From matt at openssl.org  Tue Dec  1 10:22:39 2020
From: matt at openssl.org (Matt Caswell)
Date: Tue, 1 Dec 2020 10:22:39 +0000
Subject: Fwd: Forthcoming OpenSSL Release
In-Reply-To: <C42DDAA9-AEFF-43FF-AB90-59DBEFE48687@openssl.org>
References: <C42DDAA9-AEFF-43FF-AB90-59DBEFE48687@openssl.org>
Message-ID: <72b2008f-919a-859a-7788-36f5f4f84587@openssl.org>

FYI


-------- Forwarded Message --------
Subject: Forthcoming OpenSSL Release
Date: Tue, 1 Dec 2020 04:15:51 -0600
From: Paul Nelson <nelson at openssl.org>
Reply-To: openssl-users at openssl.org
To: openssl-announce at openssl.org

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1i.

This release will be made available on Tuesday 8th December 2020 between
1300-1700 UTC.

OpenSSL 1.1.i is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team


From vt at rockenstein.de  Fri Dec  4 11:26:40 2020
From: vt at rockenstein.de (Vincent Truchsess - rockenstein AG)
Date: Fri, 4 Dec 2020 11:26:40 +0000
Subject: Client-Certificate blocking without conrolling the issuing CA
In-Reply-To: <857d4b0ce4a147dc9ff7cd4dd21c0155@rockenstein.de>
References: <857d4b0ce4a147dc9ff7cd4dd21c0155@rockenstein.de>
Message-ID: <0c9e5b5278aa40eebc4dc2becbd46ac1@rockenstein.de>

Hi,

I am well aware that the usecase I'm going to describe is not how pki is intended to be implemented but unfortunally, the organizational architecture of ths particular application is out of my teach.

We are operating an application that strongly relies on client certificates as the outer authentication layer. Those certificates are issued as 'general purpose' client-certs by a globally trusted root-ca and are being validated on dedicated hardware limiting the level of flexibility in the matters of access control.
The organization legally responsible for the application maintains a blocklist of certificate serials they consider to be invalidated. Also, this organization does not bother to get those certificates revoked by their CA so using OCSP or CRLs against the CAs services has no effect on denying access to invalid users.

The hardware performing the certificate-validation allows for locally stored CRLs. Our intention was to generate those ourselves using a selfsigned CA. As far as I went, it seems that openssl only allows for revocations of certificates signed by the local CA.

Doing this in software (e.g. inside the application) wouldn't be a problem but the amount of parallel connections require this to be handled by dedicated hardware which is limited to CRLs and OCSP.

Is there any way we simply have overlooked that allows us to generate selfsigned CRLs for certificates issued by another CA using openssl?

Thanks you for your time,
Vincent Truchse?.


PS: Implementing a 'scriptable' OCSP-responder would be an option that is planned but will take too long to hotfix the current issue.

From sanarayana at rbbn.com  Fri Dec  4 13:28:18 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Fri, 4 Dec 2020 13:28:18 +0000
Subject: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and
 'SSL_R_NO_CERTIFICATE_RETURNED'  in openssl3.0
In-Reply-To: <SN6PR03MB4061D0D79F4A6478B68E4D41B0F80@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <SN6PR03MB4061D0D79F4A6478B68E4D41B0F80@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <SN6PR03MB4061E3937EB2F637B3F52079B0F10@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi,
                We are trying to upgrade our application from openssl usage of 1.0.2 to openssl 3.0, during which we observe following errors.
Looks like the below #def been removed from 1.1 onwards, Should application also need to take off from its usage ? or is there any alternative to be used in application ?
Please suggest

error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
                 case SSL_R_PEER_ERROR_NO_CIPHER:

error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope
                 case SSL_R_NO_CERTIFICATE_RETURNED:


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201204/e6bd616f/attachment.html>

From Michael.Wojcik at microfocus.com  Fri Dec  4 14:07:02 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Fri, 4 Dec 2020 14:07:02 +0000
Subject: Client-Certificate blocking without conrolling the issuing CA
In-Reply-To: <0c9e5b5278aa40eebc4dc2becbd46ac1@rockenstein.de>
References: <857d4b0ce4a147dc9ff7cd4dd21c0155@rockenstein.de>
 <0c9e5b5278aa40eebc4dc2becbd46ac1@rockenstein.de>
Message-ID: <DM6PR18MB270041EC6BD8FC19EF53C57CF9F10@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Vincent
> Truchsess - rockenstein AG
> Sent: Friday, 4 December, 2020 04:27
>
> The organization legally responsible for the application maintains a
> blocklist of certificate serials they consider to be invalidated. Also, this
> organization does not bother to get those certificates revoked by their CA so
> using OCSP or CRLs against the CAs services has no effect on denying access
> to invalid users.
>
> The hardware performing the certificate-validation allows for locally stored
> CRLs. Our intention was to generate those ourselves using a selfsigned CA. As
> far as I went, it seems that openssl only allows for revocations of
> certificates signed by the local CA.

I assume you mean "certificates signed by the issuing CA". The CRL has to be generated by the CA that issued the certificates.

It seems to me that the simplest solution would be to have the application add a certificate validation callback that checks the serial number against this not-really-a-CRL list of forbidden client certificates. That's the sort of thing certificate validation callbacks are for: implementing additional restrictions (or removing existing ones) on which certificates will be accepted.

--
Michael Wojcik

From vt at rockenstein.de  Fri Dec  4 15:59:05 2020
From: vt at rockenstein.de (Vincent Truchsess - rockenstein AG)
Date: Fri, 4 Dec 2020 15:59:05 +0000
Subject: AW: Client-Certificate blocking without conrolling the issuing CA
In-Reply-To: <DM6PR18MB270041EC6BD8FC19EF53C57CF9F10@DM6PR18MB2700.namprd18.prod.outlook.com>
References: <857d4b0ce4a147dc9ff7cd4dd21c0155@rockenstein.de>
 <0c9e5b5278aa40eebc4dc2becbd46ac1@rockenstein.de>,
 <DM6PR18MB270041EC6BD8FC19EF53C57CF9F10@DM6PR18MB2700.namprd18.prod.outlook.com>
Message-ID: <88168b7adb0e493f876ad70f0eff48ee@rockenstein.de>

That would be the the ideal solution. The problem is that the customer's security-policy demands dedicated hardware performing IDS/IPS functionality at the point of TLS-termination. The devices at hand do not provide the functionality to call a user-defined external service for certificate validation apart from OCSP.

The future workaround will be a mockup OCSP-responder but that solution will need some time for implementation. our current focus lies on a rather quick than perfect solution that buys some time to ship something more solid.
________________________________________
Von: openssl-users <openssl-users-bounces at openssl.org> im Auftrag von Michael Wojcik <Michael.Wojcik at microfocus.com>
Gesendet: Freitag, 4. Dezember 2020 15:07:02
An: openssl-users at openssl.org
Betreff: RE: Client-Certificate blocking without conrolling the issuing CA

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Vincent
> Truchsess - rockenstein AG
> Sent: Friday, 4 December, 2020 04:27
>
> The organization legally responsible for the application maintains a
> blocklist of certificate serials they consider to be invalidated. Also, this
> organization does not bother to get those certificates revoked by their CA so
> using OCSP or CRLs against the CAs services has no effect on denying access
> to invalid users.
>
> The hardware performing the certificate-validation allows for locally stored
> CRLs. Our intention was to generate those ourselves using a selfsigned CA. As
> far as I went, it seems that openssl only allows for revocations of
> certificates signed by the local CA.

I assume you mean "certificates signed by the issuing CA". The CRL has to be generated by the CA that issued the certificates.

It seems to me that the simplest solution would be to have the application add a certificate validation callback that checks the serial number against this not-really-a-CRL list of forbidden client certificates. That's the sort of thing certificate validation callbacks are for: implementing additional restrictions (or removing existing ones) on which certificates will be accepted.

--
Michael Wojcik

From Michael.Wojcik at microfocus.com  Fri Dec  4 17:32:15 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Fri, 4 Dec 2020 17:32:15 +0000
Subject: Client-Certificate blocking without conrolling the issuing CA
In-Reply-To: <88168b7adb0e493f876ad70f0eff48ee@rockenstein.de>
References: <857d4b0ce4a147dc9ff7cd4dd21c0155@rockenstein.de>
 <0c9e5b5278aa40eebc4dc2becbd46ac1@rockenstein.de>,
 <DM6PR18MB270041EC6BD8FC19EF53C57CF9F10@DM6PR18MB2700.namprd18.prod.outlook.com>
 <88168b7adb0e493f876ad70f0eff48ee@rockenstein.de>
Message-ID: <DM6PR18MB2700A93863E854D37F80C98DF9F10@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: Vincent Truchsess - rockenstein AG <vt at rockenstein.de>
> Sent: Friday, 4 December, 2020 08:59
>
> That would be the the ideal solution. The problem is that the customer's
> security-policy demands dedicated hardware performing IDS/IPS functionality
> at the point of TLS-termination. The devices at hand do not provide the
> functionality to call a user-defined external service for certificate
> validation apart from OCSP.
>
> The future workaround will be a mockup OCSP-responder but that solution will
> need some time for implementation. our current focus lies on a rather quick
> than perfect solution that buys some time to ship something more solid.

Ah, I see. Thanks for the clarification.

I don't offhand see a quick workaround for your situation. I'm not sure what would happen if you cross-signed all the client certificates with a CA under your control, and then generated a CRL for the ones you want to exclude. Or actually you could just cross-sign only the ones you want to allow, and made your CA the only trust root for the TLS termination systems; that would work. But I'm guessing modifying every client certificate is not a feasible solution for you either.

If it is, cross-signing with a CA under your control and trusting only that CA is probably the approach I'd go for. That's a legitimate approach under PKIX. It could even be mostly automated, except the end users would have to install updated user certificates, which is probably a deal-breaker.

--
Michael Wojcik

From paul.dale at oracle.com  Sat Dec  5 01:13:38 2020
From: paul.dale at oracle.com (Dr Paul Dale)
Date: Sat, 5 Dec 2020 11:13:38 +1000
Subject: Question related to default RAND usage and update with engine RAND
In-Reply-To: <CADDGra35auseG92Gv-OXCbam2QoqwejPfQyXLVysuRc0-0mUnA@mail.gmail.com>
References: <CADDGra35auseG92Gv-OXCbam2QoqwejPfQyXLVysuRc0-0mUnA@mail.gmail.com>
Message-ID: <C5CE3FFA-01A2-43A5-943F-01818F546DD1@oracle.com>

Have you tried RAND_set_rand_method()?

This should replace the RNG with yours.

In 3.0, there will be a different scheme and an engine isn?t the ideal way to go.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 1 Dec 2020, at 1:02 am, Mahendra SP <mahendra.sp at gmail.com> wrote:
> 
> Hi All,
> 
> We are planning to use our own RAND implementation using an engine. What we observe is, during Openssl init, default RAND gets initialized to openssl RAND.
> Then later we initialize our engine RAND. Even though we make our RAND as default, we see that still openssl uses the initial default RAND.
> 
> Here is what could be happening. In the function RAND_get_rand_method,  default_RAND_meth gets initialized to openssl RAND. 
> As there is a NULL check for  default_RAND_meth ,  default_RAND_meth  never gets updated as it is not NULL. 
> Even if engine RAND is registered and available for use,  default_RAND_meth never gets updated.
> 
> Given the code snippet below.
> const RAND_METHOD *RAND_get_rand_method(void)
> {
>     const RAND_METHOD *tmp_meth = NULL;
> 
>     if (!RUN_ONCE(&rand_init, do_rand_init))
>         return NULL;
> 
>     CRYPTO_THREAD_write_lock(rand_meth_lock);
>     if (default_RAND_meth == NULL) {
> #ifndef OPENSSL_NO_ENGINE
>         ENGINE *e;
> 
>         /* If we have an engine that can do RAND, use it. */
>         if ((e = ENGINE_get_default_RAND()) != NULL
>                 && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
>             funct_ref = e;
>             default_RAND_meth = tmp_meth;
>         } else {
>             ENGINE_finish(e);
>             default_RAND_meth = &rand_meth;
>         }
> #else
>         default_RAND_meth = &rand_meth;
> #endif
>     }
>     tmp_meth = default_RAND_meth;
>     CRYPTO_THREAD_unlock(rand_meth_lock);
>     return tmp_meth;
> }
> 
> Should we remove the NULL check for default_RAND_meth to fix this issue ? Or is there any other way?
> 
> Thanks
> Mahendra
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201205/d5730465/attachment.html>

From mahendra.sp at gmail.com  Sat Dec  5 01:15:47 2020
From: mahendra.sp at gmail.com (Mahendra SP)
Date: Sat, 5 Dec 2020 06:45:47 +0530
Subject: Need inputs for engine cleanup
In-Reply-To: <CADDGra3BZwquPEizJVxuZKDpF2svY0FzecexpNpn5jsPhr3_pQ@mail.gmail.com>
References: <CADDGra3BZwquPEizJVxuZKDpF2svY0FzecexpNpn5jsPhr3_pQ@mail.gmail.com>
Message-ID: <CADDGra3Yb9u+dp70JxKr8C5+orjwOC=XEr5=mp5Ys-e9LkH+gg@mail.gmail.com>

Hi All,
Can you please let me know any inputs on the above query?

Thanks
Mahendra

On Mon, Nov 30, 2020 at 9:19 PM Mahendra SP <mahendra.sp at gmail.com> wrote:

> Hi All,
>
> We are using the openssl 1.1.1 version and using the ENGINE implementation
> for some crypto operation. Engine gets loaded dynamically and initialized
> successfully and we are able to use the engine.
> However, we plan to stop using this engine from the application side once
> we are done with it. When we try to stop using the engine, our engine
> references do not get removed.
> We have tried this sequence:
> ENGINE_free();
> ENGINE_finish();
>
> However, ENGINE_remove() seems to remove the engine correctly and we see
> that our engine does not get referred after this remove call.
>
> Can someone please provide a correct way of removing the engine so
> that engine is no longer available for usage ?
>
> Thanks
> Mahendra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201205/d11fdb24/attachment.html>

From matt at openssl.org  Mon Dec  7 11:39:37 2020
From: matt at openssl.org (Matt Caswell)
Date: Mon, 7 Dec 2020 11:39:37 +0000
Subject: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and
 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
In-Reply-To: <SN6PR03MB4061E3937EB2F637B3F52079B0F10@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <SN6PR03MB4061D0D79F4A6478B68E4D41B0F80@SN6PR03MB4061.namprd03.prod.outlook.com>
 <SN6PR03MB4061E3937EB2F637B3F52079B0F10@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <2ecdb67c-b72f-d933-f39d-c2919e77dc69@openssl.org>



On 04/12/2020 13:28, Narayana, Sunil Kumar wrote:
> Hi,
> 
> ??????????????? We are trying to upgrade our application from openssl
> usage of 1.0.2 to openssl 3.0, during which we observe following errors.
> 
> Looks like the below #def been removed from 1.1 onwards, Should
> application also need to take off from its usage ? or is there any
> alternative to be used in application ?

1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return
codes are liable to change in these upgrades.

> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope

This one was only ever used in the SSLv2 implementation. Since no one
uses SSLv2 any more and it is considered highly insecure its
implementation was removed some while ago. So the reason code was also
deleted.

> error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope

This reason code existed in 1.0.2 but was never used by anything.

Matt


From madhu.bajpai at rimus-tech.com  Mon Dec  7 13:40:53 2020
From: madhu.bajpai at rimus-tech.com (madhu.bajpai at rimus-tech.com)
Date: Mon, 7 Dec 2020 19:10:53 +0530
Subject: openssl 1.1.1h - Engine API in iOS static lib build
In-Reply-To: <021701d6cc87$1d9eb580$58dc2080$@rimus-tech.com>
References: <021701d6cc87$1d9eb580$58dc2080$@rimus-tech.com>
Message-ID: <002101d6cc9e$96cdb110$c4691330$@rimus-tech.com>

Dear openSSL team,

While migrating from 1.0.2u to 1.1.1x,  found that iOS libcrypto.a does not have engine API like engine_new etc. Tried building openssl with enable-static-engine and enable-engine Configure options but no  success.

Here is the Configure command being use:
./Configure iphoneos-cross enable-static-engine enable-engine --openssldir=<...>

Please suggest what can be done to fix this?

Regards,
Madhu


-- 
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



From jb-openssl at wisemo.com  Mon Dec  7 14:26:54 2020
From: jb-openssl at wisemo.com (Jakob Bohm)
Date: Mon, 7 Dec 2020 15:26:54 +0100
Subject: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and
 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
In-Reply-To: <2ecdb67c-b72f-d933-f39d-c2919e77dc69@openssl.org>
References: <SN6PR03MB4061D0D79F4A6478B68E4D41B0F80@SN6PR03MB4061.namprd03.prod.outlook.com>
 <SN6PR03MB4061E3937EB2F637B3F52079B0F10@SN6PR03MB4061.namprd03.prod.outlook.com>
 <2ecdb67c-b72f-d933-f39d-c2919e77dc69@openssl.org>
Message-ID: <0b25d762-5763-43e1-3117-bb162d4375ac@wisemo.com>

On 07/12/2020 12:39, Matt Caswell wrote:
>
> On 04/12/2020 13:28, Narayana, Sunil Kumar wrote:
>> Hi,
>>
>>  ??????????????? We are trying to upgrade our application from openssl
>> usage of 1.0.2 to openssl 3.0, during which we observe following errors.
>>
>> Looks like the below #def been removed from 1.1 onwards, Should
>> application also need to take off from its usage ? or is there any
>> alternative to be used in application ?
> 1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return
> codes are liable to change in these upgrades.
>
>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
> This one was only ever used in the SSLv2 implementation. Since no one
> uses SSLv2 any more and it is considered highly insecure its
> implementation was removed some while ago. So the reason code was also
> deleted.
So what error is returned by SSL3/TLS1.x when the client (erroneously)
offers an empty cipher list?
>> error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope
> This reason code existed in 1.0.2 but was never used by anything.
>
> Matt
>


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


From matt at openssl.org  Mon Dec  7 15:18:33 2020
From: matt at openssl.org (Matt Caswell)
Date: Mon, 7 Dec 2020 15:18:33 +0000
Subject: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and
 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
In-Reply-To: <0b25d762-5763-43e1-3117-bb162d4375ac@wisemo.com>
References: <SN6PR03MB4061D0D79F4A6478B68E4D41B0F80@SN6PR03MB4061.namprd03.prod.outlook.com>
 <SN6PR03MB4061E3937EB2F637B3F52079B0F10@SN6PR03MB4061.namprd03.prod.outlook.com>
 <2ecdb67c-b72f-d933-f39d-c2919e77dc69@openssl.org>
 <0b25d762-5763-43e1-3117-bb162d4375ac@wisemo.com>
Message-ID: <2ee67428-2ea1-73cd-ea78-ee860d8fd6cf@openssl.org>



On 07/12/2020 14:26, Jakob Bohm via openssl-users wrote:
>>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
>> This one was only ever used in the SSLv2 implementation. Since no one
>> uses SSLv2 any more and it is considered highly insecure its
>> implementation was removed some while ago. So the reason code was also
>> deleted.
> So what error is returned by SSL3/TLS1.x when the client (erroneously)
> offers an empty cipher list?

Offering no ciphers at all would actually be a protocol error (since the
RFCs require at least one ciphersuite to be sent). We actually treat it
the same way as if none of the clients offered ciphersuites match with
the server's list. The error in this case is SSL_R_NO_SHARED_CIPHER.

Matt


From madhu.bajpai at rimus-tech.com  Mon Dec  7 18:35:22 2020
From: madhu.bajpai at rimus-tech.com (madhu.bajpai at rimus-tech.com)
Date: Tue, 8 Dec 2020 00:05:22 +0530
Subject: openssl 1.1.1h - Engine API in iOS static lib build
In-Reply-To: <002101d6cc9e$96cdb110$c4691330$@rimus-tech.com>
References: <021701d6cc87$1d9eb580$58dc2080$@rimus-tech.com>
 <002101d6cc9e$96cdb110$c4691330$@rimus-tech.com>
Message-ID: <018e01d6ccc7$bb1b8730$31529590$@rimus-tech.com>

Able to do it by changing Configurations/15-ios.conf. Removed 'engine' from 'disable' list and then ran /config command. 

Regards,
Madhu 

-----Original Message-----
From: madhu.bajpai at rimus-tech.com <madhu.bajpai at rimus-tech.com> 
Sent: Monday, December 7, 2020 7:11 PM
To: openssl-users at openssl.org
Subject: openssl 1.1.1h - Engine API in iOS static lib build

Dear openSSL team,

While migrating from 1.0.2u to 1.1.1x,  found that iOS libcrypto.a does not have engine API like engine_new etc. Tried building openssl with enable-static-engine and enable-engine Configure options but no  success.

Here is the Configure command being use:
./Configure iphoneos-cross enable-static-engine enable-engine --openssldir=<...>

Please suggest what can be done to fix this?

Regards,
Madhu


-- 
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




From orens at nonamesecurity.com  Tue Dec  8 14:15:29 2020
From: orens at nonamesecurity.com (Oren Shpigel)
Date: Tue, 8 Dec 2020 16:15:29 +0200
Subject: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>

Hi,
I generated a PCAP file with TLS session, and I have the matching private
key used by my HTTPS server.
The TLS session is not using DH for key exchange, so it should be possible
to decrypt.
I know OpenSSL can be used to connect to a socket to "actively" handle the
TLS session, but is there a way to "passively" decode and decrypt a session?
How can I "feed" the packets (both directions) into the OpenSSL library?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/09a51f73/attachment.html>

From Matthias.St.Pierre at ncp-e.com  Tue Dec  8 14:32:00 2020
From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre)
Date: Tue, 8 Dec 2020 14:32:00 +0000
Subject: Use OpenSSL to decrypt TLS session from PCAP files
In-Reply-To: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>
References: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>
Message-ID: <0ec98f1e7d4f4929bc1be65cc1f5c04d@ncp-e.com>

Do you need to integrate the decryption into your own software, or are you just looking for a possibility to monitor and view the traffic?
If it?s the latter, try and take a look at the SSL decryption support that Wireshark provides.

https://wiki.wireshark.org/TLS
https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/


hth,
Matthias

Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I can?t tell how up-to-date it is, in particular whether it is TLS 1.3 ready.

From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Oren Shpigel
Sent: Tuesday, December 8, 2020 3:15 PM
To: openssl-users at openssl.org
Subject: Use OpenSSL to decrypt TLS session from PCAP files

Hi,
I generated a PCAP file with TLS session, and I have the matching private key used by my HTTPS server.
The TLS session is not using DH for key exchange, so it should be possible to decrypt.
I know OpenSSL can be used to connect to a socket to "actively" handle the TLS session, but is there a way to "passively" decode and decrypt a session?
How can I "feed" the packets (both directions) into the OpenSSL library?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/736d85fd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/736d85fd/attachment-0001.bin>

From openssl at openssl.org  Tue Dec  8 15:01:33 2020
From: openssl at openssl.org (OpenSSL)
Date: Tue, 8 Dec 2020 15:01:33 +0000
Subject: OpenSSL version 1.1.1i published
Message-ID: <20201208150133.GA23749@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


   OpenSSL version 1.1.1i released
   ===============================

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1i of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

        https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1i is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

     * https://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.1.1i.tar.gz
      Size: 9808346
      SHA1 checksum: eb684ba4ed31fe2c48062aead75233ecd36882a6
      SHA256 checksum: e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242

   The checksums were calculated using the following commands:

    openssl sha1 openssl-1.1.1i.tar.gz
    openssl sha256 openssl-1.1.1i.tar.gz

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/PfcIACgkQ2cTSbQ5g
RJGTdAgAg4vCZBf6Ugf0JojEHlqfxvdYTDPaz7C8vT4KFOsXW7vYr7Flc0O7rgfH
hL/N25f8Ao4AlX1mtlq5whR6adf3dA3Ny3T5r8WNXy8a2GdC/AH7zSVI1+0yQ3L8
C1ohbRYUHgP9o6DjjSBylSgJzmwSK7CfBFbiq4MX/FeEqon+fy8Er5LMW7Cor2Tq
07a5532Gb67zuRPu/U5D6fFsXBDvzeDsT/c9ZMt0eImvmpU6wJNqALC+I0qI/pKY
AY6FmljuYM3gr1aWbuCeyMbcGutRCFOLGrNl/VpQZFM5m7Rs6NQsQ+c3O5EICpoU
NKmPlsXfAabUZpEaWKK/4mzXLgMxfw==
=MgEX
-----END PGP SIGNATURE-----

From openssl at openssl.org  Tue Dec  8 15:12:58 2020
From: openssl at openssl.org (OpenSSL)
Date: Tue, 8 Dec 2020 15:12:58 +0000
Subject: OpenSSL Security Advisory
Message-ID: <20201208151258.GA3107@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenSSL Security Advisory [08 December 2020]
============================================

EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
======================================================

Severity: High

The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.

OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
   distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
   authority name (exposed via the API functions TS_RESP_verify_response and
   TS_RESP_verify_token)

If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.

Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.

All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL
releases are out of support and have not been checked.

OpenSSL 1.1.1 users should upgrade to 1.1.1i.

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium
support customers of OpenSSL 1.0.2 should upgrade to 1.0.2x. Other users should
upgrade to OpenSSL 1.1.1i.

This issue was reported to OpenSSL on 9th November 2020 by David Benjamin
(Google). Initial analysis was performed by David Benjamin with additional
analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell.

Note
====

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of this issue on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 1.1.1.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20201208.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/PloEACgkQ2cTSbQ5g
RJERNQf/d8G0r7APrOuxlwOL2j0j4JX5HZoR/ilD1eD6kSj3uZmCbl/DTZgN9uhj
hMN9UTCVdF+NcWlqldwUVLLSq16/P821QLrbqKs4Q6i2NDwHIAU6VCneRZOUIOpl
VOyQ+BJDavvqQ2gNziDK29sjG8JxWUqQ10fdphfrV1vS0Wd1fV1/Kk9I0ba+yv5O
RiIyvbJobCEyNz52JdqbBsKjrSCtPh6qMra3IYm6EDJDnp+T8UpliB3RBIBuIPfU
ALRageyqmE9+J5BFYxbd1Lx37mHXq1PZsSYd6L09Y9Wg5fJLHzWffd74SfJHwRza
xZ/UTvCvkbGUbspT/U4mkuHwHzYXcg==
=41vP
-----END PGP SIGNATURE-----

From orens at nonamesecurity.com  Tue Dec  8 15:28:19 2020
From: orens at nonamesecurity.com (Oren Shpigel)
Date: Tue, 8 Dec 2020 17:28:19 +0200
Subject: Use OpenSSL to decrypt TLS session from PCAP files
In-Reply-To: <0ec98f1e7d4f4929bc1be65cc1f5c04d@ncp-e.com>
References: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>
 <0ec98f1e7d4f4929bc1be65cc1f5c04d@ncp-e.com>
Message-ID: <CA+MvkHo04LcFNkAGawCh1nT_62M+0xXxD2fXuJrZ_v2qR6JrYQ@mail.gmail.com>

Hi, thanks for the answer.

I know wireshark and ssldump have this capability, but I'm looking for a
way to do it in my own software in C++, (using OpenSSL, if possible, but
open to other suggestions as well).

On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre <
Matthias.St.Pierre at ncp-e.com> wrote:

> Do you need to integrate the decryption into your own software, or are
> you just looking for a possibility to monitor and view the traffic?
>
> If it?s the latter, try and take a look at the SSL decryption support that
> Wireshark provides.
>
>
>
> https://wiki.wireshark.org/TLS
>
> https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/
>
>
>
>
>
> hth,
>
> Matthias
>
>
>
> Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I can?t
> tell how up-to-date it is, in particular whether it is TLS 1.3 ready.
>
>
>
>
>
> *[image: NCP engingeering GmbH]* *Dr. Matthias St. Pierre*
>
> Senior Software Engineer
> matthias.st.pierre at ncp-e.com
> Phone: +49 911 9968-0
> www.ncp-e.com
>
>
> * Follow us on:* Facebook <https://www.facebook.com/NCPengineering> |
> Twitter <https://twitter.com/NCP_engineering> | Xing
> <https://www.xing.com/companies/ncpengineeringgmbh> | YouTube
> <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn
> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>
>
> *Headquarters Germany: *NCP engineering GmbH ? Dombuehler Str. 2 ? 90449
> ? Nuremberg
> *North American HQ:* NCP engineering Inc. ? 601 Cleveland Str., Suite
> 501-25 ? Clearwater, FL 33755
>
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
> Dietrich
> Registry Court: Lower District Court of Nuremberg
> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE
> 133557619
>
> This e-mail message including any attachments is for the sole use of the
> intended recipient(s) and may contain privileged or confidential
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please immediately
> contact the sender by reply e-mail and delete the original message and
> destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>
> *From**:* openssl-users <openssl-users-bounces at openssl.org> *On Behalf Of
> *Oren Shpigel
> *Sent:* Tuesday, December 8, 2020 3:15 PM
> *To:* openssl-users at openssl.org
> *Subject:* Use OpenSSL to decrypt TLS session from PCAP files
>
>
>
> Hi,
>
> I generated a PCAP file with TLS session, and I have the matching private
> key used by my HTTPS server.
> The TLS session is not using DH for key exchange, so it should be possible
> to decrypt.
> I know OpenSSL can be used to connect to a socket to "actively" handle the
> TLS session, but is there a way to "passively" decode and decrypt a session?
> How can I "feed" the packets (both directions) into the OpenSSL library?
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/2cba2004/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCP_logo_2f45208a-c14d-4000-bcd3-1ab400c0e48c.gif
Type: image/gif
Size: 2815 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/2cba2004/attachment-0001.gif>

From matt at openssl.org  Tue Dec  8 15:46:00 2020
From: matt at openssl.org (Matt Caswell)
Date: Tue, 8 Dec 2020 15:46:00 +0000
Subject: Use OpenSSL to decrypt TLS session from PCAP files
In-Reply-To: <CA+MvkHo04LcFNkAGawCh1nT_62M+0xXxD2fXuJrZ_v2qR6JrYQ@mail.gmail.com>
References: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>
 <0ec98f1e7d4f4929bc1be65cc1f5c04d@ncp-e.com>
 <CA+MvkHo04LcFNkAGawCh1nT_62M+0xXxD2fXuJrZ_v2qR6JrYQ@mail.gmail.com>
Message-ID: <8f9c7ad4-f3cb-38a1-0968-61833bb77462@openssl.org>



On 08/12/2020 15:28, Oren Shpigel wrote:
> Hi, thanks for the answer.
> 
> I know wireshark and ssldump have this capability, but I'm looking for a
> way to do it in my own software in C++, (using OpenSSL, if possible, but
> open to other suggestions as well).

Unfortunately OpenSSL does not support this capability. It obviously
supports all the required low-level crypto primitives to do it - but you
would have to put them together yourself, as well as do all the packet
parsing, etc. This would be ... difficult. :-)

Matt


> 
> On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre
> <Matthias.St.Pierre at ncp-e.com <mailto:Matthias.St.Pierre at ncp-e.com>> wrote:
> 
>     Do you need to integrate the decryption into your own software, or
>     are you just looking for a possibility to monitor and view the
>     traffic?____
> 
>     If it?s the latter, try and take a look at the SSL decryption
>     support that Wireshark provides. ____
> 
>     __?__
> 
>     https://wiki.wireshark.org/TLS____
> 
>     https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____
> 
>     __?__
> 
>     __?__
> 
>     hth,____
> 
>     Matthias____
> 
>     __?__
> 
>     Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I
>     can?t tell how up-to-date it is, in particular whether it is TLS 1.3
>     ready.____
> 
>     __?__
> 
>     ?
> 
>     *NCP engingeering GmbH* 	** 	*Dr. Matthias St. Pierre*
> 
>     Senior Software Engineer
>     matthias.st.pierre at ncp-e.com <mailto:matthias.st.pierre at ncp-e.com>
>     Phone: +49 911 9968-0
>     www.ncp-e.com <http://www.ncp-e.com>
> 
>     *
>     Follow us on:*?Facebook <https://www.facebook.com/NCPengineering> |
>     Twitter <https://twitter.com/NCP_engineering>?| Xing
>     <https://www.xing.com/companies/ncpengineeringgmbh>?| YouTube
>     <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn
>     <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>
> 
>     *Headquarters Germany: *NCP engineering GmbH ? Dombuehler Str. 2 ?
>     90449 ? Nuremberg
>     *North American HQ:* NCP engineering Inc. ? 601 Cleveland Str.,
>     Suite 501-25 ? Clearwater, FL 33755
> 
>     Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
>     Dietrich
>     Registry Court: Lower District Court of Nuremberg
>     Commercial register No.: HRB 7786 Nuremberg, VAT identification No.:
>     DE 133557619
> 
>     This e-mail message including any attachments is for the sole use of
>     the intended recipient(s) and may contain privileged or confidential
>     information. Any unauthorized review, use, disclosure or
>     distribution is prohibited. If you are not the intended recipient,
>     please immediately contact the sender by reply e-mail and delete the
>     original message and destroy all copies thereof.
> 
>     <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen><https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
> 
> 
>     *From**:*openssl-users <openssl-users-bounces at openssl.org
>     <mailto:openssl-users-bounces at openssl.org>> *On Behalf Of *Oren Shpigel
>     *Sent:* Tuesday, December 8, 2020 3:15 PM
>     *To:* openssl-users at openssl.org <mailto:openssl-users at openssl.org>
>     *Subject:* Use OpenSSL to decrypt TLS session from PCAP files____
> 
>     __?__
> 
>     Hi,?____
> 
>     I generated a PCAP file with TLS session, and I have the matching
>     private key used by my HTTPS server.
>     The TLS session is not using DH for key exchange, so it should be
>     possible to decrypt.
>     I know OpenSSL can be used to connect to a socket to "actively"
>     handle the TLS session, but is there a way to "passively" decode and
>     decrypt a session?
>     How can I "feed" the packets (both directions) into the OpenSSL
>     library?____
> 
>     Thanks!____
> 

From jhb at FreeBSD.org  Tue Dec  8 17:17:54 2020
From: jhb at FreeBSD.org (John Baldwin)
Date: Tue, 8 Dec 2020 09:17:54 -0800
Subject: Use OpenSSL to decrypt TLS session from PCAP files
In-Reply-To: <8f9c7ad4-f3cb-38a1-0968-61833bb77462@openssl.org>
References: <CA+MvkHrhFQ-6E0zur_ha=hsBvdZGAUtDTCYQG72hs2ii4q35Rw@mail.gmail.com>
 <0ec98f1e7d4f4929bc1be65cc1f5c04d@ncp-e.com>
 <CA+MvkHo04LcFNkAGawCh1nT_62M+0xXxD2fXuJrZ_v2qR6JrYQ@mail.gmail.com>
 <8f9c7ad4-f3cb-38a1-0968-61833bb77462@openssl.org>
Message-ID: <a13039b5-4e75-543a-fbcf-bcf7caf1c3d0@FreeBSD.org>

On 12/8/20 7:46 AM, Matt Caswell wrote:
> 
> 
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
> 
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)

You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though?  You are still stuck with
writing your own TCP stack (effectively)?  I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).

-- 
John Baldwin

From sanarayana at rbbn.com  Tue Dec  8 17:43:47 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Tue, 8 Dec 2020 17:43:47 +0000
Subject: DH_generate_key
Message-ID: <SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0@SN6PR03MB4061.namprd03.prod.outlook.com>

Dear openssl team,

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>  & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API's should we use to generate pub/priv keys ?

Application code

    dh = DH_new();
    dh->p = BN_bin2bn(modSize, octet_len, NULL);
    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

    if ( ! DH_generate_key(dh) )
    {
        return FAILURE;
    }
    n = (unsigned) BN_num_bytes(dh->pub_key);

    BN_bn2bin(dh->pub_key, p);
    n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?

//create ctx
Ctx = EVP_PKEY_CTX_new_from_name (NULL, "DM", NULL);
EVP_PKEY_derive_init (ctx)


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment.html>

From dnsands at sandia.gov  Tue Dec  8 20:30:22 2020
From: dnsands at sandia.gov (Sands, Daniel)
Date: Tue, 8 Dec 2020 20:30:22 +0000
Subject: DH_generate_key
Message-ID: <0223126022f1463f903459929b4902c6@ES08AMSNLNT.srn.sandia.gov>

Dear openssl team,

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>  & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API?s should we use to generate pub/priv keys ?

Application code

    dh = DH_new();
    dh->p = BN_bin2bn(modSize, octet_len, NULL);
    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

    if ( ! DH_generate_key(dh) )
    {
        return FAILURE;
    }
    n = (unsigned) BN_num_bytes(dh->pub_key);

    BN_bn2bin(dh->pub_key, p);
    n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes.  Seems better since you don?t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret.  See apps/speed.c in the OSSL3 source code for an example.  Look for the text EVP_PKEY_DH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment-0001.html>

From craig at tas-solutions.co.uk  Wed Dec  9 11:35:46 2020
From: craig at tas-solutions.co.uk (Craig Henry)
Date: Wed, 9 Dec 2020 20:35:46 +0900
Subject: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first
 post please be kind!)
Message-ID: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>

Hi,

This is my first post to this list so please be kind!

Environment - Linux Centos
SSL - 1.0.2k19-el7

Connection - CURL (via PHP) with public / private key auth + http basic auth

We're having an issue where we are seeing intermittent behavior connecting
to a 3rd party of the key being rejected with a 8152 error - "The key does
not support the requested operation". Other times it works OK.

We have another user who is using this 3rd party and same connection type
but not reported this issue.

Has anyone got any clue as to what might be causing this type of
intermittent connection issue ?

The CURL logs are below but altered for privacy reasons.

