > export CROSS_COMPILE=arm-linux-gnueabihf- > export HOSTCC=gcc > export FIPSDIR=/yocto/meta/recipes-connectivity/openssl/fips2.0 > > Build commands for FIPS library > > ./config -mfloat-abi=hard > make > make install > ------------------------ > > Then I am building OpenSSL 1.0.2h with the below environment settings > > export FIPSDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0" > export FIPSLIBDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0/lib/" > export FIPS_SIG="/yocto/meta/recipes-connectivity/openssl/fips2.0/ > bin/incore" > > Build command to build OpenSSL. > > perl ./Configure ${EXTRA_OECONF} fips shared --with-fipsdir=${FIPSDIR} > --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename > ${libdir}` $target > > Build is successful. without any error. But when I try executing > > export OPENSSL_FIPS=1 > openssl -v > > I am getting > > 3069334736:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint > does not match:fips.c:244 > > I am not understand what could be going wrong. Any help is appreciated > > Regards > Jayalakshmi > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzburda at gmail.com Fri May 4 00:16:21 2018 From: jzburda at gmail.com (Lunessia) Date: Thu, 3 May 2018 19:16:21 -0500 Subject: [openssl-users] Unable to install OpenSSL Message-ID: Hello everyone, I've been having various troubles with installing and compiling OpenSSL. I started with 1.1.1-pre6, and my Perl client will tell me that I don't have NASM even if I have it installed (If I use VC-WIN64A) or output "If you want to report a building issue, please include the output from this command: Perl configdata.pl --dump" when I use VC-WIN64I With 1.0.2o, Perl compiles the program, but however, I can't use Dmake to compile it, as Dmake will state: "dmake.exe: makefile: line 275: Warning: -- Found non-white space character after '[' in [@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)]. dmake.exe: makefile: line 307: Warning: -- Found non-white space character after '[' in [[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \ -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \ $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ libcrypto.a $(EX_LIBS)]. dmake.exe: makefile: line 307: Error: -- New group recipe begin found within group recipe." Here are my programs: A make implementation: Dmake from Perl Perl 5 with core modules: ActivePerl 5.22.4.2205 with text::template installed ANSI C Compiler: MinGW from Perl A development environment in the form of in the form of development libraries and C header files: (I'm guessing) Visual Studio 2017 (I can't use Nmake with it for some reason) Netwide Assembler: NASM 2.13.03 Operating system: Windows 10 x64 Some of these were found either by the .exe version or by the installer version. Also attached is the configdata.pl dump. The makefile has not updated, so I will not include that unless asked. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- Command line (with current working directory = .): C:\Perl64\bin\perl.exe Configure VC-WIN64I Perl information: C:\Perl64\bin\perl.exe 5.22.4 for MSWin32-x64-multi-thread Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dso dtls dynamic-engine ec ec2m ecdh ecdsa engine err filenames gost hw(-.+)? idea makedepend md4 mdc2 multiblock nextprotoneg ocb ocsp pic poly1305 posix-io psk rc2 rc4 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl static-engine stdio tests threads tls ts ui-console whirlpool tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng [not-linux] asan [default] OPENSSL_NO_ASAN crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE devcryptoeng [default] OPENSSL_NO_DEVCRYPTOENG ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 egd [default] OPENSSL_NO_EGD external-tests [default] OPENSSL_NO_EXTERNAL_TESTS fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER fuzz-afl [default] OPENSSL_NO_FUZZ_AFL heartbeats [default] OPENSSL_NO_HEARTBEATS md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) msan [default] OPENSSL_NO_MSAN rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) sctp [default] OPENSSL_NO_SCTP ssl-trace [default] OPENSSL_NO_SSL_TRACE tls13downgrade [default] OPENSSL_NO_TLS13DOWNGRADE ubsan [default] OPENSSL_NO_UBSAN unit-test [default] OPENSSL_NO_UNIT_TEST weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS zlib [default] zlib-dynamic [default] ssl3 [default] OPENSSL_NO_SSL3 ssl3-method [default] OPENSSL_NO_SSL3_METHOD Config target attributes: AR => "lib", ARFLAGS => "/nologo", AS => "ias", ASFLAGS => "-d debug", CC => "cl", CFLAGS => "/W3 /wd4090 /nologo /O2", CPP => "\$(CC) /EP /C", HASHBANGPERL => "/usr/bin/env perl", LD => "link", LDFLAGS => "/nologo /debug", MT => "mt", MTFLAGS => "-nologo", RANLIB => "CODE(0x4bcc078)", RC => "rc", aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s", aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", apps_aux_src => "win32_init.c", apps_init_src => "../ms/applink.c", apps_obj => "win32_init.o", aroutflag => "/out:", asoutflag => "-o ", bf_asm_src => "bf_enc.c", bf_obj => "bf_enc.o", bin_cflags => "/Zi /Fdapp.pdb", bin_lflags => "/subsystem:console /opt:ref", bn_asm_src => "bn_asm.c ia64-mont.s", bn_obj => "bn_asm.o ia64-mont.o", bn_ops => "EXPORT_VAR_AS_FN SIXTY_FOUR_BIT", build_file => "makefile", build_scheme => [ "unified", "windows", "VC-common" ], cast_asm_src => "c_enc.c", cast_obj => "c_enc.o", cflags => "/Gs0 /GF /Gy /MD", chacha_asm_src => "chacha_enc.c", chacha_obj => "chacha_enc.o", cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c", cmll_obj => "camellia.o cmll_misc.o cmll_cbc.o", coutflag => "/Fo", cppflags => "", cpuid_asm_src => "ia64cpuid.s", cpuid_obj => "ia64cpuid.o", defines => [ "OPENSSL_SYS_WIN32", "WIN32_LEAN_AND_MEAN", "UNICODE", "_UNICODE", "_CRT_SECURE_NO_DEPRECATE", "_WINSOCK_DEPRECATED_NO_WARNINGS", "OPENSSL_USE_APPLINK" ], des_asm_src => "des_enc.c fcrypt_b.c", des_obj => "des_enc.o fcrypt_b.o", disable => [ ], dso_cflags => "/Zi /Fddso.pdb", dso_extension => "", dso_scheme => "win32", ec_asm_src => "", ec_obj => "", enable => [ ], ex_libs => "ws2_32.lib gdi32.lib advapi32.lib crypt32.lib user32.lib", exe_extension => "", includes => [ ], keccak1600_asm_src => "keccak1600.c", keccak1600_obj => "keccak1600.o", ldoutflag => "/out:", lflags => "", lib_cflags => "/Zi /Fdossl_static.pdb", lib_cppflags => "", lib_defines => [ "L_ENDIAN" ], md5_asm_src => "", md5_obj => "", modes_asm_src => "ghash-ia64.s", modes_obj => "ghash-ia64.o", module_cflags => "", module_cxxflags => "", module_ldflags => "/dll", mtinflag => "-manifest ", mtoutflag => "-outputresource:", multilib => "-ia64", padlock_asm_src => "", padlock_obj => "", perlasm_scheme => "ias", poly1305_asm_src => "", poly1305_obj => "", rc4_asm_src => "rc4_enc.c rc4_skey.c", rc4_obj => "rc4_enc.o rc4_skey.o", rc5_asm_src => "rc5_enc.c", rc5_obj => "rc5_enc.o", rcoutflag => "/fo", rmd160_asm_src => "", rmd160_obj => "", sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s", sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", shared_cflag => "", shared_defines => [ ], shared_extension => "", shared_extension_simple => "", shared_ldflag => "/dll", shared_rcflag => "", shared_target => "win-shared", sys_id => "WIN64I", thread_defines => [ ], thread_scheme => "winthreads", unistd => "", uplink_aux_src => "../ms/uplink.c uplink-ia64.s", uplink_obj => "../ms/uplink.o uplink-ia64.o", wp_asm_src => "wp_block.c", wp_obj => "wp_block.o", Recorded environment: AR = ARFLAGS = AS = ASFLAGS = BUILDFILE = CC = CFLAGS = CPP = CPPDEFINES = CPPFLAGS = CPPINCLUDES = CROSS_COMPILE = CXX = CXXFLAGS = HASHBANGPERL = LD = LDFLAGS = LDLIBS = MT = MTFLAGS = OPENSSL_LOCAL_CONFIG_DIR = PERL = RANLIB = RC = RCFLAGS = RM = WINDRES = __CNF_CFLAGS = __CNF_CPPDEFINES = __CNF_CPPFLAGS = __CNF_CPPINCLUDES = __CNF_CXXFLAGS = __CNF_LDFLAGS = __CNF_LDLIBS = Makevars: AR = lib ARFLAGS = /nologo AS = ias ASFLAGS = -d debug CC = cl CFLAGS = /W3 /wd4090 /nologo /O2 CPP = $(CC) /EP /C CPPDEFINES = CPPFLAGS = CPPINCLUDES = CXXFLAGS = HASHBANGPERL = /usr/bin/env perl LD = link LDFLAGS = /nologo /debug LDLIBS = MT = mt MTFLAGS = -nologo RC = rc NOTE: These variables only represent the configuration view. The build file template may have processed these variables further, please have a look at the build file for more exact data: makefile build file: makefile build file templates: Configurations\common0.tmpl Configurations\windows-makefile.tmpl Configurations\common.tmpl From jb-openssl at wisemo.com Fri May 4 00:56:36 2018 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Fri, 4 May 2018 02:56:36 +0200 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References: Message-ID: On 04/05/2018 02:16, Lunessia wrote: > Hello everyone, > I've been having various troubles with installing and compiling OpenSSL. > I started with 1.1.1-pre6, and my Perl client will tell me that I > don't have NASM even if I have it installed (If I use VC-WIN64A) or > output "If you want to report a building issue, please include the > output from this command: Perl configdata.pl > --dump" when I use VC-WIN64I > With 1.0.2o, Perl compiles the program, but however, I can't use Dmake > to compile it, as Dmake will state: > Please note that VC-WIN64I is for Itanium processors (supported only on Windows Server 2008 and 2008 R2, with some historic support on old versions of Windows Server 2003 and Windows XP). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From jzburda at gmail.com Fri May 4 22:55:13 2018 From: jzburda at gmail.com (Lunessia) Date: Fri, 4 May 2018 17:55:13 -0500 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References:

Message-ID: Thanks for the reply. If I sidestep VC-WIN64A with No-ASM, I'll get the same "If you want to report a building issue" error On Thu, May 3, 2018 at 7:56 PM, Jakob Bohm wrote: > On 04/05/2018 02:16, Lunessia wrote: > >> Hello everyone, >> I've been having various troubles with installing and compiling OpenSSL. >> I started with 1.1.1-pre6, and my Perl client will tell me that I don't >> have NASM even if I have it installed (If I use VC-WIN64A) or output "If >> you want to report a building issue, please include the output from this >> command: Perl configdata.pl --dump" when I use >> VC-WIN64I >> With 1.0.2o, Perl compiles the program, but however, I can't use Dmake to >> compile it, as Dmake will state: >> >> Please note that VC-WIN64I is for Itanium processors (supported only > on Windows Server 2008 and 2008 R2, with some historic support on old > versions of Windows Server 2003 and Windows XP). > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy.farrell at oracle.com Sat May 5 18:29:28 2018 From: jeremy.farrell at oracle.com (Jeremy Farrell) Date: Sat, 5 May 2018 19:29:28 +0100 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References: Message-ID: <864e7c07-540a-f7d2-b76f-bd919a814f9f@oracle.com> On 04/05/2018 01:16, Lunessia wrote: > I've been having various troubles with installing and compiling OpenSSL. > I started with 1.1.1-pre6, and my Perl client will tell me that I > don't have NASM even if I have it installed (If I use VC-WIN64A) Is NASM on your execution path? If not, try with it added to the path. > or output "If you want to report a building issue, please include the > output from this command: Perl configdata.pl > --dump" when I use VC-WIN64I As others have pointed out, that would configure to build for Itanium which you don't want to do - VC-WIN64A is the one you want for x64. > With 1.0.2o, Perl compiles the program, but however, I can't use Dmake > to compile it, as Dmake will state: > > "dmake.exe:? makefile:? line 275:? Warning: -- Found non-white space > character after '[' in [@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) > $(THIS) -e $(BUILDENV)]. > dmake.exe:? makefile:? line 307:? Warning: -- Found non-white space > character after '[' in [[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) > -Iinclude \ > ??????????????? -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@? \ > ??????????????? $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ > ??????????????? libcrypto.a $(EX_LIBS)]. > dmake.exe:? makefile:? line 307:? Error: -- New group recipe begin > found within group recipe." I don't know anything about dmake, but this suggests it's not close enough to the expected version of make. I wouldn't be surprised if the VC builds effectively require nmake - they're certainly more likely to work with nmake. > Here are my programs: > A make implementation: Dmake from Perl > Perl 5 with core modules: ActivePerl 5.22.4.2205 with text::template > installed > ANSI C Compiler: MinGW from Perl > A development environment in the form of in the form of development > libraries and C header files: (I'm guessing) Visual Studio 2017 (I > can't use Nmake with it for some reason) > Netwide Assembler: NASM 2.13.03 > Operating system: Windows 10 x64 I'd find out what's stopping nmake working and fix it; then try with NASM on the path, configure with VC-WIN64A, and build with nmake. Regards, ????????????????????????? jjf -- J. J. Farrell Not speaking for Oracle. -------------- next part -------------- An HTML attachment was scrubbed... URL: From digant.kubavat at gmail.com Sun May 6 08:11:46 2018 From: digant.kubavat at gmail.com (Devang Kubavat) Date: Sun, 6 May 2018 13:41:46 +0530 Subject: [openssl-users] disable session id reuse In-Reply-To: <25D2EC755404B4409F263AC6D050FEBB2A41FE1B@AZ-FFEXMB03.global.avaya.com> References: <25D2EC755404B4409F263AC6D050FEBB2A41FE1B@AZ-FFEXMB03.global.avaya.com> Message-ID: Hi Darshan, In Addition, Make sure that you should disable the session ticket based session resumption using SSL_OP_NO_TICKET. By default SSL_OP_NO_TICKET is not disabled. Thanks Devang Sent from my iPhone > On 03-May-2018, at 2:12 PM, Mody, Darshan (Darshan) wrote: > > Hi, > > While doing a openssl s_time command I find that by default it tries for Session Id Reuse. ?Now timing with session id reuse.? > > In case if we don?t want openssl to reuse session id?s how can we configure openssl in the application for the same. > > The application here is acting as a server. > > I have set SSL_CTX_set_session_cache_mode to SSL_SESS_CACHE_OFF > > Thanks > Darshan > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun May 6 08:17:45 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 06 May 2018 10:17:45 +0200 (CEST) Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References:

