From om at integral.be Mon Aug 2 10:10:11 2021 From: om at integral.be (Olivier Mascia) Date: Mon, 2 Aug 2021 12:10:11 +0200 Subject: OpenSSL Beta 2, report of successful migration Message-ID: <8EC1CE2F-637F-478E-B37F-1B6C613B12D3@integral.be> Hello, Just wanted to report that our private code update to move on from OpenSSL 1.1.1 to 3.0 Beta 2 is successful. It revolved around replacing some code still using RSA_ apis directly by proper EVP_PKEY_ apis, and some other minor details. Nothing too fancy after some effort understanding the new recipes. On the side of SSL communications, we have found *nothing* to update in our code, and though deep testing is still ongoing for some days, there are apparently no side-effects. Of course our use-case exercises only a very partial set of the whole toolkit. But as people generally only report problems, I thought like reporting success, for a change. I though have a question, regarding Windows binaries. (We build our own for x86/amd64 using the documented procedure, the compilers installed are Visual Studio 2019, with latest updates). I take it (might be wrong, because the build scripts are complex to me) that the naming convention of binaries for OpenSSL 3 on Windows platform is like this: libcrypto-3.dll (and libssl-3.dll) for the 32 bits (release) builds libcrypto-3-x64.dll (and libssl-3-x64.dll) for the 64 bits (release) builds Is this naming convention intended to be stable over the 3.x life? Or would it change for things like libcrypto-3.1.dll (or the like) with releases like 3.1.x? __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, Olivier Mascia From angus at magsys.co.uk Mon Aug 2 10:43:00 2021 From: angus at magsys.co.uk (Angus Robertson - Magenta Systems Ltd) Date: Mon, 2 Aug 2021 11:43 +0100 (BST) Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: <8EC1CE2F-637F-478E-B37F-1B6C613B12D3@integral.be> Message-ID: > Just wanted to report that our private code update to move on > from OpenSSL 1.1.1 to 3.0 Beta 2 is successful. Likewise, I've updated our Windows code to use 3.0 easily, been running one public web server for three weeks. Only frustration has been the change of PKCS12 password encryption to AES256 from 3DES, since Microsoft only added AES256 support in October 2017 and older versions of Windows can only install PKCS12 3DES encrypted files, which requires the OpenSSL 3.0 legacy provider to be loaded. I believe the earliest versions of Windows to support AES256 are Windows Server 2016 v1709 and Windows 10 v1709. Also the legacy.dll does not load automatically from the same path as the main DLLs, but needs OSSL_PROVIDER_set_default_search_path to be set first. Not looked at replacing low level RSA and EC APIs yet. Angus From om at integral.be Mon Aug 2 11:00:00 2021 From: om at integral.be (Olivier Mascia) Date: Mon, 2 Aug 2021 13:00:00 +0200 Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: References: Message-ID: > Likewise, I've updated our Windows code to use 3.0 easily, been running > one public web server for three weeks. > ... > Not looked at replacing low level RSA and EC APIs yet. We forced ourselves down that path because we had an internal policy to only build OpenSSL toolkit with 'no-deprecated' at Configure step and didn't want to relax that for 3.0 :) __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, Olivier Mascia -------------- next part -------------- An HTML attachment was scrubbed... URL: From angus at magsys.co.uk Mon Aug 2 11:52:00 2021 From: angus at magsys.co.uk (Angus Robertson - Magenta Systems Ltd) Date: Mon, 2 Aug 2021 12:52 +0100 (BST) Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: Message-ID: > > Not looked at replacing low level RSA and EC APIs yet. > > We forced ourselves down that path because we had an internal > policy to only build OpenSSL toolkit with 'no-deprecated' Know I have to do it, but only really use low level stuff to build Json Web Keys, and the EC keys I build for signing seen incompatible with some servers, so really needs deeper investigation. Angus From pauli at openssl.org Mon Aug 2 12:11:12 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Mon, 2 Aug 2021 22:11:12 +1000 Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: <8EC1CE2F-637F-478E-B37F-1B6C613B12D3@integral.be> References: <8EC1CE2F-637F-478E-B37F-1B6C613B12D3@integral.be> Message-ID: <0a61d20b-6dc6-e641-a3ef-5f89c5206382@openssl.org> Thanks! The OpenSSL team has wondered how many people were trying out 3.0 during the beta period without any way of knowing for sure.? That you've had what seems like a fairly smooth transition is wonderful. Pauli On 2/8/21 8:10 pm, Olivier Mascia via openssl-users wrote: > Hello, > > Just wanted to report that our private code update to move on from OpenSSL 1.1.1 to 3.0 Beta 2 is successful. > It revolved around replacing some code still using RSA_ apis directly by proper EVP_PKEY_ apis, and some other minor details. Nothing too fancy after some effort understanding the new recipes. > > On the side of SSL communications, we have found *nothing* to update in our code, and though deep testing is still ongoing for some days, there are apparently no side-effects. Of course our use-case exercises only a very partial set of the whole toolkit. But as people generally only report problems, I thought like reporting success, for a change. > > I though have a question, regarding Windows binaries. > (We build our own for x86/amd64 using the documented procedure, the compilers installed are Visual Studio 2019, with latest updates). > > I take it (might be wrong, because the build scripts are complex to me) that the naming convention of binaries for OpenSSL 3 on Windows platform is like this: > > libcrypto-3.dll (and libssl-3.dll) for the 32 bits (release) builds > libcrypto-3-x64.dll (and libssl-3-x64.dll) for the 64 bits (release) builds > > Is this naming convention intended to be stable over the 3.x life? Or would it change for things like libcrypto-3.1.dll (or the like) with releases like 3.1.x? > > __ > Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, > Olivier Mascia > > From om at integral.be Mon Aug 2 12:17:48 2021 From: om at integral.be (Olivier Mascia) Date: Mon, 2 Aug 2021 14:17:48 +0200 Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: References: Message-ID: > Know I have to do it, but only really use low level stuff to build Json > Web Keys, and the EC keys I build for signing seen incompatible with > some servers, so really needs deeper investigation. For JWS signing in relation to Letsencrypt (my use case for this - mKey is a RSA keypair in EVP_PKEY*): EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr); EVP_PKEY_sign_init(ctx); EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING); EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); EVP_PKEY_sign(ctx, nullptr, ... // to check the result length EVP_PKEY_sign(ctx, signature, ... // to sign and retrieve the signature EVP_PKEY_CTX_free(ctx); Looks good in our testings (I mean it works, as much as Letsencrypt does not bite and deliver our certificates). __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, Olivier Mascia From om at integral.be Mon Aug 2 12:22:16 2021 From: om at integral.be (Olivier Mascia) Date: Mon, 2 Aug 2021 14:22:16 +0200 Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: <0a61d20b-6dc6-e641-a3ef-5f89c5206382@openssl.org> References: <8EC1CE2F-637F-478E-B37F-1B6C613B12D3@integral.be> <0a61d20b-6dc6-e641-a3ef-5f89c5206382@openssl.org> Message-ID: <077A6A2D-A852-4206-A500-7A8EDFE31EE8@integral.be> > The OpenSSL team has wondered how many people were trying out 3.0 during the beta period without any way of knowing for sure. That you've had what seems like a fairly smooth transition is wonderful. It obviously solely has to do with the huge amount of quality work people contributing to OpenSSL have put into 3.0 codebase. ? __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, Olivier Mascia From om at integral.be Mon Aug 2 12:29:33 2021 From: om at integral.be (Olivier Mascia) Date: Mon, 2 Aug 2021 14:29:33 +0200 Subject: OpenSSL 3.x binaries naming convention (on Windows) Message-ID: <6E25FFE9-2F52-4F8E-9786-15BD9027BDC5@integral.be> [This is a partial repost from another topic] I have a question, regarding Windows binaries. (We build our own for x86/amd64 using the documented procedure, the compilers installed are Visual Studio 2019, with latest updates). I take it (might be wrong, because the build scripts are complex to me) that the naming convention of binaries for OpenSSL 3 on Windows platform is like this: libcrypto-3.dll (and libssl-3.dll) for the 32 bits (release) builds libcrypto-3-x64.dll (and libssl-3-x64.dll) for the 64 bits (release) builds Is this naming convention intended to be stable over the 3.x life? Or would it change for things like libcrypto-3.1.dll (or the like) with releases like 3.1.x? __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Gr??en, Olivier Mascia From angus at magsys.co.uk Mon Aug 2 13:18:00 2021 From: angus at magsys.co.uk (Angus Robertson - Magenta Systems Ltd) Date: Mon, 2 Aug 2021 14:18 +0100 (BST) Subject: OpenSSL Beta 2, report of successful migration In-Reply-To: Message-ID: > For JWS signing in relation to Letsencrypt (my use case for this > - mKey is a RSA keypair in EVP_PKEY*): My RSA signing is accepted fine by Let's Encrypt, it's trying to use ECDSA keys that fails, despite OpenSSL verifying my JWS signing as ok. Failed to Create Account: urn:ietf:params:acme:error:malformed, JWS verification error But since RSA works, not spent much time looking at it. Angus From lee.hamel at protonmail.com Mon Aug 2 21:56:41 2021 From: lee.hamel at protonmail.com (Lee Hamel) Date: Mon, 02 Aug 2021 21:56:41 +0000 Subject: enable/disable algorithms at build time Message-ID: <-SIzOmJhZGD_LxtDvu4rAeqlLS0-ieoulu4EDf_RCxUSAALMWaQT-zWnmQgHuJRKJDzS0rTL_ybX-SfQYz0CG_uh9YOuZLZEel0Q3Ipp7As=@protonmail.com> I want to reduce the size of EDK2 CryptoPkg by enabling, at build time, only the OpenSSL algorithms I want supported in my code. Is this possible via a configuration mechanism? I can't find anything in documentation. Does this violate the GPL license? Thanks.Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From dclarke at blastwave.org Tue Aug 3 15:26:55 2021 From: dclarke at blastwave.org (Dennis Clarke) Date: Tue, 3 Aug 2021 11:26:55 -0400 Subject: OpenSSL beta testing on Solaris and z/OS Message-ID: >From another thread : > > The OpenSSL team has wondered how many people were trying out 3.0 > during the beta period without any way of knowing for sure. > If your curious about the old legacy Solaris 10 on reasonably new Fujitsu SPARC64 then I can tell you nearly everything "just works". A few tests fail and we may as well list them : Test Summary Report ------------------- 03-test_internal_modes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 61-test_bio_prefix.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_ige.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=239, Tests=2815, 7127 wallclock secs (18.23 usr 2.34 sys + 6784.88 cusr 151.77 csys = 6957.22 CPU) Result: FAIL A pile of tweaks were required to get to this point and mostly trivial items such as the perl scripts and the Configuration of course. I did go with a debug build and I adjusted the CFLAGS quite a bit. When I have some data from z/OS then I will bring that also. At this time I really do understand that no one within the OpenSSL dev team has access to such machines and operating systems. Saying that they are very strict is an understatement. However code that compiles on them and passes tests is generally very highly portable and will run anywhere. Embedded devices and tight memory constraints are a separate problem. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional From dirkx at webweaving.org Wed Aug 4 23:09:52 2021 From: dirkx at webweaving.org (Dirk-Willem van Gulik) Date: Thu, 5 Aug 2021 01:09:52 +0200 Subject: CMS_sign/CMS_final streaming Message-ID: <30AE5D36-C77B-47E5-B77E-5EE753F2FE04@webweaving.org> I have very large globs of on the fly generated data that are to be signed and output as a base64 payload followed by a separate PKCS#7 package with a detached signature at the end of the transmission[1]. I?d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(), disk-storage or similar. But rather simply do something like calculating the SHA256 as the payload is streamed out. And then have a CMS_sign/final do the deed with that SHA256 rather than a BIO. Is there a way to use these interfaces (or ex) that way ? With kind regards, Dw 1: https://source.redwax.eu/svn/redwax/rs/mod_cms_sign/trunk/mod_cms_sign.c From mcr at sandelman.ca Thu Aug 5 00:54:08 2021 From: mcr at sandelman.ca (Michael Richardson) Date: Wed, 04 Aug 2021 20:54:08 -0400 Subject: CMS_sign/CMS_final streaming In-Reply-To: <30AE5D36-C77B-47E5-B77E-5EE753F2FE04@webweaving.org> References: <30AE5D36-C77B-47E5-B77E-5EE753F2FE04@webweaving.org> Message-ID: <12034.1628124848@localhost> Dirk-Willem van Gulik wrote: > I have very large globs of on the fly generated data that are to be > signed and output as a base64 payload followed by a separate PKCS#7 > package with a detached signature at the end of the transmission[1]. > I?d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(), > disk-storage or similar. > But rather simply do something like calculating the SHA256 as the > payload is streamed out. And then have a CMS_sign/final do the deed > with that SHA256 rather than a BIO. My understanding from reading the CMS man pages is that it is done by providing a NULL value for the content. I haven't done this myself, but encountered the hints at, for instance: https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html I'd go look in the tests directory for some code that calls CMS_final(), and maybe that will provide a workable example for you. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: From pauli at openssl.org Thu Aug 5 00:55:13 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Thu, 5 Aug 2021 10:55:13 +1000 Subject: OpenSSL beta testing on Solaris and z/OS In-Reply-To: References: Message-ID: <1bc839aa-aaf1-ca81-aaea-334702a84adb@openssl.org> Dennis, Thanks for the information.? Solaris and z/OS are not tested by the project, so it's good to know they aren't too far from working out of the box. We would definitely be interested in a pull request with your fixes at some stage -- post 3.0 since it's almost certainly too late now. Paul Dale On 4/8/21 1:26 am, Dennis Clarke wrote: > From another thread : >> The OpenSSL team has wondered how many people were trying out 3.0 >> during the beta period without any way of knowing for sure. >> > > If your curious about the old legacy Solaris 10 on reasonably new > Fujitsu SPARC64 then I can tell you nearly everything "just works". A > few tests fail and we may as well list them : > > > Test Summary Report > ------------------- > 03-test_internal_modes.t (Wstat: 256 Tests: 1 Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > 61-test_bio_prefix.t (Wstat: 512 Tests: 4 Failed: 2) > Failed tests: 1, 3 > Non-zero exit status: 2 > 90-test_ige.t (Wstat: 256 Tests: 1 Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > Files=239, Tests=2815, 7127 wallclock secs (18.23 usr 2.34 sys + > 6784.88 cusr 151.77 csys = 6957.22 CPU) > Result: FAIL > > A pile of tweaks were required to get to this point and mostly trivial > items such as the perl scripts and the Configuration of course. I did > go with a debug build and I adjusted the CFLAGS quite a bit. When I have > some data from z/OS then I will bring that also. At this time I really > do understand that no one within the OpenSSL dev team has access to such > machines and operating systems. Saying that they are very strict is an > understatement. However code that compiles on them and passes tests is > generally very highly portable and will run anywhere. Embedded devices > and tight memory constraints are a separate problem. > > From dirkx at webweaving.org Thu Aug 5 11:09:24 2021 From: dirkx at webweaving.org (Dirk-Willem van Gulik) Date: Thu, 5 Aug 2021 13:09:24 +0200 Subject: CMS_sign/CMS_final streaming In-Reply-To: <12034.1628124848@localhost> References: <30AE5D36-C77B-47E5-B77E-5EE753F2FE04@webweaving.org> <12034.1628124848@localhost> Message-ID: > On 5 Aug 2021, at 02:54, Michael Richardson wrote: > > > Dirk-Willem van Gulik wrote: >> I have very large globs of on the fly generated data that are to be >> signed and output as a base64 payload followed by a separate PKCS#7 >> package with a detached signature at the end of the transmission[1]. > >> I?d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(), >> disk-storage or similar. > >> But rather simply do something like calculating the SHA256 as the >> payload is streamed out. And then have a CMS_sign/final do the deed >> with that SHA256 rather than a BIO. > > My understanding from reading the CMS man pages is that it is done by > providing a NULL value for the content. I haven't done this myself, but > encountered the hints at, for instance: > https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html > > I'd go look in the tests directory for some code that calls CMS_final(), and > maybe that will provide a workable example for you. That is what I had expected - but as far as I can trace it - all called end up going through cms_DigestedData_do_final() that contains a EVP_DigestFinal_ex(). :(. Dw -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: From kgoldman at us.ibm.com Thu Aug 5 21:59:59 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 5 Aug 2021 17:59:59 -0400 Subject: openssl 3.0 genpkey Message-ID: Should these be posted here or as github issues? (May be user error) 1 openssl genpkey -algorithm rsa -outform der -out key.der -quiet returns: genpkey: Option -quiet needs a value But the docs don't indicate that a value is needed. 2 openssl genpkey -algorithm rsa -outform der -out key.der -text Docs say that the unencrypted key should be printed, but it isn't. 3 openssl genpkey .... -cipher des3 returns: genpkey: Use -help for summary. I tried other values for -cipher but none worked 4 -aes-128-cbc works but is not documented From pauli at openssl.org Thu Aug 5 22:43:57 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Fri, 6 Aug 2021 08:43:57 +1000 Subject: openssl 3.0 genpkey In-Reply-To: References: Message-ID: <4adf016b-13d3-2ff2-8220-0ffb3d8b6d87@openssl.org> GitHub issues would be better.? They are harder to missing accidentally. Pauli On 6/8/21 7:59 am, Ken Goldman wrote: > Should these be posted here or as github issues?? (May be user error) > > 1 > > openssl genpkey -algorithm rsa -outform der -out key.der -quiet > > returns: > > genpkey: Option -quiet needs a value > > But the docs don't indicate that a value is needed. > > 2 > > openssl genpkey -algorithm rsa -outform der -out key.der -text > > Docs say that the unencrypted key should be printed, but it isn't. > > 3 > > openssl genpkey .... -cipher des3 > > returns: > > genpkey: Use -help for summary. > > I tried other values for -cipher but none worked > > 4 > > -aes-128-cbc works but is not documented > > From pauli at openssl.org Thu Aug 5 22:47:49 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Fri, 6 Aug 2021 08:47:49 +1000 Subject: openssl 3.0 genpkey In-Reply-To: References: Message-ID: Ken, I've created issue #16238 for these.? Any chance you could add version information or other useful tidbits? Thanks, Pauli On 6/8/21 7:59 am, Ken Goldman wrote: > Should these be posted here or as github issues?? (May be user error) > > 1 > > openssl genpkey -algorithm rsa -outform der -out key.der -quiet > > returns: > > genpkey: Option -quiet needs a value > > But the docs don't indicate that a value is needed. > > 2 > > openssl genpkey -algorithm rsa -outform der -out key.der -text > > Docs say that the unencrypted key should be printed, but it isn't. > > 3 > > openssl genpkey .... -cipher des3 > > returns: > > genpkey: Use -help for summary. > > I tried other values for -cipher but none worked > > 4 > > -aes-128-cbc works but is not documented > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Fri Aug 6 17:11:48 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 6 Aug 2021 13:11:48 -0400 Subject: openssl 3.0 - id2_x509() now fails Message-ID: I have an application where I have to create a partial x509 certificate. It gets sent to an HSM, which fills in the public key and signs it. I was calling X509_new X509_set_version X509_set_issuer_name X509_get_notBefore X509_get_notAfter X509_set_subject_name X509_EXTENSION_create_by_OBJ and then i2d_x509 to send the serialized partial certificate to the HSM. This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. In debugging, even this fails. X509_new i2d_x509 Suggestions? From Nestor.Melo at zpesystems.com Fri Aug 6 19:12:57 2021 From: Nestor.Melo at zpesystems.com (Nestor Melo) Date: Fri, 6 Aug 2021 19:12:57 +0000 Subject: Public key from TSS2 private key with OpenSSL 3.0.0-beta2 Message-ID: Greetings, We use a TPM2 device to generate private keys with tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine While attempting to extract the public key from a TSS2 private key using OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format not supported": openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout -outform PEM -out pubkey.pem Engine "tpm2tss" set. writing RSA key PEM format not supported Although it is recommended to use providers instead of engines with OpenSSL 3.0.0, are engines still supported? Should the above operation be expected to work? Here is an example of a private key was generated with tpm2-tss-engine's tpm2tss-genkey: -----BEGIN TSS2 PRIVATE KEY----- MIIB8gYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA AQEAmT8O+ikRX5eTRUsDXrBAephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUE sEDfgTNtldmc3nxPmJBxeAzIQrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQ yR+t36GaOBY+S4Bc0DC0KhSoFakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90c ere/o20QpNvb7mw/kwvoTSzsyQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7z x5hhc5Uf5EbFtxeWaT2HTfs0h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyo SqhsmZ+9hvkUWylDYiXfm24TUwSBwAC+ACDJpk4p0h4Q3UEtwph3oNy5xR7hya4S XHqabuThC+xX1AAQDTukmp9lruULdnZALN1Lyw1AMw+7F2BBx786jjOmg9rX+umB ffGZSs187UAjmfe98XUk9oNsZkgB7HEsDRIOXoET+9R0KI48whV3Z/Kwag+UmErL KRTOl5zEUenbQi8/CBDVpuxKMyKl6tYc38iNh2rA8Eju9tv+x6kPv/5/JxmXSpgQ rCSHxBQFxnnITejU/RMqCHMZpCly2A== -----END TSS2 PRIVATE KEY----- If I use instead the TPM2 provider tpm2-openssl https://github.com/tpm2-software/tpm2-openssl the command openssl rsa -provider tpm2 -in privkey.pem -pubout -outform PEM -out pubkey.pem works, producing: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8O+ikRX5eTRUsDXrBA ephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUEsEDfgTNtldmc3nxPmJBxeAzI QrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQyR+t36GaOBY+S4Bc0DC0KhSo FakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90cere/o20QpNvb7mw/kwvoTSzs yQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0 h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T UwIDAQAB -----END PUBLIC KEY----- Thank you, Nestor Melo -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Fri Aug 6 19:21:23 2021 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Fri, 6 Aug 2021 21:21:23 +0200 Subject: Public key from TSS2 private key with OpenSSL 3.0.0-beta2 In-Reply-To: References: Message-ID: Dear Nestor, Could you please fill an issue on GitHub? It's much simpler for us to follow the issues there. On Fri, Aug 6, 2021 at 9:13 PM Nestor Melo wrote: > Greetings, > > > We use a TPM2 device to generate private keys with tpm2-tss-engine: > https://github.com/tpm2-software/tpm2-tss-engine > > While attempting to extract the public key from a TSS2 private key using > OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format > not supported": > > openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout > -outform PEM -out pubkey.pem > Engine "tpm2tss" set. > writing RSA key > PEM format not supported > > Although it is recommended to use providers instead of engines with > OpenSSL 3.0.0, are engines still supported? Should the above operation be > expected to work? > > Here is an example of a private key was generated with tpm2-tss-engine's > tpm2tss-genkey: > -----BEGIN TSS2 PRIVATE KEY----- > MIIB8gYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA > AQEAmT8O+ikRX5eTRUsDXrBAephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUE > sEDfgTNtldmc3nxPmJBxeAzIQrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQ > yR+t36GaOBY+S4Bc0DC0KhSoFakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90c > ere/o20QpNvb7mw/kwvoTSzsyQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7z > x5hhc5Uf5EbFtxeWaT2HTfs0h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyo > SqhsmZ+9hvkUWylDYiXfm24TUwSBwAC+ACDJpk4p0h4Q3UEtwph3oNy5xR7hya4S > XHqabuThC+xX1AAQDTukmp9lruULdnZALN1Lyw1AMw+7F2BBx786jjOmg9rX+umB > ffGZSs187UAjmfe98XUk9oNsZkgB7HEsDRIOXoET+9R0KI48whV3Z/Kwag+UmErL > KRTOl5zEUenbQi8/CBDVpuxKMyKl6tYc38iNh2rA8Eju9tv+x6kPv/5/JxmXSpgQ > rCSHxBQFxnnITejU/RMqCHMZpCly2A== > -----END TSS2 PRIVATE KEY----- > > If I use instead the TPM2 provider tpm2-openssl > https://github.com/tpm2-software/tpm2-openssl > > the command > openssl rsa -provider tpm2 -in privkey.pem -pubout -outform PEM -out > pubkey.pem > > works, producing: > -----BEGIN PUBLIC KEY----- > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8O+ikRX5eTRUsDXrBA > ephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUEsEDfgTNtldmc3nxPmJBxeAzI > QrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQyR+t36GaOBY+S4Bc0DC0KhSo > FakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90cere/o20QpNvb7mw/kwvoTSzs > yQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0 > h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T > UwIDAQAB > -----END PUBLIC KEY----- > > > Thank you, > > Nestor Melo > > > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nestor.Melo at zpesystems.com Fri Aug 6 20:23:26 2021 From: Nestor.Melo at zpesystems.com (Nestor Melo) Date: Fri, 6 Aug 2021 20:23:26 +0000 Subject: Public key from TSS2 private key with OpenSSL 3.0.0-beta2 In-Reply-To: References: , Message-ID: Dear Dmitry, I just submitted a new issue, #16256. Thank you, Nestor Melo ________________________________ From: Dmitry Belyavsky Sent: Friday, August 6, 2021 12:21 PM To: Nestor Melo Cc: openssl-users at openssl.org Subject: Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2 Dear Nestor, Could you please fill an issue on GitHub? It's much simpler for us to follow the issues there. On Fri, Aug 6, 2021 at 9:13 PM Nestor Melo > wrote: Greetings, We use a TPM2 device to generate private keys with tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine While attempting to extract the public key from a TSS2 private key using OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format not supported": openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout -outform PEM -out pubkey.pem Engine "tpm2tss" set. writing RSA key PEM format not supported Although it is recommended to use providers instead of engines with OpenSSL 3.0.0, are engines still supported? Should the above operation be expected to work? Here is an example of a private key was generated with tpm2-tss-engine's tpm2tss-genkey: -----BEGIN TSS2 PRIVATE KEY----- MIIB8gYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA AQEAmT8O+ikRX5eTRUsDXrBAephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUE sEDfgTNtldmc3nxPmJBxeAzIQrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQ yR+t36GaOBY+S4Bc0DC0KhSoFakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90c ere/o20QpNvb7mw/kwvoTSzsyQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7z x5hhc5Uf5EbFtxeWaT2HTfs0h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyo SqhsmZ+9hvkUWylDYiXfm24TUwSBwAC+ACDJpk4p0h4Q3UEtwph3oNy5xR7hya4S XHqabuThC+xX1AAQDTukmp9lruULdnZALN1Lyw1AMw+7F2BBx786jjOmg9rX+umB ffGZSs187UAjmfe98XUk9oNsZkgB7HEsDRIOXoET+9R0KI48whV3Z/Kwag+UmErL KRTOl5zEUenbQi8/CBDVpuxKMyKl6tYc38iNh2rA8Eju9tv+x6kPv/5/JxmXSpgQ rCSHxBQFxnnITejU/RMqCHMZpCly2A== -----END TSS2 PRIVATE KEY----- If I use instead the TPM2 provider tpm2-openssl https://github.com/tpm2-software/tpm2-openssl the command openssl rsa -provider tpm2 -in privkey.pem -pubout -outform PEM -out pubkey.pem works, producing: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8O+ikRX5eTRUsDXrBA ephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUEsEDfgTNtldmc3nxPmJBxeAzI QrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQyR+t36GaOBY+S4Bc0DC0KhSo FakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90cere/o20QpNvb7mw/kwvoTSzs yQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0 h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T UwIDAQAB -----END PUBLIC KEY----- Thank you, Nestor Melo -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Fri Aug 6 22:06:27 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 6 Aug 2021 18:06:27 -0400 Subject: openssl 3.0 - id2_x509() now fails In-Reply-To: References: Message-ID: On 8/6/2021 1:11 PM, Ken Goldman wrote: > I have an application where I have to create a partial x509 certificate.? It gets sent to an HSM, which fills in the public key and signs it. > > I was calling > > ????X509_new > ????X509_set_version > ????X509_set_issuer_name > ????X509_get_notBefore > ????X509_get_notAfter > ????X509_set_subject_name > ????X509_EXTENSION_create_by_OBJ > > and then > ????i2d_x509 > to send the serialized partial certificate to the HSM. > > This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. > > In debugging, even this fails. > > ????X509_new > ????i2d_x509 > > Suggestions? Following up, I found that just omitting the signature from the X509 structure causes i2d_x509 to fail. I tried i2d_re_X509_tbs(), but it also failed. From reinier.torenbeek at gmail.com Mon Aug 9 01:52:29 2021 From: reinier.torenbeek at gmail.com (Reinier Torenbeek) Date: Sun, 8 Aug 2021 22:52:29 -0300 Subject: Several _METHOD structs not marked as deprecated in 3.0.0-beta2 Message-ID: Hi, While checking out the 3.0.0-beta2 release, I noticed that several of the _METHOD structs are not marked as deprecated. With the introduction of the provider mechanism, they don't seem relevant anymore. Is there a reason for this, or is it just an omission? For example, see DH_METHOD here: https://github.com/openssl/openssl/blob/9f551541e84eead1d42604b7d5e61885e8e34be0/include/openssl/types.h#L134-L135 Others I have seen are RAND_METHOD and EVP_PKEY_METHOD. Thanks, Reinier -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomas at openssl.org Mon Aug 9 07:50:52 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 09 Aug 2021 09:50:52 +0200 Subject: openssl 3.0 - id2_x509() now fails In-Reply-To: References: Message-ID: On Fri, 2021-08-06 at 18:06 -0400, Ken Goldman wrote: > On 8/6/2021 1:11 PM, Ken Goldman wrote: > > I have an application where I have to create a partial x509 > > certificate.? It gets sent to an HSM, which fills in the public key > > and signs it. > > > > I was calling > > > > ?????X509_new > > ?????X509_set_version > > ?????X509_set_issuer_name > > ?????X509_get_notBefore > > ?????X509_get_notAfter > > ?????X509_set_subject_name > > ?????X509_EXTENSION_create_by_OBJ > > > > and then > > ?????i2d_x509 > > to send the serialized partial certificate to the HSM. > > > > This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. > > > > In debugging, even this fails. > > > > ?????X509_new > > ?????i2d_x509 > > > > Suggestions? > > Following up, I found that just omitting the signature from the > X509 structure causes i2d_x509 to fail. > > I tried i2d_re_X509_tbs(), but it also failed. I am afraid with the current 3.0 codebase there are not many options how to workaround apart from either signing the certificate with a bogus key - if the HSM is able to re-sign such certificate. Another (more complicated) option would be to define your own ASN.1 X509 structure where the signature would be optional and thus the stricter encoder that is now in 3.0 codebase would allow encoding the incomplete certificate. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From kgoldman at us.ibm.com Mon Aug 9 13:48:18 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 9 Aug 2021 09:48:18 -0400 Subject: openssl 3.0 - id2_x509() now fails In-Reply-To: References: Message-ID: <25f353cc-997a-ceb8-2a46-f70534001b73@us.ibm.com> On 8/9/2021 3:50 AM, Tomas Mraz wrote: > On Fri, 2021-08-06 at 18:06 -0400, Ken Goldman wrote: >> On 8/6/2021 1:11 PM, Ken Goldman wrote: >>> I have an application where I have to create a partial x509 >>> certificate.? It gets sent to an HSM, which fills in the public key >>> and signs it. >>> >>> I was calling >>> >>> ?????X509_new >>> ?????X509_set_version >>> ?????X509_set_issuer_name >>> ?????X509_get_notBefore >>> ?????X509_get_notAfter >>> ?????X509_set_subject_name >>> ?????X509_EXTENSION_create_by_OBJ >>> >>> and then >>> ?????i2d_x509 >>> to send the serialized partial certificate to the HSM. >>> >>> This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. >>> >>> In debugging, even this fails. >>> >>> ?????X509_new >>> ?????i2d_x509 >>> >>> Suggestions? >> >> Following up, I found that just omitting the signature from the >> X509 structure causes i2d_x509 to fail. >> >> I tried i2d_re_X509_tbs(), but it also failed. > > I am afraid with the current 3.0 codebase there are not many options > how to workaround apart from either signing the certificate with a > bogus key - if the HSM is able to re-sign such certificate. My hope is that the maintainers will revert this change. Perhaps they can write a new variant of i2d_x509 that requires the full certificate rather than change the existing API. The i2d__re_x509_tbs() API seems promising (tbs is 'to be signed'), but it apparently is strict on what data must be there. The HSM (TPM, ISO 11889) cannot change. It expects a partial certificate. It's API is already defined. > Another (more complicated) option would be to define your own ASN.1 > X509 structure where the signature would be optional and thus the > stricter encoder that is now in 3.0 codebase would allow encoding the > incomplete certificate. If you can post some hints on how to do this, I'll try it. My alternative is to write the asn1 code from scratch, but I know how fragile that will be. From tomas at openssl.org Mon Aug 9 14:12:13 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 09 Aug 2021 16:12:13 +0200 Subject: openssl 3.0 - id2_x509() now fails In-Reply-To: <25f353cc-997a-ceb8-2a46-f70534001b73@us.ibm.com> References: <25f353cc-997a-ceb8-2a46-f70534001b73@us.ibm.com> Message-ID: <58e5ace3cae203de618454c4f413122c4ad21e66.camel@openssl.org> On Mon, 2021-08-09 at 09:48 -0400, Ken Goldman wrote: > On 8/9/2021 3:50 AM, Tomas Mraz wrote: > > On Fri, 2021-08-06 at 18:06 -0400, Ken Goldman wrote: > > > On 8/6/2021 1:11 PM, Ken Goldman wrote: > > > > I have an application where I have to create a partial x509 > > > > certificate.? It gets sent to an HSM, which fills in the public > > > > key > > > > and signs it. > > > > > > > > I was calling > > > > > > > > ??????X509_new > > > > ??????X509_set_version > > > > ??????X509_set_issuer_name > > > > ??????X509_get_notBefore > > > > ??????X509_get_notAfter > > > > ??????X509_set_subject_name > > > > ??????X509_EXTENSION_create_by_OBJ > > > > > > > > and then > > > > ??????i2d_x509 > > > > to send the serialized partial certificate to the HSM. > > > > > > > > This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. > > > > > > > > In debugging, even this fails. > > > > > > > > ??????X509_new > > > > ??????i2d_x509 > > > > > > > > Suggestions? > > > > > > Following up, I found that just omitting the signature from the > > > X509 structure causes i2d_x509 to fail. > > > > > > I tried i2d_re_X509_tbs(), but it also failed. > > > > I am afraid with the current 3.0 codebase there are not many > > options > > how to workaround apart from either signing the certificate with a > > bogus key - if the HSM is able to re-sign such certificate. > > My hope is that the maintainers will revert this change.? Perhaps > they can write a new variant of i2d_x509 that requires the full > certificate rather than change the existing API. > > The i2d__re_x509_tbs() API seems promising (tbs is 'to be signed'), > but it apparently is strict on what data must be there. > > The HSM (TPM, ISO 11889) cannot change.? It expects a > partial certificate.? It's API is already defined. > > > Another (more complicated) option would be to define your own ASN.1 > > X509 structure where the signature would be optional and thus the > > stricter encoder that is now in 3.0 codebase would allow encoding > > the > > incomplete certificate. > > If you can post some hints on how to do this, I'll try it. > > My alternative is to write the asn1 code from scratch, but I know > how fragile that will be. Why would you write asn1 code from scratch when OpenSSL has all the APIs needed to create any ASN.1 structure. Look at the crypto/x509/x_x509.c and make the signature optional. Of course you would not be able to use the X509_set/get functions and would have to also copy the X509_CINF definition. Which makes the workaround quite complicated anyway. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From reinier.torenbeek at gmail.com Tue Aug 10 00:49:48 2021 From: reinier.torenbeek at gmail.com (Reinier Torenbeek) Date: Mon, 9 Aug 2021 21:49:48 -0300 Subject: Several _METHOD structs not marked as deprecated in 3.0.0-beta2 In-Reply-To: References: Message-ID: Hi, This seems to be an oversight so I created issue #16272: Several legacy structs are not marked as deprecated . Reinier On Sun, Aug 8, 2021 at 10:52 PM Reinier Torenbeek < reinier.torenbeek at gmail.com> wrote: > Hi, > > While checking out the 3.0.0-beta2 release, I noticed that several of the > _METHOD structs are not marked as deprecated. With the introduction of the > provider mechanism, they don't seem relevant anymore. Is there a reason for > this, or is it just an omission? > > For example, see DH_METHOD here: > https://github.com/openssl/openssl/blob/9f551541e84eead1d42604b7d5e61885e8e34be0/include/openssl/types.h#L134-L135 > Others I have seen are RAND_METHOD and EVP_PKEY_METHOD. > > Thanks, > Reinier > -------------- next part -------------- An HTML attachment was scrubbed... URL: From samrobin at protonmail.com Tue Aug 10 12:30:08 2021 From: samrobin at protonmail.com (samrobin) Date: Tue, 10 Aug 2021 12:30:08 +0000 Subject: buffering/blocking in chained BIOs Message-ID: Hello, I am trying to implement the following chain: SSL BIO <-> cipher BIO <-> socket BIO (wrapped around a TCP socket()) There are two aspects of this setup that I can't find enough documentation on: the buffering aspect and the blocking/non-blocking aspect. buffering: When feeding data to the cipher BIO, we have to call BIO_flush() on the final chunk to let it pad it and send it off, how does this behave when I have a cipher BIO appended to an SSL BIO in a chain? I would be writing to the SSL BIO using BIO_write(). I.E. this setup would make both application and non-application data from the SSL connection to be encrypted through the cipher BIO. How would I make sure then, that the cipher BIO doesn't buffer up some critical [handshake non-application data] or some sent application data? Do I just call BIO_flush() after every BIO_write() I do to the SSL BIO? If I do that, will the added padding interfere with the SSL protocol talking to each other, since it is adding padding data? I assume the cipher BIO on the other end will be stripping that padded data off, am I right? Since the cipher BIO processes data from and to the SSL BIO this makes it even more complicated due to implicit non-application data being written/read by the SSL BIO. What happens if the cipher BIO buffers a bit of application data (because it is too few) and thus the SSL BIO on the other side assumes some error so it sends a response which is big enough to get through the cipher BIO, the SSL BIO then responds to that which makes the old buffered data go through, messing up the handshaking or whatever completely. How do you advice I should handle this? For the socket BIO wrapped around the TCP socket(), what happens if the underlying TCP socket dies or has a low throughput? Does the socket BIO buffer data fed into it until it can feed it down to the TCP socket? How much data can it buffer until it fills up? Is there some error value I can examine? Should I just give this chain up completely and use BIOs individually and setup dynamic heap buffers between them to handle any buffering behaviour? blocking: How do I determine if BIO_write()/BIO_read() on the SSL BIO are blocking here? Will any BIO down the chain block at any point? Why / Why not? Much thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mazhh at outlook.com Tue Aug 10 20:48:58 2021 From: mazhh at outlook.com (Ma Zhenhua) Date: Tue, 10 Aug 2021 20:48:58 +0000 Subject: In Openssl 1.1.1a, how can I force the TLS1.2 user to use the "rsa_pkcs_sha512" signature algorithm? Many thanks in advance. In-Reply-To: References: Message-ID: Hi team, In Openssl 1.1.1a, how can I force the TLS1.2 user to use the "rsa_pkcs_sha512" signature algorithm? Many thanks in advance. Regards, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sunil.Paramashivaiah at rbbn.com Wed Aug 11 07:16:52 2021 From: Sunil.Paramashivaiah at rbbn.com (Paramashivaiah, Sunil) Date: Wed, 11 Aug 2021 07:16:52 +0000 Subject: EVP_MAX_BLOCK_LENGTH Macro for upgrading application from openssl 1.0.2 to openssl 3.0 Message-ID: Hi All, In our application we are using MD5_CBLOCK, SHA_CBLOCK, SHA256_CBLOCK, SHA512_CBLOCK macros which are deprecated in openssl 3.0. We are trying upgrade our application from using openssl 1.0.2 to openssl 3.0. Can we use EVP_MAX_BLOCK_LENGTH to replace all these macros. Please suggest. Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Aug 11 08:46:29 2021 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Aug 2021 09:46:29 +0100 Subject: EVP_MAX_BLOCK_LENGTH Macro for upgrading application from openssl 1.0.2 to openssl 3.0 In-Reply-To: References: Message-ID: <8d63ad5f-dd48-6400-d4b7-a57150b1a8c9@openssl.org> On 11/08/2021 08:16, Paramashivaiah, Sunil wrote: > Hi All, > > In our application we are using? MD5_CBLOCK, SHA_CBLOCK, SHA256_CBLOCK, > SHA512_CBLOCK macros which are deprecated in openssl 3.0. > > ??????????????We are trying upgrade our application from using openssl > 1.0.2 to openssl 3.0. > > ?????????????Can we use EVP_MAX_BLOCK_LENGTH to replace all these > macros. Please suggest. No, these things are not equivalent. EVP_MAX_BLOCK_LENGTH is referring to the block size for ciphers. Why do you need the block size for the digests? You can query the block size for a given digest at runtime using EVP_MD_get_block_size(). Matt > > Thanks and Regards, > > Sunil > > > Notice: This e-mail together with any attachments may contain > information of Ribbon Communications Inc. and its Affiliates that is > confidential and/or proprietary for the sole use of the intended > recipient. Any review, disclosure, reliance or distribution by others or > forwarding without express permission is strictly prohibited. If you are > not the intended recipient, please notify the sender immediately and > then delete all copies, including any attachments. From keine-eile at e-mail.de Wed Aug 11 11:52:31 2021 From: keine-eile at e-mail.de (Keine Eile) Date: Wed, 11 Aug 2021 13:52:31 +0200 Subject: Deciphering a .p7f file Message-ID: <630dfc3f-05fb-fd89-6863-f14eab499477@e-mail.de> Hi list members, I have a .p7f in hands, which seems to be a DER encoded PKCS7 structure in some way, I can use 'openssl pkcs' to transform it in a PEM form, I also can pull a bunch of certificates out of it. But I know, there is some encrypted pay load in this file, which I can not decipher. What I have tried with openssl's rsautl and smime does not seem to work for me. May be someone of you can push me in the right direction, thanks! From jb-openssl at wisemo.com Wed Aug 11 13:49:59 2021 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Wed, 11 Aug 2021 15:49:59 +0200 Subject: Deciphering a .p7f file In-Reply-To: <630dfc3f-05fb-fd89-6863-f14eab499477@e-mail.de> References: <630dfc3f-05fb-fd89-6863-f14eab499477@e-mail.de> Message-ID: <3efefa68-361d-b0b3-5566-f1bb6d935216@wisemo.com> On 2021-08-11 13:52, Keine Eile wrote: > Hi list members, > > I have a .p7f in hands, which seems to be a DER encoded PKCS7 > structure in some way, I can use 'openssl pkcs' to transform it in a > PEM form, I also can pull a bunch of certificates out of it. But I > know, there is some encrypted pay load in this file, which I can not > decipher. What I have tried with openssl's rsautl and smime does not > seem to work for me. > > May be someone of you can push me in the right direction, thanks! Try the "openssl cms" command, or its older sibling "openssl smime" . Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From openssl-users at dukhovni.org Wed Aug 11 17:57:57 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 11 Aug 2021 13:57:57 -0400 Subject: In Openssl 1.1.1a, how can I force the TLS1.2 user to use the "rsa_pkcs_sha512" signature algorithm? Many thanks in advance. In-Reply-To: References: Message-ID: > On 10 Aug 2021, at 4:48 pm, Ma Zhenhua wrote: > > In Openssl 1.1.1a, how can I force the TLS1.2 user to use the "rsa_pkcs_sha512" signature algorithm? Many thanks in advance. Your question is not very specific. Please explain what you mean in more detail. -- Viktor. From dclarke at blastwave.org Thu Aug 12 00:35:01 2021 From: dclarke at blastwave.org (Dennis Clarke) Date: Thu, 12 Aug 2021 00:35:01 +0000 Subject: OpenSSL beta testing on Solaris and z/OS In-Reply-To: <1bc839aa-aaf1-ca81-aaea-334702a84adb@openssl.org> References: <1bc839aa-aaf1-ca81-aaea-334702a84adb@openssl.org> Message-ID: <8292da7c-7f74-a3a3-a884-429eca8fdb12@blastwave.org> On 8/5/21 00:55, Dr Paul Dale wrote: > Dennis, > > Thanks for the information.? Solaris and z/OS are not tested by the > project, so it's good to know they aren't too far from working out of > the box. > > We would definitely be interested in a pull request with your fixes at > some stage -- post 3.0 since it's almost certainly too late now. > I thought we were still in "beta" testing mode here? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional From matt at openssl.org Thu Aug 12 10:11:07 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Aug 2021 11:11:07 +0100 Subject: OpenSSL beta testing on Solaris and z/OS In-Reply-To: <8292da7c-7f74-a3a3-a884-429eca8fdb12@blastwave.org> References: <1bc839aa-aaf1-ca81-aaea-334702a84adb@openssl.org> <8292da7c-7f74-a3a3-a884-429eca8fdb12@blastwave.org> Message-ID: On 12/08/2021 01:35, Dennis Clarke via openssl-users wrote: > On 8/5/21 00:55, Dr Paul Dale wrote: >> Dennis, >> >> Thanks for the information.? Solaris and z/OS are not tested by the >> project, so it's good to know they aren't too far from working out of >> the box. >> >> We would definitely be interested in a pull request with your fixes at >> some stage -- post 3.0 since it's almost certainly too late now. >> > > I thought we were still in "beta" testing mode here? Release of 3.0 "final" is imminent. OTC met on Tuesday 10th to decide whether to release it today (Thursday 12th) or not. Ultimately they decided not to, but will review again next Tuesday. Matt From hkario at redhat.com Thu Aug 12 12:38:11 2021 From: hkario at redhat.com (Hubert Kario) Date: Thu, 12 Aug 2021 14:38:11 +0200 Subject: In Openssl 1.1.1a, how can I force the TLS1.2 user to use the =?iso-8859-1?Q?"rsa=5Fpkcs=5Fsha512"_signature_algorithm=3F_Many_thanks_i?= =?iso-8859-1?Q?n_advance.?= In-Reply-To: References: Message-ID: On Tuesday, 10 August 2021 22:48:58 CEST, Ma Zhenhua wrote: > Hi team, > > In Openssl 1.1.1a, how can I force the TLS1.2 user to use the > "rsa_pkcs_sha512" signature algorithm? Many thanks in advance. openssl s_client -sigalgs RSA+SHA512 or SSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA512"); -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic From dclarke at blastwave.org Thu Aug 12 16:29:44 2021 From: dclarke at blastwave.org (Dennis Clarke) Date: Thu, 12 Aug 2021 16:29:44 +0000 Subject: OpenSSL beta testing on Solaris and z/OS In-Reply-To: References: <1bc839aa-aaf1-ca81-aaea-334702a84adb@openssl.org> <8292da7c-7f74-a3a3-a884-429eca8fdb12@blastwave.org> Message-ID: On 8/12/21 10:11, Matt Caswell wrote: > > > On 12/08/2021 01:35, Dennis Clarke via openssl-users wrote: >> On 8/5/21 00:55, Dr Paul Dale wrote: >>> Dennis, >>> >>> Thanks for the information.? Solaris and z/OS are not tested by the >>> project, so it's good to know they aren't too far from working out of >>> the box. >>> >>> We would definitely be interested in a pull request with your fixes at >>> some stage -- post 3.0 since it's almost certainly too late now. >>> >> >> ???? I thought we were still in "beta" testing mode here? > > Release of 3.0 "final" is imminent. OTC met on Tuesday 10th to decide > whether to release it today (Thursday 12th) or not. Ultimately they > decided not to, but will review again next Tuesday. > Ah, well, good stuff. I will see what I can do with some strange platforms and post my results as they appear. Possibly with the odd question or two. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional From b_duvvuri at yahoo.com Fri Aug 13 16:31:50 2021 From: b_duvvuri at yahoo.com (Bala Duvvuri) Date: Fri, 13 Aug 2021 16:31:50 +0000 (UTC) Subject: Crash seen in OPENSSL_sk_pop_free References: <1688473336.249973.1628872310556.ref@mail.yahoo.com> Message-ID: <1688473336.249973.1628872310556@mail.yahoo.com> Hi All, We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur? Below is the bt of the crash #0 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 ) at crypto/stack/stack.c:367 i = 0 #1 0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99 No locals. #2 X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454 No locals. #3 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281 No locals .... Below is the OpenSSL API 360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) 361 { 362 int i; 363 364 if (st == NULL) 365 return; 366 for (i = 0; i < st->num; i++) 367 if (st->data[i] != NULL)---------------------> Crash seen here 368 func((char *)st->data[i]); 369 OPENSSL_sk_free(st); 370 } Can someone please help to understand under what conditions this can happen? We use the below API's during certificate verification: X509_STORE_new() X509_STORE_CTX_new() X509_STORE_set_verify_cb_func X509_STORE_set_default_paths X509_STORE_load_locations X509_STORE_CTX_init X509_STORE_CTX_set_flags X509_verify_cert /* Cleanup. */ FREE_X509_STORE_CTX(pContext); Thanks Bala From matt at openssl.org Fri Aug 13 16:41:01 2021 From: matt at openssl.org (Matt Caswell) Date: Fri, 13 Aug 2021 17:41:01 +0100 Subject: Crash seen in OPENSSL_sk_pop_free In-Reply-To: <1688473336.249973.1628872310556@mail.yahoo.com> References: <1688473336.249973.1628872310556.ref@mail.yahoo.com> <1688473336.249973.1628872310556@mail.yahoo.com> Message-ID: <63222fd3-9b4f-89e6-de70-fd5c1963b1b5@openssl.org> On 13/08/2021 17:31, Bala Duvvuri via openssl-users wrote: > Hi All, > > We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur? My first suspicion would be a double-free, i.e. calling a free routine on data that has already been freed. You might like to compile OpenSSL and your application with asan (use the enable-asan compile time Configure option for OpenSSL) and see if anything shows up. Matt > > Below is the bt of the crash > > #0 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 ) at crypto/stack/stack.c:367 > i = 0 > #1 0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99 > No locals. > #2 X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454 > No locals. > #3 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281 > No locals > .... > > Below is the OpenSSL API > > 360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) > 361 { > 362 int i; > 363 > 364 if (st == NULL) > 365 return; > 366 for (i = 0; i < st->num; i++) > 367 if (st->data[i] != NULL)---------------------> Crash seen here > 368 func((char *)st->data[i]); > 369 OPENSSL_sk_free(st); > 370 } > > Can someone please help to understand under what conditions this can happen? > > We use the below API's during certificate verification: > > X509_STORE_new() > X509_STORE_CTX_new() > X509_STORE_set_verify_cb_func > X509_STORE_set_default_paths > X509_STORE_load_locations > X509_STORE_CTX_init > X509_STORE_CTX_set_flags > X509_verify_cert > > /* Cleanup. */ > FREE_X509_STORE_CTX(pContext); > > Thanks > Bala > From ankur.k.mishra at abbott.com Fri Aug 13 18:14:10 2021 From: ankur.k.mishra at abbott.com (Mishra, Ankur) Date: Fri, 13 Aug 2021 18:14:10 +0000 Subject: Openssl 1.1.1 - QNX support removed? Message-ID: Hi, At following website it is mentioned that QNX support is removed in 1.1.1 version of OpenSSL. Anyone know if this is right information and in that case what is alternate for it. OpenSSL - Wikipedia [cid:image001.png at 01D79045.199642A0] Regards, Ankur Mishra Product Cybersecurity Business and Technology Service (BTS) Bldg. J-46, Waukegan, IL O : +1 224-668-4939 Email: Ankur.k.mishra at abbott.com This communication may contain information that is proprietary, confidential, or exempt from disclosure. If you are not the intended recipient, please note that any other dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who receives this message in error should notify the sender immediately by telephone or by return e-mail and delete it from his or her computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 27588 bytes Desc: image001.png URL: From mazhh at outlook.com Fri Aug 13 23:56:38 2021 From: mazhh at outlook.com (Ma Zhenhua) Date: Fri, 13 Aug 2021 23:56:38 +0000 Subject: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Message-ID: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Best regards, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sat Aug 14 00:56:27 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Sat, 14 Aug 2021 10:56:27 +1000 Subject: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. In-Reply-To: References: Message-ID: I suggest working out why they failed and getting them working again.? You've broken something with your modifications, you need to understand what's broken and why before continuing. Paul Dale On 14/8/21 9:56 am, Ma Zhenhua wrote: > Hi team, > > I modified openssl code and make test failed. What should I do with > the failed cases. Thx in advance. > > Best regards, > Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: From mazhh at outlook.com Sat Aug 14 04:08:48 2021 From: mazhh at outlook.com (Ma Zhenhua) Date: Sat, 14 Aug 2021 04:08:48 +0000 Subject: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance. Message-ID: Hi Team, I modified OpenSSL 1.1.1a ssl library but it seemed that there was some problem. How can I debug it? Thanks in advance. Sincerely, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matthias.St.Pierre at ncp-e.com Sun Aug 15 10:40:51 2021 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Sun, 15 Aug 2021 10:40:51 +0000 Subject: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. In-Reply-To: References: Message-ID: <8712d465cda14ff29f6bd72dd611b129@ncp-e.com> The README file in the test directory contains some hints how to troubleshoot test failures. Look which test is failing and rerun it in verbose mode: make tests V=1 TESTS=testname https://github.com/openssl/openssl/blob/master/test/README.md#test-failures Hope that helps, Matthias From: openssl-users On Behalf Of Ma Zhenhua Sent: Saturday, August 14, 2021 1:57 AM To: openssl-users at openssl.org Subject: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Best regards, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7494 bytes Desc: not available URL: From Matthias.St.Pierre at ncp-e.com Sun Aug 15 11:20:19 2021 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Sun, 15 Aug 2021 11:20:19 +0000 Subject: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance. In-Reply-To: References: Message-ID: If you add the `--debug` argument to your configure command and rebuild OpenSSL, you will get a library with debug information and without optimization. https://github.com/openssl/openssl/blob/master/INSTALL.md#build-type HTH, Matthias From: openssl-users On Behalf Of Ma Zhenhua Sent: Saturday, August 14, 2021 6:09 AM To: openssl-users at openssl.org Subject: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance. Hi Team, I modified OpenSSL 1.1.1a ssl library but it seemed that there was some problem. How can I debug it? Thanks in advance. Sincerely, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7494 bytes Desc: not available URL: From b_duvvuri at yahoo.com Mon Aug 16 09:58:32 2021 From: b_duvvuri at yahoo.com (Bala Duvvuri) Date: Mon, 16 Aug 2021 09:58:32 +0000 (UTC) Subject: Crash seen in "OPENSSL_sk_pop_free" API References: <1904412303.741421.1629107912388.ref@mail.yahoo.com> Message-ID: <1904412303.741421.1629107912388@mail.yahoo.com> Hi All, We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur? Below is the bt of the crash #0 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 ) at crypto/stack/stack.c:367 i = 0 #1 0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99 No locals. #2 X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454 No locals. #3 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281 No locals .... Below is the OpenSSL code 360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) 361 { 362 int i; 363 364 if (st == NULL) 365 return; 366 for (i = 0; i < st->num; i++) 367 if (st->data[i] != NULL)---------------------> Crash seen here 368 func((char *)st->data[i]); 369 OPENSSL_sk_free(st); 370 } Can someone please help to understand under what conditions this can happen? We use the below API's during certificate verification: X509_STORE_new() X509_STORE_CTX_new() X509_STORE_set_verify_cb_func X509_STORE_set_default_paths X509_STORE_load_locations X509_STORE_CTX_init X509_STORE_CTX_set_flags X509_verify_cert /* Cleanup. */ FREE_X509_STORE_CTX(pContext); Thanks Bala From agoetzke at ford.com Mon Aug 16 12:57:54 2021 From: agoetzke at ford.com (Goetzke, Arnold (A.P.)) Date: Mon, 16 Aug 2021 12:57:54 +0000 Subject: One iOS App - 2 OpenSSL libraries. Message-ID: Hi - We have a large application, and two vendors are using the OpenSSL library in their project. However, only one of the projects encrypts data successfully when joined in our application Is this a known limitation? Also, is there a way to enable Bit-Code for iOS when compiling? I don't see build setting to enable Bit-Code in the configuration options. https://wiki.openssl.org/index.php/Compilation_and_Installation Thanks for the help! Arnold -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Aug 16 13:14:11 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Mon, 16 Aug 2021 23:14:11 +1000 Subject: One iOS App - 2 OpenSSL libraries. In-Reply-To: References: Message-ID: <3fb560a9-494f-76cc-0442-c359441b8c45@openssl.org> There shouldn't be a limitation.? Although if two different versions of OpenSSL are being used, it is possible that they could interact together in odd ways. OpenSSL will automatically use assembly implementations of algorithms unless: * the "no-asm" option is specified at configuration time; * the processor is detected, at run time, as being unable to support what we supply; * there isn't such an implementation available. I'm assuming that this is what you meant by "Bit-Code". Paul Dale On 16/8/21 10:57 pm, Goetzke, Arnold (A.P.) wrote: > Hi - > > We have a large application, and two vendors are using the OpenSSL > library in their project.? However, only one of the projects encrypts > data successfully when joined in our application > > Is this a known limitation? > > Also, is there a way to enable Bit-Code for iOS when compiling?? I > don't see build setting to enable Bit-Code in the configuration options. > > https://wiki.openssl.org/index.php/Compilation_and_Installation > > > Thanks for the help! > > Arnold -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Mon Aug 16 13:41:44 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 16 Aug 2021 09:41:44 -0400 Subject: Misunderstanding openssl verify Message-ID: It doesn't seem to be verifying the signature on the certificate parameter. Version 1.1.1k. I create an incorrectly signed self signed certificate and convert it from der to pem. A basic openssl verify -CAfile c1.pem c1.pem Returns OK, even though the signature is bad. Why? Editing the der to change the after date, the public key, or the signature still returns OK. Why? Editing the der to change the issuer causes a failure. Adding -check_ss_sig correctly causes a signature failure. It seems as though the 'verify' command checks the issuer, but not the signature of the certificate - the last parameter. From openssl-users at dukhovni.org Mon Aug 16 14:04:38 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 16 Aug 2021 10:04:38 -0400 Subject: Misunderstanding openssl verify In-Reply-To: References: Message-ID: <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> > On 16 Aug 2021, at 9:41 am, Ken Goldman wrote: > > Adding -check_ss_sig correctly causes a signature failure. Well, there you are. See the documentation of "check_ss_sig": -check_ss_sig Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security. > It seems as though the 'verify' command checks the issuer, > but not the signature of the certificate - the last parameter. As documented. -- Viktor. From kgoldman at us.ibm.com Mon Aug 16 14:30:05 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 16 Aug 2021 10:30:05 -0400 Subject: Misunderstanding openssl verify In-Reply-To: <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> References: <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> Message-ID: On 8/16/2021 10:04 AM, Viktor Dukhovni wrote: >> It seems as though the 'verify' command checks the issuer, >> but not the signature of the certificate - the last parameter. > > As documented. Then I am not understanding the documentation. https://www.openssl.org/docs/man1.1.1/man1/verify.html says "The final operation is to check the validity of the certificate chain. ... The certificate signature is checked as well " However. my experience is that the certificate signature is not checked. I can hand modify the validity, public key, or signature, but the command still returns "OK". From openssl-users at dukhovni.org Mon Aug 16 15:08:54 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 16 Aug 2021 11:08:54 -0400 Subject: Misunderstanding openssl verify In-Reply-To: References: <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> Message-ID: As documented, the self-signature checks on self-signed certs are by default skipped. If your trust store can be modified by untrusted actors, self-signature checks won't help you. If you want to check the self-signature, pass the "-check_ss_sig" option. -- Viktor. From openssl-users at dukhovni.org Mon Aug 16 15:29:34 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 16 Aug 2021 11:29:34 -0400 Subject: One iOS App - 2 OpenSSL libraries. In-Reply-To: References: Message-ID: On Mon, Aug 16, 2021 at 12:57:54PM +0000, Goetzke, Arnold (A.P.) wrote: > We have a large application, and two vendors are using the OpenSSL > library in their project. However, only one of the projects encrypts > data successfully when joined in our application > > Is this a known limitation? On Linux and BSD systems, when recent versions of OpenSSL (e.g. 1.1.1) are built and used as dynamically linked libraries, the symbols in the libraries are "versioned". Provided that the two library builds use distinct non-overlapping symbol versions they can operate independently side by side. The OpenSSL build configuration templates have "shlib_variant" directive that can be used to build OpenSSL with a customized format of the symbol versions. On platforms where symbol versions are not employed, or are employed, but overlap between two distinct OpenSSL versions, having two versions of OpenSSL in the same address space can and will often lead to unpredictable results. Vendors should either stick to the platform's default OpenSSL (if there is one), or else if shipping OpenSSL along with their product use "shlib_variant" to inject a vendor-specific tag into all symbol versions. If symbol versioning is not a feature of iOS, then the only option is using Apple's APIs for all cryptography. -- Viktor. From agoetzke at ford.com Mon Aug 16 15:33:33 2021 From: agoetzke at ford.com (Goetzke, Arnold (A.P.)) Date: Mon, 16 Aug 2021 15:33:33 +0000 Subject: One iOS App - 2 OpenSSL libraries. In-Reply-To: References: Message-ID: Thanks for that Viktor - I'll see if the shlib_variant is an option. ________________________________ From: openssl-users on behalf of Viktor Dukhovni Sent: Monday, August 16, 2021 11:29 AM To: openssl-users at openssl.org Subject: Re: One iOS App - 2 OpenSSL libraries. WARNING: This message originated outside of Ford Motor Company. Use caution when opening attachments, clicking links, or responding. On Mon, Aug 16, 2021 at 12:57:54PM +0000, Goetzke, Arnold (A.P.) wrote: > We have a large application, and two vendors are using the OpenSSL > library in their project. However, only one of the projects encrypts > data successfully when joined in our application > > Is this a known limitation? On Linux and BSD systems, when recent versions of OpenSSL (e.g. 1.1.1) are built and used as dynamically linked libraries, the symbols in the libraries are "versioned". Provided that the two library builds use distinct non-overlapping symbol versions they can operate independently side by side. The OpenSSL build configuration templates have "shlib_variant" directive that can be used to build OpenSSL with a customized format of the symbol versions. On platforms where symbol versions are not employed, or are employed, but overlap between two distinct OpenSSL versions, having two versions of OpenSSL in the same address space can and will often lead to unpredictable results. Vendors should either stick to the platform's default OpenSSL (if there is one), or else if shipping OpenSSL along with their product use "shlib_variant" to inject a vendor-specific tag into all symbol versions. If symbol versioning is not a feature of iOS, then the only option is using Apple's APIs for all cryptography. -- Viktor. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Mon Aug 16 16:14:42 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 16 Aug 2021 12:14:42 -0400 Subject: Crash seen in "OPENSSL_sk_pop_free" API In-Reply-To: <1904412303.741421.1629107912388@mail.yahoo.com> References: <1904412303.741421.1629107912388.ref@mail.yahoo.com> <1904412303.741421.1629107912388@mail.yahoo.com> Message-ID: <7D0F63F2-0A05-4398-BC11-819761948B2F@dukhovni.org> > On 16 Aug 2021, at 5:58 am, Bala Duvvuri via openssl-users wrote: > > We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur? > > Below is the bt of the crash > > #0 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 ) at crypto/stack/stack.c:367 > #1 0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99 > #2 X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454 > #3 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281 The call in question frees the certificate chain built by X509_verify_cert(). sk_X509_pop_free(ctx->chain, X509_free); That chain is owned by the X509_STORE_CTX. You probably made the mistake of freeing it (or one of the certificates in question) yourself. There are two functions for accessing the built chain: STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) { return ctx->chain; } STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) { if (!ctx->chain) return NULL; return X509_chain_up_ref(ctx->chain); } If you call X509_STORE_CTX_get0_chain(3), you MUST NOT free the result. If you call X509_STORE_CTX_get1_chain(3), you own the chain copy, and should free the result when you no longer need it. -- Viktor. From openssl-users at dukhovni.org Mon Aug 16 16:22:05 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Mon, 16 Aug 2021 12:22:05 -0400 Subject: One iOS App - 2 OpenSSL libraries. In-Reply-To: References: Message-ID: <4D01BE99-B2E3-40FC-ACA9-4C49D267E552@dukhovni.org> > On 16 Aug 2021, at 11:33 am, Goetzke, Arnold (A.P.) wrote: > > Thanks for that Viktor - I'll see if the shlib_variant is an option. Note that setting "shlib_variant" is something the vendor has to set when building the bundled OpenSSL libraries. The Configurations/README file documents this as follows: shlib_variant => A "variant" identifier inserted between the base shared library name and the extension. On "unixy" platforms (BSD, Linux, Solaris, MacOS/X, ...) this supports installation of custom OpenSSL libraries that don't conflict with other builds of OpenSSL installed on the system. The variant identifier becomes part of the SONAME of the library and also any symbol versions (symbol versions are not used or needed with MacOS/X). For example, on a system where a default build would normally create the SSL shared library as 'libssl.so -> libssl.so.1.1' with the value of the symlink as the SONAME, a target definition that sets 'shlib_variant => "-abc"' will create 'libssl.so -> libssl-abc.so.1.1', again with an SONAME equal to the value of the symlink. The symbol versions associated with the variant library would then be 'OPENSSL_ABC_' rather than the default 'OPENSSL_'. The string inserted into symbol versions is obtained by mapping all letters in the "variant" identifier to upper case and all non-alphanumeric characters to '_'. So the effect of shlib_variant is change both the shared object names (SONAME) and its symbol versions (where applicable). Applications linked with a shlib_variant "libssl.so" and "libcrypto.so" will at runtime search for "libssl-.so." and "libcrypto-.so.". -- Viktor. From Michal.Trojnara at stunnel.org Mon Aug 16 19:14:56 2021 From: Michal.Trojnara at stunnel.org (=?UTF-8?Q?Micha=c5=82_Trojnara?=) Date: Mon, 16 Aug 2021 21:14:56 +0200 Subject: stunnel 60 released Message-ID: <0d75fb86-fd39-096d-3bf5-bfeb151153dc@stunnel.org> Dear Users, I have released version 5.60 of stunnel. ### Version 5.60, 2021.08.16, urgency: LOW * New features ? - New 'sessionResume' service-level option to allow ??? or disallow session resumption ? - Added support for the new SSL_set_options() values. ? - Download fresh ca-certs.pem for each new release. * Bugfixes ? - Fixed 'redirect' with 'protocol'.? This combination is ??? not supported by 'smtp', 'pop3' and 'imap' protocols. ? - Enforced minimum WIN32 log window size. ? - Fixed support for password-protected private keys with ??? OpenSSL 3.0 (thx to Dmitry Belyavskiy). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c45d765b1521861fea9b03b425b9dd7d48b3055128c0aec673bba5ef9b8f787d stunnel-5.60.tar.gz 190b79cb94a4f70f362e44c32d150edf8ae660734d3fa0cbd990c3821e8f3083 stunnel-5.60-win64-installer.exe bac9bb4503cc5091d78c9deb6aa013fc07e39d67db0dfcc073b098db52f54427 stunnel-5.60-android.zip Best regards, ??? Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From levitte at openssl.org Mon Aug 16 20:20:58 2021 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Aug 2021 22:20:58 +0200 Subject: Misunderstanding openssl verify In-Reply-To: References: <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> Message-ID: <87czqdrvit.wl-levitte@openssl.org> On Mon, 16 Aug 2021 16:30:05 +0200, Ken Goldman wrote: > > On 8/16/2021 10:04 AM, Viktor Dukhovni wrote: > >> It seems as though the 'verify' command checks the issuer, > >> but not the signature of the certificate - the last parameter. > > > > As documented. > > Then I am not understanding the documentation. > > https://www.openssl.org/docs/man1.1.1/man1/verify.html > > says > > "The final operation is to check the validity of the certificate chain. > ... > The certificate signature is checked as well " > > However. my experience is that the certificate signature is not > checked. I can hand modify the validity, public key, or > signature, but the command still returns "OK". The documentation on '-check_ss_sig' finishes with this: "... This verification is disabled by default because it doesn't add any security." I'm sure this can be debated, but that's at least an explanation. Cheers, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From kgoldman at us.ibm.com Mon Aug 16 20:56:21 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 16 Aug 2021 16:56:21 -0400 Subject: IMPLEMENT_ASN1_FUNCTIONS tutorial or help Message-ID: I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate. For the input side, a poster showed me ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS which created the i2d() function. Now I would like to do the other end, where I have der and I want to parse back to the structure, using d2i() 1 - Is there a tutorial on this? 2 - Can someone show me this structure? The DER is a version, serial number, signature algorithm, public key algorithm, and public key. The dump looks like this: 0 337: SEQUENCE { 4 3: . [0] { 6 1: . . INTEGER 2 : . . } 9 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC 30 51 53 23 32 13: . SEQUENCE { 34 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11) : . . . (PKCS #1) 45 0: . . NULL : . . } 47 290: . SEQUENCE { 51 13: . . SEQUENCE { 53 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) : . . . . (PKCS #1) 64 0: . . . NULL : . . . } 66 271: . . BIT STRING, encapsulates { 71 266: . . . SEQUENCE { 75 257: . . . . INTEGER : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96 : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29 : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88 : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19 : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98 : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85 : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27 : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10 : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4 : . . . . . A1 336 3: . . . . INTEGER 65537 : . . . . } : . . . } : . . } : . } From admin at computerquip.com Tue Aug 17 03:02:01 2021 From: admin at computerquip.com (Zachary Lund) Date: Mon, 16 Aug 2021 22:02:01 -0500 Subject: CMS_SIgnedData backwards-compatibility Message-ID: <55d4e5d2-2e3a-2c4c-d505-6788745396b2@computerquip.com> Hello, I'm trying to encode some data into a CMS_SignedData structure. The verifying code, however, doesn't expect the `encapContentInfo` to be wrapped in an OCTET STRING. In RFC 5652 (5.2.1), they mention a possible exception to this for the sake of backwards compatibility with PKCS7. The Authenticode example they gave is basically exactly what I'm wanting. I was wondering if there was a way to implement this exception in OpenSSL's CMS API. Thanks, Zach From Shivakumar.Poojari at rbbn.com Tue Aug 17 07:11:43 2021 From: Shivakumar.Poojari at rbbn.com (Shivakumar Poojari) Date: Tue, 17 Aug 2021 07:11:43 +0000 Subject: Replacement for AES_set_encrypt_key and AES_encrypt to support 3.0 Message-ID: Hi All, We are upgrading our code to openssl 3.0. we need replacement for AES_set_encrypt_key and AES_encrypt, these two functions are in two different functions previously we replaced below functions AES_set_decrypt_key() AES_cbc_encrypt() to EVP_CipherInit_ex EVP_CipherUpdate EVP_CipherFinal_ex as show in the man page example now scenario is different Now I need AES_set_encrypt_key code separately and AES_encrypt code separately to use in differnnt places Thanks, shiva kumar Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Aug 17 07:44:56 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Tue, 17 Aug 2021 17:44:56 +1000 Subject: Replacement for AES_set_encrypt_key and AES_encrypt to support 3.0 In-Reply-To: References: Message-ID: <51c5d6cb-b7c1-226a-d179-70c22ae8c1dc@openssl.org> You don't want to use these and there is no direct replacement.? You want to use the EVP calls instead:? EVP_CipherInit_ex2, EVP_CipherUpdate, EVP_CipherFinal_ex and friends. See this manual page: ??? https://www.openssl.org/docs/manmaster/man3/EVP_EncryptInit.html Pauli On 17/8/21 5:11 pm, Shivakumar Poojari wrote: > Hi All, > > ? ? ? ?We are upgrading our code to openssl 3.0. > > ? ? ? ? ?we need replacement for *AES_set_encrypt_key* and > *AES_encrypt,* these two functions are in two? ? ? ?different functions > > ? ?previously we replaced below functions > > ? ? AES_set_decrypt_key() AES_cbc_encrypt() > to?EVP_CipherInit_ex?EVP_CipherUpdate > ? ? EVP_CipherFinal_ex as show in the man page example now scenario is > different > > ? ? Now I need *AES_set_encrypt_key *code > separately**and***AES_encrypt *code separately to use in differnnt? ? > ?places > > > Thanks, > shiva kumar > > > > > Notice: This e-mail together with any attachments may contain > information of Ribbon Communications Inc. and its Affiliates that is > confidential and/or proprietary for the sole use of the intended > recipient. Any review, disclosure, reliance or distribution by others > or forwarding without express permission is strictly prohibited. If > you are not the intended recipient, please notify the sender > immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sunil.Paramashivaiah at rbbn.com Tue Aug 17 10:18:26 2021 From: Sunil.Paramashivaiah at rbbn.com (Paramashivaiah, Sunil) Date: Tue, 17 Aug 2021 10:18:26 +0000 Subject: Replacing DES_ede3_cbc_encrypt with EVP API's for upgrading to openssl 3.0 Message-ID: Hi All, I am trying to upgrade over application to use openssl 3.0 from openssl 1.0.2. I am trying to replace DES_ede3_cbc_encrypt with EVP API's as below. DES_ede3_cbc_encrypt accepts 3 keys got from des_key_sched. But for same thing to work using EVP API we have option for only one key. EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL) Please suggest if this is correct. Even for decrypt, will passing only one key to EVP_EncryptInit_ex2 work Old Code: if (des_key_sched((void *)key->v, ks1) != 0) return NULL; if (des_key_sched((void *)(key->v + 8), ks2) != 0) return NULL; if (des_key_sched((void *)(key->v + 16), ks3) != 0) return NULL; /* decryption data */ DES_ede3_cbc_encrypt((const unsigned char *)data->v, (unsigned char *)res->v, data->l, &ks1, &ks2, &ks3, (unsigned char (*)[8])iv->v, DES_ENCRYPT); New Code: EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL) EVP_EncryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, data->l) EVP_EncryptFinal_ex(ctx, (unsigned char *) res->v + outl, &tmpl) Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sunil.Paramashivaiah at rbbn.com Tue Aug 17 10:21:35 2021 From: Sunil.Paramashivaiah at rbbn.com (Paramashivaiah, Sunil) Date: Tue, 17 Aug 2021 10:21:35 +0000 Subject: Replacing DES_ede3_cbc_encrypt with EVP API's for upgrading to openssl 3.0 In-Reply-To: References: Message-ID: Corrected the typo From: Paramashivaiah, Sunil Sent: Tuesday, August 17, 2021 3:48 PM To: openssl-users at openssl.org Cc: Bhattacharjee, Debapriyo (c) Subject: Replacing DES_ede3_cbc_encrypt with EVP API's for upgrading to openssl 3.0 Hi All, I am trying to upgrade our application to use openssl 3.0 from openssl 1.0.2. I am trying to replace DES_ede3_cbc_encrypt with EVP API's as below. DES_ede3_cbc_encrypt accepts 3 keys got from des_key_sched. But for same thing to work using EVP API we have option for only one key. EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL) Please suggest if this is correct. Even for decrypt, will passing only one key to EVP_DecryptInit_ex2 work Old Code: if (des_key_sched((void *)key->v, ks1) != 0) return NULL; if (des_key_sched((void *)(key->v + 8), ks2) != 0) return NULL; if (des_key_sched((void *)(key->v + 16), ks3) != 0) return NULL; /* decryption data */ DES_ede3_cbc_encrypt((const unsigned char *)data->v, (unsigned char *)res->v, data->l, &ks1, &ks2, &ks3, (unsigned char (*)[8])iv->v, DES_ENCRYPT); New Code: EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL) EVP_EncryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, data->l) EVP_EncryptFinal_ex(ctx, (unsigned char *) res->v + outl, &tmpl) Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sunil.Paramashivaiah at rbbn.com Tue Aug 17 10:28:54 2021 From: Sunil.Paramashivaiah at rbbn.com (Paramashivaiah, Sunil) Date: Tue, 17 Aug 2021 10:28:54 +0000 Subject: DES_is_weak_key replacement in openssl 3.0 Message-ID: Hi All, I am not able to find EVP API for replacing deprecated DES_is_weak_key API. Does checking DES_is_weak_key not required for using EVP API's for DES related operations in openssl 3.0. Please suggest. Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sanjeev.Kumar-Mishra at rbbn.com Tue Aug 17 13:59:14 2021 From: Sanjeev.Kumar-Mishra at rbbn.com (Kumar Mishra, Sanjeev) Date: Tue, 17 Aug 2021 13:59:14 +0000 Subject: Help Needed for deprecated functions and macros like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc Message-ID: Hi All, I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. I am getting compilation errors for deprecated functions and macros like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc. But there is not any replacement for these functions and macros in OpenSSL 3.0. How can I handle these compilation errors ? Should I re-write these functions doing nothing and macros with any arbitrary numbers ? In OpenSSL 3.0 source code file /include/openssl/crypto.h.in, it is mentioned that to handle these functions and macros as "no-ops". Could anybody elaborate the following comment from source code of OpenSSL 3.0 ( /include/openssl/crypto.h.in) in details....... /* * The old locking functions have been removed completely without compatibility * macros. This is because the old functions either could not properly report * errors, or the returned error values were not clearly documented. * Replacing the locking functions with no-ops would cause race condition * issues in the affected applications. It is far better for them to fail at * compile time. * On the other hand, the locking callbacks are no longer used. Consequently, * the callback management functions can be safely replaced with no-op macros. */ # define CRYPTO_num_locks() (1) # define CRYPTO_set_locking_callback(func) # define CRYPTO_get_locking_callback() (NULL) # define CRYPTO_set_add_lock_callback(func) # define CRYPTO_get_add_lock_callback() (NULL) /* * These defines where used in combination with the old locking callbacks, * they are not called anymore, but old code that's not called might still * use them. */ # define CRYPTO_LOCK 1 # define CRYPTO_UNLOCK 2 # define CRYPTO_READ 4 # define CRYPTO_WRITE 8 ..... ..... ...... Thanks in anticipation, Sanjeev Kumar Mishra Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Aug 17 14:38:54 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Aug 2021 15:38:54 +0100 Subject: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: Message-ID: <3796986c-54de-ad21-2080-360fa0574af0@openssl.org> On 16/08/2021 21:56, Ken Goldman wrote: > I am trying to parse some ASN.1 DER so I can add it to an X.509 > certificate. > > For the input side, a poster showed me > > ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then > DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS > > which created the i2d() function. It should also give you the d2i() function too! > > Now I would like to do the other end, where I have der and I > want to parse back to the structure, using d2i() > > 1 - Is there a tutorial on this? Seems like you don't need one. If you got i2d working you should have d2i already! Matt > > 2 - Can someone show me this structure? > > The DER is a version, serial number, signature algorithm, > public key algorithm, and public key. > > The dump looks like this: > > ?0 337: SEQUENCE { > ? 4?? 3: . [0] { > ? 6?? 1: . . INTEGER 2 > ?????? : . . } > ? 9? 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC > 30 51 53 23 > ?32? 13: . SEQUENCE { > ?34?? 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 > 1 1 11) > ?????? : . . . (PKCS #1) > ?45?? 0: . . NULL > ?????? : . . } > ?47 290: . SEQUENCE { > ?51? 13: . . SEQUENCE { > ?53?? 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) > ?????? : . . . . (PKCS #1) > ?64?? 0: . . . NULL > ?????? : . . . } > ?66 271: . . BIT STRING, encapsulates { > ?71 266: . . . SEQUENCE { > ?75 257: . . . . INTEGER > ?????? : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96 > ?????? : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29 > ?????? : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88 > ?????? : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19 > ?????? : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F > ?????? : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98 > ?????? : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D > ?????? : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85 > ?????? : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27 > ?????? : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F > ?????? : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D > ?????? : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C > ?????? : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C > ?????? : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10 > ?????? : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B > ?????? : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4 > ?????? : . . . . . A1 > 336?? 