Thanks



-Craig







*Key blocked response*

* About to connect() to XXXXXXXX <http://www.ipg-online.com> port 443 (#96)
*   Trying XXXXXX
* Connected to XXXXXX (XXXXXXXXX) port 443 (#96)
*   CAfile: /XXXXX_tlstrust.pem
<http://tpapi.topicplus.co.uk/public_html/docs/../includes/servers/firstData/WS1110275290_tlstrust.pem>
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=XXXXXXX <http://www.ipg-online.com>
,O=XXXXXXXX,L=Atlanta,ST=Georgia,C=US
* start date: Jun 17 00:00:00 2020 GMT
* expire date: Jun 18 12:00:00 2022 GMT
* common name: XXXXXXXX <http://www.ipg-online.com>
* issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
* Server auth using Basic with user 'XXXXXXXX'
> POST /XXXXXX/services HTTP/1.1
Authorization: Basic XXXXXXXXX
Host: XXXXXXXX <http://www.ipg-online.com>
Accept: */*
Content-Type:text/xml
Content-Length: 1019

* upload completely sent off: 1019 out of 1019 bytes
* NSS: client certificate from file
* subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX,C=DE
* start date: Dec 03 10:01:35 2020 GMT
* expire date: Dec 01 10:01:35 2030 GMT
* common name: xxxxxxxx
* issuer: CN=XXXXXX <http://prod.ipg-online.com>,O=XXXXXXXX GmbH,L=Bad
Vilbel,ST=Hessen,C=DE
* SSL read: errno -8152 (SEC_ERROR_INVALID_KEY)
* The key does not support the requested operation.
* Closing connection 96


*Successful response*

* About to connect() to XXXXXXXXXX port 443 (#81)
*   Trying xxxxxxx...
* Connected to XXXXXXXX <http://www.ipg-online.com> (XXXXXX) port 443 (#81)
*   CAfile: /XXXXXXXXX
<http://tpapi.topicplus.co.uk/public_html/docs/../includes/servers/firstData/WS1110275290_tlstrust.pem>
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=www.xxxxxxxxxxxx <http://www.ipg-online.com>
,O=XXXXXXn,L=Atlanta,ST=Georgia,C=US
* start date: Jun 17 00:00:00 2020 GMT
* expire date: Jun 18 12:00:00 2022 GMT
* common name: XXXXXXXXXXXXXXX
* issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
* Server auth using Basic with user 'XXXXXXXXX'
> POST /XXXXX/services HTTP/1.1
Authorization: Basic xxxxxxxx
Host: XXXXXXXXX <http://www.ipg-online.com>
Accept: */*
Content-Type:text/xml
Content-Length: 1019

* upload completely sent off: 1019 out of 1019 bytes
* NSS: client certificate from file
* subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX Ltd,C=DE
* start date: Dec 03 10:01:35 2020 GMT
* expire date: Dec 01 10:01:35 2030 GMT
* common name:XXXXXXXXX
* issuer: CN=XXXXXXXXX <http://prod.ipg-online.com>,O=XXXXXXXXXXXX,L=Bad
Vilbel,ST=Hessen,C=DE
< HTTP/1.1 500
< Date: Tue, 08 Dec 2020 13:42:26 GMT
< Server: Apache
< Strict-Transport-Security: max-age=63072000; includeSubdomains
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: default-src 'self' *.googleapis.com *.klarna.com
*.masterpass.com *.mastercard.com *.npci.org.in 'unsafe-eval'
'unsafe-inline'; frame-ancestors 'self'
< X-Application-Context: application:spring-boot,node-global,node-api:8843
< Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
< SOAPAction: ""
< Expires: 0
< Content-Type: text/xml;charset=utf-8
< Content-Length: 1481
< Set-Cookie: JSESSIONID=8778DF260AA5C9E0AAB3E1E4C572453D.ipg_api_k8s;
Path=/XXXXX; Secure; HttpOnly;HttpOnly;Secure;SameSite=Lax
< Connection: close
<
* Closing connection 81





*Development Team*

*tassolutions <http://www.tas-solutions.co.uk/>*
the attic | south suite | fullbridge mill | maldon | essex | cm9 4le | UK

*tel:*   +44 (0)1621 857785 <+44%201621%20857785>  - *www.tas-solutions.co.uk
<http://www.tas-solutions.co.uk/>*

*Our business | support hours are Monday - Friday 9.00am to 5.30pm*

Offices are closed on all UK Bank Holidays.

Support outside these hours can be arranged on request.

<https://twitter.com/tassolutions>
<https://www.linkedin.com/company/tas-solutions>
<https://www.aito.com/aito-information/aito-business-partners>

This E-mail and any attachments contain confidential and proprietary
information of TAS Solutions Ltd and are intended only for the use of the
person/s to whom it is addressed. If you have received this E-mail in error
please immediately notify support by telephone on +44 (0)1621 857785
<+44%201621%20857785>. Although this e-mail and any attachments are
believed to be free of any virus, or other defect which might affect any
computer or system into which they are received and opened, internet
communications cannot be guaranteed to be secure or error-free and
therefore it is the responsibility of the recipient to ensure that they are
virus free. The sender therefore does not accept liability for any loss or
damage from receipt or use thereof which arises as a result of internet
transmission. Any views/opinions expressed within this e-mail and any
attachments are that of the individual and not necessarily that of TAS
Solutions Ltd.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/11427bda/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 5754 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/11427bda/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 6713 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/11427bda/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 9974 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/11427bda/attachment-0005.png>

From dfulger at gmx.com  Wed Dec  9 12:24:03 2020
From: dfulger at gmx.com (Dan Fulger)
Date: Wed, 9 Dec 2020 13:24:03 +0100
Subject: An idiosyncratic port of OpenSSL 1.1.1i to OS/400 ILE
Message-ID: <trinity-2249c390-32c7-424a-b89f-87f0c319ecc2-1607516642983@3c-app-mailcom-bs09>


This port is for ILE (native OS/400)?not PASE (PASE is almost like Unix, and already comes with OpenSSL).
?
The idiosyncrasies are explained in the README.as400 file in AS400patch.tar.gz.
?
AS400patch.tar.gz (large patch for OpenSSL and other files):
https://drive.google.com/file/d/1Rqa7JUffkSBQavnbcIZPxAEc1ayLid4G/view?usp=sharing
?
AS400_GNU.tar.gz (source for GNU/IBM tools required to build OpenSSL in ILE environment):
https://drive.google.com/open?id=1DeKIE32nmUpvk7fvrcSYlflUn_k1CBso[https://drive.google.com/open?id=1DeKIE32nmUpvk7fvrcSYlflUn_k1CBso]

From tmraz at redhat.com  Wed Dec  9 12:47:26 2020
From: tmraz at redhat.com (Tomas Mraz)
Date: Wed, 09 Dec 2020 13:47:26 +0100
Subject: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error
 (first post please be kind!)
In-Reply-To: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
References: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
Message-ID: <128e1e59d90ec678f3c75f5ae4949ea47fe0f2f3.camel@redhat.com>

Hi,

curl on RHEL-7 and Centos 7 uses NSS and not OpenSSL as the TLS
backend. So this is unfortunately a wrong mailing list to ask.

Tomas Mraz

On Wed, 2020-12-09 at 20:35 +0900, Craig Henry wrote:
> Hi,
> 
> This is my first post to this list so please be kind!
> 
> Environment - Linux Centos 
> SSL - 1.0.2k19-el7
> 
> Connection - CURL (via PHP) with public / private key auth + http
> basic auth
> 
> We're having an issue where we are seeing intermittent behavior
> connecting to a 3rd party of the key being rejected with a 8152 error
> - "The key does not support the requested operation". Other times it
> works OK. 
> 
> We have another user who is using this 3rd party and same connection
> type but not reported this issue. 
> 
> Has anyone got any clue as to what might be causing this type of
> intermittent connection issue ?
> 
> The CURL logs are below but altered for privacy reasons. 
> 
> Thanks
> 
> 
> 
> -Craig
> 
> 
> 
> 
> 
> 
> 
> Key blocked response
> 
> * About to connect() to XXXXXXXX port 443 (#96)
> *   Trying XXXXXX
> * Connected to XXXXXX (XXXXXXXXX) port 443 (#96)
> *   CAfile: /XXXXX_tlstrust.pem
>   CApath: none
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> * subject: CN=XXXXXXX,O=XXXXXXXX,L=Atlanta,ST=Georgia,C=US
> * start date: Jun 17 00:00:00 2020 GMT
> * expire date: Jun 18 12:00:00 2022 GMT
> * common name: XXXXXXXX
> * issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
> * Server auth using Basic with user 'XXXXXXXX'
> > POST /XXXXXX/services HTTP/1.1
> Authorization: Basic XXXXXXXXX
> Host: XXXXXXXX
> Accept: */*
> Content-Type:text/xml
> Content-Length: 1019
> 
> * upload completely sent off: 1019 out of 1019 bytes
> * NSS: client certificate from file
> * subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX,C=DE
> * start date: Dec 03 10:01:35 2020 GMT
> * expire date: Dec 01 10:01:35 2030 GMT
> * common name: xxxxxxxx
> * issuer: CN=XXXXXX,O=XXXXXXXX GmbH,L=Bad Vilbel,ST=Hessen,C=DE
> * SSL read: errno -8152 (SEC_ERROR_INVALID_KEY)
> * The key does not support the requested operation.
> * Closing connection 96
> 
> 
> Successful response
> 
> * About to connect() to XXXXXXXXXX port 443 (#81)
> *   Trying xxxxxxx...
> * Connected to XXXXXXXX (XXXXXX) port 443 (#81)
> *   CAfile: /XXXXXXXXX
>   CApath: none
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> * subject: CN=www.xxxxxxxxxxxx,O=XXXXXXn,L=Atlanta,ST=Georgia,C=US
> * start date: Jun 17 00:00:00 2020 GMT
> * expire date: Jun 18 12:00:00 2022 GMT
> * common name: XXXXXXXXXXXXXXX
> * issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
> * Server auth using Basic with user 'XXXXXXXXX'
> > POST /XXXXX/services HTTP/1.1
> Authorization: Basic xxxxxxxx
> Host: XXXXXXXXX
> Accept: */*
> Content-Type:text/xml
> Content-Length: 1019
> 
> * upload completely sent off: 1019 out of 1019 bytes
> * NSS: client certificate from file
> * subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX Ltd,C=DE
> * start date: Dec 03 10:01:35 2020 GMT
> * expire date: Dec 01 10:01:35 2030 GMT
> * common name:XXXXXXXXX
> * issuer: CN=XXXXXXXXX,O=XXXXXXXXXXXX,L=Bad Vilbel,ST=Hessen,C=DE
> < HTTP/1.1 500 
> < Date: Tue, 08 Dec 2020 13:42:26 GMT
> < Server: Apache
> < Strict-Transport-Security: max-age=63072000; includeSubdomains
> < X-XSS-Protection: 1; mode=block
> < X-Content-Type-Options: nosniff
> < Cache-Control: no-cache, no-store, must-revalidate
> < Pragma: no-cache
> < X-Frame-Options: SAMEORIGIN
> < Content-Security-Policy: default-src 'self' *.googleapis.com
> *.klarna.com *.masterpass.com *.mastercard.com *.npci.org.in 'unsafe-
> eval' 'unsafe-inline'; frame-ancestors 'self'
> < X-Application-Context: application:spring-boot,node-global,node-
> api:8843
> < Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*;
> q=.2
> < SOAPAction: ""
> < Expires: 0
> < Content-Type: text/xml;charset=utf-8
> < Content-Length: 1481
> < Set-Cookie:
> JSESSIONID=8778DF260AA5C9E0AAB3E1E4C572453D.ipg_api_k8s; Path=/XXXXX;
> Secure; HttpOnly;HttpOnly;Secure;SameSite=Lax
> < Connection: close
> < 
> * Closing connection 81
> 
> 
> 
> 
> 
> Development Team
> 
> tassolutions
> the attic | south suite | fullbridge mill | maldon | essex | cm9 4le
> | UK
> 
> tel:   +44 (0)1621 857785  - www.tas-solutions.co.uk
> 
> Our business | support hours are Monday - Friday 9.00am to 5.30pm
> 
> Offices are closed on all UK Bank Holidays.
> 
> Support outside these hours can be arranged on request.
> 
>            
> 
> This E-mail and any attachments contain confidential and proprietary
> information of TAS Solutions Ltd and are intended only for the use of
> the person/s to whom it is addressed. If you have received this E-
> mail in error please immediately notify support by telephone on +44
> (0)1621 857785. Although this e-mail and any attachments are believed
> to be free of any virus, or other defect which might affect any
> computer or system into which they are received and opened, internet
> communications cannot be guaranteed to be secure or error-free and
> therefore it is the responsibility of the recipient to ensure that
> they are virus free. The sender therefore does not accept liability
> for any loss or damage from receipt or use thereof which arises as a
> result of internet transmission. Any views/opinions expressed within
> this e-mail and any attachments are that of the individual and not
> necessarily that of TAS Solutions Ltd.
-- 
Tom?? Mr?z
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]



From matt at openssl.org  Wed Dec  9 13:42:07 2020
From: matt at openssl.org (Matt Caswell)
Date: Wed, 9 Dec 2020 13:42:07 +0000
Subject: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error
 (first post please be kind!)
In-Reply-To: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
References: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
Message-ID: <02d5dfef-977e-7207-092a-cc431253bd8d@openssl.org>



On 09/12/2020 11:35, Craig Henry wrote:
> Hi,
> 
> This is my first post to this list so please be kind!
> 
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
> 
> Connection - CURL (via PHP) with public / private key auth + http basic auth
> 
> We're having an issue where we are seeing intermittent behavior
> connecting to a 3rd party of the key being rejected with a 8152 error -
> "The key does not support the requested operation". Other times it works
> OK.

That error does not come from OpenSSL. It appears to be an NSS error. So
I'd suggest asking on an NSS or CURL forum.

Matt



> 
> We have another user who is using this 3rd party and same connection
> type but not reported this issue.
> 
> Has anyone got any clue as to what might be causing this type of
> intermittent connection issue ?
> 
> The CURL logs are below but altered for privacy reasons.
> 
> Thanks
> 
> 
> 
> -Craig
> 
> 
> 
> 
> 
> 
> 
> *Key blocked response*
> 
> * About to connect() to XXXXXXXX<http://www.ipg-online.com> port 443 (#96)
> * ? Trying XXXXXX
> * Connected to XXXXXX (XXXXXXXXX) port 443 (#96)
> * ? CAfile: /XXXXX_tlstrust.pem
> <http://tpapi.topicplus.co.uk/public_html/docs/../includes/servers/firstData/WS1110275290_tlstrust.pem>
> ? CApath: none
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> * subject: CN=XXXXXXX
> <http://www.ipg-online.com>,O=XXXXXXXX,L=Atlanta,ST=Georgia,C=US
> * start date: Jun 17 00:00:00 2020 GMT
> * expire date: Jun 18 12:00:00 2022 GMT
> * common name: XXXXXXXX <http://www.ipg-online.com>
> * issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
> * Server auth using Basic with user 'XXXXXXXX'
>> POST /XXXXXX/services HTTP/1.1
> Authorization: Basic XXXXXXXXX
> Host: XXXXXXXX <http://www.ipg-online.com>
> Accept: */*
> Content-Type:text/xml
> Content-Length: 1019
> 
> * upload completely sent off: 1019 out of 1019 bytes
> * NSS: client certificate from file
> * subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX,C=DE
> * start date: Dec 03 10:01:35 2020 GMT
> * expire date: Dec 01 10:01:35 2030 GMT
> * common name: xxxxxxxx
> * issuer: CN=XXXXXX <http://prod.ipg-online.com>,O=XXXXXXXX GmbH,L=Bad
> Vilbel,ST=Hessen,C=DE
> * SSL read: errno -8152 (SEC_ERROR_INVALID_KEY)
> * The key does not support the requested operation.
> * Closing connection 96
> 
> 
> *Successful response*
> 
> * About to connect() to XXXXXXXXXX port 443 (#81)
> * ? Trying xxxxxxx...
> * Connected to XXXXXXXX <http://www.ipg-online.com> (XXXXXX) port 443 (#81)
> * ? CAfile:
> /XXXXXXXXX<http://tpapi.topicplus.co.uk/public_html/docs/../includes/servers/firstData/WS1110275290_tlstrust.pem>
> ? CApath: none
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> * subject: CN=www.xxxxxxxxxxxx
> <http://www.ipg-online.com>,O=XXXXXXn,L=Atlanta,ST=Georgia,C=US
> * start date: Jun 17 00:00:00 2020 GMT
> * expire date: Jun 18 12:00:00 2022 GMT
> * common name: XXXXXXXXXXXXXXX
> * issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US
> * Server auth using Basic with user 'XXXXXXXXX'
>> POST /XXXXX/services HTTP/1.1
> Authorization: Basic xxxxxxxx
> Host: XXXXXXXXX <http://www.ipg-online.com>
> Accept: */*
> Content-Type:text/xml
> Content-Length: 1019
> 
> * upload completely sent off: 1019 out of 1019 bytes
> * NSS: client certificate from file
> * subject: CN=XXXXXXXX,OU=Buntingford,O=XXXXXXXXXX Ltd,C=DE
> * start date: Dec 03 10:01:35 2020 GMT
> * expire date: Dec 01 10:01:35 2030 GMT
> * common name:XXXXXXXXX
> * issuer: CN=XXXXXXXXX <http://prod.ipg-online.com>,O=XXXXXXXXXXXX,L=Bad
> Vilbel,ST=Hessen,C=DE
> < HTTP/1.1 500
> < Date: Tue, 08 Dec 2020 13:42:26 GMT
> < Server: Apache
> < Strict-Transport-Security: max-age=63072000; includeSubdomains
> < X-XSS-Protection: 1; mode=block
> < X-Content-Type-Options: nosniff
> < Cache-Control: no-cache, no-store, must-revalidate
> < Pragma: no-cache
> < X-Frame-Options: SAMEORIGIN
> < Content-Security-Policy: default-src 'self' *.googleapis.com
> <http://googleapis.com> *.klarna.com <http://klarna.com>
> *.masterpass.com <http://masterpass.com> *.mastercard.com
> <http://mastercard.com> *.npci.org.in <http://npci.org.in> 'unsafe-eval'
> 'unsafe-inline'; frame-ancestors 'self'
> < X-Application-Context: application:spring-boot,node-global,node-api:8843
> < Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> < SOAPAction: ""
> < Expires: 0
> < Content-Type: text/xml;charset=utf-8
> < Content-Length: 1481
> < Set-Cookie: JSESSIONID=8778DF260AA5C9E0AAB3E1E4C572453D.ipg_api_k8s;
> Path=/XXXXX; Secure; HttpOnly;HttpOnly;Secure;SameSite=Lax
> < Connection: close
> <
> * Closing connection 81
> 
> 
> 
> 
> 
> *Development Team*
> 
> *tassolutions <http://www.tas-solutions.co.uk/>*
> the attic | south suite | fullbridge mill | maldon | essex | cm9 4le | UK
> 
> *tel:*?? +44 (0)1621 857785 <tel:+44%201621%20857785>? -
> *www.tas-solutions.co.uk <http://www.tas-solutions.co.uk/>*
> 
> *Our business | support hours are Monday - Friday 9.00am to 5.30pm*
> 
> Offices are closed on all UK Bank Holidays.
> 
> Support outside these hours can be arranged on request.
> 
> <https://twitter.com/tassolutions>??????<https://www.linkedin.com/company/tas-solutions>???
> ?<https://www.aito.com/aito-information/aito-business-partners>
> 
> This E-mail and any attachments contain confidential and proprietary
> information of TAS Solutions Ltd and are intended only for the use of
> the person/s to whom it is addressed. If you have received this E-mail
> in error please immediately notify support by telephone on +44 (0)1621
> 857785 <tel:+44%201621%20857785>. Although this e-mail and any
> attachments are believed to be free of any virus, or other defect which
> might affect any computer or system into which they are received and
> opened, internet communications cannot be guaranteed to be secure or
> error-free and therefore it is the responsibility of the recipient to
> ensure that they are virus free. The sender therefore does not accept
> liability for any loss or damage from receipt or use thereof which
> arises as a result of internet transmission. Any views/opinions
> expressed within this e-mail and any attachments are that of the
> individual and not necessarily that of TAS Solutions Ltd.
> 

From bkaduk at akamai.com  Wed Dec  9 14:42:42 2020
From: bkaduk at akamai.com (Benjamin Kaduk)
Date: Wed, 9 Dec 2020 06:42:42 -0800
Subject: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error
 (first post please be kind!)
In-Reply-To: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
References: <CAC1f2-w4t566nJ-+tnuzGSE2G6hDU9FC+NXyTcZC0CnaAn4bCQ@mail.gmail.com>
Message-ID: <20201209144242.GG3918@akamai.com>

Hi Craig,

On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote:
> Hi,
> 
> This is my first post to this list so please be kind!
> 
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
> 
> Connection - CURL (via PHP) with public / private key auth + http basic auth
> 
> We're having an issue where we are seeing intermittent behavior connecting
> to a 3rd party of the key being rejected with a 8152 error - "The key does
> not support the requested operation". Other times it works OK.
> 
> We have another user who is using this 3rd party and same connection type
> but not reported this issue.
> 
> Has anyone got any clue as to what might be causing this type of
> intermittent connection issue ?

As was already noted, this is not an error generated by OpenSSL.
More concretely, RFC 8152 is for CBOR Object Signing and Encryption (COSE), which is not really
related to TLS at all.  I suspect the error is not from NSS or CURL either but
rather from a COSE implementation.

-Ben

From sanarayana at rbbn.com  Wed Dec  9 15:10:38 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Wed, 9 Dec 2020 15:10:38 +0000
Subject: DH_generate_key (Sands, Daniel)
Message-ID: <SN6PR03MB406143EB12D0F93374EAEF43B0CC0@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi,
we could not get the pointer reference to the examples of safe primes or using probable primes which you mentioned (i.e. The man page in section 7 (EVP_PKEY_DH) has examples)
And also we wanted to check the usage of  OSSL_PARAM_construct_xxx.  Appreciate if you can pass on the web link.

Secondly, we referred to the apps/speed.c , and we are not clear on two things.

  1.  What ?ffdh_params? should we use in our application when we call to EVP_PKEY_CTX_set_dh_nid   ( I see  an array of  {"ffdh2048", NID_ffdhe2048, 2048},?.  Been used in the example)
  2.  In our present DH logic, we have public/private keys ( BIGNUM *pub_key,  BIGNUM *priv_key) obtained from DH, how to get pub/priv keys using  EVP_PKEY_new() ?


Regards,
Sunil


From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of openssl-users-request at openssl.org
Sent: 09 December 2020 02:01
To: openssl-users at openssl.org
Subject: openssl-users Digest, Vol 73, Issue 6

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Send openssl-users mailing list submissions to
openssl-users at openssl.org<mailto:openssl-users at openssl.org>

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>
or, via email, send a message with subject or body 'help' to
openssl-users-request at openssl.org<mailto:openssl-users-request at openssl.org>

You can reach the person managing the list at
openssl-users-owner at openssl.org<mailto:openssl-users-owner at openssl.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: Use OpenSSL to decrypt TLS session from PCAP files
(Matt Caswell)
2. Re: Use OpenSSL to decrypt TLS session from PCAP files
(John Baldwin)
3. DH_generate_key (Narayana, Sunil Kumar)
4. RE: DH_generate_key (Sands, Daniel)


----------------------------------------------------------------------

Message: 1
Date: Tue, 8 Dec 2020 15:46:00 +0000
From: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <8f9c7ad4-f3cb-38a1-0968-61833bb77462 at openssl.org<mailto:8f9c7ad4-f3cb-38a1-0968-61833bb77462 at openssl.org>>
Content-Type: text/plain; charset=utf-8



On 08/12/2020 15:28, Oren Shpigel wrote:
> Hi, thanks for the answer.
>
> I know wireshark and ssldump have this capability, but I'm looking for a
> way to do it in my own software in C++, (using OpenSSL, if possible, but
> open to other suggestions as well).

Unfortunately OpenSSL does not support this capability. It obviously
supports all the required low-level crypto primitives to do it - but you
would have to put them together yourself, as well as do all the packet
parsing, etc. This would be ... difficult. :-)

Matt


>
> On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre
> <Matthias.St.Pierre at ncp-e.com <mailto:Matthias.St.Pierre at ncp-e.com<mailto:Matthias.St.Pierre at ncp-e.com%20%3cmailto:Matthias.St.Pierre at ncp-e.com>>> wrote:
>
> Do you need to integrate the decryption into your own software, or
> are you just looking for a possibility to monitor and view the
> traffic?____
>
> If it?s the latter, try and take a look at the SSL decryption
> support that Wireshark provides. ____
>
> __?__
>
> https://wiki.wireshark.org/TLS____<https://wiki.wireshark.org/TLS____>
>
> https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____<https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____>
>
> __?__
>
> __?__
>
> hth,____
>
> Matthias____
>
> __?__
>
> Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I
> can?t tell how up-to-date it is, in particular whether it is TLS 1.3
> ready.____
>
> __?__
>
> ?
>
> *NCP engingeering GmbH* ** *Dr. Matthias St. Pierre*
>
> Senior Software Engineer
> matthias.st.pierre at ncp-e.com<mailto:matthias.st.pierre at ncp-e.com> <mailto:matthias.st.pierre at ncp-e.com>
> Phone: +49 911 9968-0
> www.ncp-e.com<http://www.ncp-e.com> <http://www.ncp-e.com<http://www.ncp-e.com>>
>
> *
> Follow us on:*?Facebook <https://www.facebook.com/NCPengineering<https://www.facebook.com/NCPengineering>> |
> Twitter <https://twitter.com/NCP_engineering<https://twitter.com/NCP_engineering>>?| Xing
> <https://www.xing.com/companies/ncpengineeringgmbh<https://www.xing.com/companies/ncpengineeringgmbh>>?| YouTube
> <https://www.youtube.com/user/NCPengineeringGmbH<https://www.youtube.com/user/NCPengineeringGmbH>> | LinkedIn
> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0<http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>>
>
> *Headquarters Germany: *NCP engineering GmbH ? Dombuehler Str. 2 ?
> 90449 ? Nuremberg
> *North American HQ:* NCP engineering Inc. ? 601 Cleveland Str.,
> Suite 501-25 ? Clearwater, FL 33755
>
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
> Dietrich
> Registry Court: Lower District Court of Nuremberg
> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.:
> DE 133557619
>
> This e-mail message including any attachments is for the sole use of
> the intended recipient(s) and may contain privileged or confidential
> information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient,
> please immediately contact the sender by reply e-mail and delete the
> original message and destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen<https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>><https://www.ncp-e.com/de/aktuelles/events/veranstaltungen<https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>>
>
>
> *From**:*openssl-users <openssl-users-bounces at openssl.org
<mailto:openssl-users-bounces at openssl.org%0b>> <mailto:openssl-users-bounces at openssl.org>> *On Behalf Of *Oren Shpigel
> *Sent:* Tuesday, December 8, 2020 3:15 PM
> *To:* openssl-users at openssl.org<mailto:openssl-users at openssl.org> <mailto:openssl-users at openssl.org>
> *Subject:* Use OpenSSL to decrypt TLS session from PCAP files____
>
> __?__
>
> Hi,?____
>
> I generated a PCAP file with TLS session, and I have the matching
> private key used by my HTTPS server.
> The TLS session is not using DH for key exchange, so it should be
> possible to decrypt.
> I know OpenSSL can be used to connect to a socket to "actively"
> handle the TLS session, but is there a way to "passively" decode and
> decrypt a session?
> How can I "feed" the packets (both directions) into the OpenSSL
> library?____
>
> Thanks!____
>


------------------------------

Message: 2
Date: Tue, 8 Dec 2020 09:17:54 -0800
From: John Baldwin <jhb at FreeBSD.org<mailto:jhb at FreeBSD.org>>
To: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>, openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <a13039b5-4e75-543a-fbcf-bcf7caf1c3d0 at FreeBSD.org<mailto:a13039b5-4e75-543a-fbcf-bcf7caf1c3d0 at FreeBSD.org>>
Content-Type: text/plain; charset=utf-8

On 12/8/20 7:46 AM, Matt Caswell wrote:
>
>
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
>
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)

You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though? You are still stuck with
writing your own TCP stack (effectively)? I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).

--
John Baldwin


------------------------------

Message: 3
Date: Tue, 8 Dec 2020 17:43:47 +0000
From: "Narayana, Sunil Kumar" <sanarayana at rbbn.com<mailto:sanarayana at rbbn.com>>
To: "openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: DH_generate_key
Message-ID:
<SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0 at SN6PR03MB4061.namprd03.prod.outlook.com<mailto:SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0 at SN6PR03MB4061.namprd03.prod.outlook.com>>

Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API's should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?

//create ctx
Ctx = EVP_PKEY_CTX_new_from_name (NULL, "DM", NULL);
EVP_PKEY_derive_init (ctx)


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment-0001.html<https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment-0001.html>>

------------------------------

Message: 4
Date: Tue, 8 Dec 2020 20:30:22 +0000
From: "Sands, Daniel" <dnsands at sandia.gov<mailto:dnsands at sandia.gov>>
To: "openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: RE: DH_generate_key
Message-ID:
<0223126022f1463f903459929b4902c6 at ES08AMSNLNT.srn.sandia.gov<mailto:0223126022f1463f903459929b4902c6 at ES08AMSNLNT.srn.sandia.gov>>
Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API?s should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes. Seems better since you don?t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret. See apps/speed.c in the OSSL3 source code for an example. Look for the text EVP_PKEY_DH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment.html<https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment.html>>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users at openssl.org<mailto:openssl-users at openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>


------------------------------

End of openssl-users Digest, Vol 73, Issue 6
********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/c4847bc2/attachment-0001.html>

From matt at openssl.org  Wed Dec  9 15:31:51 2020
From: matt at openssl.org (Matt Caswell)
Date: Wed, 9 Dec 2020 15:31:51 +0000
Subject: DH_generate_key
In-Reply-To: <SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <72867e9d-4e91-faa0-d329-1f92ed723b0e@openssl.org>



On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:
> Dear openssl team,
> 
> ?
> 
> ??????????????? While migrating from 1.0.2 to 3.0, ?we found that
> DH_generate_key() has be deprecated. And as per the man page, it is
> advised to use EVP_PKEY_derive_init
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>
> ?& EVP_PKEY_derive
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
> 

The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
misleading, because those are replacements for DH_compute_key() not
DH_generate_key().

The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
EVP_PKEY_gen().

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html



> our application creates a new DH and using DH_generate_key()

How do you set up the DH parameters? Do you load them from a file or
generate them in your application? Or some other way? Will it break your
application if you swap to using different parameters, or must you
retain support for the old ones?

The first step is to create an EVP_PKEY object containing the DH
parameters. How to do that depends on the answers to the above questions.


> creates
> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
> 


As noted by Daniel in this response to your question there are examples
on the EVP_PKEY-DH manual page.

https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html

Assuming you have set up the parameters in an EVP_PKEY object
(param_key) then this is the relevant example:


    EVP_PKEY *key = NULL;
    EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

    EVP_PKEY_keygen_init(gctx);
    EVP_PKEY_gen(gctx, &key);
    EVP_PKEY_print_private(bio_out, key, 0, NULL);
    ...
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(gctx);


This gives you a generated DH key in the "key" object.


Matt


> And please suggest what EVP API?s should we use to generate pub/priv keys ?
> 
> ?
> 
> _Application code_
> 
> _?_
> 
> ??? dh = DH_new();
> 
> ??? dh->p = BN_bin2bn(modSize, octet_len, NULL);
> 
> ??? dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);
> 
> ?
> 
> ??? if ( ! DH_generate_key(dh) )
> 
> ??? {
> 
> ??????? return FAILURE;
> 
> ??? }
> 
> ??? n = (unsigned) BN_num_bytes(dh->pub_key);
> 
> ??
> 
> ????BN_bn2bin(dh->pub_key, p);
> 
> ??? n = (unsigned) BN_num_bytes(dh->priv_key);
> 
> ?
> 
> ?
> 
> Instead above logic can we do this ? is derive generated pub/priv keys ?
> 
> ?
> 
> //create ctx
> 
> Ctx = EVP_PKEY_CTX_new_from_name (NULL, ?DM?, NULL);
> 
> EVP_PKEY_derive_init (ctx)
> 
> ?
> 
> ?
> 
> Regards,
> 
> Sunil
> 
> 
> 
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------

From tengicki at autopoll.de  Thu Dec 10 09:39:06 2020
From: tengicki at autopoll.de (Andreas Tengicki)
Date: Thu, 10 Dec 2020 10:39:06 +0100
Subject: creating certificate by code / problems to load via openssl x509
 / pem format
In-Reply-To: <6afcb37d-1381-a449-cf87-9e9b79f6343a@autopoll.de>
References: <6afcb37d-1381-a449-cf87-9e9b79f6343a@autopoll.de>
Message-ID: <009adab4-57a9-4132-f6f5-43d60946faf4@autopoll.de>

The solution was to choice a EVP by signing the certificate

i = X509_sign(x, CApkey, EVP_sha256());

Best regards

 ? Andreas

Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>
> Hello,
>
> your first help in this project, helps much, but now some weeks later, 
> there is a new problem, and I cannot find any tipps via google.
>
> For all the coding a have looked into the openssl examples.
>
> I create a private key per code, the "openssl rsa -in 
> test_privatekey.pem -check" is fine
>
> I create a certificate request per code, "openssl req -text -noout 
> -verify -in test_request.pem" is fine
>
> I create a certifcate via this reqeust and store it with 
> "PEM_write_bio_X509(out, crt);" like the others. (some more code below)
>
> Perhaps there is something wrong, but to detect this, I will use the 
> validation, but it cannot load the certificate to validate it:
>
> >> openssl x509 -in test_certificate.pem -text
> unable to load certificate
> 140180222239872:error:0D07209B:asn1 encoding 
> routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> 140180222239872:error:0D068066:asn1 encoding 
> routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1118:
> 140180222239872:error:0D07803A:asn1 encoding 
> routines:asn1_item_embed_d2i:nested asn1 
> error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> 140180222239872:error:0D08303A:asn1 encoding 
> routines:asn1_template_noexp_d2i:nested asn1 
> error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> 140180222239872:error:0D08303A:asn1 encoding 
> routines:asn1_template_noexp_d2i:nested asn1 
> error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> 140180222239872:error:0D08303A:asn1 encoding 
> routines:asn1_template_noexp_d2i:nested asn1 
> error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 
> lib:../crypto/pem/pem_oth.c:33:
>
> Thanks for any help.
>
> Best regards
>
> ? Andreas
>
> ----
>
> ErrorHandling should be added in a second step, first debug outputs (I 
> have deleted for here) says everything is created
>
> X509* certificate_create(const X509_REQ* req)
> {
> ? //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt 
> -CAkey ca.key -CAcreateserial -out server.crt
>
> ? if ((crt = X509_new()) == NULL);
> ? //xca = load_cert(CAfile, CAformat, "CA Certificate");
> ? BIO *bio = NULL;
> ? bio = BIO_new_file(CAfile, "r");
> ? xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> ? BIO_free(bio);
>
> ? upkey = X509_get0_pubkey(xca);
>
> ? char CAkeyile[] = "ca.key";
> ? int CAkeyformat = 5; //FORMAT_PEM
> ? char passin[] = "xyz";
>
> ? ENGINE *e = NULL;
> ? EVP_PKEY * CApkey = NULL;
> ? //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA 
> Private Key");
> ? bio = BIO_new_file(CAkeyile, "r");
> ? CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> ? BIO_free(bio);
>
> ? EVP_PKEY_copy_parameters(upkey, CApkey);
>
> ? X509_STORE *ctx = NULL;
> ? ctx = X509_STORE_new();
>
> ? X509_STORE_CTX *xsc = NULL;
> ? xsc = X509_STORE_CTX_new();
> ? if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>
> ? ASN1_INTEGER *serialno = NULL;
> ? serialno = ASN1_INTEGER_new();
> ? BIGNUM *btmp = NULL;
> ? btmp = BN_new();
>
> ? # define SERIAL_RAND_BITS??????? 159
> ? if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, 
> BN_RAND_BOTTOM_ANY));
> ? if (!BN_to_ASN1_INTEGER(btmp, serialno));
> ? BN_free(btmp);
>
> X509_STORE_CTX_set_cert(xsc, crt);
> ? X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>
> ? if (!X509_check_private_key(xca, CApkey)) ;
>
> ? if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> ? if (!X509_set_serialNumber(crt, serialno));
>
> ? int days = 365;
> ? if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) == NULL);
>
> ? const char digestname[] = "sha256";
> ? const EVP_MD* md = EVP_get_digestbyname(digestname);
> ? EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> ? EVP_PKEY_CTX *pkctx = NULL;
> ? EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey 
> hier der richtige private Key? sollte eigentlich
> ? int rv = (X509_sign_ctx(crt, mctx) > 0);
> ? EVP_MD_CTX_free(mctx);
>
> ? BIO *out = NULL;
> ? out = BIO_new_file("test_certificate.pem", "w");
> ? PEM_write_bio_X509(out, crt);
> ? BIO_free_all(out);
>
> ? ...some more frees ...
> ? return crt;
> }
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment.html>

From tmraz at redhat.com  Thu Dec 10 10:42:37 2020
From: tmraz at redhat.com (Tomas Mraz)
Date: Thu, 10 Dec 2020 11:42:37 +0100
Subject: creating certificate by code / problems to load via openssl
 x509 / pem format
In-Reply-To: <009adab4-57a9-4132-f6f5-43d60946faf4@autopoll.de>
References: <6afcb37d-1381-a449-cf87-9e9b79f6343a@autopoll.de>
 <009adab4-57a9-4132-f6f5-43d60946faf4@autopoll.de>
Message-ID: <a5196a1bd4dcd8175448e8689d6396231d23097a.camel@redhat.com>

On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote:
> The solution was to choice a EVP by signing the certificate
> 
> i = X509_sign(x, CApkey, EVP_sha256());

I do not really think this was the problem. In the code below you do
not set the notBefore time which is actually indicated by the parsing
errors when you try to load the invalid certificate.

> Best regards
> 
>   Andreas
> 
> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
> > Hello,
> > 
> > your first help in this project, helps much, but now some weeks
> > later, there is a new problem, and I cannot find any tipps via
> > google.
> > 
> > For all the coding a have looked into the openssl examples.
> > 
> > I create a private key per code, the "openssl rsa -in
> > test_privatekey.pem -check" is fine
> > 
> > I create a certificate request per code, "openssl req -text -noout
> > -verify -in test_request.pem" is fine
> > 
> > I create a certifcate via this reqeust and store it with
> > "PEM_write_bio_X509(out, crt);" like the others. (some more code
> > below)
> > 
> > Perhaps there is something wrong, but to detect this, I will use
> > the validation, but it cannot load the certificate to validate it:
> > 
> > >> openssl x509 -in test_certificate.pem -text 
> > unable to load certificate
> > 140180222239872:error:0D07209B:asn1 encoding
> > routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> > 140180222239872:error:0D068066:asn1 encoding
> > routines:asn1_check_tlen:bad object
> > header:../crypto/asn1/tasn_dec.c:1118:
> > 140180222239872:error:0D07803A:asn1 encoding
> > routines:asn1_item_embed_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> > 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> > lib:../crypto/pem/pem_oth.c:33:
> > 
> > 
> > Thanks for any help.
> > 
> > Best regards
> > 
> >   Andreas
> > 
> > ----
> > 
> > ErrorHandling should be added in a second step, first debug outputs
> > (I have deleted for here) says everything is created
> > 
> > X509* certificate_create(const X509_REQ* req)
> > {
> >   //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
> > -CAkey ca.key -CAcreateserial -out server.crt
> > 
> >   if ((crt = X509_new()) == NULL);
> >   //xca = load_cert(CAfile, CAformat, "CA Certificate");
> >   BIO *bio = NULL;
> >   bio = BIO_new_file(CAfile, "r");
> >   xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> >   BIO_free(bio);
> > 
> >   upkey = X509_get0_pubkey(xca);
> > 
> >   char CAkeyile[] = "ca.key";
> >   int CAkeyformat = 5; //FORMAT_PEM
> >   char passin[] = "xyz";
> > 
> >   ENGINE *e = NULL;
> >   EVP_PKEY * CApkey = NULL;
> >   //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
> > Private Key");
> >   bio = BIO_new_file(CAkeyile, "r");
> >   CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> >   BIO_free(bio);
> > 
> >   EVP_PKEY_copy_parameters(upkey, CApkey);
> > 
> >   X509_STORE *ctx = NULL;
> >   ctx = X509_STORE_new();
> > 
> >   X509_STORE_CTX *xsc = NULL;
> >   xsc = X509_STORE_CTX_new();
> >   if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
> > 
> >   ASN1_INTEGER *serialno = NULL;
> >   serialno = ASN1_INTEGER_new();
> >   BIGNUM *btmp = NULL;
> >   btmp = BN_new();
> > 
> >   # define SERIAL_RAND_BITS        159
> >   if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
> > BN_RAND_BOTTOM_ANY));
> >   if (!BN_to_ASN1_INTEGER(btmp, serialno));
> >   BN_free(btmp);
> > 
> >   X509_STORE_CTX_set_cert(xsc, crt);
> >   X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
> > 
> >   if (!X509_check_private_key(xca, CApkey)) ;
> > 
> >   if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> >   if (!X509_set_serialNumber(crt, serialno));
> > 
> >   int days = 365;
> >   if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) ==
> > NULL);
> > 
> >   const char digestname[] = "sha256";
> >   const EVP_MD* md = EVP_get_digestbyname(digestname);
> >   EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> >   EVP_PKEY_CTX *pkctx = NULL;
> >   EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey);  //ist CApkey
> > hier der richtige private Key? sollte eigentlich
> >   int rv = (X509_sign_ctx(crt, mctx) > 0);
> >   EVP_MD_CTX_free(mctx);
> > 
> >   BIO *out = NULL;
> >   out = BIO_new_file("test_certificate.pem", "w");
> >   PEM_write_bio_X509(out, crt);
> >   BIO_free_all(out);
> > 
> >   ...some more frees ...
> >   return crt;
> > }
> > 
-- 
Tom?? Mr?z
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]



From matt at openssl.org  Thu Dec 10 12:16:11 2020
From: matt at openssl.org (Matt Caswell)
Date: Thu, 10 Dec 2020 12:16:11 +0000
Subject: DH_generate_key
In-Reply-To: <72867e9d-4e91-faa0-d329-1f92ed723b0e@openssl.org>
References: <SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0@SN6PR03MB4061.namprd03.prod.outlook.com>
 <72867e9d-4e91-faa0-d329-1f92ed723b0e@openssl.org>
Message-ID: <0d2eb472-d8d8-0272-e992-8e5c37082f0e@openssl.org>



On 09/12/2020 15:31, Matt Caswell wrote:
>> our application creates a new DH and using DH_generate_key()
> 
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
> 
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.