Message-ID: <20180506.101745.1782907238858002272.levitte@openssl.org> In message on Fri, 4 May 2018 17:55:13 -0500, Lunessia said: jzburda> Thanks for the reply. If I sidestep VC-WIN64A with No-ASM, jzburda> I'll get the same "If you want to report a building issue" error You mean this? ********************************************************************** *** *** *** If you want to report a building issue, please include the *** *** output from this command: *** *** *** *** perl configdata.pm --dump *** *** *** ********************************************************************** That's not an error, it's simply a boxed message. It's made prominent so no one will miss it (people do miss such message, you'd be surprised) Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From darshanmody at avaya.com Sun May 6 13:57:44 2018 From: darshanmody at avaya.com (Mody, Darshan (Darshan)) Date: Sun, 6 May 2018 13:57:44 +0000 Subject: [openssl-users] disable session id reuse In-Reply-To: References: <25D2EC755404B4409F263AC6D050FEBB2A41FE1B@AZ-FFEXMB03.global.avaya.com> Message-ID: <25D2EC755404B4409F263AC6D050FEBB2A431091@AZ-FFEXMB03.global.avaya.com> Hi We do set SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); while initializing Context Thanks Darshan From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Devang Kubavat Sent: Sunday, May 6, 2018 1:42 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] disable session id reuse Hi Darshan, In Addition, Make sure that you should disable the session ticket based session resumption using SSL_OP_NO_TICKET. By default SSL_OP_NO_TICKET is not disabled. Thanks Devang Sent from my iPhone On 03-May-2018, at 2:12 PM, Mody, Darshan (Darshan) > wrote: Hi, While doing a openssl s_time command I find that by default it tries for Session Id Reuse. ?Now timing with session id reuse.? In case if we don?t want openssl to reuse session id?s how can we configure openssl in the application for the same. The application here is acting as a server. I have set SSL_CTX_set_session_cache_mode to SSL_SESS_CACHE_OFF Thanks Darshan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzburda at gmail.com Mon May 7 03:16:57 2018 From: jzburda at gmail.com (Lunessia) Date: Sun, 6 May 2018 22:16:57 -0500 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: <20180506.101745.1782907238858002272.levitte@openssl.org> References:

<20180506.101745.1782907238858002272.levitte@openssl.org> Message-ID: Jeremy Farrell> Is NASM on your execution path? If not, try with it added to the path. I tried added NASM to both my system and user paths, and it'll still throw that error I just realized it did make a make file. However, now I get this (this was done by sidestepping NASM) " rc /folibcrypto.res "libcrypto.rc" 'rc' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'rc' : return code '0x1' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\nmake.exe"' : return code '0x2' Stop." On Sun, May 6, 2018 at 3:17 AM, Richard Levitte wrote: > In message mail.gmail.com> on Fri, 4 May 2018 17:55:13 -0500, Lunessia < > jzburda at gmail.com> said: > > jzburda> Thanks for the reply. If I sidestep VC-WIN64A with No-ASM, > jzburda> I'll get the same "If you want to report a building issue" error > > You mean this? > > ********************************************************************** > *** *** > *** If you want to report a building issue, please include the *** > *** output from this command: *** > *** *** > *** perl configdata.pm --dump *** > *** *** > ********************************************************************** > > That's not an error, it's simply a boxed message. It's made prominent > so no one will miss it (people do miss such message, you'd be > surprised) > > Cheers, > Richard > > -- > Richard Levitte levitte at openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzburda at gmail.com Mon May 7 03:27:51 2018 From: jzburda at gmail.com (Lunessia) Date: Sun, 6 May 2018 22:27:51 -0500 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References:

<20180506.101745.1782907238858002272.levitte@openssl.org> Message-ID: I figured out the NASM part. I added the EXE at first. Now the entire folder is targeted. On Sun, May 6, 2018 at 10:16 PM, Lunessia wrote: > Jeremy Farrell> Is NASM on your execution path? If not, try with it added > to the path. > > I tried added NASM to both my system and user paths, and it'll still throw > that error > > I just realized it did make a make file. However, now I get this (this was > done by sidestepping NASM) > " rc /folibcrypto.res "libcrypto.rc" > 'rc' is not recognized as an internal or external command, > operable program or batch file. > NMAKE : fatal error U1077: 'rc' : return code '0x1' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 14.0\VC\BIN\nmake.exe"' : return code '0x2' > Stop." > > On Sun, May 6, 2018 at 3:17 AM, Richard Levitte > wrote: > >> In message > gmail.com> on Fri, 4 May 2018 17:55:13 -0500, Lunessia >> said: >> >> jzburda> Thanks for the reply. If I sidestep VC-WIN64A with No-ASM, >> jzburda> I'll get the same "If you want to report a building issue" error >> >> You mean this? >> >> ************************************************************ >> ********** >> *** *** >> *** If you want to report a building issue, please include the *** >> *** output from this command: *** >> *** *** >> *** perl configdata.pm --dump >> *** >> *** *** >> ************************************************************ >> ********** >> >> That's not an error, it's simply a boxed message. It's made prominent >> so no one will miss it (people do miss such message, you'd be >> surprised) >> >> Cheers, >> Richard >> >> -- >> Richard Levitte levitte at openssl.org >> OpenSSL Project http://www.openssl.org/~levitte/ >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzburda at gmail.com Mon May 7 04:04:17 2018 From: jzburda at gmail.com (Lunessia) Date: Sun, 6 May 2018 23:04:17 -0500 Subject: [openssl-users] Unable to install OpenSSL In-Reply-To: References:

<20180506.101745.1782907238858002272.levitte@openssl.org> Message-ID: I also solved the RC issue by installing Windows 10 SDK tools and taking the x64 bit architecture folder that contains RC and injecting that into my system path too. I'll send a final message when the make completes, but I have a feeling this issue is closed! On Sun, May 6, 2018 at 10:27 PM, Lunessia wrote: > I figured out the NASM part. I added the EXE at first. Now the entire > folder is targeted. > > On Sun, May 6, 2018 at 10:16 PM, Lunessia wrote: > >> Jeremy Farrell> Is NASM on your execution path? If not, try with it >> added to the path. >> >> I tried added NASM to both my system and user paths, and it'll still >> throw that error >> >> I just realized it did make a make file. However, now I get this (this >> was done by sidestepping NASM) >> " rc /folibcrypto.res "libcrypto.rc" >> 'rc' is not recognized as an internal or external command, >> operable program or batch file. >> NMAKE : fatal error U1077: 'rc' : return code '0x1' >> Stop. >> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual >> Studio 14.0\VC\BIN\nmake.exe"' : return code '0x2' >> Stop." >> >> On Sun, May 6, 2018 at 3:17 AM, Richard Levitte >> wrote: >> >>> In message >> ail.com> on Fri, 4 May 2018 17:55:13 -0500, Lunessia >>> said: >>> >>> jzburda> Thanks for the reply. If I sidestep VC-WIN64A with No-ASM, >>> jzburda> I'll get the same "If you want to report a building issue" error >>> >>> You mean this? >>> >>> ************************************************************ >>> ********** >>> *** >>> *** >>> *** If you want to report a building issue, please include the >>> *** >>> *** output from this command: >>> *** >>> *** >>> *** >>> *** perl configdata.pm --dump >>> *** >>> *** >>> *** >>> ************************************************************ >>> ********** >>> >>> That's not an error, it's simply a boxed message. It's made prominent >>> so no one will miss it (people do miss such message, you'd be >>> surprised) >>> >>> Cheers, >>> Richard >>> >>> -- >>> Richard Levitte levitte at openssl.org >>> OpenSSL Project http://www.openssl.org/~levitte/ >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From raghuasit at gmail.com Wed May 9 07:51:52 2018 From: raghuasit at gmail.com (Raghavendra a) Date: Wed, 9 May 2018 13:21:52 +0530 Subject: [openssl-users] freeing of X509_CRL object. In-Reply-To: References: Message-ID: Someone please answer below query. On Mon, May 7, 2018 at 2:12 PM, Raghavendra a wrote: > Hi, > > I my program , converting X509_CRL object to string format using > *X509_CRL_print* and BIO_get_mem_data. After that if i use* > X509_CRL_free(_x509crl) *it is crashing below reason > > *.* > > > > > > > > *Valgrind output:==31919== Invalid read of size 4==31919== at > 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)==31919== by > 0xB355537: asn1_do_lock (tasn_utl.c:79)==31919== by 0xB352767: > asn1_item_embed_free (tasn_fre.c:88)==31919== by 0xB3528D4: > ASN1_item_free (tasn_fre.c:20)* > not sure if *X509_CRL_print *using nested pointers of *x509_CRL object* > and freeing them, external freeing of X509_CRL again leading to double free? > Please help on this issue. > > > Regards, > Raghavendra > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From csutherl at redhat.com Thu May 10 13:10:00 2018 From: csutherl at redhat.com (Coty Sutherland) Date: Thu, 10 May 2018 09:10:00 -0400 Subject: [openssl-users] Help with OpenSSL's OCSP responder serving pre-produced responses Message-ID: Hi, Can anyone tell me how to serve pre-produced responses with OpenSSL's OCSP responder? My current understanding is that what I'm doing should work, but it doesn't. The pre-produced response correctly prints to stdout...but it doesn't actually go back to the client (instead openssl sends an RST). Here's what I'm doing: 1) Setup a OCSP responder openssl ocsp -index ca.db -port 8088 -rsigner ca.pem -CA ca.pem -text 2) Create a pre-produced response object for later use openssl ocsp -issuer ca.pem -cert revoked.test.example.com.crt -text -url http://127.0.0.1:8088 -respout resp_revoked_first.out 3) Start responder with pre-produced response openssl ocsp -port 8088 -text -respin resp_revoked_first.out 4) Make a request and get error response (Error querying OCSP responder) openssl ocsp -issuer ca.pem -cert revoked.test.example.com.crt -text -url http://127.0.0.1:8088 Thoughts? Am I doing something stupid? TIA, Coty From darshanmody at avaya.com Thu May 10 16:30:48 2018 From: darshanmody at avaya.com (Mody, Darshan (Darshan)) Date: Thu, 10 May 2018 16:30:48 +0000 Subject: [openssl-users] disable session id reuse In-Reply-To: <25D2EC755404B4409F263AC6D050FEBB2A431091@AZ-FFEXMB03.global.avaya.com> References: <25D2EC755404B4409F263AC6D050FEBB2A41FE1B@AZ-FFEXMB03.global.avaya.com> <25D2EC755404B4409F263AC6D050FEBB2A431091@AZ-FFEXMB03.global.avaya.com> Message-ID: <25D2EC755404B4409F263AC6D050FEBB2A44851C@AZ-FFEXMB03.global.avaya.com> Hi All Any suggestion on the problem? Thanks Darshan From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Mody, Darshan (Darshan) Sent: Sunday, May 6, 2018 7:28 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] disable session id reuse Hi We do set SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); while initializing Context Thanks Darshan From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Devang Kubavat Sent: Sunday, May 6, 2018 1:42 PM To: openssl-users at openssl.org Subject: Re: [openssl-users] disable session id reuse Hi Darshan, In Addition, Make sure that you should disable the session ticket based session resumption using SSL_OP_NO_TICKET. By default SSL_OP_NO_TICKET is not disabled. Thanks Devang Sent from my iPhone On 03-May-2018, at 2:12 PM, Mody, Darshan (Darshan) > wrote: Hi, While doing a openssl s_time command I find that by default it tries for Session Id Reuse. ?Now timing with session id reuse.? In case if we don?t want openssl to reuse session id?s how can we configure openssl in the application for the same. The application here is acting as a server. I have set SSL_CTX_set_session_cache_mode to SSL_SESS_CACHE_OFF Thanks Darshan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From raghuasit at gmail.com Fri May 11 09:53:15 2018 From: raghuasit at gmail.com (Raghavendra a) Date: Fri, 11 May 2018 15:23:15 +0530 Subject: [openssl-users] freeing of X509_CRL object Message-ID: Hi All, In my program, converting X509_CRL object to string format using *X509_CRL_print* and BIO_get_mem_data. after that if de-allocate * _x509crl * using *X509_CRL_free. *it is crashing with below reason *.