3: . . . . INTEGER 65537 > ?????? : . . . . } > ?????? : . . . } > ?????? : . . } > ?????? : . } > > From kgoldman at us.ibm.com Tue Aug 17 15:13:15 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Tue, 17 Aug 2021 11:13:15 -0400 Subject: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: <3796986c-54de-ad21-2080-360fa0574af0@openssl.org> References: <3796986c-54de-ad21-2080-360fa0574af0@openssl.org> Message-ID: On 8/17/2021 10:38 AM, Matt Caswell wrote: > > > On 16/08/2021 21:56, Ken Goldman wrote: >> I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate. >> >> For the input side, a poster showed me >> >> ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then >> DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS >> >> which created the i2d() function. > > It should also give you the d2i() function too! > > >> >> Now I would like to do the other end, where I have der and I >> want to parse back to the structure, using d2i() >> >> 1 - Is there a tutorial on this? > > Seems like you don't need one. If you got i2d working you should have d2i already! > I wasn't clear. The input and output sides are different asn.1. For the input side, a poster give me the structure and I only need the i2d(). That's done - amazing. This worked so well that I would like to use the same pattern for the output side, where I need d2i(). I posted the DER dump below, but I don't know how to map that to the structures that the openssl macros can consume. > Matt > > >> >> 2 - Can someone show me this structure? >> >> The DER is a version, serial number, signature algorithm, >> public key algorithm, and public key. >> >> The dump looks like this: >> >> ??0 337: SEQUENCE { >> ?? 4?? 3: . [0] { >> ?? 6?? 1: . . INTEGER 2 >> ??????? : . . } >> ?? 9? 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC 30 51 53 23 >> ??32? 13: . SEQUENCE { >> ??34?? 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11) >> ??????? : . . . (PKCS #1) >> ??45?? 0: . . NULL >> ??????? : . . } >> ??47 290: . SEQUENCE { >> ??51? 13: . . SEQUENCE { >> ??53?? 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) >> ??????? : . . . . (PKCS #1) >> ??64?? 0: . . . NULL >> ??????? : . . . } >> ??66 271: . . BIT STRING, encapsulates { >> ??71 266: . . . SEQUENCE { >> ??75 257: . . . . INTEGER >> ??????? : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96 >> ??????? : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29 >> ??????? : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88 >> ??????? : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19 >> ??????? : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F >> ??????? : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98 >> ??????? : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D >> ??????? : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85 >> ??????? : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27 >> ??????? : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F >> ??????? : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D >> ??????? : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C >> ??????? : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C >> ??????? : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10 >> ??????? : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B >> ??????? : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4 >> ??????? : . . . . . A1 >> 336?? 3: . . . . INTEGER 65537 >> ??????? : . . . . } >> ??????? : . . . } >> ??????? : . . } >> ??????? : . } >> >> > From matt at openssl.org Tue Aug 17 15:31:21 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Aug 2021 16:31:21 +0100 Subject: Forthcoming OpenSSL release Message-ID: <16741599-8f3a-555b-582c-1b68b3571bd7@openssl.org> The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1l. This release will be made available on Tuesday 24th August 2021 between 1200-1600 UTC. OpenSSL 1.1.1l is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high Note that due to this also affecting OpenSSL 3.0 beta releases, OpenSSL 3.0 final will not be occurring this week. Yours The OpenSSL Project Team -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: From hvn at open.com.au Tue Aug 17 16:03:12 2021 From: hvn at open.com.au (Heikki Vatiainen) Date: Tue, 17 Aug 2021 19:03:12 +0300 Subject: Openssl 1.1.1 - QNX support removed? In-Reply-To: References: Message-ID: <0569a04c-c55f-69a2-b082-28e2a97d7233@open.com.au> On 13.8.2021 21.14, Mishra, Ankur wrote: > At following website it is mentioned that QNX support is removed in > 1.1.1 version of OpenSSL. Anyone know if this is right information and > in that case what is alternate for it. See this for more information https://github.com/openssl/openssl/pull/5756/files I'm not a QNX user myself, but it seems from the above that the information in Wikipedia is correct. The changes needed for removal appear to be quite minor so getting the support back could be straight forward. A contribution would likely to be appreciated too. Thanks, Heikki -- Heikki Vatiainen Visit radiatorsoftware.com for Radiator AAA server software From dnsands at sandia.gov Tue Aug 17 16:57:45 2021 From: dnsands at sandia.gov (Sands, Daniel) Date: Tue, 17 Aug 2021 16:57:45 +0000 Subject: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: <3796986c-54de-ad21-2080-360fa0574af0@openssl.org> Message-ID: > >> Now I would like to do the other end, where I have der and I want to > >> parse back to the structure, using d2i() > >> > >> 1 - Is there a tutorial on this? > > > > Seems like you don't need one. If you got i2d working you should have d2i > already! > > > > I wasn't clear. The input and output sides are different asn.1. > > For the input side, a poster give me the structure and I only need the i2d(). > That's done - amazing. > > This worked so well that I would like to use the same pattern for the output side, > where I need d2i(). > > I posted the DER dump below, but I don't know how to map that to the > structures that the openssl macros can consume. If you want a generalized parser, you need the schema. Yes, you could make an ASN1 structure to parse THAT input, but if you want to parse all input of that type, you need to know about optional values, arbitrary repeats, etc. The schema would specify all of that. From pauli at openssl.org Tue Aug 17 21:24:38 2021 From: pauli at openssl.org (Dr Paul Dale) Date: Wed, 18 Aug 2021 07:24:38 +1000 Subject: Help Needed for deprecated functions and macros like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc In-Reply-To: References: Message-ID: Locking in OpenSSL 1.1.1 and later is completely different.? You no longer need to and should not try to register the locking callbacks. Pauli On 17/8/21 11:59 pm, Kumar Mishra, Sanjeev wrote: > Hi All, > I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. > I am getting compilation errors for deprecated functions and macros > like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc. But there is not > any replacement for these functions and macros in OpenSSL 3.0. > How can I handle these compilation errors ? > Should I re-write these functions doing nothing and macros with any > arbitrary numbers ? > In OpenSSL 3.0 source code file /include/openssl/crypto.h.in, it is > mentioned that to handle these functions and macros as "no-ops". > Could anybody elaborate the following comment from source code of > OpenSSL 3.0 (/include/openssl/crypto.h.in) in details....... > > /* > * The old locking functions have been removed completely without > compatibility > * macros. This is because the old functions either could not properly > report > * errors, or the returned error values were not clearly documented. > * Replacing the locking functions with no-ops would cause race condition > * issues in the affected applications. It is far better for them to > fail at > * compile time. > * On the other hand, the locking callbacks are no longer used. > Consequently, > * the callback management functions can be safely replaced with no-op > macros. > */ > # define CRYPTO_num_locks() (1) > # define CRYPTO_set_locking_callback(func) > # define CRYPTO_get_locking_callback() (NULL) > # define CRYPTO_set_add_lock_callback(func) > # define CRYPTO_get_add_lock_callback() (NULL) > /* > * These defines where used in combination with the old locking callbacks, > * they are not called anymore, but old code that's not called might still > * use them. > */ > # define CRYPTO_LOCK 1 > # define CRYPTO_UNLOCK 2 > # define CRYPTO_READ 4 > # define CRYPTO_WRITE 8 > ..... > ..... > ...... > > Thanks in anticipation, > Sanjeev Kumar Mishra > > > Notice: This e-mail together with any attachments may contain > information of Ribbon Communications Inc. and its Affiliates that is > confidential and/or proprietary for the sole use of the intended > recipient. Any review, disclosure, reliance or distribution by others > or forwarding without express permission is strictly prohibited. If > you are not the intended recipient, please notify the sender > immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Tue Aug 17 22:08:18 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Tue, 17 Aug 2021 18:08:18 -0400 Subject: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: <3796986c-54de-ad21-2080-360fa0574af0@openssl.org> Message-ID: On 8/17/2021 12:57 PM, Sands, Daniel via openssl-users wrote: >>>> Now I would like to do the other end, where I have der and I want to >>>> parse back to the structure, using d2i() >>>> >>>> 1 - Is there a tutorial on this? >>> >>> Seems like you don't need one. If you got i2d working you should have d2i >> already! >>> >> >> I wasn't clear. The input and output sides are different asn.1. >> >> For the input side, a poster give me the structure and I only need the i2d(). >> That's done - amazing. >> >> This worked so well that I would like to use the same pattern for the output side, >> where I need d2i(). >> >> I posted the DER dump below, but I don't know how to map that to the >> structures that the openssl macros can consume. > > If you want a generalized parser, you need the schema. Yes, you could make an ASN1 structure to parse THAT input, but if you want to parse all input of that type, you need to know about optional values, arbitrary repeats, etc. The schema would specify all of that. > I don't need a generalized parser, and there is no schema. It's the output of an ISO standard HSM (a TPM). It doesn't change, so I just want to part that specific output. The only variation is that the public key could be ECC. Any clue on how to code that structure? From kgoldman at us.ibm.com Tue Aug 17 22:11:42 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Tue, 17 Aug 2021 18:11:42 -0400 Subject: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: Message-ID: My latest attempt to code the below DER is this. It compiles, but the d2i segfaults on apparently the second element. Anything obviously wrong? typedef struct { ASN1_INTEGER *version; ASN1_INTEGER *serialNumber; X509_ALGOR *signature; X509_PUBKEY *key; } TPM_ADDTOCERT; ASN1_SEQUENCE(TPM_ADDTOCERT) = { ASN1_EXP_OPT(TPM_ADDTOCERT, version, ASN1_INTEGER, 0), ASN1_EMBED(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER), ASN1_EMBED(TPM_ADDTOCERT, signature, X509_ALGOR), ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), } ASN1_SEQUENCE_END(TPM_ADDTOCERT) DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT) IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT) const unsigned char *tmpptr = out.addedToCertificate.t.buffer; TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL, &tmpptr, out.addedToCertificate.t.size); On 8/16/2021 4:56 PM, Ken Goldman wrote: > > The dump looks like this: > > ?0 337: SEQUENCE { > ? 4?? 3: . [0] { > ? 6?? 1: . . INTEGER 2 > ?????? : . . } > ? 9? 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC 30 51 53 23 > ?32? 13: . SEQUENCE { > ?34?? 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11) > ?????? : . . . (PKCS #1) > ?45?? 0: . . NULL > ?????? : . . } > ?47 290: . SEQUENCE { > ?51? 13: . . SEQUENCE { > ?53?? 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) > ?????? : . . . . (PKCS #1) > ?64?? 0: . . . NULL > ?????? : . . . } > ?66 271: . . BIT STRING, encapsulates { > ?71 266: . . . SEQUENCE { > ?75 257: . . . . INTEGER > ?????? : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96 > ?????? : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29 > ?????? : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88 > ?????? : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19 > ?????? : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F > ?????? : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98 > ?????? : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D > ?????? : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85 > ?????? : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27 > ?????? : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F > ?????? : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D > ?????? : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C > ?????? : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C > ?????? : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10 > ?????? : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B > ?????? : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4 > ?????? : . . . . . A1 > 336?? 3: . . . . INTEGER 65537 > ?????? : . . . . } > ?????? : . . . } > ?????? : . . } > ?????? : . } > > > From dnsands at sandia.gov Wed Aug 18 01:47:59 2021 From: dnsands at sandia.gov (Sands, Daniel) Date: Wed, 18 Aug 2021 01:47:59 +0000 Subject: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: Message-ID: > My latest attempt to code the below DER is this. It compiles, but the d2i > segfaults on apparently the second element. > > Anything obviously wrong? > > typedef struct { > ASN1_INTEGER *version; > ASN1_INTEGER *serialNumber; > X509_ALGOR *signature; > X509_PUBKEY *key; > } TPM_ADDTOCERT; > > ASN1_SEQUENCE(TPM_ADDTOCERT) = { > ASN1_EXP_OPT(TPM_ADDTOCERT, version, ASN1_INTEGER, 0), > ASN1_EMBED(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER), > ASN1_EMBED(TPM_ADDTOCERT, signature, X509_ALGOR), > ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), } > ASN1_SEQUENCE_END(TPM_ADDTOCERT) > > DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT) > IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT) > > const unsigned char *tmpptr = out.addedToCertificate.t.buffer; > TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL, > &tmpptr, out.addedToCertificate.t.size); The dump you show below is: Attributes (set, tagged with a 0, optional) Version privateKeyAlgorithm privateKey This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key in PKCS1 format. I know OpenSSL has built-in PKCS#8 capability, though I do note that the optional attribute set is out of sequence. Either way, you could look at the PKCS8 source code and simply move the attribute to the beginning and otherwise duplicate the ASN1 parts and structure there, even if OpenSSL fails to parse this not-quite-spec packet. References: https://datatracker.ietf.org/doc/html/rfc8017#page-54 (PKCS#1) https://datatracker.ietf.org/doc/html/rfc5208#page-5 (PKCS#8) > > On 8/16/2021 4:56 PM, Ken Goldman wrote: > > > > The dump looks like this: > > > > ?0 337: SEQUENCE { > > ? 4?? 3: . [0] { > > ? 6?? 1: . . INTEGER 2 > > ?????? : . . } > > ? 9? 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC > > 30 51 53 23 > > ?32? 13: . SEQUENCE { > > ?34?? 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 > > 113549 1 1 11) > > ?????? : . . . (PKCS #1) > > ?45?? 0: . . NULL > > ?????? : . . } > > ?47 290: . SEQUENCE { > > ?51? 13: . . SEQUENCE { > > ?53?? 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) > > ?????? : . . . . (PKCS #1) > > ?64?? 0: . . . NULL > > ?????? : . . . } > > ?66 271: . . BIT STRING, encapsulates { > > ?71 266: . . . SEQUENCE { > > ?75 257: . . . . INTEGER > > ?????? : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96 > > ?????? : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29 > > ?????? : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88 > > ?????? : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19 > > ?????? : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F > > ?????? : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98 > > ?????? : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D > > ?????? : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85 > > ?????? : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27 > > ?????? : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F > > ?????? : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D > > ?????? : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C > > ?????? : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C > > ?????? : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10 > > ?????? : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B > > ?????? : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4 > > ?????? : . . . . . A1 > > 336?? 3: . . . . INTEGER 65537 > > ?????? : . . . . } > > ?????? : . . . } > > ?????? : . . } > > ?????? : . } > > > > > > > From steven at sdoml.com Wed Aug 18 05:40:29 2021 From: steven at sdoml.com (Stephen Dominic Liang) Date: Tue, 17 Aug 2021 22:40:29 -0700 Subject: libcrypto.dylib, building for macOS-arm64 but attempting to link with file built for macOS-x86_64 Message-ID: Hi. I installed OpenSSL 1.1 (MacOS 11.3.1) using Homebrew. I added the following to my .bash_profile: export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl at 1.1/lib/pkgconfig" I added this to the global path file at /etc/paths: /opt/homebrew/opt/openssl at 1.1/bin I've tried a number of other steps. What are some other fixes/suggestions for debugging this issue? Errors: /Applications/CLion.app/Contents/bin/cmake/mac/bin/cmake --build /Users/stephenjje/Documents/Je/test/cmake-build-debug --target test -- -j 6 [ 2%] Linking C executable test ld: warning: ignoring file /usr/local/Cellar/openssl at 1.1/1.1.1k/lib/libcrypto.dylib, building for macOS-arm64 but attempting to link with file built for macOS-x86_64 ld: warning: ignoring file /usr/local/Cellar/openssl at 1.1/1.1.1k/lib/libssl.dylib, building for macOS-arm64 but attempting to link with file built for macOS-x86_64 Undefined symbols for architecture arm64: "_ERR_print_errors_fp", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_OPENSSL_init_crypto", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o "_OPENSSL_init_ssl", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o "_SSL_CIPHER_get_name", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_CTX_free", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_CTX_new", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_CTX_use_PrivateKey_file", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o "_SSL_CTX_use_certificate_file", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o "_SSL_accept", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_connect", referenced from: _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_ctrl", referenced from: _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_free", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_get_current_cipher", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_get_peer_certificate", referenced from: _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_new", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_read", referenced from: _http_tcpip_inbound_parse_request in http_tcpip_inbound.c.o _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_set_fd", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_SSL_shutdown", referenced from: _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_write", referenced from: _http_tcpip_inbound_send_response in http_tcpip_inbound.c.o _http_tcpip_outbound_request_send_type_tls in http_tcpip_outbound.c.o "_TLS_client_method", referenced from: _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o "_TLS_server_method", referenced from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o "_X509_free", referenced from: _http_tcpip_outbound_get_url_using_string_type_tls in http_tcpip_outbound.c.o ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) gmake[3]: *** [CMakeFiles/test.dir/build.make:680: test] Error 1 gmake[2]: *** [CMakeFiles/Makefile2:83: CMakeFiles/test.dir/all] Error 2 gmake[1]: *** [CMakeFiles/Makefile2:90: CMakeFiles/test.dir/rule] Error 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From davidbowers at ups.com Wed Aug 18 22:38:09 2021 From: davidbowers at ups.com (davidbowers at ups.com) Date: Wed, 18 Aug 2021 22:38:09 +0000 Subject: problems with too many ssl_read and ssl_write errors Message-ID: * We have a server that has around 2025 clients connected at any instant. * Our application creates a Server /Listener socket that then is converted into a Secure socket using OpenSSL library. This is compiled and built in a Windows x64 environment. We also built the OpenSSL for the Windows. The Listener socket is created with a default backlog of 500. The Accept socket is non-blocking socket and waits for connections * Every Client makes a regular blocking connection to the Server. The Server accepts the connection after which the Client socket is converted to a secure socket using the OpenSSL Library. * The connections are coming at a rate of about 10 connections /second ? Not sure about this number. * We are able to connect to all the clients in a few minutes and it stays like that for some time. There constant exchange of messages between Server(COS) and clients without issues. * The application logic is to keep trying to connect every timeout. * After maybe a few hours/days we see the clients dropping connections. The logs indicate the SSL_Read or SSL_Write on the Server fails for a client with SSL_Error number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of WSATimeOut. We then observe the WSAECONNRESET as the Client closed connection. We see this behavior for multiple sites. * The number of Clients disconnected starts increasing and we see the logs in the Client where the server refuses any more connections form Clients (10061- WSAECONNREFUSED) There is nothing to indicate this state in the server logs. Our theory is the backlog is filled and Server refusing further connections. * We are trying to find why we get the SSL_Read/SSL_Write Error as it a Blocking socket. We cannot use to a non-blocking socket due to platform and application limitation -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhat.jayalakshmi at gmail.com Thu Aug 19 04:11:41 2021 From: bhat.jayalakshmi at gmail.com (Jayalakshmi bhat) Date: Thu, 19 Aug 2021 09:41:41 +0530 Subject: Getting error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Message-ID: Hi All, We are trying to integrate OpenSSL 1.1.1i on our device that runs on the ARM platform. Device boots to ready state with OpenSSL 1.1.1i. However when we try to access the device EWS, we are getting below error error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch We have confirmed that there are no issues with certificate and private key by checking the certificate key hashes. Have any one encountered this issue when certificate and private key are properly installed. Any inputs are appreciated. Thank you Jayalakshmi -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Thu Aug 19 04:37:37 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 19 Aug 2021 00:37:37 -0400 Subject: Getting error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch In-Reply-To: References: Message-ID: <89DEF5FD-CE74-48F0-86EF-C712C0ABFF56@dukhovni.org> > On 19 Aug 2021, at 12:11 am, Jayalakshmi bhat wrote: > > We are trying to integrate OpenSSL 1.1.1i on our device that runs on the ARM platform. Device boots to ready > state with OpenSSL 1.1.1i. However when we try to access the device EWS, we are getting below error > > error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch > > We have confirmed that there are no issues with certificate and private key by checking the certificate key hashes. > > Have any one encountered this issue when certificate and private key are properly installed. Clearly OpenSSL does not agree that the certificate and key are matched. This is of course not a common problem, so you'll have to figure out what's special about your situation. Most likely you're mistaken, and the X509_check_private_key() function is called in a context in which the most recently loaded certificate does not match the most recently loaded key. -- Viktor. From b_duvvuri at yahoo.com Thu Aug 19 05:59:30 2021 From: b_duvvuri at yahoo.com (Bala Duvvuri) Date: Thu, 19 Aug 2021 05:59:30 +0000 (UTC) Subject: Crash seen in "OPENSSL_sk_pop_free" API In-Reply-To: <7D0F63F2-0A05-4398-BC11-819761948B2F@dukhovni.org> References: <1904412303.741421.1629107912388.ref@mail.yahoo.com> <1904412303.741421.1629107912388@mail.yahoo.com> <7D0F63F2-0A05-4398-BC11-819761948B2F@dukhovni.org> Message-ID: <1196635218.43744.1629352770431@mail.yahoo.com> Viktor, Thank you for taking a look. We are not invoking either of the API X509_STORE_CTX_get0_chain/X509_STORE_CTX_get1_chain We invoke X509_verify_cert() during the certification verification and this fails (expectedly due to the missing CA certificate), so we invoke X509_STORE_CTX_free to clean up the "X509_STORE_CTX" context and hit this crash (this is not seen always) X509_STORE_new() X509_STORE_CTX_new() X509_STORE_set_verify_cb_func X509_STORE_set_default_paths X509_STORE_load_locations X509_STORE_CTX_init X509_STORE_CTX_set_flags X509_verify_cert --------------------> Fails with error X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY as CA certificate is not present. /* Cleanup. */ X509_STORE_CTX_free(pContext); -------------------->Crash seen here in sk_X509_pop_free 360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) 361 { 362 int i; 363 364 if (st == NULL) 365 return; 366 for (i = 0; i < st->num; i++) 367 if (st->data[i] != NULL)---------------------> Crash seen here 368 func((char *)st->data[i]); 369 OPENSSL_sk_free(st); 370 } Thanks Bala On Monday, 16 August, 2021, 11:40:24 pm IST, Viktor Dukhovni wrote: > On 16 Aug 2021, at 5:58 am, Bala Duvvuri via openssl-users wrote: > > We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur? > > Below is the bt of the crash > > #0? 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 ) at crypto/stack/stack.c:367 > #1? 0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99 > #2? X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454 > #3? 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281 The call in question frees the certificate chain built by X509_verify_cert(). ? ? sk_X509_pop_free(ctx->chain, X509_free); That chain is owned by the X509_STORE_CTX.? You probably made the mistake of freeing it (or one of the certificates in question) yourself. There are two functions for accessing the built chain: STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) { ? ? return ctx->chain; } STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) { ? ? if (!ctx->chain) ? ? ? ? return NULL; ? ? return X509_chain_up_ref(ctx->chain); } If you call X509_STORE_CTX_get0_chain(3), you MUST NOT free the result. If you call X509_STORE_CTX_get1_chain(3), you own the chain copy, and should free the result when you no longer need it. -- ??? Viktor. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Thu Aug 19 06:17:44 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 19 Aug 2021 02:17:44 -0400 Subject: Crash seen in "OPENSSL_sk_pop_free" API In-Reply-To: <1196635218.43744.1629352770431@mail.yahoo.com> References: <1904412303.741421.1629107912388.ref@mail.yahoo.com> <1904412303.741421.1629107912388@mail.yahoo.com> <7D0F63F2-0A05-4398-BC11-819761948B2F@dukhovni.org> <1196635218.43744.1629352770431@mail.yahoo.com> Message-ID: On Thu, Aug 19, 2021 at 05:59:30AM +0000, Bala Duvvuri wrote: > We invoke X509_verify_cert() during the certification verification and > this fails (expectedly due to the missing CA certificate), so we > invoke X509_STORE_CTX_free to clean up the "X509_STORE_CTX" context > and hit this crash (this is not seen always) > > X509_STORE_new() > X509_STORE_CTX_new() > X509_STORE_set_verify_cb_func What does your callback do? > X509_STORE_set_default_paths > X509_STORE_load_locations > X509_STORE_CTX_init > X509_STORE_CTX_set_flags > X509_verify_cert --------------------> Fails with error X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY as CA certificate is not present. > > /* Cleanup. */ > X509_STORE_CTX_free(pContext); -------------------->Crash seen here in sk_X509_pop_free > > 360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) > 361 { > 362 int i; > 363 > 364 if (st == NULL) > 365 return; > 366 for (i = 0; i < st->num; i++) > 367 if (st->data[i] != NULL)---------------------> Crash seen here If the backing array for stack points at invalid memory, then something has already freed the stack. Which OpenSSL versions exhibit this issue? Have you tried other (older or newer) versions of OpenSSL to determine whether there's an OpenSSL regression or more likely a bug in your code? -- Viktor. From jb-openssl at wisemo.com Thu Aug 19 13:53:10 2021 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Thu, 19 Aug 2021 15:53:10 +0200 Subject: libcrypto.dylib, building for macOS-arm64 but attempting to link with file built for macOS-x86_64 In-Reply-To: References: Message-ID: <82fa521e-292d-87e2-3713-ac64c37a4cb9@wisemo.com> This is a known deficiency of how Apple rushed adding support for their M1 ARM Desktop CPU to the XCode build suite. When building a desktop macOs program file with XCode, it will implicitly try to build both an x86_64 and an arm64 variant, and will get very surprised your compiled open source library files contain only code for one of those architectures. A potential workaround is to build OpenSSL for all 3 macOs desktop architectures and combine them with the "lipo" tool to create a "fat library".? The major shortcoming of this is that they use the same architecture "key" value for macOs and iOs, but require the libraries to be compiled differently (because the ABI for some system functions differ).? Before the M1 merge, this would work thanks to arm64 always being iOS hardware and x86_64 always being macOs hardware.? A workaround for that is to create a separate set of library files for iOS (including iOS emulator on x86-family desktops) and macOs (including x86-family and arm64 architectures), then being careful to reference the right set for each project.? Unfortunately, there is no workaround to use the same set of library files for iOS on arm64 mobile hardware and iOS emulator on arm64 desktop hardware. On 2021-08-18 07:40, Stephen Dominic Liang wrote: > Hi. I installed OpenSSL 1.1 (MacOS 11.3.1) using Homebrew. I added the > following to my .bash_profile: > > export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl at 1.1/lib/pkgconfig" > > I added this to the global path file at /etc/paths: > > /opt/homebrew/opt/openssl at 1.1/bin > > I've tried a number of other steps. What are some other > fixes/suggestions for debugging this issue? > > Errors: > > |/Applications/CLion.app/Contents/bin/cmake/mac/bin/cmake --build > /Users/stephenjje/Documents/Je/test/cmake-build-debug --target test -- > -j 6 [ 2%] Linking C executable test ld: warning: ignoring file > /usr/local/Cellar/openssl at 1.1/1.1.1k/lib/libcrypto.dylib, building for > macOS-arm64 but attempting to link with file built for macOS-x86_64 > ld: warning: ignoring file > /usr/local/Cellar/openssl at 1.1/1.1.1k/lib/libssl.dylib, building for > macOS-arm64 but attempting to link with file built for macOS-x86_64 > Undefined symbols for architecture arm64: "_ERR_print_errors_fp", > referenced from: _http_tcpip_inbound_initialize in > http_tcpip_inbound.c.o _http_tcpip_inbound_tls_initialize in > http_tcpip_inbound.c.o > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_OPENSSL_init_crypto", referenced from: > _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > "_OPENSSL_init_ssl", referenced from: > _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > "_SSL_CIPHER_get_name", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o > "_SSL_CTX_free", referenced from: _http_tcpip_inbound_initialize in > http_tcpip_inbound.c.o "_SSL_CTX_new", referenced from: > _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_CTX_use_PrivateKey_file", referenced > from: _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > "_SSL_CTX_use_certificate_file", referenced from: > _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > "_SSL_accept", referenced from: _http_tcpip_inbound_initialize in > http_tcpip_inbound.c.o "_SSL_connect", referenced from: > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_ctrl", referenced from: > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_free", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o > "_SSL_get_current_cipher", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o > "_SSL_get_peer_certificate", referenced from: > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_new", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_read", referenced from: > _http_tcpip_inbound_parse_request in http_tcpip_inbound.c.o > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_set_fd", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_SSL_shutdown", referenced from: > _http_tcpip_inbound_initialize in http_tcpip_inbound.c.o "_SSL_write", > referenced from: _http_tcpip_inbound_send_response in > http_tcpip_inbound.c.o _http_tcpip_outbound_request_send_type_tls in > http_tcpip_outbound.c.o "_TLS_client_method", referenced from: > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o "_TLS_server_method", referenced from: > _http_tcpip_inbound_tls_initialize in http_tcpip_inbound.c.o > "_X509_free", referenced from: > _http_tcpip_outbound_get_url_using_string_type_tls in > http_tcpip_outbound.c.o ld: symbol(s) not found for architecture arm64 > clang: error: linker command failed with exit code 1 (use -v to see > invocation) gmake[3]: *** [CMakeFiles/test.dir/build.make:680: test] > Error 1 gmake[2]: *** [CMakeFiles/Makefile2:83: > CMakeFiles/test.dir/all] Error 2 gmake[1]: *** > [CMakeFiles/Makefile2:90: CMakeFiles/test.dir/rule] Error 2| Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Thu Aug 19 21:48:20 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 19 Aug 2021 17:48:20 -0400 Subject: IMPLEMENT_ASN1_FUNCTIONS tutorial or help In-Reply-To: References: Message-ID: On 8/17/2021 9:47 PM, Sands, Daniel via openssl-users wrote: > The dump you show below is: > Attributes (set, tagged with a 0, optional) > Version > privateKeyAlgorithm > privateKey > > This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key in PKCS1 format. I know OpenSSL has built-in PKCS#8 capability, though I do note that the optional attribute set is out of sequence. > > Either way, you could look at the PKCS8 source code and simply move the attribute to the beginning and otherwise duplicate the ASN1 parts and structure there, even if OpenSSL fails to parse this not-quite-spec packet. For the record, it was an inconsistency - ASN1_SIMPLE requires a pointer, ASN1_EMBED does not. I used the example in x_x509.c, which uses EMBED, but I could not find the corresponding typedef. (I have no opportunity to change the input. It comes from a standard HSM.) From Michael.Wojcik at microfocus.com Thu Aug 19 22:22:27 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 19 Aug 2021 22:22:27 +0000 Subject: problems with too many ssl_read and ssl_write errors In-Reply-To: References: Message-ID: > From: openssl-users On Behalf Of David Bowers via openssl-users > Sent: Wednesday, 18 August, 2021 16:38 I don't think this is OpenSSL-related, but at this point it's not clear what the issue is. > . After maybe a few hours/days we see the clients dropping connections.? The logs > indicate the SSL_Read or SSL_Write on the Server fails for a client with SSL_Error > number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of WSATimeOut.? We > then observe the WSAECONNRESET as the Client closed connection.? We see this > behavior for multiple sites. I assume this is a Server-edition version of Windows and you're not trying to support that kind of connection load on a desktop edition. What's set in the Registry under HKLM\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters? In particular I'd be suspicious of SynAttackProtect and NetworkThrottlingIndex (which shouldn't be set on Server, but you never know). Many online references will suggest altering settings that affect the ephemeral-port space, such as TcpTimedWaitDelay, but those are irrelevant on the server side (since the connection tuples will use the server port, not an ephemeral port, for the server side). Many of the settings under the TCPIP/Performance key are undocumented. This page describes a number of them: https://forums.alliedmods.net/showpost.php?s=5fedba9ea66557ccea3bfee9e192aaf4&p=1744400&postcount=1 It also discusses a number of netsh commands for TCP/IP tuning. > . The number of Clients disconnected starts increasing and we see the logs in the > Client where the server refuses any more connections form Clients (10061- > WSAECONNREFUSED) There is nothing to indicate this state in the server logs. Our > theory is the backlog is filled and Server refusing further connections. That's possible. Windows, unlike BSD-based stacks, sends an RST when the listen queue is full. (BSD-based stacks simply discard the inbound SYN, which is a better choice for a number of reasons. Windows did this wrong and stubbornly refuses to change.) You say you're specifying a backlog of 500 in the call to listen(). Microsoft recommends just passing SOMAXCONN and letting the provider set a "suitable" value. Worth trying. But this appears to be a secondary issue. The primary one seems to be that for whatever reason you get an increasing number of conversation failures, and then the client's aggressive retry behavior means you get a cascade of connection flooding until the listen queues are full. The clients ought to be changed to use random backoff or another strategy that avoids flooding the server, but at this point that seems to be addressing a symptom rather than the underlying problem. > . We are trying to find why we get the SSL_Read/SSL_Write Error as it a Blocking > socket. We cannot use to a non-blocking socket due to platform and application > limitation You said you're specifically getting SSL_ERROR_SYSCALL from SSL_read and SSL_write. That has nothing to do with whether the socket is in blocking mode -- system calls on blocking sockets can certainly return errors. I don't understand this question. There are any number of reasons why the server's ability to handle this load might be compromised. Network congestion, bufferbloat, load on the CPU or NIC (particularly if TCP offload is enabled to the NIC), contention for DMA, other application I/O, .... Years ago, I had one customer who had similar problems which turned out to be due to intermittent failures in a bad DRAM module in the server. Distributed computing is inherently fragile. But in my experience, this sort of problem is most often due to one or more of: - Application-logic errors or design issues. Are you multiplexing all these blocking sockets, or running a thread per conversation, or something else? - Middlebox problems. Routers, load balancers, firewall appliances, and so forth frequently cause issues. - Application firewalls and other "anti-malware" software (much of which is rubbish) running on the server. WSAETIMEDOUT on a send operation, assuming OpenSSL didn't need to do a receive under the covers for TLS-protocol reasons, could mean that a client app isn't doing its receives and consequently its receive window has filled; or it could mean that something is interfering with the delivery of network traffic in one direction or the other. WSAETIMEDOUT on a receive, though, again assuming OpenSSL didn't need to send under the covers, implies that something set a receive timeout on the socket, or that a keepalive wasn't responded to in the required time. Are you setting a receive timeout (typically with SO_RCVTIMEO)? Are you setting SO_KEEPALIVE? What about SO_KEEPALIVE_VALS? If you're not setting SO_KEEPALIVE_VALS, what are KeepAliveTime and KeepAliveInterval set to in the Registry? (See the MSDN docs for SO_KEEPALIVE.) Has the system administrator analyzed the Windows event logs and the network statistics? Has anyone looked at network traces when the problem is occurring? -- Michael Wojcik From kgoldman at us.ibm.com Fri Aug 20 22:31:27 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 20 Aug 2021 18:31:27 -0400 Subject: Set X509 public key in 1.0.2 Message-ID: I have an X509_PUBKEY structure holding the algorithm and public key. I want to set it in the X509 structure. In 1.1.1 and up, I can use evpPubkey = X509_PUBKEY_get0(addToCert->key); /* X509_PUBKEY */ X509_set_pubkey(x509Certificate, evpPubkey); However, 1.0.2 doesn't have these. What's a good approach? I could access the X509.cert_info.key and set the value, but I expect that would cause a double free later when I free both the X509 and the structure holding the X509_PUBKEY. Is the something like a X509_PUBKEY_dup function? (Yes, I know that 1.0.2 is obsolete, but there are some LTS distros, and I'd rather not drop support for 1.0.2 if I can figure this out.) From tomiii at tomiii.com Fri Aug 20 23:19:31 2021 From: tomiii at tomiii.com (Thomas Dwyer III) Date: Fri, 20 Aug 2021 16:19:31 -0700 Subject: Set X509 public key in 1.0.2 In-Reply-To: References: Message-ID: 1.0.2 has X509_PUBKEY_get() (without the zero) which I believe increases the reference count on the EVP_PKEY. Tom.III On Fri, Aug 20, 2021 at 3:31 PM Ken Goldman wrote: > I have an X509_PUBKEY structure holding the algorithm and public key. > I want to set it in the X509 structure. > > In 1.1.1 and up, I can use > > evpPubkey = X509_PUBKEY_get0(addToCert->key); /* X509_PUBKEY */ > X509_set_pubkey(x509Certificate, evpPubkey); > > However, 1.0.2 doesn't have these. > > What's a good approach? > > I could access the X509.cert_info.key and set the > value, but I expect that would cause a double free later > when I free both the X509 and the structure holding the > X509_PUBKEY. > > Is the something like a X509_PUBKEY_dup function? > > (Yes, I know that 1.0.2 is obsolete, but there are some LTS > distros, and I'd rather not drop support for 1.0.2 if I can > figure this out.) > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rgordey at centerprism.com Sat Aug 21 14:20:34 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 10:20:34 -0400 Subject: Need some help signing a certificate request Message-ID: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> Hello all, I am using OpenSSL 1.1.1k 25 Mar 2021 on Windows 10 c:\OpenSSL\x64\bin is part of my path. When I type 'openssl ca -config .