Sunil emailed me directly (off list) and provided some code samples.

So you have some fixed "p" and "g" parameter values defined as static
unsigned char arrays, which you are currently converting to BIGNUMs
using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.

The "g" value is just "2", so in the 3.0 equivalent you don't need to
convert that to a BIGNUM first. Some equivalent code to construct a DH
params object (called "param_key" in the code below) is:


    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
    OSSL_PARAM_BLD *tmpl = NULL;
    OSSL_PARAM *params = NULL;
    EVP_PKEY *param_key = NULL;

    if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
        goto err;

    if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
            || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
        goto err;
 err:
    EVP_PKEY_CTX_free(pctx);
    OSSL_PARAM_BLD_free_params(params);
    OSSL_PARAM_BLD_free(tmpl);


You can then generate the key using the code sample I gave in my
previous email:

    EVP_PKEY *key = NULL;
    EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

    EVP_PKEY_keygen_init(gctx);
    EVP_PKEY_gen(gctx, &key);
    EVP_PKEY_print_private(bio_out, key, 0, NULL);
    ...
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(gctx);



Hope that helps,

Matt

From cosmin.apreutesei at gmail.com  Thu Dec 10 15:14:00 2020
From: cosmin.apreutesei at gmail.com (Cosmin Apreutesei)
Date: Thu, 10 Dec 2020 17:14:00 +0200
Subject: Question about SSL_ERROR_WANT_WRITE
Message-ID: <CAKJdRa=smuu-+H6+X=FLHi9nwWUacQ7RLLhpnLEBXwvGiEmy8w@mail.gmail.com>

Hello,

I have a question regarding SSL_write() and returning SSL_ERROR_WANT_WRITE
from the write callback.

_After_ SSL_write() returns with SSL_ERROR_WANT_WRITE (because my write
callback returned  SSL_ERROR_WANT_WRITE), can I _then_ send the data given
to the calback and then call SSL_write() again (with the same arguments)
and then in the second call to the callback return the number of bytes
written? Is that a supported use of the API? (I'm asking because that's the
only way I can use the API, I can't send the data inside the callback, I
need to send it outside the callback, see below for why).

In other words, is it guaranteed that on that second call to  SSL_write(),
SSL will want to send the exact same data that it tried before when it
failed, and not change its mind about it wants to send? Because
technically, since SSL_ERROR_WANT_WRITE implies that "no data was sent",
the state machine might as well advance and send something different at a
later time (because it received data or something inside expired or
whatever).

----

Why I need this: I'm using IOCP and LuaJIT which means I have two
limitations:

1) Because I'm using a completion API as opposed to a readiness API, I
can't just tell OpenSSL when the socket is writable and let it write to it,
I need to write the data myself.

2) because LuaJIT doesn't allow me to yield from inside a C callback, I
can't do async I/O inside the callback, I can only do it in between calls
to SSL_read()/SSL_write().

Any suggestions appreciated, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/1a36155d/attachment.html>

From sanarayana at rbbn.com  Thu Dec 10 16:14:03 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Thu, 10 Dec 2020 16:14:03 +0000
Subject: DH_generate_key
Message-ID: <BL0PR03MB40528EC6462F1AFA540FC1B6B0CB0@BL0PR03MB4052.namprd03.prod.outlook.com>

Hi Matt,
                Thanks for the code sample. we understood the end to end flow to generate the DH key.
I wanted to understand one more aspect here, In our application we were obtaining two keys (pub_key/ priv_key) from the DH_generate_key() with single values of  dh->p/ dh->g.
But now in 3.0 equivalent, I guess we can get only one key from the p/g params right ? how to get equivalent pub_key / priv_key ? please suggest.


Regards,
Sunil
From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of openssl-users-request at openssl.org
Sent: 10 December 2020 17:46
To: openssl-users at openssl.org
Subject: openssl-users Digest, Vol 73, Issue 9

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Send openssl-users mailing list submissions to
openssl-users at openssl.org<mailto:openssl-users at openssl.org>

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>
or, via email, send a message with subject or body 'help' to
openssl-users-request at openssl.org<mailto:openssl-users-request at openssl.org>

You can reach the person managing the list at
openssl-users-owner at openssl.org<mailto:openssl-users-owner at openssl.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: DH_generate_key (Matt Caswell)
2. Re: creating certificate by code / problems to load via
openssl x509 / pem format (Andreas Tengicki)
3. Re: creating certificate by code / problems to load via
openssl x509 / pem format (Tomas Mraz)
4. Re: DH_generate_key (Matt Caswell)


----------------------------------------------------------------------

Message: 1
Date: Wed, 9 Dec 2020 15:31:51 +0000
From: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>
To: "Narayana, Sunil Kumar" <sanarayana at rbbn.com<mailto:sanarayana at rbbn.com>>,
"openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: Re: DH_generate_key
Message-ID: <72867e9d-4e91-faa0-d329-1f92ed723b0e at openssl.org<mailto:72867e9d-4e91-faa0-d329-1f92ed723b0e at openssl.org>>
Content-Type: text/plain; charset=utf-8



On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:
> Dear openssl team,
>
> ?
>
> ??????????????? While migrating from 1.0.2 to 3.0, ?we found that
> DH_generate_key() has be deprecated. And as per the man page, it is
> advised to use EVP_PKEY_derive_init
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>>
> ?& EVP_PKEY_derive
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>>
>

The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
misleading, because those are replacements for DH_compute_key() not
DH_generate_key().

The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
EVP_PKEY_gen().

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html>



> our application creates a new DH and using DH_generate_key()

How do you set up the DH parameters? Do you load them from a file or
generate them in your application? Or some other way? Will it break your
application if you swap to using different parameters, or must you
retain support for the old ones?

The first step is to create an EVP_PKEY object containing the DH
parameters. How to do that depends on the answers to the above questions.


> creates
> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
>


As noted by Daniel in this response to your question there are examples
on the EVP_PKEY-DH manual page.

https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html<https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html>

Assuming you have set up the parameters in an EVP_PKEY object
(param_key) then this is the relevant example:


EVP_PKEY *key = NULL;
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(gctx);


This gives you a generated DH key in the "key" object.


Matt


> And please suggest what EVP API?s should we use to generate pub/priv keys ?
>
> ?
>
> _Application code_
>
> _?_
>
> ??? dh = DH_new();
>
> ??? dh->p = BN_bin2bn(modSize, octet_len, NULL);
>
> ??? dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);
>
> ?
>
> ??? if ( ! DH_generate_key(dh) )
>
> ??? {
>
> ??????? return FAILURE;
>
> ??? }
>
> ??? n = (unsigned) BN_num_bytes(dh->pub_key);
>
> ??
>
> ????BN_bn2bin(dh->pub_key, p);
>
> ??? n = (unsigned) BN_num_bytes(dh->priv_key);
>
> ?
>
> ?
>
> Instead above logic can we do this ? is derive generated pub/priv keys ?
>
> ?
>
> //create ctx
>
> Ctx = EVP_PKEY_CTX_new_from_name (NULL, ?DM?, NULL);
>
> EVP_PKEY_derive_init (ctx)
>
> ?
>
> ?
>
> Regards,
>
> Sunil
>
>
>
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------


------------------------------

Message: 2
Date: Thu, 10 Dec 2020 10:39:06 +0100
From: Andreas Tengicki <tengicki at autopoll.de<mailto:tengicki at autopoll.de>>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: creating certificate by code / problems to load via
openssl x509 / pem format
Message-ID: <009adab4-57a9-4132-f6f5-43d60946faf4 at autopoll.de<mailto:009adab4-57a9-4132-f6f5-43d60946faf4 at autopoll.de>>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

The solution was to choice a EVP by signing the certificate

i = X509_sign(x, CApkey, EVP_sha256());

Best regards

? Andreas

Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>
> Hello,
>
> your first help in this project, helps much, but now some weeks later,
> there is a new problem, and I cannot find any tipps via google.
>
> For all the coding a have looked into the openssl examples.
>
> I create a private key per code, the "openssl rsa -in
> test_privatekey.pem -check" is fine
>
> I create a certificate request per code, "openssl req -text -noout
> -verify -in test_request.pem" is fine
>
> I create a certifcate via this reqeust and store it with
> "PEM_write_bio_X509(out, crt);" like the others. (some more code below)
>
> Perhaps there is something wrong, but to detect this, I will use the
> validation, but it cannot load the certificate to validate it:
>
> >> openssl x509 -in test_certificate.pem -text
> unable to load certificate
> 140180222239872:error:0D07209B:asn1 encoding
> routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> 140180222239872:error:0D068066:asn1 encoding
> routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1118:
> 140180222239872:error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:../crypto/pem/pem_oth.c:33:
>
> Thanks for any help.
>
> Best regards
>
> ? Andreas
>
> ----
>
> ErrorHandling should be added in a second step, first debug outputs (I
> have deleted for here) says everything is created
>
> X509* certificate_create(const X509_REQ* req)
> {
> ? //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
> -CAkey ca.key -CAcreateserial -out server.crt
>
> ? if ((crt = X509_new()) == NULL);
> ? //xca = load_cert(CAfile, CAformat, "CA Certificate");
> ? BIO *bio = NULL;
> ? bio = BIO_new_file(CAfile, "r");
> ? xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> ? BIO_free(bio);
>
> ? upkey = X509_get0_pubkey(xca);
>
> ? char CAkeyile[] = "ca.key";
> ? int CAkeyformat = 5; //FORMAT_PEM
> ? char passin[] = "xyz";
>
> ? ENGINE *e = NULL;
> ? EVP_PKEY * CApkey = NULL;
> ? //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
> Private Key");
> ? bio = BIO_new_file(CAkeyile, "r");
> ? CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> ? BIO_free(bio);
>
> ? EVP_PKEY_copy_parameters(upkey, CApkey);
>
> ? X509_STORE *ctx = NULL;
> ? ctx = X509_STORE_new();
>
> ? X509_STORE_CTX *xsc = NULL;
> ? xsc = X509_STORE_CTX_new();
> ? if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>
> ? ASN1_INTEGER *serialno = NULL;
> ? serialno = ASN1_INTEGER_new();
> ? BIGNUM *btmp = NULL;
> ? btmp = BN_new();
>
> ? # define SERIAL_RAND_BITS??????? 159
> ? if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
> BN_RAND_BOTTOM_ANY));
> ? if (!BN_to_ASN1_INTEGER(btmp, serialno));
> ? BN_free(btmp);
>
> X509_STORE_CTX_set_cert(xsc, crt);
> ? X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>
> ? if (!X509_check_private_key(xca, CApkey)) ;
>
> ? if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> ? if (!X509_set_serialNumber(crt, serialno));
>
> ? int days = 365;
> ? if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) == NULL);
>
> ? const char digestname[] = "sha256";
> ? const EVP_MD* md = EVP_get_digestbyname(digestname);
> ? EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> ? EVP_PKEY_CTX *pkctx = NULL;
> ? EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
> hier der richtige private Key? sollte eigentlich
> ? int rv = (X509_sign_ctx(crt, mctx) > 0);
> ? EVP_MD_CTX_free(mctx);
>
> ? BIO *out = NULL;
> ? out = BIO_new_file("test_certificate.pem", "w");
> ? PEM_write_bio_X509(out, crt);
> ? BIO_free_all(out);
>
> ? ...some more frees ...
> ? return crt;
> }
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment-0001.html<https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment-0001.html>>

------------------------------

Message: 3
Date: Thu, 10 Dec 2020 11:42:37 +0100
From: Tomas Mraz <tmraz at redhat.com<mailto:tmraz at redhat.com>>
To: Andreas Tengicki <tengicki at autopoll.de<mailto:tengicki at autopoll.de>>, openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: creating certificate by code / problems to load via
openssl x509 / pem format
Message-ID:
<a5196a1bd4dcd8175448e8689d6396231d23097a.camel at redhat.com<mailto:a5196a1bd4dcd8175448e8689d6396231d23097a.camel at redhat.com>>
Content-Type: text/plain; charset="UTF-8"

On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote:
> The solution was to choice a EVP by signing the certificate
>
> i = X509_sign(x, CApkey, EVP_sha256());

I do not really think this was the problem. In the code below you do
not set the notBefore time which is actually indicated by the parsing
errors when you try to load the invalid certificate.

> Best regards
>
> Andreas
>
> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
> > Hello,
> >
> > your first help in this project, helps much, but now some weeks
> > later, there is a new problem, and I cannot find any tipps via
> > google.
> >
> > For all the coding a have looked into the openssl examples.
> >
> > I create a private key per code, the "openssl rsa -in
> > test_privatekey.pem -check" is fine
> >
> > I create a certificate request per code, "openssl req -text -noout
> > -verify -in test_request.pem" is fine
> >
> > I create a certifcate via this reqeust and store it with
> > "PEM_write_bio_X509(out, crt);" like the others. (some more code
> > below)
> >
> > Perhaps there is something wrong, but to detect this, I will use
> > the validation, but it cannot load the certificate to validate it:
> >
> > >> openssl x509 -in test_certificate.pem -text
> > unable to load certificate
> > 140180222239872:error:0D07209B:asn1 encoding
> > routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> > 140180222239872:error:0D068066:asn1 encoding
> > routines:asn1_check_tlen:bad object
> > header:../crypto/asn1/tasn_dec.c:1118:
> > 140180222239872:error:0D07803A:asn1 encoding
> > routines:asn1_item_embed_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> > 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> > lib:../crypto/pem/pem_oth.c:33:
> >
> >
> > Thanks for any help.
> >
> > Best regards
> >
> > Andreas
> >
> > ----
> >
> > ErrorHandling should be added in a second step, first debug outputs
> > (I have deleted for here) says everything is created
> >
> > X509* certificate_create(const X509_REQ* req)
> > {
> > //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
> > -CAkey ca.key -CAcreateserial -out server.crt
> >
> > if ((crt = X509_new()) == NULL);
> > //xca = load_cert(CAfile, CAformat, "CA Certificate");
> > BIO *bio = NULL;
> > bio = BIO_new_file(CAfile, "r");
> > xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> > BIO_free(bio);
> >
> > upkey = X509_get0_pubkey(xca);
> >
> > char CAkeyile[] = "ca.key";
> > int CAkeyformat = 5; //FORMAT_PEM
> > char passin[] = "xyz";
> >
> > ENGINE *e = NULL;
> > EVP_PKEY * CApkey = NULL;
> > //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
> > Private Key");
> > bio = BIO_new_file(CAkeyile, "r");
> > CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> > BIO_free(bio);
> >
> > EVP_PKEY_copy_parameters(upkey, CApkey);
> >
> > X509_STORE *ctx = NULL;
> > ctx = X509_STORE_new();
> >
> > X509_STORE_CTX *xsc = NULL;
> > xsc = X509_STORE_CTX_new();
> > if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
> >
> > ASN1_INTEGER *serialno = NULL;
> > serialno = ASN1_INTEGER_new();
> > BIGNUM *btmp = NULL;
> > btmp = BN_new();
> >
> > # define SERIAL_RAND_BITS 159
> > if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
> > BN_RAND_BOTTOM_ANY));
> > if (!BN_to_ASN1_INTEGER(btmp, serialno));
> > BN_free(btmp);
> >
> > X509_STORE_CTX_set_cert(xsc, crt);
> > X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
> >
> > if (!X509_check_private_key(xca, CApkey)) ;
> >
> > if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> > if (!X509_set_serialNumber(crt, serialno));
> >
> > int days = 365;
> > if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) ==
> > NULL);
> >
> > const char digestname[] = "sha256";
> > const EVP_MD* md = EVP_get_digestbyname(digestname);
> > EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> > EVP_PKEY_CTX *pkctx = NULL;
> > EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
> > hier der richtige private Key? sollte eigentlich
> > int rv = (X509_sign_ctx(crt, mctx) > 0);
> > EVP_MD_CTX_free(mctx);
> >
> > BIO *out = NULL;
> > out = BIO_new_file("test_certificate.pem", "w");
> > PEM_write_bio_X509(out, crt);
> > BIO_free_all(out);
> >
> > ...some more frees ...
> > return crt;
> > }
> >
--
Tom?? Mr?z
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]




------------------------------

Message: 4
Date: Thu, 10 Dec 2020 12:16:11 +0000
From: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>
To: "Narayana, Sunil Kumar" <sanarayana at rbbn.com<mailto:sanarayana at rbbn.com>>,
"openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: Re: DH_generate_key
Message-ID: <0d2eb472-d8d8-0272-e992-8e5c37082f0e at openssl.org<mailto:0d2eb472-d8d8-0272-e992-8e5c37082f0e at openssl.org>>
Content-Type: text/plain; charset=utf-8



On 09/12/2020 15:31, Matt Caswell wrote:
>> our application creates a new DH and using DH_generate_key()
>
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
>
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.

Sunil emailed me directly (off list) and provided some code samples.

So you have some fixed "p" and "g" parameter values defined as static
unsigned char arrays, which you are currently converting to BIGNUMs
using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.

The "g" value is just "2", so in the 3.0 equivalent you don't need to
convert that to a BIGNUM first. Some equivalent code to construct a DH
params object (called "param_key" in the code below) is:


EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
EVP_PKEY *param_key = NULL;

if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
goto err;

if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
goto err;

params = OSSL_PARAM_BLD_to_param(tmpl);
if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
goto err;
err:
EVP_PKEY_CTX_free(pctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(tmpl);


You can then generate the key using the code sample I gave in my
previous email:

EVP_PKEY *key = NULL;
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(gctx);



Hope that helps,

Matt


------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users at openssl.org<mailto:openssl-users at openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>


------------------------------

End of openssl-users Digest, Vol 73, Issue 9
********************************************


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/8a336b83/attachment-0001.html>

From matt at openssl.org  Thu Dec 10 17:26:15 2020
From: matt at openssl.org (Matt Caswell)
Date: Thu, 10 Dec 2020 17:26:15 +0000
Subject: DH_generate_key
In-Reply-To: <BL0PR03MB40528EC6462F1AFA540FC1B6B0CB0@BL0PR03MB4052.namprd03.prod.outlook.com>
References: <BL0PR03MB40528EC6462F1AFA540FC1B6B0CB0@BL0PR03MB4052.namprd03.prod.outlook.com>
Message-ID: <2616d836-4658-2607-168a-3c6e0723c3d4@openssl.org>



On 10/12/2020 16:14, Narayana, Sunil Kumar wrote:
> Hi Matt,
> 
> ??????????????? Thanks for the code sample. we understood the end to end
> flow to generate the DH key.
> 
> I wanted to understand one more aspect here, In our application we were
> obtaining two keys (pub_key/ priv_key) from the DH_generate_key() with
> single values of ?dh->p/ dh->g.
> 
> But now in 3.0 equivalent, I guess we can get only one key from the p/g
> params right ? how to get equivalent pub_key / priv_key ? please suggest.


An EVP_PKEY can hold either a priv/public key pair, or just a public key
(or just parameters) depending on the context.

In this case, after a successful call to EVP_PKEY_gen() it will hold the
priv/public key pair.

In many cases you don't need to get the private key out. Often DH keys
are "ephemeral", i.e. they are only ever used for one key exchange, and
are only ever held in memory. If you are doing a "non-ephemeral" key
exchange then you may still need to get it out.

There are a number of ways to do this depending on what you want to achieve.

You can write the whole DH priv/pub key pair out to a PEM file to later
load back in again using the OSSL_ENCODER API, e.g.

OSSL_ENCODER_CTX *ectx
    = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, OSSL_KEYMGMT_SELECT_ALL,
                                       "PEM", NULL, NULL);
OSSL_ENCODER_to_bio(ectx, out);

Alternatively if you want the "raw" octet bytes for the public key you
can use

size_t len = 0;
unsigned char *pub;

EVP_PKEY_get_raw_public_key(pkey, NULL, &len);
pub = OPENSSL_malloc(len);
EVP_PKEY_get_raw_public_key(pkey, pub, &len);

Similarly you can use EVP_PKEY_get_raw_private_key() to get the raw
private key.

Finally, if you just want to get the public key out to send to the peer
you can use EVP_PKEY_get1_encoded_public_key():

unsigned char *buf = NULL;

EVP_PKEY_get1_encoded_public_key(pkey, &buf);
/* Do stuff with buf */
OPENSSL_free(buf);

For DH this works in a similar way to EVP_PKEY_get_raw_public_key(). It
produces a format suitable for use in TLSv1.2 and CMS...which is
actually just the raw public key. For key types other than DH it may not be.

Note: for brevity above I've omitted error handling from the code
samples. You should be sure to add that.

Matt



> 
> ?
> 
> ?
> 
> Regards,
> 
> Sunil
> 
> *From:*openssl-users <openssl-users-bounces at openssl.org> *On Behalf Of
> *openssl-users-request at openssl.org
> *Sent:* 10 December 2020 17:46
> *To:* openssl-users at openssl.org
> *Subject:* openssl-users Digest, Vol 73, Issue 9
> 
> ?
> 
> ------------------------------------------------------------------------
> 
> NOTICE: This email was received from an EXTERNAL sender
> 
> ------------------------------------------------------------------------
> 
> 
> Send openssl-users mailing list submissions to
> openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
> openssl-users-request at openssl.org <mailto:openssl-users-request at openssl.org>
> 
> You can reach the person managing the list at
> openssl-users-owner at openssl.org <mailto:openssl-users-owner at openssl.org>
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
> 
> 
> Today's Topics:
> 
> 1. Re: DH_generate_key (Matt Caswell)
> 2. Re: creating certificate by code / problems to load via
> openssl x509 / pem format (Andreas Tengicki)
> 3. Re: creating certificate by code / problems to load via
> openssl x509 / pem format (Tomas Mraz)
> 4. Re: DH_generate_key (Matt Caswell)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 9 Dec 2020 15:31:51 +0000
> From: Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>>
> To: "Narayana, Sunil Kumar" <sanarayana at rbbn.com
> <mailto:sanarayana at rbbn.com>>,
> "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: Re: DH_generate_key
> Message-ID: <72867e9d-4e91-faa0-d329-1f92ed723b0e at openssl.org
> <mailto:72867e9d-4e91-faa0-d329-1f92ed723b0e at openssl.org>>
> Content-Type: text/plain; charset=utf-8
> 
> 
> 
> On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:
>> Dear openssl team,
>>
>> ?
>>
>> ??????????????? While migrating from 1.0.2 to 3.0, ?we found that
>> DH_generate_key() has be deprecated. And as per the man page, it is
>> advised to use EVP_PKEY_derive_init
>> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>
>> ?& EVP_PKEY_derive
>> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
>>
> 
> The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
> misleading, because those are replacements for DH_compute_key() not
> DH_generate_key().
> 
> The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
> EVP_PKEY_gen().
> 
> https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html
> 
> 
> 
>> our application creates a new DH and using DH_generate_key()
> 
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
> 
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.
> 
> 
>> creates
>> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
>>
> 
> 
> As noted by Daniel in this response to your question there are examples
> on the EVP_PKEY-DH manual page.
> 
> https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html
> 
> Assuming you have set up the parameters in an EVP_PKEY object
> (param_key) then this is the relevant example:
> 
> 
> EVP_PKEY *key = NULL;
> EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
> 
> EVP_PKEY_keygen_init(gctx);
> EVP_PKEY_gen(gctx, &key);
> EVP_PKEY_print_private(bio_out, key, 0, NULL);
> ...
> EVP_PKEY_free(key);
> EVP_PKEY_CTX_free(gctx);
> 
> 
> This gives you a generated DH key in the "key" object.
> 
> 
> Matt
> 
> 
>> And please suggest what EVP API?s should we use to generate pub/priv
> keys ?
>>
>> ?
>>
>> _Application code_
>>
>> _?_
>>
>> ??? dh = DH_new();
>>
>> ??? dh->p = BN_bin2bn(modSize, octet_len, NULL);
>>
>> ??? dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8,
> NULL);
>>
>> ?
>>
>> ??? if ( ! DH_generate_key(dh) )
>>
>> ??? {
>>
>> ??????? return FAILURE;
>>
>> ??? }
>>
>> ??? n = (unsigned) BN_num_bytes(dh->pub_key);
>>
>> ??
>>
>> ????BN_bn2bin(dh->pub_key, p);
>>
>> ??? n = (unsigned) BN_num_bytes(dh->priv_key);
>>
>> ?
>>
>> ?
>>
>> Instead above logic can we do this ? is derive generated pub/priv keys ?
>>
>> ?
>>
>> //create ctx
>>
>> Ctx = EVP_PKEY_CTX_new_from_name (NULL, ?DM?, NULL);
>>
>> EVP_PKEY_derive_init (ctx)
>>
>> ?
>>
>> ?
>>
>> Regards,
>>
>> Sunil
>>
>>
>>
>> ------------------------------------------------------------------------
>> Notice: This e-mail together with any attachments may contain
>> information of Ribbon Communications Inc. that is confidential and/or
>> proprietary for the sole use of the intended recipient. Any review,
>> disclosure, reliance or distribution by others or forwarding without
>> express permission is strictly prohibited. If you are not the intended
>> recipient, please notify the sender immediately and then delete all
>> copies, including any attachments.
>> ------------------------------------------------------------------------
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 10 Dec 2020 10:39:06 +0100
> From: Andreas Tengicki <tengicki at autopoll.de <mailto:tengicki at autopoll.de>>
> To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: Re: creating certificate by code / problems to load via
> openssl x509 / pem format
> Message-ID: <009adab4-57a9-4132-f6f5-43d60946faf4 at autopoll.de
> <mailto:009adab4-57a9-4132-f6f5-43d60946faf4 at autopoll.de>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> The solution was to choice a EVP by signing the certificate
> 
> i = X509_sign(x, CApkey, EVP_sha256());
> 
> Best regards
> 
> ? Andreas
> 
> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>>
>> Hello,
>>
>> your first help in this project, helps much, but now some weeks later,
>> there is a new problem, and I cannot find any tipps via google.
>>
>> For all the coding a have looked into the openssl examples.
>>
>> I create a private key per code, the "openssl rsa -in
>> test_privatekey.pem -check" is fine
>>
>> I create a certificate request per code, "openssl req -text -noout
>> -verify -in test_request.pem" is fine
>>
>> I create a certifcate via this reqeust and store it with
>> "PEM_write_bio_X509(out, crt);" like the others. (some more code below)
>>
>> Perhaps there is something wrong, but to detect this, I will use the
>> validation, but it cannot load the certificate to validate it:
>>
>> >> openssl x509 -in test_certificate.pem -text
>> unable to load certificate
>> 140180222239872:error:0D07209B:asn1 encoding
>> routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
>> 140180222239872:error:0D068066:asn1 encoding
>> routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1118:
>> 140180222239872:error:0D07803A:asn1 encoding
>> routines:asn1_item_embed_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
>> 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
>> lib:../crypto/pem/pem_oth.c:33:
>>
>> Thanks for any help.
>>
>> Best regards
>>
>> ? Andreas
>>
>> ----
>>
>> ErrorHandling should be added in a second step, first debug outputs (I
>> have deleted for here) says everything is created
>>
>> X509* certificate_create(const X509_REQ* req)
>> {
>> ? //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
>> -CAkey ca.key -CAcreateserial -out server.crt
>>
>> ? if ((crt = X509_new()) == NULL);
>> ? //xca = load_cert(CAfile, CAformat, "CA Certificate");
>> ? BIO *bio = NULL;
>> ? bio = BIO_new_file(CAfile, "r");
>> ? xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
>> ? BIO_free(bio);
>>
>> ? upkey = X509_get0_pubkey(xca);
>>
>> ? char CAkeyile[] = "ca.key";
>> ? int CAkeyformat = 5; //FORMAT_PEM
>> ? char passin[] = "xyz";
>>
>> ? ENGINE *e = NULL;
>> ? EVP_PKEY * CApkey = NULL;
>> ? //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
>> Private Key");
>> ? bio = BIO_new_file(CAkeyile, "r");
>> ? CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
>> ? BIO_free(bio);
>>
>> ? EVP_PKEY_copy_parameters(upkey, CApkey);
>>
>> ? X509_STORE *ctx = NULL;
>> ? ctx = X509_STORE_new();
>>
>> ? X509_STORE_CTX *xsc = NULL;
>> ? xsc = X509_STORE_CTX_new();
>> ? if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>>
>> ? ASN1_INTEGER *serialno = NULL;
>> ? serialno = ASN1_INTEGER_new();
>> ? BIGNUM *btmp = NULL;
>> ? btmp = BN_new();
>>
>> ? # define SERIAL_RAND_BITS??????? 159
>> ? if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
>> BN_RAND_BOTTOM_ANY));
>> ? if (!BN_to_ASN1_INTEGER(btmp, serialno));
>> ? BN_free(btmp);
>>
>> X509_STORE_CTX_set_cert(xsc, crt);
>> ? X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>>
>> ? if (!X509_check_private_key(xca, CApkey)) ;
>>
>> ? if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
>> ? if (!X509_set_serialNumber(crt, serialno));
>>
>> ? int days = 365;
>> ? if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) == NULL);
>>
>> ? const char digestname[] = "sha256";
>> ? const EVP_MD* md = EVP_get_digestbyname(digestname);
>> ? EVP_MD_CTX *mctx = EVP_MD_CTX_new();
>> ? EVP_PKEY_CTX *pkctx = NULL;
>> ? EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
>> hier der richtige private Key? sollte eigentlich
>> ? int rv = (X509_sign_ctx(crt, mctx) > 0);
>> ? EVP_MD_CTX_free(mctx);
>>
>> ? BIO *out = NULL;
>> ? out = BIO_new_file("test_certificate.pem", "w");
>> ? PEM_write_bio_X509(out, crt);
>> ? BIO_free_all(out);
>>
>> ? ...some more frees ...
>> ? return crt;
>> }
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 10 Dec 2020 11:42:37 +0100
> From: Tomas Mraz <tmraz at redhat.com <mailto:tmraz at redhat.com>>
> To: Andreas Tengicki <tengicki at autopoll.de
> <mailto:tengicki at autopoll.de>>, openssl-users at openssl.org
> <mailto:openssl-users at openssl.org>
> Subject: Re: creating certificate by code / problems to load via
> openssl x509 / pem format
> Message-ID:
> <a5196a1bd4dcd8175448e8689d6396231d23097a.camel at redhat.com
> <mailto:a5196a1bd4dcd8175448e8689d6396231d23097a.camel at redhat.com>>
> Content-Type: text/plain; charset="UTF-8"
> 
> On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote:
>> The solution was to choice a EVP by signing the certificate
>>
>> i = X509_sign(x, CApkey, EVP_sha256());
> 
> I do not really think this was the problem. In the code below you do
> not set the notBefore time which is actually indicated by the parsing
> errors when you try to load the invalid certificate.
> 
>> Best regards
>>
>> Andreas
>>
>> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>> > Hello,
>> >
>> > your first help in this project, helps much, but now some weeks
>> > later, there is a new problem, and I cannot find any tipps via
>> > google.
>> >
>> > For all the coding a have looked into the openssl examples.
>> >
>> > I create a private key per code, the "openssl rsa -in
>> > test_privatekey.pem -check" is fine
>> >
>> > I create a certificate request per code, "openssl req -text -noout
>> > -verify -in test_request.pem" is fine
>> >
>> > I create a certifcate via this reqeust and store it with
>> > "PEM_write_bio_X509(out, crt);" like the others. (some more code
>> > below)
>> >
>> > Perhaps there is something wrong, but to detect this, I will use
>> > the validation, but it cannot load the certificate to validate it:
>> >
>> > >> openssl x509 -in test_certificate.pem -text
>> > unable to load certificate
>> > 140180222239872:error:0D07209B:asn1 encoding
>> > routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
>> > 140180222239872:error:0D068066:asn1 encoding
>> > routines:asn1_check_tlen:bad object
>> > header:../crypto/asn1/tasn_dec.c:1118:
>> > 140180222239872:error:0D07803A:asn1 encoding
>> > routines:asn1_item_embed_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
>> > 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
>> > lib:../crypto/pem/pem_oth.c:33:
>> >
>> >
>> > Thanks for any help.
>> >
>> > Best regards
>> >
>> > Andreas
>> >
>> > ----
>> >
>> > ErrorHandling should be added in a second step, first debug outputs
>> > (I have deleted for here) says everything is created
>> >
>> > X509* certificate_create(const X509_REQ* req)
>> > {
>> > //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
>> > -CAkey ca.key -CAcreateserial -out server.crt
>> >
>> > if ((crt = X509_new()) == NULL);
>> > //xca = load_cert(CAfile, CAformat, "CA Certificate");
>> > BIO *bio = NULL;
>> > bio = BIO_new_file(CAfile, "r");
>> > xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
>> > BIO_free(bio);
>> >
>> > upkey = X509_get0_pubkey(xca);
>> >
>> > char CAkeyile[] = "ca.key";
>> > int CAkeyformat = 5; //FORMAT_PEM
>> > char passin[] = "xyz";
>> >
>> > ENGINE *e = NULL;
>> > EVP_PKEY * CApkey = NULL;
>> > //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
>> > Private Key");
>> > bio = BIO_new_file(CAkeyile, "r");
>> > CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
>> > BIO_free(bio);
>> >
>> > EVP_PKEY_copy_parameters(upkey, CApkey);
>> >
>> > X509_STORE *ctx = NULL;
>> > ctx = X509_STORE_new();
>> >
>> > X509_STORE_CTX *xsc = NULL;
>> > xsc = X509_STORE_CTX_new();
>> > if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>> >
>> > ASN1_INTEGER *serialno = NULL;
>> > serialno = ASN1_INTEGER_new();
>> > BIGNUM *btmp = NULL;
>> > btmp = BN_new();
>> >
>> > # define SERIAL_RAND_BITS 159
>> > if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
>> > BN_RAND_BOTTOM_ANY));
>> > if (!BN_to_ASN1_INTEGER(btmp, serialno));
>> > BN_free(btmp);
>> >
>> > X509_STORE_CTX_set_cert(xsc, crt);
>> > X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>> >
>> > if (!X509_check_private_key(xca, CApkey)) ;
>> >
>> > if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
>> > if (!X509_set_serialNumber(crt, serialno));
>> >
>> > int days = 365;
>> > if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) ==
>> > NULL);
>> >
>> > const char digestname[] = "sha256";
>> > const EVP_MD* md = EVP_get_digestbyname(digestname);
>> > EVP_MD_CTX *mctx = EVP_MD_CTX_new();
>> > EVP_PKEY_CTX *pkctx = NULL;
>> > EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
>> > hier der richtige private Key? sollte eigentlich
>> > int rv = (X509_sign_ctx(crt, mctx) > 0);
>> > EVP_MD_CTX_free(mctx);
>> >
>> > BIO *out = NULL;
>> > out = BIO_new_file("test_certificate.pem", "w");
>> > PEM_write_bio_X509(out, crt);
>> > BIO_free_all(out);
>> >
>> > ...some more frees ...
>> > return crt;
>> > }
>> >
> -- 
> Tom?? Mr?z
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
> 
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Thu, 10 Dec 2020 12:16:11 +0000
> From: Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>>
> To: "Narayana, Sunil Kumar" <sanarayana at rbbn.com
> <mailto:sanarayana at rbbn.com>>,
> "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: Re: DH_generate_key
> Message-ID: <0d2eb472-d8d8-0272-e992-8e5c37082f0e at openssl.org
> <mailto:0d2eb472-d8d8-0272-e992-8e5c37082f0e at openssl.org>>
> Content-Type: text/plain; charset=utf-8
> 
> 
> 
> On 09/12/2020 15:31, Matt Caswell wrote:
>>> our application creates a new DH and using DH_generate_key()
>>
>> How do you set up the DH parameters? Do you load them from a file or
>> generate them in your application? Or some other way? Will it break your
>> application if you swap to using different parameters, or must you
>> retain support for the old ones?
>>
>> The first step is to create an EVP_PKEY object containing the DH
>> parameters. How to do that depends on the answers to the above questions.
> 
> Sunil emailed me directly (off list) and provided some code samples.
> 
> So you have some fixed "p" and "g" parameter values defined as static
> unsigned char arrays, which you are currently converting to BIGNUMs
> using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.
> 
> The "g" value is just "2", so in the 3.0 equivalent you don't need to
> convert that to a BIGNUM first. Some equivalent code to construct a DH
> params object (called "param_key" in the code below) is:
> 
> 
> EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
> OSSL_PARAM_BLD *tmpl = NULL;
> OSSL_PARAM *params = NULL;
> EVP_PKEY *param_key = NULL;
> 
> if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
> goto err;
> 
> if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
> || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
> || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
> goto err;
> 
> params = OSSL_PARAM_BLD_to_param(tmpl);
> if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
> goto err;
> err:
> EVP_PKEY_CTX_free(pctx);
> OSSL_PARAM_BLD_free_params(params);
> OSSL_PARAM_BLD_free(tmpl);
> 
> 
> You can then generate the key using the code sample I gave in my
> previous email:
> 
> EVP_PKEY *key = NULL;
> EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
> 
> EVP_PKEY_keygen_init(gctx);
> EVP_PKEY_gen(gctx, &key);
> EVP_PKEY_print_private(bio_out, key, 0, NULL);
> ...
> EVP_PKEY_free(key);
> EVP_PKEY_CTX_free(gctx);
> 
> 
> 
> Hope that helps,
> 
> Matt
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> ------------------------------
> 
> End of openssl-users Digest, Vol 73, Issue 9
> ********************************************
> 
> 
> 
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------

From guruprasad.raorane at gmail.com  Sat Dec 12 16:38:29 2020
From: guruprasad.raorane at gmail.com (guruprasad raorane)
Date: Sat, 12 Dec 2020 22:08:29 +0530
Subject: Difference between FIPS vs no FIPS.
Message-ID: <CADOBp3CzUDgz_97dX7RDsyp11O24ActmU34JbBmL7kDiYaGfRQ@mail.gmail.com>

Hello,



I have (may be stupid) a query as below.



Is there any difference in OpenSSL API output in FIPS vs no-FIPS? Or more
precisely if consumer  application has no conditional code paths for FIPS
/no FIPS. No change in application in FIPS mode vs No Fips except calling
FIPS_mode_set  with 0 or 1 (may be depending on user i/p).  It is always
using same set of Openssl APIs/Algos in both modes i.e. Fips or no FIPS.