* *Valgrind output:==31919== Invalid read of size 4==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79)==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)* not sure if *X509_CRL_print *de-allocates some part of _x509crl , external freeing of X509_CRL again leading to double free? Please help on this issue. Regards, Raghavendra -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Fri May 11 10:10:22 2018 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 11 May 2018 10:10:22 +0000 Subject: [openssl-users] freeing of X509_CRL object In-Reply-To: References: Message-ID: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> The print routine does not free anything. From: Raghavendra a Reply-To: openssl-users Date: Friday, May 11, 2018 at 5:53 AM To: openssl-users Subject: [openssl-users] freeing of X509_CRL object Hi All, In my program, converting X509_CRL object to string format using X509_CRL_print and BIO_get_mem_data. after that if de-allocate _x509crl using X509_CRL_free. it is crashing with below reason. Valgrind output: ==31919== Invalid read of size 4 ==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20) not sure if X509_CRL_print de-allocates some part of _x509crl , external freeing of X509_CRL again leading to double free? Please help on this issue. Regards, Raghavendra -------------- next part -------------- An HTML attachment was scrubbed... URL: From raghuasit at gmail.com Fri May 11 10:22:03 2018 From: raghuasit at gmail.com (Raghavendra a) Date: Fri, 11 May 2018 15:52:03 +0530 Subject: [openssl-users] freeing of X509_CRL object In-Reply-To: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> References: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> Message-ID: Hi Rich, Thanks for information. Any idea, why *is X509_CRL_free* reporting below error with valgrind? *Valgrind output:==31919== Invalid read of size 4==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79)==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)* Regards, Raghavendra On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users < openssl-users at openssl.org> wrote: > The print routine does not free anything. > > > > *From: *Raghavendra a > *Reply-To: *openssl-users > *Date: *Friday, May 11, 2018 at 5:53 AM > *To: *openssl-users > *Subject: *[openssl-users] freeing of X509_CRL object > > > > Hi All, > > In my program, > > converting X509_CRL object to string format using *X509_CRL_print* and > BIO_get_mem_data. after that if de-allocate* _x509crl * using *X509_CRL_free. > *it is crashing with below reason*.* > > > > > > > *Valgrind output: ==31919== Invalid read of size 4 ==31919== at > 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by > 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: > asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: > ASN1_item_free (tasn_fre.c:20)* > > not sure if * X509_CRL_print *de-allocates some part of _x509crl , > external freeing of X509_CRL again leading to double free? > > Please help on this issue. > > > > Regards, > > Raghavendra > > > > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Fri May 11 11:51:13 2018 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 11 May 2018 11:51:13 +0000 Subject: [openssl-users] freeing of X509_CRL object In-Reply-To: References: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> Message-ID: <8AF4C4EA-BF19-4CCC-B857-9D7B34A0FC20@akamai.com> Something else is going wrong. Is that the only valgrind error? Are you sure you didn?t free the object in your code? From: Raghavendra a Date: Friday, May 11, 2018 at 6:22 AM To: Rich Salz , openssl-users Subject: Re: [openssl-users] freeing of X509_CRL object Hi Rich, Thanks for information. Any idea, why is X509_CRL_free reporting below error with valgrind? Valgrind output: ==31919== Invalid read of size 4 ==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20) Regards, Raghavendra On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users > wrote: The print routine does not free anything. From: Raghavendra a > Reply-To: openssl-users > Date: Friday, May 11, 2018 at 5:53 AM To: openssl-users > Subject: [openssl-users] freeing of X509_CRL object Hi All, In my program, converting X509_CRL object to string format using X509_CRL_print and BIO_get_mem_data. after that if de-allocate _x509crl using X509_CRL_free. it is crashing with below reason. Valgrind output: ==31919== Invalid read of size 4 ==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20) not sure if X509_CRL_print de-allocates some part of _x509crl , external freeing of X509_CRL again leading to double free? Please help on this issue. Regards, Raghavendra -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From deicool at gmail.com Sat May 12 17:01:26 2018 From: deicool at gmail.com (Deepak Goel) Date: Sat, 12 May 2018 22:31:26 +0530 Subject: [openssl-users] SSLv3 error in Ubuntu/Apache2 Message-ID: Hello I am trying to use Apache2 on Ubuntu. When I try running Apache2, it throws up an error: SSLv3 not supported by this version of OpenSSL. I tried installing latest version of OpenSSL by using (sudo apt-get install openssl) on Ubuntu. However the same error persist. Any idea how do I resolve the error? Deepak "The greatness of a nation can be judged by the way its animals are treated. Please stop cruelty to Animals, become a Vegan" +91 73500 12833 deicool at gmail.com Facebook: https://www.facebook.com/deicool LinkedIn: www.linkedin.com/in/deicool "Plant a Tree, Go Green" Make In India : http://www.makeinindia.com/home -------------- next part -------------- An HTML attachment was scrubbed... URL: From skneizys at ferrilli.com Sat May 12 17:32:42 2018 From: skneizys at ferrilli.com (Steven Kneizys) Date: Sat, 12 May 2018 13:32:42 -0400 Subject: [openssl-users] SSLv3 error in Ubuntu/Apache2 In-Reply-To: References: Message-ID: Running a server or even a client that uses SSLv3 is an insecure protocol (man in the middle POODLE attack is possible). You really don't want to have that on your server! Perhaps if you explain why you believe you need it folks can help with a secure strategy to assist. See this for reference: https://askubuntu.com/questions/537481/disable-sslv3-in-apache2-on-a-clean-install-of-ubuntu-14-04-1-server HTH, Steve... On Sat, May 12, 2018 at 1:01 PM, Deepak Goel wrote: > Hello > > I am trying to use Apache2 on Ubuntu. When I try running Apache2, it > throws up an error: > > SSLv3 not supported by this version of OpenSSL. I tried installing latest > version of OpenSSL by using (sudo apt-get install openssl) on Ubuntu. > However the same error persist. > > Any idea how do I resolve the error? > > > Deepak > "The greatness of a nation can be judged by the way its animals are > treated. Please stop cruelty to Animals, become a Vegan" > > +91 73500 12833 > deicool at gmail.com > > Facebook: https://www.facebook.com/deicool > LinkedIn: www.linkedin.com/in/deicool > > "Plant a Tree, Go Green" > > Make In India : http://www.makeinindia.com/home > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- Steve Kneizys Senior Business Process Engineer *Relationships are at the heart of what we do* *24/7 Emergency Service: 888.864.3282 <888.864.3282>* *Direct: 610.256.1396 Web: www.Ferrilli.com * -------------- next part -------------- An HTML attachment was scrubbed... URL: From jb-openssl at wisemo.com Mon May 14 05:53:43 2018 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Mon, 14 May 2018 07:53:43 +0200 Subject: [openssl-users] SSLv3 error in Ubuntu/Apache2 In-Reply-To: References: Message-ID: On 12/05/2018 19:01, Deepak Goel wrote: > Hello > > I am trying to use Apache2 on Ubuntu. When I try running Apache2, it > throws up an error: > > SSLv3 not supported by this version of OpenSSL. I tried installing > latest version of OpenSSL by using (sudo apt-get install openssl) on > Ubuntu. However the same error persist. > > Any idea how do I resolve the error? Please check if you Apache configuration explicitly requests use of the mostly outdated SSLv3.? Such a configuration setting may be left over from years ago when SSLv3 was still a good thing to use. SSLv3 is has many protocol design security holes that cannot be fixedwithout switching to a later SSL version, such as TLS 1.0/1.1/1.2 etc.? These bugs are not in OpenSSL, but in the protocol standard itself. Unfortunately there are still a few old web browsers that only support SSLv3, but only if you absolutely have to support those should you set up a way to use SSLv3 on your web server. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From raghuasit at gmail.com Tue May 15 06:58:18 2018 From: raghuasit at gmail.com (Raghavendra a) Date: Tue, 15 May 2018 12:28:18 +0530 Subject: [openssl-users] freeing of X509_CRL object In-Reply-To: <8AF4C4EA-BF19-4CCC-B857-9D7B34A0FC20@akamai.com> References: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> <8AF4C4EA-BF19-4CCC-B857-9D7B34A0FC20@akamai.com> Message-ID: Hi, Yes, I am freeing * _x509crl * using *X509_CRL_free* after using in *X509_CRL_print*. Above valgrind error is for free operation, is it wrong? Regards, Raghavendra On Fri, May 11, 2018 at 5:21 PM, Salz, Rich wrote: > Something else is going wrong. Is that the only valgrind error? Are you > sure you didn?t free the object in your code? > > > > *From: *Raghavendra a > *Date: *Friday, May 11, 2018 at 6:22 AM > *To: *Rich Salz , openssl-users < > openssl-users at openssl.org> > *Subject: *Re: [openssl-users] freeing of X509_CRL object > > > > Hi Rich, > > Thanks for information. > > Any idea, why *is X509_CRL_free* reporting below error with valgrind? > > > > > > > > > > > *Valgrind output: ==31919== Invalid read of size 4 ==31919== at > 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by > 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: > asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: > ASN1_item_free (tasn_fre.c:20) * > > > > Regards, > > Raghavendra > > > > > > On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users < > openssl-users at openssl.org> wrote: > > The print routine does not free anything. > > > > *From: *Raghavendra a > *Reply-To: *openssl-users > *Date: *Friday, May 11, 2018 at 5:53 AM > *To: *openssl-users > *Subject: *[openssl-users] freeing of X509_CRL object > > > > Hi All, > > In my program, > > converting X509_CRL object to string format using *X509_CRL_print* and > BIO_get_mem_data. after that if de-allocate* _x509crl * using *X509_CRL_free. > *it is crashing with below reason*.* > > > > > > > *Valgrind output: ==31919== Invalid read of size 4 ==31919== at > 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by > 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: > asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: > ASN1_item_free (tasn_fre.c:20)* > > not sure if *X509_CRL_print *de-allocates some part of _x509crl , > external freeing of X509_CRL again leading to double free? > > Please help on this issue. > > > > Regards, > > Raghavendra > > > > > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Tue May 15 14:33:25 2018 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 15 May 2018 14:33:25 +0000 Subject: [openssl-users] freeing of X509_CRL object In-Reply-To: References: <7159BE42-15E8-463B-8E4C-041BF4B0C6B7@akamai.com> <8AF4C4EA-BF19-4CCC-B857-9D7B34A0FC20@akamai.com> Message-ID: Based on the information you provided, I don?t have any other advice. The print routine does not free the CRL. You must be free?ing it twice. Perhaps run under a debugger with a breakpoint From: Raghavendra a Date: Tuesday, May 15, 2018 at 2:58 AM To: Rich Salz Cc: openssl-users Subject: Re: [openssl-users] freeing of X509_CRL object Hi, Yes, I am freeing _x509crl using X509_CRL_free after using in X509_CRL_print. Above valgrind error is for free operation, is it wrong? Regards, Raghavendra On Fri, May 11, 2018 at 5:21 PM, Salz, Rich > wrote: Something else is going wrong. Is that the only valgrind error? Are you sure you didn?t free the object in your code? From: Raghavendra a > Date: Friday, May 11, 2018 at 6:22 AM To: Rich Salz >, openssl-users > Subject: Re: [openssl-users] freeing of X509_CRL object Hi Rich, Thanks for information. Any idea, why is X509_CRL_free reporting below error with valgrind? Valgrind output: ==31919== Invalid read of size 4 ==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20) Regards, Raghavendra On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users > wrote: The print routine does not free anything. From: Raghavendra a > Reply-To: openssl-users > Date: Friday, May 11, 2018 at 5:53 AM To: openssl-users > Subject: [openssl-users] freeing of X509_CRL object Hi All, In my program, converting X509_CRL object to string format using X509_CRL_print and BIO_get_mem_data. after that if de-allocate _x509crl using X509_CRL_free. it is crashing with below reason. Valgrind output: ==31919== Invalid read of size 4 ==31919== at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155) ==31919== by 0xB355537: asn1_do_lock (tasn_utl.c:79) ==31919== by 0xB352767: asn1_item_embed_free (tasn_fre.c:88) ==31919== by 0xB3528D4: ASN1_item_free (tasn_fre.c:20) not sure if X509_CRL_print de-allocates some part of _x509crl , external freeing of X509_CRL again leading to double free? Please help on this issue. Regards, Raghavendra -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From guerinp at talasi.fr Wed May 16 15:19:33 2018 From: guerinp at talasi.fr (=?UTF-8?Q?Patrice_Gu=c3=a9rin?=) Date: Wed, 16 May 2018 17:19:33 +0200 Subject: [openssl-users] PKCS7 signature process Message-ID: <49a2da24-817a-35c4-f9b3-49eeddda7e56@magic.fr> Hello OpenSSL-users In the purpose of signing pdf files, I've found a difference of behaviour that I can't explain between two ways of computing signatures. The first one leads to an error in the way that Adobe says that the file was modified after signing, the second does not. First Method: ??? BIO* BioMem = BIO_new( BIO_s_mem() ); ??? while ( Data ) BIO_write( BioMem , Data, DataLen ); ??? MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem , PKCS7_DETACHED | PKCS7_BINARY ); ??? PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY ); ??? BIO* BioOut = BIO_new( BIO_s_mem() ); ??? i2d_PKCS7_bio( BioOut , MyPKCS7 ); ??? char*??? OutBuf = NULL; ??? int OutLen = BIO_get_mem_data( BioOut , &OutBuf ); Second Method: ??? BIO* BioMem = BIO_new( BIO_s_mem() ); ??? MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem , PKCS7_DETACHED | PKCS7_BINARY ); ??? while ( Data ) ??? ??? BIO_write( BioMem , Data, DataLen ); ??? PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY ); ??? BIO* BioOut = BIO_new( BIO_s_mem() ); ??? i2d_PKCS7_bio( BioOut , MyPKCS7 ); ??? char*??? OutBuf = NULL; ??? int OutLen = BIO_get_mem_data( BioOut , &OutBuf ); It seems that the order between PKCS7_sign et BIO_Write that feeds the memory BIO has an importance. Can anybody explains why the first method is incorrect ? Thank you in advance Patrice. From luis.pinto.martins at gmail.com Wed May 16 17:55:57 2018 From: luis.pinto.martins at gmail.com (=?UTF-8?Q?Lu=C3=ADs_Martins?