Is it necessary to test an application twice i.e. with FIPS mode set and
not set?

Will it be safe to assume if such an application is working with FIPS
enable then it will work in no-FIPS? Note here i am not concerned about the
strength of the key etc..



Thanks in advance.



Thanks and regards,

Guruprasad B. Raorane.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201212/77825ea3/attachment-0001.html>

From kurt at roeckx.be  Sat Dec 12 22:50:30 2020
From: kurt at roeckx.be (Kurt Roeckx)
Date: Sat, 12 Dec 2020 23:50:30 +0100
Subject: Question about SSL_ERROR_WANT_WRITE
In-Reply-To: <CAKJdRa=smuu-+H6+X=FLHi9nwWUacQ7RLLhpnLEBXwvGiEmy8w@mail.gmail.com>
References: <CAKJdRa=smuu-+H6+X=FLHi9nwWUacQ7RLLhpnLEBXwvGiEmy8w@mail.gmail.com>
Message-ID: <X9VJNv19zE/S8sWy@roeckx.be>

On Thu, Dec 10, 2020 at 05:14:00PM +0200, Cosmin Apreutesei wrote:
> Hello,
> 
> I have a question regarding SSL_write() and returning SSL_ERROR_WANT_WRITE
> from the write callback.
> 
> _After_ SSL_write() returns with SSL_ERROR_WANT_WRITE (because my write
> callback returned  SSL_ERROR_WANT_WRITE), can I _then_ send the data given
> to the calback and then call SSL_write() again (with the same arguments)
> and then in the second call to the callback return the number of bytes
> written? Is that a supported use of the API? (I'm asking because that's the
> only way I can use the API, I can't send the data inside the callback, I
> need to send it outside the callback, see below for why).
> 
> In other words, is it guaranteed that on that second call to  SSL_write(),
> SSL will want to send the exact same data that it tried before when it
> failed, and not change its mind about it wants to send? Because
> technically, since SSL_ERROR_WANT_WRITE implies that "no data was sent",
> the state machine might as well advance and send something different at a
> later time (because it received data or something inside expired or
> whatever).

I don't fully understand your question, but the manpage says:

WARNINGS
       When a write function call has to be repeated because
SSL_get_error(3) returned SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments.
The data that was passed might have been partially processed.
When SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER was set using
SSL_CTX_set_mode(3) the pointer can be different, but the data and
length should still be the same.

Does that answer your question?


Kurt


From aerowolf at gmail.com  Sun Dec 13 05:53:57 2020
From: aerowolf at gmail.com (Kyle Hamilton)
Date: Sat, 12 Dec 2020 23:53:57 -0600
Subject: Question about SSL_ERROR_WANT_WRITE
In-Reply-To: <CAKJdRa=smuu-+H6+X=FLHi9nwWUacQ7RLLhpnLEBXwvGiEmy8w@mail.gmail.com>
References: <CAKJdRa=smuu-+H6+X=FLHi9nwWUacQ7RLLhpnLEBXwvGiEmy8w@mail.gmail.com>
Message-ID: <CAPMEXDaOzL8LrJ1Fn2YJygmXLa_1ame8tfexRKohMjkmFH-jug@mail.gmail.com>

If you get SSL_ERROR_WANT_WRITE, call the same function with the same
parameters and same buffer content immediately. (Same with
SSL_ERROR_WANT_READ.)

If you need to, stash those parameters in variables for ease of reference.
But don't do anything else on the SSL layer until you get a different
return value. (If you implement your own BIO layer, do what you need to do
in support of what you're asked to do for the raw I/O. But don't do
anything with the SSL layer until its internal state has moved past the
need to read or write to or from the BIO.)

-Kyle H

On Thu, Dec 10, 2020, 09:14 Cosmin Apreutesei <cosmin.apreutesei at gmail.com>
wrote:

> Hello,
>
> I have a question regarding SSL_write() and returning SSL_ERROR_WANT_WRITE
> from the write callback.
>
> _After_ SSL_write() returns with SSL_ERROR_WANT_WRITE (because my write
> callback returned  SSL_ERROR_WANT_WRITE), can I _then_ send the data given
> to the calback and then call SSL_write() again (with the same arguments)
> and then in the second call to the callback return the number of bytes
> written? Is that a supported use of the API? (I'm asking because that's the
> only way I can use the API, I can't send the data inside the callback, I
> need to send it outside the callback, see below for why).
>
> In other words, is it guaranteed that on that second call to  SSL_write(),
> SSL will want to send the exact same data that it tried before when it
> failed, and not change its mind about it wants to send? Because
> technically, since SSL_ERROR_WANT_WRITE implies that "no data was sent",
> the state machine might as well advance and send something different at a
> later time (because it received data or something inside expired or
> whatever).
>
> ----
>
> Why I need this: I'm using IOCP and LuaJIT which means I have two
> limitations:
>
> 1) Because I'm using a completion API as opposed to a readiness API, I
> can't just tell OpenSSL when the socket is writable and let it write to it,
> I need to write the data myself.
>
> 2) because LuaJIT doesn't allow me to yield from inside a C callback, I
> can't do async I/O inside the callback, I can only do it in between calls
> to SSL_read()/SSL_write().
>
> Any suggestions appreciated, thanks!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201212/1e6ec13b/attachment.html>

From whippet0 at gmail.com  Mon Dec 14 07:08:05 2020
From: whippet0 at gmail.com (George)
Date: Mon, 14 Dec 2020 02:08:05 -0500
Subject: private key not available for client_cert_cb
Message-ID: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>

Hi,

 ?? I'm new to OpenSSL and am trying to set up mutual authentication in 
a client. The client is setup with OpenSSL 1.0.2u. and the client's 
certificate + private key is stored on a Smart Card.? When the client 
receives a certificate request from the server during the mutual 
authentication handshake, the OpenSSL /client_cert_cb/ callback function 
is automatically invoked. The problem is that /client_cert_cb/ requires 
a private key. Unfortunately, it is not possible to get a private key 
from a Smart Card. Is there a way to send a certificate to the server 
without needing the private key?

I'm setting up the callback function with:

void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL 
*ssl, X509 **x509, EVP_PKEY **pkey));


Here is a sample of what my code looks like when I set this up:

SSL_CTX_set_client_cert_cb(context, *openSSLClientAuthenticationCallBack*);

int *openSSLClientAuthenticationCallBack*(SSL *ssl, X509 **x509, 
EVP_PKEY **pkey)
{
. . .
}


I can access the Smart Card using the PKCS#11 interface and I'm able to 
get the certificate and sign it, etc. However, I cannot get the actual 
private key from the Smart Card.

Does anyone know how I can get around this problem?


Thanks,
George

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/8534db3f/attachment.html>

From janjust at nikhef.nl  Mon Dec 14 08:51:14 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Mon, 14 Dec 2020 09:51:14 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
Message-ID: <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>

Hi,

On 14/12/20 08:08, George wrote:
> Hi,
>
> ?? I'm new to OpenSSL and am trying to set up mutual authentication in 
> a client. The client is setup with OpenSSL 1.0.2u. and the client's 
> certificate + private key is stored on a Smart Card.? When the client 
> receives a certificate request from the server during the mutual 
> authentication handshake, the OpenSSL /client_cert_cb/ callback 
> function is automatically invoked. The problem is that 
> /client_cert_cb/ requires a private key. Unfortunately, it is not 
> possible to get a private key from a Smart Card. Is there a way to 
> send a certificate to the server without needing the private key?
>
> I'm setting up the callback function with:
>
> void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int 
> (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
>
>
> Here is a sample of what my code looks like when I set this up:
>
> SSL_CTX_set_client_cert_cb(context, 
> *openSSLClientAuthenticationCallBack*);
>
> int *openSSLClientAuthenticationCallBack*(SSL *ssl, X509 **x509, 
> EVP_PKEY **pkey)
> {
> . . .
> }
>
>
> I can access the Smart Card using the PKCS#11 interface and I'm able 
> to get the certificate and sign it, etc. However, I cannot get the 
> actual private key from the Smart Card.
>
> Does anyone know how I can get around this problem?
>

to use a pkcs#11 smartcard you normally use the OpenSSL pkcs11 engine ; 
you then do something like:

 ??? engine_name = "pkcs11";
 ??? ENGINE_register_all_complete();
 ??? pkey_engine = ENGINE_by_id( "dynamic" );
 ??? if (pkey_engine)
 ??????? {
 ??????????? if (!ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", 
engine_name, 0)
 ???????????? || !ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0))
 ??????????? {
 ??????????????? warn( "EAP-TLS: Error loading dynamic engine '%s'", 
engine_name );
 ??????????????? log_ssl_errors();
 ??????????????? ENGINE_free(e);
 ??????????????? pkey_engine = NULL;
 ??????????? }
 ??????? }
 ??? }

 ??? if (pkey_engine)
 ??? {
 ??????? if(!ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL))
 ??? }
 ??? pkey_engine = eaptls_ssl_load_engine( "pkcs11" );
 ??? pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, 
transfer_pin, &cb_data);
 ??? SSL_CTX_use_PrivateKey(ctx, pkey);

where "transfer_pin" is a callback UI function to query the user for the 
pkcs11 device password.

More detailed code can be found in my pppd EAP-TLS patch, file eap-tls.c at
 ? https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c

(and search for pkey_engine)

HTH,

JJK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/a124ef53/attachment-0001.html>

From whippet0 at gmail.com  Mon Dec 14 15:15:18 2020
From: whippet0 at gmail.com (George)
Date: Mon, 14 Dec 2020 10:15:18 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
Message-ID: <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>

Hi Jan,

 ?? Thanks for your response. It looks like I don't already have the PPP 
and PPPD. Do I need to download and install the following?
https://github.com/jjkeijser/ppp/tree/eap-tls

I am using OpenSSL in Windows 10 and compiled it with Visual Studio 
2019. Will this EAP-TLS code compile/work with Visual Studio in Windows?

Are there any other ways to get the Smart Card to work without needing 
to install additional software?


Thanks!
George



On 2020-12-14 3:51 a.m., Jan Just Keijser wrote:
> Hi,
>
> On 14/12/20 08:08, George wrote:
>> Hi,
>>
>> ?? I'm new to OpenSSL and am trying to set up mutual authentication 
>> in a client. The client is setup with OpenSSL 1.0.2u. and the 
>> client's certificate + private key is stored on a Smart Card.? When 
>> the client receives a certificate request from the server during the 
>> mutual authentication handshake, the OpenSSL /client_cert_cb/ 
>> callback function is automatically invoked. The problem is that 
>> /client_cert_cb/ requires a private key. Unfortunately, it is not 
>> possible to get a private key from a Smart Card. Is there a way to 
>> send a certificate to the server without needing the private key?
>>
>> I'm setting up the callback function with:
>>
>> void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int 
>> (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
>>
>>
>> Here is a sample of what my code looks like when I set this up:
>>
>> SSL_CTX_set_client_cert_cb(context, 
>> *openSSLClientAuthenticationCallBack*);
>>
>> int *openSSLClientAuthenticationCallBack*(SSL *ssl, X509 **x509, 
>> EVP_PKEY **pkey)
>> {
>> . . .
>> }
>>
>>
>> I can access the Smart Card using the PKCS#11 interface and I'm able 
>> to get the certificate and sign it, etc. However, I cannot get the 
>> actual private key from the Smart Card.
>>
>> Does anyone know how I can get around this problem?
>>
>
> to use a pkcs#11 smartcard you normally use the OpenSSL pkcs11 engine 
> ; you then do something like:
>
> ??? engine_name = "pkcs11";
> ??? ENGINE_register_all_complete();
> ??? pkey_engine = ENGINE_by_id( "dynamic" );
> ??? if (pkey_engine)
> ??????? {
> ??????????? if (!ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", 
> engine_name, 0)
> ???????????? || !ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0))
> ??????????? {
> ??????????????? warn( "EAP-TLS: Error loading dynamic engine '%s'", 
> engine_name );
> ??????????????? log_ssl_errors();
> ??????????????? ENGINE_free(e);
> ??????????????? pkey_engine = NULL;
> ??????????? }
> ??????? }
> ??? }
>
> ??? if (pkey_engine)
> ??? {
> ??????? if(!ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL))
> ??? }
> ??? pkey_engine = eaptls_ssl_load_engine( "pkcs11" );
> ??? pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, 
> transfer_pin, &cb_data);
> ??? SSL_CTX_use_PrivateKey(ctx, pkey);
>
> where "transfer_pin" is a callback UI function to query the user for 
> the pkcs11 device password.
>
> More detailed code can be found in my pppd EAP-TLS patch, file 
> eap-tls.c at
> https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
>
> (and search for pkey_engine)
>
> HTH,
>
> JJK
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/483e4c41/attachment.html>

From sanarayana at rbbn.com  Mon Dec 14 15:48:34 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Mon, 14 Dec 2020 15:48:34 +0000
Subject: DH_compute_key ()  - replacement in 3.0
Message-ID: <SN6PR03MB4061581C4768575319DF1141B0C70@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi ,
While migrating from 1.0.2 to 3.0, we found that DH_compute_key () has be deprecated.
In the current  we are using the compute API as below

    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

to exactly replace this we are generating "pubparam_key/priparam_key"  using   bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

>From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret

Please suggest if any step is invalid or not necessary

Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/256657af/attachment.html>

From Michael.Wojcik at microfocus.com  Mon Dec 14 15:58:12 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 14 Dec 2020 15:58:12 +0000
Subject: private key not available for client_cert_cb
In-Reply-To: <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
Message-ID: <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of George
> Sent: Monday, 14 December, 2020 08:15

>   Thanks for your response. It looks like I don't already have the PPP and PPPD.

You don't need PPP to use a smartcard or other PKCS#11 device. Jan just mentioned the source as a exemplar of the interactions your code will need to have with OpenSSL.

> Are there any other ways to get the Smart Card to work without needing to
> install additional software?

Probably not.

OpenSSL's PKCS#11 Engine implements the PKCS#11 API. That API needs a way to talk to the particular PKCS#11-compatible hardware you're using. That means it needs a driver, and generally some configuration as well.

It's been a few years since I last played around with this - I got OpenSSL working with a NitroKey as part of a code-signing spike - but you'll need to investigate PKCS#11 support for your particular device. There are Open Source projects such as OpenSC which may give you part or all of what you need to get OpenSSL's PKCS#11 Engine working with your hardware.

When I did it, it wasn't trivial. I spent a couple of days on investigation and experimenting before I got anything working, and a couple more days making sure I understood the entire process and documenting procedures that worked consistently. (With some applications I had persistent problems such as Windows insisting on prompting for the device PIN instead of letting me supply it programmatically, but I think that was only when using Microsoft APIs rather than going through OpenSSL.)

If the client certificate uses a public key that corresponds to a private key on the smartcard, though, that's what you'll have to do. You can't use a certificate as a proof of identity without the corresponding private key. (Some HSMs and other crypto devices have support for exporting private keys, often as multiple shares, for backup and cloning purposes. Using that to get the private key for direct use defeats the whole purpose of an HSM, of course, so that shouldn't be used to bypass the card.)

--
Michael Wojcik

From thulasi.goriparthi at gmail.com  Mon Dec 14 16:04:43 2020
From: thulasi.goriparthi at gmail.com (Thulasi Goriparthi)
Date: Mon, 14 Dec 2020 21:34:43 +0530
Subject: openssl asym_cipher/signature provider
Message-ID: <CAB7O4GxGzCa-DKpUrfSfT8TYSGp1oPbNjdJ5bHmx+khmpboQEQ@mail.gmail.com>

Hello,

Is it acceptable for an openssl provider to implement an algorithm
(rsaEncryption) as asym_cipher or signature algorithm without implementing
corresponding keymgmt or redirecting the same to the 'default' provider?

I ask, as our engine implementation handles key import dynamically at time
of offloading crypto operation, using ex_data of key objects. I want to
quickly upgrade this to a provider to convince myself that the basic
upgrade from engine to provider isn't time consuming.

Thanks,
Thulasi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/91e9e147/attachment.html>

From matt at openssl.org  Mon Dec 14 16:26:20 2020
From: matt at openssl.org (Matt Caswell)
Date: Mon, 14 Dec 2020 16:26:20 +0000
Subject: openssl asym_cipher/signature provider
In-Reply-To: <CAB7O4GxGzCa-DKpUrfSfT8TYSGp1oPbNjdJ5bHmx+khmpboQEQ@mail.gmail.com>
References: <CAB7O4GxGzCa-DKpUrfSfT8TYSGp1oPbNjdJ5bHmx+khmpboQEQ@mail.gmail.com>
Message-ID: <07cbfbc6-9b7e-5716-a3b9-d08c762ba578@openssl.org>



On 14/12/2020 16:04, Thulasi Goriparthi wrote:
> Hello,
> 
> Is it acceptable for an openssl provider to implement an algorithm
> (rsaEncryption) as asym_cipher or signature algorithm without
> implementing corresponding keymgmt or redirecting the same to the
> 'default' provider?
> 
> I ask, as our engine implementation handles key import dynamically at
> time of offloading crypto operation, using ex_data of key?objects. I
> want to quickly upgrade this to a provider to convince myself that the
> basic upgrade from engine?to provider isn't time consuming.

One of the main purposes of the key manager is to import the key into
the provider into a form that it can use internally. The
asym_cipher/signature implementations just use references to keys
created by the key manager.

So unfortunately it is necessary to have a key manager in order for a
provider to have a usable asym_cipher or signature implementation.

Note: it does not have to be a fully featured key manager, e.g. it does
not need to implement key generation. It would be perfectly possible to
have key generation done in some other key manager and then subsequently
import it into the target key manager.

Matt


From whippet0 at gmail.com  Mon Dec 14 16:35:37 2020
From: whippet0 at gmail.com (George)
Date: Mon, 14 Dec 2020 11:35:37 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
Message-ID: <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>

Hi Michael,

 ?? I see what you mean. So once I have everything setup, i use the 
following to get the private key:
EVP_PKEY *pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, 
transfer_pin, &cb_data);

Will pkey actually contain the private key from the smart card? I 
thought it was not possible to get a private key from a smart card?

Once I have pkey, do I simply use it within the /client_cert_cb/ 
callback function?


Thanks,
George


On 2020-12-14 10:58 a.m., Michael Wojcik wrote:
>> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of George
>> Sent: Monday, 14 December, 2020 08:15
>>    Thanks for your response. It looks like I don't already have the PPP and PPPD.
> You don't need PPP to use a smartcard or other PKCS#11 device. Jan just mentioned the source as a exemplar of the interactions your code will need to have with OpenSSL.
>
>> Are there any other ways to get the Smart Card to work without needing to
>> install additional software?
> Probably not.
>
> OpenSSL's PKCS#11 Engine implements the PKCS#11 API. That API needs a way to talk to the particular PKCS#11-compatible hardware you're using. That means it needs a driver, and generally some configuration as well.
>
> It's been a few years since I last played around with this - I got OpenSSL working with a NitroKey as part of a code-signing spike - but you'll need to investigate PKCS#11 support for your particular device. There are Open Source projects such as OpenSC which may give you part or all of what you need to get OpenSSL's PKCS#11 Engine working with your hardware.
>
> When I did it, it wasn't trivial. I spent a couple of days on investigation and experimenting before I got anything working, and a couple more days making sure I understood the entire process and documenting procedures that worked consistently. (With some applications I had persistent problems such as Windows insisting on prompting for the device PIN instead of letting me supply it programmatically, but I think that was only when using Microsoft APIs rather than going through OpenSSL.)
>
> If the client certificate uses a public key that corresponds to a private key on the smartcard, though, that's what you'll have to do. You can't use a certificate as a proof of identity without the corresponding private key. (Some HSMs and other crypto devices have support for exporting private keys, often as multiple shares, for backup and cloning purposes. Using that to get the private key for direct use defeats the whole purpose of an HSM, of course, so that shouldn't be used to bypass the card.)
>
> --
> Michael Wojcik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/80bc4b42/attachment.html>

From nelson at openssl.org  Mon Dec 14 16:47:35 2020
From: nelson at openssl.org (Paul Nelson)
Date: Mon, 14 Dec 2020 10:47:35 -0600
Subject: private key not available for client_cert_cb
In-Reply-To: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
Message-ID: <CDA23355-A5EA-4DB2-B0E7-F6554C3321CE@openssl.org>

How I did this:

1) You can make up your own EVP_PKEY that uses your own engine implementation and attach a data ptr to it
                        EVP_PKEY* returnPKey;
                        returnPKey = EVP_PKEY_new();
                        if( returnPKey )
                        {
        		    ENGINE* engine = ENGINE_by_id(YOUR_ENGINE_ID);
                            RSA* sc_rsa = RSA_new_method(engine);
                            if( sc_rsa )
                            {
				// attach a reference to a structure holding your smart card middleware info
                                RSA_set_ex_data(sc_rsa, ENGINE_smartcard_rsa_idx_middleware(),
                                                (void*)middleware->handle);
                                
                                EVP_PKEY* pk = X509_get_pubkey( returnCert );
                                if( pk )
                                {
                                    sc_rsa->e = BN_new();
                                    sc_rsa->n = BN_new();
                                    BN_copy(sc_rsa->e, pk->pkey.rsa->e);
                                    BN_copy(sc_rsa->n, pk->pkey.rsa->n);
                                    EVP_PKEY_free(pk);
                                    
                                    EVP_PKEY_set1_RSA(returnPKey, sc_rsa);
                                    RSA_free(sc_rsa);
                                    
                                    *outCert = make this X509 from your smart card certificate;
                                    *outpkey = returnPKey;
                                }
                                else
                                    LogError("smartcards_fetch_identity can't get pubkey\n");
                            }

Then for your engine you will need some methods to configure it as follows:
void ENGINE_load_smartcard_keychain(void);
/*
 * ENGINE_tss_keychain_rsa_idx_middleware returns a ex_data index where engine user should store the
 *  pointer to the info needed to use the middleware
 */
int ENGINE_smartcard_rsa_idx_middleware(void);

Your ENGINE_load_smartcard_keychain method should set global values that get returned by ENGINE_smartcard_rsa_idx_middleware:
        gMiddlewareRSAIndex = RSA_get_ex_new_index(0x1234, NULL, NULL, NULL, NULL);

Configure your engine filling in an RSA_METHOD structure with what you will need. You don?t really need all the methods in RSA_METHOD structure, and if you don?t need them add a stub that returns a 0. I did not need either of the mod_exp method or the public key encrypt and decrypt methods. I also did not need the verify or keygen methods. Your init and finish methods just need to return 1.
I set the RSA_METHOD flags to RSA_FLAG_FIPS_METHOD|RSA_METHOD_FLAG_NO_CHECK|RSA_FLAG_CACHE_PUBLIC 

This leaves the cipher methods for private key encrypt/decrypt and sign. The private key methods will be where all the work is done.  Write a function to perform the smartcard ?crypt? method and use it in private encrypt/decrypt and the signing methods. You will need to pay attention to padding and make sure you know how to pad for PKCS1 type 1.  The RSA_SSLV23_PADDING is not required and you can just return an error if you get called with this. 

I handle the PIN entry requirement by having the engine return a specific error if the PIN is needed, then handle the PIN entry in the application.  Once the PIN is entered and available to the middleware, I retry the connection.

The trick is to get a pointer to your middleware implementation from the private key engine methods like this:

    my_middleware_handle =
    	(my_middleware_handle)RSA_get_ex_data(rsa, gMiddlewareRSAIndex);

I found that writing the engine was more straightforward that attempting to use PKCS11.

> On Dec 14, 2020, at 1:08 AM, George <whippet0 at gmail.com> wrote:
> 
> Hi,
> 
>    I'm new to OpenSSL and am trying to set up mutual authentication in a client. The client is setup with OpenSSL 1.0.2u. and the client's certificate + private key is stored on a Smart Card.  When the client receives a certificate request from the server during the mutual authentication handshake, the OpenSSL client_cert_cb callback function is automatically invoked. The problem is that client_cert_cb requires a private key. Unfortunately, it is not possible to get a private key from a Smart Card. Is there a way to send a certificate to the server without needing the private key?
> 
> I'm setting up the callback function with:
>  
> void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
> 
> 
> Here is a sample of what my code looks like when I set this up:
> 
> SSL_CTX_set_client_cert_cb(context, openSSLClientAuthenticationCallBack);
> 
> int openSSLClientAuthenticationCallBack(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
> {
> . . .
> }
> 
> 
> I can access the Smart Card using the PKCS#11 interface and I'm able to get the certificate and sign it, etc. However, I cannot get the actual private key from the Smart Card.
> 
> Does anyone know how I can get around this problem?
> 
> 
> Thanks,
> George
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/d7757876/attachment-0001.html>

From Michael.Wojcik at microfocus.com  Mon Dec 14 17:59:43 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 14 Dec 2020 17:59:43 +0000
Subject: private key not available for client_cert_cb
In-Reply-To: <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
Message-ID: <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of George
> Sent: Monday, 14 December, 2020 09:36

>   I see what you mean. So once I have everything setup, i use the following
> to get the private key:
> EVP_PKEY *pkey = ENGINE_load_private_key(...);
>
> Will pkey actually contain the private key from the smart card?

It had better not.

> I thought it was not possible to get a private key from a smart card?

That's the point of the smartcard (or other HSM), yes.

> Once I have pkey, do I simply use it within the client_cert_cb callback function?

You can't get the private key from the smartcard. Instead, you have to let the engine do the encryption. I don't know what ENGINE_load_private_key actually does - in my PKCS#11 work I didn't have to get into this - but I suspect it just puts a key identifier into pkey.

Then what ought to happen is that you pass that pkey to OpenSSL where you need an EVP_PKEY, and OpenSSL will call the engine's appropriate method for whatever it needs to do, and the engine will tell the smartcard "do this thing using the key with this identifier".

I suggest you refer to a example such as the PPP code that Jan cited to see how it does this sort of thing.

Or you can take the approach that Paul suggests in his reply of writing your own engine specifically for your hardware, if you don't need generic PKCS#11 support. Basically, PKCS#11 gives you support for more devices, and in principle should do some of the work for you; but as Paul suggests, the PKCS#11 API and its dependence on external drivers and libraries means it's not easy to work with. In some cases where you only need to support one type of device (or a family of devices that all use the same driver / library) it might well be easier to just write a simple engine that only supports the features you need. You can use the source for the existing engines in OpenSSL to get an idea of what that looks like.

A few years back I forked the OpenSSL CAPI engine to make some fixes and enhancements, and that was pretty straightforward.

So if you have a well-documented API for your particular smartcard, with handy functions like "do this to get an RSA signature of a blob of data with this key ID and these parameters", you may want to try Paul's route. Really depends on your requirements and what kind of support you already have for your device.

And all of this changes in 3.0 with the new "provider" architecture, so you'll get to take another crack at it soon.

--
Michael Wojcik

From whippet0 at gmail.com  Mon Dec 14 20:01:23 2020
From: whippet0 at gmail.com (George)
Date: Mon, 14 Dec 2020 15:01:23 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
Message-ID: <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>

Ok, so I am not actually going to populate EVP_PKEY with a private key 
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?

Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
UI_METHOD *ui_method, void *callback_data);
to get the EVP_PKEY, which will be used by OpenSSL to access the Smart Card.

Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...), 
how do I assign it to pkey in the callback function?
If I had private key I would use something like
EVP_PKEY_assign_RSA(..)
Since I don't actually have a private key, should I use something else?



Thanks,
George


On 2020-12-14 12:59 p.m., Michael Wojcik wrote:
>
> You can't get the private key from the smartcard. Instead, you have to let the engine do the encryption. I don't know what ENGINE_load_private_key actually does - in my PKCS#11 work I didn't have to get into this - but I suspect it just puts a key identifier into pkey.
>
> Then what ought to happen is that you pass that pkey to OpenSSL where you need an EVP_PKEY, and OpenSSL will call the engine's appropriate method for whatever it needs to do, and the engine will tell the smartcard "do this thing using the key with this identifier".
>
> I suggest you refer to a example such as the PPP code that Jan cited to see how it does this sort of thing.
>
> Or you can take the approach that Paul suggests in his reply of writing your own engine specifically for your hardware, if you don't need generic PKCS#11 support. Basically, PKCS#11 gives you support for more devices, and in principle should do some of the work for you; but as Paul suggests, the PKCS#11 API and its dependence on external drivers and libraries means it's not easy to work with. In some cases where you only need to support one type of device (or a family of devices that all use the same driver / library) it might well be easier to just write a simple engine that only supports the features you need. You can use the source for the existing engines in OpenSSL to get an idea of what that looks like.
>
> A few years back I forked the OpenSSL CAPI engine to make some fixes and enhancements, and that was pretty straightforward.
>
> So if you have a well-documented API for your particular smartcard, with handy functions like "do this to get an RSA signature of a blob of data with this key ID and these parameters", you may want to try Paul's route. Really depends on your requirements and what kind of support you already have for your device.
>
> And all of this changes in 3.0 with the new "provider" architecture, so you'll get to take another crack at it soon.
>
> --
> Michael Wojcik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/1e6888aa/attachment.html>

From Michael.Wojcik at microfocus.com  Mon Dec 14 20:36:27 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 14 Dec 2020 20:36:27 +0000
Subject: private key not available for client_cert_cb
In-Reply-To: <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
Message-ID: <BN8PR18MB2692510C5722A5502B823C46F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of George
> Sent: Monday, 14 December, 2020 13:01

> Once I get  the resulting EVP_PKEY using ENGINE_load_private_key(...),
> how do I assign it to pkey in the callback function?

I don't know offhand. As I said in my other message, that's not an area I had to get into when I was working with PKCS#11 some years ago.

My advice is to look at existing examples, such as the code Jan pointed you to.

--
Michael Wojcik

From dnsands at sandia.gov  Mon Dec 14 23:45:43 2020
From: dnsands at sandia.gov (Sands, Daniel)
Date: Mon, 14 Dec 2020 23:45:43 +0000
Subject: DH_compute_key ()  - replacement in 3.0
Message-ID: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>

to exactly replace this we are generating ?pubparam_key/priparam_key?  using   bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret




Didn?t you generate the private keys using the EVP_PKEY_gen as was suggested to your previous email inquiry?  If so, you shouldn?t have to rebuild it in such a way, since you already have a usable PKEY that has the generated keypair.  If you created a private keypair called privkey, the public key data can be sent to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer?s side with d2i_PUBKEY_bio(peer_bio, &peerkey);

Now you just need to build a new context around your private EVP_PKEY using derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive series of calls.

Your example code does not seem to set the P or G parameters of your keypair, so if you must do it that way, you will need to add them too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/d35877b4/attachment.html>

From sanarayana at rbbn.com  Tue Dec 15 08:17:02 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Tue, 15 Dec 2020 08:17:02 +0000
Subject: DH_compute_key ()  - replacement in 3.0
In-Reply-To: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>
References: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>
Message-ID: <SN6PR03MB4061B0F06191D66ACB61F73AB0C60@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi Daniel ,
We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, but since this was a non-ephemeral and we wanted to store the key in "raw" octet bytes, so we did extracted the whole DH priv/pub key pair out from the key generated via  EVP_PKEY_gen  ( using as suggested? EVP_PKEY_get_raw_public_key (pkey, pub, &len)  )

Now, at a later stage in application we have to compute the Secret key using the stored key?s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and given to DH_compute_key as below.

   BIGNUM      *bn_publicKey;
    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Please suggest?


Regards,
Sunil

From: Sands, Daniel <dnsands at sandia.gov>
Sent: 15 December 2020 05:16
To: Narayana, Sunil Kumar <sanarayana at rbbn.com>; openssl-users at openssl.org
Subject: RE: DH_compute_key () - replacement in 3.0

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

to exactly replace this we are generating ?pubparam_key/priparam_key?  using   bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret




Didn?t you generate the private keys using the EVP_PKEY_gen as was suggested to your previous email inquiry?  If so, you shouldn?t have to rebuild it in such a way, since you already have a usable PKEY that has the generated keypair.  If you created a private keypair called privkey, the public key data can be sent to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer?s side with d2i_PUBKEY_bio(peer_bio, &peerkey);

Now you just need to build a new context around your private EVP_PKEY using derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive series of calls.

Your example code does not seem to set the P or G parameters of your keypair, so if you must do it that way, you will need to add them too.


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201215/b6df7641/attachment-0001.html>

From janjust at nikhef.nl  Tue Dec 15 09:38:09 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Tue, 15 Dec 2020 10:38:09 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
Message-ID: <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>

Hi,

On 14/12/20 21:01, George wrote:
> Ok, so I am not actually going to populate EVP_PKEY with a private key 
> in the callback function:
> int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
>
> Instead, I will call
> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
> UI_METHOD *ui_method, void *callback_data);
> to get the EVP_PKEY, which will be used by OpenSSL to access the Smart 
> Card.
>
> Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...), 
> how do I assign it to pkey in the callback function?
> If I had private key I would use something like
> EVP_PKEY_assign_RSA(..)
> Since I don't actually have a private key, should I use something else?
>
like Michael pointed out, my? eap-tls code is just an example of how you 
could handle a pkcs11 device; it does not us a callback at all, but my 
code loads the client cert+key upfront and avoids having to use a client 
callback altogether.

I guess you could also use a client callback for this (perhaps in 
combination with SSL_CTX_set_client_cert_engine()) . In that case you 
would get the (pseudo) key from the engine like this
 ?? EVP_PKEY *engine_key = ENGINE_load_private_key(ENGINE *e, const char 
*key_id, UI_METHOD *ui_method, void *callback_data);
and then set
 ? pkey = &engine_key;
and see if that works.
Note that the ENGINE_load_private_key() function *does* return a 
EVP_PKEY struct but that does not mean the entire private key is 
contained in it; a private key consists of a modulus and a private part 
(exponent, prime1, prime2, exponent1, exponent2 etc). the 
ENGINE_load_private_key() call will return a struct containing the 
modulus but not the rest. You then use the engine to do the actual 
encryption and decryption.

HTH,

JJK


>
>
> Thanks,
> George
>
>
> On 2020-12-14 12:59 p.m., Michael Wojcik wrote:
>>
>> You can't get the private key from the smartcard. Instead, you have to let the engine do the encryption. I don't know what ENGINE_load_private_key actually does - in my PKCS#11 work I didn't have to get into this - but I suspect it just puts a key identifier into pkey.
>>
>> Then what ought to happen is that you pass that pkey to OpenSSL where you need an EVP_PKEY, and OpenSSL will call the engine's appropriate method for whatever it needs to do, and the engine will tell the smartcard "do this thing using the key with this identifier".
>>
>> I suggest you refer to a example such as the PPP code that Jan cited to see how it does this sort of thing.
>>
>> Or you can take the approach that Paul suggests in his reply of writing your own engine specifically for your hardware, if you don't need generic PKCS#11 support. Basically, PKCS#11 gives you support for more devices, and in principle should do some of the work for you; but as Paul suggests, the PKCS#11 API and its dependence on external drivers and libraries means it's not easy to work with. In some cases where you only need to support one type of device (or a family of devices that all use the same driver / library) it might well be easier to just write a simple engine that only supports the features you need. You can use the source for the existing engines in OpenSSL to get an idea of what that looks like.
>>
>> A few years back I forked the OpenSSL CAPI engine to make some fixes and enhancements, and that was pretty straightforward.
>>
>> So if you have a well-documented API for your particular smartcard, with handy functions like "do this to get an RSA signature of a blob of data with this key ID and these parameters", you may want to try Paul's route. Really depends on your requirements and what kind of support you already have for your device.
>>
>> And all of this changes in 3.0 with the new "provider" architecture, so you'll get to take another crack at it soon.
>>
>> --
>> Michael Wojcik
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201215/f1c1e916/attachment.html>

From dnsands at sandia.gov  Tue Dec 15 23:30:27 2020
From: dnsands at sandia.gov (Sands, Daniel)
Date: Tue, 15 Dec 2020 23:30:27 +0000
Subject: [EXTERNAL] RE: DH_compute_key ()  - replacement in 3.0
In-Reply-To: <SN6PR03MB4061B0F06191D66ACB61F73AB0C60@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>
 <SN6PR03MB4061B0F06191D66ACB61F73AB0C60@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <a7ad96a6fd22413ebbb2fc7088ddc4ce@ES08AMSNLNT.srn.sandia.gov>

We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, but since this was a non-ephemeral and we wanted to store the key in "raw" octet bytes, so we did extracted the whole DH priv/pub key pair out from the key generated via  EVP_PKEY_gen  ( using as suggested? EVP_PKEY_get_raw_public_key (pkey, pub, &len)  )

Now, at a later stage in application we have to compute the Secret key using the stored key?s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and given to DH_compute_key as below.

   BIGNUM      *bn_publicKey;
    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Please suggest?

Is it possible to change the format of your raw blob?  If so, you can use i2d_PrivateKey or friends to output the entire private key to your raw data blob, and use d2i_PrivateKey et al to read it back into a working EVP_PKEY in a single call.

Otherwise, one shortcut you can do to avoid all the params work is to create a static array since you should already know how many params you need.  But you need the public key, the private key, the generator (g), and the prime modulus (p).  The following (untested) code ought to work.

OSSL_PARAM params[5];

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, <prime modulus>, <prime modulus bytes size>);
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, <generator>);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, <public key>, <public key bytes size>);
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, <private key>, <private key bytes size>);
params[4] = OSSL_PARAM_construct_end();

my_key_ctx = EVP_PKEY_CTX_new_from_name(NULL, ?DH?, NULL);
EVP_PKEY_derive_init(my_key_ctx);
EVP_PKEY_CTX_set_params(my_key_ctx, params);
?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201215/9514837a/attachment-0001.html>

From sanarayana at rbbn.com  Wed Dec 16 15:13:38 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Wed, 16 Dec 2020 15:13:38 +0000
Subject: [EXTERNAL] RE: DH_compute_key ()  - replacement in 3.0
In-Reply-To: <a7ad96a6fd22413ebbb2fc7088ddc4ce@ES08AMSNLNT.srn.sandia.gov>
References: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>
 <SN6PR03MB4061B0F06191D66ACB61F73AB0C60@SN6PR03MB4061.namprd03.prod.outlook.com>
 <a7ad96a6fd22413ebbb2fc7088ddc4ce@ES08AMSNLNT.srn.sandia.gov>
Message-ID: <SN6PR03MB406135239DF66B4692E82689B0C50@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi Daniel,
                Thanks we will try it out.
One more doubt regarding  DH_generate_key, as per earlier suggestion we tried following changes to replicate the generate key, but we observe that the out put key is not matching with the one that is obtained by DH_generate_key() of older version. Note that the inputs are same in both scenario.

Inputs to both EVP version & DH_generate_key are same as below?
BIGNUM P input:  FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A4
BIGNUM G input: 2

(Code suggested to replace DH_generate_key ) ?????.
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
EVP_PKEY *param_key = NULL;

if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
goto err;

if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
goto err;

params = OSSL_PARAM_BLD_to_param(tmpl);
if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))

EVP_PKEY *key = NULL;
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);

Post this we obtained DH from the key and printed dh->p, dh->g, dh->priv, dh->pub using below API
dh = EVP_PKEY_get0_DH(pkey);
DH_get0_key(dh, &dh_pubkey,&dh_privkey);
DH_get0_pqg(dh, &dhp, &dhq, &dhg);
BN_print_fp(dhfp, dh_pubkey);.. etc

Note : post fetching DH from pkey, the input params (P,G) are matching properly. But pub/priv keys are not matching with the DH_generate_key output.
Please suggest.

Regards,
Sunil
From: Sands, Daniel <dnsands at sandia.gov>
Sent: 16 December 2020 05:00
To: Narayana, Sunil Kumar <sanarayana at rbbn.com>; openssl-users at openssl.org
Subject: RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, but since this was a non-ephemeral and we wanted to store the key in "raw" octet bytes, so we did extracted the whole DH priv/pub key pair out from the key generated via  EVP_PKEY_gen  ( using as suggested? EVP_PKEY_get_raw_public_key (pkey, pub, &len)  )

Now, at a later stage in application we have to compute the Secret key using the stored key?s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and given to DH_compute_key as below.

   BIGNUM      *bn_publicKey;
    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Please suggest?


Is it possible to change the format of your raw blob?  If so, you can use i2d_PrivateKey or friends to output the entire private key to your raw data blob, and use d2i_PrivateKey et al to read it back into a working EVP_PKEY in a single call.

Otherwise, one shortcut you can do to avoid all the params work is to create a static array since you should already know how many params you need.  But you need the public key, the private key, the generator (g), and the prime modulus (p).  The following (untested) code ought to work.

OSSL_PARAM params[5];

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, <prime modulus>, <prime modulus bytes size>);
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, <generator>);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, <public key>, <public key bytes size>);
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, <private key>, <private key bytes size>);
params[4] = OSSL_PARAM_construct_end();

my_key_ctx = EVP_PKEY_CTX_new_from_name(NULL, ?DH?, NULL);
EVP_PKEY_derive_init(my_key_ctx);
EVP_PKEY_CTX_set_params(my_key_ctx, params);
?


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201216/4ab04d69/attachment.html>

From bergerkos at yahoo.co.uk  Wed Dec 16 18:37:14 2020
From: bergerkos at yahoo.co.uk (Kostya Berger)
Date: Wed, 16 Dec 2020 18:37:14 +0000 (UTC)
Subject: p12 bundle for Android (WiFi EAP-TLS)
References: <805537346.2254324.1608143834750.ref@mail.yahoo.com>
Message-ID: <805537346.2254324.1608143834750@mail.yahoo.com>

Hello, everyone!
I'm creating a p12 bundled certificate (I used it for Android phone). Used both easyrsa command and, alternatively, openssl command as shown in many manuals, like this:
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -name "name" -out client_android.p12 

The idea is to bundle up user key/cert and ca used to sign these. The problem, though, is that when installing this bundle on Android phone, it only recognizes the USER cert+ky, but not the CA!However, quite recently, I used the same command to create cert.p12 for another env, and THAT bundle is recognized as containing all three: user key+cert + CA.cert.
The command seems to be the same. What could be missing there?Thank you for you help :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201216/5b886980/attachment-0001.html>

From whippet0 at gmail.com  Wed Dec 16 19:26:59 2020
From: whippet0 at gmail.com (George)
Date: Wed, 16 Dec 2020 14:26:59 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
Message-ID: <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>

Hi,

 ?? I've been looking at the code in the pppd EAP-TLS patch, but I can't 
seem to load the engine with the pkcs11 DLL. It is failing with the error:

error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to 
the requested symbol name

I've verified the path is correct.

I am using OpenSSL1.0.2u with the FIPS Object Module 2.0.16? in Windows 
10. Do I need to do anything special to allow loading of DLLs in OpenSSL?

Here is what I am trying to do:

 ??? char* engine_name = 
"C:\\Users\\whipp\\junk4\\ActivClient\\acpkcs211.dll";
 ??? ENGINE_load_builtin_engines();
 ??? ENGINE_register_all_complete();
 ??? ENGINE *pkey_engine = ENGINE_by_id("dynamic");
 ??? ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", engine_name, 0);
 ??? ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
 ??? ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);

Do you see anything wrong with this?


Thanks,
George

On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
> Hi,
>
> On 14/12/20 21:01, George wrote:
>> Ok, so I am not actually going to populate EVP_PKEY with a private 
>> key in the callback function:
>> int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
>>
>> Instead, I will call
>> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
>> UI_METHOD *ui_method, void *callback_data);
>> to get the EVP_PKEY, which will be used by OpenSSL to access the 
>> Smart Card.
>>
>> Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...), 
>> how do I assign it to pkey in the callback function?
>> If I had private key I would use something like
>> EVP_PKEY_assign_RSA(..)
>> Since I don't actually have a private key, should I use something else?
>>
> like Michael pointed out, my? eap-tls code is just an example of how 
> you could handle a pkcs11 device; it does not us a callback at all, 
> but my code loads the client cert+key upfront and avoids having to use 
> a client callback altogether.
>
> I guess you could also use a client callback for this (perhaps in 
> combination with SSL_CTX_set_client_cert_engine()) . In that case you 
> would get the (pseudo) key from the engine like this
> ?? EVP_PKEY *engine_key = ENGINE_load_private_key(ENGINE *e, const 
> char *key_id, UI_METHOD *ui_method, void *callback_data);
> and then set
> ? pkey = &engine_key;
> and see if that works.
> Note that the ENGINE_load_private_key() function *does* return a 
> EVP_PKEY struct but that does not mean the entire private key is 
> contained in it; a private key consists of a modulus and a private 
> part (exponent, prime1, prime2, exponent1, exponent2 etc). the 
> ENGINE_load_private_key() call will return a struct containing the 
> modulus but not the rest. You then use the engine to do the actual 
> encryption and decryption.
>
> HTH,
>
> JJK
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201216/547d72df/attachment.html>

From dnsands at sandia.gov  Wed Dec 16 20:43:15 2020
From: dnsands at sandia.gov (Sands, Daniel)
Date: Wed, 16 Dec 2020 20:43:15 +0000
Subject: [EXTERNAL] RE: DH_compute_key ()  - replacement in 3.0
In-Reply-To: <SN6PR03MB406135239DF66B4692E82689B0C50@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <fd8d929d20cd4f85964f00b9f090e823@ES08AMSNLNT.srn.sandia.gov>
 <SN6PR03MB4061B0F06191D66ACB61F73AB0C60@SN6PR03MB4061.namprd03.prod.outlook.com>
 <a7ad96a6fd22413ebbb2fc7088ddc4ce@ES08AMSNLNT.srn.sandia.gov>
 <SN6PR03MB406135239DF66B4692E82689B0C50@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <558836574571446a9d25395b651bec72@ES08AMSNLNT.srn.sandia.gov>

Hi Daniel,
                Thanks we will try it out.
One more doubt regarding  DH_generate_key, as per earlier suggestion we tried following changes to replicate the generate key, but we observe that the out put key is not matching with the one that is obtained by DH_generate_key() of older version. Note that the inputs are same in both scenario.




The generated key should be random.  So unless you seed your PRNG with a constant value, you should always generate a different public/private keypair.  Between OpenSSL versions, the PRNG may have changed, so I would not depend on them to output the same value even with the same PRNG seed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201216/d1497f59/attachment.html>

From janjust at nikhef.nl  Thu Dec 17 08:22:08 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Thu, 17 Dec 2020 09:22:08 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
Message-ID: <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>

Hi,

On 16/12/20 20:26, George wrote:
> Hi,
>
> ?? I've been looking at the code in the pppd EAP-TLS patch, but I 
> can't seem to load the engine with the pkcs11 DLL. It is failing with 
> the error:
>
> error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to 
> the requested symbol name
>
> I've verified the path is correct.
>
> I am using OpenSSL1.0.2u with the FIPS Object Module 2.0.16? in 
> Windows 10. Do I need to do anything special to allow loading of DLLs 
> in OpenSSL?
>
> Here is what I am trying to do:
>
> ??? char* engine_name = 
> "C:\\Users\\whipp\\junk4\\ActivClient\\acpkcs211.dll";
> ??? ENGINE_load_builtin_engines();
> ??? ENGINE_register_all_complete();
> ??? ENGINE *pkey_engine = ENGINE_by_id("dynamic");
> ??? ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", engine_name, 0);
> ??? ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
> ??? ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
>
> Do you see anything wrong with this?
>

I forgot to mention that loading a PKCS11 driver from within OpenSSL is 
a 2 stage rocket:

first stage:? load the engine_pkcs11 module using

 ??? char* engine_name = "|C:\\Windows\\System32\\pkcs11.dll"|

This is a separate piece of code and is part of the libp11 project:
 ? https://github.com/OpenSC/libp11

(it also has a nice wiki that explains how to do it on the command line 
using OPENSSL.EXE)

Then create an openssl.cnf section like this:

|openssl_conf = openssl_init [openssl_init] engines = engine_section 
[engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = 
pkcs11 dynamic_path = "C:\Windows\System32\opensc-pkcs11.dll" 
MODULE_path = "||C:\Users\whipp\junk4\ActivClient\acpkcs211.dll" PIN = "0001password" 
init = 0|


and load that (see the EAP-TLS code for an example or read
https://stackoverflow.com/questions/41119744/pkcs11-engine-for-openssl
for a similar question).

HTH,

JJK




> On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
>> Hi,
>>
>> On 14/12/20 21:01, George wrote:
>>> Ok, so I am not actually going to populate EVP_PKEY with a private 
>>> key in the callback function:
>>> int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
>>>
>>> Instead, I will call
>>> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
>>> UI_METHOD *ui_method, void *callback_data);
>>> to get the EVP_PKEY, which will be used by OpenSSL to access the 
>>> Smart Card.
>>>
>>> Once I get the resulting EVP_PKEY using 
>>> ENGINE_load_private_key(...), how do I assign it to pkey in the 
>>> callback function?
>>> If I had private key I would use something like
>>> EVP_PKEY_assign_RSA(..)
>>> Since I don't actually have a private key, should I use something else?
>>>
>> like Michael pointed out, my? eap-tls code is just an example of how 
>> you could handle a pkcs11 device; it does not us a callback at all, 
>> but my code loads the client cert+key upfront and avoids having to 
>> use a client callback altogether.
>>
>> I guess you could also use a client callback for this (perhaps in 
>> combination with SSL_CTX_set_client_cert_engine()) . In that case you 
>> would get the (pseudo) key from the engine like this
>> ?? EVP_PKEY *engine_key = ENGINE_load_private_key(ENGINE *e, const 
>> char *key_id, UI_METHOD *ui_method, void *callback_data);
>> and then set
>> ? pkey = &engine_key;
>> and see if that works.
>> Note that the ENGINE_load_private_key() function *does* return a 
>> EVP_PKEY struct but that does not mean the entire private key is 
>> contained in it; a private key consists of a modulus and a private 
>> part (exponent, prime1, prime2, exponent1, exponent2 etc). the 
>> ENGINE_load_private_key() call will return a struct containing the 
>> modulus but not the rest. You then use the engine to do the actual 
>> encryption and decryption.
>>
>> HTH,
>>
>> JJK
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201217/c2d2ef0b/attachment-0001.html>

From 1986geetha at gmail.com  Thu Dec 17 09:25:25 2020
From: 1986geetha at gmail.com (Geetha)
Date: Thu, 17 Dec 2020 14:55:25 +0530
Subject: Openssl - windows mobile
Message-ID: <CAMRqreMHnoW4xBdzVFbs0ebff95fjod99Q2zf+243Zv1affR6A@mail.gmail.com>

Hi,

I am trying to connect SSL server through windows mobile, but when I add
connection code not able to execute the executable in emulator.

It says the specified program requires a newer version of windows. But when
I remove openssl code I can able to execute in emulator.

Please help.

Regards,
Geetha.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201217/2a0f61e6/attachment.html>

From rajprudvi98 at gmail.com  Thu Dec 17 09:46:47 2020
From: rajprudvi98 at gmail.com (prudvi raj)
Date: Thu, 17 Dec 2020 15:16:47 +0530
Subject: Set custom bn_mod_exp functions in openssl 1.1.1
Message-ID: <CANk5VoOhm9JT1r-KcHaP4yfgVUQo0VwoBX8oWruzM0jqkhzcXw@mail.gmail.com>

Hi,

I need to set custom accelerated functions for bn_mod_exp methods in
openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code snippet
() :
--
    static DH_METHOD Intoto_DH_Method;
    static RSA_METHOD Intoto_RSA_Method;
    static DSA_METHOD Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {
        Intoto_DH_Method = *(DH_get_default_method());
        Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
        DH_set_default_method(&Intoto_DH_Method);

        Intoto_RSA_Method = *(RSA_get_default_method());
        Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
        RSA_set_default_method(&Intoto_RSA_Method);

        Intoto_DSA_Method = *(DSA_get_default_method());
        Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
        DSA_set_default_method(&Intoto_DSA_Method);

        return;
    }
--
As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can anyone
help me with what would be the replacement for above code ??

Thanks,
Prudvi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201217/ee25c433/attachment.html>

From tmraz at redhat.com  Thu Dec 17 10:37:48 2020
From: tmraz at redhat.com (Tomas Mraz)
Date: Thu, 17 Dec 2020 11:37:48 +0100
Subject: Set custom bn_mod_exp functions in openssl 1.1.1
In-Reply-To: <CANk5VoOhm9JT1r-KcHaP4yfgVUQo0VwoBX8oWruzM0jqkhzcXw@mail.gmail.com>
References: <CANk5VoOhm9JT1r-KcHaP4yfgVUQo0VwoBX8oWruzM0jqkhzcXw@mail.gmail.com>
Message-ID: <89fcf36a8fadcf6f74c9972fb45833d14de50db2.camel@redhat.com>

On Thu, 2020-12-17 at 15:16 +0530, prudvi raj wrote:
> Hi,
> 
> I need to set custom accelerated functions for bn_mod_exp methods in
> openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code
> snippet () :
> --
>     static DH_METHOD Intoto_DH_Method;
>     static RSA_METHOD Intoto_RSA_Method;
>     static DSA_METHOD Intoto_DSA_Method;
> 
>     void updatePublicKeyMethods()
>     {    
>         Intoto_DH_Method = *(DH_get_default_method());
>         Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
>         DH_set_default_method(&Intoto_DH_Method);
> 
>         Intoto_RSA_Method = *(RSA_get_default_method());
>         Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
>         RSA_set_default_method(&Intoto_RSA_Method);
> 
>         Intoto_DSA_Method = *(DSA_get_default_method());
>         Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
>         DSA_set_default_method(&Intoto_DSA_Method);
> 
>         return;
>     } 
> --
> As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can
> anyone help me with what would be the replacement for above code ??

There is RSA_meth_set_bn_mod_exp() function and the respective
equivalents for DH and DSA. Of course you'll also have to use
RSA_meth_dup() to duplicate the default method before you can
manipulate it. And you'll need to free it once you stop using the
OpenSSL functions.

-- 
Tom?? Mr?z
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]



From whippet0 at gmail.com  Thu Dec 17 13:55:37 2020
From: whippet0 at gmail.com (George)
Date: Thu, 17 Dec 2020 08:55:37 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
Message-ID: <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>

Ok. So I use the libp11 project DLL file for the SO_PATH and my smart 
card middleware DLL for the MODULE_PATH when setting up the OpenSSL Engine?


Thanks,
George



On 2020-12-17 3:22 a.m., Jan Just Keijser wrote:
> Hi,
>
> On 16/12/20 20:26, George wrote:
>> Hi,
>>
>> ?? I've been looking at the code in the pppd EAP-TLS patch, but I 
>> can't seem to load the engine with the pkcs11 DLL. It is failing with 
>> the error:
>>
>> error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to 
>> the requested symbol name
>>
>> I've verified the path is correct.
>>
>> I am using OpenSSL1.0.2u with the FIPS Object Module 2.0.16 in 
>> Windows 10. Do I need to do anything special to allow loading of DLLs 
>> in OpenSSL?
>>
>> Here is what I am trying to do:
>>
>> ??? char* engine_name = 
>> "C:\\Users\\whipp\\junk4\\ActivClient\\acpkcs211.dll";
>> ??? ENGINE_load_builtin_engines();
>> ??? ENGINE_register_all_complete();
>> ??? ENGINE *pkey_engine = ENGINE_by_id("dynamic");
>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", engine_name, 0);
>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
>>
>> Do you see anything wrong with this?
>>
>
> I forgot to mention that loading a PKCS11 driver from within OpenSSL 
> is a 2 stage rocket:
>
> first stage:? load the engine_pkcs11 module using
>
> ??? char* engine_name = "|C:\\Windows\\System32\\pkcs11.dll"|
>
> This is a separate piece of code and is part of the libp11 project:
> https://github.com/OpenSC/libp11
>
> (it also has a nice wiki that explains how to do it on the command 
> line using OPENSSL.EXE)
>
> Then create an openssl.cnf section like this:
>
> |openssl_conf = openssl_init [openssl_init] engines = engine_section 
> [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = 
> pkcs11 dynamic_path = "C:\Windows\System32\opensc-pkcs11.dll" 
> MODULE_path = "||C:\Users\whipp\junk4\ActivClient\acpkcs211.dll" PIN = "0001password" 
> init = 0|
>
> and load that (see the EAP-TLS code for an example or read
> https://stackoverflow.com/questions/41119744/pkcs11-engine-for-openssl
> for a similar question).
>
> HTH,
>
> JJK
>
>
>
>
>> On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
>>> Hi,
>>>
>>> On 14/12/20 21:01, George wrote:
>>>> Ok, so I am not actually going to populate EVP_PKEY with a private 
>>>> key in the callback function:
>>>> int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
>>>>
>>>> Instead, I will call
>>>> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
>>>> UI_METHOD *ui_method, void *callback_data);
>>>> to get the EVP_PKEY, which will be used by OpenSSL to access the 
>>>> Smart Card.
>>>>
>>>> Once I get the resulting EVP_PKEY using 
>>>> ENGINE_load_private_key(...), how do I assign it to pkey in the 
>>>> callback function?
>>>> If I had private key I would use something like
>>>> EVP_PKEY_assign_RSA(..)
>>>> Since I don't actually have a private key, should I use something else?
>>>>
>>> like Michael pointed out, my? eap-tls code is just an example of how 
>>> you could handle a pkcs11 device; it does not us a callback at all, 
>>> but my code loads the client cert+key upfront and avoids having to 
>>> use a client callback altogether.
>>>
>>> I guess you could also use a client callback for this (perhaps in 
>>> combination with SSL_CTX_set_client_cert_engine()) . In that case 
>>> you would get the (pseudo) key from the engine like this
>>> ?? EVP_PKEY *engine_key = ENGINE_load_private_key(ENGINE *e, const 
>>> char *key_id, UI_METHOD *ui_method, void *callback_data);
>>> and then set
>>> ? pkey = &engine_key;
>>> and see if that works.
>>> Note that the ENGINE_load_private_key() function *does* return a 
>>> EVP_PKEY struct but that does not mean the entire private key is 
>>> contained in it; a private key consists of a modulus and a private 
>>> part (exponent, prime1, prime2, exponent1, exponent2 etc). the 
>>> ENGINE_load_private_key() call will return a struct containing the 
>>> modulus but not the rest. You then use the engine to do the actual 
>>> encryption and decryption.
>>>
>>> HTH,
>>>
>>> JJK
>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201217/6568af78/attachment-0001.html>

From sanarayana at rbbn.com  Thu Dec 17 15:17:05 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Thu, 17 Dec 2020 15:17:05 +0000
Subject: DH_compute_key ()  - replacement in 3.0
Message-ID: <SN6PR03MB40616DCDB9A63E556C3E85FDB0C40@SN6PR03MB4061.namprd03.prod.outlook.com>

Hi,
                For the equivalent replacement of DH_compute_key in 3.0, we tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive  fails to perform.  please suggest if any steps are wrong or missing here.

//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret

Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char*  p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();

gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)

/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, &skeylen)
EVP_PKEY_derive(gctx, sharedSecret, &skeylen)
}

Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g

From: Sands, Daniel <dnsands at sandia.gov>
Sent: 16 December 2020 05:00
To: Narayana, Sunil Kumar <sanarayana at rbbn.com>; openssl-users at openssl.org
Subject: RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, but since this was a non-ephemeral and we wanted to store the key in "raw" octet bytes, so we did extracted the whole DH priv/pub key pair out from the key generated via  EVP_PKEY_gen  ( using as suggested? EVP_PKEY_get_raw_public_key (pkey, pub, &len)  )

Now, at a later stage in application we have to compute the Secret key using the stored key?s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and given to DH_compute_key as below.

   BIGNUM      *bn_publicKey;
    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Please suggest?


Is it possible to change the format of your raw blob?  If so, you can use i2d_PrivateKey or friends to output the entire private key to your raw data blob, and use d2i_PrivateKey et al to read it back into a working EVP_PKEY in a single call.

Otherwise, one shortcut you can do to avoid all the params work is to create a static array since you should already know how many params you need.  But you need the public key, the private key, the generator (g), and the prime modulus (p).  The following (untested) code ought to work.

OSSL_PARAM params[5];

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, <prime modulus>, <prime modulus bytes size>);
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, <generator>);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, <public key>, <public key bytes size>);
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, <private key>, <private key bytes size>);
params[4] = OSSL_PARAM_construct_end();

my_key_ctx = EVP_PKEY_CTX_new_from_name(NULL, ?DH?, NULL);
EVP_PKEY_derive_init(my_key_ctx);
EVP_PKEY_CTX_set_params(my_key_ctx, params);
?


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201217/584d150b/attachment.html>

From janjust at nikhef.nl  Fri Dec 18 01:39:46 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Fri, 18 Dec 2020 02:39:46 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
Message-ID: <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>

On 17/12/20 14:55, George wrote:
> Ok. So I use the libp11 project DLL file for the SO_PATH and my smart 
> card middleware DLL for the MODULE_PATH when setting up the OpenSSL 
> Engine?
>
>
yes just like in the example I posted below.

I would recommend the p11 wiki page to do it using the command line 
first - much easier to test & debug.

JJK

>
>
> On 2020-12-17 3:22 a.m., Jan Just Keijser wrote:
>> Hi,
>>
>> On 16/12/20 20:26, George wrote:
>>> Hi,
>>>
>>> ?? I've been looking at the code in the pppd EAP-TLS patch, but I 
>>> can't seem to load the engine with the pkcs11 DLL. It is failing 
>>> with the error:
>>>
>>> error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind 
>>> to the requested symbol name
>>>
>>> I've verified the path is correct.
>>>
>>> I am using OpenSSL1.0.2u with the FIPS Object Module 2.0.16 in 
>>> Windows 10. Do I need to do anything special to allow loading of 
>>> DLLs in OpenSSL?
>>>
>>> Here is what I am trying to do:
>>>
>>> ??? char* engine_name = 
>>> "C:\\Users\\whipp\\junk4\\ActivClient\\acpkcs211.dll";
>>> ??? ENGINE_load_builtin_engines();
>>> ??? ENGINE_register_all_complete();
>>> ??? ENGINE *pkey_engine = ENGINE_by_id("dynamic");
>>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", engine_name, 0);
>>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
>>> ??? ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
>>>
>>> Do you see anything wrong with this?
>>>
>>
>> I forgot to mention that loading a PKCS11 driver from within OpenSSL 
>> is a 2 stage rocket:
>>
>> first stage:? load the engine_pkcs11 module using
>>
>> ??? char* engine_name = "|C:\\Windows\\System32\\pkcs11.dll"|
>>
>> This is a separate piece of code and is part of the libp11 project:
>> https://github.com/OpenSC/libp11
>>
>> (it also has a nice wiki that explains how to do it on the command 
>> line using OPENSSL.EXE)
>>
>> Then create an openssl.cnf section like this:
>>
>> |openssl_conf = openssl_init [openssl_init] engines = engine_section 
>> [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = 
>> pkcs11 dynamic_path = "C:\Windows\System32\opensc-pkcs11.dll" 
>> MODULE_path = "||C:\Users\whipp\junk4\ActivClient\acpkcs211.dll" PIN = "0001password" 
>> init = 0|
>>
>> and load that (see the EAP-TLS code for an example or read
>> https://stackoverflow.com/questions/41119744/pkcs11-engine-for-openssl
>> for a similar question).
>>
>> HTH,
>>
>> JJK
>>
>>
>>
>>
>>> On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
>>>> Hi,
>>>>
>>>> On 14/12/20 21:01, George wrote:
>>>>> Ok, so I am not actually going to populate EVP_PKEY with a private 
>>>>> key in the callback function:
>>>>> int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
>>>>>
>>>>> Instead, I will call
>>>>> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 
>>>>> UI_METHOD *ui_method, void *callback_data);
>>>>> to get the EVP_PKEY, which will be used by OpenSSL to access the 
>>>>> Smart Card.
>>>>>
>>>>> Once I get the resulting EVP_PKEY using 
>>>>> ENGINE_load_private_key(...), how do I assign it to pkey in the 
>>>>> callback function?
>>>>> If I had private key I would use something like
>>>>> EVP_PKEY_assign_RSA(..)
>>>>> Since I don't actually have a private key, should I use something 
>>>>> else?
>>>>>
>>>> like Michael pointed out, my? eap-tls code is just an example of 
>>>> how you could handle a pkcs11 device; it does not us a callback at 
>>>> all, but my code loads the client cert+key upfront and avoids 
>>>> having to use a client callback altogether.
>>>>
>>>> I guess you could also use a client callback for this (perhaps in 
>>>> combination with SSL_CTX_set_client_cert_engine()) . In that case 
>>>> you would get the (pseudo) key from the engine like this
>>>> ?? EVP_PKEY *engine_key = ENGINE_load_private_key(ENGINE *e, const 
>>>> char *key_id, UI_METHOD *ui_method, void *callback_data);
>>>> and then set
>>>> ? pkey = &engine_key;
>>>> and see if that works.
>>>> Note that the ENGINE_load_private_key() function *does* return a 
>>>> EVP_PKEY struct but that does not mean the entire private key is 
>>>> contained in it; a private key consists of a modulus and a private 
>>>> part (exponent, prime1, prime2, exponent1, exponent2 etc). the 
>>>> ENGINE_load_private_key() call will return a struct containing the 
>>>> modulus but not the rest. You then use the engine to do the actual 
>>>> encryption and decryption.
>>>>
>>>> HTH,
>>>>
>>>> JJK
>>>>
>>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201218/810695ce/attachment-0001.html>

From whippet0 at gmail.com  Fri Dec 18 05:21:00 2020
From: whippet0 at gmail.com (George)
Date: Fri, 18 Dec 2020 00:21:00 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
Message-ID: <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>

Hi,

 ?? I'm able to setup the engine now, but as soon as I attempt to 
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:

Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
unsigned long at memory location 0x07FCFA00.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
AI::Middleware::CMWException at memory location 0x032FD2D0.
.
.
.


Do you have any idea what is causing these errors? Am I missing 
something in the configuration? When I use the OpenSSL command line 
debugger, there are no errors:

OpenSSL> engine -t dynamic -pre 
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
(dynamic) Dynamic engine loading support
[Success]: 
SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:C:\Program Files (x86)\HID 
Global\ActivClient\\acpkcs211.dll
Loaded: (pkcs11) pkcs11 engine
 ???? [ available ]
OpenSSL>


Here is what my simplified code looks like:

char* enginePluginLibrary = 
"C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll";
char* pkcs11MiddlewareLibrary = "C:\\Program Files (x86)\\HID 
Global\\ActivClient\\acpkcs211.dll";
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
ENGINE *pkey_engine = ENGINE_by_id("dynamic");

ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", enginePluginLibrary, 0);
ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
ENGINE_ctrl_cmd_string(pkey_engine, "LIST_ADD", "1", 0);
ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH", 
pkcs11MiddlewareLibrary, 0);
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);


Thanks!
George



On 2020-12-17 8:39 p.m., Jan Just Keijser wrote:
> On 17/12/20 14:55, George wrote:
>> Ok. So I use the libp11 project DLL file for the SO_PATH and my smart 
>> card middleware DLL for the MODULE_PATH when setting up the OpenSSL 
>> Engine?
>>
>>
> yes just like in the example I posted below.
>
> I would recommend the p11 wiki page to do it using the command line 
> first - much easier to test & debug.
>
> JJK
>

From dnsands at sandia.gov  Fri Dec 18 06:04:32 2020
From: dnsands at sandia.gov (Sands, Daniel)
Date: Fri, 18 Dec 2020 06:04:32 +0000
Subject: [EXTERNAL] RE: DH_compute_key ()  - replacement in 3.0
In-Reply-To: <SN6PR03MB40616DCDB9A63E556C3E85FDB0C40@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <SN6PR03MB40616DCDB9A63E556C3E85FDB0C40@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <5e4c1802571340159156802c5d28594d@ES08AMSNLNT.srn.sandia.gov>



From: Narayana, Sunil Kumar <sanarayana at rbbn.com>
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel <dnsands at sandia.gov>; openssl-users at openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

Hi,
                For the equivalent replacement of DH_compute_key in 3.0, we tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive  fails to perform.  please suggest if any steps are wrong or missing here.

//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret

Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char*  p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();

gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)

/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, &skeylen)
EVP_PKEY_derive(gctx, sharedSecret, &skeylen)
}

Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g




To derive a shared secret, you also need your peer?s public key.  It will also be presented as an EVP_PKEY structure.


________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201218/2d22d6e7/attachment.html>

From janjust at nikhef.nl  Fri Dec 18 08:40:04 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Fri, 18 Dec 2020 09:40:04 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
 <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
Message-ID: <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>

Hi,

On 18/12/20 06:21, George wrote:
> Hi,
>
> ?? I'm able to setup the engine now, but as soon as I attempt to 
> execute the command
> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
> ,I see all kinds of middleware exceptions being generated:
>
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> unsigned long at memory location 0x07FCFA00.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception: 
> AI::Middleware::CMWException at memory location 0x032FD2D0.
> .
> .
> .
>
>
> Do you have any idea what is causing these errors? Am I missing 
> something in the configuration? When I use the OpenSSL command line 
> debugger, there are no errors:
>
> OpenSSL> engine -t dynamic -pre 
> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
> (dynamic) Dynamic engine loading support
> [Success]: 
> SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> [Success]: MODULE_PATH:C:\Program Files (x86)\HID 
> Global\ActivClient\\acpkcs211.dll
> Loaded: (pkcs11) pkcs11 engine
> ???? [ available ]
> OpenSSL>
>
>
> Here is what my simplified code looks like:
>
> char* enginePluginLibrary = 
> "C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll";
> char* pkcs11MiddlewareLibrary = "C:\\Program Files (x86)\\HID 
> Global\\ActivClient\\acpkcs211.dll";
> ENGINE_load_builtin_engines();
> ENGINE_register_all_complete();
> ENGINE *pkey_engine = ENGINE_by_id("dynamic");
>
> ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", enginePluginLibrary, 0);
> ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
> ENGINE_ctrl_cmd_string(pkey_engine, "LIST_ADD", "1", 0);
> ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
> ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH", 
> pkcs11MiddlewareLibrary, 0);
> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
>
>
main difference between the OPENSSL.EXE example and your code is that 
last call:

here's wat "ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)" does:


int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
 ??? if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
 ??????? return 0;
 ??? if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
 ??????? return 0;
#ifndef OPENSSL_NO_RSA
 ??? if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
 ??????? return 0;
#endif
#ifndef OPENSSL_NO_DSA
 ??? if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
 ??????? return 0;
#endif
#ifndef OPENSSL_NO_DH
 ??? if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
 ??????? return 0;
#endif
#ifndef OPENSSL_NO_ECDH
 ??? if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
 ??????? return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
 ??? if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
 ??????? return 0;
#endif
 ??? if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
 ??????? return 0;
 ??? if ((flags & ENGINE_METHOD_PKEY_METHS)
 ??????? && !ENGINE_set_default_pkey_meths(e))
 ??????? return 0;
 ??? if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
 ??????? && !ENGINE_set_default_pkey_asn1_meths(e))
 ??????? return 0;
 ??? return 1;
}

(from the openssl 1.0.2 source tree)
It could be that one of those methods is not throwing the errors with 
your smart card.
I'd advise you to test your smart card capabilities . It might also be 
useful to do more command line testing with your smartcard using

 ? engine -vvvv -t dynamic -pre 
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
Files (x86)\HID Global\ActivClient\\acpkcs211.dll"

and then try out certain operations, like encrypt/decrypt or simply use 
the command
 ? speed

and watch for any errors - that should give you a hint which method is 
not supported by your smart card.

HTH,

JJK
>
> On 2020-12-17 8:39 p.m., Jan Just Keijser wrote:
>> On 17/12/20 14:55, George wrote:
>>> Ok. So I use the libp11 project DLL file for the SO_PATH and my 
>>> smart card middleware DLL for the MODULE_PATH when setting up the 
>>> OpenSSL Engine?
>>>
>>>
>> yes just like in the example I posted below.
>>
>> I would recommend the p11 wiki page to do it using the command line 
>> first - much easier to test & debug.
>>
>> JJK
>>


From whippet0 at gmail.com  Sat Dec 19 03:48:39 2020
From: whippet0 at gmail.com (George)
Date: Fri, 18 Dec 2020 22:48:39 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
 <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
 <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>
Message-ID: <00492ef8-67aa-8848-97fe-65cf2ba3b38f@gmail.com>

Hi,

 ? I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)

This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception: 
unsigned long at memory location 0x006FCD68.

It looks like some of the Engine methods cause an exception, but not all 
of them:
*
Works:*
ENGINE_METHOD_CIPHERS
ENGINE_METHOD_DIGESTS
ENGINE_METHOD_DSA
ENGINE_METHOD_DH
ENGINE_METHOD_RAND
ENGINE_METHOD_PKEY_ASN1_METHS

*Causes An Exception:*
ENGINE_METHOD_RSA
ENGINE_METHOD_ECDH
ENGINE_METHOD_ECDSA
ENGINE_METHOD_PKEY_METHS


Is that normal behaviour, or is something wrong? Is there a way to find 
the supported engine methods to avoid triggering an exception?

It seems like alot of other smaple code I have looked at calls
ENGINE_init(pkey_engine);

Is the needed? When I call it, it always returns with "0". Should it be 
returning with "1"?

I did some testing in the OpenSSL command line, and here is what I found:

    - The command line "speed" test appears to be fine:

        OpenSSL> speed -engine pkcs11
        engine "pkcs11" set.
        Doing mdc2 for 3s on 16 size blocks: 2688737 mdc2's in 2.98s
        Doing mdc2 for 3s on 64 size blocks: 880529 mdc2's in 3.00s
        Doing mdc2 for 3s on 256 size blocks: 240916 mdc2's in 2.98s
        Doing mdc2 for 3s on 1024 size blocks: 61287 mdc2's in 3.00s
        Doing mdc2 for 3s on 8192 size blocks: 7774 mdc2's in 2.98s
        .
        .
        .

    -? I also tried the following, which successfully created the PEM files:

        OpenSSL> req -engine pkcs11 -new -key
        "pkcs11:object=Authentication - *;type=private;pin-value=123456"
        -keyform engine -out req2.pem -text -x509 -subj "/CN=*"
        OpenSSL> x509 -engine pkcs11 -signkey
        "pkcs11:object=Authentication - *;type=private;pin-value=123456"
        -keyform engine -in req2.pem -out cert2.pem





Thanks,
George


On 2020-12-18 3:40 a.m., Jan Just Keijser wrote:
> Hi,
>
> On 18/12/20 06:21, George wrote:
>> Hi,
>>
>> ?? I'm able to setup the engine now, but as soon as I attempt to 
>> execute the command
>> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
>> ,I see all kinds of middleware exceptions being generated:
>>
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: unsigned long at memory location 0x07FCFA00.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>> .
>> .
>> .
>>
>>
>> Do you have any idea what is causing these errors? Am I missing 
>> something in the configuration? When I use the OpenSSL command line 
>> debugger, there are no errors:
>>
>> OpenSSL> engine -t dynamic -pre 
>> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
>> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
>> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
>> (dynamic) Dynamic engine loading support
>> [Success]: 
>> SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
>> [Success]: ID:pkcs11
>> [Success]: LIST_ADD:1
>> [Success]: LOAD
>> [Success]: MODULE_PATH:C:\Program Files (x86)\HID 
>> Global\ActivClient\\acpkcs211.dll
>> Loaded: (pkcs11) pkcs11 engine
>> ???? [ available ]
>> OpenSSL>
>>
>>
>> Here is what my simplified code looks like:
>>
>> char* enginePluginLibrary = 
>> "C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll";
>> char* pkcs11MiddlewareLibrary = "C:\\Program Files (x86)\\HID 
>> Global\\ActivClient\\acpkcs211.dll";
>> ENGINE_load_builtin_engines();
>> ENGINE_register_all_complete();
>> ENGINE *pkey_engine = ENGINE_by_id("dynamic");
>>
>> ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", enginePluginLibrary, 0);
>> ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
>> ENGINE_ctrl_cmd_string(pkey_engine, "LIST_ADD", "1", 0);
>> ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
>> ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH", 
>> pkcs11MiddlewareLibrary, 0);
>> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
>>
>>
> main difference between the OPENSSL.EXE example and your code is that 
> last call:
>
> here's wat "ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)" does:
>
>
> int ENGINE_set_default(ENGINE *e, unsigned int flags)
> {
> ??? if ((flags & ENGINE_METHOD_CIPHERS) && 
> !ENGINE_set_default_ciphers(e))
> ??????? return 0;
> ??? if ((flags & ENGINE_METHOD_DIGESTS) && 
> !ENGINE_set_default_digests(e))
> ??????? return 0;
> #ifndef OPENSSL_NO_RSA
> ??? if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
> ??????? return 0;
> #endif
> #ifndef OPENSSL_NO_DSA
> ??? if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
> ??????? return 0;
> #endif
> #ifndef OPENSSL_NO_DH
> ??? if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
> ??????? return 0;
> #endif
> #ifndef OPENSSL_NO_ECDH
> ??? if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
> ??????? return 0;
> #endif
> #ifndef OPENSSL_NO_ECDSA
> ??? if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
> ??????? return 0;
> #endif
> ??? if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
> ??????? return 0;
> ??? if ((flags & ENGINE_METHOD_PKEY_METHS)
> ??????? && !ENGINE_set_default_pkey_meths(e))
> ??????? return 0;
> ??? if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
> ??????? && !ENGINE_set_default_pkey_asn1_meths(e))
> ??????? return 0;
> ??? return 1;
> }
>
> (from the openssl 1.0.2 source tree)
> It could be that one of those methods is not throwing the errors with 
> your smart card.
> I'd advise you to test your smart card capabilities . It might also be 
> useful to do more command line testing with your smartcard using
>
> ? engine -vvvv -t dynamic -pre 
> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
>
> and then try out certain operations, like encrypt/decrypt or simply 
> use the command
> ? speed
>
> and watch for any errors - that should give you a hint which method is 
> not supported by your smart card.
>
> HTH,
>
> JJK
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201218/8f83179e/attachment.html>

From pkudingping at gmail.com  Sun Dec 20 00:59:24 2020
From: pkudingping at gmail.com (=?UTF-8?B?5a6a5bmz6KKB?=)
Date: Sun, 20 Dec 2020 08:59:24 +0800
Subject: How to rotate cert when only first matching cert been verified
Message-ID: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>

Hello everyone,

Recently I am trying to rotate a cert, and the client uses python requests
lib, which leverages openssl. Here is my steps:

1. Generate a new cert, and append it to the cert file(at this point, there
are 2 certs in the file, first is old cert, second is new, they have the
same Subject), restart client side process, (no problem here, because first
cert matching server side cert, and it verifies successfully)
2. Replace server side with new cert.

As soon as I issue step #2, the client side process starts to show
error ?certificate
verify failed?. This would cause downtime to my apps. I am new to this, not
sure if there is anything wrong regarding my usage or understanding. But I
found this page
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html,
it says the exact behavior like my test:

If several CA certificates matching the name, key identifier, and serial
number condition are available, only the first one will be examined. This
may lead to unexpected results if the same CA certificate is available with
different expiration dates. If a "certificate expired" verification error
occurs, no other certificate will be searched. Make sure to not have
expired certificates mixed with valid ones.

So I am wondering how to rotate cert in such a case? It would be very
helpful if anyone could help on this. Thanks.

BTW, I tested the same cert file with CURL (compiled with gnutls), it works
fine.