=) Date: Wed, 16 May 2018 18:55:57 +0100 Subject: [openssl-users] EVP AES Wrap Message-ID: Hi, I'm trying to use the EVP AES wrap implementations from openssl (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in EVP_EncryptInit_ex() f: error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode not allowed I've search the documentation for examples or guidance but I couldn't find anything related to this. Any experienced the same issue ? My pseudo code is: EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_wrap(), 0, keyEncriptionKey, iv) != 1) // process error if ( EVP_EncryptUpdate(&ctx, bufferOut, &processedSize, plaintext, plaintextSize) != 1) // process error if (EVP_EncryptFinal_ex(&ctx, bufferOut + processedSize, &tmpSize) != 1) // process error EVP_CIPHER_CTX_cleanup(&ctx); Regards, Lu?s -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu May 17 09:08:59 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 17 May 2018 10:08:59 +0100 Subject: [openssl-users] EVP AES Wrap In-Reply-To: References: Message-ID: <91a9c5ea-a3e0-f5f6-e4e4-5e191d7dd12c@openssl.org> On 16/05/18 18:55, Lu?s Martins wrote: > Hi, > > ??? I'm trying to use the EVP AES wrap implementations from openssl > (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in > EVP_EncryptInit_ex() f: > ??? error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode > not allowed > ??? I've search the documentation for examples or guidance but I > couldn't find anything related to this. > ??? Any experienced the same issue ? You need to enable wrap mode: EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); The EVP encrypt routines set an expectation about how long the output might be for a given input: "EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so B should contain sufficient room." The wrap modes do not obey this rule and may return more data, so you have to explicitly enable the mode to say that you are prepared for the output. Matt > > ??? My pseudo code is: > > ?? ? ?? EVP_CIPHER_CTX ctx; > ??????? EVP_CIPHER_CTX_init(&ctx); > ??????? if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_wrap(), 0, > keyEncriptionKey, iv) != 1) > ???????????? // process error > ??????? if ( EVP_EncryptUpdate(&ctx, bufferOut, &processedSize, > plaintext, plaintextSize) != 1) > ???????????? // process error > ??????? if (EVP_EncryptFinal_ex(&ctx, bufferOut + processedSize, > &tmpSize) != 1) > ???????????? // process error > ??????? EVP_CIPHER_CTX_cleanup(&ctx); > > Regards, > Lu?s > > From luis.pinto.martins at gmail.com Thu May 17 10:12:40 2018 From: luis.pinto.martins at gmail.com (=?UTF-8?Q?Lu=C3=ADs_Martins?=) Date: Thu, 17 May 2018 11:12:40 +0100 Subject: [openssl-users] EVP AES Wrap In-Reply-To: <91a9c5ea-a3e0-f5f6-e4e4-5e191d7dd12c@openssl.org> References: <91a9c5ea-a3e0-f5f6-e4e4-5e191d7dd12c@openssl.org> Message-ID: Thanks Matt, it works fine now. Regards, Lu?s On Thu, May 17, 2018 at 10:09 AM Matt Caswell wrote: > > > On 16/05/18 18:55, Lu?s Martins wrote: > > Hi, > > > > I'm trying to use the EVP AES wrap implementations from openssl > > (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in > > EVP_EncryptInit_ex() f: > > error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode > > not allowed > > I've search the documentation for examples or guidance but I > > couldn't find anything related to this. > > Any experienced the same issue ? > > You need to enable wrap mode: > > EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); > > The EVP encrypt routines set an expectation about how long the output > might be for a given input: > > "EVP_EncryptUpdate() encrypts B bytes from the buffer B and > writes the encrypted version to B. This function can be called > multiple times to encrypt successive blocks of data. The amount > of data written depends on the block alignment of the encrypted data: > as a result the amount of data written may be anything from zero bytes > to (inl + cipher_block_size - 1) so B should contain sufficient > room." > > The wrap modes do not obey this rule and may return more data, so you > have to explicitly enable the mode to say that you are prepared for the > output. > > Matt > > > > > > My pseudo code is: > > > > EVP_CIPHER_CTX ctx; > > EVP_CIPHER_CTX_init(&ctx); > > if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_wrap(), 0, > > keyEncriptionKey, iv) != 1) > > // process error > > if ( EVP_EncryptUpdate(&ctx, bufferOut, &processedSize, > > plaintext, plaintextSize) != 1) > > // process error > > if (EVP_EncryptFinal_ex(&ctx, bufferOut + processedSize, > > &tmpSize) != 1) > > // process error > > EVP_CIPHER_CTX_cleanup(&ctx); > > > > Regards, > > Lu?s > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From philippe.anctil at gmail.com Fri May 18 15:22:14 2018 From: philippe.anctil at gmail.com (Philippe Anctil) Date: Fri, 18 May 2018 11:22:14 -0400 Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box Message-ID: Hi, I have been compiling openssl libraries on RHEL5 for a while without issue. My build for 1.0.2k fails on a new RHEL7 server. I have narrowed down the cause to the make_verify test. make verify_test # from test dir The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 20 at 0 depth lookup:unable to get local issuer certificate ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA error 20 at 0 depth lookup:unable to get local issuer certificate 140692788688576:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable to find parameters in chain:x509_vfy.c:2108: ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 18 at 0 depth lookup:self signed certificate C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 18 at 0 depth lookup:self signed certificate C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK make: *** [test_verify] Error 2 It seems to boil down to the following OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo ../certs/demo/ca-cert.pem WARNING: can't open config file: ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 20 at 0 depth lookup:unable to get local issuer certificate echo $? 2 Doing the same on my RHEL5 box. OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo ../certs/demo/ca-cert.pem WARNING: can't open config file: ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 1 depth lookup:certificate has expired C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK echo $? 0 Any clue why openssl verify does not work on RHEL7? ca-cert.pem is issued by pca-cert.pem (matching Authority Key Identifier). Both are under ../certs/demo. Thanks. -- Philippe Anctil -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Fri May 18 15:53:33 2018 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 18 May 2018 11:53:33 -0400 Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box In-Reply-To: References: Message-ID: <6C02857F-C6A9-4A22-A934-425655CA6A19@dukhovni.org> > On May 18, 2018, at 11:22 AM, Philippe Anctil wrote: > > Hi, > > I have been compiling openssl libraries on RHEL5 for a while without issue. My build for 1.0.2k fails on a new RHEL7 server. I have narrowed down the cause to the make_verify test. All tests pass when I build 1.0.2p. There is no "verify_test" in any version of 1.0.2 I can find, including 1.0.2k. Perhaps that test is part of Redhat specific patches to OpenSSL. You'll need to solve this with whoever authored that test. -- Viktor. From philippe.anctil at gmail.com Fri May 18 16:03:01 2018 From: philippe.anctil at gmail.com (Philippe Anctil) Date: Fri, 18 May 2018 12:03:01 -0400 Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box In-Reply-To: <6C02857F-C6A9-4A22-A934-425655CA6A19@dukhovni.org> References: <6C02857F-C6A9-4A22-A934-425655CA6A19@dukhovni.org> Message-ID: I am compiling from openssl.org source. pwd .../openssl-1.0.2k/test grep -A 4 'test_verify:' Makefile test_verify: ../apps/openssl$(EXE_EXT) @echo "The following command should have some OK's and some failures" @echo "There are definitly a few expired certificates" ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem 2018-05-18 11:53 GMT-04:00 Viktor Dukhovni : > > > > On May 18, 2018, at 11:22 AM, Philippe Anctil > wrote: > > > > Hi, > > > > I have been compiling openssl libraries on RHEL5 for a while without > issue. My build for 1.0.2k fails on a new RHEL7 server. I have narrowed > down the cause to the make_verify test. > > All tests pass when I build 1.0.2p. There is no "verify_test" in any > version > of 1.0.2 I can find, including 1.0.2k. Perhaps that test is part of Redhat > specific patches to OpenSSL. You'll need to solve this with whoever > authored > that test. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Philippe Anctil -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri May 18 16:11:31 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 18 May 2018 17:11:31 +0100 Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box In-Reply-To: References: Message-ID: On 18/05/18 16:22, Philippe Anctil wrote: > Hi, > > I have been compiling openssl libraries on RHEL5 for a while without > issue. My build for 1.0.2k fails on a new RHEL7 server. I have narrowed > down the cause to the make_verify test.? > > > > make verify_test # from test dir I think you meant "make test_verify" > It seems to boil down to the following > > > > OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath > ../certs/demo ../certs/demo/ca-cert.pem > > WARNING: can't open config file: > ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty > Ltd, CN = Test CA (1024 bit) > error 20 at 0 depth lookup:unable to get local issuer certificate > > echo $? > > 2 So what does your certs/demo directory look like? Do you have the necessary symbolic links (created during "make" somewhere I think). Are all permissions and file sizes as expected? Mine looks like this: $ ls -l total 16 lrwxrwxrwx 1 matt matt 11 May 18 17:10 3f77a2b5.0 -> ca-cert.pem -rw-r--r-- 1 matt matt 1953 May 18 16:47 ca-cert.pem lrwxrwxrwx 1 matt matt 10 May 18 17:10 cbdbd8bc.0 -> dsa-ca.pem lrwxrwxrwx 1 matt matt 11 May 18 17:10 de4fa23b.0 -> dsa-pca.pem -rw-r--r-- 1 matt matt 2264 May 18 16:47 dsa-ca.pem -rw-r--r-- 1 matt matt 2674 May 18 16:47 dsa-pca.pem lrwxrwxrwx 1 matt matt 12 May 18 17:10 e83ef475.0 -> pca-cert.pem -rw-r--r-- 1 matt matt 1953 May 18 16:47 pca-cert.pem Matt From philippe.anctil at gmail.com Fri May 18 16:51:55 2018 From: philippe.anctil at gmail.com (Philippe Anctil) Date: Fri, 18 May 2018 12:51:55 -0400 Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box In-Reply-To: References:

Message-ID: > > > So what does your certs/demo directory look like? Do you have the > necessary symbolic links (created during "make" somewhere I think). > Links are missing. The problem has something to do with the default path to openssl.conf. In my case it is based on the build prefix I used. If the path does not exist, make rehash will create links happily. If the dir exists but my build account does not have access permissions, make rehash is unhappy and refuses to create links. rm rehash.time make rehash Doing certs/demo 140097379800768:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb') 140097379800768:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184: 140097379800768:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203: 140367544841920:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb') 140367544841920:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184: 140367544841920:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203: WARNING: Skipping duplicate certificate dsa-ca.pem 140697328998080:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb') 140697328998080:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184: 140697328998080:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203: WARNING: Skipping duplicate certificate dsa-pca.pem 139717812614848:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb') 139717812614848:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184: 139717812614848:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203: WARNING: Skipping duplicate certificate pca-cert.pem I don't know why openssl handles both errors in a different way. In general the build does not care about the inaccessible config. That behavior suits me. Maybe the build should detect the problem with make rehash. Or force an OPENSSL_CONF value that will make it happy. Here's the workaround I applied to my build script. ... rm rehash.time make OPENSSL_CONF= rehash make test Problem nailed. Thank you for your help! -- Philippe Anctil -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Fri May 18 23:20:42 2018 From: alexhultman at gmail.com (Alex H) Date: Sat, 19 May 2018 01:20:42 +0200 Subject: [openssl-users] Receive throttling on SSL sockets Message-ID: How do you properly implement receive throttling on SSL sockets without hindering writing? As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply by stop polling for readable events on the underlying raw TCP socket. SSL_write still could require reading of data so simply stop polling for readable would potentially hinder writing of data which is not okay. Is there any such receive-throttling functionality in the SSL protocol itself? I don't see how SSL_peek would solve the issue since I would still be buffering (potentially uncontrolled amount of) data in a BIO. Even if I would _only_ enable readable polling when _absolutely needed_ as per SSL_write error, I still cannot guarantee not reading a chunk of data (which I would then need to buffer up in a BIO since the application is not expecting it). How are we supposed to solve this issue without potentially building up backpressure? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sat May 19 02:56:51 2018 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 19 May 2018 02:56:51 +0000 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: Message-ID: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com> TLS is a bidirectional protocol. You can?t throttle only one side. From: Alex H Reply-To: openssl-users Date: Friday, May 18, 2018 at 7:21 PM To: openssl-users Subject: [openssl-users] Receive throttling on SSL sockets How do you properly implement receive throttling on SSL sockets without hindering writing? As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply by stop polling for readable events on the underlying raw TCP socket. SSL_write still could require reading of data so simply stop polling for readable would potentially hinder writing of data which is not okay. Is there any such receive-throttling functionality in the SSL protocol itself? I don't see how SSL_peek would solve the issue since I would still be buffering (potentially uncontrolled amount of) data in a BIO. Even if I would _only_ enable readable polling when _absolutely needed_ as per SSL_write error, I still cannot guarantee not reading a chunk of data (which I would then need to buffer up in a BIO since the application is not expecting it). How are we supposed to solve this issue without potentially building up backpressure? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Sat May 19 09:02:52 2018 From: alexhultman at gmail.com (Alex H) Date: Sat, 19 May 2018 11:02:52 +0200 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com> References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com> Message-ID: Okay that's a good theoretical answer but practically not very useful. I know for instance Node.js to implement their Streams interface with both TCP and SSL sockets. They both have pause / resume functions for receive-throttling and I've tested it with SSL and it seems to work somehow. One solution (I guess?) would be to stop polling for readable until SSL_write demands data then immediately stop polling for readable again once SSL_write is happy. In the case of getting unwanted data while throttling then SSL_peek can be used instead of SSL_read. That would not guarantee no buildup but would work for the most part, right? Do you see any flaw with this? Could it still fail due to mass buildup when throttling for long? Den l?r 19 maj 2018 04:57Salz, Rich via openssl-users < openssl-users at openssl.org> skrev: > TLS is a bidirectional protocol. You can?t throttle only one side. > > > > *From: *Alex H > *Reply-To: *openssl-users > *Date: *Friday, May 18, 2018 at 7:21 PM > *To: *openssl-users > *Subject: *[openssl-users] Receive throttling on SSL sockets > > > > How do you properly implement receive throttling on SSL sockets without > hindering writing? > > > > As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled > simply by stop polling for readable events on the underlying raw TCP > socket. SSL_write still could require reading of data so simply stop > polling for readable would potentially hinder writing of data which is not > okay. > > > > Is there any such receive-throttling functionality in the SSL protocol > itself? I don't see how SSL_peek would solve the issue since I would still > be buffering (potentially uncontrolled amount of) data in a BIO. > > > > Even if I would _only_ enable readable polling when _absolutely needed_ as > per SSL_write error, I still cannot guarantee not reading a chunk of data > (which I would then need to buffer up in a BIO since the application is not > expecting it). > > > > How are we supposed to solve this issue without potentially building up > backpressure? > > > > Thanks > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Sat May 19 11:01:46 2018 From: alexhultman at gmail.com (Alex H) Date: Sat, 19 May 2018 13:01:46 +0200 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com> Message-ID: I think the best solution would be to simply state in the documentation of my implementation that "throttling receives on SSL sockets will significantly reduce data receive but will not guarantee a total halt". Agree? What do you think of the way Node.js handles this? They _must_ be using some kind of internal backup queue for cases like these, right? 2018-05-19 11:02 GMT+02:00 Alex H : > Okay that's a good theoretical answer but practically not very useful. > > I know for instance Node.js to implement their Streams interface with both > TCP and SSL sockets. They both have pause / resume functions for > receive-throttling and I've tested it with SSL and it seems to work somehow. > > One solution (I guess?) would be to stop polling for readable until > SSL_write demands data then immediately stop polling for readable again > once SSL_write is happy. In the case of getting unwanted data while > throttling then SSL_peek can be used instead of SSL_read. That would not > guarantee no buildup but would work for the most part, right? > > Do you see any flaw with this? Could it still fail due to mass buildup > when throttling for long? > > Den l?r 19 maj 2018 04:57Salz, Rich via openssl-users < > openssl-users at openssl.org> skrev: > >> TLS is a bidirectional protocol. You can?t throttle only one side. >> >> >> >> *From: *Alex H >> *Reply-To: *openssl-users >> *Date: *Friday, May 18, 2018 at 7:21 PM >> *To: *openssl-users >> *Subject: *[openssl-users] Receive throttling on SSL sockets >> >> >> >> How do you properly implement receive throttling on SSL sockets without >> hindering writing? >> >> >> >> As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled >> simply by stop polling for readable events on the underlying raw TCP >> socket. SSL_write still could require reading of data so simply stop >> polling for readable would potentially hinder writing of data which is not >> okay. >> >> >> >> Is there any such receive-throttling functionality in the SSL protocol >> itself? I don't see how SSL_peek would solve the issue since I would still >> be buffering (potentially uncontrolled amount of) data in a BIO. >> >> >> >> Even if I would _only_ enable readable polling when _absolutely needed_ >> as per SSL_write error, I still cannot guarantee not reading a chunk of >> data (which I would then need to buffer up in a BIO since the application >> is not expecting it). >> >> >> >> How are we supposed to solve this issue without potentially building up >> backpressure? >> >> >> >> Thanks >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at akamai.com Sat May 19 12:48:22 2018 From: rsalz at akamai.com (Salz, Rich) Date: Sat, 19 May 2018 12:48:22 +0000 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com> Message-ID: There are TLS control messages which could flow in either direction, spontaneously. Renegotiation (pre TLS 1.3), tickets (TLS 1.3), and so on. I cannot comment on if your proposal would work or not, sorry. From: Alex H Date: Saturday, May 19, 2018 at 5:03 AM To: Rich Salz , openssl-users Subject: Re: [openssl-users] Receive throttling on SSL sockets Okay that's a good theoretical answer but practically not very useful. I know for instance Node.js to implement their Streams interface with both TCP and SSL sockets. They both have pause / resume functions for receive-throttling and I've tested it with SSL and it seems to work somehow. One solution (I guess?) would be to stop polling for readable until SSL_write demands data then immediately stop polling for readable again once SSL_write is happy. In the case of getting unwanted data while throttling then SSL_peek can be used instead of SSL_read. That would not guarantee no buildup but would work for the most part, right? Do you see any flaw with this? Could it still fail due to mass buildup when throttling for long? Den l?r 19 maj 2018 04:57Salz, Rich via openssl-users > skrev: TLS is a bidirectional protocol. You can?t throttle only one side. From: Alex H > Reply-To: openssl-users > Date: Friday, May 18, 2018 at 7:21 PM To: openssl-users > Subject: [openssl-users] Receive throttling on SSL sockets How do you properly implement receive throttling on SSL sockets without hindering writing? As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply by stop polling for readable events on the underlying raw TCP socket. SSL_write still could require reading of data so simply stop polling for readable would potentially hinder writing of data which is not okay. Is there any such receive-throttling functionality in the SSL protocol itself? I don't see how SSL_peek would solve the issue since I would still be buffering (potentially uncontrolled amount of) data in a BIO. Even if I would _only_ enable readable polling when _absolutely needed_ as per SSL_write error, I still cannot guarantee not reading a chunk of data (which I would then need to buffer up in a BIO since the application is not expecting it). How are we supposed to solve this issue without potentially building up backpressure? Thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Sat May 19 13:51:51 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sat, 19 May 2018 13:51:51 +0000 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Salz, Rich via openssl-users > Sent: Saturday, May 19, 2018 08:48 > To: Alex H; openssl-users at openssl.org > Subject: Re: [openssl-users] Receive throttling on SSL sockets > There are TLS control messages which could flow in either direction, spontaneously. Renegotiation (pre TLS 1.3), > tickets (TLS 1.3), and so on. Right. And TCP is an ordered byte-stream protocol. That means to receive a control message from the peer, the local stack *must* have received everything transmitted prior to it. (Modulo SACK, but SACK'd data preceeded by a gap is invisible to the application, so we should ignore it.) And if that data fills the receive window so the peer can't send the control message, then the application *must* receive the data from the local stack. Peeking won't help in this case, because the control message is still stuck on the peer, waiting for the window to open. (Of course this is one reason why FTP used a separate control connection, for example - so that control messages didn't sit behind a lot of application data. That led to a number of other difficulties, so it wasn't a widely used design.) In short: When you get SSL_WANT_READ, you have to receive and buffer data. You can try peeking, but it's not guaranteed to be able to get far enough to find the control message, and SSL_peek is just buffering data within OpenSSL, so you're not doing any throttling that way. This will be true of any TCP-based TLS implementation. It's not an OpenSSL implementation, and whatever else Node.js is doing, it must be buffering TLS traffic somewhere when it has to receive a control message. Post-handshake control message flows don't happen that frequently; relatively short-lived conversations may never see one (until the final close_notify alert). So throttling may often work. But in the general case, sooner or later you'll have to buffer at the application level. Michael Wojcik Distinguished Engineer, Micro Focus From openssl at jordan.maileater.net Sat May 19 18:07:50 2018 From: openssl at jordan.maileater.net (Jordan Brown) Date: Sat, 19 May 2018 11:07:50 -0700 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

Message-ID: <2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> On 5/19/2018 6:51 AM, Michael Wojcik wrote: > Right. And TCP is an ordered byte-stream protocol. That means to > receive a control message from the peer, the local stack *must* have > received everything transmitted prior to it. (Modulo SACK, but SACK'd > data preceeded by a gap is invisible to the application, so we should > ignore it.) And yet TCP itself moves ACKs when there's no window available. TLS could (but as far as I can tell does not) have such a mechanism.? It could have a window, like TCP, where the receiver would say "you can send me 64K of data", and the sender wouldn't be allowed to send data (but could send control messages) when that window is exhausted, until the receiver reopens the window.? It could have control messages like XON and XOFF that say "please stop sending me data (but control is OK)" and "resume sending data". Each scheme has its problems (mostly around how much data can be in flight at any one time), but they're both clearly possible. It does seem like some sort of flow control would be desirable, so that the receiver doesn't have to have some way to handle arbitrarily large amounts of data to keep the connection healthy. Maybe in TLS 1.4. -- Jordan Brown, Oracle Solaris -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexhultman at gmail.com Sat May 19 18:15:21 2018 From: alexhultman at gmail.com (Alex H) Date: Sat, 19 May 2018 20:15:21 +0200 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: <2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

<2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> Message-ID: Yeah TCP is really the same as TLS in terms of being "bidirectional". Even if you stop polling for readable and never call recv, you will still receive ACKS for whatever you write. A receive window for TLS implemented completely ontop of TCP would solve this issue and allow applications to truly throttle data receives without hindering their own writes or forcing them to buffer up data. 2018-05-19 20:07 GMT+02:00 Jordan Brown : > On 5/19/2018 6:51 AM, Michael Wojcik wrote: > > Right. And TCP is an ordered byte-stream protocol. That means to receive a > control message from the peer, the local stack *must* have received > everything transmitted prior to it. (Modulo SACK, but SACK'd data preceeded > by a gap is invisible to the application, so we should ignore it.) > > > And yet TCP itself moves ACKs when there's no window available. > > TLS could (but as far as I can tell does not) have such a mechanism. It > could have a window, like TCP, where the receiver would say "you can send > me 64K of data", and the sender wouldn't be allowed to send data (but could > send control messages) when that window is exhausted, until the receiver > reopens the window. It could have control messages like XON and XOFF that > say "please stop sending me data (but control is OK)" and "resume sending > data". > > Each scheme has its problems (mostly around how much data can be in flight > at any one time), but they're both clearly possible. > > It does seem like some sort of flow control would be desirable, so that > the receiver doesn't have to have some way to handle arbitrarily large > amounts of data to keep the connection healthy. > > Maybe in TLS 1.4. > > -- > Jordan Brown, Oracle Solaris > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Sat May 19 19:42:20 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sat, 19 May 2018 19:42:20 +0000 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: <2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