Regards
Dingping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201220/c96186f2/attachment-0001.html>

From pkudingping at gmail.com  Sun Dec 20 01:02:38 2020
From: pkudingping at gmail.com (=?UTF-8?B?5a6a5bmz6KKB?=)
Date: Sun, 20 Dec 2020 09:02:38 +0800
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
References: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
Message-ID: <CABYODQ8Kf4KDvkdHX+pC_+aVqZUS8cVFQT6eH4rbC7e8TaDvXQ@mail.gmail.com>

the exact behavior:

When looking up CA certificates, the OpenSSL library will first search the
certificates in *CAfile*, then those in *CApath*. Certificate matching is
done based on the subject name, the key identifier (if present), and the
serial number as taken from the certificate to be verified. If these data
do not match, the next certificate will be tried. If a first certificate
matching the parameters is found, the verification process will be
performed; no other certificates for the same parameters will be searched
in case of failure.

why no other certificates for the same parameters will be searched?

??? <pkudingping at gmail.com> ?2020?12?20??? ??8:59???

> Hello everyone,
>
> Recently I am trying to rotate a cert, and the client uses python requests
> lib, which leverages openssl. Here is my steps:
>
> 1. Generate a new cert, and append it to the cert file(at this point,
> there are 2 certs in the file, first is old cert, second is new, they have
> the same Subject), restart client side process, (no problem here, because
> first cert matching server side cert, and it verifies successfully)
> 2. Replace server side with new cert.
>
> As soon as I issue step #2, the client side process starts to show error ?certificate
> verify failed?. This would cause downtime to my apps. I am new to this,
> not sure if there is anything wrong regarding my usage or understanding.
> But I found this page
> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html,
> it says the exact behavior like my test:
>
> If several CA certificates matching the name, key identifier, and serial
> number condition are available, only the first one will be examined. This
> may lead to unexpected results if the same CA certificate is available with
> different expiration dates. If a "certificate expired" verification error
> occurs, no other certificate will be searched. Make sure to not have
> expired certificates mixed with valid ones.
>
> So I am wondering how to rotate cert in such a case? It would be very
> helpful if anyone could help on this. Thanks.
>
> BTW, I tested the same cert file with CURL (compiled with gnutls), it
> works fine.
>
> Regards
> Dingping
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201220/3f45054b/attachment.html>

From janjust at nikhef.nl  Sun Dec 20 01:05:20 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Sun, 20 Dec 2020 02:05:20 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <00492ef8-67aa-8848-97fe-65cf2ba3b38f@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
 <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
 <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>
 <00492ef8-67aa-8848-97fe-65cf2ba3b38f@gmail.com>
Message-ID: <e8d14828-97aa-a1ee-52e2-36e124978cc6@nikhef.nl>

Hi,

On 19/12/20 04:48, George wrote:
> Hi,
>
> ? I narrowed the problem down to
> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
>
> This causes the initial exception
> Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception: 
> unsigned long at memory location 0x006FCD68.
>
> It looks like some of the Engine methods cause an exception, but not 
> all of them:
> *
> Works:*
> ENGINE_METHOD_CIPHERS
> ENGINE_METHOD_DIGESTS
> ENGINE_METHOD_DSA
> ENGINE_METHOD_DH
> ENGINE_METHOD_RAND
> ENGINE_METHOD_PKEY_ASN1_METHS
>
> *Causes An Exception:*
> ENGINE_METHOD_RSA
> ENGINE_METHOD_ECDH
> ENGINE_METHOD_ECDSA
> ENGINE_METHOD_PKEY_METHS
>
>
> Is that normal behaviour, or is something wrong? Is there a way to 
> find the supported engine methods to avoid triggering an exception?
>
I'd say no engine/pkcs11 module should trigger exceptions - that's an 
error in the pkcs11 module.

Something you can try is this:

run the 'openssl.exe' command:

openssl engine -t dynamic -pre 
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
Files (x86)\HID Global\ActivClient\\acpkcs211.dll"

then on the OpenSSL prompt , try

 ? s_client -keyform engine -key 0:<key-id>? -cert "clientcert.pem"? 
-connect remote_host:remote_port

that should start a TLS connection and use the pcks11 engine to ask for 
the key , identified by <key-id> in slot 0 (adjust the slot number if 
your smart card starts at number 1 etc.

HTH,

JJK




> It seems like alot of other smaple code I have looked at calls
> ENGINE_init(pkey_engine);
>
> Is the needed? When I call it, it always returns with "0". Should it 
> be returning with "1"?
>
> I did some testing in the OpenSSL command line, and here is what I found:
>
>     - The command line "speed" test appears to be fine:
>
>         OpenSSL> speed -engine pkcs11
>         engine "pkcs11" set.
>         Doing mdc2 for 3s on 16 size blocks: 2688737 mdc2's in 2.98s
>         Doing mdc2 for 3s on 64 size blocks: 880529 mdc2's in 3.00s
>         Doing mdc2 for 3s on 256 size blocks: 240916 mdc2's in 2.98s
>         Doing mdc2 for 3s on 1024 size blocks: 61287 mdc2's in 3.00s
>         Doing mdc2 for 3s on 8192 size blocks: 7774 mdc2's in 2.98s
>         .
>         .
>         .
>
>     -? I also tried the following, which successfully created the PEM
>     files:
>
>         OpenSSL> req -engine pkcs11 -new -key
>         "pkcs11:object=Authentication -
>         *;type=private;pin-value=123456" -keyform engine -out req2.pem
>         -text -x509 -subj "/CN=*"
>         OpenSSL> x509 -engine pkcs11 -signkey
>         "pkcs11:object=Authentication -
>         *;type=private;pin-value=123456" -keyform engine -in req2.pem
>         -out cert2.pem
>
>
>
>
>
> Thanks,
> George
>
>
> On 2020-12-18 3:40 a.m., Jan Just Keijser wrote:
>> Hi,
>>
>> On 18/12/20 06:21, George wrote:
>>> Hi,
>>>
>>> ?? I'm able to setup the engine now, but as soon as I attempt to 
>>> execute the command
>>> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
>>> ,I see all kinds of middleware exceptions being generated:
>>>
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: unsigned long at memory location 0x07FCFA00.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ 
>>> exception: AI::Middleware::CMWException at memory location 0x032FD2D0.
>>> .
>>> .
>>> .
>>>
>>>
>>> Do you have any idea what is causing these errors? Am I missing 
>>> something in the configuration? When I use the OpenSSL command line 
>>> debugger, there are no errors:
>>>
>>> OpenSSL> engine -t dynamic -pre 
>>> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
>>> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre 
>>> "MODULE_PATH:C:\Program Files (x86)\HID 
>>> Global\ActivClient\\acpkcs211.dll"
>>> (dynamic) Dynamic engine loading support
>>> [Success]: 
>>> SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
>>> [Success]: ID:pkcs11
>>> [Success]: LIST_ADD:1
>>> [Success]: LOAD
>>> [Success]: MODULE_PATH:C:\Program Files (x86)\HID 
>>> Global\ActivClient\\acpkcs211.dll
>>> Loaded: (pkcs11) pkcs11 engine
>>> ???? [ available ]
>>> OpenSSL>
>>>
>>>
>>> Here is what my simplified code looks like:
>>>
>>> char* enginePluginLibrary = 
>>> "C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll";
>>> char* pkcs11MiddlewareLibrary = "C:\\Program Files (x86)\\HID 
>>> Global\\ActivClient\\acpkcs211.dll";
>>> ENGINE_load_builtin_engines();
>>> ENGINE_register_all_complete();
>>> ENGINE *pkey_engine = ENGINE_by_id("dynamic");
>>>
>>> ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH", enginePluginLibrary, 0);
>>> ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
>>> ENGINE_ctrl_cmd_string(pkey_engine, "LIST_ADD", "1", 0);
>>> ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
>>> ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH", 
>>> pkcs11MiddlewareLibrary, 0);
>>> ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
>>>
>>>
>> main difference between the OPENSSL.EXE example and your code is that 
>> last call:
>>
>> here's wat "ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)" does:
>>
>>
>> int ENGINE_set_default(ENGINE *e, unsigned int flags)
>> {
>> ??? if ((flags & ENGINE_METHOD_CIPHERS) && 
>> !ENGINE_set_default_ciphers(e))
>> ??????? return 0;
>> ??? if ((flags & ENGINE_METHOD_DIGESTS) && 
>> !ENGINE_set_default_digests(e))
>> ??????? return 0;
>> #ifndef OPENSSL_NO_RSA
>> ??? if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
>> ??????? return 0;
>> #endif
>> #ifndef OPENSSL_NO_DSA
>> ??? if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
>> ??????? return 0;
>> #endif
>> #ifndef OPENSSL_NO_DH
>> ??? if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
>> ??????? return 0;
>> #endif
>> #ifndef OPENSSL_NO_ECDH
>> ??? if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
>> ??????? return 0;
>> #endif
>> #ifndef OPENSSL_NO_ECDSA
>> ??? if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
>> ??????? return 0;
>> #endif
>> ??? if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
>> ??????? return 0;
>> ??? if ((flags & ENGINE_METHOD_PKEY_METHS)
>> ??????? && !ENGINE_set_default_pkey_meths(e))
>> ??????? return 0;
>> ??? if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
>> ??????? && !ENGINE_set_default_pkey_asn1_meths(e))
>> ??????? return 0;
>> ??? return 1;
>> }
>>
>> (from the openssl 1.0.2 source tree)
>> It could be that one of those methods is not throwing the errors with 
>> your smart card.
>> I'd advise you to test your smart card capabilities . It might also 
>> be useful to do more command line testing with your smartcard using
>>
>> ? engine -vvvv -t dynamic -pre 
>> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
>> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
>> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
>>
>> and then try out certain operations, like encrypt/decrypt or simply 
>> use the command
>> ? speed
>>
>> and watch for any errors - that should give you a hint which method 
>> is not supported by your smart card.
>>
>> HTH,
>>
>> JJK
>>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201220/9b169e83/attachment-0001.html>

From whippet0 at gmail.com  Sun Dec 20 08:39:22 2020
From: whippet0 at gmail.com (George)
Date: Sun, 20 Dec 2020 03:39:22 -0500
Subject: private key not available for client_cert_cb
In-Reply-To: <e8d14828-97aa-a1ee-52e2-36e124978cc6@nikhef.nl>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
 <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
 <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>
 <00492ef8-67aa-8848-97fe-65cf2ba3b38f@gmail.com>
 <e8d14828-97aa-a1ee-52e2-36e124978cc6@nikhef.nl>
Message-ID: <3e6e027f-812a-ea2d-2d2e-435ad52852b1@gmail.com>

Hi,

 ?? I tried running the "s_client" command and it appears to be working.

I guess there must be something wrong in my code.
My crash occurs when I call

    ENGINE_init(pkey_engine);

I notice your code does not call this function.? Is this needed needed? 
If so, when/where should it be called?

What exactly is the definition of "pkey_identifier" in

    ENGINE_load_private_key(pkey_engine, *pkey_identifier*,
    transfer_pin, &cb_data) ?


I'm not clear on what this value should be. Can you give an example of 
what it would look like?

I have the following on my smart card:

    Private Key Object; RSA
     ? label:????? Authentication - *
    *ID:**2b2586c684d69b670c0a805edf514e720f2b757d8e2faa0b3a7ff23d1ccfc7ba*
     ? Usage:????? unwrap
     ? Access:???? sensitive, never extractable
     ? Allowed mechanisms: RSA-PKCS,RSA-X-509


Would the *pkey_identifier* be the *ID* in the above?


What exactly is "prompt_info" in the structure PW_CB_DATA?
i.e.
typedef struct pw_cb_data {
 ??? const void* password;
 ??? const char* *prompt_info;*
} PW_CB_DATA;
Can you give an example of what it might look like?

Is the value of cb_data populated by the transfer_pin callback 
functions, or should it already contain a value when 
ENGINE_load_private_key is called?

Is there a way to skip the callback transfer_pin and use a hard coded 
pin for test purposes when calling ENGINE_load_private_key(...)?



Thanks!
George


On 2020-12-19 8:05 p.m., Jan Just Keijser wrote:
>
> I'd say no engine/pkcs11 module should trigger exceptions - that's an 
> error in the pkcs11 module.
>
> Something you can try is this:
>
> run the 'openssl.exe' command:
>
> openssl engine -t dynamic -pre 
> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
>
> then on the OpenSSL prompt , try
>
> ? s_client -keyform engine -key 0:<key-id>? -cert "clientcert.pem"? 
> -connect remote_host:remote_port
>
> that should start a TLS connection and use the pcks11 engine to ask 
> for the key , identified by <key-id> in slot 0 (adjust the slot number 
> if your smart card starts at number 1 etc.
>
> HTH,
>
> JJK
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201220/3983be6f/attachment.html>

From Michael.Wojcik at microfocus.com  Mon Dec 21 15:37:02 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 21 Dec 2020 15:37:02 +0000
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
References: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
Message-ID: <DM6PR18MB27002ADA12C5893CD3E582ADF9C00@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of ???
> Sent: Saturday, 19 December, 2020 17:59

> 1. Generate a new cert, and append it to the cert file

Why are you appending it to the file containing the existing certificate?

> (at this point, there are 2 certs in the file, first is old cert, second is
> new, they have the same Subject), restart client side process, (no problem
> here, because first cert matching server side cert, and it verifies
> successfully)

> 2. Replace server side with new cert.

It sounds like you're updating the server's entity certificate.

> As soon as I issue step #2, the client side process starts to show error
> ?certificate verify failed?.

There are many possible reasons for verification to fail.

> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html,
> it says the exact behavior like my test:

Similar symptoms, perhaps. But this page discusses "CA certificates" - that is,
intermediate and root certificates that have been configured to be trust anchors
or contributors to the trust chain. It has nothing to do with entity certificates,
which is what you're changing here.

You haven't given us enough information to guess why the new certificate is
failing client verification. You need to get detailed failure information from
the client program, or use a different client that gives you detailed information,
or use a utility such as "openssl verify" to test the certificate chain locally.

--
Michael Wojcik

From sanarayana at rbbn.com  Mon Dec 21 19:26:51 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Mon, 21 Dec 2020 19:26:51 +0000
Subject: <can we convert keys in BIGNUM format to EVP_PKEY format>
Message-ID: <SN6PR03MB40614E6AD736AB2311F581D7B0C00@SN6PR03MB4061.namprd03.prod.outlook.com>

Dear Openssl team,
                While migrating from 1.0.2 to 3.0 we are stuck in replacing DH_compute_key() with its equivalent EVP_PKEY_derive()
The input we have is of type (BIGNUM  *bn_peer_publicKey / bn_privateKey). But the example showed in the man page
EVP_PKEY_derive_init ...  requires the peer_publickey/privatekey  in EVP_PKEY format. we are not finding the way to convert the BIGNUM keys to EVP_PKEY.
Please suggest the required steps to achieve the compute key functionality using the existing BIGNUM private and peer public keys


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201221/28a2c8c7/attachment-0001.html>

From rajprudvi98 at gmail.com  Mon Dec 21 21:12:31 2020
From: rajprudvi98 at gmail.com (prudvi raj)
Date: Tue, 22 Dec 2020 02:42:31 +0530
Subject: Set custom bn_mod_exp functions in openssl 1.1.1
In-Reply-To: <89fcf36a8fadcf6f74c9972fb45833d14de50db2.camel@redhat.com>
References: <CANk5VoOhm9JT1r-KcHaP4yfgVUQo0VwoBX8oWruzM0jqkhzcXw@mail.gmail.com>
 <89fcf36a8fadcf6f74c9972fb45833d14de50db2.camel@redhat.com>
Message-ID: <CANk5VoM2jzOkrCUk7WSOA74ToX+qf91-7345R26YHCHPGe48xQ@mail.gmail.com>

Thanks for the Reply!!.
I have a doubt , is it necessary to create a duplicate method ?? , Actually
in my case this custom "set" function would be called only once during
system initialization &  we need to use those hardware accelerator
functions for all the crypto operations to be done later. So here's what i
did :
--
new code :
    static DH_METHOD *Intoto_DH_Method;
    static RSA_METHOD *Intoto_RSA_Method;
    static DSA_METHOD *Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {
        Intoto_DH_Method = (DH_METHOD *)DH_get_default_method();
        DH_meth_set_bn_mod_exp(Intoto_DH_Method, Intoto_DH_mod_exp);
        DH_set_default_method(Intoto_DH_Method);          << I guess,
there's no need to set the same as default again ??

        Intoto_RSA_Method = (RSA_METHOD *)RSA_get_default_method();
        RSA_meth_set_bn_mod_exp(Intoto_RSA_Method, Intoto_RSA_mod_exp);
        RSA_set_default_method(Intoto_RSA_Method);

        Intoto_DSA_Method = (DSA_METHOD *)DSA_get_default_method();
        DSA_meth_set_bn_mod_exp(Intoto_DSA_Method, Intoto_DSA_mod_exp);
        DSA_set_default_method(Intoto_DSA_Method);
        return;
    }
--
old code :
    static DH_METHOD Intoto_DH_Method;
    static RSA_METHOD Intoto_RSA_Method;
    static DSA_METHOD Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {
        Intoto_DH_Method = *(DH_get_default_method());
        Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
        DH_set_default_method(&Intoto_DH_Method);

        Intoto_RSA_Method = *(RSA_get_default_method());
        Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
        RSA_set_default_method(&Intoto_RSA_Method);

        Intoto_DSA_Method = *(DSA_get_default_method());
        Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
        DSA_set_default_method(&Intoto_DSA_Method);

        return;
    }
--
Do you suggest any modifications, If any ??

Thanks,
Prudvi.


On Thu, Dec 17, 2020 at 4:07 PM Tomas Mraz <tmraz at redhat.com> wrote:

> On Thu, 2020-12-17 at 15:16 +0530, prudvi raj wrote:
> > Hi,
> >
> > I need to set custom accelerated functions for bn_mod_exp methods in
> > openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code
> > snippet () :
> > --
> >     static DH_METHOD Intoto_DH_Method;
> >     static RSA_METHOD Intoto_RSA_Method;
> >     static DSA_METHOD Intoto_DSA_Method;
> >
> >     void updatePublicKeyMethods()
> >     {
> >         Intoto_DH_Method = *(DH_get_default_method());
> >         Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
> >         DH_set_default_method(&Intoto_DH_Method);
> >
> >         Intoto_RSA_Method = *(RSA_get_default_method());
> >         Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
> >         RSA_set_default_method(&Intoto_RSA_Method);
> >
> >         Intoto_DSA_Method = *(DSA_get_default_method());
> >         Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
> >         DSA_set_default_method(&Intoto_DSA_Method);
> >
> >         return;
> >     }
> > --
> > As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can
> > anyone help me with what would be the replacement for above code ??
>
> There is RSA_meth_set_bn_mod_exp() function and the respective
> equivalents for DH and DSA. Of course you'll also have to use
> RSA_meth_dup() to duplicate the default method before you can
> manipulate it. And you'll need to free it once you stop using the
> OpenSSL functions.
>
> --
> Tom?? Mr?z
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201222/a4e91fb4/attachment.html>

From rajprudvi98 at gmail.com  Tue Dec 22 09:45:09 2020
From: rajprudvi98 at gmail.com (prudvi raj)
Date: Tue, 22 Dec 2020 15:15:09 +0530
Subject: How to Manually allocate BIGNUM ->d and set dmax, top values to
 create a Result Buffer in openssl 1.1.1 ?
Message-ID: <CANk5VoPdok6ffxFc502oWg02=vf2mOHnK_-hufv_Zi6ib9i5DA@mail.gmail.com>

Hello all,

We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .(
bn_mod_exp).  I am trying to rewrite that logic for openssl 1.1.1. Code
snippet of custom bn_mod_exp function:
--
    if(rr->d)
    {
        OPENSSL_free(rr->d);
    }
    rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
    rr->top = m->top;
    rr->dmax = m->top;
    rr->neg = 0;

    publicKeyData.operandALength = a->top * sizeof(BN_ULONG);
    publicKeyData.operandA = ( System::BYTE * )( a->d );
    publicKeyData.operandBLength = p->top * sizeof(BN_ULONG);
    publicKeyData.operandB = ( System::BYTE * )( p->d );
    publicKeyData.modulusLength = m->top * sizeof(BN_ULONG);
    publicKeyData.modulus = ( System::BYTE * )( m->d );

    publicKeyData.resultLength = m->top * sizeof(BN_ULONG);
    publicKeyData.result = ( System::BYTE * )( rr->d );

    calculate ( publicKeyData );    <<calculate fills out the Result Bytes
in "rr->d" buffer.
--
 I found  a few 'get' functions (no set functions though) like --
bn_get_top , bn_get_dmax. These are in "bn_intern.c" , not in "bn_lib.c"
(or BN API).
   OPENSSL_free(rr->d)
   rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
    rr->top = m->top;
    rr->dmax = m->top;
    rr->neg = 0

As forward declarations are no longer allowed in openssl 1.1.1 , how to
replicate above operations in openssl 1.1.1 ?
Are there any Set functions for set, dmax , d values (allocate memory for
rr->d) . ?!
Please help me on this!!

Thanks,
Prudvi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201222/95bb8699/attachment.html>

From bill.c.roberts at gmail.com  Tue Dec 22 15:58:10 2020
From: bill.c.roberts at gmail.com (William Roberts)
Date: Tue, 22 Dec 2020 09:58:10 -0600
Subject: How to Manually allocate BIGNUM ->d and set dmax, top values to
 create a Result Buffer in openssl 1.1.1 ?
In-Reply-To: <CANk5VoPdok6ffxFc502oWg02=vf2mOHnK_-hufv_Zi6ib9i5DA@mail.gmail.com>
References: <CANk5VoPdok6ffxFc502oWg02=vf2mOHnK_-hufv_Zi6ib9i5DA@mail.gmail.com>
Message-ID: <CAFftDdrqkf_TYhxUs7L4njGsC4uon==U6qbvvYA4zw3QZa7pSg@mail.gmail.com>

On Tue, Dec 22, 2020 at 3:45 AM prudvi raj <rajprudvi98 at gmail.com> wrote:
>
> Hello all,
>
> We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .( bn_mod_exp).  I am trying to rewrite that logic for openssl 1.1.1. Code snippet of custom bn_mod_exp function:
> --
>     if(rr->d)
>     {
>         OPENSSL_free(rr->d);
>     }
>     rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
>     rr->top = m->top;
>     rr->dmax = m->top;
>     rr->neg = 0;
>
>     publicKeyData.operandALength = a->top * sizeof(BN_ULONG);
>     publicKeyData.operandA = ( System::BYTE * )( a->d );
>     publicKeyData.operandBLength = p->top * sizeof(BN_ULONG);
>     publicKeyData.operandB = ( System::BYTE * )( p->d );
>     publicKeyData.modulusLength = m->top * sizeof(BN_ULONG);
>     publicKeyData.modulus = ( System::BYTE * )( m->d );
>
>     publicKeyData.resultLength = m->top * sizeof(BN_ULONG);
>     publicKeyData.result = ( System::BYTE * )( rr->d );
>
>     calculate ( publicKeyData );    <<calculate fills out the Result Bytes in "rr->d" buffer.
> --
>  I found  a few 'get' functions (no set functions though) like -- bn_get_top , bn_get_dmax. These are in "bn_intern.c" , not in "bn_lib.c" (or BN API).
>    OPENSSL_free(rr->d)
>    rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
>     rr->top = m->top;
>     rr->dmax = m->top;
>     rr->neg = 0
>
> As forward declarations are no longer allowed in openssl 1.1.1 , how to replicate above operations in openssl 1.1.1 ?
> Are there any Set functions for set, dmax , d values (allocate memory for rr->d) . ?!
> Please help me on this!!
>
> Thanks,
> Prudvi.
>

IIUC, this is just a side effect of not being able to access the RSA
structure directly like in openssl 1.0.2 days.
The function RSA_set0_key() will allow you to set D, and there are
routines for other portions of the struct as well.
When the structure went opaque, getter and setters we're added for
your use, see:
  - https://www.openssl.org/docs/man1.1.1/man3/RSA_set0_key.html

If you need to keep backwards compat with 1.0.2, you can define those
getter/setter functions when building with 1.0.2 in your source
code. However, it's strongly recommended to not be using 1.0.2.

Bill

From rajprudvi98 at gmail.com  Tue Dec 22 17:04:01 2020
From: rajprudvi98 at gmail.com (prudvi raj)
Date: Tue, 22 Dec 2020 22:34:01 +0530
Subject: How to Manually allocate BIGNUM ->d and set dmax, top values to
 create a Result Buffer in openssl 1.1.1 ?
In-Reply-To: <CAFftDdrqkf_TYhxUs7L4njGsC4uon==U6qbvvYA4zw3QZa7pSg@mail.gmail.com>
References: <CANk5VoPdok6ffxFc502oWg02=vf2mOHnK_-hufv_Zi6ib9i5DA@mail.gmail.com>
 <CAFftDdrqkf_TYhxUs7L4njGsC4uon==U6qbvvYA4zw3QZa7pSg@mail.gmail.com>
Message-ID: <CANk5VoMb5KGKPUoYVW0SZcuV6wMHy7OAWAQe_1h9ix-_Fi6rEw@mail.gmail.com>

In openssl 1.1.1,
I see that this bn_mod_exp function is called from "rsa_ossl_public_decrypt"
:

566     if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
567                                rsa->_method_mod_n)) {
568         goto err;
569     }

so we are doing "f^(rsa->e)mod(rsa->n)" , this result is being filled in
ret (a BIGNUM* type).
This 'ret' variable is not a part of the RSA structure . So I think we need
look for any bignum "BN" set functions(if available) to modify the BIGNUM
structure attributes like 'd' array,top & dmax values , ..as this ret
variable isn't the part of RSA structure (yet) when the bn_mod_exp is
called.

Checkout this function "rsa_ossl_public_decrypt" for more details.

Hope that clarifies the scenario .
Please let me know if you have any questions.

Thanks,
Prudvi.

On Tue, Dec 22, 2020 at 3:45 AM prudvi raj <rajprudvi98 at gmail.com> wrote:
> >
> > Hello all,
> >
> > We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .(
> bn_mod_exp).  I am trying to rewrite that logic for openssl 1.1.1. Code
> snippet of custom bn_mod_exp function:
> > --
> >     if(rr->d)
> >     {
> >         OPENSSL_free(rr->d);
> >     }
> >     rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
> >     rr->top = m->top;
> >     rr->dmax = m->top;
> >     rr->neg = 0;
> >
> >     publicKeyData.operandALength = a->top * sizeof(BN_ULONG);
> >     publicKeyData.operandA = ( System::BYTE * )( a->d );
> >     publicKeyData.operandBLength = p->top * sizeof(BN_ULONG);
> >     publicKeyData.operandB = ( System::BYTE * )( p->d );
> >     publicKeyData.modulusLength = m->top * sizeof(BN_ULONG);
> >     publicKeyData.modulus = ( System::BYTE * )( m->d );
> >
> >     publicKeyData.resultLength = m->top * sizeof(BN_ULONG);
> >     publicKeyData.result = ( System::BYTE * )( rr->d );
> >
> >     calculate ( publicKeyData );    <<calculate fills out the Result
> Bytes in "rr->d" buffer.
> > --
> >  I found  a few 'get' functions (no set functions though) like --
> bn_get_top , bn_get_dmax. These are in "bn_intern.c" , not in "bn_lib.c"
> (or BN API).
> >    OPENSSL_free(rr->d)
> >    rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );
> >     rr->top = m->top;
> >     rr->dmax = m->top;
> >     rr->neg = 0
> >
> > As forward declarations are no longer allowed in openssl 1.1.1 , how to
> replicate above operations in openssl 1.1.1 ?
> > Are there any Set functions for set, dmax , d values (allocate memory
> for rr->d) . ?!
> > Please help me on this!!
> >
> > Thanks,
> > Prudvi.
> >
>
> IIUC, this is just a side effect of not being able to access the RSA
> structure directly like in openssl 1.0.2 days.
> The function RSA_set0_key() will allow you to set D, and there are
> routines for other portions of the struct as well.
> When the structure went opaque, getter and setters we're added for
> your use, see:
>   - https://www.openssl.org/docs/man1.1.1/man3/RSA_set0_key.html
>
> If you need to keep backwards compat with 1.0.2, you can define those
> getter/setter functions when building with 1.0.2 in your source
> code. However, it's strongly recommended to not be using 1.0.2.
>
> Bill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201222/013bf7a7/attachment-0001.html>

From ruria at zzircon.com  Tue Dec 22 17:43:05 2020
From: ruria at zzircon.com (=?UTF-8?B?UmHDumwgVXLDrWEgRWxpY2Vz?=)
Date: Tue, 22 Dec 2020 18:43:05 +0100
Subject: =?UTF-8?Q?Format_error_in_certificate=c2=b4s_notAfter_field?=
Message-ID: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>

Hi,

I?m trying to connect to my vpn server, using tunnelblick, but thinking
this is a openssl stuff... may be I am wrong.


When connecting I got (XX is a placeholder) :?

2020-12-22 17:32:49.423703 VERIFY ERROR: depth=0, error=format error in
certificate's notAfter field: C=es, L=PXXXX, O=XX, CN=XX,
emailAddress=XX, serial=17702460327850242852

I have checked this:
https://mta.openssl.org/pipermail/openssl-users/2019-March/010018.html ,
but seems to be something different.

When checking UTC field for server CA cert, I got:

% openssl asn1parse -in ca.crt? | grep UTC
? 207:d=3? hl=2 l=? 13 prim: UTCTIME?????????? :170908154452Z
? 222:d=3? hl=2 l=? 13 prim: UTCTIME?????????? :360718151218Z

Why 'format error in certicate?s notAfter field' error?


thx

-- 

?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201222/e4fc1933/attachment-0001.html>

From matt at openssl.org  Wed Dec 23 09:35:16 2020
From: matt at openssl.org (Matt Caswell)
Date: Wed, 23 Dec 2020 09:35:16 +0000
Subject: =?UTF-8?Q?Re=3a_Format_error_in_certificate=c2=b4s_notAfter_field?=
In-Reply-To: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>
References: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>
Message-ID: <6ccd25f5-7341-9b3c-df4e-ba24e7642dd9@openssl.org>



On 22/12/2020 17:43, Ra?l Ur?a Elices wrote:
> Hi,
> 
> I?m trying to connect to my vpn server, using tunnelblick, but thinking
> this is a openssl stuff... may be I am wrong.
> 
> 
> When connecting I got (XX is a placeholder) :?
> 
> 2020-12-22 17:32:49.423703 VERIFY ERROR: depth=0, error=format error in
> certificate's notAfter field: C=es, L=PXXXX, O=XX, CN=XX,
> emailAddress=XX, serial=17702460327850242852
> 
> I have checked this:
> https://mta.openssl.org/pipermail/openssl-users/2019-March/010018.html ,
> but seems to be something different.
> 
> When checking UTC field for server CA cert, I got:
> 
> % openssl asn1parse -in ca.crt? | grep UTC
> ? 207:d=3? hl=2 l=? 13 prim: UTCTIME?????????? :170908154452Z
> ? 222:d=3? hl=2 l=? 13 prim: UTCTIME?????????? :360718151218Z

I don't see anything obviously wrong with those encodings. Are you
willing to share the actual certificate?

Matt


From janjust at nikhef.nl  Wed Dec 23 11:00:45 2020
From: janjust at nikhef.nl (Jan Just Keijser)
Date: Wed, 23 Dec 2020 12:00:45 +0100
Subject: private key not available for client_cert_cb
In-Reply-To: <3e6e027f-812a-ea2d-2d2e-435ad52852b1@gmail.com>
References: <292d3b25-9197-4977-a406-0a19abc15a0d@gmail.com>
 <bfd6c62b-a628-a59c-5980-07468b47775b@nikhef.nl>
 <ea3444ef-17d8-7c6d-d448-a42776cd8509@gmail.com>
 <BN8PR18MB2692D804F062DDDCA66D3D24F9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <57a1488f-cc91-4c3a-5cee-4ad6c24565d6@gmail.com>
 <BN8PR18MB269202BE32C14ACB482E015DF9C70@BN8PR18MB2692.namprd18.prod.outlook.com>
 <7a3428c6-04ab-672e-b738-67680f9fc036@gmail.com>
 <e015a686-88b2-e483-a7da-53e9efabd9fc@nikhef.nl>
 <30032dde-70d1-d438-86ae-77f04a8179cf@gmail.com>
 <2495b1de-13d0-8777-56b0-46ac80cd0203@nikhef.nl>
 <5887cae2-1ecb-4081-1ee9-bcf566a88afe@gmail.com>
 <8011726e-0a7a-a753-983d-b89a24e3e225@nikhef.nl>
 <ab55a9e8-8bd3-c353-3922-1cae88349cb8@gmail.com>
 <8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl>
 <00492ef8-67aa-8848-97fe-65cf2ba3b38f@gmail.com>
 <e8d14828-97aa-a1ee-52e2-36e124978cc6@nikhef.nl>
 <3e6e027f-812a-ea2d-2d2e-435ad52852b1@gmail.com>
Message-ID: <471b029c-420c-e45e-d827-ba0576f22847@nikhef.nl>

Hi,

On 20/12/20 09:39, George wrote:
> Hi,
>
> ?? I tried running the "s_client" command and it appears to be working.
>
> I guess there must be something wrong in my code.

it is good news that the s_client command is working - it means there is 
something wrong with your code but you have everything at hand to fix 
it: download the openssl 1.0.2 tarball / zip file and look for the files
 ? apps/s_client.c
 ? apps/apps.c

that contains all of the code that the 's_client' command uses to make a 
connection and my bet is that is also does not call ENGINE_init
> My crash occurs when I call
>
>     ENGINE_init(pkey_engine);
>
> I notice your code does not call this function.? Is this needed 
> needed? If so, when/where should it be called?
>
tbh,? I don't know - look through the openssl sources to see what it 
does, exactly.

> What exactly is the definition of "pkey_identifier" in
>
>     ENGINE_load_private_key(pkey_engine, *pkey_identifier*,
>     transfer_pin, &cb_data) ?
>
>
> I'm not clear on what this value should be. Can you give an example of 
> what it would look like?
>
> I have the following on my smart card:
>
>     Private Key Object; RSA
>     ? label:????? Authentication - *
>     *ID:**2b2586c684d69b670c0a805edf514e720f2b757d8e2faa0b3a7ff23d1ccfc7ba*
>     ? Usage:????? unwrap
>     ? Access:???? sensitive, never extractable
>     ? Allowed mechanisms: RSA-PKCS,RSA-X-509
>
>
> Would the *pkey_identifier* be the *ID* in the above?
>
yes, although if you have multiple smartcards inserted at the same time 
then it helps to add the slot number, e.g.
 ? 0:<ID>


>
> What exactly is "prompt_info" in the structure PW_CB_DATA?
> i.e.
> typedef struct pw_cb_data {
> ??? const void* password;
> ??? const char* *prompt_info;*
> } PW_CB_DATA;
> Can you give an example of what it might look like?
>
> Is the value of cb_data populated by the transfer_pin callback 
> functions, or should it already contain a value when 
> ENGINE_load_private_key is called?
>
> Is there a way to skip the callback transfer_pin and use a hard coded 
> pin for test purposes when calling ENGINE_load_private_key(...)?
>
my eap-tls code does just that: if the password is specified in? the ppp 
config file then the user is not prompted:

 ??? if (pkey_engine)
 ??? {
 ??????? EVP_PKEY?? *pkey = NULL;
 ??????? PW_CB_DATA? cb_data;
 ??????? UI_METHOD* transfer_pin = NULL;

 ??????? cb_data.password = passwd;
 ??????? cb_data.prompt_info = pkey_identifier;


HTH,

JJK
>
> On 2020-12-19 8:05 p.m., Jan Just Keijser wrote:
>>
>> I'd say no engine/pkcs11 module should trigger exceptions - that's an 
>> error in the pkcs11 module.
>>
>> Something you can try is this:
>>
>> run the 'openssl.exe' command:
>>
>> openssl engine -t dynamic -pre 
>> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
>> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
>> Files (x86)\HID Global\ActivClient\\acpkcs211.dll"
>>
>> then on the OpenSSL prompt , try
>>
>> ? s_client -keyform engine -key 0:<key-id>? -cert "clientcert.pem"? 
>> -connect remote_host:remote_port
>>
>> that should start a TLS connection and use the pcks11 engine to ask 
>> for the key , identified by <key-id> in slot 0 (adjust the slot 
>> number if your smart card starts at number 1 etc.
>>
>> HTH,
>>
>> JJK
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201223/dfd1ee1b/attachment.html>

From Michael.Wojcik at microfocus.com  Wed Dec 23 15:51:56 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Wed, 23 Dec 2020 15:51:56 +0000
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <CABYODQ8jcfEArHXyGXPDCjFYuN8KK_wDADXM-o5tW6cLzXX9Qw@mail.gmail.com>
References: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
 <DM6PR18MB27002ADA12C5893CD3E582ADF9C00@DM6PR18MB2700.namprd18.prod.outlook.com>
 <CABYODQ8jcfEArHXyGXPDCjFYuN8KK_wDADXM-o5tW6cLzXX9Qw@mail.gmail.com>
Message-ID: <DM6PR18MB270077FD0B663884DABBFD87F9DE0@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: ??? <pkudingping at gmail.com>
> Sent: Tuesday, 22 December, 2020 20:08
> To: Michael Wojcik <Michael.Wojcik at microfocus.com>

Please do not send messages regarding OpenSSL to me directly. Send them to the openss-users list. That is where the discussion belongs.

> > Why are you appending it to the file containing the existing certificate?

> I am rotating certificate, before the server side cert been replaced, the client
> side cert need to be valid, so when rotating, need both old and new cert exist.

I'm afraid it still isn't clear to me what you're doing. Both the server's entity certificate and the client's entity certificate are in the same file? What does this file contain before you append the new certificate?

> > It sounds like you're updating the server's entity certificate.

> I guess it's entity certificate (still trying to understand different cert
> concept...)

Does it identify the server, in the Subject DN and/or one or more Subject Alternative Name extensions?

> Below is the error message:

I'm afraid that message doesn't appear to contain any useful information.

> All the 3 clients used the same ca.crt file, which has an old cert in
> first, then a new cert behind. Only Python (used OpenSSL) failed.

So *this* sounds like what you're changing in this particular file is the set of trust anchors, not the entity certificates.

Where did your "CA" certificates come from? A commercial CA or some personal or organizational CA? From your description it sounds like the problem may be that the CA certificates were not generated correctly. Without the certificates to examine, we can't say.

Can you post the old and new certificates in PEM form in your next message?

Please note that due to the holidays I will not be reading email for several days, and it's likely that some other regular list members will be similarly unavailable.

--
Michael Wojcik

From dev at ddvo.net  Wed Dec 23 22:56:44 2020
From: dev at ddvo.net (David von Oheimb)
Date: Wed, 23 Dec 2020 23:56:44 +0100
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <CABYODQ-iUOs5d=tAuZkvNAaCQFW0u4J_Qp9Lf8A_6cVzvYD5Cg@mail.gmail.com>
References: <CABYODQ9j6yTDVvx_0Jf=5JAwp5_TD8fVUWfOfDDEooWuD3QbeQ@mail.gmail.com>
 <CABYODQ8Kf4KDvkdHX+pC_+aVqZUS8cVFQT6eH4rbC7e8TaDvXQ@mail.gmail.com>
 <17e96784-6f70-18fd-1290-bfd606dc385d@ddvo.net>
 <CABYODQ-iUOs5d=tAuZkvNAaCQFW0u4J_Qp9Lf8A_6cVzvYD5Cg@mail.gmail.com>
Message-ID: <de5193a5-e15d-0c0b-70d0-1235d82d4299@ddvo.net>

??? you are welcome.