<2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> Message-ID: > From: Jordan Brown [mailto:openssl at jordan.maileater.net] > Sent: Saturday, May 19, 2018 14:08 > To: openssl-users at openssl.org; Michael Wojcik; Alex H > Subject: Re: [openssl-users] Receive throttling on SSL sockets > TLS could (but as far as I can tell does not) have such a mechanism. It could have a window, like TCP, where the receiver > would say "you can send me 64K of data", and the sender wouldn't be allowed to send data (but could send control > messages) when that window is exhausted, until the receiver reopens the window. It could have control messages like > XON and XOFF that say "please stop sending me data (but control is OK)" and "resume sending data". Hey, if we're all bored with reinventing TCP on top of UDP, we can reinvent TCP on top of TCP! > It does seem like some sort of flow control would be desirable, so that the receiver doesn't have to have some way to > handle arbitrarily large amounts of data to keep the connection healthy. > Maybe in TLS 1.4. Good lord, isn't TLS complicated enough already? How many pages is the new edition of /Bulletproof TLS/? (I don't know because I have it in Kindle form. But it's long. Loooooong.) Flow control really, really, *really* seems like an application-layer task to me in the case of TLS. I think adding it to TLS itself would be a mistake. Michael Wojcik Distinguished Engineer, Micro Focus From alexhultman at gmail.com Sat May 19 19:53:13 2018 From: alexhultman at gmail.com (Alex H) Date: Sat, 19 May 2018 21:53:13 +0200 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

<2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> Message-ID: > Flow control really, really, *really* seems like an application-layer task to me in the case of TLS. I think adding it to TLS itself would be a mistake. This whole thread of messages kind of already concluded that this is not possible currently. You simply cannot implement proper flow control since doing so would potentially throttle writes, not just reads. You need a TLS data window to do it properly. 2018-05-19 21:42 GMT+02:00 Michael Wojcik : > > From: Jordan Brown [mailto:openssl at jordan.maileater.net] > > Sent: Saturday, May 19, 2018 14:08 > > To: openssl-users at openssl.org; Michael Wojcik; Alex H > > Subject: Re: [openssl-users] Receive throttling on SSL sockets > > > TLS could (but as far as I can tell does not) have such a mechanism. It > could have a window, like TCP, where the receiver > > would say "you can send me 64K of data", and the sender wouldn't be > allowed to send data (but could send control > > messages) when that window is exhausted, until the receiver reopens the > window. It could have control messages like > > XON and XOFF that say "please stop sending me data (but control is OK)" > and "resume sending data". > > Hey, if we're all bored with reinventing TCP on top of UDP, we can > reinvent TCP on top of TCP! > > > It does seem like some sort of flow control would be desirable, so that > the receiver doesn't have to have some way to > > handle arbitrarily large amounts of data to keep the connection healthy. > > Maybe in TLS 1.4. > > Good lord, isn't TLS complicated enough already? How many pages is the new > edition of /Bulletproof TLS/? (I don't know because I have it in Kindle > form. But it's long. Loooooong.) > > Flow control really, really, *really* seems like an application-layer task > to me in the case of TLS. I think adding it to TLS itself would be a > mistake. > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at jordan.maileater.net Sat May 19 20:18:10 2018 From: openssl at jordan.maileater.net (Jordan Brown) Date: Sat, 19 May 2018 13:18:10 -0700 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

<2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> Message-ID: I should make it clear that I don't have a stake here.? Lack of flow control hasn't caused me problems personally, and I'm not responsible for implementing and maintaining a TLS infrastructure.? This is purely an intellectual exercise for me. There were comments suggesting that, because TLS is an ordered-byte-stream protocol that needs control messages in both directions at all times, TLS couldn't support flow control.? That seems clearly wrong; it clearly could.? (As you say, we could just layer TCP on top of it.) Should it?? My mild feeling is "yes", since it's already got a record and control message structure and so it wouldn't be necessary to invent another protocol on top of it.? Yes, that makes TLS more complicated, but would it be any more complicated than an additional application-visible layer would be?? It seems like the answer is that any complexity from a TLS-layer implementation would be primarily in the TLS implementation, whereas an additional layer would necessarily impose complexity on the application, over and above the complexity of the flow control implementation itself. -- Jordan Brown, Oracle Solaris -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun May 20 07:27:30 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 09:27:30 +0200 (CEST) Subject: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box In-Reply-To: References: Message-ID: <20180520.092730.543276058398739915.levitte@openssl.org> You need to do this in the top directory first: make rehash Cheers, Richard In message on Fri, 18 May 2018 11:22:14 -0400, Philippe Anctil said: philippe.anctil> Hi, philippe.anctil> philippe.anctil> I have been compiling openssl libraries on RHEL5 for philippe.anctil> a while without issue. My build for 1.0.2k fails on a philippe.anctil> new RHEL7 server. I have narrowed down the cause to philippe.anctil> the make_verify test. philippe.anctil> philippe.anctil> make verify_test # from test dir philippe.anctil> philippe.anctil> The following command should have some OK's and some failures philippe.anctil> There are definitly a few expired certificates philippe.anctil> ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem philippe.anctil> ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 philippe.anctil> bit) philippe.anctil> error 20 at 0 depth lookup:unable to get local issuer certificate philippe.anctil> ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA philippe.anctil> error 20 at 0 depth lookup:unable to get local issuer certificate philippe.anctil> 140692788688576:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable philippe.anctil> to find parameters in chain:x509_vfy.c:2108: philippe.anctil> ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA philippe.anctil> error 18 at 0 depth lookup:self signed certificate philippe.anctil> C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA philippe.anctil> error 10 at 0 depth lookup:certificate has expired philippe.anctil> OK philippe.anctil> ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 philippe.anctil> bit) philippe.anctil> error 18 at 0 depth lookup:self signed certificate philippe.anctil> C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) philippe.anctil> error 10 at 0 depth lookup:certificate has expired philippe.anctil> OK philippe.anctil> make: *** [test_verify] Error 2 philippe.anctil> philippe.anctil> It seems to boil down to the following philippe.anctil> philippe.anctil> OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo philippe.anctil> ../certs/demo/ca-cert.pem philippe.anctil> philippe.anctil> WARNING: can't open config file: philippe.anctil> ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 philippe.anctil> bit) philippe.anctil> error 20 at 0 depth lookup:unable to get local issuer certificate philippe.anctil> philippe.anctil> echo $? philippe.anctil> philippe.anctil> 2 philippe.anctil> philippe.anctil> Doing the same on my RHEL5 box. philippe.anctil> philippe.anctil> OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo philippe.anctil> ../certs/demo/ca-cert.pem philippe.anctil> WARNING: can't open config file: philippe.anctil> ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 philippe.anctil> bit) philippe.anctil> error 10 at 1 depth lookup:certificate has expired philippe.anctil> C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) philippe.anctil> error 10 at 0 depth lookup:certificate has expired philippe.anctil> OK philippe.anctil> philippe.anctil> echo $? philippe.anctil> philippe.anctil> 0 philippe.anctil> philippe.anctil> Any clue why openssl verify does not work on RHEL7? philippe.anctil> ca-cert.pem is issued by pca-cert.pem (matching Authority Key Identifier). Both are under philippe.anctil> ../certs/demo. philippe.anctil> philippe.anctil> Thanks. philippe.anctil> philippe.anctil> -- philippe.anctil> Philippe Anctil From Michael.Wojcik at microfocus.com Sun May 20 15:23:19 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sun, 20 May 2018 15:23:19 +0000 Subject: [openssl-users] Receive throttling on SSL sockets In-Reply-To: References: <5065C45C-83C3-40D9-8914-EF85D77805D3@akamai.com>

<2c6c0689-686a-d8cd-d99b-91c64a5859e8@jordan.maileater.net> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Alex H > Sent: Saturday, May 19, 2018 15:53 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] Receive throttling on SSL sockets > > Flow control really, really, *really* seems like an application-layer task to me in the case of TLS. I think adding it to TLS > > itself would be a mistake. > This whole thread of messages kind of already concluded that this is not possible currently. I don't believe it did. It concluded that the server can't impose flow control by itself. > You simply cannot implement proper flow control since doing so would potentially throttle writes, not just reads. You > need a TLS data window to do it properly. If the client and server both participate in flow control - that is, if they implement the window announcements and output throttling at the application level - then there's no need to do it in TLS. A cooperating client and server can implement any sort of traffic shaping they want. What's not possible in TLS is throttling implemented solely by one side, without cooperation from the peer application. In any case, this has drifted far afield from the purpose of openssl-users. I pesonally don't think flow control should be part of TLS, but I don't care strongly enough to, for example, argue against it on the IETF TLS mailing list. Michael Wojcik Distinguished Engineer, Micro Focus From marazewskajoanna at gmail.com Mon May 21 18:22:07 2018 From: marazewskajoanna at gmail.com (Joanna Marazewska) Date: Mon, 21 May 2018 20:22:07 +0200 Subject: [openssl-users] (no subject) Message-ID: -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michal.Trojnara at stunnel.org Mon May 21 21:35:39 2018 From: Michal.Trojnara at stunnel.org (Michal Trojnara) Date: Mon, 21 May 2018 23:35:39 +0200 Subject: [openssl-users] stunnel 5.45 released Message-ID: <839876ee-89a9-0d5f-ddbc-af63e130cd9c@stunnel.org> Dear Users, I have released version 5.45 of stunnel. Version 5.45, 2018.05.21, urgency: MEDIUM * New feature sponsored by https://loadbalancer.org/ - Implemented delayed deallocation of service sections after configuration file reload. * Other new features - OpenSSL DLLs updated to version 1.0.2o. - Deprecated the sslVersion option. - The "socket" option is now also available in service sections. - Implemented try-restart in the SysV init script (thx to Peter Pentchev). - TLS 1.3 compliant session handling for OpenSSL 1.1.1. - Default "failover" value changed from "rr" to "prio". - New "make check" tests. * Bugfixes - A service no longer refuses to start if binding fails for some (but not all) addresses:ports. - Fixed compression handling with OpenSSL 1.1.0 and later. - _beginthread() replaced with safer _beginthreadex(). - Fixed exception handling in libwrap. - Fixed exec+connect services. - Fixed automatic resolver delaying. - Fixed a Gentoo cross-compilation bug (thx to Joe Harvell). - A number of "make check" framework fixes. - Fixed false postive memory leak logs. - Build fixes for OpenSSL versions down to 0.9.7. - Fixed (again) round-robin failover in the FORK threading model. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 548244839b8a4bf4dffea46c97893b203d1b9eed118c3dd6a9ac4d8d02592ee3 stunnel-5.45.tar.gz fc13a224c7ec1290035efe8317c53d62a0980a5ab2efe8930b06aae269fbe873 stunnel-5.45-win32-installer.exe 29025eaed007c62856f16c7a8a22f9713eee9762ed95009f6f91f729c35c0bc0 stunnel-5.45-android.zip Best regards, Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From luis.pinto.martins at gmail.com Mon May 21 21:34:11 2018 From: luis.pinto.martins at gmail.com (=?UTF-8?Q?Lu=C3=ADs_Martins?=) Date: Mon, 21 May 2018 22:34:11 +0100 Subject: [openssl-users] Build Openssl + FIPS - recursive fipsld Message-ID: Hi, I'm trying to build openssl with FIPS module on Ubuntu 14.04 32 bits, but during one of the steps the fipsld tool starts being called recursively. It happens on this step: sh -c ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz}"; LDCMD="${LDCMD:-/usr/local/ssl/fips2.0/bin/fipsld}"; LDFLAGS="${LDFLAGS:--DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} ) fipsld -e /usr/local/ssl/fips2.0/bin/fipsld -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz fipsld -e /usr/local/ssl/fips2.0/bin/fipsld /usr/local/ssl/fips2.0/lib//fipscanister.o /usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz fipsld -e /usr/local/ssl/fips2.0/bin/fipsld /usr/local/ssl/fips2.0/lib/fips_premain.c /usr/local/ssl/fips2.0/lib//fipscanister.o /usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz It keeps calling fipsld recursively, with each call adding one more "/usr/local/ssl/fips2.0/lib/fips_premain.c" to the command. Any idea what am I missing ? My build steps are: export FIPSDIR="/usr/local/ssl/fips2.0" export MACHINE=linux-generic32 export CC="/usr/local/ssl/fips2.0/bin/fipsld" export FIPSLD_CC="gcc" export FIPS_SIG="/tmp/openssl-fips-2.0.16/util/incore" # build openssl fips module cd /tmp/ curl -O https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz gunzip -c openssl-fips-2.0.16.tar.gz | tar xf - cd openssl-fips-2.0.16 ./config make make install # build openssl cd /tmp curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz tar -zxf openssl-1.0.2n.tar.gz cd /tmp/openssl-1.0.2n ./Configure \ --prefix=/usr/local \ linux-generic32 \ -fPIC \ no-shared \ no-capieng \ fips \ --with-fipsdir="/usr/local/ssl/fips2.0" \ zlib \ no-zlib-dynamic \ --with-zlib-include="/usr/local/include" \ --with-zlib-lib="/usr/local/lib" make all -j1 make build_libs -- Lu?s -------------- next part -------------- An HTML attachment was scrubbed... URL: From chetan.quest at gmail.com Wed May 23 02:52:45 2018 From: chetan.quest at gmail.com (Chetan Quest) Date: Wed, 23 May 2018 08:22:45 +0530 Subject: [openssl-users] RC5 Incompatibility Issue Message-ID: Hi OpenSSL users, I am working in a project to replace my old third party crypto library with openSSL crypto library. I have requirement to maintain the compatibility across the library. i.e. any IP encrypted with older crypto library should be decrypted by openSSL library. I am facing issue in RC5 algorithm even if I am using all the parameters (word size, rounds and key length) same. The older library currently in use is RSA library. They are out of business now and I have to replace it with openSSL. OpenSSL library being used is: openssl-1.1.0-stable-SNAP-20180501 Please let me know if I am missing something (any setting/ unknown parameter etc) or if there is an issue with RC5. Any pointer in this direction is really appreciated. Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From redpath at us.ibm.com Wed May 23 10:41:51 2018 From: redpath at us.ibm.com (redpath) Date: Wed, 23 May 2018 03:41:51 -0700 (MST) Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK Message-ID: <1527072111537-0.post@n7.nabble.com> My question is: I have this handy function to create a Private and Public key But what is the magic I put around it to make sure it is random not the same Private and Public key when I run this program each time? I am using openSSL on OSX and Android. I am not familiar with the random API seeding though I can pick the UUID of the device or whatever. * I am sure there is some standard call unless of course the Initialization of openSSL does the random seed nicely?* Thanks in advance. =========== /** * Compile for testmipluginSecurity.c * Self Testing * cc -o main -DTEST -Wno-deprecated-declarations main.c -lcrypto * Origin: r redpath * Project: wouldn't you like to know ************************/ #include #include #include #include #include #include #include #include #include #include #include #include /** #ifndef OPENSSL_NO_ENGINE #include #endif **/ void init_openssl(void){ ERR_load_BIO_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); } /**************** * Create Public and Private Key and return the PEMs as string data * origin: redpath PEM_write_bio_PUBKEY (Traditional PEM format). Notice BEGIN PUBLIC KEY PEM_write_bio_RSAPublicKey (PKCS PEM format). Notice BEGIN RSA PUBLIC KEY PEM_write_bio_PrivateKey (PEM). Notice BEGIN PRIVATE KEY PEM_write_bio_PKCS8PrivateKey (PEM). Notice BEGIN PRIVATE KEY PEM_write_bio_RSAPrivateKey (PEM). Notice BEGIN RSA PRIVATE KEY *****************/ void createRSAkeyPair(char **private, char **public){ EVP_PKEY* evp= EVP_PKEY_new(); RSA *rsa= RSA_generate_key(2048,RSA_F4,NULL,NULL); int keylen; char *pem_key; EVP_PKEY_assign_RSA(evp,rsa); BIO *bio = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL); keylen = BIO_pending(bio); pem_key = calloc(keylen+1, 1); /* Null-terminate */ BIO_read(bio, pem_key, keylen); *private = pem_key; BIO_free(bio); bio = BIO_new(BIO_s_mem()); //PEM_write_bio_RSAPublicKey(bio,rsa); // (PKCS PEM format). PEM_write_bio_PUBKEY(bio, evp); //(Traditional PEM format). keylen = BIO_pending(bio); pem_key = calloc(keylen+1, 1); /* Null-terminate */ BIO_read(bio, pem_key, keylen); *public = pem_key; BIO_free(bio); EVP_PKEY_free(evp); } #if defined TEST int main(int argc, char **argv){ unsigned char key[16]; unsigned char iv[16]; char *private, *public; X509 *x; char *pem; size_t g_length; init_openssl(); createRSAkeyPair(&private, &public); printf("%s",private); printf("\n\n"); printf("%s",public); } #endif -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From john.sha.jiang at gmail.com Wed May 23 11:39:05 2018 From: john.sha.jiang at gmail.com (John Jiang) Date: Wed, 23 May 2018 19:39:05 +0800 Subject: [openssl-users] Call for testing TLS 1.3 In-Reply-To: <20180429104326.GA21314@roeckx.be> References: <20180429104326.GA21314@roeckx.be> Message-ID: Hi, If just using s_server and s_client, can I test the TLS 1.3 features, likes HelloRetryRequest and resumption? 2018-04-29 18:43 GMT+08:00 Kurt Roeckx : > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > 1.3 brings a lot of changes that might cause incompatibility. For > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. > > When testing this, it's important that both sides of the > connection support the same TLS 1.3 draft version. OpenSSL > currently implements draft 26. We would like to see tests > for OpenSSL acting as client and server. > > https://github.com/tlswg/tls13-spec/wiki/Implementations lists > other TLS 1.3 implementations and the draft they currently > support. Note that the versions listed there might not be for the > latest release. It also lists some https test servers. > > We would really like to see a diverse set of applictions being > tested. Please report any results you have to us. > > > Kurt > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed May 23 12:33:36 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 13:33:36 +0100 Subject: [openssl-users] Call for testing TLS 1.3 In-Reply-To: References: <20180429104326.GA21314@roeckx.be> Message-ID: On 23/05/18 12:39, John Jiang wrote: > Hi, > If just using s_server and s_client, can I test the TLS 1.3 features, > likes HelloRetryRequest and resumption? Yes. To create a normal (full handshake) TLSv1.3 connection just use s_server/s_client in the normal way, e.g. $ openssl s_server -cert cert.pem -key key.pem $ openssl s_client To test resumption first create a full handshake TLSv1.3 connection and save the session: $ openssl s_server -cert cert.pem -key key.pem $ openssl s_client -sess_out session.pem Close the s_client instance by entering "Q" followed by enter. Then (without closing the s_server instance) resume the session: $ openssl s_client -sess_in session.pem A HelloRetryRequest will occur if the key share provided by the client is not acceptable to the server. By default the client will send an X25519 key share, so if the server does not accept that group then an HRR will result, e.g. $ openssl s_server -cert cert.pem -key key.pem -groups P-256 $ openssl s_client Of course a HelloRetryRequest all happens at the protocol layer and is invisible as far as a user of the command line apps is concerned. You will have to look at what happens "on the wire" to actually see it in action - for example by using wireshark. Alternatively you can compile OpenSSL with the "enable-ssl-trace" option, and pass the "-trace" flag to s_server or s_client to see what protocol messages are being exchanged. Matt > > 2018-04-29 18:43 GMT+08:00 Kurt Roeckx >: > > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > 1.3 brings a lot of changes that might cause incompatibility. For > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. > > When testing this, it's important that both sides of the > connection support the same TLS 1.3 draft version. OpenSSL > currently implements draft 26. We would like to see tests > for OpenSSL acting as client and server. > > https://github.com/tlswg/tls13-spec/wiki/Implementations > lists > other TLS 1.3 implementations and the draft they currently > support. Note that the versions listed there might not be for the > latest release. It also lists some https test servers. > > We would really like to see a diverse set of applictions being > tested. Please report any results you have to us. > > > Kurt > > -- > openssl-users mailing list > To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > From matt at openssl.org Wed May 23 13:19:07 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 14:19:07 +0100 Subject: [openssl-users] Facing issue while reading RSA private key (DER format) In-Reply-To: <3FA58A84-AD1B-47BC-8D62-64989AD06998@contoso.com> References: <3FA58A84-AD1B-47BC-8D62-64989AD06998@contoso.com> Message-ID: On 23/05/18 12:10, Ruchi Tyagi wrote: > Hi, > > ? > > I am working on a project where we are trying to Replace RSA Bsafe > crypto C library with openssl. I have a RSA key pair (attaching the key > files) generated using RSA Bsafe library. > > I am ?able to read the public key using the below call > > ? > > rsa = d2i_RSA_PUBKEY(NULL, &public_key_bytes, public_key_length); RSA public keys typically come in either PKCS#1 format or SubjectPublicKeyInfo format. You need to ensure you use the correct function for the format. Your public key is in SubjectPublicKeyInfo format, and this is the correct function for reading that format - so it succeeds. > > ? > > but while decryption , I am getting NULL ?rsa? . > > ? > > rsa = d2i_RSAPrivateKey(NULL, &p, size); RSA private keys typically come in either traditional or PKCS#8 format. Your private key is in PKCS#8 format, but this function is for reading traditional format keys - hence the failure. If you use the function d2i_AutoPrivateKey() then it will automatically try to detect the format. It returns an EVP_PKEY *object which is the preferred internal object for working with public/private keys. If you must have it as an "RSA *" object you can do that with EVP_PKEY_get1_RSA() (or EVP_PKEY_get0_RSA() if you don't want to up the ref count on the RSA object). Matt > > ? > > ? > > It seems that I am not using the right call or missing something. > > ? > > Please help me in resolving this issue. > > ? > > Thanks & Regards, > > Ruchi > > > > _______________________________________________ > osf-contact mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/osf-contact > From redpath at us.ibm.com Wed May 23 16:54:22 2018 From: redpath at us.ibm.com (redpath) Date: Wed, 23 May 2018 09:54:22 -0700 (MST) Subject: [openssl-users] how to seed PRNG In-Reply-To: <2FE443C983E334469F56B9FB09CFD32A014B4ABE@SMBFISBOM01.FNFIS.COM> References: <2FE443C983E334469F56B9FB09CFD32A014B4ABE@SMBFISBOM01.FNFIS.COM> Message-ID: <1527094462466-0.post@n7.nabble.com> Ya me too did you ever get the info on this? -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From redpath at us.ibm.com Wed May 23 17:08:01 2018 From: redpath at us.ibm.com (redpath) Date: Wed, 23 May 2018 10:08:01 -0700 (MST) Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527072111537-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> Message-ID: <1527095281847-0.post@n7.nabble.com> SO if I add this RAND usage below, em I seeding to assure a different RSA key pair each time run of creating a RSA pair. I would certainly replace the time with the UUID of the device to be unique to the device. You would have to acquire the device to know the seeding. Hey keep the Time one too. void init_openssl(void){ if (initialized!=0) return; initialized= 1; ERR_load_BIO_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); unsigned long Time=(unsigned long)time(NULL); RAND_add(&Time,sizeof(Time),0); //better than nothing for a starting point } -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From openssl-users at dukhovni.org Wed May 23 17:33:18 2018 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 23 May 2018 13:33:18 -0400 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527095281847-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: > On May 23, 2018, at 1:08 PM, redpath wrote: > > SO if I add this RAND usage below, em I seeding to assure a different RSA key > pair each time run of > creating a RSA pair. > > I would certainly replace the time with the UUID of the device to be unique > to the device. > You would have to acquire the device to know the seeding. Hey keep the Time > one too. NO. Seeding exclusively in this way is a terrible idea and MUST NOT be done. You need considerably more randomness than found in a timestamp or a device serial number. It is not enough for keys to be unique, they need to be computationally unpredictable. If the device is generating keys it needs a decent source of randomness. Otherwise, keys might need to be generated elsewhere and loaded onto the device. -- -- Viktor. From rsalz at akamai.com Wed May 23 18:20:40 2018 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 23 May 2018 18:20:40 +0000 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527095281847-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: What version of OpenSSL are you using? Using the time to seed the RNG is horrible; DO NOT DO THAT. Not trying to be insulting, but if you think time is a good source, then you really don't know what you're doing for RNG's. Consider looking at the master branch, with its highly-improve seeding and RNG code. From Michael.Wojcik at microfocus.com Wed May 23 18:39:29 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 23 May 2018 18:39:29 +0000 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527095281847-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of redpath > Sent: Wednesday, May 23, 2018 13:08 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure > Randomness of PK > > SO if I add this RAND usage below, em I seeding to assure a different RSA key > pair each time run of creating a RSA pair. You'll get a *different* key pair (with high probability) each time, provided you wait at least a second between generating keys. That is, if you get anything at all; you may not, if there isn't enough entropy in the pool. You'll also get completely pointless keys, because the wall-clock time contains little entropy. As Viktor wrote: DO NOT DO THIS. If you don't understand why, stop trying to use cryptography until you've learned enough about the subject to be a bit less dangerous. > I would certainly replace the time with the UUID of the device to be unique > to the device. You would have to acquire the device to know the seeding. Or get the UUID through any other means, such as a malicious app. And generating two key pairs after seeding with UUID || time means the CPRNG state differs only by the 32 bits in time - and most of those will be the same, unless a *long* time has passed. So the joint information of the pairs is high, which is a Bad Thing. And UUIDs are only 128 bits, so the total seed size is 160 bits; and neither the UUID nor the time are completely random (far from it), so you only have a small amount of entropy. DO NOT DO THIS. There's no point in using a real cipher if you're going to starve your CPRNG. Just use a toy cipher - it's less work for you, and you won't be making false promises of security. If you want to do this right: 1) Learn something about cryptography. 