The OpenSSL version you are using is way too old!
Do not use version 1.1.0, 1.0.x, and anything older - those versions are
unsupported and must be considered insecure.

Yet since both your old and new server cert are not expired and have the
same subject, keyIdentifier, and serial number,
and you appended the new server cert to your list, it is no surprise
that the certificate chain building algorithm will pick up the old one.
For efficiency reasons, no other (equally applicable) certificates will
be tried.
I've just clarified this and some further details in
https://github.com/openssl/openssl/pull/13735.

I think Michael Wojcik already gave the right hint to solve your problem
two days before:

> Why are you appending it to the file containing the existing certificate?

So I suggest you better prepend the new certificate to that file rather
than appending it,
or even better, remove the old (non-matching) certificate from that file.

Hope this helps,

??? David


P.S.: I will be unavailable for several days, too.

On 23.12.20 04:15, ??? wrote:
> @David Thanks for you help!
> This is my openssl version, and the self compiled curl backend
> ```
> $ openssl version
> OpenSSL 1.0.2g ?1 Mar 2016
>
> $ ldd /usr/bin/openssl ?|grep ssl
> libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
> (0x00007f3099799000)
>
> $ ldd ./lib/.libs/libcurl.so |grep ssl
> libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
> (0x00007f8720fd4000)
> ```
> the system built-in curl binary:
> ```
> $ ldd /usr/bin/curl ?|grep tls
> libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
> (0x00007f4b7fa07000)
> libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30
> (0x00007f4b7e851000)
> ```
> Actually, the old cert and new cert both are not expired yet, just the
> old cert is not consistent with server side. The new cert has the same
> content with server side imported cert(after replaced).
>
> David von Oheimb <dev at ddvo.net <mailto:dev at ddvo.net>> ?2020?12?22???
> ??10:27???
>
>     @???, which version of OpenSSL are you using?
>
>     I've just checked: since OpenSSL 1.1.0, expired certificates are
>     effectively not used for chain building.
>
>     ??? David
>
>     On 20.12.20 02:02, ??? wrote:
>>     the exact behavior:
>>
>>     When looking up CA certificates, the OpenSSL library will first
>>     search the certificates in?*CAfile*, then those in?*CApath*.
>>     Certificate matching is done based on the subject name, the key
>>     identifier (if present), and the serial number as taken from the
>>     certificate to be verified. If these data do not match, the next
>>     certificate will be tried. If a first certificate matching the
>>     parameters is found, the verification process will be performed;
>>     no other certificates for the same parameters will be searched in
>>     case of failure.
>>
>>     why no other certificates for the same parameters will be searched?
>>
>>     ??? <pkudingping at gmail.com <mailto:pkudingping at gmail.com>>
>>     ?2020?12?20??? ??8:59???
>>
>>         Hello everyone,
>>
>>         Recently I am trying to rotate a cert, and the client uses
>>         python requests lib, which leverages openssl. Here is my steps:
>>
>>         1. Generate a new cert, and append it to the cert file(at
>>         this point, there are 2 certs in the file, first is old cert,
>>         second is new, they have the same Subject), restart client
>>         side process, (no problem here, because first cert matching
>>         server side cert, and it verifies successfully)
>>         2. Replace server side with new cert.
>>
>>         As soon as I issue step #2, the client side process starts to
>>         show error ?certificate verify failed?. This would cause
>>         downtime to my apps. I am new to this, not sure if there is
>>         anything wrong regarding my usage or understanding. But I
>>         found this page
>>         https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html,
>>         it says the exact behavior like my test:
>>
>>         If several CA certificates matching the name, key identifier,
>>         and serial number condition are available, only the first one
>>         will be examined. This may lead to unexpected results if the
>>         same CA certificate is available with different expiration
>>         dates. If a "certificate expired" verification error occurs,
>>         no other certificate will be searched. Make sure to not have
>>         expired certificates mixed with valid ones.
>>
>>         So I am wondering how to rotate cert in such a case? It would
>>         be very helpful if anyone could help on this. Thanks.
>>
>>         BTW, I tested the same cert file with CURL (compiled with
>>         gnutls), it works fine.
>>
>>         Regards
>>         Dingping
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201223/ca6bc9c3/attachment-0001.html>

From minfrin at sharp.fm  Thu Dec 24 09:12:00 2020
From: minfrin at sharp.fm (Graham Leggett)
Date: Thu, 24 Dec 2020 11:12:00 +0200
Subject: BIO_s_file() and files that are larger than int - how  is overflow
 handled?
Message-ID: <42AAC55E-74C0-4E04-9389-1F436B96083F@sharp.fm>

Hi all,

According to the manpage at https://www.openssl.org/docs/man1.1.0/man3/BIO_s_file.html the macro BIO_tell() casts to int:

/opt/local/include//openssl/bio.h:# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)

What happens if the file being parsed is larger than can fit in an int? Does BIO_s_file() do anything to limit the size of the file?

Does openssl detect overflow, or do I have to detect overflow?

Regards,
Graham
?


From Jochen.Bern at binect.de  Thu Dec 24 11:43:28 2020
From: Jochen.Bern at binect.de (Jochen Bern)
Date: Thu, 24 Dec 2020 12:43:28 +0100
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <mailman.161.1608764215.20353.openssl-users@openssl.org>
References: <mailman.161.1608764215.20353.openssl-users@openssl.org>
Message-ID: <1bc0d4a9-7a71-1cd6-5d85-ea4e9e70bda4@binect.de>

On 23.12.20 23:56, openssl-users-request at openssl.org digested:
> Message: 4
> Date: Wed, 23 Dec 2020 23:56:44 +0100
> From: David von Oheimb <dev at ddvo.net>
[...]
> Yet since both your old and new server cert are not expired and have the
> same subject, keyIdentifier, and serial number,
> and you appended the new server cert to your list, it is no surprise
> that the certificate chain building algorithm will pick up the old one.
> For efficiency reasons, no other (equally applicable) certificates will
> be tried.

To expand on the "*should* you actually do it like this" angle: I do not
see any reason why the new server cert (SC) should have *the same serial
number* (SN) as the old one.

At least in the general case - where the CA and the server are run by
different entities -, the CA wants(*) to be able to revoke old and new
SC separately, and CRLs identify revoked certs exclusively by the
issuing CA Cert (CC) and the revoked cert's SN.

So, what *is* the rationale to reuse the SN? Do you have a
"verification" mechanism somewhere that (cannot be updated in a timely
manner for the new SC and) would protest a changed SN, but *not* the
changed validity period (or, for that matter, fingerprint or CA
signature)? Note that the mere thought already makes me put quote marks
around "verification" ...

Disclaimer: I'm *not* saying that merely using different SNs will make
the problem you're currently experiencing disappear. In fact, I consider
that rather unlikely, but it might be one contributing factor.

(*) Scenario 1: Before the old SC expires, the CA finds out that it
issued a new SC to an imposter, so they now want to revoke the new but
not the old. Scenario 2: The old SC is found to have been leaked after
the new one was already issued, so at least the server admin would
prefer to have the old SC revoked but *not* the new one.

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201224/df6a7b4e/attachment.bin>

From pkudingping at gmail.com  Thu Dec 24 23:35:40 2020
From: pkudingping at gmail.com (=?UTF-8?B?5a6a5bmz6KKB?=)
Date: Fri, 25 Dec 2020 07:35:40 +0800
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <1bc0d4a9-7a71-1cd6-5d85-ea4e9e70bda4@binect.de>
References: <mailman.161.1608764215.20353.openssl-users@openssl.org>
 <1bc0d4a9-7a71-1cd6-5d85-ea4e9e70bda4@binect.de>
Message-ID: <CABYODQ9r0NhEoh=ANJXyZn1o1-SudeAEarCxPQWWBcga=4iCtA@mail.gmail.com>

Thanks a lot for your reply! Merry Christmas!

@Michael Wojcik <Michael.Wojcik at microfocus.com>   Apologies. I clicked the
wrong reply button.

@David von Oheimb <dev at ddvo.net> I will update to a new version and try
again. To append cert is to make sure new cert and old cert both exist in
trust store, thus when server switches cert, it can be trusted by client.

@Jochen actually, the certs have different SN, which indeed is not
consistent with the man doc. The thing that confuses me is that CURL
(compiled with gnutls) and Golang works.
below is my ca.crt file, I am not sure where it went wrong, maybe just my
wrong behavior?

```

-----BEGIN CERTIFICATE-----
MIIFdzCCA1+gAwIBAgIJAJcvKUQ0Bz4tMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQK
DAZWTXdhcmUxJDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDAe
Fw0yMDEyMTcwMDM2MjBaFw0zMDEyMTUwMDM2MjBaMGUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQKDAZWTXdhcmUx
JDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMC4EFsukdnrj26EYSaCCrvUtEhbi33wXHKi
6utmOe9r+M17Q0MArjJeEzklmrTkj+qKJCB4TgWFY2djJ+hA0a5I2eOn/0OjJ0c2
67FcqX7pq1JwYMSkwN4dQUbAN82xjQOcmj03PVjgLQSFXLfNxcfym0G2KtwkIg8K
V4JwC0L048BBu/EynAXA2kYHXiJ6uSjeMOuTyogmVilzUOjfJztaNj2jpq3D8sek
qtRNBYRcgSwx1wq7uWSe6qjHVDmom4nlUQznOZfJYodFWZll6Wv8Itk28ovhIhgk
G9wJv3QJp6Gef1GN22Q7KU09/ZG61PRPVgoPTuRxHKn75aKl6FJcztvz/X4egt9K
yGxsxEtWrLW52U1EUVg0zVUO/VAbtm1NLsEGv1L19vYjg6gpU4zQjP7enuSFqvKo
rLLDvSzUWRzXIDwWSWGNBoAkry8jZmKWnjHqSW2EVbCaFTXcIQ6kPQGYvH3cFUyG
fW06NlCL+AYGNaOVJkL7J3RYH+5cstGTpCNpyAmYNsEs1G+yXwCH5aDcP/0qbU2W
WXO0Jh/+2KhmZ1Op1o6x69FLQ+g/0m705nGhx8NQWC3V+BC/mUdyXlom7yZde+uT
qZS/0K7z/O8FpNwAddLmhgNHq2cHRjQFH6WeAhw3tBLGS5OFAP23SG/OItEaWp7h
nXgRedMVAgMBAAGjKjAoMCYGA1UdEQQfMB2CG25zeG1hbmFnZXIucGtzLnZtd2Fy
ZS5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAlfMDgcI6DiRH7eRJfg0SrtkRSAIe
0icQ8RH6Z8SBYIbPnzR2qeAm0V7BV7qGSOHGb1ezghCXQAjL2JF1pHw9aKZ0ST49
vZSlkp6tKojk1HZqa3OSfji+o8ROSvpfBW+qYqgsTkSD0VqZ4xkGUnXaRbQ3H+2V
CV/MsXn/lgJ1pXDhNifUBtTa4OQx3WsA74lh7pddtbEWQJbFPwDvwzKo62P8b6zq
MDhccVBmV5QZDwGH3v9Dy6QHq91b1grMkIQb67e1E6VQia6++Sq8b8ZCOJ1VUOjt
I7KTIco57dLyIJPO+wvTKKpLraFIGUxNBwVOnI6wekUlhhhMcXvL/dNbD8htO/SQ
VtiB8BL8SJ8HlRy2REDwvNMj0ChWeFjimb6k/40vKet3lmmAwewjy4OWBkkfrv3Y
/I+RQ8Ua3vsz8KZywZvXAYWTTnsFbsHQBv9TgI0crKajVgm06stz7X+RHmhVyckV
54nSQhzZPagxfwJNzcKNb+HMr57D6SNl8xYLK1V5lmDjtAFeII3fnCJpCszNptKy
cHY8Jq1eb5no5cAK7WfvepVQD0CGR6JhEuNpYNa0bp6uGTYv9EqYYqrNq8cx/41v
jaNI9N6oqi3Qqt+MARXXLgMjl1CYZQ7mNT0pOXPC6gEFoyKhTnDmACAV82WB1ClR
ZlY/eRzAK/iXECs=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdzCCA1+gAwIBAgIJAITnARyY8iCRMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQK
DAZWTXdhcmUxJDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDAe
Fw0yMDEyMTUwOTIzMjVaFw0zMDEyMTMwOTIzMjVaMGUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQKDAZWTXdhcmUx
JDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAJ1vvdCHRdGFvleEAGANFv9ttVAa4DdewpKK
M+DCyOnRfnsfJWxtTSpzu+nDQg9/wvFs2RQBu+Yh1iF40KVc6aYMDjxb+4uAC2nR
/0g8ANGXYE1BoDShJwwTosWrQ6RaPTLw3rK4U6+OW//g7EHUR9LRHNRRdItbyXkT
ULQac4x/k8ApwXQvFZ6Vb/L+nNBUBJQapWoi361v7Z2fxzmJwB9D+KfGU4pMKKL7
/VuMvDaZuxzeAnPdkaYrmF8XlnUr5ZoW85xWLVLPPRjDqcNiKcXBhUHWUB3+RzEc
1leLcX9yrtiJjO91hTzsTPvd4Tqi8ojyY+SILJiqJRDNcrVtrW+leVlxOGcLgnT3
gR3EB5zAaT8z+RBMn+SPJSUKslh1P/bAyOaPLg3NQwTpk/gDoShGva01y/7/kBnk
nvkz6mTl+UZIWCj5cI7a3+zkR6ptNZDArn2JpFW1ePmnQjz+Bt7y6tueJxnj8Q5M
cUbEOhcqfzadpJort0/70STtR0LSvLe0Q+8r1sTDuO9RXjqqdbveyp9w+dUFW1et
SF/w+ak3f4nZZCjI0FU68HtzNmmqPdgKJuE197J4XNVyCHQW1h0X2zURyvGOYp5D
UHsdQYfm6G0aw3VppiT71t5BeBQi2Z6jyVVqGGBf36rhbp8BsP5FxTQI7apXR/u3
jhTblAvHAgMBAAGjKjAoMCYGA1UdEQQfMB2CG25zeG1hbmFnZXIucGtzLnZtd2Fy
ZS5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAlvoh8fFQpAzElmkIVLBr739cscLz
ALXnBgAFPhR/leoZjdEdHfq7Pm80dtEaluCrm81MX1wKiCJKgA6oAzAf7vK1seu5
Mx4yu9hwpNE9xXheea5cASzvR355JPjvUdFohChuvnVcPV0yZdVzEOhtmyrYPCHd
OYcEA0xyV2sqKZRil39dHRi1VRoALZL8n2UHZa1EN0wTHfRKdmx9QOAxhsxhNSMg
kiCMGe9OoYfcU98dlXNclvkIqkVl8RN6W4A8z/7VFB/Aq3NQBfGeTR3l/+dZH+e0
boioZDkpGRVCtfYyjvfPRUeMJXgqUfdMIsQGm0YbtQ0PWhIhjdxiuLUJ4jEqen8G
5ssz0/V4vlJ0wgkhliQcybxRhCWayKr95kuV6yiHKZgpTX9ovOhE+Ew208Y6Poh3
vR7YAWfyI7QxPAhSuLMQFKtRbD2cbAQ/CD+CsFVquiGj8J6DUS+pWPr5JHNz8rzA
Ba29dMTPeKmbbW3aHZ4pA2aJNT5lmA6RQ85cR7oNU48HAhwSqpw23NZQb2MF7Qqp
cTey+etb2kVR83fp47g2hfgzCBKoTYdqC5G5kVarvO1+BsdKwApz+iElUqKfkRZo
NwHJp5KUauGKGrN2WY5yAMUq9iEsVlTBt+rsixtnRlP1yhGhc9DrLsKquOw03myL
hDISqFnOh+zVz10=
-----END CERTIFICATE-----

```

Jochen Bern <Jochen.Bern at binect.de> ?2020?12?24??? ??7:44???

> On 23.12.20 23:56, openssl-users-request at openssl.org digested:
> > Message: 4
> > Date: Wed, 23 Dec 2020 23:56:44 +0100
> > From: David von Oheimb <dev at ddvo.net>
> [...]
> > Yet since both your old and new server cert are not expired and have the
> > same subject, keyIdentifier, and serial number,
> > and you appended the new server cert to your list, it is no surprise
> > that the certificate chain building algorithm will pick up the old one.
> > For efficiency reasons, no other (equally applicable) certificates will
> > be tried.
>
> To expand on the "*should* you actually do it like this" angle: I do not
> see any reason why the new server cert (SC) should have *the same serial
> number* (SN) as the old one.
>
> At least in the general case - where the CA and the server are run by
> different entities -, the CA wants(*) to be able to revoke old and new
> SC separately, and CRLs identify revoked certs exclusively by the
> issuing CA Cert (CC) and the revoked cert's SN.
>
> So, what *is* the rationale to reuse the SN? Do you have a
> "verification" mechanism somewhere that (cannot be updated in a timely
> manner for the new SC and) would protest a changed SN, but *not* the
> changed validity period (or, for that matter, fingerprint or CA
> signature)? Note that the mere thought already makes me put quote marks
> around "verification" ...
>
> Disclaimer: I'm *not* saying that merely using different SNs will make
> the problem you're currently experiencing disappear. In fact, I consider
> that rather unlikely, but it might be one contributing factor.
>
> (*) Scenario 1: Before the old SC expires, the CA finds out that it
> issued a new SC to an imposter, so they now want to revoke the new but
> not the old. Scenario 2: The old SC is found to have been leaked after
> the new one was already issued, so at least the server admin would
> prefer to have the old SC revoked but *not* the new one.
>
> Kind regards,
> --
> Jochen Bern
> Systemingenieur
>
> Binect GmbH
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201225/e6133b67/attachment-0001.html>

From pkudingping at gmail.com  Thu Dec 24 23:38:10 2020
From: pkudingping at gmail.com (=?UTF-8?B?5a6a5bmz6KKB?=)
Date: Fri, 25 Dec 2020 07:38:10 +0800
Subject: How to rotate cert when only first matching cert been verified
In-Reply-To: <CABYODQ9r0NhEoh=ANJXyZn1o1-SudeAEarCxPQWWBcga=4iCtA@mail.gmail.com>
References: <mailman.161.1608764215.20353.openssl-users@openssl.org>
 <1bc0d4a9-7a71-1cd6-5d85-ea4e9e70bda4@binect.de>
 <CABYODQ9r0NhEoh=ANJXyZn1o1-SudeAEarCxPQWWBcga=4iCtA@mail.gmail.com>
Message-ID: <CABYODQ87M_sQb2C91gydRu62B9e0TnhJ89kiT-B4K0BnAKBM-g@mail.gmail.com>

Re post my code here, since I send it alone to Michael.

Below is the error message:

```
Traceback (most recent call last):
  File "test.py", line 6, in <module>
    r = s.get('
https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag',
verify='./ca.pem')
  File
"/home/kubo/.local/lib/python2.7/site-packages/requests/sessions.py", line
555, in get
    return self.request('GET', url, **kwargs)
  File
"/home/kubo/.local/lib/python2.7/site-packages/requests/sessions.py", line
542, in request
    resp = self.send(prep, **send_kwargs)
  File
"/home/kubo/.local/lib/python2.7/site-packages/requests/sessions.py", line
655, in send
    r = adapter.send(request, **kwargs)
  File
"/home/kubo/.local/lib/python2.7/site-packages/requests/adapters.py", line
517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError:
HTTPSConnectionPool(host='nsxmanager.pks.vmware.local', port=443): Max
retries exceeded with url: /api/v1/spec/vmware/types/Tag (Caused by
SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
failed (_ssl.c:590)'),))
```

but the CURL command and Golang code I used to access client, it shows CA
cert.

My python code(which report above error):

```
import requests

s = requests.Session()
s.auth = ('admin', 'Admin!23Admin')
r = s.get('https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag',
verify='./ca.crt')
print(r.status_code)
```

CURL:
```
curl -I -u admin:'Admin!23Admin'
https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag --cacert
./ca.crt
```

Golang:
```
package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "fmt"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("./ca.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }
    req, err := http.NewRequest("GET", "
https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag", nil)
    req.SetBasicAuth("admin", "Admin!23Admin")
    r, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    fmt.Println(r.Status)
}
```

All the 3 clients used the same ca.crt file, which has an old cert in the
first, then a new cert behind. Only Python (used OpenSSL) failed.
After I compile curl with openssl backend, the new binary failed too.

```
./curl.openssl -vvvv -u admin:'Admin!23Admin'
https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag --cacert
./ca.crt
*   Trying 192.168.111.4:443...
* Connected to nsxmanager.pks.vmware.local (192.168.111.4) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*  CAfile: ./ca.crt
*  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
```
Is above information enough?

??? <pkudingping at gmail.com> ?2020?12?25??? ??7:35???

> Thanks a lot for your reply! Merry Christmas!
>
> @Michael Wojcik <Michael.Wojcik at microfocus.com>   Apologies. I clicked
> the wrong reply button.
>
> @David von Oheimb <dev at ddvo.net> I will update to a new version and try
> again. To append cert is to make sure new cert and old cert both exist in
> trust store, thus when server switches cert, it can be trusted by client.
>
> @Jochen actually, the certs have different SN, which indeed is not
> consistent with the man doc. The thing that confuses me is that CURL
> (compiled with gnutls) and Golang works.
> below is my ca.crt file, I am not sure where it went wrong, maybe just my
> wrong behavior?
>
> ```
>
> -----BEGIN CERTIFICATE-----
> MIIFdzCCA1+gAwIBAgIJAJcvKUQ0Bz4tMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
> BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQK
> DAZWTXdhcmUxJDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDAe
> Fw0yMDEyMTcwMDM2MjBaFw0zMDEyMTUwMDM2MjBaMGUxCzAJBgNVBAYTAlVTMQsw
> CQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQKDAZWTXdhcmUx
> JDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDCCAiIwDQYJKoZI
> hvcNAQEBBQADggIPADCCAgoCggIBAMC4EFsukdnrj26EYSaCCrvUtEhbi33wXHKi
> 6utmOe9r+M17Q0MArjJeEzklmrTkj+qKJCB4TgWFY2djJ+hA0a5I2eOn/0OjJ0c2
> 67FcqX7pq1JwYMSkwN4dQUbAN82xjQOcmj03PVjgLQSFXLfNxcfym0G2KtwkIg8K
> V4JwC0L048BBu/EynAXA2kYHXiJ6uSjeMOuTyogmVilzUOjfJztaNj2jpq3D8sek
> qtRNBYRcgSwx1wq7uWSe6qjHVDmom4nlUQznOZfJYodFWZll6Wv8Itk28ovhIhgk
> G9wJv3QJp6Gef1GN22Q7KU09/ZG61PRPVgoPTuRxHKn75aKl6FJcztvz/X4egt9K
> yGxsxEtWrLW52U1EUVg0zVUO/VAbtm1NLsEGv1L19vYjg6gpU4zQjP7enuSFqvKo
> rLLDvSzUWRzXIDwWSWGNBoAkry8jZmKWnjHqSW2EVbCaFTXcIQ6kPQGYvH3cFUyG
> fW06NlCL+AYGNaOVJkL7J3RYH+5cstGTpCNpyAmYNsEs1G+yXwCH5aDcP/0qbU2W
> WXO0Jh/+2KhmZ1Op1o6x69FLQ+g/0m705nGhx8NQWC3V+BC/mUdyXlom7yZde+uT
> qZS/0K7z/O8FpNwAddLmhgNHq2cHRjQFH6WeAhw3tBLGS5OFAP23SG/OItEaWp7h
> nXgRedMVAgMBAAGjKjAoMCYGA1UdEQQfMB2CG25zeG1hbmFnZXIucGtzLnZtd2Fy
> ZS5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAlfMDgcI6DiRH7eRJfg0SrtkRSAIe
> 0icQ8RH6Z8SBYIbPnzR2qeAm0V7BV7qGSOHGb1ezghCXQAjL2JF1pHw9aKZ0ST49
> vZSlkp6tKojk1HZqa3OSfji+o8ROSvpfBW+qYqgsTkSD0VqZ4xkGUnXaRbQ3H+2V
> CV/MsXn/lgJ1pXDhNifUBtTa4OQx3WsA74lh7pddtbEWQJbFPwDvwzKo62P8b6zq
> MDhccVBmV5QZDwGH3v9Dy6QHq91b1grMkIQb67e1E6VQia6++Sq8b8ZCOJ1VUOjt
> I7KTIco57dLyIJPO+wvTKKpLraFIGUxNBwVOnI6wekUlhhhMcXvL/dNbD8htO/SQ
> VtiB8BL8SJ8HlRy2REDwvNMj0ChWeFjimb6k/40vKet3lmmAwewjy4OWBkkfrv3Y
> /I+RQ8Ua3vsz8KZywZvXAYWTTnsFbsHQBv9TgI0crKajVgm06stz7X+RHmhVyckV
> 54nSQhzZPagxfwJNzcKNb+HMr57D6SNl8xYLK1V5lmDjtAFeII3fnCJpCszNptKy
> cHY8Jq1eb5no5cAK7WfvepVQD0CGR6JhEuNpYNa0bp6uGTYv9EqYYqrNq8cx/41v
> jaNI9N6oqi3Qqt+MARXXLgMjl1CYZQ7mNT0pOXPC6gEFoyKhTnDmACAV82WB1ClR
> ZlY/eRzAK/iXECs=
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> MIIFdzCCA1+gAwIBAgIJAITnARyY8iCRMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV
> BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQK
> DAZWTXdhcmUxJDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDAe
> Fw0yMDEyMTUwOTIzMjVaFw0zMDEyMTMwOTIzMjVaMGUxCzAJBgNVBAYTAlVTMQsw
> CQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMQ8wDQYDVQQKDAZWTXdhcmUx
> JDAiBgNVBAMMG25zeG1hbmFnZXIucGtzLnZtd2FyZS5sb2NhbDCCAiIwDQYJKoZI
> hvcNAQEBBQADggIPADCCAgoCggIBAJ1vvdCHRdGFvleEAGANFv9ttVAa4DdewpKK
> M+DCyOnRfnsfJWxtTSpzu+nDQg9/wvFs2RQBu+Yh1iF40KVc6aYMDjxb+4uAC2nR
> /0g8ANGXYE1BoDShJwwTosWrQ6RaPTLw3rK4U6+OW//g7EHUR9LRHNRRdItbyXkT
> ULQac4x/k8ApwXQvFZ6Vb/L+nNBUBJQapWoi361v7Z2fxzmJwB9D+KfGU4pMKKL7
> /VuMvDaZuxzeAnPdkaYrmF8XlnUr5ZoW85xWLVLPPRjDqcNiKcXBhUHWUB3+RzEc
> 1leLcX9yrtiJjO91hTzsTPvd4Tqi8ojyY+SILJiqJRDNcrVtrW+leVlxOGcLgnT3
> gR3EB5zAaT8z+RBMn+SPJSUKslh1P/bAyOaPLg3NQwTpk/gDoShGva01y/7/kBnk
> nvkz6mTl+UZIWCj5cI7a3+zkR6ptNZDArn2JpFW1ePmnQjz+Bt7y6tueJxnj8Q5M
> cUbEOhcqfzadpJort0/70STtR0LSvLe0Q+8r1sTDuO9RXjqqdbveyp9w+dUFW1et
> SF/w+ak3f4nZZCjI0FU68HtzNmmqPdgKJuE197J4XNVyCHQW1h0X2zURyvGOYp5D
> UHsdQYfm6G0aw3VppiT71t5BeBQi2Z6jyVVqGGBf36rhbp8BsP5FxTQI7apXR/u3
> jhTblAvHAgMBAAGjKjAoMCYGA1UdEQQfMB2CG25zeG1hbmFnZXIucGtzLnZtd2Fy
> ZS5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAlvoh8fFQpAzElmkIVLBr739cscLz
> ALXnBgAFPhR/leoZjdEdHfq7Pm80dtEaluCrm81MX1wKiCJKgA6oAzAf7vK1seu5
> Mx4yu9hwpNE9xXheea5cASzvR355JPjvUdFohChuvnVcPV0yZdVzEOhtmyrYPCHd
> OYcEA0xyV2sqKZRil39dHRi1VRoALZL8n2UHZa1EN0wTHfRKdmx9QOAxhsxhNSMg
> kiCMGe9OoYfcU98dlXNclvkIqkVl8RN6W4A8z/7VFB/Aq3NQBfGeTR3l/+dZH+e0
> boioZDkpGRVCtfYyjvfPRUeMJXgqUfdMIsQGm0YbtQ0PWhIhjdxiuLUJ4jEqen8G
> 5ssz0/V4vlJ0wgkhliQcybxRhCWayKr95kuV6yiHKZgpTX9ovOhE+Ew208Y6Poh3
> vR7YAWfyI7QxPAhSuLMQFKtRbD2cbAQ/CD+CsFVquiGj8J6DUS+pWPr5JHNz8rzA
> Ba29dMTPeKmbbW3aHZ4pA2aJNT5lmA6RQ85cR7oNU48HAhwSqpw23NZQb2MF7Qqp
> cTey+etb2kVR83fp47g2hfgzCBKoTYdqC5G5kVarvO1+BsdKwApz+iElUqKfkRZo
> NwHJp5KUauGKGrN2WY5yAMUq9iEsVlTBt+rsixtnRlP1yhGhc9DrLsKquOw03myL
> hDISqFnOh+zVz10=
> -----END CERTIFICATE-----
>
> ```
>
> Jochen Bern <Jochen.Bern at binect.de> ?2020?12?24??? ??7:44???
>
>> On 23.12.20 23:56, openssl-users-request at openssl.org digested:
>> > Message: 4
>> > Date: Wed, 23 Dec 2020 23:56:44 +0100
>> > From: David von Oheimb <dev at ddvo.net>
>> [...]
>> > Yet since both your old and new server cert are not expired and have the
>> > same subject, keyIdentifier, and serial number,
>> > and you appended the new server cert to your list, it is no surprise
>> > that the certificate chain building algorithm will pick up the old one.
>> > For efficiency reasons, no other (equally applicable) certificates will
>> > be tried.
>>
>> To expand on the "*should* you actually do it like this" angle: I do not
>> see any reason why the new server cert (SC) should have *the same serial
>> number* (SN) as the old one.
>>
>> At least in the general case - where the CA and the server are run by
>> different entities -, the CA wants(*) to be able to revoke old and new
>> SC separately, and CRLs identify revoked certs exclusively by the
>> issuing CA Cert (CC) and the revoked cert's SN.
>>
>> So, what *is* the rationale to reuse the SN? Do you have a
>> "verification" mechanism somewhere that (cannot be updated in a timely
>> manner for the new SC and) would protest a changed SN, but *not* the
>> changed validity period (or, for that matter, fingerprint or CA
>> signature)? Note that the mere thought already makes me put quote marks
>> around "verification" ...
>>
>> Disclaimer: I'm *not* saying that merely using different SNs will make
>> the problem you're currently experiencing disappear. In fact, I consider
>> that rather unlikely, but it might be one contributing factor.
>>
>> (*) Scenario 1: Before the old SC expires, the CA finds out that it
>> issued a new SC to an imposter, so they now want to revoke the new but
>> not the old. Scenario 2: The old SC is found to have been leaked after
>> the new one was already issued, so at least the server admin would
>> prefer to have the old SC revoked but *not* the new one.
>>
>> Kind regards,
>> --
>> Jochen Bern
>> Systemingenieur
>>
>> Binect GmbH
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201225/ee5cb25e/attachment.html>

From Jochen.Bern at binect.de  Fri Dec 25 10:36:33 2020
From: Jochen.Bern at binect.de (Jochen Bern)
Date: Fri, 25 Dec 2020 11:36:33 +0100
Subject: openssl-users Digest, Vol 73, Issue 29
In-Reply-To: <mailman.189.1608852959.20353.openssl-users@openssl.org>
References: <mailman.189.1608852959.20353.openssl-users@openssl.org>
Message-ID: <2bad4f90-d40a-f9e3-2317-f0166514132d@binect.de>

On 25.12.20 00:35, openssl-users-request at openssl.org digested:
> Message: 3
> Date: Fri, 25 Dec 2020 07:35:40 +0800
> From: ??? <pkudingping at gmail.com>
> 
> @Jochen actually, the certs have different SN, which indeed is not
> consistent with the man doc.

... how so? Different certs having different SNs is what is supposed and
most often *required* to happen, and what OpenSSL's "ca" command will
actually do, so I'd be rather surprised if one of the man pages implied
the opposite. Short of the user overriding OpenSSL defaults outright, of
course.

> below is my ca.crt file, I am not sure where it went wrong, maybe just my
> wrong behavior?

(For the records:

*Different* keypair, SN, validity period (but see below), signature.
*Identical* DNs, algos, keysizes, extension (one DNS SAN).
*Self-signed* certs, no actual CA invoved.

CN and SAN indicate "nsxmanager.pks.vmware.local", so it might play a
role what kind of DNS (public or internal) is used while verifying an
actual server.

Validity periods of 10 years, but differ only by a shift of ~39h ...
you're still *testing*, not fixing a legacy installation, right?)

> Re post my code here, since I send it alone to Michael.

I don't do actual *coding* (much), but this here:

> After I compile curl with openssl backend, the new binary failed too.
> 
> ./curl.openssl -vvvv -u admin:'Admin!23Admin'
> https://nsxmanager.pks.vmware.local/api/v1/spec/vmware/types/Tag --cacert
> ./ca.crt
[...]
> * SSL certificate problem: self signed certificate
> * Closing connection 0
> curl: (60) SSL certificate problem: self signed certificate
> More details here: https://curl.se/docs/sslcerts.html
[...]

suggests that it might play a role that you're working with
*self-signed* certs ...

As I said, I don't *code*, but the verify(1) command line tool shows the
exact same behavior of only OKing the one out of your two certs that
appears *first* in the CAfile:

> $ openssl verify --CAfile TMP-AB TMP-A TMP-B
> TMP-A: OK
> C = US, ST = CA, L = Palo Alto, O = VMware, CN = nsxmanager.pks.vmware.local
> error 18 at 0 depth lookup: self signed certificate
> error TMP-B: verification failed

> $ openssl verify --CAfile TMP-BA TMP-A TMP-B
> C = US, ST = CA, L = Palo Alto, O = VMware, CN = nsxmanager.pks.vmware.local
> error 18 at 0 depth lookup: self signed certificate
> error TMP-A: verification failed
> TMP-B: OK

Whereas, when I throw in another, entirely *different* cert ... :

> $ openssl verify --CAfile TMP-ABC TMP-C
> TMP-C: OK

So, yeah, it seems that OpenSSL dislikes seeing multiple
partially-identical "CA" certs in a CAfile. Which doesn't surprise me
quite *that* much, because I remember *stronger* adverse reactions to
CAfiles where certs had identical DNs and overlapping(!) validity
periods back in 2012. IIRC I also found docs saying that that was an
officially unsupported scenario.

Back then, I "fixed" the "problem" by appending A,B,C,... to the CN -
which was possible because we're using *actual CAs* there. For server
certs, where you need the CN to match the FQDN, you might want to add an
OU with a timestamp so as to have the *DN* as a whole differ ...

Kind regards,

Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201225/140c4d10/attachment-0001.bin>

From dev at ddvo.net  Sat Dec 26 09:17:45 2020
From: dev at ddvo.net (David von Oheimb)
Date: Sat, 26 Dec 2020 10:17:45 +0100
Subject: Directly trusted self-issued end-entity certs - Re: How to rotate
 cert when only first matching cert been verified
In-Reply-To: <CABYODQ9r0NhEoh=ANJXyZn1o1-SudeAEarCxPQWWBcga=4iCtA@mail.gmail.com>
References: <mailman.161.1608764215.20353.openssl-users@openssl.org>
 <1bc0d4a9-7a71-1cd6-5d85-ea4e9e70bda4@binect.de>
 <CABYODQ9r0NhEoh=ANJXyZn1o1-SudeAEarCxPQWWBcga=4iCtA@mail.gmail.com>
Message-ID: <47058390-b956-16d4-f15f-c839e4272f9d@ddvo.net>

On 25.12.20 00:35, ??? wrote:
> @David von Oheimb <mailto:dev at ddvo.net> I will update to a new version
> and try again.

Good. Ideally try also a current 3.0.0 alpha release because there have
been some changes to cert chain building and verification recently.

> To append cert is to make sure new cert and old cert both exist in
> trust store, thus when server switches cert, it can be trusted by client.
Understood, but my point was on a different aspect:
The chain building will take the first matching cert, so if you want to
prefer the new cert, it must be in the list *before* the old one -
in other words, prepend the new cert to the list rather than appending
to it.

> @Jochen actually, the certs have different SN, which indeed is not
> consistent with the man doc

Different certs with the same issuer indeed *must* have different SNs
(except in the special case I mention below).
See also RFC 5280 section 4.1.2.2
https://tools.ietf.org/html/rfc5280#section-4.1.2.2:

  It MUST be unique for each certificate issued by a given CA
     (i.e., the issuer name and serial number identify a unique certificate). 


Yet there is a different inconsistency in what you write:

> The thing that confuses me is that CURL (compiled with gnutls) and
> Golang works.
> below is my ca.crt file, I am not sure where it went wrong, maybe just
> my wrong behavior?
You refer to them as CA certs, but they are not: they do no have a
basicConstraints field with the cA bit set.
And as far as I understand your scenario, they are not used to issue
other certs but by some (TLS) server,
so they really are end-entity (EE) certs, not CA certs, and it looks
like this is correct in your application scenario.

Directly trusted self-issued EE certs (which may be self-signed or not)
are a special situation.
This has been clarified in RFC 6818 (which updates RFC 5280)
https://tools.ietf.org/html/rfc6818#section-2:

| Consistent with Section 3.4.61 <https://tools.ietf.org/html/rfc6818#section-3.4.61> of X.509 (11/2008) [X.509 <https://tools.ietf.org/html/rfc6818#ref-X.509>], we note
| that use of self-issued certificates and self-signed certificates
| issued by entities other than CAs are outside the scope of this
| specification.  Thus, for example, a web server or client might
| generate a self-signed certificate to identify itself.  These
| certificates and how a relying party uses them to authenticate
| asserted identities are both outside the scope of RFC 5280 <https://tools.ietf.org/html/rfc5280>.

So the path building and verification, as well as other checks defined
RFC 5280, does not apply to them at all!
They are essentially just a convenient container for a public key, where
it is optional to check expiration etc.


Unfortunately, when using such certs for TLS connections etc., still
verification is done on them, which may fail.
After renaming your ca.crt file to ee.crt for clarity and extracting the
first cert in ee1.crt and the second one in ee2.crt,
when verifying these directly trusted certs one gets the problem you
reported:

openssl verify -x509_strict -trusted ee.crt ee1.crt
ee1.crt: OK

openssl verify -x509_strict -trusted ee.crt ee2.crt
C = US, ST = CA, L = Palo Alto, O = VMware, CN = nsxmanager.pks.vmware.local
error 18 at 0 depth lookup: self signed certificate
error ee2.crt: verification failed

So as I wrote before, unfortunately the path building picks up the first
matching cert from ee.crt,
which is the one in ee1.crt (i.e., your old one), and does not try the
second one (i.e., your new one).
This happens also with the latest OpenSSL pre-3.0.0 master.