2) Gather sufficient entropy from suitable sources. If nothing else, have the user scribble on the touchscreen and track pointer movement. It's still easy to overestimate the entropy of that sort of thing, but it's better than nothing, and indeed better than what many people do for seeding. Oh, and asking questions about OpenSSL, a smart move is to mention what version of OpenSSL you're using, platform details, and something about the problem you're trying to solve. -- Michael Wojcik Distinguished Engineer, Micro Focus From public at enkore.de Wed May 23 18:47:41 2018 From: public at enkore.de (Marian Beermann) Date: Wed, 23 May 2018 20:47:41 +0200 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: <0276078b-f719-ec92-7a43-61b765eb94cf@enkore.de> On 23.05.2018 20:39, Michael Wojcik wrote: >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >> Of redpath >> Sent: Wednesday, May 23, 2018 13:08 >> To: openssl-users at openssl.org >> Subject: Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure >> Randomness of PK >> >> SO if I add this RAND usage below, em I seeding to assure a different RSA key >> pair each time run of creating a RSA pair. > > You'll get a *different* key pair (with high probability) each time, provided you wait at least a second between generating keys. That is, if you get anything at all; you may not, if there isn't enough entropy in the pool. > > You'll also get completely pointless keys, because the wall-clock time contains little entropy. > > As Viktor wrote: DO NOT DO THIS. If you don't understand why, stop trying to use cryptography until you've learned enough about the subject to be a bit less dangerous. > ... if this is code going in the general direction of "production deployment", then get a crypto-person on board, or at least get them to review and sign off the code. Otherwise this *will* end in a debacle. -Marian From redpath at us.ibm.com Wed May 23 18:52:52 2018 From: redpath at us.ibm.com (redpath) Date: Wed, 23 May 2018 11:52:52 -0700 (MST) Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: <1527101572304-0.post@n7.nabble.com> Well what I was alluding to is this the correct use of the RAND_add function to seed the Key generation. Its a bit confusing certainly. I will use more than the UUID of the device but you have to have the device in hand to know that and know it came from a device. I certainly will use better than time and UUID, just need to know calling this seed of the rand function is the right thing to do to effect the Key generation? Then second all I need to do is solve the random seeding to be less than a toy input for entropy, this is just an example that I must use RAND_add So my correct usage of RAND_add validate? and second I will find a good input for it. Just let me know, thanks for taking the quick time to address this. Thanks -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From rsalz at akamai.com Wed May 23 18:59:54 2018 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 23 May 2018 18:59:54 +0000 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527101572304-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> <1527101572304-0.post@n7.nabble.com> Message-ID: <785C3585-663B-4481-84D2-AED36225E7F9@akamai.com> > Well what I was alluding to is this the correct use of the RAND_add function to seed the Key generation. Its a bit confusing certainly. You are calling the API correctly. That should have been clear from the manpage. You still did not tell us what version of OpenSSL you are using. From redpath at us.ibm.com Wed May 23 20:01:52 2018 From: redpath at us.ibm.com (redpath) Date: Wed, 23 May 2018 13:01:52 -0700 (MST) Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <785C3585-663B-4481-84D2-AED36225E7F9@akamai.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> <1527101572304-0.post@n7.nabble.com> <785C3585-663B-4481-84D2-AED36225E7F9@akamai.com> Message-ID: <1527105712195-0.post@n7.nabble.com> Oh I am using openssl-1.0.2o just for development But I certainly will take a recommendation of version. Thats always appreciated. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html From Michael.Wojcik at microfocus.com Wed May 23 21:54:41 2018 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 23 May 2018 21:54:41 +0000 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527105712195-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> <1527101572304-0.post@n7.nabble.com> <785C3585-663B-4481-84D2-AED36225E7F9@akamai.com> <1527105712195-0.post@n7.nabble.com> Message-ID: > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of redpath > Sent: Wednesday, May 23, 2018 16:02 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure > Randomness of PK > > Oh I am using openssl-1.0.2o just for development > > But I certainly will take a recommendation of version. 1.0.2 is currently a Long-Term Support (LTS) release, but support ends at the end of 2019. 1.1.1 is the new LTS release, and since 1.1 introduced a number of API changes and new features, I think it's worthwhile moving to 1.1.1 (at the latest fix level) as soon as is convenient. That said, 1.0.2o is fine as well - just keep in mind that at some point you'll need to change to the 1.1 API, and you may need to move sooner to get features you want. As Rich mentioned, 1.1 has some improvements regarding random seeding, so it may be worth doing that now. -- Michael Wojcik Distinguished Engineer, Micro Focus From wiml at omnigroup.com Wed May 23 22:43:35 2018 From: wiml at omnigroup.com (Wim Lewis) Date: Wed, 23 May 2018 15:43:35 -0700 Subject: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK In-Reply-To: <1527095281847-0.post@n7.nabble.com> References: <1527072111537-0.post@n7.nabble.com> <1527095281847-0.post@n7.nabble.com> Message-ID: On 23. ma? 2018, at 10:08 f.h., redpath wrote: > SO if I add this RAND usage below, em I seeding to assure a different RSA key > pair each time run of creating a RSA pair. > > I would certainly replace the time with the UUID of the device to be unique > to the device. You would have to acquire the device to know the seeding. Hey keep the Time > one too. Attempting to provide a more useful response ... That is the right way to add entropy to the pool, but (as everyone else has said) neither the current time nor the device's UUID provide enough entropy to satisfy any cryptographic requirements. Adding them to the random pool won't hurt, but you should set the entropy-estimate argument equal to zero (like you did in your example). Depending on your OpenSSL version *and the platform it's running on*, OpenSSL may automatically seed the random pool from the platform's random-number source(s). It does this by calling RAND_poll(), which is documented in the same manual page as RAND_add(). So, normally you do not need to worry about explicitly seeding the random number generator. However, if you're running on an embedded device, or running immediately after bootup, or some other situation in which OpenSSL can't get good entropy from the system, you may need to figure out how to supply some yourself. That's pretty difficult to do. From john.sha.jiang at gmail.com Thu May 24 09:58:24 2018 From: john.sha.jiang at gmail.com (John Jiang) Date: Thu, 24 May 2018 17:58:24 +0800 Subject: [openssl-users] Call for testing TLS 1.3 In-Reply-To: References: <20180429104326.GA21314@roeckx.be>

Message-ID: Hi Matt, Thanks for your reply! 2018-05-23 20:33 GMT+08:00 Matt Caswell : > > To test resumption first create a full handshake TLSv1.3 connection and > save the session: > > $ openssl s_server -cert cert.pem -key key.pem > $ openssl s_client -sess_out session.pem > > Close the s_client instance by entering "Q" followed by enter. Then > (without closing the s_server instance) resume the session: > > $ openssl s_client -sess_in session.pem > This way looks the same to test resumption on TLS 1.2. The followings are some logs from my test. The first connection: --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: Session-ID-ctx: Master-Key: B4A20A467729A8179ECE5912AD87A0E5A784B8573A6F98CB414498142A10A37593B10DE254197A98E05CE65BDD664776 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1527153377 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- The second connection: --- Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 601F249C2033D5E5DF23D3380E6A2D81B335AF420D59849BB2023C415D0553C5 Session-ID-ctx: Master-Key: 68695BD547856C14E04C747CE884F876B1564DADC66F28CD24B95DF3240FE0C0F93F59ED650B5EE45F6D3EA40A71C993 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 54 03 c8 0e e6 75 f3 ef-3f 7a 73 89 bc 87 69 ab T....u..?zs...i. 0010 - cf e6 ff d1 f9 d8 24 36-0d e5 67 52 30 7c ea 0c ......$6..gR0|.. 0020 - c8 a2 67 ad 24 f6 29 cc-2c 95 48 36 e8 87 f6 4e ..g.$.).,.H6...N 0030 - c1 e8 44 a7 49 9d d6 61-36 32 37 80 01 1a 67 38 ..D.I..a627...g8 0040 - ee b7 fb 83 d8 fc 66 69-51 29 3e c4 81 38 c5 2f ......fiQ)>..8./ 0050 - 62 a2 fe 65 76 20 91 b4-fb 7b e3 eb 06 fa b7 d6 b..ev ...{...... 0060 - 1a 1e 2e b5 e0 ea c1 a3-d2 bf 12 bf 38 94 29 10 ............8.). 0070 - 79 52 de 5d ef 30 d6 a7-01 a5 74 05 69 d1 31 61 yR.].0....t.i.1a 0080 - a8 05 ac 83 d1 ab 17 82-c0 cc 1d 23 96 4e d2 af ...........#.N.. 0090 - 74 56 aa f2 24 8c 02 f9-90 b3 e1 65 8f 81 12 a1 tV..$......e.... 00a0 - 79 36 72 a1 cf 0e a7 f0-fb b5 d0 42 81 5f ca 13 y6r........B._.. 00b0 - 24 97 a3 92 40 07 bd 5b-2c 3e 9d e8 af 3e f0 56 $... at ..[,>...>.V 00c0 - 9d 00 86 b2 30 fe 4b 68-c0 2e 17 d6 aa a7 5f 5b ....0.Kh......_[ 00d0 - 3f 0f 30 81 a4 2b a1 fd-f6 b5 8c 3c 4e 03 cb de ?.0..+..... A HelloRetryRequest will occur if the key share provided by the client > is not acceptable to the server. By default the client will send an > X25519 key share, so if the server does not accept that group then an > HRR will result, e.g. > > $ openssl s_server -cert cert.pem -key key.pem -groups P-256 > $ openssl s_client > It looks option "-groups" just specifies the most preferable named groups, but other groups still could be negotiated. Right? Of course a HelloRetryRequest all happens at the protocol layer and is > invisible as far as a user of the command line apps is concerned. You > will have to look at what happens "on the wire" to actually see it in > action - for example by using wireshark. Alternatively you can compile > OpenSSL with the "enable-ssl-trace" option, and pass the "-trace" flag > to s_server or s_client to see what protocol messages are being exchanged. > I found interesting things from trace logs. BTW, the TLS 1.3 wiki [1] stats that the TLS 1.3 cipher suites are named: TLS13-AES-256-GCM-SHA384 TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-128-CCM-8-SHA256 TLS13-AES-128-CCM-SHA256 But with version 1.1.1-pre6, they are using the formal names, like TLS_AES_256_GCM_SHA384. [1] https://wiki.openssl.org/index.php/TLS1.3 Thanks! > > Matt > > > > > > > 2018-04-29 18:43 GMT+08:00 Kurt Roeckx > >: > > > > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > > 1.3 brings a lot of changes that might cause incompatibility. For > > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > > > > > We are considering if we should enable TLS 1.3 by default or not, > > or when it should be enabled. For that, we would like to know how > > applications behave with the latest beta release. > > > > When testing this, it's important that both sides of the > > connection support the same TLS 1.3 draft version. OpenSSL > > currently implements draft 26. We would like to see tests > > for OpenSSL acting as client and server. > > > > https://github.com/tlswg/tls13-spec/wiki/Implementations > > lists > > other TLS 1.3 implementations and the draft they currently > > support. Note that the versions listed there might not be for the > > latest release. It also lists some https test servers. > > > > We would really like to see a diverse set of applictions being > > tested. Please report any results you have to us. > > > > > > Kurt > > > > -- > > openssl-users mailing list > > To unsubscribe: > > https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu May 24 10:40:08 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 24 May 2018 11:40:08 +0100 Subject: [openssl-users] Call for testing TLS 1.3 In-Reply-To: References: <20180429104326.GA21314@roeckx.be>

Message-ID: On 24/05/18 10:58, John Jiang wrote: > Should I see PSK identity here? Or, it is the TLS session ticket. It's the session ticket. > A HelloRetryRequest will occur if the key share provided by the client > is not acceptable to the server. By default the client will send an > X25519 key share, so if the server does not accept that group then an > HRR will result, e.g. > > $ openssl s_server -cert cert.pem -key key.pem -groups P-256 > $ openssl s_client > > It looks option "-groups" just specifies the most preferable named groups, > but other groups still could be negotiated. Right? No, it restricts the groups acceptable to the server. > > I found interesting things from trace logs. > > BTW, the TLS 1.3 wiki [1] stats that the TLS 1.3 cipher suites are named: > TLS13-AES-256-GCM-SHA384 > TLS13-CHACHA20-POLY1305-SHA256 > TLS13-AES-128-GCM-SHA256 > TLS13-AES-128-CCM-8-SHA256 > TLS13-AES-128-CCM-SHA256 > But with version 1.1.1-pre6, they are using the formal names, > like TLS_AES_256_GCM_SHA384. Ah, right thanks - we renamed them to the standard names a while ago. I fixed the wiki. Matt > > [1] https://wiki.openssl.org/index.php/TLS1.3 > > Thanks! > ? > > > Matt > > > > > > > 2018-04-29 18:43 GMT+08:00 Kurt Roeckx > >