A solution is to add both the subjectKeyIdentifier and
authorityKeyIdentifier extensions to your certs,
for instance like this:

echo >ee.cnf "
prompt = no
distinguished_name = my_server
x509_extensions = my_exts
[my_server]
commonName = test
[my_exts]
basicConstraints = CA:false
subjectKeyIdentifier=hash
authorityKeyIdentifier = keyid"

openssl req -config ee.cnf -new -x509 -out ee1.crt -nodes -keyout ee1.pem
openssl req -config ee.cnf -new -x509 -out ee2.crt -nodes -keyout ee2.pem
cat ee1.crt ee2.crt >ee.crt

The subjectKeyIdentifier and authorityKeyIdentifier extensions are
generally recommend
(and actually required to add for certs that are RFC 5280 compliant)
because they help for correct chain building, and indeed also in this
case they do:

openssl verify -x509_strict -trusted ee.crt ee1.crt
ee1.crt: OK
openssl verify -x509_strict -trusted ee.crt ee2.crt
ee2.crt: OK

Regards,

??? David


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201226/e18a385f/attachment.html>

From ruria at zzircon.com  Mon Dec 28 07:49:52 2020
From: ruria at zzircon.com (=?UTF-8?B?UmHDumwgVXLDrWEgRWxpY2Vz?=)
Date: Mon, 28 Dec 2020 08:49:52 +0100
Subject: =?UTF-8?Q?Re=3a_Format_error_in_certificate=c2=b4s_notAfter_field?=
In-Reply-To: <6ccd25f5-7341-9b3c-df4e-ba24e7642dd9@openssl.org>
References: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>
 <6ccd25f5-7341-9b3c-df4e-ba24e7642dd9@openssl.org>
Message-ID: <328715c9-fe7b-de24-575e-ec2ff990fe4c@zzircon.com>

Here it is:

-----BEGIN CERTIFICATE-----
MIIESjCCA7OgAwIBAgIJAN4eHpcYq8eMMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
VQQGEwJlczEVMBMGA1UEBxMMUGVuYWNhc3RpbGxvMSYwJAYDVQQKEx1OT1JCRVJU
IERFTlRSRVNTQU5HTEUgR0VSUE9TQTEyMDAGA1UEAxMpTk9SQkVSVCBERU5UUkVT
U0FOR0xFIEdFUlBPU0EgV2ViQWRtaW4gQ0ExITAfBgkqhkiG9w0BCQEWEmFkbWlu
QGFzdGFyby5sb2NhbDAeFw0xNzA5MDgxNTQ0NTJaFw0zNjA3MTgxNTEyMThaMGsx
CzAJBgNVBAYTAmVzMRUwEwYDVQQHDAxQZW5hY2FzdGlsbG8xJjAkBgNVBAoMHU5P
UkJFUlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBMR0wGwYDVQQDDBRhc2cyMjAuZ2Vy
cG9zYS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+gNXRC
WtsP9LANPgFJ1vj1/6naVUiHBq+AKgPePwOK6qbUczG+E8Zh8xr/JpcCjdrTLZNF
rllVoEodthSvKnlaMI7qIgDWQE3MtVot5ARAZHFMob2uy3zeZ/uJniheYmj7BNy2
d6pkFzlZyPiNh65KIBbEuZEKAgKQwRAduYWk+689p2Jnujj13yodpOuGPSjr9inz
qLTK1GIkTf51O6GMGiu5erj27LHKAJojAVSjMDJ1AeDAsNg+RLLDP/q+Fi0wLUwL
MPq2rhiXZvVPjU/iukiwrzNHqwZTIwpayNatjoskKE/KS+ldEIhMlythOiPVWgYs
zAUdD1G3HL4cQgECAwEAAaOCATcwggEzMB0GA1UdDgQWBBQqUYZktt2XccSH1Sp2
g8y8zwZ3nzCB2AYDVR0jBIHQMIHNgBSXppMhHL+r08UaJqK9kW36GvpusaGBqaSB
pjCBozELMAkGA1UEBhMCZXMxFTATBgNVBAcTDFBlbmFjYXN0aWxsbzEmMCQGA1UE
ChMdTk9SQkVSVCBERU5UUkVTU0FOR0xFIEdFUlBPU0ExMjAwBgNVBAMTKU5PUkJF
UlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBIFdlYkFkbWluIENBMSEwHwYJKoZIhvcN
AQkBFhJhZG1pbkBhc3Rhcm8ubG9jYWyCCQDeHh6XGKvHijAfBgNVHREEGDAWghRh
c2cyMjAuZ2VycG9zYS5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq
hkiG9w0BAQsFAAOBgQAqsvoAFxWEWSxZHtEgDHEBfflBJEm3QqAl8bMb3O4rOnIV
ufq/dkAx6AYzmtFZhWMIJnh4ZTU8ULjuAkqC2yXEBktpSR9VQFKabToLSuAW9QC7
Db2ELKw8kXQgFxS0nkDhEgAitukcJ8TuVq7hlvRVwC6vnRRdKYaaT5cERZbDOg==
-----END CERTIFICATE-----




From coutwin at newstuff.com  Mon Dec 28 18:24:00 2020
From: coutwin at newstuff.com (Chris Outwin)
Date: Mon, 28 Dec 2020 12:24:00 -0600
Subject: SHA256 openssl-1.1.1i  Checksum Error
Message-ID: <B75CBB68-AE29-4479-B33A-287E0CE4C066@newstuff.com>

This is my first post.  OpenSSL is not my forte.

The code below returns an unexpected checksum value for openssl-1.1.1i..  Strangely, when the same code is run for a previous version, the correct checksum value is returned.   Here is what I?ve tried:

1.  Downloaded the current SHA256 value for openssl-1.1.1i.tar.gz from https://www.openssl.org/source/
2.  Included that checksum value in the code below
3.  Run the code in macOS Version10.15.7?s Terminal app (using bash)
4.  Observed that the checksum value does not match the downloaded value in Step 1 above

Here is the part of the script associated with the problem.  Notice an incorrect checksum of c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e is returned at the end.  What am I doing wrong? 

#!/bin/zsh
# This script builds OpenSSL libssl and libcrypto for 64-bit devices.
# Binary distribution for ios64-cross-arm64 and ios64-cross-arm64e

VERSION=?1.1.1i?
VERSION_SHA256_CHECKSUM="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"

##############################################################
curl -Ov https://www.openssl.org/source/openssl-$VERSION.tar.gz

# Checksum to verify OpenSSL files are not corrupted.
FILE_CHECKSUM=$(shasum -a 256 openssl-$VERSION.tar.gz | awk '{print $1; exit}')
if [ "$FILE_CHECKSUM" != "$VERSION_SHA256_CHECKSUM" ]; then
	echo "OpenSSL version $VERSION failed checksum."
	echo "Checksum should be:" $VERSION_SHA256_CHECKSUM
	echo "Actual downloaded file checksum:" $FILE_CHECKSUM
	exit 1
fi

Here is the verbose listing returned by the script:

chrisoutwin at Chriss-iMac OpenSSL % bash build.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 23.2.168.18...
* TCP_NODELAY set
* Connected to www.openssl.org (23.2.168.18) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [229 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=www.openssl.org
*  start date: Oct 30 19:31:03 2020 GMT
*  expire date: Jan 28 19:31:03 2021 GMT
*  subjectAltName: host "www.openssl.org" matched cert's "www.openssl.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /source/openssl-?1.1.1i?.tar.gz HTTP/1.1
> Host: www.openssl.org
> User-Agent: curl/7.64.1
> Accept: */*
> 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 404 Not Found
< Server: Apache/2.4.29 (Ubuntu)
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Accept-Ranges: bytes
< Content-Type: text/html; charset=UTF-8
< Content-Length: 4182
< Cache-Control: max-age=172800
< Expires: Wed, 30 Dec 2020 15:20:43 GMT
< Date: Mon, 28 Dec 2020 15:20:43 GMT
< Connection: keep-alive
< 
{ [1536 bytes data]
100  4182  100  4182    0     0   5873      0 --:--:-- --:--:-- --:--:--  5873
* Connection #0 to host www.openssl.org left intact
* Closing connection 0
OpenSSL version ?1.1.1i? failed checksum.
Checksum should be: e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
Actual downloaded file checksum: c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201228/5b140723/attachment-0001.html>

From Matthias.St.Pierre at ncp-e.com  Mon Dec 28 18:49:36 2020
From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre)
Date: Mon, 28 Dec 2020 18:49:36 +0000
Subject: SHA256 openssl-1.1.1i  Checksum Error
In-Reply-To: <B75CBB68-AE29-4479-B33A-287E0CE4C066@newstuff.com>
References: <B75CBB68-AE29-4479-B33A-287E0CE4C066@newstuff.com>
Message-ID: <a289a68660d043859f030dcfbf20f45b@ncp-e.com>

I have no experience with zsh, but it seems that quoting is handled differently by zsh?
At least it looks like the double quotes ended up in the GET line and you simply received
an HTTP 404 Not Found (which is the reason why your digest isn?t correct.)

HTH,
Matthias


> GET /source/openssl-?1.1.1i?.tar.gz HTTP/1.1
> Host: www.openssl.org<http://www.openssl.org>
> User-Agent: curl/7.64.1
> Accept: */*
>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 404 Not Found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201228/fde08cbb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201228/fde08cbb/attachment-0001.bin>

From tomiii at tomiii.com  Mon Dec 28 20:34:17 2020
From: tomiii at tomiii.com (Thomas Dwyer III)
Date: Mon, 28 Dec 2020 12:34:17 -0800
Subject: =?UTF-8?Q?Re=3A_Format_error_in_certificate=C2=B4s_notAfter_field?=
In-Reply-To: <328715c9-fe7b-de24-575e-ec2ff990fe4c@zzircon.com>
References: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>
 <6ccd25f5-7341-9b3c-df4e-ba24e7642dd9@openssl.org>
 <328715c9-fe7b-de24-575e-ec2ff990fe4c@zzircon.com>
Message-ID: <CADqc48RJBQJS5aSboAHXg-YtL_zLCwYVqmLVqR7D5DUZOUEnpA@mail.gmail.com>

This certificate is not the same one causing the error message in your
original email. The error message you provided earlier included
"serial=17702460327850242852" (or f5:ab:c5:e0:63:f5:73:24 in hex) but the
certificate you provided here has serial=16005263760024127372
(de:1e:1e:97:18:ab:c7:8c).


Tom.III


On Sun, Dec 27, 2020 at 11:50 PM Ra?l Ur?a Elices <ruria at zzircon.com> wrote:

> Here it is:
>
> -----BEGIN CERTIFICATE-----
> MIIESjCCA7OgAwIBAgIJAN4eHpcYq8eMMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
> VQQGEwJlczEVMBMGA1UEBxMMUGVuYWNhc3RpbGxvMSYwJAYDVQQKEx1OT1JCRVJU
> IERFTlRSRVNTQU5HTEUgR0VSUE9TQTEyMDAGA1UEAxMpTk9SQkVSVCBERU5UUkVT
> U0FOR0xFIEdFUlBPU0EgV2ViQWRtaW4gQ0ExITAfBgkqhkiG9w0BCQEWEmFkbWlu
> QGFzdGFyby5sb2NhbDAeFw0xNzA5MDgxNTQ0NTJaFw0zNjA3MTgxNTEyMThaMGsx
> CzAJBgNVBAYTAmVzMRUwEwYDVQQHDAxQZW5hY2FzdGlsbG8xJjAkBgNVBAoMHU5P
> UkJFUlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBMR0wGwYDVQQDDBRhc2cyMjAuZ2Vy
> cG9zYS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+gNXRC
> WtsP9LANPgFJ1vj1/6naVUiHBq+AKgPePwOK6qbUczG+E8Zh8xr/JpcCjdrTLZNF
> rllVoEodthSvKnlaMI7qIgDWQE3MtVot5ARAZHFMob2uy3zeZ/uJniheYmj7BNy2
> d6pkFzlZyPiNh65KIBbEuZEKAgKQwRAduYWk+689p2Jnujj13yodpOuGPSjr9inz
> qLTK1GIkTf51O6GMGiu5erj27LHKAJojAVSjMDJ1AeDAsNg+RLLDP/q+Fi0wLUwL
> MPq2rhiXZvVPjU/iukiwrzNHqwZTIwpayNatjoskKE/KS+ldEIhMlythOiPVWgYs
> zAUdD1G3HL4cQgECAwEAAaOCATcwggEzMB0GA1UdDgQWBBQqUYZktt2XccSH1Sp2
> g8y8zwZ3nzCB2AYDVR0jBIHQMIHNgBSXppMhHL+r08UaJqK9kW36GvpusaGBqaSB
> pjCBozELMAkGA1UEBhMCZXMxFTATBgNVBAcTDFBlbmFjYXN0aWxsbzEmMCQGA1UE
> ChMdTk9SQkVSVCBERU5UUkVTU0FOR0xFIEdFUlBPU0ExMjAwBgNVBAMTKU5PUkJF
> UlQgREVOVFJFU1NBTkdMRSBHRVJQT1NBIFdlYkFkbWluIENBMSEwHwYJKoZIhvcN
> AQkBFhJhZG1pbkBhc3Rhcm8ubG9jYWyCCQDeHh6XGKvHijAfBgNVHREEGDAWghRh
> c2cyMjAuZ2VycG9zYS5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkq
> hkiG9w0BAQsFAAOBgQAqsvoAFxWEWSxZHtEgDHEBfflBJEm3QqAl8bMb3O4rOnIV
> ufq/dkAx6AYzmtFZhWMIJnh4ZTU8ULjuAkqC2yXEBktpSR9VQFKabToLSuAW9QC7
> Db2ELKw8kXQgFxS0nkDhEgAitukcJ8TuVq7hlvRVwC6vnRRdKYaaT5cERZbDOg==
> -----END CERTIFICATE-----
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201228/d61bd92b/attachment.html>

From Michael.Wojcik at microfocus.com  Mon Dec 28 23:10:27 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 28 Dec 2020 23:10:27 +0000
Subject: openssl-users Digest, Vol 73, Issue 29
In-Reply-To: <2bad4f90-d40a-f9e3-2317-f0166514132d@binect.de>
References: <mailman.189.1608852959.20353.openssl-users@openssl.org>
 <2bad4f90-d40a-f9e3-2317-f0166514132d@binect.de>
Message-ID: <DM6PR18MB2700EFF5A8BCAA1464821704F9D91@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Jochen
> Bern
> Sent: Friday, 25 December, 2020 03:37

I believe David von Oheimb has already provided a solution for the original problem in this thread (setting subjectKeyIdentifier and authorityKeyIdentifer lets OpenSSL pick the right certificate from the trust-anchor collection). I wanted to comment on this tangential point:

> For server
> certs, where you need the CN to match the FQDN, you might want to add an
> OU with a timestamp so as to have the *DN* as a whole differ ...

If your entity certificate is X.509v3 and the client complies with RFC 5280, the CN of the Subject DN shouldn't matter, as long as the server name *as expected by the peer* appears in a subjectAlternativeName extension.

That is, if the client wants to connect to "www.foo.com", the server's certificate should have a DNS-type sAN with the value "www.foo.com". If the client wants to connect to the unqualified hostname "foo", the server's certificate should have a DNS-type sAN with the value "foo". If the client wants to connect to "192.168.2.1", the server's certificate should have an IPADR-type sAN with that value. And so on. If any sANs are present, the CN (if any) of the Subject DN should be ignored.

Here "wants to connect" is defined by the application and/or its TLS implementation. The implementation may provide a way for a client to specify the subject-name it wants to find in the entity certificate, or it may simply take whatever hostname or IP address string it's asked to connect to, and use that.

Also remember that OpenSSL prior to 1.0.2 didn't have support for checking hostnames at all. With 1.0.2 you have to make some non-obvious calls to set the expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the 1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if this has changed again in 3.0.

--
Michael Wojcik

From Michael.Wojcik at microfocus.com  Mon Dec 28 23:15:37 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 28 Dec 2020 23:15:37 +0000
Subject: openssl-users Digest, Vol 73, Issue 29
In-Reply-To: <2bad4f90-d40a-f9e3-2317-f0166514132d@binect.de>
References: <mailman.189.1608852959.20353.openssl-users@openssl.org>
 <2bad4f90-d40a-f9e3-2317-f0166514132d@binect.de>
Message-ID: <DM6PR18MB270049C7B3A1C88FAECA0243F9D91@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Jochen
> Bern
> Sent: Friday, 25 December, 2020 03:37

I believe David von Oheimb has already provided a solution for the original problem in this thread (setting subjectKeyIdentifier and authorityKeyIdentifer lets OpenSSL pick the right certificate from the trust-anchor collection). I wanted to comment on this tangential point:

> For server
> certs, where you need the CN to match the FQDN, you might want to add an
> OU with a timestamp so as to have the *DN* as a whole differ ...

If your entity certificate is X.509v3 and the client complies with RFC 5280, the CN of the Subject DN shouldn't matter, as long as the server name *as expected by the peer* appears in a subjectAlternativeName extension.

That is, if the client wants to connect to "www.foo.com", the server's certificate should have a DNS-type sAN with the value "www.foo.com". If the client wants to connect to the unqualified hostname "foo", the server's certificate should have a DNS-type sAN with the value "foo". If the client wants to connect to "192.168.2.1", the server's certificate should have an IPADR-type sAN with that value. And so on. If any sANs are present, the CN (if any) of the Subject DN should be ignored.

Here "wants to connect" is defined by the application and/or its TLS implementation. The implementation may provide a way for a client to specify the subject-name it wants to find in the entity certificate, or it may simply take whatever hostname or IP address string it's asked to connect to, and use that.

Also remember that OpenSSL prior to 1.0.2 didn't have support for checking hostnames at all. With 1.0.2 you have to make some non-obvious calls to set the expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the 1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if this has changed again in 3.0.

--
Michael Wojcik

From Michael.Wojcik at microfocus.com  Mon Dec 28 23:30:34 2020
From: Michael.Wojcik at microfocus.com (Michael Wojcik)
Date: Mon, 28 Dec 2020 23:30:34 +0000
Subject: SHA256 openssl-1.1.1i  Checksum Error
In-Reply-To: <a289a68660d043859f030dcfbf20f45b@ncp-e.com>
References: <B75CBB68-AE29-4479-B33A-287E0CE4C066@newstuff.com>
 <a289a68660d043859f030dcfbf20f45b@ncp-e.com>
Message-ID: <DM6PR18MB270037901B124BF806C3BA90F9D91@DM6PR18MB2700.namprd18.prod.outlook.com>

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Dr. Matthias St. Pierre
> Sent: Monday, 28 December, 2020 11:50

> I have no experience with zsh, but it seems that quoting is handled
> differently by zsh?

Is the problem that quoting is handled differently, or that he actually had Unicode left-double-quote and right-double-quote characters there rather than proper ASCII double-quote characters? That's how it appears in the message as I received it.

> At least it looks like the double quotes ended up in the GET line

Agreed.

> and you simply received an HTTP 404 Not Found (which is the reason why your
> digest isn?t correct.)

Agreed.

I'll add: Don't check the checksum. Check the signature:

1. Install an OpenPGP implementation such as gpg, if you don't already have one. (One may come with macOS; I have no idea.)

2. Download the .asc file corresponding to the tarball you downloaded.

3. Check the signature. With gpg2, for example:

   $ gpg2 --verify openssl-1.1.1i.tar.gz.asc openssl-1.1.1i.tar.gz
   gpg: Signature made 12/08/20 06:21:06 MST using RSA key ID 0E604491

Now, you presumably won't have the signing public key (for 1.1.1i that's a key owned by Matt Caswell) in your keyring. You can download it from a public keyserver and mark it as trusted, so you'll also get verification that the signature was generated with the correct key:

   gpg: Good signature from "Matt Caswell <matt at openssl.org>" [full]
   gpg:                 aka "Matt Caswell <frodo at baggins.org>" [full]

While checking the signature runs into all the well-documented issues with the PGP Web of Trust, it's still stronger (in the sense that it prunes more of the attack tree, under sensible threat models) than just checking the hash. And once you're set up to do it, it's a simpler operation for future downloads.

--
Michael Wojcik

From doctor at doctor.nl2k.ab.ca  Tue Dec 29 06:35:39 2020
From: doctor at doctor.nl2k.ab.ca (The Doctor)
Date: Mon, 28 Dec 2020 23:35:39 -0700
Subject: 20201229 snapshots
Message-ID: <X+rOO36qniUpN9Rf@doctor.nl2k.ab.ca>

1) No openssl-3.0 20201229 candidate otnight


2) Script started on Mon Dec 28 23:31:06 2020
root at doctor:/usr/source/openssl-1.1.1-stable-SNAP-20201229 # cd ..

root at doctor:/usr/source # tar xf openssl*1026*z*z*z*z2*z2*z9*z

tar: Failed to set default locale
openssl-1.1.1-stable-SNAP-20201229/test/drbg_cavs_data.c: Truncated tar archive
tar: Error exit delayed from previous errors.
root at doctor:/usr/source # cd op*1229

root at doctor:/usr/source/openssl-1.1.1-stable-SNAP-20201229 # cofnigopensslcat /usr/local/bin/ cofnigopensslnfigopenssl

#!/usr/local/bin/bash
CC=/usr/local/bin/clang11 ./Configure --prefix=/usr/ BSD-x86_64  enable-ec_nistp_64_gcc_128 enable-sctp no-crypto-mdebug no-crypto-mdebug-backtrace no-asan no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-idea no-md2 enable-md4 no-msan no-rc5 no-sm2 no-sm3  enable-rfc3779 enable-shared zlib-dynamic  enable-rc4 no-ssl3 no-ssl3-method no-ubsan   enable-weak-ssl-ciphers   no-idea enable-ssl-trace enable-unit-test; make depend
root at doctor:/usr/source/openssl-1.1.1-stable-SNAP-20201229 # ^catt

/usr/local/bin/configopenssl
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LC_ALL = (unset),
        LANG = "en_GB"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Can't locate OpenSSL/Glob.pm in @INC (you may need to install the OpenSSL::Glob module) (@INC contains: /usr/source/openssl-1.1.1-stable-SNAP-20201229/util/perl /usr/local/lib/perl5/site_perl/mach/5.30 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.30/mach /usr/local/lib/perl5/5.30) at ./Configure line 20.
BEGIN failed--compilation aborted at ./Configure line 20.
make: don't know how to make depend. Stop

make: stopped in /usr/source/openssl-1.1.1-stable-SNAP-20201229
root at doctor:/usr/source/openssl-1.1.1-stable-SNAP-20201229 # maexit

exit

Script done on Mon Dec 28 23:32:08 2020

What went wrong with openssl-1.1.1-stable-SNAP-20201229 ?

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b  
Merry Christmas 2020 and Happy New Year 2021 !

From Matthias.St.Pierre at ncp-e.com  Tue Dec 29 13:57:46 2020
From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre)
Date: Tue, 29 Dec 2020 13:57:46 +0000
Subject: SHA256 openssl-1.1.1i  Checksum Error
In-Reply-To: <13315B81-DD13-4DA7-BD02-9CBEED59BABF@newstuff.com>
References: <B75CBB68-AE29-4479-B33A-287E0CE4C066@newstuff.com>
 <a289a68660d043859f030dcfbf20f45b@ncp-e.com>
 <13315B81-DD13-4DA7-BD02-9CBEED59BABF@newstuff.com>
Message-ID: <250ed96195bb4342a6888c9fc9a3396d@ncp-e.com>

You?re welcome. As Michael Woijcik pointed out in his reply to the list, the problem had nothing
to do with zsh specifics. It was caused by the fact that those weren?t normal double quotes, but
unicode left and right double quotes, which weren?t understood by the shell.

Regards,
Matthias


From: Chris Outwin <coutwin at newstuff.com>
Sent: Monday, December 28, 2020 9:43 PM
To: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Subject: Re: SHA256 openssl-1.1.1i Checksum Error

Thank you for your prompt reply. Removing the quotes from VERSION=?1.1.1i? allowed the script to run.


On Dec 28, 2020, at 12:49 PM, Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com<mailto:Matthias.St.Pierre at ncp-e.com>> wrote:

I have no experience with zsh, but it seems that quoting is handled differently by zsh?
At least it looks like the double quotes ended up in the GET line and you simply received
an HTTP 404 Not Found (which is the reason why your digest isn?t correct.)

HTH,
Matthias


> GET /source/openssl-?1.1.1i?.tar.gz HTTP/1.1
> Host: www.openssl.org<http://www.openssl.org/>
> User-Agent: curl/7.64.1
> Accept: */*
>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 404 Not Found

<NCP_logo_2f45208a-c14d-4000-bcd3-1ab400c0e48c.gif>

Dr. Matthias St. Pierre

Senior Software Engineer
matthias.st.pierre at ncp-e.com<mailto:matthias.st.pierre at ncp-e.com>
Phone: +49 911 9968-0
www.ncp-e.com<http://www.ncp-e.com/>


Follow us on: Facebook<https://www.facebook.com/NCPengineering> | Twitter<https://twitter.com/NCP_engineering> | Xing<https://www.xing.com/companies/ncpengineeringgmbh> | YouTube<https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn<http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>

Headquarters Germany: NCP engineering GmbH ? Dombuehler Str. 2 ? 90449 ? Nuremberg
North American HQ: NCP engineering Inc. ? 601 Cleveland Str., Suite 501-25 ? Clearwater, FL 33755

Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich
Registry Court: Lower District Court of Nuremberg
Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619
This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201229/e612a021/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201229/e612a021/attachment-0001.bin>

From sanarayana at rbbn.com  Tue Dec 29 18:29:07 2020
From: sanarayana at rbbn.com (Narayana, Sunil Kumar)
Date: Tue, 29 Dec 2020 18:29:07 +0000
Subject: Using AES utilities in 3.0
Message-ID: <SN6PR03MB40618FDE4451039B4C8BB21DB0D80@SN6PR03MB4061.namprd03.prod.outlook.com>

Dear Openssl team,
                While migrating from 1.0.2 to 3.0 we observe that AES utility functions are deprecated in 3.0.
Please suggest the equivalent replacements for these API that are been currently used by our application

AES_KEY --->    Structure declaration is also not visible to applications
AES_decrypt
AES_set_decrypt_key
AES_set_encrypt_key
AES_encrypt

Please suggest the corresponding manpage

Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201229/7119051e/attachment.html>

From patrick at qumulo.com  Tue Dec 29 22:20:41 2020
From: patrick at qumulo.com (Patrick Jakubowski)
Date: Tue, 29 Dec 2020 14:20:41 -0800
Subject: Failing unit tests after adding public key check to pkey_ec_derive()
Message-ID: <CAHE9VWs==FGDfOBtWuzTdKf=UD70uVR0D-qQ6=sqRcjd1LpWqw@mail.gmail.com>

Hi all,

I've been tasked with making some modifications to OpenSSL 1.1.1 in order
to bring it into compliance with FIPS 140-2. One of the items on the to-do
list was to implement the required key agreement scheme assurances
specified in NIST SP.800-56Ar3 Section 9. This involves performing some
validation on the public key provided via the EVP_PKEY_derive() call.

To that end, I backported this patch which purports to implement the
required validation in EC_KEY_check_key():

commit 5173cdde7d758824e6a07f2a6c6808b254602e11
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat Mar 23 13:12:08 2019 +1000

    ec key validation checks updated

    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8564)

I then added a call to EC_KEY_check_key in pkey_ec_derive() to validate the
public key, like so:

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 5bee031b92..84d8eb5d95 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -163,6 +163,14 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned
char *key, size_t *keylen)

     eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;

+    /*
+     * Check the validity of the received public key as required by NIST
+     * SP.800-56Ar3 Section 9
+     */
+    ret = EC_KEY_check_key(ctx->peerkey->pkey.ec);
+    if (ret <= 0)
+        return ret;
+
     if (!key) {
         const EC_GROUP *group;
         group = EC_KEY_get0_group(eckey);

Adding this check causes several unexpected unit test failures, which I was
hoping someone could help me with. The first category of failure seems to
be with TLS 1.3 tests that exercise the HelloRetryRequest (HRR)
functionality. Unfortunately, I'm not terribly familiar with the TLS
protocol, so my understanding here is limited. It seems like the unit tests
induce this HRR condition by calling SSL_set1_groups_list("P-256") while
providing an RSA private key. I'm not exactly sure of the effect of this
change, but here is an example test failure:

ok 22 - test_early_data_skip
    # Subtest: test_early_data_skip_hrr
    1..3
    # ERROR: (bool) 'SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)
== true' failed @ test/sslapitest.c:2620
    # false
    # 139755660280960:error:1010207B:elliptic curve
routines:ec_key_simple_check_key:invalid private key:crypto/ec/ec_key.c:406:
    # 139755660280960:error:1424E044:SSL routines:ssl_derive:internal
error:ssl/s3_lib.c:4781:
    not ok 1 - iteration 1

There are a couple of other tests that use SSL_set1_groups_list to do a
similar thing and fail in a similar way.

Additionally, there is another test in test_evp whose failure I don't quite
understand. The test involves calling EVP_PKEY_derive() with the
ALICE_zero_secp112r2 and BOB_zero_secp112r2_PUB keys from
test/recipes/30-test_evp_data/evppkey_ecc.txt. It appears to have been
added by commit 5d92b853f6b875ba8d1a1b51b305f14df5adb8aa as a regression
test for a change to the GFp ladder algorithm.

The test failure looks like this:

# Starting "zero x-coord regression tests" tests at line 4536
# INFO:  @ test/evp_test.c:2320
# ../../test/recipes/30-test_evp_data/evppkey_ecc.txt:4670: Source of above
error; unexpected error DERIVE_ERROR
# 140441081306112:error:10102082:elliptic curve
routines:ec_key_simple_check_key:wrong order:crypto/ec/ec_key.c:382:

My question is: is there something invalid about adding this call to
EC_KEY_check_key() to pkey_ec_derive() or are these failures benign and
indications that the tests need to be changed? I'm particularly concerned
about the TLS 1.3 HRR tests as I want to make sure I haven't somehow broken
the TLS protocol.

FWIW, I see a similar check to the one I added in the DH shared secret
derivation codepath.

Thank you for any insight you can bring to bear!


-- 
*Patrick Jakubowski*

*Member of Technical Staff*
*___________________________________*
*Qumulo, Inc.*
*World's First Data-Aware Scale-Out NAS*

Twitter <https://twitter.com/qumulo?lang=en> /// LinkedIn
<https://www.linkedin.com/company/2533593?trk=tyah&trkInfo=idx%3A3-1-6%2CtarId%3A1426264780078%2Ctas%3Aqumul>
 /// Facebook <https://www.facebook.com/Qumulo> /// YouTube
<https://www.youtube.com/channel/UCe6kSaQmqlCzpNd-tWIP9pQ/feed>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201229/a67b13fe/attachment.html>

From ruria at zzircon.com  Wed Dec 30 07:30:04 2020
From: ruria at zzircon.com (=?UTF-8?B?UmHDumwgVXLDrWEgRWxpY2Vz?=)
Date: Wed, 30 Dec 2020 08:30:04 +0100
Subject: =?UTF-8?Q?Re=3a_Format_error_in_certificate=c2=b4s_notAfter_field?=
In-Reply-To: <328715c9-fe7b-de24-575e-ec2ff990fe4c@zzircon.com>
References: <efae1593-dce0-2af3-cd64-f4a5cb264116@zzircon.com>
 <6ccd25f5-7341-9b3c-df4e-ba24e7642dd9@openssl.org>
 <328715c9-fe7b-de24-575e-ec2ff990fe4c@zzircon.com>
Message-ID: <a97d7757-8198-5bf8-0dea-ccf5814c00ce@zzircon.com>

I'm sorry, but can't figure out which cert is the one with
serial=16005263760024127372. Getting certs from server (openssl s_client
-connect x.y.z.w:443 -showcerts) neither of two certs showed have this
serial number.

I asked on tunnelblick group, but no luck at the moment (
https://groups.google.com/g/tunnelblick-discuss/c/7xKiioIZw34 )



From jan.m.danielsson at gmail.com  Wed Dec 30 16:50:25 2020
From: jan.m.danielsson at gmail.com (Jan Danielsson)
Date: Wed, 30 Dec 2020 17:50:25 +0100
Subject: Using AES utilities in 3.0
In-Reply-To: <SN6PR03MB40618FDE4451039B4C8BB21DB0D80@SN6PR03MB4061.namprd03.prod.outlook.com>
References: <SN6PR03MB40618FDE4451039B4C8BB21DB0D80@SN6PR03MB4061.namprd03.prod.outlook.com>
Message-ID: <8ab726a7-2fa3-c528-44af-462d91c30c9f@gmail.com>

On 2020-12-29 19:29, Narayana, Sunil Kumar wrote:
>                 While migrating from 1.0.2 to 3.0 we observe that AES utility functions are deprecated in 3.0.
> Please suggest the equivalent replacements for these API that are been currently used by our application
> 
> AES_KEY --->    Structure declaration is also not visible to applications
> AES_decrypt
> AES_set_decrypt_key
> AES_set_encrypt_key
> AES_encrypt

   As you've noticed, you're not supposed to use the raw cryptographic
primitives -- applications should use the application interfaces
instead.  See https://wiki.openssl.org/index.php/EVP, or more
specifically
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

> Please suggest the corresponding manpage

   This is for 1.1.1, but I assume it's the same, or similar, in 3.0:

   evp(7)
   EVP_EncryptInit(3)

-- 
Kind Regards,
Jan

From patrick at qumulo.com  Thu Dec 31 22:12:25 2020
From: patrick at qumulo.com (Patrick Jakubowski)
Date: Thu, 31 Dec 2020 14:12:25 -0800
Subject: Failing unit tests after adding public key check to
 pkey_ec_derive()
In-Reply-To: <CAHE9VWs==FGDfOBtWuzTdKf=UD70uVR0D-qQ6=sqRcjd1LpWqw@mail.gmail.com>
References: <CAHE9VWs==FGDfOBtWuzTdKf=UD70uVR0D-qQ6=sqRcjd1LpWqw@mail.gmail.com>
Message-ID: <CAHE9VWt+7TYvhQFeDRQq2ajWgowx59q0=_g9ukD2Z-kLAbSXnA@mail.gmail.com>

After looking at the HRR issue a little bit deeper, I think I'm running
into an issue that was fixed by this commit (
166c0b98fd6e8b1bb341397642527a9396468f6c):

Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.

tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.

(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
(Merged from #9445)

Because the TLS 1.3 client was generating a key in order to set the
parameters prior to setting the public key, a stale private key was left
over that didn't match the public key that was retrieved from the server.
Applying this change to the OpenSSL 1.1.1 codebase fixed the
ec_key_simple_check_key:invalid private key issue.

I'm still a bit baffled by the issue in test_evp.

Patrick


On Tue, Dec 29, 2020 at 2:20 PM Patrick Jakubowski <patrick at qumulo.com>
wrote:

> Hi all,
>
> I've been tasked with making some modifications to OpenSSL 1.1.1 in order
> to bring it into compliance with FIPS 140-2. One of the items on the to-do
> list was to implement the required key agreement scheme assurances
> specified in NIST SP.800-56Ar3 Section 9. This involves performing some
> validation on the public key provided via the EVP_PKEY_derive() call.
>
> To that end, I backported this patch which purports to implement the
> required validation in EC_KEY_check_key():
>
> commit 5173cdde7d758824e6a07f2a6c6808b254602e11
> Author: Shane Lontis <shane.lontis at oracle.com>
> Date:   Sat Mar 23 13:12:08 2019 +1000
>
>     ec key validation checks updated
>
>     Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
>     Reviewed-by: Matt Caswell <matt at openssl.org>
>     (Merged from https://github.com/openssl/openssl/pull/8564)
>
> I then added a call to EC_KEY_check_key in pkey_ec_derive() to validate
> the public key, like so:
>
> diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
> index 5bee031b92..84d8eb5d95 100644
> --- a/crypto/ec/ec_pmeth.c
> +++ b/crypto/ec/ec_pmeth.c
> @@ -163,6 +163,14 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned
> char *key, size_t *keylen)
>
>      eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
>
> +    /*
> +     * Check the validity of the received public key as required by NIST
> +     * SP.800-56Ar3 Section 9
> +     */
> +    ret = EC_KEY_check_key(ctx->peerkey->pkey.ec);
> +    if (ret <= 0)
> +        return ret;
> +
>      if (!key) {
>          const EC_GROUP *group;
>          group = EC_KEY_get0_group(eckey);
>
> Adding this check causes several unexpected unit test failures, which I
> was hoping someone could help me with. The first category of failure seems
> to be with TLS 1.3 tests that exercise the HelloRetryRequest (HRR)
> functionality. Unfortunately, I'm not terribly familiar with the TLS
> protocol, so my understanding here is limited. It seems like the unit tests
> induce this HRR condition by calling SSL_set1_groups_list("P-256") while
> providing an RSA private key. I'm not exactly sure of the effect of this
> change, but here is an example test failure:
>
> ok 22 - test_early_data_skip
>     # Subtest: test_early_data_skip_hrr
>     1..3
>     # ERROR: (bool) 'SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)
> == true' failed @ test/sslapitest.c:2620
>     # false
>     # 139755660280960:error:1010207B:elliptic curve
> routines:ec_key_simple_check_key:invalid private key:crypto/ec/ec_key.c:406:
>     # 139755660280960:error:1424E044:SSL routines:ssl_derive:internal
> error:ssl/s3_lib.c:4781:
>     not ok 1 - iteration 1
>
> There are a couple of other tests that use SSL_set1_groups_list to do a
> similar thing and fail in a similar way.
>
> Additionally, there is another test in test_evp whose failure I don't
> quite understand. The test involves calling EVP_PKEY_derive() with the
> ALICE_zero_secp112r2 and BOB_zero_secp112r2_PUB keys from
> test/recipes/30-test_evp_data/evppkey_ecc.txt. It appears to have been
> added by commit 5d92b853f6b875ba8d1a1b51b305f14df5adb8aa as a regression
> test for a change to the GFp ladder algorithm.
>
> The test failure looks like this:
>
> # Starting "zero x-coord regression tests" tests at line 4536
> # INFO:  @ test/evp_test.c:2320
> # ../../test/recipes/30-test_evp_data/evppkey_ecc.txt:4670: Source of
> above error; unexpected error DERIVE_ERROR
> # 140441081306112:error:10102082:elliptic curve
> routines:ec_key_simple_check_key:wrong order:crypto/ec/ec_key.c:382:
>
> My question is: is there something invalid about adding this call to
> EC_KEY_check_key() to pkey_ec_derive() or are these failures benign and
> indications that the tests need to be changed? I'm particularly concerned
> about the TLS 1.3 HRR tests as I want to make sure I haven't somehow broken
> the TLS protocol.
>
> FWIW, I see a similar check to the one I added in the DH shared secret
> derivation codepath.
>
> Thank you for any insight you can bring to bear!
>
>
> --
> *Patrick Jakubowski*
>
> *Member of Technical Staff*
> *___________________________________*
> *Qumulo, Inc.*
> *World's First Data-Aware Scale-Out NAS*
>
> Twitter <https://twitter.com/qumulo?lang=en> /// LinkedIn
> <https://www.linkedin.com/company/2533593?trk=tyah&trkInfo=idx%3A3-1-6%2CtarId%3A1426264780078%2Ctas%3Aqumul>
>  /// Facebook <https://www.facebook.com/Qumulo> /// YouTube
> <https://www.youtube.com/channel/UCe6kSaQmqlCzpNd-tWIP9pQ/feed>
>


-- 
*Patrick Jakubowski*

*Member of Technical Staff*
*___________________________________*
*Qumulo, Inc.*
*World's First Data-Aware Scale-Out NAS*

Twitter <https://twitter.com/qumulo?lang=en> /// LinkedIn
<https://www.linkedin.com/company/2533593?trk=tyah&trkInfo=idx%3A3-1-6%2CtarId%3A1426264780078%2Ctas%3Aqumul>
 /// Facebook <https://www.facebook.com/Qumulo> /// YouTube
<https://www.youtube.com/channel/UCe6kSaQmqlCzpNd-tWIP9pQ/feed>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201231/6d94852a/attachment.html>