\openssl.cnf -in ../server/req.pem -out server_certificate.pem -notext -batch -extensions server_ca_extensions' I get nothing out. No 'server_certificate.pem' anywhere I can find. Any help diagnosing this will be appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom.browder at gmail.com Sat Aug 21 15:40:59 2021 From: tom.browder at gmail.com (Tom Browder) Date: Sat, 21 Aug 2021 10:40:59 -0500 Subject: Need some help signing a certificate request In-Reply-To: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> Message-ID: On Sat, Aug 21, 2021 at 09:21 wrote ... > When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem -out > I don't do wndows, but your directory separators are not consistent--not sure of the effect. -Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: From rgordey at centerprism.com Sat Aug 21 15:47:51 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 11:47:51 -0400 Subject: Need some help signing a certificate request In-Reply-To: References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> Message-ID: <061701d796a3$e6be3620$b43aa260$@centerprism.com> Thanks for the comment. I have tried both `/` and `\` with no change. From: openssl-users On Behalf Of Tom Browder Sent: Saturday, August 21, 2021 11:41 AM Cc: openssl-users at openssl.org Subject: Re: Need some help signing a certificate request On Sat, Aug 21, 2021 at 09:21 > wrote ... When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem -out I don't do wndows, but your directory separators are not consistent--not sure of the effect. -Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Sat Aug 21 17:22:06 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sat, 21 Aug 2021 17:22:06 +0000 Subject: Need some help signing a certificate request In-Reply-To: <061701d796a3$e6be3620$b43aa260$@centerprism.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> Message-ID: > From: openssl-users On Behalf Of rgordey at centerprism.com > Sent: Saturday, 21 August, 2021 09:48 > Thanks for the comment. I have tried both `/` and `\` with no change. Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > On Sat, Aug 21, 2021 at 09:21 wrote > When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem -out We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. -- Michael Wojcik From rgordey at centerprism.com Sat Aug 21 17:26:03 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 13:26:03 -0400 Subject: Need some help signing a certificate request In-Reply-To: References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> Message-ID: <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> My openssl.cnf (I have tried `\` and `\\` and `/` directory separators): [ ca ] default_ca = testca [ testca ] dir = . certificate = $dir\\ca_certificate.pem database = $dir\\index.txt new_certs_dir = $dir\\certs private_key = $dir\\private\\ca_private_key.pem serial = $dir\\serial default_crl_days = 7 default_days = 365 default_md = sha256 policy = testca_policy x509_extensions = certificate_extensions [ testca_policy ] commonName = supplied stateOrProvinceName = optional countryName = optional emailAddress = optional organizationName = optional organizationalUnitName = optional domainComponent = optional [ certificate_extensions ] basicConstraints = CA:false [ req ] default_bits = 2048 default_keyfile = .\\private\\ca_private_key.pem default_md = sha256 prompt = yes distinguished_name = root_ca_distinguished_name x509_extensions = root_ca_extensions [ root_ca_distinguished_name ] commonName = hostname [ root_ca_extensions ] basicConstraints = CA:true keyUsage = keyCertSign, cRLSign [ client_ca_extensions ] basicConstraints = CA:false keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ server_ca_extensions ] basicConstraints = CA:false keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 -----Original Message----- From: openssl-users On Behalf Of Michael Wojcik Sent: Saturday, August 21, 2021 1:22 PM To: openssl-users at openssl.org Subject: RE: Need some help signing a certificate request > From: openssl-users On Behalf Of > rgordey at centerprism.com > Sent: Saturday, 21 August, 2021 09:48 > Thanks for the comment. I have tried both `/` and `\` with no change. Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > On Sat, Aug 21, 2021 at 09:21 wrote > When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem > -out We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. -- Michael Wojcik From rgordey at centerprism.com Sat Aug 21 17:28:36 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 13:28:36 -0400 Subject: Need some help signing a certificate request In-Reply-To: References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> Message-ID: <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> The req.pem contents: -----BEGIN CERTIFICATE REQUEST----- MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae8KJmK+maeN5Th +NKKYRvJQaNo5h/62lqJMjuLDZqS9B+WtPmu7ZwWqltIIysmROHOPILGTLnypYNO g48pThDDEM+2WL6FfqB7zFApjVI893tC7q+YW4ZvRvcC+mdasEJY2lrbPZsnPofL l3K/hQRMw04Ta3WpvF1GkNJTCZ+dNo65LCMlSArRzIwvap1OlQV8oRaKVMMIqbR7 WsxOZkwinaDnhyJJcISsemv/dkYqG+lXRGoJUOEl+8kP4bGN4zsLz5EC5v8Eggzm kHc2I4kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZmrwQpKqZppdX0x0v3AMm gakW7cBqN99XcltasciDwt0UTIva42DGkNtXSizy40TsNZwPyu7ZRKx6AnRQ4KWY whKZNUXl1VxcctR/7lW5aR58dDTeiCRZRhk6vMfIYVLPlI+GmCvlS+6s9rV48LHx /tn3kHh+dskO7+D1f5xy9/A8oWhRsSurkXREuk9v22dgkgBDTbafszb/4F1V4yQN 6zB7R6UIkzMZ9pVUImV2vjbs2y6bqxes8/t3tQTzfz2P3RfM2LPqgX3nPU80vK/Q SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv -----END CERTIFICATE REQUEST----- -----Original Message----- From: openssl-users On Behalf Of Michael Wojcik Sent: Saturday, August 21, 2021 1:22 PM To: openssl-users at openssl.org Subject: RE: Need some help signing a certificate request > From: openssl-users On Behalf Of > rgordey at centerprism.com > Sent: Saturday, 21 August, 2021 09:48 > Thanks for the comment. I have tried both `/` and `\` with no change. Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > On Sat, Aug 21, 2021 at 09:21 wrote > When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem > -out We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. -- Michael Wojcik From Michael.Wojcik at microfocus.com Sat Aug 21 17:42:47 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sat, 21 Aug 2021 17:42:47 +0000 Subject: Need some help signing a certificate request In-Reply-To: <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> Message-ID: > From: rgordey at centerprism.com > Sent: Saturday, 21 August, 2021 11:26 > > My openssl.cnf (I have tried `\` and `\\` and `/` directory separators): Use forward slashes. Backslashes should work on Windows, but forward slashes work everywhere. I don't know that "\\" will work anywhere. > [ ca ] > default_ca = testca > > [ testca ] > dir = . > certificate = $dir\\ca_certificate.pem > database = $dir\\index.txt What's in index.txt? Is it a valid OpenSSL CA index file, or completely empty (zero length)? If it's not either of those, replace it with an empty file, for example with: copy nul index.txt > new_certs_dir = $dir\\certs > private_key = $dir\\private\\ca_private_key.pem These directories exist? > serial = $dir\\serial This file exists? Though you really shouldn't be assigning serial numbers; you should let OpenSSL create them using the -create_serial option. > > default_crl_days = 7 > default_days = 365 > default_md = sha256 > > policy = testca_policy > x509_extensions = certificate_extensions > > [ testca_policy ] > commonName = supplied > stateOrProvinceName = optional > countryName = optional > emailAddress = optional > organizationName = optional > organizationalUnitName = optional > domainComponent = optional > > [ certificate_extensions ] > basicConstraints = CA:false > > [ req ] > default_bits = 2048 > default_keyfile = .\\private\\ca_private_key.pem > default_md = sha256 > prompt = yes > distinguished_name = root_ca_distinguished_name > x509_extensions = root_ca_extensions > > [ root_ca_distinguished_name ] > commonName = hostname > > [ root_ca_extensions ] > basicConstraints = CA:true > keyUsage = keyCertSign, cRLSign > > [ client_ca_extensions ] > basicConstraints = CA:false > keyUsage = digitalSignature,keyEncipherment > extendedKeyUsage = 1.3.6.1.5.5.7.3.2 Why are you specifying this by OID? Just use "extendedKeyUsage = clientAuth". (I'm assuming a reasonably recent OpenSSL version.) > > [ server_ca_extensions ] > basicConstraints = CA:false > keyUsage = digitalSignature,keyEncipherment > extendedKeyUsage = 1.3.6.1.5.5.7.3.1 Your command line was: > openssl ca -config .\openssl.cnf -in ../server/req.pem -out server_certificate.pem -notext -batch -extensions server_ca_extensions Try it without -batch and with -verbose. And again I'd recommend -create_serial, unless you have some strange requirement to control serial numbers. Browsers in particular may be unhappy if your serial numbers don't conform to the CA/BF Basic Requirements, and it's a pain trying to do that manually. -- Michael Wojcik From keine-eile at e-mail.de Sat Aug 21 17:46:02 2021 From: keine-eile at e-mail.de (Keine Eile) Date: Sat, 21 Aug 2021 19:46:02 +0200 Subject: Need some help signing a certificate request In-Reply-To: <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> Message-ID: <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> Hi rgordey at centerprism.com, the substitution for your CA did not work: 'Subject: CN = $(hostname), O = server'. My recommendation, if you are not familiar with openssl and the command line would be, use XCA, there is a Windows version available. -> https://hohnstaedt.de/xca/ Am 21.08.21 um 19:28 schrieb rgordey at centerprism.com: > The req.pem contents: > > -----BEGIN CERTIFICATE REQUEST----- > MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl > cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb > YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae8KJmK+maeN5Th > +NKKYRvJQaNo5h/62lqJMjuLDZqS9B+WtPmu7ZwWqltIIysmROHOPILGTLnypYNO > g48pThDDEM+2WL6FfqB7zFApjVI893tC7q+YW4ZvRvcC+mdasEJY2lrbPZsnPofL > l3K/hQRMw04Ta3WpvF1GkNJTCZ+dNo65LCMlSArRzIwvap1OlQV8oRaKVMMIqbR7 > WsxOZkwinaDnhyJJcISsemv/dkYqG+lXRGoJUOEl+8kP4bGN4zsLz5EC5v8Eggzm > kHc2I4kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZmrwQpKqZppdX0x0v3AMm > gakW7cBqN99XcltasciDwt0UTIva42DGkNtXSizy40TsNZwPyu7ZRKx6AnRQ4KWY > whKZNUXl1VxcctR/7lW5aR58dDTeiCRZRhk6vMfIYVLPlI+GmCvlS+6s9rV48LHx > /tn3kHh+dskO7+D1f5xy9/A8oWhRsSurkXREuk9v22dgkgBDTbafszb/4F1V4yQN > 6zB7R6UIkzMZ9pVUImV2vjbs2y6bqxes8/t3tQTzfz2P3RfM2LPqgX3nPU80vK/Q > SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv > -----END CERTIFICATE REQUEST----- > > -----Original Message----- > From: openssl-users On Behalf Of Michael Wojcik > Sent: Saturday, August 21, 2021 1:22 PM > To: openssl-users at openssl.org > Subject: RE: Need some help signing a certificate request > >> From: openssl-users On Behalf Of >> rgordey at centerprism.com >> Sent: Saturday, 21 August, 2021 09:48 > >> Thanks for the comment. I have tried both `/` and `\` with no change. > > Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > >> On Sat, Aug 21, 2021 at 09:21 wrote >> When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem >> -out > > We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. > > -- > Michael Wojcik > From rgordey at centerprism.com Sat Aug 21 17:50:34 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 13:50:34 -0400 Subject: Need some help signing a certificate request In-Reply-To: References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> Message-ID: <074501d796b5$0b04a620$210df260$@centerprism.com> It was the index.txt like you said. Thank you. -----Original Message----- From: openssl-users On Behalf Of Michael Wojcik Sent: Saturday, August 21, 2021 1:43 PM To: openssl-users at openssl.org Subject: RE: Need some help signing a certificate request > From: rgordey at centerprism.com > Sent: Saturday, 21 August, 2021 11:26 > > My openssl.cnf (I have tried `\` and `\\` and `/` directory separators): Use forward slashes. Backslashes should work on Windows, but forward slashes work everywhere. I don't know that "\\" will work anywhere. > [ ca ] > default_ca = testca > > [ testca ] > dir = . > certificate = $dir\\ca_certificate.pem database = $dir\\index.txt What's in index.txt? Is it a valid OpenSSL CA index file, or completely empty (zero length)? If it's not either of those, replace it with an empty file, for example with: copy nul index.txt > new_certs_dir = $dir\\certs > private_key = $dir\\private\\ca_private_key.pem These directories exist? > serial = $dir\\serial This file exists? Though you really shouldn't be assigning serial numbers; you should let OpenSSL create them using the -create_serial option. > > default_crl_days = 7 > default_days = 365 > default_md = sha256 > > policy = testca_policy > x509_extensions = certificate_extensions > > [ testca_policy ] > commonName = supplied > stateOrProvinceName = optional > countryName = optional > emailAddress = optional > organizationName = optional > organizationalUnitName = optional > domainComponent = optional > > [ certificate_extensions ] > basicConstraints = CA:false > > [ req ] > default_bits = 2048 > default_keyfile = .\\private\\ca_private_key.pem default_md = sha256 > prompt = yes distinguished_name = root_ca_distinguished_name > x509_extensions = root_ca_extensions > > [ root_ca_distinguished_name ] > commonName = hostname > > [ root_ca_extensions ] > basicConstraints = CA:true > keyUsage = keyCertSign, cRLSign > > [ client_ca_extensions ] > basicConstraints = CA:false > keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = > 1.3.6.1.5.5.7.3.2 Why are you specifying this by OID? Just use "extendedKeyUsage = clientAuth". (I'm assuming a reasonably recent OpenSSL version.) > > [ server_ca_extensions ] > basicConstraints = CA:false > keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = > 1.3.6.1.5.5.7.3.1 Your command line was: > openssl ca -config .\openssl.cnf -in ../server/req.pem -out > server_certificate.pem -notext -batch -extensions server_ca_extensions Try it without -batch and with -verbose. And again I'd recommend -create_serial, unless you have some strange requirement to control serial numbers. Browsers in particular may be unhappy if your serial numbers don't conform to the CA/BF Basic Requirements, and it's a pain trying to do that manually. -- Michael Wojcik From rgordey at centerprism.com Sat Aug 21 17:53:14 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 13:53:14 -0400 Subject: Need some help signing a certificate request In-Reply-To: <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> Message-ID: <074601d796b5$6add6460$40982d20$@centerprism.com> I am fine on the command line. I just need a little help with openssl. Do you have any ideas on setting the hostname with openssl.cnf? -----Original Message----- From: openssl-users On Behalf Of Keine Eile Sent: Saturday, August 21, 2021 1:46 PM To: openssl-users at openssl.org Subject: Re: Need some help signing a certificate request Hi rgordey at centerprism.com, the substitution for your CA did not work: 'Subject: CN = $(hostname), O = server'. My recommendation, if you are not familiar with openssl and the command line would be, use XCA, there is a Windows version available. -> https://hohnstaedt.de/xca/ Am 21.08.21 um 19:28 schrieb rgordey at centerprism.com: > The req.pem contents: > > -----BEGIN CERTIFICATE REQUEST----- > MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl > cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb > YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae8KJmK+maeN5Th > +NKKYRvJQaNo5h/62lqJMjuLDZqS9B+WtPmu7ZwWqltIIysmROHOPILGTLnypYNO > g48pThDDEM+2WL6FfqB7zFApjVI893tC7q+YW4ZvRvcC+mdasEJY2lrbPZsnPofL > l3K/hQRMw04Ta3WpvF1GkNJTCZ+dNo65LCMlSArRzIwvap1OlQV8oRaKVMMIqbR7 > WsxOZkwinaDnhyJJcISsemv/dkYqG+lXRGoJUOEl+8kP4bGN4zsLz5EC5v8Eggzm > kHc2I4kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZmrwQpKqZppdX0x0v3AMm > gakW7cBqN99XcltasciDwt0UTIva42DGkNtXSizy40TsNZwPyu7ZRKx6AnRQ4KWY > whKZNUXl1VxcctR/7lW5aR58dDTeiCRZRhk6vMfIYVLPlI+GmCvlS+6s9rV48LHx > /tn3kHh+dskO7+D1f5xy9/A8oWhRsSurkXREuk9v22dgkgBDTbafszb/4F1V4yQN > 6zB7R6UIkzMZ9pVUImV2vjbs2y6bqxes8/t3tQTzfz2P3RfM2LPqgX3nPU80vK/Q > SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv > -----END CERTIFICATE REQUEST----- > > -----Original Message----- > From: openssl-users On Behalf Of > Michael Wojcik > Sent: Saturday, August 21, 2021 1:22 PM > To: openssl-users at openssl.org > Subject: RE: Need some help signing a certificate request > >> From: openssl-users On Behalf Of >> rgordey at centerprism.com >> Sent: Saturday, 21 August, 2021 09:48 > >> Thanks for the comment. I have tried both `/` and `\` with no change. > > Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > >> On Sat, Aug 21, 2021 at 09:21 wrote >> When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem >> -out > > We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. > > -- > Michael Wojcik > From rgordey at centerprism.com Sat Aug 21 18:11:31 2021 From: rgordey at centerprism.com (rgordey at centerprism.com) Date: Sat, 21 Aug 2021 14:11:31 -0400 Subject: Need some help signing a certificate request In-Reply-To: <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> Message-ID: <07aa01d796b7$f87d45e0$e977d1a0$@centerprism.com> I figured it out: openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=%COMPUTERNAME%/O=server/ -nodes Thanks for you comment. -----Original Message----- From: openssl-users On Behalf Of Keine Eile Sent: Saturday, August 21, 2021 1:46 PM To: openssl-users at openssl.org Subject: Re: Need some help signing a certificate request Hi rgordey at centerprism.com, the substitution for your CA did not work: 'Subject: CN = $(hostname), O = server'. My recommendation, if you are not familiar with openssl and the command line would be, use XCA, there is a Windows version available. -> https://hohnstaedt.de/xca/ Am 21.08.21 um 19:28 schrieb rgordey at centerprism.com: > The req.pem contents: > > -----BEGIN CERTIFICATE REQUEST----- > MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl > cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb > YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae8KJmK+maeN5Th > +NKKYRvJQaNo5h/62lqJMjuLDZqS9B+WtPmu7ZwWqltIIysmROHOPILGTLnypYNO > g48pThDDEM+2WL6FfqB7zFApjVI893tC7q+YW4ZvRvcC+mdasEJY2lrbPZsnPofL > l3K/hQRMw04Ta3WpvF1GkNJTCZ+dNo65LCMlSArRzIwvap1OlQV8oRaKVMMIqbR7 > WsxOZkwinaDnhyJJcISsemv/dkYqG+lXRGoJUOEl+8kP4bGN4zsLz5EC5v8Eggzm > kHc2I4kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZmrwQpKqZppdX0x0v3AMm > gakW7cBqN99XcltasciDwt0UTIva42DGkNtXSizy40TsNZwPyu7ZRKx6AnRQ4KWY > whKZNUXl1VxcctR/7lW5aR58dDTeiCRZRhk6vMfIYVLPlI+GmCvlS+6s9rV48LHx > /tn3kHh+dskO7+D1f5xy9/A8oWhRsSurkXREuk9v22dgkgBDTbafszb/4F1V4yQN > 6zB7R6UIkzMZ9pVUImV2vjbs2y6bqxes8/t3tQTzfz2P3RfM2LPqgX3nPU80vK/Q > SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv > -----END CERTIFICATE REQUEST----- > > -----Original Message----- > From: openssl-users On Behalf Of > Michael Wojcik > Sent: Saturday, August 21, 2021 1:22 PM > To: openssl-users at openssl.org > Subject: RE: Need some help signing a certificate request > >> From: openssl-users On Behalf Of >> rgordey at centerprism.com >> Sent: Saturday, 21 August, 2021 09:48 > >> Thanks for the comment. I have tried both `/` and `\` with no change. > > Most or all Windows APIs, and most programs, support the forward slash as a directory separator. The exceptions are mostly the cmd.exe built-ins. > >> On Sat, Aug 21, 2021 at 09:21 wrote >> When I type ?openssl ca -config .\openssl.cnf -in ../server/req.pem >> -out > > We need to see the contents of openssl.cnf. It might also help to have the CSR (req.pem). Since a CSR doesn't contain the private key (the CA should never see the private key), this is safe to share. > > -- > Michael Wojcik > From keine-eile at e-mail.de Sat Aug 21 18:22:27 2021 From: keine-eile at e-mail.de (Keine Eile) Date: Sat, 21 Aug 2021 20:22:27 +0200 Subject: Need some help signing a certificate request In-Reply-To: <074601d796b5$6add6460$40982d20$@centerprism.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <072b01d796b1$f9926e20$ecb74a60$@centerprism.com> <4e8f4afb-ebf7-dc1f-268f-fd9b04991349@e-mail.de> <074601d796b5$6add6460$40982d20$@centerprism.com> Message-ID: Am 21.08.21 um 19:53 schrieb rgordey at centerprism.com: > I am fine on the command line. I just need a little help with openssl. Do you have any ideas on setting the hostname with openssl.cnf? If it would be bash on Linux, scripting this not a challenge. About Windows: No idea, sorry. From jb-openssl at wisemo.com Mon Aug 23 10:39:42 2021 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Mon, 23 Aug 2021 12:39:42 +0200 Subject: Need some help signing a certificate request In-Reply-To: References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> Message-ID: <3c57087c-c35d-f43f-3bf6-f116147573ed@wisemo.com> On 21/08/2021 19:42, Michael Wojcik wrote: >> From: rgordey at centerprism.com >> Sent: Saturday, 21 August, 2021 11:26 >> >> My openssl.cnf (I have tried `\` and `\\` and `/` directory separators): > Use forward slashes. Backslashes should work on Windows, but forward slashes work everywhere. I don't know that "\\" will work anywhere. \\ works only when invoking a \ expecting program from a unix-like shell that requires each \ to be escaped with a second backslash in order to pass it through.? A typical example is using CygWin bash to invoke a native Win32 program. \\ where neither is an escape (so \\\\ in the above shell situation) is also used in native Windows programs to access a hypothetical root that is above the real file system roots, typically the syntax is "\\machine\share\ordinary\path", where: machine is either a different computer, a "." for a special higher level ? local namespace or "??" for another special namespace. share is the first level below machine, in particular it is the exported ? name of a remote file system or object. ordinary\path is whatever else needs to be added to the path for a ? specific use -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From Michael.Wojcik at microfocus.com Mon Aug 23 13:18:28 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Mon, 23 Aug 2021 13:18:28 +0000 Subject: Need some help signing a certificate request In-Reply-To: <3c57087c-c35d-f43f-3bf6-f116147573ed@wisemo.com> References: <057d01d79697$b4f174b0$1ed45e10$@centerprism.com> <061701d796a3$e6be3620$b43aa260$@centerprism.com> <071f01d796b1$9e6a8dc0$db3fa940$@centerprism.com> <3c57087c-c35d-f43f-3bf6-f116147573ed@wisemo.com> Message-ID: > From: openssl-users On Behalf Of Jakob > Bohm via openssl-users > Sent: Monday, 23 August, 2021 04:40 > > On 21/08/2021 19:42, Michael Wojcik wrote: > >> From: rgordey at centerprism.com > >> Sent: Saturday, 21 August, 2021 11:26 > >> > >> My openssl.cnf (I have tried `\` and `\\` and `/` directory > separators): > > Use forward slashes. Backslashes should work on Windows, but forward > slashes work everywhere. I don't know that "\\" will work anywhere. > \\ works only when invoking a \ expecting program from a unix-like shell > that requires each \ to be escaped with a second backslash in order to > pass it through. A typical example is using CygWin bash to invoke a > native > Win32 program. Yes, I know that. I use bash on Windows as my default shell. I meant I have no idea whether \\ would work in an OpenSSL configuration file on Windows. Windows APIs such as CreateFile normally tolerate extraneous backslashes, but I haven't tested them in OpenSSL configuration files. > \\ where neither is an escape (so \\\\ in the above shell situation) is > also used in native Windows programs to access a hypothetical root that > is above the real file system roots, typically the syntax is > "\\machine\share\ordinary\path", where: I'm well aware of that too. And of the use of \\?\ as a prefix for CreateFileW et alia to enable long paths. That's not relevant in this case, since OP was talking about path separators, not prefixes. -- Michael Wojcik From kamala.ayyar at gmail.com Mon Aug 23 15:22:15 2021 From: kamala.ayyar at gmail.com (Kamala Ayyar) Date: Mon, 23 Aug 2021 11:22:15 -0400 Subject: problems with too many ssl_read and ssl_write errors In-Reply-To: References: Message-ID: Hello Michael, Thank you very much for your detailed response. We previously had checked the Registry settings for TCPIP Parameters and have been using the Default values. I also ran the PowershellScript for the Ephemeral ports and you are correct - the ports are not being exhausted as it used the same inport fort for the clients. We did get CLIENT_WAIT and TIME_WAIT states once on a while using the netstat commands but most times the connections were ESTABLISHED. We get the SSL_ERROR_SYSCALL from SSL_Read and SSL_Write quite often. We never got this error while using the SSL_connect for Client or SSL_accept on the server side. It seems the handshake is done correctly and over a period of time( few hours to 2-3 days random) the SSL_Read /SSL_Write fails. We do not get the *WSAEWOULDBLOCK *error code nor the OpenSSL's version of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error. We get WSAETIMEDOUT on Receive more often and a few times on the Send. We are not using SO_KEEPALIVE but using application specific heartbeat TO to keep the socket alive. Thank you again for the response and we now have a direction to check and probably tweak any timeouts on the application side. We are mainly concerned about the SSL_ERROR_SYSCALL we get quite often on the SSL_Read/Write and the Windows error code is WSAETIMEOUT. Based on blogs and googling we have seen that OpenSSL quite often issues a SSL_ERROR_SYSCALL when a Timeout is encountered ( https://github.com/openssl/openssl/issues/12416) and similar posts We restart our server application and everything gets reset and connections get established. We have looked at the Windows event server logs that have not given us much. Thanks Kamala *Kamala Ayyar* On Thu, Aug 19, 2021 at 6:23 PM Michael Wojcik < Michael.Wojcik at microfocus.com> wrote: > > From: openssl-users On Behalf Of > David Bowers via openssl-users > > Sent: Wednesday, 18 August, 2021 16:38 > > I don't think this is OpenSSL-related, but at this point it's not clear > what the issue is. > > > . After maybe a few hours/days we see the clients dropping connections. > The logs > > indicate the SSL_Read or SSL_Write on the Server fails for a client with > SSL_Error > > number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of > WSATimeOut. We > > then observe the WSAECONNRESET as the Client closed connection. We see > this > > behavior for multiple sites. > > I assume this is a Server-edition version of Windows and you're not trying > to support that kind of connection load on a desktop edition. > > What's set in the Registry under > HKLM\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters? In particular I'd > be suspicious of SynAttackProtect and NetworkThrottlingIndex (which > shouldn't be set on Server, but you never know). > > Many online references will suggest altering settings that affect the > ephemeral-port space, such as TcpTimedWaitDelay, but those are irrelevant > on the server side (since the connection tuples will use the server port, > not an ephemeral port, for the server side). > > Many of the settings under the TCPIP/Performance key are undocumented. > This page describes a number of them: > > > https://forums.alliedmods.net/showpost.php?s=5fedba9ea66557ccea3bfee9e192aaf4&p=1744400&postcount=1 > > It also discusses a number of netsh commands for TCP/IP tuning. > > > . The number of Clients disconnected starts increasing and we see the > logs in the > > Client where the server refuses any more connections form Clients (10061- > > WSAECONNREFUSED) There is nothing to indicate this state in the server > logs. Our > > theory is the backlog is filled and Server refusing further connections. > > That's possible. Windows, unlike BSD-based stacks, sends an RST when the > listen queue is full. (BSD-based stacks simply discard the inbound SYN, > which is a better choice for a number of reasons. Windows did this wrong > and stubbornly refuses to change.) > > You say you're specifying a backlog of 500 in the call to listen(). > Microsoft recommends just passing SOMAXCONN and letting the provider set a > "suitable" value. Worth trying. > > But this appears to be a secondary issue. The primary one seems to be that > for whatever reason you get an increasing number of conversation failures, > and then the client's aggressive retry behavior means you get a cascade of > connection flooding until the listen queues are full. The clients ought to > be changed to use random backoff or another strategy that avoids flooding > the server, but at this point that seems to be addressing a symptom rather > than the underlying problem. > > > . We are trying to find why we get the SSL_Read/SSL_Write Error as it a > Blocking > > socket. We cannot use to a non-blocking socket due to platform and > application > > limitation > > You said you're specifically getting SSL_ERROR_SYSCALL from SSL_read and > SSL_write. That has nothing to do with whether the socket is in blocking > mode -- system calls on blocking sockets can certainly return errors. I > don't understand this question. > > There are any number of reasons why the server's ability to handle this > load might be compromised. Network congestion, bufferbloat, load on the CPU > or NIC (particularly if TCP offload is enabled to the NIC), contention for > DMA, other application I/O, .... Years ago, I had one customer who had > similar problems which turned out to be due to intermittent failures in a > bad DRAM module in the server. Distributed computing is inherently fragile. > > But in my experience, this sort of problem is most often due to one or > more of: > > - Application-logic errors or design issues. Are you multiplexing all > these blocking sockets, or running a thread per conversation, or something > else? > > - Middlebox problems. Routers, load balancers, firewall appliances, and so > forth frequently cause issues. > > - Application firewalls and other "anti-malware" software (much of which > is rubbish) running on the server. > > WSAETIMEDOUT on a send operation, assuming OpenSSL didn't need to do a > receive under the covers for TLS-protocol reasons, could mean that a client > app isn't doing its receives and consequently its receive window has > filled; or it could mean that something is interfering with the delivery of > network traffic in one direction or the other. > > WSAETIMEDOUT on a receive, though, again assuming OpenSSL didn't need to > send under the covers, implies that something set a receive timeout on the > socket, or that a keepalive wasn't responded to in the required time. Are > you setting a receive timeout (typically with SO_RCVTIMEO)? Are you setting > SO_KEEPALIVE? What about SO_KEEPALIVE_VALS? If you're not setting > SO_KEEPALIVE_VALS, what are KeepAliveTime and KeepAliveInterval set to in > the Registry? (See the MSDN docs for SO_KEEPALIVE.) > > Has the system administrator analyzed the Windows event logs and the > network statistics? Has anyone looked at network traces when the problem is > occurring? > > -- > Michael Wojcik > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jb-openssl at wisemo.com Mon Aug 23 18:17:29 2021 From: jb-openssl at wisemo.com (Jakob Bohm) Date: Mon, 23 Aug 2021 20:17:29 +0200 Subject: problems with too many ssl_read and ssl_write errors In-Reply-To: References: Message-ID: <238a68b5-bd84-2501-2cd3-10d47b1876f2@wisemo.com> For the below symptoms, I would recommend a watching the application port with WireShark. This should show any the TLS protocol deviations and any problems in handling and establishing the TCP connections. On 2021-08-19 00:38, David Bowers via openssl-users wrote: > > * We have a server that has around? 2025 clients connected at any > instant. > * Our application creates a Server /Listener socket that then is > converted into a Secure socket using OpenSSL library. This is > compiled and built in a Windows x64 environment.? We also built > the OpenSSL for the Windows. The Listener socket is created with a > default backlog of 500. The Accept socket is non-blocking socket > and waits for connections > * Every Client makes a regular blocking connection to the Server. > The Server accepts the connection after which the Client socket is > converted to a secure socket using the OpenSSL Library. > * The connections are coming at a rate of about 10 connections > /second ?? Not sure about this number. > * We are able to connect to all the clients in a few minutes and it > stays like that for some time.? There constant exchange of > messages between Server(COS) and clients without issues. > * The application logic is to keep trying to connect every timeout. > * After maybe a few hours/days we see the clients dropping > connections. The logs indicate the SSL_Read or SSL_Write on the > Server fails for a client with SSL_Error number 5 > (SSL_ERROR_SYSCALL) and the equivalent Windows error of > WSATimeOut.? We then observe the WSAECONNRESET as the Client > closed connection.? We see this behavior for multiple sites. > * The number of Clients disconnected starts increasing and we see > the logs in the Client where the server refuses any more > connections form Clients (10061- WSAECONNREFUSED) There is nothing > to indicate this state in the server logs. Our theory is the > backlog is filled and Server refusing further connections. > * We are trying to find why we get the SSL_Read/SSL_Write Error as > it a Blocking socket. We cannot use to a non-blocking socket due > to platform and application limitation > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Mon Aug 23 18:41:44 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 23 Aug 2021 14:41:44 -0400 Subject: Set X509 public key in 1.0.2 In-Reply-To: References: Message-ID: On 8/20/2021 7:19 PM, Thomas Dwyer III wrote: > 1.0.2 has X509_PUBKEY_get() (without the zero) which I believe increases the reference count on the EVP_PKEY. > > Perfect! It was not in the 1.0.2 man page, but it seems to be portable across 1.0.1, 1.1.1, 3.0.0. From kgoldman at us.ibm.com Mon Aug 23 19:42:00 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Mon, 23 Aug 2021 15:42:00 -0400 Subject: 3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes Message-ID: I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the _it functions. The code is working, but I'd like a clean compile. 3.0.0 only, 1.0.2 and 1.1.1 are OK. Example: #include #include #include #include typedef struct { ASN1_TIME *notBefore; ASN1_TIME *notAfter; } TPM_PARTIAL_CERT_VALIDITY; ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = { ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME), ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME), } ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) <<<< line 97 is here certifyx509.c:97: warning: no previous prototype for 'TPM_PARTIAL_CERT_VALIDITY_it' From murugesh.pitchaiah at gmail.com Tue Aug 24 07:47:25 2021 From: murugesh.pitchaiah at gmail.com (murugesh pitchaiah) Date: Tue, 24 Aug 2021 13:17:25 +0530 Subject: x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256 Message-ID: Hi, I am working on generating the x509v3 certificates for ssh user. I see with the default_md as 'sha256', in openssl.cnf file, the key/certificate is generated with algorithm type as 'x509v3-sign-rsa'. I see its signature algorithm is : Signature Algorithm: sha256WithRSAEncryption Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Can any one please share how to generate certificate for x509v3-ssh-rsa and x509v3-rsa2048-sha256 ? Basically looking for difference between these three type of public key algorithms ,and how to generate certificate of these types: x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256 Because, even for x509v3-sign-rsa - I see the size is 2048 bit and it is sha256. Is it something to vary in 'default_md' (or newkey rsa:size and -sha) fields to vary to generate these different cert types ? Thanks in advance. Regards, Murugesh P. From dirkx at webweaving.org Tue Aug 24 07:56:57 2021 From: dirkx at webweaving.org (Dirk-Willem van Gulik) Date: Tue, 24 Aug 2021 09:56:57 +0200 Subject: x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256 In-Reply-To: References: Message-ID: <1AAA4B46-5179-4793-9D29-2E37BFA579B8@webweaving.org> On 24 Aug 2021, at 09:47, murugesh pitchaiah wrote: > > Hi, > > I am working on generating the x509v3 certificates for ssh user. I see > with the default_md as 'sha256', in openssl.cnf file, the > key/certificate is generated with algorithm type as 'x509v3-sign-rsa'. > > I see its signature algorithm is : > > Signature Algorithm: sha256WithRSAEncryption > Public Key Algorithm: rsaEncryption > Public-Key: (2048 bit) > > > Can any one please share how to generate certificate for > x509v3-ssh-rsa and x509v3-rsa2048-sha256 ? Basically looking for > difference between these three type of public key algorithms ,and how > to generate certificate of these types: > > x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256 > > Because, even for x509v3-sign-rsa - I see the size is 2048 bit and it > is sha256. Is it something to vary in 'default_md' (or newkey rsa:size > and -sha) fields to vary to generate these different cert types ? Try something like openssl req -new -x509 -newkey rsa:1024 -sha256 -keyout /dev/stdout -nodes -subj /CN=foo |\ openssl x509 -pubkey -noout | openssl rsa -text -pubin -noout openssl req -new -x509 -newkey rsa:1024 -sha256 -keyout /dev/stdout -nodes -subj /CN=foo |\ openssl x509 -text -noout | grep Signature And vary the newkey argument to see what it actually generates as an RSA key. In this example a 1024 bit one. You can also vary sha256 to things like md5, etc. Dw. From matt at openssl.org Tue Aug 24 09:56:55 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 10:56:55 +0100 Subject: 3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes In-Reply-To: References: Message-ID: On 23/08/2021 20:42, Ken Goldman wrote: > I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the > _it functions. > The code is working, but I'd like a clean compile. > > 3.0.0 only, 1.0.2 and 1.1.1 are OK. > > Example: > > #include > #include > #include > #include > > typedef struct { > ??? ASN1_TIME *notBefore; > ??? ASN1_TIME *notAfter; > } TPM_PARTIAL_CERT_VALIDITY; > > ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = { > ??? ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME), > ??? ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME), > } ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY)??? <<<< line 97 is here Change this line to: } static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) Matt From levitte at openssl.org Tue Aug 24 11:32:52 2021 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Aug 2021 13:32:52 +0200 Subject: 3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes In-Reply-To: References: Message-ID: <87a6l7cc2j.wl-levitte@openssl.org> Not sure why it's 3.0.0 only... however, this looks like the usual "you define, so you must declare it first". There are a number of declaration macros for our ASN.1 templates, in this case, I believe that this is what you're looking for: DECLARE_ASN1_ITEM(TPM_PARTIAL_CERT_VALIDITY) Cheers, Richard On Mon, 23 Aug 2021 21:42:00 +0200, Ken Goldman wrote: > > I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the _it functions. > The code is working, but I'd like a clean compile. > > 3.0.0 only, 1.0.2 and 1.1.1 are OK. > > Example: > > #include > #include > #include > #include > > typedef struct { > ASN1_TIME *notBefore; > ASN1_TIME *notAfter; > } TPM_PARTIAL_CERT_VALIDITY; > > ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = { > ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME), > ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME), > } ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) <<<< line 97 is here > > certifyx509.c:97: warning: no previous prototype for 'TPM_PARTIAL_CERT_VALIDITY_it' > > -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From matt at openssl.org Tue Aug 24 14:08:28 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 14:08:28 +0000 Subject: OpenSSL version 1.1.1l published Message-ID: <20210824140828.GA24741@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenSSL version 1.1.1l released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1l of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.1-notes.html OpenSSL 1.1.1l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.1l.tar.gz Size: 9834044 SHA1 checksum: f8819dd31642eebea6cc1fa5c256fc9a4f40809b SHA256 checksum: 0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.1l.tar.gz openssl sha256 openssl-1.1.1l.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9nQACgkQ2cTSbQ5g RJFk2QgAr9NfJzaDqFFDnjCS7bCGyOf77I4P7IFKfD2Ip4BFYUAS//x7rHjyBs/+ LvbXGm1uht8QWvqA+j6jgq/FwHJS0NhYiw8JPh9E/ATqjhx0K3Pe133u8oy4KOWL /yZvc7bm99Fh9kTb+41hYRYqDcnnLvTyjhMT8zTtuZiva3/152zXgSSfbglF9/A5 nnvWRqJMtGX058EuGNpprHT+1HMN/yUr9lkpKR4iHqHTPm/Y+UgQFnwyJnEUDIy3 1yEFiU6FRGyqZL+lLWmv0mORwJRbgFyk1016xMtvR3NsPWITyt9XlkWwExC9mDlG reN5SLCrLyA9mUVzED6ARSMQNINDbg== =hKcH -----END PGP SIGNATURE----- From matt at openssl.org Tue Aug 24 14:16:11 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 14:16:11 +0000 Subject: OpenSSL Security Advisory Message-ID: <20210824141611.GA18839@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenSSL Security Advisory [24 August 2021] ========================================== SM2 Decryption Buffer Overflow (CVE-2021-3711) ============================================== Severity: High In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. OpenSSL versions 1.1.1k and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1l. OpenSSL 1.0.2 is not impacted by this issue. OpenSSL 3.0 alpha/beta releases are also affected but this issue will be addressed before the final release. This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix was developed by Matt Caswell. Read buffer overruns processing ASN.1 strings (CVE-2021-3712) ============================================================= Severity: Moderate ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). OpenSSL versions 1.1.1k and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1l. OpenSSL versions 1.0.2y and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2za. Other users should upgrade to 1.1.1l. An initial instance of this issue in the X509_aux_print() function was reported to OpenSSL on 18th July 2021 by Ingo Schwarze. The bugfix was developed by Ingo Schwarze and first publicly released in OpenBSD-current on 10th July 2021 and subsequently in OpenSSL on 20th July 2021 (commit d9d838ddc). Subsequent analysis by David Benjamin on 17th August 2021 identified more instances of the same bug. Additional analysis was performed by Matt Caswell. Fixes for the additional instances of this issue were developed by Matt Caswell. Note ==== OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. The impact of these issues on OpenSSL 1.1.0 has not been analysed. Users of these versions should upgrade to OpenSSL 1.1.1. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20210824.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk/mUACgkQ2cTSbQ5g RJFqwgf+JbgzTg6LoHNHCIAHkCwHHq2+bZO4ziGbxNxiSv5+37x3jV2iDxdjUeK6 IY87VG0AvjKCD5gN3eMpgOTspO9S2F5fq/q2HE0iIVc8bmR0w3TBvUtFceiBaW2X GyEPxtvG5IG5cMT7vEguk1yq3CgKfXqCz88/gya2YvC/9E7idoyi2UQbEYx+VHRU j5LDGPqYvqaUhWg7FfSCNZ5grdv9pl0A9Kx+HeoIYAi5LZgrcGScm7JpiU7dRa+L 3y1597g6uHOKuGORXkvR9Q61xnNSvOqfV6KLWkMR4PU1a3+Qklpofzub0SZwUIlr bgQ+i2Jm0IMrYHOmG8A9UDzNEqnEjA== =8QGT -----END PGP SIGNATURE----- From wmsopou at gmail.com Tue Aug 24 15:03:35 2021 From: wmsopou at gmail.com (Me Self) Date: Tue, 24 Aug 2021 17:03:35 +0200 Subject: OpenSSL RSA blinding assumes Euler to derive e? Message-ID: Hi All When rsa_crpt.c needs to do blinding of the exponent d and doesn't have the exponent e, it calculates e from d using Euler's phi function (function rsa_get_public_exp). But what if the original exponents e and d were generated using Carmichaels lambda function instead of Euler like the ietf rfc stipulates? Does the Euler based blinding still work? https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_crpt.c -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Tue Aug 24 15:49:28 2021 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 24 Aug 2021 11:49:28 -0400 Subject: OpenSSL RSA blinding assumes Euler to derive e? In-Reply-To: References: Message-ID: On Tue, Aug 24, 2021 at 05:03:35PM +0200, Me Self wrote: > When rsa_crpt.c needs to do blinding of the exponent d and doesn't have the > exponent e, it calculates e from d using Euler's phi function (function > rsa_get_public_exp). But what if the original exponents e and d were > generated using Carmichaels lambda function instead of Euler like the ietf > rfc stipulates? Does the Euler based blinding still work? > > https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_crpt.c If the real public exponent used to generate the key is smaller than lambda(n), the result is the same. Public exponets with O(1k) bits are rather uncommon, so if the "real" exponent is small the computed value is the same. In the very unlikely case of a very large public exponent, and and a d-value computed from lambda(n) rather than phi(n), I'd expect blinding to still work, since an e-value computed via phi(n) is conguent mod lambda(n) to the e value computed via lambda(n). However, if the real phi(n)-based public exponent is larger than lambda(n), one must not leak its reduction mod lambda(n), since that would compromise the key. -- Viktor. From hongyi.zhao at gmail.com Wed Aug 25 04:43:42 2021 From: hongyi.zhao at gmail.com (Hongyi Zhao) Date: Wed, 25 Aug 2021 12:43:42 +0800 Subject: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to imap.gmail.com:993 Message-ID: I'm on Ubuntu 20.04.2 LTS, and test Gmail using the IMAP protocol as follows: ``` $ curl -vx socks5h://127.0.0.1:18889 --ssl imaps://imap.gmail.com:993 --user "hszhao.cn:passwd" * Trying 127.0.0.1:18889... * TCP_NODELAY set * SOCKS5 communication to imap.gmail.com:993 * SOCKS5 connect to imap.gmail.com:993 (remotely resolved) * SOCKS5 request granted. * Connected to 127.0.0.1 (127.0.0.1) port 18889 (#0) * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to imap.gmail.com:993 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to imap.gmail.com:993 ``` While the other testing will succeed: ``` $ curl -vx socks5h://127.0.0.1:7891 --ssl imaps://imap.gmail.com:993 --user "hszhao.cn:passwd" * Trying 127.0.0.1:7891... * TCP_NODELAY set * SOCKS5 communication to imap.gmail.com:993 * SOCKS5 connect to imap.gmail.com:993 (remotely resolved) * SOCKS5 request granted. * Connected to 127.0.0.1 (127.0.0.1) port 7891 (#0) * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * Server certificate: * subject: CN=imap.gmail.com * start date: Aug 16 03:04:33 2021 GMT * expire date: Nov 8 03:04:32 2021 GMT * subjectAltName: host "imap.gmail.com" matched cert's "imap.gmail.com" * issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 * SSL certificate verify ok. * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < * OK Gimap ready for requests from 103.138.53.176 q24mb12571169jar > A001 CAPABILITY < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH < A001 OK Thats all she wrote! q24mb12571169jar > A002 AUTHENTICATE PLAIN AGhzemhhby5jbgBHblVUZVgyNjUxMDM5 < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE APPENDLIMIT=35651584 < A002 OK hszhao.cn at gmail.com authenticated (Success) > A003 LIST "" * < * LIST (\HasNoChildren) "/" "INBOX" * LIST (\HasNoChildren) "/" "INBOX" < * LIST (\HasNoChildren) "/" "Junk" * LIST (\HasNoChildren) "/" "Junk" < * LIST (\HasChildren \Noselect) "/" "[Gmail]" * LIST (\HasChildren \Noselect) "/" "[Gmail]" < * LIST (\All \HasNoChildren) "/" "[Gmail]/All Mail" * LIST (\All \HasNoChildren) "/" "[Gmail]/All Mail" < * LIST (\Drafts \HasNoChildren) "/" "[Gmail]/Drafts" * LIST (\Drafts \HasNoChildren) "/" "[Gmail]/Drafts" < * LIST (\HasNoChildren \Important) "/" "[Gmail]/Important" * LIST (\HasNoChildren \Important) "/" "[Gmail]/Important" < * LIST (\HasNoChildren \Sent) "/" "[Gmail]/Sent Mail" * LIST (\HasNoChildren \Sent) "/" "[Gmail]/Sent Mail" < * LIST (\HasNoChildren \Junk) "/" "[Gmail]/Spam" * LIST (\HasNoChildren \Junk) "/" "[Gmail]/Spam" < * LIST (\Flagged \HasNoChildren) "/" "[Gmail]/Starred" * LIST (\Flagged \HasNoChildren) "/" "[Gmail]/Starred" < * LIST (\HasNoChildren \Trash) "/" "[Gmail]/Trash" * LIST (\HasNoChildren \Trash) "/" "[Gmail]/Trash" < * LIST (\HasNoChildren) "/" "&XeVPXJCuTvY-" * LIST (\HasNoChildren) "/" "&XeVPXJCuTvY-" < * LIST (\HasNoChildren) "/" "&ZTZjbg-" * LIST (\HasNoChildren) "/" "&ZTZjbg-" < * LIST (\HasNoChildren) "/" "&ZcWITHb4UXM-" * LIST (\HasNoChildren) "/" "&ZcWITHb4UXM-" < * LIST (\HasNoChildren) "/" "&ecFOupCuTvY-" * LIST (\HasNoChildren) "/" "&ecFOupCuTvY-" < A003 OK Success * Connection #0 to host 127.0.0.1 left intact ``` Any hints for this problem? Regards, HY -- Assoc. Prof. Hongyi Zhao Theory and Simulation of Materials Hebei Vocational University of Technology and Engineering No. 473, Quannan West Street, Xindu District, Xingtai, Hebei province From ceo.teo.en.ming at gmail.com Wed Aug 25 15:02:42 2021 From: ceo.teo.en.ming at gmail.com (Turritopsis Dohrnii Teo En Ming) Date: Wed, 25 Aug 2021 23:02:42 +0800 Subject: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed Message-ID: Subject: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed Good day from Singapore, I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7-8 hours to solve this problem. I think my boss can probably solve this problem in 10 minutes. I have prepared this extremely short and concise guide to remind myself and everyone how to configure SSL/TLS for Postfix SMTP outgoing Linux mail server. Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL) Country: Singapore Date: 25 August 2021 Wed Singapore Time Type of Publication: Plain Text Document version: 20210825.01 ===BEGINNING OF GUIDE=== Add the following lines to /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache Add the following lines to /etc/postfix/master.cf: submission inet n - n - - smtpd smtps inet n - n - - smtpd Restart Postfix for changes to take effect. # service postfix restart Submission port is 587. SMTPS port is 465. Normal SMTP port is 25. Add the following firewall rules to /etc/sysconfig/iptables. This is to open ports for services/daemons listening on TCP ports 25, 465, and 587. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT Reload firewall rules. # service iptables restart Linux troubleshooting commands: # openssl s_client -connect mail.teo-en-ming-corp.com:25 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect mail.teo-en-ming-corp.com:465 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect mail.teo-en-ming-corp.com:587 -servername mail.teo-en-ming-corp.com -starttls smtp # openssl s_client -connect example.com:[port] -servername example.com # telnet mail.teo-en-ming-corp.com 25 # telnet mail.teo-en-ming-corp.com 465 # telnet mail.teo-en-ming-corp.com 587 ===END OF GUIDE=== You will be able to see STARTTLS in the SMTP banner for Postfix for TCP ports 25, 465 and 587 if you do a Telnet to your mail server. If there are corrections and/or additions to this guide, I will post back here. Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 25 August 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a System Integrator (SI)/computer firm in Singapore. He is an IT enthusiast. -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE----- From ceo.teo.en.ming at gmail.com Wed Aug 25 15:10:22 2021 From: ceo.teo.en.ming at gmail.com (Turritopsis Dohrnii Teo En Ming) Date: Wed, 25 Aug 2021 23:10:22 +0800 Subject: Testing Message-ID: Testing From geekinthelead at gmail.com Wed Aug 25 16:06:14 2021 From: geekinthelead at gmail.com (Kingsley O) Date: Wed, 25 Aug 2021 17:06:14 +0100 Subject: Testing In-Reply-To: References: Message-ID: Please remove my email from this group. Thank you On Wed, Aug 25, 2021 at 4:10 PM Turritopsis Dohrnii Teo En Ming < ceo.teo.en.ming at gmail.com> wrote: > Testing > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsbecker at nexbridge.com Wed Aug 25 17:43:34 2021 From: rsbecker at nexbridge.com (Randall S. Becker) Date: Wed, 25 Aug 2021 13:43:34 -0400 Subject: OpenSSL version 1.1.1l for NonStop TNS/E and TNS/X Binary Builds Published Message-ID: <03b501d799d8$bd2ae690$3780b3b0$@nexbridge.com> Hello OpenSSL Community, Binary builds of OpenSSL version 1.1.1l for the HPE NonStop TNS/E (ia64) and TNS/X (x86) platforms have been published on the ITUGLIB website in its usual place at https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml. The builds consist of: . Unthreaded 32-bit . POSIX User Thread Model (PUT) 32-bit . Standard POSIX Thread (SPT) Model 32-bit . IEEE Float Unthreaded 32-bit build for x86 Please consult the OpenSSL Security Advisory for 1.1.1l for more details on this release. -- Randall S. Becker ITUGLIB Process Designer, Repository Manager, Occasional Porting Dude +1.416.984.9826 NonStop developer since approximately 211288444200000000 UNIX developer since approximately 421664400 -- In my real life, I talk too much. From bill.c.roberts at gmail.com Wed Aug 25 18:20:05 2021 From: bill.c.roberts at gmail.com (William Roberts) Date: Wed, 25 Aug 2021 13:20:05 -0500 Subject: HMAC verification with EVP Interface Message-ID: Hello, I am trying to verify an HMAC signature with the code below and the EVP_DigestVerifyInit() routine is failing with "error:0608F096:digital envelope routines:EVP_PKEY_verify_init:operation not supported for this keytype". Eventually it gets to EVP_PKEY_verify_init() and since the ctx->pmeth->verify pointer is null, it sets this error. It's unclear to me why this function pointer is NULL, can someone elaborate the right way to do this via EVP interfaces? Openssl Version: OpenSSL 1.1.1f 31 Mar 2020 Thanks, Bill /* This is just a testing key */ unsigned char hmac_key[] = { 0x30, 0x33, 0x33, 0x36, 0x61, 0x61, 0x37, 0x39, 0x34, 0x35, 0x61, 0x33, 0x63, 0x61, 0x64, 0x65, 0x63, 0x33, 0x63, 0x62, 0x64, 0x63, 0x36, 0x65, 0x37, 0x39, 0x30, 0x34, 0x33, 0x62, 0x35, 0x62 }; EVP_PKEY *ekey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, hmac_key, sizeof(hmac_key)); assert_non_null(ekey); EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); assert_non_null(mdctx); int rc = EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, ekey); unsigned long x = ERR_get_error(); printf("EVP_DigestSignInit failed, error 0x%lx: %s\n", x, ERR_error_string(x, NULL)); assert_int_equal(rc, 1); rc = EVP_DigestVerifyUpdate(mdctx, msg, msg_len); assert_int_equal(rc, 1); rc = EVP_DigestVerifyFinal(mdctx, sig, sig_len); assert_int_equal(rc, 1); EVP_MD_CTX_free(mdctx); EVP_PKEY_free(ekey); From Michael.Wojcik at microfocus.com Wed Aug 25 23:16:52 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Wed, 25 Aug 2021 23:16:52 +0000 Subject: problems with too many ssl_read and ssl_write errors In-Reply-To: References: Message-ID: > From: Kamala Ayyar > Sent: Monday, 23 August, 2021 09:22 > We get the SSL_ERROR_SYSCALL from SSL_Read and SSL_Write quite often. You'll get SSL_ERROR_SYSCALL any time OpenSSL makes a system call (including, on Windows, a Winsock call) and gets an error. > It seems the handshake is done correctly and over a period of time (few hours > to 2-3 days random)?the SSL_Read /SSL_Write fails.? We do not get the > WSAEWOULDBLOCK error code What is the underlying error, then? Are you logging the result of WSAGetLastError immediately after you get SSL_ERROR_SYSCALL? What about the SSL error stack (with ERR_print_errors_fp or similar)? > nor the OpenSSL's version of?SSL_ERROR_WANT_READ or?SSL_ERROR_WANT_WRITE error. SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE are not related to WSAEWOULDBLOCK, so I'm not sure why you're mentioning them here. > We get WSAETIMEDOUT on Receive more often and a few times on the Send. That's typically the case; generally speaking, a timeout is more likely when receiving (where you are at the mercy of the peer sending data) than when sending (where you simply need the peer to open the receive window and then ACK the sent data, both of which are often possible even if the application is not behaving, depending on the amount of data and other variables). > We are not using SO_KEEPALIVE but using application specific heartbeat TO to > keep the socket alive. That could certainly cause send or receive timeouts on the socket if the peer becomes unresponsive. The same is true of any application-data transmission, of course. ? > Based on blogs and googling we have seen that OpenSSL quite often issues a > SSL_ERROR_SYSCALL when a Timeout is encountered Yes, that's what it should do, if "when a timeout is encountered" means "a socket-API function returns an error due to a timeout". SSL_ERROR_SYSCALL means exactly that: a system call returned an error. I suspect one of the following: - A client application is hanging (or blocking for some other reason), and consequently: - Not sending data, so the server's not receiving data until it times out, or - Not receiving data that the server is sending; that will cause its receive window to fill, and eventually the server's send will time out. - Network issues are transiently preventing data and/or ACK reception by one side or the other. That will also eventually lead to timeouts. -- Michael Wojcik From dipto181 at gmail.com Thu Aug 26 06:06:48 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 00:06:48 -0600 Subject: OpenSSL dynamic engine loading shows error Message-ID: Hello, I have a simple rsa engine code (from engines/e_dasync.c). My code compiles. Command "*$openssl engine -t -c*" shows the following, openssl engine -t -c (rdrand) Intel RDRAND engine [RAND] [ available ] (dynamic) Dynamic engine loading support [ unavailable ] (dasync) Dummy Async engine support [RSA] [ available ] I also modify *openssl.cnf* configuration as following to load this engine, openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] rsa-engine-new = rsa_section [rsa_section] engine_id = rsa-engine-new Then when I run the command "$*openssl engine*", I get the following error, $openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support (dasync) Dummy Async engine support 139633213376256:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:255: 139633213376256:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, value=new_oids 139633213376256:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, retcode=-1 Any help why is this happening? How can I fix this? My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have to compile my engine with the OpenSSL source code to do that? Here is the complete source code of my sample engine, ============================================== #include #include #include #include #include #include #include #include #include #include #include #include /* Engine Id and Name */ static const char *engine_dasync_id = "dasync"; static const char *engine_dasync_name = "Dummy Async engine support"; static int dasync_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { printf("dasync_pub_enc\n"); return 0; } static int dasync_pub_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { printf("dasync_pub_dec\n"); return 0; } static int dasync_rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding){ printf("dasync_rsa_priv_enc\n"); return 0; } static int dasync_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding){ printf("dasync_rsa_priv_dec\n"); return 0; } static RSA_METHOD *dasync_rsa_method = NULL; static int bind_dasync(ENGINE *e){ /* Setup RSA_METHOD */ if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 ) { return 0; } /* Ensure the dasync error handling is set up */ if (!ENGINE_set_id(e, engine_dasync_id) || !ENGINE_set_name(e, engine_dasync_name) || !ENGINE_set_RSA(e, dasync_rsa_method) ) { return 0; } return 1; } static int bind_helper(ENGINE *e, const char *id){ if (!bind_dasync(e)){ printf("2_Error: Inside Bind helper\n"); return 0; } return 1; } IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) IMPLEMENT_DYNAMIC_CHECK_FN() ============================================= Thanks, Shariful -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matthias.St.Pierre at ncp-e.com Thu Aug 26 06:49:57 2021 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Thu, 26 Aug 2021 06:49:57 +0000 Subject: Testing In-Reply-To: References: Message-ID: To unsubscribe, visit https://mta.openssl.org/mailman/listinfo/openssl-users Regards From: openssl-users On Behalf Of Kingsley O Sent: Wednesday, August 25, 2021 6:06 PM To: Turritopsis Dohrnii Teo En Ming Cc: openssl-users at openssl.org Subject: Re: Testing Please remove my email from this group. Thank you On Wed, Aug 25, 2021 at 4:10 PM Turritopsis Dohrnii Teo En Ming > wrote: Testing -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7494 bytes Desc: not available URL: From tomas at openssl.org Thu Aug 26 07:59:38 2021 From: tomas at openssl.org (Tomas Mraz) Date: Thu, 26 Aug 2021 09:59:38 +0200 Subject: HMAC verification with EVP Interface In-Reply-To: References: Message-ID: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote: > Hello, > > I am trying to verify an HMAC signature with the code below and the > EVP_DigestVerifyInit() > routine is failing with "error:0608F096:digital envelope > routines:EVP_PKEY_verify_init:operation not supported for this > keytype". Eventually it gets to EVP_PKEY_verify_init() and since the > ctx->pmeth->verify pointer is null, it sets this error. It's unclear > to me why this function pointer is NULL, can someone elaborate the > right way to do this via EVP interfaces? As HMAC is not a true signature algorithm there is no support for the?EVP_DigestVerifyInit() operation with HMAC 'signatures'. You just have to use EVP_DigestSign*() operation to create a new HMAC and compare with the original value. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From public at enkore.de Thu Aug 26 09:35:24 2021 From: public at enkore.de (d0) Date: Thu, 26 Aug 2021 09:35:24 +0000 Subject: HMAC verification with EVP Interface In-Reply-To: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> References: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> Message-ID: Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular ol' memcmp. -Marian From kgoldman at us.ibm.com Thu Aug 26 12:46:23 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Thu, 26 Aug 2021 08:46:23 -0400 Subject: HMAC verification with EVP Interface In-Reply-To: References: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> Message-ID: On 8/26/2021 5:35 AM, d0 wrote: > Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular > ol' memcmp. What's the rationale? The HMAC result isn't secret. From dipto181 at gmail.com Thu Aug 26 13:23:33 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 07:23:33 -0600 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Any help regarding this matter?? Regards, Shariful On Thu, Aug 26, 2021, 12:06 AM Shariful Alam wrote: > Hello, > > I have a simple rsa engine code (from engines/e_dasync.c). My code > compiles. Command "*$openssl engine -t -c*" shows the following, > > > openssl engine -t -c > > (rdrand) Intel RDRAND engine > > [RAND] > > [ available ] > > (dynamic) Dynamic engine loading support > > [ unavailable ] > > (dasync) Dummy Async engine support > > [RSA] > > [ available ] > > > I also modify *openssl.cnf* configuration as following to load this > engine, > > > openssl_conf = openssl_def > > > [openssl_def] > > engines = engine_section > > > [engine_section] > > rsa-engine-new = rsa_section > > > [rsa_section] > > engine_id = rsa-engine-new > > > Then when I run the command "$*openssl engine*", I get the following > error, > > $openssl engine > > (rdrand) Intel RDRAND engine > > (dynamic) Dynamic engine loading support > > (dasync) Dummy Async engine support > > 139633213376256:error:260AB089:engine > routines:ENGINE_ctrl_cmd_string:invalid cmd > name:crypto/engine/eng_ctrl.c:255: > > 139633213376256:error:260BC066:engine routines:int_engine_configure:engine > configuration error:crypto/engine/eng_cnf.c:141:section=rsa_section, > name=oid_section, value=new_oids > > 139633213376256:error:0E07606D:configuration file > routines:module_run:module initialization > error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, > retcode=-1 > > > Any help why is this happening? How can I fix this? > > My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have to > compile my engine with the OpenSSL source code to do that? > > > Here is the complete source code of my sample engine, > > ============================================== > > > #include > > #include > > > #include > > #include > > #include > > #include > > #include > > #include > > #include > > #include > > #include > > #include > > > /* Engine Id and Name */ > > static const char *engine_dasync_id = "dasync"; > > static const char *engine_dasync_name = "Dummy Async engine support"; > > > static int dasync_pub_enc(int flen, const unsigned char *from, > > unsigned char *to, RSA *rsa, int padding) { > > printf("dasync_pub_enc\n"); > > > > return 0; > > } > > > static int dasync_pub_dec(int flen, const unsigned char *from, > > unsigned char *to, RSA *rsa, int padding) { > > printf("dasync_pub_dec\n"); > > > > return 0; > > } > > > static int dasync_rsa_priv_enc(int flen, const unsigned char *from, > unsigned char *to, RSA *rsa, int padding){ > > printf("dasync_rsa_priv_enc\n"); > > return 0; > > } > > > static int dasync_rsa_priv_dec(int flen, const unsigned char *from, > unsigned char *to, RSA *rsa, int padding){ > > printf("dasync_rsa_priv_dec\n"); > > return 0; > > } > > > > static RSA_METHOD *dasync_rsa_method = NULL; > > > > static int bind_dasync(ENGINE *e){ > > /* Setup RSA_METHOD */ > > if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == > NULL > > || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 > > || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 > > || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) > == 0 > > || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) > == 0 > > ) { > > > return 0; > > } > > > /* Ensure the dasync error handling is set up */ > > > > if (!ENGINE_set_id(e, engine_dasync_id) > > || !ENGINE_set_name(e, engine_dasync_name) > > || !ENGINE_set_RSA(e, dasync_rsa_method) > > ) { > > return 0; > > } > > return 1; > > } > > > static int bind_helper(ENGINE *e, const char *id){ > > if (!bind_dasync(e)){ > > printf("2_Error: Inside Bind helper\n"); > > return 0; > > } > > return 1; > > } > > > IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) > > IMPLEMENT_DYNAMIC_CHECK_FN() > > > ============================================= > > > > > > Thanks, > > Shariful > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Aug 26 13:38:39 2021 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Thu, 26 Aug 2021 15:38:39 +0200 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dear Shariful, 1. Don't hurry :) 2. It looks like there are some more configuration options in your openssl.cnf [rsa_section] I think they came from the standard configuration. So if I am wrong, please provide the whole file. 3. I'd recommend you also update the lines ` static const char *engine_dasync_id = "dasync"; static const char *engine_dasync_name = "Dummy Async engine support"; ` To be consistent with your engine name On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam wrote: > Any help regarding this matter?? > > Regards, > Shariful > > On Thu, Aug 26, 2021, 12:06 AM Shariful Alam wrote: > >> Hello, >> >> I have a simple rsa engine code (from engines/e_dasync.c). My code >> compiles. Command "*$openssl engine -t -c*" shows the following, >> >> >> openssl engine -t -c >> >> (rdrand) Intel RDRAND engine >> >> [RAND] >> >> [ available ] >> >> (dynamic) Dynamic engine loading support >> >> [ unavailable ] >> >> (dasync) Dummy Async engine support >> >> [RSA] >> >> [ available ] >> >> >> I also modify *openssl.cnf* configuration as following to load this >> engine, >> >> >> openssl_conf = openssl_def >> >> >> [openssl_def] >> >> engines = engine_section >> >> >> [engine_section] >> >> rsa-engine-new = rsa_section >> >> >> [rsa_section] >> >> engine_id = rsa-engine-new >> >> >> Then when I run the command "$*openssl engine*", I get the following >> error, >> >> $openssl engine >> >> (rdrand) Intel RDRAND engine >> >> (dynamic) Dynamic engine loading support >> >> (dasync) Dummy Async engine support >> >> 139633213376256:error:260AB089:engine >> routines:ENGINE_ctrl_cmd_string:invalid cmd >> name:crypto/engine/eng_ctrl.c:255: >> >> 139633213376256:error:260BC066:engine >> routines:int_engine_configure:engine configuration >> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >> value=new_oids >> >> 139633213376256:error:0E07606D:configuration file >> routines:module_run:module initialization >> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >> retcode=-1 >> >> >> Any help why is this happening? How can I fix this? >> >> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have to >> compile my engine with the OpenSSL source code to do that? >> >> >> Here is the complete source code of my sample engine, >> >> ============================================== >> >> >> #include >> >> #include >> >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> #include >> >> >> /* Engine Id and Name */ >> >> static const char *engine_dasync_id = "dasync"; >> >> static const char *engine_dasync_name = "Dummy Async engine support"; >> >> >> static int dasync_pub_enc(int flen, const unsigned char *from, >> >> unsigned char *to, RSA *rsa, int padding) { >> >> printf("dasync_pub_enc\n"); >> >> >> >> return 0; >> >> } >> >> >> static int dasync_pub_dec(int flen, const unsigned char *from, >> >> unsigned char *to, RSA *rsa, int padding) { >> >> printf("dasync_pub_dec\n"); >> >> >> >> return 0; >> >> } >> >> >> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >> unsigned char *to, RSA *rsa, int padding){ >> >> printf("dasync_rsa_priv_enc\n"); >> >> return 0; >> >> } >> >> >> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >> unsigned char *to, RSA *rsa, int padding){ >> >> printf("dasync_rsa_priv_dec\n"); >> >> return 0; >> >> } >> >> >> >> static RSA_METHOD *dasync_rsa_method = NULL; >> >> >> >> static int bind_dasync(ENGINE *e){ >> >> /* Setup RSA_METHOD */ >> >> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) >> == NULL >> >> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 >> >> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 >> >> || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) >> == 0 >> >> || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) >> == 0 >> >> ) { >> >> >> return 0; >> >> } >> >> >> /* Ensure the dasync error handling is set up */ >> >> >> >> if (!ENGINE_set_id(e, engine_dasync_id) >> >> || !ENGINE_set_name(e, engine_dasync_name) >> >> || !ENGINE_set_RSA(e, dasync_rsa_method) >> >> ) { >> >> return 0; >> >> } >> >> return 1; >> >> } >> >> >> static int bind_helper(ENGINE *e, const char *id){ >> >> if (!bind_dasync(e)){ >> >> printf("2_Error: Inside Bind helper\n"); >> >> return 0; >> >> } >> >> return 1; >> >> } >> >> >> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >> >> IMPLEMENT_DYNAMIC_CHECK_FN() >> >> >> ============================================= >> >> >> >> >> >> Thanks, >> >> Shariful >> >> -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matthias.St.Pierre at ncp-e.com Thu Aug 26 13:45:35 2021 From: Matthias.St.Pierre at ncp-e.com (Dr. Matthias St. Pierre) Date: Thu, 26 Aug 2021 13:45:35 +0000 Subject: Testing In-Reply-To: References: Message-ID: <3355a6bb672e4d66a07c9ebcb7dd6263@ncp-e.com> I?ll take care of it and ask the administrator to remove it manually if possible. From: Kingsley O Sent: Thursday, August 26, 2021 3:41 PM To: Dr. Matthias St. Pierre Cc: openssl-users at openssl.org Subject: Re: Testing Didn't work..:-( Did not receive email to complete the unsubscribe process On Thu, Aug 26, 2021 at 7:50 AM Dr. Matthias St. Pierre > wrote: To unsubscribe, visit https://mta.openssl.org/mailman/listinfo/openssl-users Regards [NCP engingeering GmbH] Dr. Matthias St. Pierre Tech Lead Cryptography matthias.st.pierre at ncp-e.com Phone: +49 911 9968-0 www.ncp-e.com Follow us on: Facebook | Twitter | Xing | YouTube | LinkedIn Headquarters Germany: NCP engineering GmbH ? Dombuehler Str. 2 ? 90449 ? Nuremberg North American HQ: NCP engineering Inc. ? 601 Cleveland Str., Suite 501-25 ? Clearwater, FL 33755 Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619 This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof. From: openssl-users > On Behalf Of Kingsley O Sent: Wednesday, August 25, 2021 6:06 PM To: Turritopsis Dohrnii Teo En Ming > Cc: openssl-users at openssl.org Subject: Re: Testing Please remove my email from this group. Thank you On Wed, Aug 25, 2021 at 4:10 PM Turritopsis Dohrnii Teo En Ming > wrote: Testing -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 10138 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7494 bytes Desc: not available URL: From dfulger at gmx.com Thu Aug 26 13:47:47 2021 From: dfulger at gmx.com (Dan Fulger) Date: Thu, 26 Aug 2021 15:47:47 +0200 Subject: An idiosyncratic port of OpenSSL 1.1.1l to OS/400 ILE Message-ID: This port is for ILE (native OS/400)?not PASE (PASE is almost like Unix, and already comes with OpenSSL). ? The idiosyncrasies are explained in the README.as400 file in AS400patch.tar.gz. I had to rewrite the EBCDIC support in clienthellotest.c. ? AS400patch.tar.gz (large patch for OpenSSL and other files): https://drive.google.com/file/d/1fttbz2T9wtVUMyre0i7ExzXmVLg2spO8/view?usp=sharing ? AS400_GNU.tar.gz (source for GNU/IBM tools required to build OpenSSL in ILE environment): https://drive.google.com/open?id=1DeKIE32nmUpvk7fvrcSYlflUn_k1CBso From dipto181 at gmail.com Thu Aug 26 16:20:35 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 10:20:35 -0600 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dmitry, Thank you for your response. As you have suggested, I have changed my engine name to maintain with the configuration file /* Engine Id and Name */ static const char *engine_rsa_id = "rsa-engine-new"; static const char *engine_rsa_name = "Dummy RSA engine for testing"; Here is my whole *openssl.cnf* file content ============================================================================================================================= # # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # # Note that you can include other files from the main configuration # file using the .include directive. #.include filename # This definition stops the following lines choking if HOME isn't # defined. HOME = . openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] rsa-engine-new = rsa_section [rsa_section] engine_id = rsa-engine-new # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: # extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) [ new_oids ] # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 # Policies used by the TSA examples. tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several certs with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key x509_extensions = usr_cert # The extensions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret # output_password = secret # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] # These extensions are added when 'ca' signs a request. # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName # This is required for TSA certificates. # extendedKeyUsage = critical,timeStamping [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA # PKIX recommendation. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = critical,CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign # Some might want this also # nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] # CRL extensions. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo #################################################################### [ tsa ] default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. dir = ./demoCA # TSA root directory serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate # (optional) certs = $dir/cacert.pem # Certificate chain to include in reply # (optional) signer_key = $dir/private/tsakey.pem # The TSA private key (optional) signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) clock_precision_digits = 0 # number of digits after dot. (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) ess_cert_id_alg = sha1 # algorithm to compute certificate # identifier (optional, default: sha1) On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky wrote: > Dear Shariful, > > 1. Don't hurry :) > 2. It looks like there are some more configuration options in your > openssl.cnf [rsa_section] > I think they came from the standard configuration. So if I am wrong, > please provide the whole file. > 3. I'd recommend you also update the lines > ` > static const char *engine_dasync_id = "dasync"; > static const char *engine_dasync_name = "Dummy Async engine support"; > ` > To be consistent with your engine name > > On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam wrote: > >> Any help regarding this matter?? >> >> Regards, >> Shariful >> >> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam wrote: >> >>> Hello, >>> >>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>> compiles. Command "*$openssl engine -t -c*" shows the following, >>> >>> >>> openssl engine -t -c >>> >>> (rdrand) Intel RDRAND engine >>> >>> [RAND] >>> >>> [ available ] >>> >>> (dynamic) Dynamic engine loading support >>> >>> [ unavailable ] >>> >>> (dasync) Dummy Async engine support >>> >>> [RSA] >>> >>> [ available ] >>> >>> >>> I also modify *openssl.cnf* configuration as following to load this >>> engine, >>> >>> >>> openssl_conf = openssl_def >>> >>> >>> [openssl_def] >>> >>> engines = engine_section >>> >>> >>> [engine_section] >>> >>> rsa-engine-new = rsa_section >>> >>> >>> [rsa_section] >>> >>> engine_id = rsa-engine-new >>> >>> >>> Then when I run the command "$*openssl engine*", I get the following >>> error, >>> >>> $openssl engine >>> >>> (rdrand) Intel RDRAND engine >>> >>> (dynamic) Dynamic engine loading support >>> >>> (dasync) Dummy Async engine support >>> >>> 139633213376256:error:260AB089:engine >>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>> name:crypto/engine/eng_ctrl.c:255: >>> >>> 139633213376256:error:260BC066:engine >>> routines:int_engine_configure:engine configuration >>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>> value=new_oids >>> >>> 139633213376256:error:0E07606D:configuration file >>> routines:module_run:module initialization >>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>> retcode=-1 >>> >>> >>> Any help why is this happening? How can I fix this? >>> >>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have >>> to compile my engine with the OpenSSL source code to do that? >>> >>> >>> Here is the complete source code of my sample engine, >>> >>> ============================================== >>> >>> >>> #include >>> >>> #include >>> >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> #include >>> >>> >>> /* Engine Id and Name */ >>> >>> static const char *engine_dasync_id = "dasync"; >>> >>> static const char *engine_dasync_name = "Dummy Async engine support"; >>> >>> >>> static int dasync_pub_enc(int flen, const unsigned char *from, >>> >>> unsigned char *to, RSA *rsa, int padding) { >>> >>> printf("dasync_pub_enc\n"); >>> >>> >>> >>> return 0; >>> >>> } >>> >>> >>> static int dasync_pub_dec(int flen, const unsigned char *from, >>> >>> unsigned char *to, RSA *rsa, int padding) { >>> >>> printf("dasync_pub_dec\n"); >>> >>> >>> >>> return 0; >>> >>> } >>> >>> >>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>> unsigned char *to, RSA *rsa, int padding){ >>> >>> printf("dasync_rsa_priv_enc\n"); >>> >>> return 0; >>> >>> } >>> >>> >>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>> unsigned char *to, RSA *rsa, int padding){ >>> >>> printf("dasync_rsa_priv_dec\n"); >>> >>> return 0; >>> >>> } >>> >>> >>> >>> static RSA_METHOD *dasync_rsa_method = NULL; >>> >>> >>> >>> static int bind_dasync(ENGINE *e){ >>> >>> /* Setup RSA_METHOD */ >>> >>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) >>> == NULL >>> >>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 >>> >>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 >>> >>> || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) >>> == 0 >>> >>> || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) >>> == 0 >>> >>> ) { >>> >>> >>> return 0; >>> >>> } >>> >>> >>> /* Ensure the dasync error handling is set up */ >>> >>> >>> >>> if (!ENGINE_set_id(e, engine_dasync_id) >>> >>> || !ENGINE_set_name(e, engine_dasync_name) >>> >>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>> >>> ) { >>> >>> return 0; >>> >>> } >>> >>> return 1; >>> >>> } >>> >>> >>> static int bind_helper(ENGINE *e, const char *id){ >>> >>> if (!bind_dasync(e)){ >>> >>> printf("2_Error: Inside Bind helper\n"); >>> >>> return 0; >>> >>> } >>> >>> return 1; >>> >>> } >>> >>> >>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>> >>> IMPLEMENT_DYNAMIC_CHECK_FN() >>> >>> >>> ============================================= >>> >>> >>> >>> >>> >>> Thanks, >>> >>> Shariful >>> >>> > > -- > SY, Dmitry Belyavsky > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dipto181 at gmail.com Thu Aug 26 16:26:59 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 10:26:59 -0600 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dear Dmitry, In case if it helps, I have installed my OpenSSL from the source code and my current version is OpenSSL 1.1.1c 28 May 2019 Regards, Shariful Alam On Thu, Aug 26, 2021 at 10:20 AM Shariful Alam wrote: > Dmitry, > Thank you for your response. > > As you have suggested, I have changed my engine name to maintain with the > configuration file > > /* Engine Id and Name */ > static const char *engine_rsa_id = "rsa-engine-new"; > static const char *engine_rsa_name = "Dummy RSA engine for testing"; > > Here is my whole *openssl.cnf* file content > > ============================================================================================================================= > > # > # OpenSSL example configuration file. > # This is mostly being used for generation of certificate requests. > # > > # Note that you can include other files from the main configuration > # file using the .include directive. > #.include filename > > # This definition stops the following lines choking if HOME isn't > # defined. > HOME = . > > openssl_conf = openssl_def > > [openssl_def] > engines = engine_section > > [engine_section] > rsa-engine-new = rsa_section > > [rsa_section] > engine_id = rsa-engine-new > > # Extra OBJECT IDENTIFIER info: > #oid_file = $ENV::HOME/.oid > oid_section = new_oids > > # To use this configuration file with the "-extfile" option of the > # "openssl x509" utility, name here the section containing the > # X.509v3 extensions to use: > # extensions = > # (Alternatively, use a configuration file that has only > # X.509v3 extensions in its main [= default] section.) > > [ new_oids ] > > # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. > # Add a simple OID like this: > # testoid1=1.2.3.4 > # Or use config file substitution like this: > # testoid2=${testoid1}.5.6 > > # Policies used by the TSA examples. > tsa_policy1 = 1.2.3.4.1 > tsa_policy2 = 1.2.3.4.5.6 > tsa_policy3 = 1.2.3.4.5.7 > > #################################################################### > [ ca ] > default_ca = CA_default # The default ca section > > #################################################################### > [ CA_default ] > > dir = ./demoCA # Where everything is kept > certs = $dir/certs # Where the issued certs are kept > crl_dir = $dir/crl # Where the issued crl are kept > database = $dir/index.txt # database index file. > #unique_subject = no # Set to 'no' to allow creation of > # several certs with same subject. > new_certs_dir = $dir/newcerts # default place for new certs. > > certificate = $dir/cacert.pem # The CA certificate > serial = $dir/serial # The current serial number > crlnumber = $dir/crlnumber # the current crl number > # must be commented out to leave a V1 CRL > crl = $dir/crl.pem # The current CRL > private_key = $dir/private/cakey.pem# The private key > > x509_extensions = usr_cert # The extensions to add to the cert > > # Comment out the following two lines for the "traditional" > # (and highly broken) format. > name_opt = ca_default # Subject Name options > cert_opt = ca_default # Certificate field options > > # Extension copying option: use with caution. > # copy_extensions = copy > > # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs > # so this is commented out by default to leave a V1 CRL. > # crlnumber must also be commented out to leave a V1 CRL. > # crl_extensions = crl_ext > > default_days = 365 # how long to certify for > default_crl_days= 30 # how long before next CRL > default_md = default # use public key default MD > preserve = no # keep passed DN ordering > > # A few difference way of specifying how similar the request should look > # For type CA, the listed attributes must be the same, and the optional > # and supplied fields are just that :-) > policy = policy_match > > # For the CA policy > [ policy_match ] > countryName = match > stateOrProvinceName = optional > organizationName = optional > organizationalUnitName = optional > commonName = supplied > emailAddress = optional > > # For the 'anything' policy > # At this point in time, you must list all acceptable 'object' > # types. > [ policy_anything ] > countryName = optional > stateOrProvinceName = optional > localityName = optional > organizationName = optional > organizationalUnitName = optional > commonName = supplied > emailAddress = optional > > #################################################################### > [ req ] > default_bits = 2048 > default_keyfile = privkey.pem > distinguished_name = req_distinguished_name > attributes = req_attributes > x509_extensions = v3_ca # The extensions to add to the self signed cert > > # Passwords for private keys if not present they will be prompted for > # input_password = secret > # output_password = secret > > # This sets a mask for permitted string types. There are several options. > # default: PrintableString, T61String, BMPString. > # pkix : PrintableString, BMPString (PKIX recommendation before 2004) > # utf8only: only UTF8Strings (PKIX recommendation after 2004). > # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). > # MASK:XXXX a literal mask value. > # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. > string_mask = utf8only > > # req_extensions = v3_req # The extensions to add to a certificate request > > [ req_distinguished_name ] > countryName = Country Name (2 letter code) > countryName_default = AU > countryName_min = 2 > countryName_max = 2 > > stateOrProvinceName = State or Province Name (full name) > stateOrProvinceName_default = Some-State > > localityName = Locality Name (eg, city) > > 0.organizationName = Organization Name (eg, company) > 0.organizationName_default = Internet Widgits Pty Ltd > > # we can do this but it is not needed normally :-) > #1.organizationName = Second Organization Name (eg, company) > #1.organizationName_default = World Wide Web Pty Ltd > > organizationalUnitName = Organizational Unit Name (eg, section) > #organizationalUnitName_default = > > commonName = Common Name (e.g. server FQDN or YOUR name) > commonName_max = 64 > > emailAddress = Email Address > emailAddress_max = 64 > > # SET-ex3 = SET extension number 3 > > [ req_attributes ] > challengePassword = A challenge password > challengePassword_min = 4 > challengePassword_max = 20 > > unstructuredName = An optional company name > > [ usr_cert ] > > # These extensions are added when 'ca' signs a request. > > # This goes against PKIX guidelines but some CAs do it and some software > # requires this to avoid interpreting an end user certificate as a CA. > > basicConstraints=CA:FALSE > > # Here are some examples of the usage of nsCertType. If it is omitted > # the certificate can be used for anything *except* object signing. > > # This is OK for an SSL server. > # nsCertType = server > > # For an object signing certificate this would be used. > # nsCertType = objsign > > # For normal client use this is typical > # nsCertType = client, email > > # and for everything including object signing: > # nsCertType = client, email, objsign > > # This is typical in keyUsage for a client certificate. > # keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > # This will be displayed in Netscape's comment listbox. > nsComment = "OpenSSL Generated Certificate" > > # PKIX recommendations harmless if included in all certificates. > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > > # This stuff is for subjectAltName and issuerAltname. > # Import the email address. > # subjectAltName=email:copy > # An alternative to produce certificates that aren't > # deprecated according to PKIX. > # subjectAltName=email:move > > # Copy subject details > # issuerAltName=issuer:copy > > #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem > #nsBaseUrl > #nsRevocationUrl > #nsRenewalUrl > #nsCaPolicyUrl > #nsSslServerName > > # This is required for TSA certificates. > # extendedKeyUsage = critical,timeStamping > > [ v3_req ] > > # Extensions to add to a certificate request > > basicConstraints = CA:FALSE > keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > [ v3_ca ] > > > # Extensions for a typical CA > > > # PKIX recommendation. > > subjectKeyIdentifier=hash > > authorityKeyIdentifier=keyid:always,issuer > > basicConstraints = critical,CA:true > > # Key usage: this is typical for a CA certificate. However since it will > # prevent it being used as an test self-signed certificate it is best > # left out by default. > # keyUsage = cRLSign, keyCertSign > > # Some might want this also > # nsCertType = sslCA, emailCA > > # Include email address in subject alt name: another PKIX recommendation > # subjectAltName=email:copy > # Copy issuer details > # issuerAltName=issuer:copy > > # DER hex encoding of an extension: beware experts only! > # obj=DER:02:03 > # Where 'obj' is a standard or added object > # You can even override a supported extension: > # basicConstraints= critical, DER:30:03:01:01:FF > > [ crl_ext ] > > # CRL extensions. > # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. > > # issuerAltName=issuer:copy > authorityKeyIdentifier=keyid:always > > [ proxy_cert_ext ] > # These extensions should be added when creating a proxy certificate > > # This goes against PKIX guidelines but some CAs do it and some software > # requires this to avoid interpreting an end user certificate as a CA. > > basicConstraints=CA:FALSE > > # Here are some examples of the usage of nsCertType. If it is omitted > # the certificate can be used for anything *except* object signing. > > # This is OK for an SSL server. > # nsCertType = server > > # For an object signing certificate this would be used. > # nsCertType = objsign > > # For normal client use this is typical > # nsCertType = client, email > > # and for everything including object signing: > # nsCertType = client, email, objsign > > # This is typical in keyUsage for a client certificate. > # keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > # This will be displayed in Netscape's comment listbox. > nsComment = "OpenSSL Generated Certificate" > > # PKIX recommendations harmless if included in all certificates. > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > > # This stuff is for subjectAltName and issuerAltname. > # Import the email address. > # subjectAltName=email:copy > # An alternative to produce certificates that aren't > # deprecated according to PKIX. > # subjectAltName=email:move > > # Copy subject details > # issuerAltName=issuer:copy > > #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem > #nsBaseUrl > #nsRevocationUrl > #nsRenewalUrl > #nsCaPolicyUrl > #nsSslServerName > > # This really needs to be in place for it to be a proxy certificate. > proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo > > #################################################################### > [ tsa ] > > default_tsa = tsa_config1 # the default TSA section > > [ tsa_config1 ] > > # These are used by the TSA reply generation only. > dir = ./demoCA # TSA root directory > serial = $dir/tsaserial # The current serial number (mandatory) > crypto_device = builtin # OpenSSL engine to use for signing > signer_cert = $dir/tsacert.pem # The TSA signing certificate > # (optional) > certs = $dir/cacert.pem # Certificate chain to include in reply > # (optional) > signer_key = $dir/private/tsakey.pem # The TSA private key (optional) > signer_digest = sha256 # Signing digest to use. (Optional) > default_policy = tsa_policy1 # Policy if request did not specify it > # (optional) > other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) > digests = sha1, sha256, sha384, sha512 # Acceptable message digests > (mandatory) > accuracy = secs:1, millisecs:500, microsecs:100 # (optional) > clock_precision_digits = 0 # number of digits after dot. (optional) > ordering = yes # Is ordering defined for timestamps? > # (optional, default: no) > tsa_name = yes # Must the TSA name be included in the reply? > # (optional, default: no) > ess_cert_id_chain = no # Must the ESS cert id chain be included? > # (optional, default: no) > ess_cert_id_alg = sha1 # algorithm to compute certificate > # identifier (optional, default: sha1) > > > On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky > wrote: > >> Dear Shariful, >> >> 1. Don't hurry :) >> 2. It looks like there are some more configuration options in your >> openssl.cnf [rsa_section] >> I think they came from the standard configuration. So if I am wrong, >> please provide the whole file. >> 3. I'd recommend you also update the lines >> ` >> static const char *engine_dasync_id = "dasync"; >> static const char *engine_dasync_name = "Dummy Async engine support"; >> ` >> To be consistent with your engine name >> >> On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam wrote: >> >>> Any help regarding this matter?? >>> >>> Regards, >>> Shariful >>> >>> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam wrote: >>> >>>> Hello, >>>> >>>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>>> compiles. Command "*$openssl engine -t -c*" shows the following, >>>> >>>> >>>> openssl engine -t -c >>>> >>>> (rdrand) Intel RDRAND engine >>>> >>>> [RAND] >>>> >>>> [ available ] >>>> >>>> (dynamic) Dynamic engine loading support >>>> >>>> [ unavailable ] >>>> >>>> (dasync) Dummy Async engine support >>>> >>>> [RSA] >>>> >>>> [ available ] >>>> >>>> >>>> I also modify *openssl.cnf* configuration as following to load this >>>> engine, >>>> >>>> >>>> openssl_conf = openssl_def >>>> >>>> >>>> [openssl_def] >>>> >>>> engines = engine_section >>>> >>>> >>>> [engine_section] >>>> >>>> rsa-engine-new = rsa_section >>>> >>>> >>>> [rsa_section] >>>> >>>> engine_id = rsa-engine-new >>>> >>>> >>>> Then when I run the command "$*openssl engine*", I get the following >>>> error, >>>> >>>> $openssl engine >>>> >>>> (rdrand) Intel RDRAND engine >>>> >>>> (dynamic) Dynamic engine loading support >>>> >>>> (dasync) Dummy Async engine support >>>> >>>> 139633213376256:error:260AB089:engine >>>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>>> name:crypto/engine/eng_ctrl.c:255: >>>> >>>> 139633213376256:error:260BC066:engine >>>> routines:int_engine_configure:engine configuration >>>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>>> value=new_oids >>>> >>>> 139633213376256:error:0E07606D:configuration file >>>> routines:module_run:module initialization >>>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>>> retcode=-1 >>>> >>>> >>>> Any help why is this happening? How can I fix this? >>>> >>>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have >>>> to compile my engine with the OpenSSL source code to do that? >>>> >>>> >>>> Here is the complete source code of my sample engine, >>>> >>>> ============================================== >>>> >>>> >>>> #include >>>> >>>> #include >>>> >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> >>>> /* Engine Id and Name */ >>>> >>>> static const char *engine_dasync_id = "dasync"; >>>> >>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>> >>>> >>>> static int dasync_pub_enc(int flen, const unsigned char *from, >>>> >>>> unsigned char *to, RSA *rsa, int padding) { >>>> >>>> printf("dasync_pub_enc\n"); >>>> >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_pub_dec(int flen, const unsigned char *from, >>>> >>>> unsigned char *to, RSA *rsa, int padding) { >>>> >>>> printf("dasync_pub_dec\n"); >>>> >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>>> unsigned char *to, RSA *rsa, int padding){ >>>> >>>> printf("dasync_rsa_priv_enc\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>>> unsigned char *to, RSA *rsa, int padding){ >>>> >>>> printf("dasync_rsa_priv_dec\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> >>>> static RSA_METHOD *dasync_rsa_method = NULL; >>>> >>>> >>>> >>>> static int bind_dasync(ENGINE *e){ >>>> >>>> /* Setup RSA_METHOD */ >>>> >>>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) >>>> == NULL >>>> >>>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 >>>> >>>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 >>>> >>>> || RSA_meth_set_priv_enc(dasync_rsa_method, >>>> dasync_rsa_priv_enc) == 0 >>>> >>>> || RSA_meth_set_priv_dec(dasync_rsa_method, >>>> dasync_rsa_priv_dec) == 0 >>>> >>>> ) { >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> /* Ensure the dasync error handling is set up */ >>>> >>>> >>>> >>>> if (!ENGINE_set_id(e, engine_dasync_id) >>>> >>>> || !ENGINE_set_name(e, engine_dasync_name) >>>> >>>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>>> >>>> ) { >>>> >>>> return 0; >>>> >>>> } >>>> >>>> return 1; >>>> >>>> } >>>> >>>> >>>> static int bind_helper(ENGINE *e, const char *id){ >>>> >>>> if (!bind_dasync(e)){ >>>> >>>> printf("2_Error: Inside Bind helper\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> return 1; >>>> >>>> } >>>> >>>> >>>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>>> >>>> IMPLEMENT_DYNAMIC_CHECK_FN() >>>> >>>> >>>> ============================================= >>>> >>>> >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Shariful >>>> >>>> >> >> -- >> SY, Dmitry Belyavsky >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Aug 26 16:29:38 2021 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Thu, 26 Aug 2021 18:29:38 +0200 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: As I suspected, you have the remnants of main openssl config just after your only directive in the [rsa_section] I'd suggest you moving the following lines ========= [openssl_def] engines = engine_section [engine_section] rsa-engine-new = rsa_section [rsa_section] engine_id = rsa-engine-new ========== to the end of your openssl.cnf On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam wrote: > Dmitry, > Thank you for your response. > > As you have suggested, I have changed my engine name to maintain with the > configuration file > > /* Engine Id and Name */ > static const char *engine_rsa_id = "rsa-engine-new"; > static const char *engine_rsa_name = "Dummy RSA engine for testing"; > > Here is my whole *openssl.cnf* file content > > ============================================================================================================================= > > # > # OpenSSL example configuration file. > # This is mostly being used for generation of certificate requests. > # > > # Note that you can include other files from the main configuration > # file using the .include directive. > #.include filename > > # This definition stops the following lines choking if HOME isn't > # defined. > HOME = . > > openssl_conf = openssl_def > > [openssl_def] > engines = engine_section > > [engine_section] > rsa-engine-new = rsa_section > > [rsa_section] > engine_id = rsa-engine-new > > # Extra OBJECT IDENTIFIER info: > #oid_file = $ENV::HOME/.oid > oid_section = new_oids > > # To use this configuration file with the "-extfile" option of the > # "openssl x509" utility, name here the section containing the > # X.509v3 extensions to use: > # extensions = > # (Alternatively, use a configuration file that has only > # X.509v3 extensions in its main [= default] section.) > > [ new_oids ] > > # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. > # Add a simple OID like this: > # testoid1=1.2.3.4 > # Or use config file substitution like this: > # testoid2=${testoid1}.5.6 > > # Policies used by the TSA examples. > tsa_policy1 = 1.2.3.4.1 > tsa_policy2 = 1.2.3.4.5.6 > tsa_policy3 = 1.2.3.4.5.7 > > #################################################################### > [ ca ] > default_ca = CA_default # The default ca section > > #################################################################### > [ CA_default ] > > dir = ./demoCA # Where everything is kept > certs = $dir/certs # Where the issued certs are kept > crl_dir = $dir/crl # Where the issued crl are kept > database = $dir/index.txt # database index file. > #unique_subject = no # Set to 'no' to allow creation of > # several certs with same subject. > new_certs_dir = $dir/newcerts # default place for new certs. > > certificate = $dir/cacert.pem # The CA certificate > serial = $dir/serial # The current serial number > crlnumber = $dir/crlnumber # the current crl number > # must be commented out to leave a V1 CRL > crl = $dir/crl.pem # The current CRL > private_key = $dir/private/cakey.pem# The private key > > x509_extensions = usr_cert # The extensions to add to the cert > > # Comment out the following two lines for the "traditional" > # (and highly broken) format. > name_opt = ca_default # Subject Name options > cert_opt = ca_default # Certificate field options > > # Extension copying option: use with caution. > # copy_extensions = copy > > # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs > # so this is commented out by default to leave a V1 CRL. > # crlnumber must also be commented out to leave a V1 CRL. > # crl_extensions = crl_ext > > default_days = 365 # how long to certify for > default_crl_days= 30 # how long before next CRL > default_md = default # use public key default MD > preserve = no # keep passed DN ordering > > # A few difference way of specifying how similar the request should look > # For type CA, the listed attributes must be the same, and the optional > # and supplied fields are just that :-) > policy = policy_match > > # For the CA policy > [ policy_match ] > countryName = match > stateOrProvinceName = optional > organizationName = optional > organizationalUnitName = optional > commonName = supplied > emailAddress = optional > > # For the 'anything' policy > # At this point in time, you must list all acceptable 'object' > # types. > [ policy_anything ] > countryName = optional > stateOrProvinceName = optional > localityName = optional > organizationName = optional > organizationalUnitName = optional > commonName = supplied > emailAddress = optional > > #################################################################### > [ req ] > default_bits = 2048 > default_keyfile = privkey.pem > distinguished_name = req_distinguished_name > attributes = req_attributes > x509_extensions = v3_ca # The extensions to add to the self signed cert > > # Passwords for private keys if not present they will be prompted for > # input_password = secret > # output_password = secret > > # This sets a mask for permitted string types. There are several options. > # default: PrintableString, T61String, BMPString. > # pkix : PrintableString, BMPString (PKIX recommendation before 2004) > # utf8only: only UTF8Strings (PKIX recommendation after 2004). > # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). > # MASK:XXXX a literal mask value. > # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. > string_mask = utf8only > > # req_extensions = v3_req # The extensions to add to a certificate request > > [ req_distinguished_name ] > countryName = Country Name (2 letter code) > countryName_default = AU > countryName_min = 2 > countryName_max = 2 > > stateOrProvinceName = State or Province Name (full name) > stateOrProvinceName_default = Some-State > > localityName = Locality Name (eg, city) > > 0.organizationName = Organization Name (eg, company) > 0.organizationName_default = Internet Widgits Pty Ltd > > # we can do this but it is not needed normally :-) > #1.organizationName = Second Organization Name (eg, company) > #1.organizationName_default = World Wide Web Pty Ltd > > organizationalUnitName = Organizational Unit Name (eg, section) > #organizationalUnitName_default = > > commonName = Common Name (e.g. server FQDN or YOUR name) > commonName_max = 64 > > emailAddress = Email Address > emailAddress_max = 64 > > # SET-ex3 = SET extension number 3 > > [ req_attributes ] > challengePassword = A challenge password > challengePassword_min = 4 > challengePassword_max = 20 > > unstructuredName = An optional company name > > [ usr_cert ] > > # These extensions are added when 'ca' signs a request. > > # This goes against PKIX guidelines but some CAs do it and some software > # requires this to avoid interpreting an end user certificate as a CA. > > basicConstraints=CA:FALSE > > # Here are some examples of the usage of nsCertType. If it is omitted > # the certificate can be used for anything *except* object signing. > > # This is OK for an SSL server. > # nsCertType = server > > # For an object signing certificate this would be used. > # nsCertType = objsign > > # For normal client use this is typical > # nsCertType = client, email > > # and for everything including object signing: > # nsCertType = client, email, objsign > > # This is typical in keyUsage for a client certificate. > # keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > # This will be displayed in Netscape's comment listbox. > nsComment = "OpenSSL Generated Certificate" > > # PKIX recommendations harmless if included in all certificates. > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > > # This stuff is for subjectAltName and issuerAltname. > # Import the email address. > # subjectAltName=email:copy > # An alternative to produce certificates that aren't > # deprecated according to PKIX. > # subjectAltName=email:move > > # Copy subject details > # issuerAltName=issuer:copy > > #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem > #nsBaseUrl > #nsRevocationUrl > #nsRenewalUrl > #nsCaPolicyUrl > #nsSslServerName > > # This is required for TSA certificates. > # extendedKeyUsage = critical,timeStamping > > [ v3_req ] > > # Extensions to add to a certificate request > > basicConstraints = CA:FALSE > keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > [ v3_ca ] > > > # Extensions for a typical CA > > > # PKIX recommendation. > > subjectKeyIdentifier=hash > > authorityKeyIdentifier=keyid:always,issuer > > basicConstraints = critical,CA:true > > # Key usage: this is typical for a CA certificate. However since it will > # prevent it being used as an test self-signed certificate it is best > # left out by default. > # keyUsage = cRLSign, keyCertSign > > # Some might want this also > # nsCertType = sslCA, emailCA > > # Include email address in subject alt name: another PKIX recommendation > # subjectAltName=email:copy > # Copy issuer details > # issuerAltName=issuer:copy > > # DER hex encoding of an extension: beware experts only! > # obj=DER:02:03 > # Where 'obj' is a standard or added object > # You can even override a supported extension: > # basicConstraints= critical, DER:30:03:01:01:FF > > [ crl_ext ] > > # CRL extensions. > # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. > > # issuerAltName=issuer:copy > authorityKeyIdentifier=keyid:always > > [ proxy_cert_ext ] > # These extensions should be added when creating a proxy certificate > > # This goes against PKIX guidelines but some CAs do it and some software > # requires this to avoid interpreting an end user certificate as a CA. > > basicConstraints=CA:FALSE > > # Here are some examples of the usage of nsCertType. If it is omitted > # the certificate can be used for anything *except* object signing. > > # This is OK for an SSL server. > # nsCertType = server > > # For an object signing certificate this would be used. > # nsCertType = objsign > > # For normal client use this is typical > # nsCertType = client, email > > # and for everything including object signing: > # nsCertType = client, email, objsign > > # This is typical in keyUsage for a client certificate. > # keyUsage = nonRepudiation, digitalSignature, keyEncipherment > > # This will be displayed in Netscape's comment listbox. > nsComment = "OpenSSL Generated Certificate" > > # PKIX recommendations harmless if included in all certificates. > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid,issuer > > # This stuff is for subjectAltName and issuerAltname. > # Import the email address. > # subjectAltName=email:copy > # An alternative to produce certificates that aren't > # deprecated according to PKIX. > # subjectAltName=email:move > > # Copy subject details > # issuerAltName=issuer:copy > > #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem > #nsBaseUrl > #nsRevocationUrl > #nsRenewalUrl > #nsCaPolicyUrl > #nsSslServerName > > # This really needs to be in place for it to be a proxy certificate. > proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo > > #################################################################### > [ tsa ] > > default_tsa = tsa_config1 # the default TSA section > > [ tsa_config1 ] > > # These are used by the TSA reply generation only. > dir = ./demoCA # TSA root directory > serial = $dir/tsaserial # The current serial number (mandatory) > crypto_device = builtin # OpenSSL engine to use for signing > signer_cert = $dir/tsacert.pem # The TSA signing certificate > # (optional) > certs = $dir/cacert.pem # Certificate chain to include in reply > # (optional) > signer_key = $dir/private/tsakey.pem # The TSA private key (optional) > signer_digest = sha256 # Signing digest to use. (Optional) > default_policy = tsa_policy1 # Policy if request did not specify it > # (optional) > other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) > digests = sha1, sha256, sha384, sha512 # Acceptable message digests > (mandatory) > accuracy = secs:1, millisecs:500, microsecs:100 # (optional) > clock_precision_digits = 0 # number of digits after dot. (optional) > ordering = yes # Is ordering defined for timestamps? > # (optional, default: no) > tsa_name = yes # Must the TSA name be included in the reply? > # (optional, default: no) > ess_cert_id_chain = no # Must the ESS cert id chain be included? > # (optional, default: no) > ess_cert_id_alg = sha1 # algorithm to compute certificate > # identifier (optional, default: sha1) > > > On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky > wrote: > >> Dear Shariful, >> >> 1. Don't hurry :) >> 2. It looks like there are some more configuration options in your >> openssl.cnf [rsa_section] >> I think they came from the standard configuration. So if I am wrong, >> please provide the whole file. >> 3. I'd recommend you also update the lines >> ` >> static const char *engine_dasync_id = "dasync"; >> static const char *engine_dasync_name = "Dummy Async engine support"; >> ` >> To be consistent with your engine name >> >> On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam wrote: >> >>> Any help regarding this matter?? >>> >>> Regards, >>> Shariful >>> >>> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam wrote: >>> >>>> Hello, >>>> >>>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>>> compiles. Command "*$openssl engine -t -c*" shows the following, >>>> >>>> >>>> openssl engine -t -c >>>> >>>> (rdrand) Intel RDRAND engine >>>> >>>> [RAND] >>>> >>>> [ available ] >>>> >>>> (dynamic) Dynamic engine loading support >>>> >>>> [ unavailable ] >>>> >>>> (dasync) Dummy Async engine support >>>> >>>> [RSA] >>>> >>>> [ available ] >>>> >>>> >>>> I also modify *openssl.cnf* configuration as following to load this >>>> engine, >>>> >>>> >>>> openssl_conf = openssl_def >>>> >>>> >>>> [openssl_def] >>>> >>>> engines = engine_section >>>> >>>> >>>> [engine_section] >>>> >>>> rsa-engine-new = rsa_section >>>> >>>> >>>> [rsa_section] >>>> >>>> engine_id = rsa-engine-new >>>> >>>> >>>> Then when I run the command "$*openssl engine*", I get the following >>>> error, >>>> >>>> $openssl engine >>>> >>>> (rdrand) Intel RDRAND engine >>>> >>>> (dynamic) Dynamic engine loading support >>>> >>>> (dasync) Dummy Async engine support >>>> >>>> 139633213376256:error:260AB089:engine >>>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>>> name:crypto/engine/eng_ctrl.c:255: >>>> >>>> 139633213376256:error:260BC066:engine >>>> routines:int_engine_configure:engine configuration >>>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>>> value=new_oids >>>> >>>> 139633213376256:error:0E07606D:configuration file >>>> routines:module_run:module initialization >>>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>>> retcode=-1 >>>> >>>> >>>> Any help why is this happening? How can I fix this? >>>> >>>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have >>>> to compile my engine with the OpenSSL source code to do that? >>>> >>>> >>>> Here is the complete source code of my sample engine, >>>> >>>> ============================================== >>>> >>>> >>>> #include >>>> >>>> #include >>>> >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> #include >>>> >>>> >>>> /* Engine Id and Name */ >>>> >>>> static const char *engine_dasync_id = "dasync"; >>>> >>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>> >>>> >>>> static int dasync_pub_enc(int flen, const unsigned char *from, >>>> >>>> unsigned char *to, RSA *rsa, int padding) { >>>> >>>> printf("dasync_pub_enc\n"); >>>> >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_pub_dec(int flen, const unsigned char *from, >>>> >>>> unsigned char *to, RSA *rsa, int padding) { >>>> >>>> printf("dasync_pub_dec\n"); >>>> >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>>> unsigned char *to, RSA *rsa, int padding){ >>>> >>>> printf("dasync_rsa_priv_enc\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>>> unsigned char *to, RSA *rsa, int padding){ >>>> >>>> printf("dasync_rsa_priv_dec\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> >>>> static RSA_METHOD *dasync_rsa_method = NULL; >>>> >>>> >>>> >>>> static int bind_dasync(ENGINE *e){ >>>> >>>> /* Setup RSA_METHOD */ >>>> >>>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) >>>> == NULL >>>> >>>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 >>>> >>>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 >>>> >>>> || RSA_meth_set_priv_enc(dasync_rsa_method, >>>> dasync_rsa_priv_enc) == 0 >>>> >>>> || RSA_meth_set_priv_dec(dasync_rsa_method, >>>> dasync_rsa_priv_dec) == 0 >>>> >>>> ) { >>>> >>>> >>>> return 0; >>>> >>>> } >>>> >>>> >>>> /* Ensure the dasync error handling is set up */ >>>> >>>> >>>> >>>> if (!ENGINE_set_id(e, engine_dasync_id) >>>> >>>> || !ENGINE_set_name(e, engine_dasync_name) >>>> >>>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>>> >>>> ) { >>>> >>>> return 0; >>>> >>>> } >>>> >>>> return 1; >>>> >>>> } >>>> >>>> >>>> static int bind_helper(ENGINE *e, const char *id){ >>>> >>>> if (!bind_dasync(e)){ >>>> >>>> printf("2_Error: Inside Bind helper\n"); >>>> >>>> return 0; >>>> >>>> } >>>> >>>> return 1; >>>> >>>> } >>>> >>>> >>>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>>> >>>> IMPLEMENT_DYNAMIC_CHECK_FN() >>>> >>>> >>>> ============================================= >>>> >>>> >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Shariful >>>> >>>> >> >> -- >> SY, Dmitry Belyavsky >> > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Thu Aug 26 17:28:13 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 26 Aug 2021 17:28:13 +0000 Subject: problems with too many ssl_read and ssl_write errors In-Reply-To: References: Message-ID: Please reply to the list rather than to me directly. > From: Kamala Ayyar > Sent: Thursday, 26 August, 2021 08:57 > We call the WSAGetLastError immediately after SSL_ERROR_SYSCALL and we get the > WSAETIMEDOUT OK. This wasn't entirely clear to me from your previous message. So you are getting a network-stack timeout on a sockets operation; this isn't a TLS protocol issue or anything else at a level above the network stack. > We also call the ERR_print_errors(bio); but it displays a blank line. We call > ERR_clear_error() before the SSL_read as mentioned in the manual. I'm not sure why that might be happening. It may be that OpenSSL doesn't log any error messages in this case; I'd have to look at the OpenSSL source code to figure that out. > The ERR_print_errors() does not print anything- Is the error getting cleared > because we called the WSAGetLastError() ? That shouldn't affect the OpenSSL error list. > Is there an order in which the Windows WSAGetLastError() should be called before > SSL_get_error()? I don't believe so. They should be independent. The OpenSSL error list is maintained by OpenSSL; WSAGetLastError retrieves the Winsock error code. The two don't share data. > We will try changing some of the timeouts on either side and try. Make sure that's stack timeouts you're changing: calls to setsockopt, or Registry settings if you're not overriding them on your sockets. Application-level timeouts aren't the issue here. You may need to involve a network administrator to look at network interface statistics, check wire traces to see if receive windows are closed, and look for interference from middleboxes such as routers and firewall appliances or from application firewalls, IDSes, and so on. These sorts of issues are not uncommon when there are load balancers, traffic-inspecting firewalls, or the like interfering with network traffic. -- Michael Wojcik From dipto181 at gmail.com Thu Aug 26 17:55:47 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 11:55:47 -0600 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dear Dmitry, Thank you very much. After moving the above section at the end of the configuration file and add the dynamic path to the shared library like the following, ================== [rsa_section] engine_id = rsa-engine-new dynamic_path = /opt/openssl/lib/engines-1.1/rsa-engine-new.so ================== My engine load without any error. Thanks. One more question, Do I need to compile and install my engine with Openssl source code in-order for it to work with mod_ssl? Regards, Shariful Alam On Thu, Aug 26, 2021 at 10:30 AM Dmitry Belyavsky wrote: > As I suspected, you have the remnants of main openssl config just after > your only directive in the [rsa_section] > > I'd suggest you moving the following lines > > ========= > [openssl_def] > engines = engine_section > > [engine_section] > rsa-engine-new = rsa_section > > [rsa_section] > engine_id = rsa-engine-new > ========== > to the end of your openssl.cnf > > On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam wrote: > >> Dmitry, >> Thank you for your response. >> >> As you have suggested, I have changed my engine name to maintain with the >> configuration file >> >> /* Engine Id and Name */ >> static const char *engine_rsa_id = "rsa-engine-new"; >> static const char *engine_rsa_name = "Dummy RSA engine for testing"; >> >> Here is my whole *openssl.cnf* file content >> >> ============================================================================================================================= >> >> # >> # OpenSSL example configuration file. >> # This is mostly being used for generation of certificate requests. >> # >> >> # Note that you can include other files from the main configuration >> # file using the .include directive. >> #.include filename >> >> # This definition stops the following lines choking if HOME isn't >> # defined. >> HOME = . >> >> openssl_conf = openssl_def >> >> [openssl_def] >> engines = engine_section >> >> [engine_section] >> rsa-engine-new = rsa_section >> >> [rsa_section] >> engine_id = rsa-engine-new >> >> # Extra OBJECT IDENTIFIER info: >> #oid_file = $ENV::HOME/.oid >> oid_section = new_oids >> >> # To use this configuration file with the "-extfile" option of the >> # "openssl x509" utility, name here the section containing the >> # X.509v3 extensions to use: >> # extensions = >> # (Alternatively, use a configuration file that has only >> # X.509v3 extensions in its main [= default] section.) >> >> [ new_oids ] >> >> # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. >> # Add a simple OID like this: >> # testoid1=1.2.3.4 >> # Or use config file substitution like this: >> # testoid2=${testoid1}.5.6 >> >> # Policies used by the TSA examples. >> tsa_policy1 = 1.2.3.4.1 >> tsa_policy2 = 1.2.3.4.5.6 >> tsa_policy3 = 1.2.3.4.5.7 >> >> #################################################################### >> [ ca ] >> default_ca = CA_default # The default ca section >> >> #################################################################### >> [ CA_default ] >> >> dir = ./demoCA # Where everything is kept >> certs = $dir/certs # Where the issued certs are kept >> crl_dir = $dir/crl # Where the issued crl are kept >> database = $dir/index.txt # database index file. >> #unique_subject = no # Set to 'no' to allow creation of >> # several certs with same subject. >> new_certs_dir = $dir/newcerts # default place for new certs. >> >> certificate = $dir/cacert.pem # The CA certificate >> serial = $dir/serial # The current serial number >> crlnumber = $dir/crlnumber # the current crl number >> # must be commented out to leave a V1 CRL >> crl = $dir/crl.pem # The current CRL >> private_key = $dir/private/cakey.pem# The private key >> >> x509_extensions = usr_cert # The extensions to add to the cert >> >> # Comment out the following two lines for the "traditional" >> # (and highly broken) format. >> name_opt = ca_default # Subject Name options >> cert_opt = ca_default # Certificate field options >> >> # Extension copying option: use with caution. >> # copy_extensions = copy >> >> # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 >> CRLs >> # so this is commented out by default to leave a V1 CRL. >> # crlnumber must also be commented out to leave a V1 CRL. >> # crl_extensions = crl_ext >> >> default_days = 365 # how long to certify for >> default_crl_days= 30 # how long before next CRL >> default_md = default # use public key default MD >> preserve = no # keep passed DN ordering >> >> # A few difference way of specifying how similar the request should look >> # For type CA, the listed attributes must be the same, and the optional >> # and supplied fields are just that :-) >> policy = policy_match >> >> # For the CA policy >> [ policy_match ] >> countryName = match >> stateOrProvinceName = optional >> organizationName = optional >> organizationalUnitName = optional >> commonName = supplied >> emailAddress = optional >> >> # For the 'anything' policy >> # At this point in time, you must list all acceptable 'object' >> # types. >> [ policy_anything ] >> countryName = optional >> stateOrProvinceName = optional >> localityName = optional >> organizationName = optional >> organizationalUnitName = optional >> commonName = supplied >> emailAddress = optional >> >> #################################################################### >> [ req ] >> default_bits = 2048 >> default_keyfile = privkey.pem >> distinguished_name = req_distinguished_name >> attributes = req_attributes >> x509_extensions = v3_ca # The extensions to add to the self signed cert >> >> # Passwords for private keys if not present they will be prompted for >> # input_password = secret >> # output_password = secret >> >> # This sets a mask for permitted string types. There are several options. >> # default: PrintableString, T61String, BMPString. >> # pkix : PrintableString, BMPString (PKIX recommendation before 2004) >> # utf8only: only UTF8Strings (PKIX recommendation after 2004). >> # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). >> # MASK:XXXX a literal mask value. >> # WARNING: ancient versions of Netscape crash on BMPStrings or >> UTF8Strings. >> string_mask = utf8only >> >> # req_extensions = v3_req # The extensions to add to a certificate request >> >> [ req_distinguished_name ] >> countryName = Country Name (2 letter code) >> countryName_default = AU >> countryName_min = 2 >> countryName_max = 2 >> >> stateOrProvinceName = State or Province Name (full name) >> stateOrProvinceName_default = Some-State >> >> localityName = Locality Name (eg, city) >> >> 0.organizationName = Organization Name (eg, company) >> 0.organizationName_default = Internet Widgits Pty Ltd >> >> # we can do this but it is not needed normally :-) >> #1.organizationName = Second Organization Name (eg, company) >> #1.organizationName_default = World Wide Web Pty Ltd >> >> organizationalUnitName = Organizational Unit Name (eg, section) >> #organizationalUnitName_default = >> >> commonName = Common Name (e.g. server FQDN or YOUR name) >> commonName_max = 64 >> >> emailAddress = Email Address >> emailAddress_max = 64 >> >> # SET-ex3 = SET extension number 3 >> >> [ req_attributes ] >> challengePassword = A challenge password >> challengePassword_min = 4 >> challengePassword_max = 20 >> >> unstructuredName = An optional company name >> >> [ usr_cert ] >> >> # These extensions are added when 'ca' signs a request. >> >> # This goes against PKIX guidelines but some CAs do it and some software >> # requires this to avoid interpreting an end user certificate as a CA. >> >> basicConstraints=CA:FALSE >> >> # Here are some examples of the usage of nsCertType. If it is omitted >> # the certificate can be used for anything *except* object signing. >> >> # This is OK for an SSL server. >> # nsCertType = server >> >> # For an object signing certificate this would be used. >> # nsCertType = objsign >> >> # For normal client use this is typical >> # nsCertType = client, email >> >> # and for everything including object signing: >> # nsCertType = client, email, objsign >> >> # This is typical in keyUsage for a client certificate. >> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >> >> # This will be displayed in Netscape's comment listbox. >> nsComment = "OpenSSL Generated Certificate" >> >> # PKIX recommendations harmless if included in all certificates. >> subjectKeyIdentifier=hash >> authorityKeyIdentifier=keyid,issuer >> >> # This stuff is for subjectAltName and issuerAltname. >> # Import the email address. >> # subjectAltName=email:copy >> # An alternative to produce certificates that aren't >> # deprecated according to PKIX. >> # subjectAltName=email:move >> >> # Copy subject details >> # issuerAltName=issuer:copy >> >> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >> #nsBaseUrl >> #nsRevocationUrl >> #nsRenewalUrl >> #nsCaPolicyUrl >> #nsSslServerName >> >> # This is required for TSA certificates. >> # extendedKeyUsage = critical,timeStamping >> >> [ v3_req ] >> >> # Extensions to add to a certificate request >> >> basicConstraints = CA:FALSE >> keyUsage = nonRepudiation, digitalSignature, keyEncipherment >> >> [ v3_ca ] >> >> >> # Extensions for a typical CA >> >> >> # PKIX recommendation. >> >> subjectKeyIdentifier=hash >> >> authorityKeyIdentifier=keyid:always,issuer >> >> basicConstraints = critical,CA:true >> >> # Key usage: this is typical for a CA certificate. However since it will >> # prevent it being used as an test self-signed certificate it is best >> # left out by default. >> # keyUsage = cRLSign, keyCertSign >> >> # Some might want this also >> # nsCertType = sslCA, emailCA >> >> # Include email address in subject alt name: another PKIX recommendation >> # subjectAltName=email:copy >> # Copy issuer details >> # issuerAltName=issuer:copy >> >> # DER hex encoding of an extension: beware experts only! >> # obj=DER:02:03 >> # Where 'obj' is a standard or added object >> # You can even override a supported extension: >> # basicConstraints= critical, DER:30:03:01:01:FF >> >> [ crl_ext ] >> >> # CRL extensions. >> # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. >> >> # issuerAltName=issuer:copy >> authorityKeyIdentifier=keyid:always >> >> [ proxy_cert_ext ] >> # These extensions should be added when creating a proxy certificate >> >> # This goes against PKIX guidelines but some CAs do it and some software >> # requires this to avoid interpreting an end user certificate as a CA. >> >> basicConstraints=CA:FALSE >> >> # Here are some examples of the usage of nsCertType. If it is omitted >> # the certificate can be used for anything *except* object signing. >> >> # This is OK for an SSL server. >> # nsCertType = server >> >> # For an object signing certificate this would be used. >> # nsCertType = objsign >> >> # For normal client use this is typical >> # nsCertType = client, email >> >> # and for everything including object signing: >> # nsCertType = client, email, objsign >> >> # This is typical in keyUsage for a client certificate. >> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >> >> # This will be displayed in Netscape's comment listbox. >> nsComment = "OpenSSL Generated Certificate" >> >> # PKIX recommendations harmless if included in all certificates. >> subjectKeyIdentifier=hash >> authorityKeyIdentifier=keyid,issuer >> >> # This stuff is for subjectAltName and issuerAltname. >> # Import the email address. >> # subjectAltName=email:copy >> # An alternative to produce certificates that aren't >> # deprecated according to PKIX. >> # subjectAltName=email:move >> >> # Copy subject details >> # issuerAltName=issuer:copy >> >> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >> #nsBaseUrl >> #nsRevocationUrl >> #nsRenewalUrl >> #nsCaPolicyUrl >> #nsSslServerName >> >> # This really needs to be in place for it to be a proxy certificate. >> proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo >> >> #################################################################### >> [ tsa ] >> >> default_tsa = tsa_config1 # the default TSA section >> >> [ tsa_config1 ] >> >> # These are used by the TSA reply generation only. >> dir = ./demoCA # TSA root directory >> serial = $dir/tsaserial # The current serial number (mandatory) >> crypto_device = builtin # OpenSSL engine to use for signing >> signer_cert = $dir/tsacert.pem # The TSA signing certificate >> # (optional) >> certs = $dir/cacert.pem # Certificate chain to include in reply >> # (optional) >> signer_key = $dir/private/tsakey.pem # The TSA private key (optional) >> signer_digest = sha256 # Signing digest to use. (Optional) >> default_policy = tsa_policy1 # Policy if request did not specify it >> # (optional) >> other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) >> digests = sha1, sha256, sha384, sha512 # Acceptable message digests >> (mandatory) >> accuracy = secs:1, millisecs:500, microsecs:100 # (optional) >> clock_precision_digits = 0 # number of digits after dot. (optional) >> ordering = yes # Is ordering defined for timestamps? >> # (optional, default: no) >> tsa_name = yes # Must the TSA name be included in the reply? >> # (optional, default: no) >> ess_cert_id_chain = no # Must the ESS cert id chain be included? >> # (optional, default: no) >> ess_cert_id_alg = sha1 # algorithm to compute certificate >> # identifier (optional, default: sha1) >> >> >> On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky >> wrote: >> >>> Dear Shariful, >>> >>> 1. Don't hurry :) >>> 2. It looks like there are some more configuration options in your >>> openssl.cnf [rsa_section] >>> I think they came from the standard configuration. So if I am wrong, >>> please provide the whole file. >>> 3. I'd recommend you also update the lines >>> ` >>> static const char *engine_dasync_id = "dasync"; >>> static const char *engine_dasync_name = "Dummy Async engine support"; >>> ` >>> To be consistent with your engine name >>> >>> On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam >>> wrote: >>> >>>> Any help regarding this matter?? >>>> >>>> Regards, >>>> Shariful >>>> >>>> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>>>> compiles. Command "*$openssl engine -t -c*" shows the following, >>>>> >>>>> >>>>> openssl engine -t -c >>>>> >>>>> (rdrand) Intel RDRAND engine >>>>> >>>>> [RAND] >>>>> >>>>> [ available ] >>>>> >>>>> (dynamic) Dynamic engine loading support >>>>> >>>>> [ unavailable ] >>>>> >>>>> (dasync) Dummy Async engine support >>>>> >>>>> [RSA] >>>>> >>>>> [ available ] >>>>> >>>>> >>>>> I also modify *openssl.cnf* configuration as following to load this >>>>> engine, >>>>> >>>>> >>>>> openssl_conf = openssl_def >>>>> >>>>> >>>>> [openssl_def] >>>>> >>>>> engines = engine_section >>>>> >>>>> >>>>> [engine_section] >>>>> >>>>> rsa-engine-new = rsa_section >>>>> >>>>> >>>>> [rsa_section] >>>>> >>>>> engine_id = rsa-engine-new >>>>> >>>>> >>>>> Then when I run the command "$*openssl engine*", I get the following >>>>> error, >>>>> >>>>> $openssl engine >>>>> >>>>> (rdrand) Intel RDRAND engine >>>>> >>>>> (dynamic) Dynamic engine loading support >>>>> >>>>> (dasync) Dummy Async engine support >>>>> >>>>> 139633213376256:error:260AB089:engine >>>>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>>>> name:crypto/engine/eng_ctrl.c:255: >>>>> >>>>> 139633213376256:error:260BC066:engine >>>>> routines:int_engine_configure:engine configuration >>>>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>>>> value=new_oids >>>>> >>>>> 139633213376256:error:0E07606D:configuration file >>>>> routines:module_run:module initialization >>>>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>>>> retcode=-1 >>>>> >>>>> >>>>> Any help why is this happening? How can I fix this? >>>>> >>>>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have >>>>> to compile my engine with the OpenSSL source code to do that? >>>>> >>>>> >>>>> Here is the complete source code of my sample engine, >>>>> >>>>> ============================================== >>>>> >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> #include >>>>> >>>>> >>>>> /* Engine Id and Name */ >>>>> >>>>> static const char *engine_dasync_id = "dasync"; >>>>> >>>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>>> >>>>> >>>>> static int dasync_pub_enc(int flen, const unsigned char *from, >>>>> >>>>> unsigned char *to, RSA *rsa, int padding) { >>>>> >>>>> printf("dasync_pub_enc\n"); >>>>> >>>>> >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> >>>>> static int dasync_pub_dec(int flen, const unsigned char *from, >>>>> >>>>> unsigned char *to, RSA *rsa, int padding) { >>>>> >>>>> printf("dasync_pub_dec\n"); >>>>> >>>>> >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> >>>>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>>>> unsigned char *to, RSA *rsa, int padding){ >>>>> >>>>> printf("dasync_rsa_priv_enc\n"); >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> >>>>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>>>> unsigned char *to, RSA *rsa, int padding){ >>>>> >>>>> printf("dasync_rsa_priv_dec\n"); >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> >>>>> >>>>> static RSA_METHOD *dasync_rsa_method = NULL; >>>>> >>>>> >>>>> >>>>> static int bind_dasync(ENGINE *e){ >>>>> >>>>> /* Setup RSA_METHOD */ >>>>> >>>>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", >>>>> 0)) == NULL >>>>> >>>>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 >>>>> >>>>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 >>>>> >>>>> || RSA_meth_set_priv_enc(dasync_rsa_method, >>>>> dasync_rsa_priv_enc) == 0 >>>>> >>>>> || RSA_meth_set_priv_dec(dasync_rsa_method, >>>>> dasync_rsa_priv_dec) == 0 >>>>> >>>>> ) { >>>>> >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> >>>>> /* Ensure the dasync error handling is set up */ >>>>> >>>>> >>>>> >>>>> if (!ENGINE_set_id(e, engine_dasync_id) >>>>> >>>>> || !ENGINE_set_name(e, engine_dasync_name) >>>>> >>>>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>>>> >>>>> ) { >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> return 1; >>>>> >>>>> } >>>>> >>>>> >>>>> static int bind_helper(ENGINE *e, const char *id){ >>>>> >>>>> if (!bind_dasync(e)){ >>>>> >>>>> printf("2_Error: Inside Bind helper\n"); >>>>> >>>>> return 0; >>>>> >>>>> } >>>>> >>>>> return 1; >>>>> >>>>> } >>>>> >>>>> >>>>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>>>> >>>>> IMPLEMENT_DYNAMIC_CHECK_FN() >>>>> >>>>> >>>>> ============================================= >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Shariful >>>>> >>>>> >>> >>> -- >>> SY, Dmitry Belyavsky >>> >> > > -- > SY, Dmitry Belyavsky > -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Aug 26 18:00:49 2021 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Thu, 26 Aug 2021 20:00:49 +0200 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dear Shariful, You can build your engine when it's feasible. You can install it to the engine folder and get rid of dynamic_path, but it's not necessary. I prefer explicitly loading the engine via the config file. On Thu, Aug 26, 2021 at 7:56 PM Shariful Alam wrote: > Dear Dmitry, > Thank you very much. After moving the above section at the end of the > configuration file and add the dynamic path to the shared library like the > following, > ================== > [rsa_section] > engine_id = rsa-engine-new > dynamic_path = /opt/openssl/lib/engines-1.1/rsa-engine-new.so > ================== > > My engine load without any error. Thanks. > One more question, Do I need to compile and install my engine with Openssl > source code in-order for it to work with mod_ssl? > > Regards, > Shariful Alam > > > > > > On Thu, Aug 26, 2021 at 10:30 AM Dmitry Belyavsky > wrote: > >> As I suspected, you have the remnants of main openssl config just after >> your only directive in the [rsa_section] >> >> I'd suggest you moving the following lines >> >> ========= >> [openssl_def] >> engines = engine_section >> >> [engine_section] >> rsa-engine-new = rsa_section >> >> [rsa_section] >> engine_id = rsa-engine-new >> ========== >> to the end of your openssl.cnf >> >> On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam wrote: >> >>> Dmitry, >>> Thank you for your response. >>> >>> As you have suggested, I have changed my engine name to maintain with >>> the configuration file >>> >>> /* Engine Id and Name */ >>> static const char *engine_rsa_id = "rsa-engine-new"; >>> static const char *engine_rsa_name = "Dummy RSA engine for testing"; >>> >>> Here is my whole *openssl.cnf* file content >>> >>> ============================================================================================================================= >>> >>> # >>> # OpenSSL example configuration file. >>> # This is mostly being used for generation of certificate requests. >>> # >>> >>> # Note that you can include other files from the main configuration >>> # file using the .include directive. >>> #.include filename >>> >>> # This definition stops the following lines choking if HOME isn't >>> # defined. >>> HOME = . >>> >>> openssl_conf = openssl_def >>> >>> [openssl_def] >>> engines = engine_section >>> >>> [engine_section] >>> rsa-engine-new = rsa_section >>> >>> [rsa_section] >>> engine_id = rsa-engine-new >>> >>> # Extra OBJECT IDENTIFIER info: >>> #oid_file = $ENV::HOME/.oid >>> oid_section = new_oids >>> >>> # To use this configuration file with the "-extfile" option of the >>> # "openssl x509" utility, name here the section containing the >>> # X.509v3 extensions to use: >>> # extensions = >>> # (Alternatively, use a configuration file that has only >>> # X.509v3 extensions in its main [= default] section.) >>> >>> [ new_oids ] >>> >>> # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. >>> # Add a simple OID like this: >>> # testoid1=1.2.3.4 >>> # Or use config file substitution like this: >>> # testoid2=${testoid1}.5.6 >>> >>> # Policies used by the TSA examples. >>> tsa_policy1 = 1.2.3.4.1 >>> tsa_policy2 = 1.2.3.4.5.6 >>> tsa_policy3 = 1.2.3.4.5.7 >>> >>> #################################################################### >>> [ ca ] >>> default_ca = CA_default # The default ca section >>> >>> #################################################################### >>> [ CA_default ] >>> >>> dir = ./demoCA # Where everything is kept >>> certs = $dir/certs # Where the issued certs are kept >>> crl_dir = $dir/crl # Where the issued crl are kept >>> database = $dir/index.txt # database index file. >>> #unique_subject = no # Set to 'no' to allow creation of >>> # several certs with same subject. >>> new_certs_dir = $dir/newcerts # default place for new certs. >>> >>> certificate = $dir/cacert.pem # The CA certificate >>> serial = $dir/serial # The current serial number >>> crlnumber = $dir/crlnumber # the current crl number >>> # must be commented out to leave a V1 CRL >>> crl = $dir/crl.pem # The current CRL >>> private_key = $dir/private/cakey.pem# The private key >>> >>> x509_extensions = usr_cert # The extensions to add to the cert >>> >>> # Comment out the following two lines for the "traditional" >>> # (and highly broken) format. >>> name_opt = ca_default # Subject Name options >>> cert_opt = ca_default # Certificate field options >>> >>> # Extension copying option: use with caution. >>> # copy_extensions = copy >>> >>> # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 >>> CRLs >>> # so this is commented out by default to leave a V1 CRL. >>> # crlnumber must also be commented out to leave a V1 CRL. >>> # crl_extensions = crl_ext >>> >>> default_days = 365 # how long to certify for >>> default_crl_days= 30 # how long before next CRL >>> default_md = default # use public key default MD >>> preserve = no # keep passed DN ordering >>> >>> # A few difference way of specifying how similar the request should look >>> # For type CA, the listed attributes must be the same, and the optional >>> # and supplied fields are just that :-) >>> policy = policy_match >>> >>> # For the CA policy >>> [ policy_match ] >>> countryName = match >>> stateOrProvinceName = optional >>> organizationName = optional >>> organizationalUnitName = optional >>> commonName = supplied >>> emailAddress = optional >>> >>> # For the 'anything' policy >>> # At this point in time, you must list all acceptable 'object' >>> # types. >>> [ policy_anything ] >>> countryName = optional >>> stateOrProvinceName = optional >>> localityName = optional >>> organizationName = optional >>> organizationalUnitName = optional >>> commonName = supplied >>> emailAddress = optional >>> >>> #################################################################### >>> [ req ] >>> default_bits = 2048 >>> default_keyfile = privkey.pem >>> distinguished_name = req_distinguished_name >>> attributes = req_attributes >>> x509_extensions = v3_ca # The extensions to add to the self signed cert >>> >>> # Passwords for private keys if not present they will be prompted for >>> # input_password = secret >>> # output_password = secret >>> >>> # This sets a mask for permitted string types. There are several options. >>> # default: PrintableString, T61String, BMPString. >>> # pkix : PrintableString, BMPString (PKIX recommendation before 2004) >>> # utf8only: only UTF8Strings (PKIX recommendation after 2004). >>> # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). >>> # MASK:XXXX a literal mask value. >>> # WARNING: ancient versions of Netscape crash on BMPStrings or >>> UTF8Strings. >>> string_mask = utf8only >>> >>> # req_extensions = v3_req # The extensions to add to a certificate >>> request >>> >>> [ req_distinguished_name ] >>> countryName = Country Name (2 letter code) >>> countryName_default = AU >>> countryName_min = 2 >>> countryName_max = 2 >>> >>> stateOrProvinceName = State or Province Name (full name) >>> stateOrProvinceName_default = Some-State >>> >>> localityName = Locality Name (eg, city) >>> >>> 0.organizationName = Organization Name (eg, company) >>> 0.organizationName_default = Internet Widgits Pty Ltd >>> >>> # we can do this but it is not needed normally :-) >>> #1.organizationName = Second Organization Name (eg, company) >>> #1.organizationName_default = World Wide Web Pty Ltd >>> >>> organizationalUnitName = Organizational Unit Name (eg, section) >>> #organizationalUnitName_default = >>> >>> commonName = Common Name (e.g. server FQDN or YOUR name) >>> commonName_max = 64 >>> >>> emailAddress = Email Address >>> emailAddress_max = 64 >>> >>> # SET-ex3 = SET extension number 3 >>> >>> [ req_attributes ] >>> challengePassword = A challenge password >>> challengePassword_min = 4 >>> challengePassword_max = 20 >>> >>> unstructuredName = An optional company name >>> >>> [ usr_cert ] >>> >>> # These extensions are added when 'ca' signs a request. >>> >>> # This goes against PKIX guidelines but some CAs do it and some software >>> # requires this to avoid interpreting an end user certificate as a CA. >>> >>> basicConstraints=CA:FALSE >>> >>> # Here are some examples of the usage of nsCertType. If it is omitted >>> # the certificate can be used for anything *except* object signing. >>> >>> # This is OK for an SSL server. >>> # nsCertType = server >>> >>> # For an object signing certificate this would be used. >>> # nsCertType = objsign >>> >>> # For normal client use this is typical >>> # nsCertType = client, email >>> >>> # and for everything including object signing: >>> # nsCertType = client, email, objsign >>> >>> # This is typical in keyUsage for a client certificate. >>> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>> >>> # This will be displayed in Netscape's comment listbox. >>> nsComment = "OpenSSL Generated Certificate" >>> >>> # PKIX recommendations harmless if included in all certificates. >>> subjectKeyIdentifier=hash >>> authorityKeyIdentifier=keyid,issuer >>> >>> # This stuff is for subjectAltName and issuerAltname. >>> # Import the email address. >>> # subjectAltName=email:copy >>> # An alternative to produce certificates that aren't >>> # deprecated according to PKIX. >>> # subjectAltName=email:move >>> >>> # Copy subject details >>> # issuerAltName=issuer:copy >>> >>> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >>> #nsBaseUrl >>> #nsRevocationUrl >>> #nsRenewalUrl >>> #nsCaPolicyUrl >>> #nsSslServerName >>> >>> # This is required for TSA certificates. >>> # extendedKeyUsage = critical,timeStamping >>> >>> [ v3_req ] >>> >>> # Extensions to add to a certificate request >>> >>> basicConstraints = CA:FALSE >>> keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>> >>> [ v3_ca ] >>> >>> >>> # Extensions for a typical CA >>> >>> >>> # PKIX recommendation. >>> >>> subjectKeyIdentifier=hash >>> >>> authorityKeyIdentifier=keyid:always,issuer >>> >>> basicConstraints = critical,CA:true >>> >>> # Key usage: this is typical for a CA certificate. However since it will >>> # prevent it being used as an test self-signed certificate it is best >>> # left out by default. >>> # keyUsage = cRLSign, keyCertSign >>> >>> # Some might want this also >>> # nsCertType = sslCA, emailCA >>> >>> # Include email address in subject alt name: another PKIX recommendation >>> # subjectAltName=email:copy >>> # Copy issuer details >>> # issuerAltName=issuer:copy >>> >>> # DER hex encoding of an extension: beware experts only! >>> # obj=DER:02:03 >>> # Where 'obj' is a standard or added object >>> # You can even override a supported extension: >>> # basicConstraints= critical, DER:30:03:01:01:FF >>> >>> [ crl_ext ] >>> >>> # CRL extensions. >>> # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. >>> >>> # issuerAltName=issuer:copy >>> authorityKeyIdentifier=keyid:always >>> >>> [ proxy_cert_ext ] >>> # These extensions should be added when creating a proxy certificate >>> >>> # This goes against PKIX guidelines but some CAs do it and some software >>> # requires this to avoid interpreting an end user certificate as a CA. >>> >>> basicConstraints=CA:FALSE >>> >>> # Here are some examples of the usage of nsCertType. If it is omitted >>> # the certificate can be used for anything *except* object signing. >>> >>> # This is OK for an SSL server. >>> # nsCertType = server >>> >>> # For an object signing certificate this would be used. >>> # nsCertType = objsign >>> >>> # For normal client use this is typical >>> # nsCertType = client, email >>> >>> # and for everything including object signing: >>> # nsCertType = client, email, objsign >>> >>> # This is typical in keyUsage for a client certificate. >>> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>> >>> # This will be displayed in Netscape's comment listbox. >>> nsComment = "OpenSSL Generated Certificate" >>> >>> # PKIX recommendations harmless if included in all certificates. >>> subjectKeyIdentifier=hash >>> authorityKeyIdentifier=keyid,issuer >>> >>> # This stuff is for subjectAltName and issuerAltname. >>> # Import the email address. >>> # subjectAltName=email:copy >>> # An alternative to produce certificates that aren't >>> # deprecated according to PKIX. >>> # subjectAltName=email:move >>> >>> # Copy subject details >>> # issuerAltName=issuer:copy >>> >>> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >>> #nsBaseUrl >>> #nsRevocationUrl >>> #nsRenewalUrl >>> #nsCaPolicyUrl >>> #nsSslServerName >>> >>> # This really needs to be in place for it to be a proxy certificate. >>> proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo >>> >>> #################################################################### >>> [ tsa ] >>> >>> default_tsa = tsa_config1 # the default TSA section >>> >>> [ tsa_config1 ] >>> >>> # These are used by the TSA reply generation only. >>> dir = ./demoCA # TSA root directory >>> serial = $dir/tsaserial # The current serial number (mandatory) >>> crypto_device = builtin # OpenSSL engine to use for signing >>> signer_cert = $dir/tsacert.pem # The TSA signing certificate >>> # (optional) >>> certs = $dir/cacert.pem # Certificate chain to include in reply >>> # (optional) >>> signer_key = $dir/private/tsakey.pem # The TSA private key (optional) >>> signer_digest = sha256 # Signing digest to use. (Optional) >>> default_policy = tsa_policy1 # Policy if request did not specify it >>> # (optional) >>> other_policies = tsa_policy2, tsa_policy3 # acceptable policies >>> (optional) >>> digests = sha1, sha256, sha384, sha512 # Acceptable message digests >>> (mandatory) >>> accuracy = secs:1, millisecs:500, microsecs:100 # (optional) >>> clock_precision_digits = 0 # number of digits after dot. (optional) >>> ordering = yes # Is ordering defined for timestamps? >>> # (optional, default: no) >>> tsa_name = yes # Must the TSA name be included in the reply? >>> # (optional, default: no) >>> ess_cert_id_chain = no # Must the ESS cert id chain be included? >>> # (optional, default: no) >>> ess_cert_id_alg = sha1 # algorithm to compute certificate >>> # identifier (optional, default: sha1) >>> >>> >>> On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky >>> wrote: >>> >>>> Dear Shariful, >>>> >>>> 1. Don't hurry :) >>>> 2. It looks like there are some more configuration options in your >>>> openssl.cnf [rsa_section] >>>> I think they came from the standard configuration. So if I am wrong, >>>> please provide the whole file. >>>> 3. I'd recommend you also update the lines >>>> ` >>>> static const char *engine_dasync_id = "dasync"; >>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>> ` >>>> To be consistent with your engine name >>>> >>>> On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam >>>> wrote: >>>> >>>>> Any help regarding this matter?? >>>>> >>>>> Regards, >>>>> Shariful >>>>> >>>>> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam >>>>> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>>>>> compiles. Command "*$openssl engine -t -c*" shows the following, >>>>>> >>>>>> >>>>>> openssl engine -t -c >>>>>> >>>>>> (rdrand) Intel RDRAND engine >>>>>> >>>>>> [RAND] >>>>>> >>>>>> [ available ] >>>>>> >>>>>> (dynamic) Dynamic engine loading support >>>>>> >>>>>> [ unavailable ] >>>>>> >>>>>> (dasync) Dummy Async engine support >>>>>> >>>>>> [RSA] >>>>>> >>>>>> [ available ] >>>>>> >>>>>> >>>>>> I also modify *openssl.cnf* configuration as following to load this >>>>>> engine, >>>>>> >>>>>> >>>>>> openssl_conf = openssl_def >>>>>> >>>>>> >>>>>> [openssl_def] >>>>>> >>>>>> engines = engine_section >>>>>> >>>>>> >>>>>> [engine_section] >>>>>> >>>>>> rsa-engine-new = rsa_section >>>>>> >>>>>> >>>>>> [rsa_section] >>>>>> >>>>>> engine_id = rsa-engine-new >>>>>> >>>>>> >>>>>> Then when I run the command "$*openssl engine*", I get the following >>>>>> error, >>>>>> >>>>>> $openssl engine >>>>>> >>>>>> (rdrand) Intel RDRAND engine >>>>>> >>>>>> (dynamic) Dynamic engine loading support >>>>>> >>>>>> (dasync) Dummy Async engine support >>>>>> >>>>>> 139633213376256:error:260AB089:engine >>>>>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>>>>> name:crypto/engine/eng_ctrl.c:255: >>>>>> >>>>>> 139633213376256:error:260BC066:engine >>>>>> routines:int_engine_configure:engine configuration >>>>>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>>>>> value=new_oids >>>>>> >>>>>> 139633213376256:error:0E07606D:configuration file >>>>>> routines:module_run:module initialization >>>>>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>>>>> retcode=-1 >>>>>> >>>>>> >>>>>> Any help why is this happening? How can I fix this? >>>>>> >>>>>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I >>>>>> have to compile my engine with the OpenSSL source code to do that? >>>>>> >>>>>> >>>>>> Here is the complete source code of my sample engine, >>>>>> >>>>>> ============================================== >>>>>> >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> #include >>>>>> >>>>>> >>>>>> /* Engine Id and Name */ >>>>>> >>>>>> static const char *engine_dasync_id = "dasync"; >>>>>> >>>>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>>>> >>>>>> >>>>>> static int dasync_pub_enc(int flen, const unsigned char *from, >>>>>> >>>>>> unsigned char *to, RSA *rsa, int padding) { >>>>>> >>>>>> printf("dasync_pub_enc\n"); >>>>>> >>>>>> >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> static int dasync_pub_dec(int flen, const unsigned char *from, >>>>>> >>>>>> unsigned char *to, RSA *rsa, int padding) { >>>>>> >>>>>> printf("dasync_pub_dec\n"); >>>>>> >>>>>> >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>>>>> unsigned char *to, RSA *rsa, int padding){ >>>>>> >>>>>> printf("dasync_rsa_priv_enc\n"); >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>>>>> unsigned char *to, RSA *rsa, int padding){ >>>>>> >>>>>> printf("dasync_rsa_priv_dec\n"); >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> static RSA_METHOD *dasync_rsa_method = NULL; >>>>>> >>>>>> >>>>>> >>>>>> static int bind_dasync(ENGINE *e){ >>>>>> >>>>>> /* Setup RSA_METHOD */ >>>>>> >>>>>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", >>>>>> 0)) == NULL >>>>>> >>>>>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == >>>>>> 0 >>>>>> >>>>>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == >>>>>> 0 >>>>>> >>>>>> || RSA_meth_set_priv_enc(dasync_rsa_method, >>>>>> dasync_rsa_priv_enc) == 0 >>>>>> >>>>>> || RSA_meth_set_priv_dec(dasync_rsa_method, >>>>>> dasync_rsa_priv_dec) == 0 >>>>>> >>>>>> ) { >>>>>> >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> /* Ensure the dasync error handling is set up */ >>>>>> >>>>>> >>>>>> >>>>>> if (!ENGINE_set_id(e, engine_dasync_id) >>>>>> >>>>>> || !ENGINE_set_name(e, engine_dasync_name) >>>>>> >>>>>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>>>>> >>>>>> ) { >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> return 1; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> static int bind_helper(ENGINE *e, const char *id){ >>>>>> >>>>>> if (!bind_dasync(e)){ >>>>>> >>>>>> printf("2_Error: Inside Bind helper\n"); >>>>>> >>>>>> return 0; >>>>>> >>>>>> } >>>>>> >>>>>> return 1; >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>>>>> >>>>>> IMPLEMENT_DYNAMIC_CHECK_FN() >>>>>> >>>>>> >>>>>> ============================================= >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Shariful >>>>>> >>>>>> >>>> >>>> -- >>>> SY, Dmitry Belyavsky >>>> >>> >> >> -- >> SY, Dmitry Belyavsky >> > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From dipto181 at gmail.com Thu Aug 26 18:28:07 2021 From: dipto181 at gmail.com (Shariful Alam) Date: Thu, 26 Aug 2021 12:28:07 -0600 Subject: OpenSSL dynamic engine loading shows error In-Reply-To: References: Message-ID: Dear Dmitry, Thank you very much for the help. Appreciate it. Regards, Shariful Alam On Thu, Aug 26, 2021 at 12:01 PM Dmitry Belyavsky wrote: > Dear Shariful, > > You can build your engine when it's feasible. > You can install it to the engine folder and get rid of dynamic_path, but > it's not necessary. > > I prefer explicitly loading the engine via the config file. > > > On Thu, Aug 26, 2021 at 7:56 PM Shariful Alam wrote: > >> Dear Dmitry, >> Thank you very much. After moving the above section at the end of the >> configuration file and add the dynamic path to the shared library like the >> following, >> ================== >> [rsa_section] >> engine_id = rsa-engine-new >> dynamic_path = /opt/openssl/lib/engines-1.1/rsa-engine-new.so >> ================== >> >> My engine load without any error. Thanks. >> One more question, Do I need to compile and install my engine >> with Openssl source code in-order for it to work with mod_ssl? >> >> Regards, >> Shariful Alam >> >> >> >> >> >> On Thu, Aug 26, 2021 at 10:30 AM Dmitry Belyavsky >> wrote: >> >>> As I suspected, you have the remnants of main openssl config just after >>> your only directive in the [rsa_section] >>> >>> I'd suggest you moving the following lines >>> >>> ========= >>> [openssl_def] >>> engines = engine_section >>> >>> [engine_section] >>> rsa-engine-new = rsa_section >>> >>> [rsa_section] >>> engine_id = rsa-engine-new >>> ========== >>> to the end of your openssl.cnf >>> >>> On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam >>> wrote: >>> >>>> Dmitry, >>>> Thank you for your response. >>>> >>>> As you have suggested, I have changed my engine name to maintain with >>>> the configuration file >>>> >>>> /* Engine Id and Name */ >>>> static const char *engine_rsa_id = "rsa-engine-new"; >>>> static const char *engine_rsa_name = "Dummy RSA engine for testing"; >>>> >>>> Here is my whole *openssl.cnf* file content >>>> >>>> ============================================================================================================================= >>>> >>>> # >>>> # OpenSSL example configuration file. >>>> # This is mostly being used for generation of certificate requests. >>>> # >>>> >>>> # Note that you can include other files from the main configuration >>>> # file using the .include directive. >>>> #.include filename >>>> >>>> # This definition stops the following lines choking if HOME isn't >>>> # defined. >>>> HOME = . >>>> >>>> openssl_conf = openssl_def >>>> >>>> [openssl_def] >>>> engines = engine_section >>>> >>>> [engine_section] >>>> rsa-engine-new = rsa_section >>>> >>>> [rsa_section] >>>> engine_id = rsa-engine-new >>>> >>>> # Extra OBJECT IDENTIFIER info: >>>> #oid_file = $ENV::HOME/.oid >>>> oid_section = new_oids >>>> >>>> # To use this configuration file with the "-extfile" option of the >>>> # "openssl x509" utility, name here the section containing the >>>> # X.509v3 extensions to use: >>>> # extensions = >>>> # (Alternatively, use a configuration file that has only >>>> # X.509v3 extensions in its main [= default] section.) >>>> >>>> [ new_oids ] >>>> >>>> # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. >>>> # Add a simple OID like this: >>>> # testoid1=1.2.3.4 >>>> # Or use config file substitution like this: >>>> # testoid2=${testoid1}.5.6 >>>> >>>> # Policies used by the TSA examples. >>>> tsa_policy1 = 1.2.3.4.1 >>>> tsa_policy2 = 1.2.3.4.5.6 >>>> tsa_policy3 = 1.2.3.4.5.7 >>>> >>>> #################################################################### >>>> [ ca ] >>>> default_ca = CA_default # The default ca section >>>> >>>> #################################################################### >>>> [ CA_default ] >>>> >>>> dir = ./demoCA # Where everything is kept >>>> certs = $dir/certs # Where the issued certs are kept >>>> crl_dir = $dir/crl # Where the issued crl are kept >>>> database = $dir/index.txt # database index file. >>>> #unique_subject = no # Set to 'no' to allow creation of >>>> # several certs with same subject. >>>> new_certs_dir = $dir/newcerts # default place for new certs. >>>> >>>> certificate = $dir/cacert.pem # The CA certificate >>>> serial = $dir/serial # The current serial number >>>> crlnumber = $dir/crlnumber # the current crl number >>>> # must be commented out to leave a V1 CRL >>>> crl = $dir/crl.pem # The current CRL >>>> private_key = $dir/private/cakey.pem# The private key >>>> >>>> x509_extensions = usr_cert # The extensions to add to the cert >>>> >>>> # Comment out the following two lines for the "traditional" >>>> # (and highly broken) format. >>>> name_opt = ca_default # Subject Name options >>>> cert_opt = ca_default # Certificate field options >>>> >>>> # Extension copying option: use with caution. >>>> # copy_extensions = copy >>>> >>>> # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 >>>> CRLs >>>> # so this is commented out by default to leave a V1 CRL. >>>> # crlnumber must also be commented out to leave a V1 CRL. >>>> # crl_extensions = crl_ext >>>> >>>> default_days = 365 # how long to certify for >>>> default_crl_days= 30 # how long before next CRL >>>> default_md = default # use public key default MD >>>> preserve = no # keep passed DN ordering >>>> >>>> # A few difference way of specifying how similar the request should look >>>> # For type CA, the listed attributes must be the same, and the optional >>>> # and supplied fields are just that :-) >>>> policy = policy_match >>>> >>>> # For the CA policy >>>> [ policy_match ] >>>> countryName = match >>>> stateOrProvinceName = optional >>>> organizationName = optional >>>> organizationalUnitName = optional >>>> commonName = supplied >>>> emailAddress = optional >>>> >>>> # For the 'anything' policy >>>> # At this point in time, you must list all acceptable 'object' >>>> # types. >>>> [ policy_anything ] >>>> countryName = optional >>>> stateOrProvinceName = optional >>>> localityName = optional >>>> organizationName = optional >>>> organizationalUnitName = optional >>>> commonName = supplied >>>> emailAddress = optional >>>> >>>> #################################################################### >>>> [ req ] >>>> default_bits = 2048 >>>> default_keyfile = privkey.pem >>>> distinguished_name = req_distinguished_name >>>> attributes = req_attributes >>>> x509_extensions = v3_ca # The extensions to add to the self signed cert >>>> >>>> # Passwords for private keys if not present they will be prompted for >>>> # input_password = secret >>>> # output_password = secret >>>> >>>> # This sets a mask for permitted string types. There are several >>>> options. >>>> # default: PrintableString, T61String, BMPString. >>>> # pkix : PrintableString, BMPString (PKIX recommendation before 2004) >>>> # utf8only: only UTF8Strings (PKIX recommendation after 2004). >>>> # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). >>>> # MASK:XXXX a literal mask value. >>>> # WARNING: ancient versions of Netscape crash on BMPStrings or >>>> UTF8Strings. >>>> string_mask = utf8only >>>> >>>> # req_extensions = v3_req # The extensions to add to a certificate >>>> request >>>> >>>> [ req_distinguished_name ] >>>> countryName = Country Name (2 letter code) >>>> countryName_default = AU >>>> countryName_min = 2 >>>> countryName_max = 2 >>>> >>>> stateOrProvinceName = State or Province Name (full name) >>>> stateOrProvinceName_default = Some-State >>>> >>>> localityName = Locality Name (eg, city) >>>> >>>> 0.organizationName = Organization Name (eg, company) >>>> 0.organizationName_default = Internet Widgits Pty Ltd >>>> >>>> # we can do this but it is not needed normally :-) >>>> #1.organizationName = Second Organization Name (eg, company) >>>> #1.organizationName_default = World Wide Web Pty Ltd >>>> >>>> organizationalUnitName = Organizational Unit Name (eg, section) >>>> #organizationalUnitName_default = >>>> >>>> commonName = Common Name (e.g. server FQDN or YOUR name) >>>> commonName_max = 64 >>>> >>>> emailAddress = Email Address >>>> emailAddress_max = 64 >>>> >>>> # SET-ex3 = SET extension number 3 >>>> >>>> [ req_attributes ] >>>> challengePassword = A challenge password >>>> challengePassword_min = 4 >>>> challengePassword_max = 20 >>>> >>>> unstructuredName = An optional company name >>>> >>>> [ usr_cert ] >>>> >>>> # These extensions are added when 'ca' signs a request. >>>> >>>> # This goes against PKIX guidelines but some CAs do it and some software >>>> # requires this to avoid interpreting an end user certificate as a CA. >>>> >>>> basicConstraints=CA:FALSE >>>> >>>> # Here are some examples of the usage of nsCertType. If it is omitted >>>> # the certificate can be used for anything *except* object signing. >>>> >>>> # This is OK for an SSL server. >>>> # nsCertType = server >>>> >>>> # For an object signing certificate this would be used. >>>> # nsCertType = objsign >>>> >>>> # For normal client use this is typical >>>> # nsCertType = client, email >>>> >>>> # and for everything including object signing: >>>> # nsCertType = client, email, objsign >>>> >>>> # This is typical in keyUsage for a client certificate. >>>> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>>> >>>> # This will be displayed in Netscape's comment listbox. >>>> nsComment = "OpenSSL Generated Certificate" >>>> >>>> # PKIX recommendations harmless if included in all certificates. >>>> subjectKeyIdentifier=hash >>>> authorityKeyIdentifier=keyid,issuer >>>> >>>> # This stuff is for subjectAltName and issuerAltname. >>>> # Import the email address. >>>> # subjectAltName=email:copy >>>> # An alternative to produce certificates that aren't >>>> # deprecated according to PKIX. >>>> # subjectAltName=email:move >>>> >>>> # Copy subject details >>>> # issuerAltName=issuer:copy >>>> >>>> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >>>> #nsBaseUrl >>>> #nsRevocationUrl >>>> #nsRenewalUrl >>>> #nsCaPolicyUrl >>>> #nsSslServerName >>>> >>>> # This is required for TSA certificates. >>>> # extendedKeyUsage = critical,timeStamping >>>> >>>> [ v3_req ] >>>> >>>> # Extensions to add to a certificate request >>>> >>>> basicConstraints = CA:FALSE >>>> keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>>> >>>> [ v3_ca ] >>>> >>>> >>>> # Extensions for a typical CA >>>> >>>> >>>> # PKIX recommendation. >>>> >>>> subjectKeyIdentifier=hash >>>> >>>> authorityKeyIdentifier=keyid:always,issuer >>>> >>>> basicConstraints = critical,CA:true >>>> >>>> # Key usage: this is typical for a CA certificate. However since it will >>>> # prevent it being used as an test self-signed certificate it is best >>>> # left out by default. >>>> # keyUsage = cRLSign, keyCertSign >>>> >>>> # Some might want this also >>>> # nsCertType = sslCA, emailCA >>>> >>>> # Include email address in subject alt name: another PKIX recommendation >>>> # subjectAltName=email:copy >>>> # Copy issuer details >>>> # issuerAltName=issuer:copy >>>> >>>> # DER hex encoding of an extension: beware experts only! >>>> # obj=DER:02:03 >>>> # Where 'obj' is a standard or added object >>>> # You can even override a supported extension: >>>> # basicConstraints= critical, DER:30:03:01:01:FF >>>> >>>> [ crl_ext ] >>>> >>>> # CRL extensions. >>>> # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. >>>> >>>> # issuerAltName=issuer:copy >>>> authorityKeyIdentifier=keyid:always >>>> >>>> [ proxy_cert_ext ] >>>> # These extensions should be added when creating a proxy certificate >>>> >>>> # This goes against PKIX guidelines but some CAs do it and some software >>>> # requires this to avoid interpreting an end user certificate as a CA. >>>> >>>> basicConstraints=CA:FALSE >>>> >>>> # Here are some examples of the usage of nsCertType. If it is omitted >>>> # the certificate can be used for anything *except* object signing. >>>> >>>> # This is OK for an SSL server. >>>> # nsCertType = server >>>> >>>> # For an object signing certificate this would be used. >>>> # nsCertType = objsign >>>> >>>> # For normal client use this is typical >>>> # nsCertType = client, email >>>> >>>> # and for everything including object signing: >>>> # nsCertType = client, email, objsign >>>> >>>> # This is typical in keyUsage for a client certificate. >>>> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment >>>> >>>> # This will be displayed in Netscape's comment listbox. >>>> nsComment = "OpenSSL Generated Certificate" >>>> >>>> # PKIX recommendations harmless if included in all certificates. >>>> subjectKeyIdentifier=hash >>>> authorityKeyIdentifier=keyid,issuer >>>> >>>> # This stuff is for subjectAltName and issuerAltname. >>>> # Import the email address. >>>> # subjectAltName=email:copy >>>> # An alternative to produce certificates that aren't >>>> # deprecated according to PKIX. >>>> # subjectAltName=email:move >>>> >>>> # Copy subject details >>>> # issuerAltName=issuer:copy >>>> >>>> #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem >>>> #nsBaseUrl >>>> #nsRevocationUrl >>>> #nsRenewalUrl >>>> #nsCaPolicyUrl >>>> #nsSslServerName >>>> >>>> # This really needs to be in place for it to be a proxy certificate. >>>> proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo >>>> >>>> #################################################################### >>>> [ tsa ] >>>> >>>> default_tsa = tsa_config1 # the default TSA section >>>> >>>> [ tsa_config1 ] >>>> >>>> # These are used by the TSA reply generation only. >>>> dir = ./demoCA # TSA root directory >>>> serial = $dir/tsaserial # The current serial number (mandatory) >>>> crypto_device = builtin # OpenSSL engine to use for signing >>>> signer_cert = $dir/tsacert.pem # The TSA signing certificate >>>> # (optional) >>>> certs = $dir/cacert.pem # Certificate chain to include in reply >>>> # (optional) >>>> signer_key = $dir/private/tsakey.pem # The TSA private key (optional) >>>> signer_digest = sha256 # Signing digest to use. (Optional) >>>> default_policy = tsa_policy1 # Policy if request did not specify it >>>> # (optional) >>>> other_policies = tsa_policy2, tsa_policy3 # acceptable policies >>>> (optional) >>>> digests = sha1, sha256, sha384, sha512 # Acceptable message >>>> digests (mandatory) >>>> accuracy = secs:1, millisecs:500, microsecs:100 # (optional) >>>> clock_precision_digits = 0 # number of digits after dot. (optional) >>>> ordering = yes # Is ordering defined for timestamps? >>>> # (optional, default: no) >>>> tsa_name = yes # Must the TSA name be included in the reply? >>>> # (optional, default: no) >>>> ess_cert_id_chain = no # Must the ESS cert id chain be included? >>>> # (optional, default: no) >>>> ess_cert_id_alg = sha1 # algorithm to compute certificate >>>> # identifier (optional, default: sha1) >>>> >>>> >>>> On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky >>>> wrote: >>>> >>>>> Dear Shariful, >>>>> >>>>> 1. Don't hurry :) >>>>> 2. It looks like there are some more configuration options in your >>>>> openssl.cnf [rsa_section] >>>>> I think they came from the standard configuration. So if I am wrong, >>>>> please provide the whole file. >>>>> 3. I'd recommend you also update the lines >>>>> ` >>>>> static const char *engine_dasync_id = "dasync"; >>>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>>> ` >>>>> To be consistent with your engine name >>>>> >>>>> On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam >>>>> wrote: >>>>> >>>>>> Any help regarding this matter?? >>>>>> >>>>>> Regards, >>>>>> Shariful >>>>>> >>>>>> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I have a simple rsa engine code (from engines/e_dasync.c). My code >>>>>>> compiles. Command "*$openssl engine -t -c*" shows the following, >>>>>>> >>>>>>> >>>>>>> openssl engine -t -c >>>>>>> >>>>>>> (rdrand) Intel RDRAND engine >>>>>>> >>>>>>> [RAND] >>>>>>> >>>>>>> [ available ] >>>>>>> >>>>>>> (dynamic) Dynamic engine loading support >>>>>>> >>>>>>> [ unavailable ] >>>>>>> >>>>>>> (dasync) Dummy Async engine support >>>>>>> >>>>>>> [RSA] >>>>>>> >>>>>>> [ available ] >>>>>>> >>>>>>> >>>>>>> I also modify *openssl.cnf* configuration as following to load this >>>>>>> engine, >>>>>>> >>>>>>> >>>>>>> openssl_conf = openssl_def >>>>>>> >>>>>>> >>>>>>> [openssl_def] >>>>>>> >>>>>>> engines = engine_section >>>>>>> >>>>>>> >>>>>>> [engine_section] >>>>>>> >>>>>>> rsa-engine-new = rsa_section >>>>>>> >>>>>>> >>>>>>> [rsa_section] >>>>>>> >>>>>>> engine_id = rsa-engine-new >>>>>>> >>>>>>> >>>>>>> Then when I run the command "$*openssl engine*", I get the >>>>>>> following error, >>>>>>> >>>>>>> $openssl engine >>>>>>> >>>>>>> (rdrand) Intel RDRAND engine >>>>>>> >>>>>>> (dynamic) Dynamic engine loading support >>>>>>> >>>>>>> (dasync) Dummy Async engine support >>>>>>> >>>>>>> 139633213376256:error:260AB089:engine >>>>>>> routines:ENGINE_ctrl_cmd_string:invalid cmd >>>>>>> name:crypto/engine/eng_ctrl.c:255: >>>>>>> >>>>>>> 139633213376256:error:260BC066:engine >>>>>>> routines:int_engine_configure:engine configuration >>>>>>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, >>>>>>> value=new_oids >>>>>>> >>>>>>> 139633213376256:error:0E07606D:configuration file >>>>>>> routines:module_run:module initialization >>>>>>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, >>>>>>> retcode=-1 >>>>>>> >>>>>>> >>>>>>> Any help why is this happening? How can I fix this? >>>>>>> >>>>>>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I >>>>>>> have to compile my engine with the OpenSSL source code to do that? >>>>>>> >>>>>>> >>>>>>> Here is the complete source code of my sample engine, >>>>>>> >>>>>>> ============================================== >>>>>>> >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> #include >>>>>>> >>>>>>> >>>>>>> /* Engine Id and Name */ >>>>>>> >>>>>>> static const char *engine_dasync_id = "dasync"; >>>>>>> >>>>>>> static const char *engine_dasync_name = "Dummy Async engine support"; >>>>>>> >>>>>>> >>>>>>> static int dasync_pub_enc(int flen, const unsigned char *from, >>>>>>> >>>>>>> unsigned char *to, RSA *rsa, int padding) { >>>>>>> >>>>>>> printf("dasync_pub_enc\n"); >>>>>>> >>>>>>> >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> static int dasync_pub_dec(int flen, const unsigned char *from, >>>>>>> >>>>>>> unsigned char *to, RSA *rsa, int padding) { >>>>>>> >>>>>>> printf("dasync_pub_dec\n"); >>>>>>> >>>>>>> >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from, >>>>>>> unsigned char *to, RSA *rsa, int padding){ >>>>>>> >>>>>>> printf("dasync_rsa_priv_enc\n"); >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from, >>>>>>> unsigned char *to, RSA *rsa, int padding){ >>>>>>> >>>>>>> printf("dasync_rsa_priv_dec\n"); >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> >>>>>>> static RSA_METHOD *dasync_rsa_method = NULL; >>>>>>> >>>>>>> >>>>>>> >>>>>>> static int bind_dasync(ENGINE *e){ >>>>>>> >>>>>>> /* Setup RSA_METHOD */ >>>>>>> >>>>>>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", >>>>>>> 0)) == NULL >>>>>>> >>>>>>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) >>>>>>> == 0 >>>>>>> >>>>>>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) >>>>>>> == 0 >>>>>>> >>>>>>> || RSA_meth_set_priv_enc(dasync_rsa_method, >>>>>>> dasync_rsa_priv_enc) == 0 >>>>>>> >>>>>>> || RSA_meth_set_priv_dec(dasync_rsa_method, >>>>>>> dasync_rsa_priv_dec) == 0 >>>>>>> >>>>>>> ) { >>>>>>> >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> /* Ensure the dasync error handling is set up */ >>>>>>> >>>>>>> >>>>>>> >>>>>>> if (!ENGINE_set_id(e, engine_dasync_id) >>>>>>> >>>>>>> || !ENGINE_set_name(e, engine_dasync_name) >>>>>>> >>>>>>> || !ENGINE_set_RSA(e, dasync_rsa_method) >>>>>>> >>>>>>> ) { >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> return 1; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> static int bind_helper(ENGINE *e, const char *id){ >>>>>>> >>>>>>> if (!bind_dasync(e)){ >>>>>>> >>>>>>> printf("2_Error: Inside Bind helper\n"); >>>>>>> >>>>>>> return 0; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> return 1; >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) >>>>>>> >>>>>>> IMPLEMENT_DYNAMIC_CHECK_FN() >>>>>>> >>>>>>> >>>>>>> ============================================= >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Shariful >>>>>>> >>>>>>> >>>>> >>>>> -- >>>>> SY, Dmitry Belyavsky >>>>> >>>> >>> >>> -- >>> SY, Dmitry Belyavsky >>> >> > > -- > SY, Dmitry Belyavsky > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill.c.roberts at gmail.com Thu Aug 26 21:27:18 2021 From: bill.c.roberts at gmail.com (William Roberts) Date: Thu, 26 Aug 2021 16:27:18 -0500 Subject: HMAC verification with EVP Interface In-Reply-To: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> References: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> Message-ID: On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote: > > On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote: > > Hello, > > > > I am trying to verify an HMAC signature with the code below and the > > EVP_DigestVerifyInit() > > routine is failing with "error:0608F096:digital envelope > > routines:EVP_PKEY_verify_init:operation not supported for this > > keytype". Eventually it gets to EVP_PKEY_verify_init() and since the > > ctx->pmeth->verify pointer is null, it sets this error. It's unclear > > to me why this function pointer is NULL, can someone elaborate the > > right way to do this via EVP interfaces? > > As HMAC is not a true signature algorithm there is no support for > the EVP_DigestVerifyInit() operation with HMAC 'signatures'. You just > have to use EVP_DigestSign*() operation to create a new HMAC and > compare with the original value. > Ahh okay thanks. This was in the wiki I just scrolled too far and ended up under asymmetric. For anyone looking it was on the on the wiki here: - https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying But considering that Verifying could do this, since it has both the message and hmac "signature", wouldn't it be nice to add this support since it's generated through the sign interface? In my mind a Sign operation always has a verify operation. From bbrumley at gmail.com Fri Aug 27 06:47:07 2021 From: bbrumley at gmail.com (Billy Brumley) Date: Fri, 27 Aug 2021 09:47:07 +0300 Subject: HMAC verification with EVP Interface In-Reply-To: References: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> Message-ID: > > Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular > > ol' memcmp. > > What's the rationale? The HMAC result isn't secret. The _purported_ tag is public, but the _ground truth_ tag is not. Indeed, that's the whole reason to use a constant time compare. Otherwise, an attacker can adaptively construct a valid tag, or forgery, for a chosen message (with no previous valid tag seen) by varying tag bytes and submitting a chosen message with the candidate tag for verification, and measuring the time. A regular memcmp will early exit on the first mismatch between the purported tag and the ground truth tag. In this way, the attack is linear in complexity. This is the textbook example I give in my crypto courses for timing attacks. Cheers, BBB From tomas at openssl.org Fri Aug 27 07:06:00 2021 From: tomas at openssl.org (Tomas Mraz) Date: Fri, 27 Aug 2021 09:06:00 +0200 Subject: HMAC verification with EVP Interface In-Reply-To: References: <64f7db5c96702831edbcbf5cb83ee2f7da4f1acd.camel@openssl.org> Message-ID: <82ca5e99b349f17edbcb684a2418831b89c841cf.camel@openssl.org> On Thu, 2021-08-26 at 16:27 -0500, William Roberts wrote: > On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote: > > > > On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote: > > > Hello, > > > > > > I am trying to verify an HMAC signature with the code below and > > > the > > > EVP_DigestVerifyInit() > > > routine is failing with "error:0608F096:digital envelope > > > routines:EVP_PKEY_verify_init:operation not supported for this > > > keytype". Eventually it gets to EVP_PKEY_verify_init() and since > > > the > > > ctx->pmeth->verify pointer is null, it sets this error. It's > > > unclear > > > to me why this function pointer is NULL, can someone elaborate > > > the > > > right way to do this via EVP interfaces? > > > > As HMAC is not a true signature algorithm there is no support for > > the EVP_DigestVerifyInit() operation with HMAC 'signatures'. You > > just > > have to use EVP_DigestSign*() operation to create a new HMAC and > > compare with the original value. > > > > Ahh okay thanks. This was in the wiki I just scrolled too far and > ended up under asymmetric. > For anyone looking it was on the on the wiki here: > ? - https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying > > But considering that Verifying could do this, since it has both the > message and hmac > "signature", wouldn't it be nice to add this support since it's > generated through the > sign interface? In my mind a Sign operation always has a verify > operation. There is EVP_MAC API in the 3.0 release and the HMAC support in EVP Signing API is legacy although it is not explicitly deprecated. So it is unlikely to be enhanced in the suggested way. -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From Sanjeev.Kumar-Mishra at rbbn.com Fri Aug 27 07:47:43 2021 From: Sanjeev.Kumar-Mishra at rbbn.com (Kumar Mishra, Sanjeev) Date: Fri, 27 Aug 2021 07:47:43 +0000 Subject: How to get "EVP_PKEY *dhpkey" from NID_X9_62_prime256v1. Message-ID: Hi All, I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. I am getting compilation errors for deprecated functions and structure like "EC_KEY_new_by_curve_name()" , "SSL_CTX_set_tmp_ecdh()" and "EC_KEY"......etc. The code is like follows -- ------- ------- EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); SSL_CTX_set_tmp_ecdh(mrmIcbPtr -> sslServerCtx, ecdh); ......... ......... I got one replacement as int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); Now, it will require "EVP_PKEY *dhpkey" Now How to get "EVP_PKEY *dhpkey" from NID_X9_62_prime256v1. ? I am searching the work around of above code..... Thanks in anticipation ! Sanjeev Kumar Mishra Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Aug 27 08:00:41 2021 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Aug 2021 09:00:41 +0100 Subject: How to get "EVP_PKEY *dhpkey" from NID_X9_62_prime256v1. In-Reply-To: References: Message-ID: On 27/08/2021 08:47, Kumar Mishra, Sanjeev wrote: > Hi All, > I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. > I am getting compilation errors for deprecated functions and structure > like "EC_KEY_new_by_curve_name()" , "SSL_CTX_set_tmp_ecdh()" and > "EC_KEY"......etc. > > The code is like follows -- > ------- > ------- > EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); > SSL_CTX_set_tmp_ecdh(mrmIcbPtr -> sslServerCtx, ecdh); > ......... > ......... The SSL_CTX_set_tmp_ecdh man page says this: "SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B. The key is inherited by all B objects created from B. This macro is deprecated in favor of L." https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tmp_ecdh.html So call SSL_CTX_set1_groups() instead: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html Actually, even easier you can call SSL_CTX_set1_groups_list() (documented on the same man page), which means you can just set the group via a string: SSL_CTX_set1_groups_list(mrmIcbPtr -> sslServerCtx, "P-256"); Where "P-256" is the string name associated with NID_X9_62_prime256v1. Or your final alternative is to not doing anything at all, and simply remove this code. In 3.0 you can specify multiple groups and they have sensible defaults that are already set for you (which include X25519 and P-256). Matt From Michael.Wojcik at microfocus.com Fri Aug 27 12:34:16 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 27 Aug 2021 12:34:16 +0000 Subject: SM2 fix in 1.1.1l Message-ID: I imagine I could figure this out by reading the source, but does the SM2 fix (the high-severity issue for OpenSSL 1.1.1l) apply to TLS using SMx (RFC 8998), or just to applications that use SM2 directly via the EVP API? It wasn't clear from the announcement, unless I missed something. We'll be picking up 1.1.1l shortly, but I'd like to be able to clarify the situation for management and customers. -- Michael Wojcik -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Fri Aug 27 13:04:24 2021 From: nic.tuv at gmail.com (Nicola Tuveri) Date: Fri, 27 Aug 2021 16:04:24 +0300 Subject: SM2 fix in 1.1.1l In-Reply-To: References: Message-ID: [CVE-2021-3711] (https://www.openssl.org/news/secadv/20210824.txt) only applies to SM2 decryption, i.e., it is not related to the digital signature or key exchange algorithms in the SM2 family. In the 1.1.1 branch of OpenSSL, libssl does not support RFC 8998, but in any case RFC 8998 only involves the digital signature and key exchange algorithms of SM2, not the public key encryption algorithm for which the security advisory has been released. As such only applications programmatically using the SM2 public key encryption algorithm (and decryption in particular) should be affected by the mentioned security advisory. Best regards, Nicola Tuveri On Fri, Aug 27, 2021, 15:40 Michael Wojcik wrote: > I imagine I could figure this out by reading the source, but does the SM2 > fix (the high-severity issue for OpenSSL 1.1.1l) apply to TLS using SMx > (RFC 8998), or just to applications that use SM2 directly via the EVP API? > It wasn't clear from the announcement, unless I missed something. > > > > We'll be picking up 1.1.1l shortly, but I'd like to be able to clarify the > situation for management and customers. > > > > -- > > Michael Wojcik > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgoldman at us.ibm.com Fri Aug 27 16:40:58 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 27 Aug 2021 12:40:58 -0400 Subject: 3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes In-Reply-To: References: Message-ID: On 8/24/2021 5:56 AM, Matt Caswell wrote: > > > On 23/08/2021 20:42, Ken Goldman wrote: >> I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the _it functions. >> The code is working, but I'd like a clean compile. >> >> 3.0.0 only, 1.0.2 and 1.1.1 are OK. >> >> Example: >> >> #include >> #include >> #include >> #include >> >> typedef struct { >> ???? ASN1_TIME *notBefore; >> ???? ASN1_TIME *notAfter; >> } TPM_PARTIAL_CERT_VALIDITY; >> >> ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = { >> ???? ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME), >> ???? ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME), >> } ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) > > Change this line to: > > } static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) > > static_ worked on 3.0, 1.1.1, and 1.0.2. I found that it failed on 1.0.1e with: certifyx509.c:125: error: expected ',' or ';' before 'static_ASN1_SEQUENCE_END' certifyx509.c:128: warning: no previous prototype for 'TPM_ADDTOCERT_new' If this makes sense, I can add an ifdef. (Support for 1.0.1 is a requirement. Sorry.) From Michael.Wojcik at microfocus.com Fri Aug 27 16:53:35 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Fri, 27 Aug 2021 16:53:35 +0000 Subject: SM2 fix in 1.1.1l In-Reply-To: References: Message-ID: > From: Nicola Tuveri > Sent: Friday, 27 August, 2021 07:04 > As such only applications programmatically using the SM2 public key encryption > algorithm (and decryption in particular) should be affected by the mentioned > security advisory. Thanks -- that's exactly what I was looking for. -- Michael Wojcik From 1nagarjun1 at gmail.com Fri Aug 27 17:17:01 2021 From: 1nagarjun1 at gmail.com (Nagarjun J) Date: Fri, 27 Aug 2021 22:47:01 +0530 Subject: Query regarding openssl-3.0.0 ecdsa self tests Message-ID: Hi, Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA pairwise consistency test. Thanks, Nagarjun -------------- next part -------------- An HTML attachment was scrubbed... URL: From selasley at icloud.com Fri Aug 27 17:34:21 2021 From: selasley at icloud.com (Scott Lasley) Date: Fri, 27 Aug 2021 13:34:21 -0400 Subject: openssl-1.1.1l fails to build in macOS 10.13.6 with Xcode 10.1 Message-ID: <85D4FBF5-3218-4DCE-A986-B415D0E2DEED@icloud.com> Building openssl-1.1.1l with Xcode 10.1 under macOS 10.13.6 fails with this error In file included from crypto/rand/rand_unix.c:38: /usr/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name 'CCCryptorStatus' typedef CCCryptorStatus CCRNGStatus; ^ crypto/rand/rand_unix.c:385:47: error: use of undeclared identifier 'kCCSuccess' if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) ^ 2 errors generated. make[1]: *** [crypto/rand/rand_unix.o] Error 1 The build succeeds and all tests pass if CommonCryptoError.h is added to the __APPLE__ includes in crypto/rand/rand_unix.c #if defined(__APPLE__) # include # include #endif Is this a safe change to make? Best regards, Scott From kgoldman at us.ibm.com Fri Aug 27 19:46:58 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 27 Aug 2021 15:46:58 -0400 Subject: openssl 3.0.0 valgrind failure on OPENSSL_ia32_cpuid Message-ID: I run valgrind on all my software to find memory leaks. This worked for openssl 1.0.2 and 1.1.1, but fails with 3.0.0. Suggestions? vex amd64->IR: unhandled instruction bytes: 0xF3 0xF 0x1E 0xFA 0x49 0x89 0xD8 0x31 vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=1 ==29625== valgrind: Unrecognised instruction at address 0x56b2b10. ==29625== at 0x56B2B10: OPENSSL_ia32_cpuid (x86_64cpuid.s:36) ==29625== by 0x569FA37: OPENSSL_cpuid_setup (cpuid.c:147) ==29625== by 0x55163C2: ??? (in /home/kgold/openssl30/libcrypto.so.3) ==29625== Your program just tried to execute an instruction that Valgrind ==29625== did not recognise. There are two possible reasons for this. ==29625== 1. Your program has a bug and erroneously jumped to a non-code ==29625== location. If you are running Memcheck and you just saw a ==29625== warning about a bad jump, it's probably your program's fault. ==29625== 2. The instruction is legitimate but Valgrind doesn't handle it, ==29625== i.e. it's Valgrind's fault. If you think this is the case or ==29625== you are not sure, please let us know and we'll try to fix it. ==29625== Either way, Valgrind will now raise a SIGILL signal which will ==29625== probably kill your program. ==29625== ==29625== Process terminating with default action of signal 4 (SIGILL) ==29625== Illegal opcode at address 0x56B2B10 ==29625== at 0x56B2B10: OPENSSL_ia32_cpuid (x86_64cpuid.s:36) ==29625== by 0x569FA37: OPENSSL_cpuid_setup (cpuid.c:147) ==29625== by 0x55163C2: ??? (in /home/kgold/openssl30/libcrypto.so.3) From bill.c.roberts at gmail.com Fri Aug 27 20:07:53 2021 From: bill.c.roberts at gmail.com (William Roberts) Date: Fri, 27 Aug 2021 15:07:53 -0500 Subject: openssl 3.0.0 valgrind failure on OPENSSL_ia32_cpuid In-Reply-To: References: Message-ID: On Fri, Aug 27, 2021 at 2:47 PM Ken Goldman wrote: > > I run valgrind on all my software to find memory leaks. This worked for > openssl 1.0.2 and 1.1.1, but fails with 3.0.0. Suggestions? > > vex amd64->IR: unhandled instruction bytes: 0xF3 0xF 0x1E 0xFA 0x49 0x89 0xD8 0x31 > vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 > vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F > vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=1 > ==29625== valgrind: Unrecognised instruction at address 0x56b2b10. > ==29625== at 0x56B2B10: OPENSSL_ia32_cpuid (x86_64cpuid.s:36) > ==29625== by 0x569FA37: OPENSSL_cpuid_setup (cpuid.c:147) > ==29625== by 0x55163C2: ??? (in /home/kgold/openssl30/libcrypto.so.3) > ==29625== Your program just tried to execute an instruction that Valgrind > ==29625== did not recognise. There are two possible reasons for this. > ==29625== 1. Your program has a bug and erroneously jumped to a non-code > ==29625== location. If you are running Memcheck and you just saw a > ==29625== warning about a bad jump, it's probably your program's fault. > ==29625== 2. The instruction is legitimate but Valgrind doesn't handle it, > ==29625== i.e. it's Valgrind's fault. If you think this is the case or > ==29625== you are not sure, please let us know and we'll try to fix it. > ==29625== Either way, Valgrind will now raise a SIGILL signal which will > ==29625== probably kill your program. > ==29625== > ==29625== Process terminating with default action of signal 4 (SIGILL) > ==29625== Illegal opcode at address 0x56B2B10 > ==29625== at 0x56B2B10: OPENSSL_ia32_cpuid (x86_64cpuid.s:36) > ==29625== by 0x569FA37: OPENSSL_cpuid_setup (cpuid.c:147) > ==29625== by 0x55163C2: ??? (in /home/kgold/openssl30/libcrypto.so.3) > I stopped using valgrind awhile ago, because I had too many issues with false positives, etc. I really noticed this when dealing with glib/dbus. At this time, I made the switch to ASAN and both gcc and clang support it and the diagnostics have been better than anything I got with valgrind; it's been many years and I never looked back. Just google your compiler and asan and you should get guides, but in general it's as easy as adding CFLAGS='-O0 -g -fsanitize=address -fno-omit-frame-pointer' Then just run the binary as normal. You may need to set up the symbolizer to resolve addresses to file/line names. IIRC its via the ASAN_SYMBOLIZER_PATH and that is discussed further in the ASAN docs. I would give that a try, that's what I am using for OpenSSL 3.0 integration and fuzzing in my CI's Bill From kgoldman at us.ibm.com Fri Aug 27 20:16:26 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 27 Aug 2021 16:16:26 -0400 Subject: openssl 3.0.0 valgrind failure on OPENSSL_ia32_cpuid - retract, sorry In-Reply-To: References: Message-ID: On 8/27/2021 3:46 PM, Ken Goldman wrote: > I run valgrind on all my software to find memory leaks.? This worked for > openssl 1.0.2 and 1.1.1, but fails with 3.0.0.? Suggestions? Sorry, I updated valgrind and all is well. From kgoldman at us.ibm.com Fri Aug 27 21:28:52 2021 From: kgoldman at us.ibm.com (Ken Goldman) Date: Fri, 27 Aug 2021 17:28:52 -0400 Subject: TYPE_new() and TYPE_free() Message-ID: Assuming that I use the ASN1_SEQUENCE, ASN1_SEQUENCE_END, DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS macros ... TYPE_free() says that it frees all sub-objects. Can I assume that, if the sub-objects are also defined with those macros, that it will iterate all the way? TYPE_new() allocates the object. Does it set all the pointers to NULL, and iterate down through sub-structure - so that the free is safe? From bl4cknesstr at gmail.com Sat Aug 28 01:52:36 2021 From: bl4cknesstr at gmail.com (bl4ck ness) Date: Sat, 28 Aug 2021 04:52:36 +0300 Subject: OpenSSL API CRL Revoke Check: Coverage Message-ID: Hello, I'm trying to use OpenSSL to validate a certificate chain with CRLs. To achieve this, I create a X509_STORE and add trusted (root) certificates into it via X509_STORE_add_cert(). I also add CRLs published by root and intermediate CAs into the store using X509_STORE_add_crl(). Then I create a X509_STORE_CTX for this store and using X509_STORE_CTX_init() function I set intermediate certs via its chain parameter and target (leaf) cert via its x509 parameter. When I verify cert chain using X509_verify_cert: - Are these CRLs checked for a valid digital signature (both CRLs root & intermediate) ? - Since store should only contain trusted root certificates why should I add CRLs published by intermediate certificates into the store but not to somewhere else (for example ctx)? - Documentation for X509_STORE_add_crl "Untrusted objects should not be added in this way". What does this mean? Dennis K. -------------- next part -------------- An HTML attachment was scrubbed... URL: From b20001send at gmail.com Sun Aug 29 13:03:52 2021 From: b20001send at gmail.com (=?utf-8?B?6Z2S5pyo5L+h6ZuE?=) Date: Sun, 29 Aug 2021 22:03:52 +0900 Subject: =?utf-8?Q?Consultation=EF=BC=9AAdditional_=E2=80=9Cephemeral_publ?= =?utf-8?Q?ic_key=E2=80=9D_and_=E2=80=9Cephemeral_private_key=22_implement?= =?utf-8?Q?ations_for_quictls/opens?= In-Reply-To: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> References: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> Message-ID: <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> Dear OpenSSL users My name is Nobuo Aoki, and I am a master's student. ?Hiroshima City University, Japan? Right now, I am doing research on secure communication protocols. Specifically, we are trying to enable ?ephemeral public key? and ?ephemeral private key" for SSL/TLS. I have been using quictls/openssl as an implementation of SSL/TLS. It is publicly available on Github. I am trying to identify the implementation where ?ephemeral public key? and ?ephemeral private key" can be added, but I have not been able to do so yet, probably because I am not familiar with the openssl implementation. I have also tried to read openssl/openssl in order to identify the implementation, but no luck. So, I'm wondering if those who are familiar with the openssl implementation can lend me some great help. Any advice would be greatly appreciated. ?????????? Aoki Nobuo?2166001? Email : b20001send at gmail.com Tel or SMS : +8170-8516-4157 Laboratory of Information Network Department of Computer and Network Engineering Graduate School of Information Sciences, Hiroshima City University -------------- next part -------------- An HTML attachment was scrubbed... URL: From b20001send at gmail.com Sun Aug 29 18:57:10 2021 From: b20001send at gmail.com (Nobuo Aoki) Date: Mon, 30 Aug 2021 03:57:10 +0900 Subject: Testing Message-ID: <2F866FF9-F6DE-4525-B35E-6867178391E6@gmail.com> I'll take care of it and ask the administrator to remove it manually if possible. The last message I sent had garbled characters in the sender, subject, and part of the content, and also had useless characters inserted. So, I tried to unify all the characters into single-byte characters. In addition, I changed the account name of the email address from Japanese to English. I apologize for the inconvenience. From b20001send at gmail.com Sun Aug 29 19:41:13 2021 From: b20001send at gmail.com (Nobuo Aoki) Date: Mon, 30 Aug 2021 04:41:13 +0900 Subject: =?utf-8?Q?Re=3A_Consultation=3AAdditional_=E2=80=9Cephemeral_publ?= =?utf-8?Q?ic_key=E2=80=9D_and_=E2=80=9Cephemeral_private_key=22_implement?= =?utf-8?Q?ations_for_quictls/opens?= In-Reply-To: <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> References: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> Message-ID: <7617ACF1-8EE7-497C-AAAF-52A09EA68D93@gmail.com> Dear OpenSSL users (reshaped) My name is Nobuo Aoki, and I am a master's student. (Hiroshima City University, Japan) Right now, I am doing research on secure communication protocols. Specifically, we are trying to enable ?ephemeral public key? and ?ephemeral private key? for SSL/TLS. I have been using quictls/openssl as an implementation of SSL/TLS. It is publicly available on Github. I am trying to identify the implementation where ?ephemeral public key? and ?ephemeral private key? can be added, but I have not been able to do so yet, probably because I am not familiar with the openssl implementation. I have also tried to read openssl/openssl in order to identify the implementation, but no luck. So, I'm wondering if those who are familiar with the openssl implementation can lend me some great help. Any advice would be greatly appreciated. ?????????? Nobuo Aoki (master 1st-year student) Email : b20001send at gmail.com Tel or SMS : +8170-8516-4157 Laboratory of Information Network Department of Computer and Network Engineering Graduate School of Information Sciences, Hiroshima City University > Dear OpenSSL users > > My name is Nobuo Aoki, > and I am a master's student. > (Hiroshima City University, Japan) > > Right now, I am doing research on secure communication protocols. > Specifically, we are trying to enable ?ephemeral public key? and > ?ephemeral private key? for SSL/TLS. > > I have been using quictls/openssl as an implementation of SSL/TLS. > It is publicly available on Github. > I am trying to identify the implementation > where ?ephemeral public key? and ?ephemeral private key? can be added, > but I have not been able to do so yet, > probably because I am not familiar with the openssl implementation. > I have also tried to read openssl/openssl in order to identify the implementation, but no luck. > > So, I'm wondering if those who are familiar with > the openssl implementation can lend me some great help. > Any advice would be greatly appreciated. > > ?????????? > Aoki Nobuo (master 1st-year student) > Email : b20001send at gmail.com > Tel or SMS : +8170-8516-4157 > Laboratory of Information Network > Department of Computer and Network Engineering > Graduate School of Information Sciences, > Hiroshima City University > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michael.Wojcik at microfocus.com Sun Aug 29 19:53:16 2021 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Sun, 29 Aug 2021 19:53:16 +0000 Subject: =?utf-8?B?UkU6IENvbnN1bHRhdGlvbu+8mkFkZGl0aW9uYWwg4oCcZXBoZW1lcmFsIHB1?= =?utf-8?B?YmxpYyBrZXnigJ0gYW5kIOKAnGVwaGVtZXJhbCBwcml2YXRlIGtleSIgaW1w?= =?utf-8?Q?lementations_for_quictls/opens?= In-Reply-To: <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> References: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> Message-ID: > From: openssl-users On Behalf Of ???? > Sent: Sunday, 29 August, 2021 07:04 > Specifically, we are trying to enable ?ephemeral public key? and? > ?ephemeral private key" for SSL/TLS. I'm afraid it is not clear to me, at least, what you are trying to do. Are you attempting to implement a standard protocol that incorporates ephemeral key pairs, such as EKE, into TLS? Are you implementing a standard specifically for TLS that I'm not aware of? (That's quite possible; I don't follow TLS standards closely.) If not, what is your use case? How do you see your protocol interacting with TLS? Some might argue that OpenSSL is not especially well-suited for adding experimental ciphersuites and protocols to its TLS implementation. Its focus is on providing a secure and rich commercial implementation of TLS and various cryptographic operations and protocols, not on providing a toolkit for researchers. I've never used quictls (as I think QUIC is broadly undesirable for most applications), but my understanding is that it's a fork of OpenSSL, so it's probably not any better in that regard. -- Michael Wojcik From kris at amongbytes.com Sun Aug 29 20:31:00 2021 From: kris at amongbytes.com (Kris Kwiatkowski) Date: Sun, 29 Aug 2021 21:31:00 +0100 Subject: =?UTF-8?Q?Re=3a_Consultation=3aAdditional_=e2=80=9cephemeral_public?= =?UTF-8?Q?_key=e2=80=9d_and_=e2=80=9cephemeral_private_key=22_implementatio?= =?UTF-8?Q?ns_for_quictls/opens?= In-Reply-To: <7617ACF1-8EE7-497C-AAAF-52A09EA68D93@gmail.com> References: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> <7617ACF1-8EE7-497C-AAAF-52A09EA68D93@gmail.com> Message-ID: <4bc30cbb-cfa0-963e-51f8-abbb4fb040fe@amongbytes.com> Hi Nobuo, I'm afraid a bit more details are needed. Not sure, what you mean by "enabling ephemeral key for SSL/TLS". For example, TLSv1.3 uses only key exchanges that offer forward secrecy, so one way to "enable ephemeral" is to use this new version of TLS protocol. If you wish see an example of such integration, then open-quantum-safe project [1] is maybe one place to look at. Those guys have integrated post-quantum key exchanges (ephemeral) into openssl. Lot's of good examples there. The OpenSSLNTRU [2] does similar thing and maybe is simpler to understand. Kind regards, Kris [1] https://github.com/open-quantum-safe/openssl [2] https://opensslntru.cr.yp.to/demo.html On 8/29/21 8:41 PM, Nobuo Aoki wrote: > Dear OpenSSL users (reshaped) > > My name is Nobuo Aoki,? > and I am a master's student. > (Hiroshima City University, Japan) > > Right now, I am doing research on secure communication protocols. > Specifically, we are trying to enable ?ephemeral public key? and? > ?ephemeral private key? for SSL/TLS. > > I have been using quictls/openssl as an implementation of SSL/TLS. > It is publicly available on Github. > I am trying to identify the implementation? > where ?ephemeral public key? and ?ephemeral private key? can be added,? > but I have not been able to do so yet,? > probably because I am not familiar with the openssl implementation. > I have also tried to read openssl/openssl in order to identify the > implementation, but no luck. > > So, I'm wondering if those who are familiar with? > the openssl implementation can lend me some great help. > Any advice would be greatly appreciated. > > ?????????? > Nobuo Aoki (master 1st-year student) > Email : b20001send at gmail.com > Tel or SMS : +8170-8516-4157 > Laboratory of Information Network > Department of Computer and Network Engineering > Graduate School of Information Sciences, > Hiroshima City University > >> Dear OpenSSL users >> >> My name is Nobuo Aoki,? >> and I am a master's student. >> (Hiroshima City University, Japan) >> >> Right now, I am doing research on secure communication protocols. >> Specifically, we are trying to enable ?ephemeral public key? and? >> ?ephemeral private key? for SSL/TLS. >> >> I have been using quictls/openssl as an implementation of SSL/TLS. >> It is publicly available on Github. >> I am trying to identify the implementation? >> where ?ephemeral public key? and ?ephemeral private key? can be added,? >> but I have not been able to do so yet,? >> probably because I am not familiar with the openssl implementation. >> I have also tried to read openssl/openssl in order to identify the >> implementation, but no luck. >> >> So, I'm wondering if those who are familiar with? >> the openssl implementation can lend me some great help. >> Any advice would be greatly appreciated. >> >> ?????????? >> Aoki Nobuo (master 1st-year student) >> Email : b20001send at gmail.com >> Tel or SMS : +8170-8516-4157 >> Laboratory of Information Network >> Department of Computer and Network Engineering >> Graduate School of Information Sciences, >> Hiroshima City University >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Aug 30 07:57:22 2021 From: matt at openssl.org (Matt Caswell) Date: Mon, 30 Aug 2021 08:57:22 +0100 Subject: =?UTF-8?Q?Re=3a_Consultation=3aAdditional_=e2=80=9cephemeral_public?= =?UTF-8?Q?_key=e2=80=9d_and_=e2=80=9cephemeral_private_key=22_implementatio?= =?UTF-8?Q?ns_for_quictls/opens?= In-Reply-To: <7617ACF1-8EE7-497C-AAAF-52A09EA68D93@gmail.com> References: <6B6EACB1-DA02-4B2B-AFF8-D31947867732@gmail.com> <6390231A-C646-4B8A-87F1-B5B48E8558FC@gmail.com> <7617ACF1-8EE7-497C-AAAF-52A09EA68D93@gmail.com> Message-ID: <01e500ac-8964-0e03-63b5-d362aede7b6f@openssl.org> On 29/08/2021 20:41, Nobuo Aoki wrote: > I am trying to identify the implementation > where ?ephemeral public key? and ?ephemeral private key? can be added, I am unclear from your question whether you are asking how to add a new public/private key scheme for integration into TLS. Or whether you are simply asking for the location in the code where the key_share is generated. If the latter then you might look here for the client side: https://github.com/openssl/openssl/blob/e8e1f6d1a9e599d575431f559200018b8f822e0f/ssl/statem/extensions_clnt.c#L649-L705 And here for the server side: https://github.com/openssl/openssl/blob/e8e1f6d1a9e599d575431f559200018b8f822e0f/ssl/statem/extensions_srvr.c#L1577-L1707 Matt From tomas at openssl.org Mon Aug 30 09:39:57 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 30 Aug 2021 11:39:57 +0200 Subject: Query regarding openssl-3.0.0 ecdsa self tests In-Reply-To: References: Message-ID: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> Hello, your analysis is right. It does only pairwise consistency test as the KAT is impossible to do for regular DSA and ECDSA due to random nonce being input of the signature algorithm and thus the signature always changes. Tomas On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > Hi, > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says > "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA > pairwise consistency test. > > Thanks, > Nagarjun -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From tomas at openssl.org Mon Aug 30 09:43:05 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 30 Aug 2021 11:43:05 +0200 Subject: openssl-1.1.1l fails to build in macOS 10.13.6 with Xcode 10.1 In-Reply-To: <85D4FBF5-3218-4DCE-A986-B415D0E2DEED@icloud.com> References: <85D4FBF5-3218-4DCE-A986-B415D0E2DEED@icloud.com> Message-ID: <198ef36af69d918315dc21afe7c46a1ba8d7e982.camel@openssl.org> Thank you for the report. This is already fixed on both 1.1.1 and master branches with: https://github.com/openssl/openssl/pull/16409 Tomas Mraz On Fri, 2021-08-27 at 13:34 -0400, Scott Lasley via openssl-users wrote: > Building openssl-1.1.1l with Xcode 10.1 under macOS 10.13.6 fails with > this error > > > In file included from crypto/rand/rand_unix.c:38: > /usr/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name > 'CCCryptorStatus' > typedef CCCryptorStatus CCRNGStatus; > ?????? ^ > crypto/rand/rand_unix.c:385:47: error: use of undeclared identifier > 'kCCSuccess' > ?? if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) > ???????????????????????????????????????????? ^ > 2 errors generated. > make[1]: *** [crypto/rand/rand_unix.o] Error 1 > > > > > The build succeeds and all tests pass if CommonCryptoError.h is added > to the __APPLE__ includes in crypto/rand/rand_unix.c > > #if defined(__APPLE__) > # include > # include > #endif > > Is this a safe change to make? > > Best regards, > Scott -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From bbrumley at gmail.com Mon Aug 30 10:17:03 2021 From: bbrumley at gmail.com (Billy Brumley) Date: Mon, 30 Aug 2021 13:17:03 +0300 Subject: Query regarding openssl-3.0.0 ecdsa self tests In-Reply-To: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> References: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> Message-ID: This is not really true. At least, for some of the tests. https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 That hijacks the RNG to feed the expected nonce, so it can check vs a KAT. Cheers, BBB On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz wrote: > > Hello, > > your analysis is right. It does only pairwise consistency test as the > KAT is impossible to do for regular DSA and ECDSA due to random nonce > being input of the signature algorithm and thus the signature always > changes. > > Tomas > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > Hi, > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says > > "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA > > pairwise consistency test. > > > > Thanks, > > Nagarjun > > -- > Tom?? Mr?z > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > From tomas at openssl.org Mon Aug 30 10:21:19 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 30 Aug 2021 12:21:19 +0200 Subject: Query regarding openssl-3.0.0 ecdsa self tests In-Reply-To: References: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> Message-ID: <808ebf9f8e278f9f54c7652fd3249ed06f019548.camel@openssl.org> The question was about the fips module POST (power on self test) and there what I wrote applies. Having special RNG providing constant data to ECDSA/DSA would be possible to do but it is not required, it would needlessly complicate the code, and add a risk of having such constant RNG being accidentally used for something where real random numbers are needed. Tomas On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > This is not really true. At least, for some of the tests. > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > That hijacks the RNG to feed the expected nonce, so it can check vs a > KAT. > > Cheers, > > BBB > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > wrote: > > > > Hello, > > > > your analysis is right. It does only pairwise consistency test as > > the > > KAT is impossible to do for regular DSA and ECDSA due to random > > nonce > > being input of the signature algorithm and thus the signature > > always > > changes. > > > > Tomas > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > Hi, > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > says > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > ECDSA > > > pairwise consistency test. > > > > > > Thanks, > > > Nagarjun > > > > -- > > Tom?? Mr?z > > No matter how far down the wrong road you've gone, turn back. > > ????????????????????????????????????????????? Turkish proverb > > [You'll know whether the road is wrong if you carefully listen to > > your > > conscience.] > > > > -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From 1nagarjun1 at gmail.com Mon Aug 30 11:23:58 2021 From: 1nagarjun1 at gmail.com (Nagarjun J) Date: Mon, 30 Aug 2021 16:53:58 +0530 Subject: Query regarding openssl-3.0.0 ecdsa self tests In-Reply-To: <808ebf9f8e278f9f54c7652fd3249ed06f019548.camel@openssl.org> References: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> <808ebf9f8e278f9f54c7652fd3249ed06f019548.camel@openssl.org> Message-ID: Hello, Then, is this a bug in ECDSA POST ? Or have to rename the test , as it is misleading and can cause problems in FIPS certification ? Thanks, Nagarjun On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz wrote: > The question was about the fips module POST (power on self test) and > there what I wrote applies. Having special RNG providing constant data > to ECDSA/DSA would be possible to do but it is not required, it would > needlessly complicate the code, and add a risk of having such constant > RNG being accidentally used for something where real random numbers are > needed. > > Tomas > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > This is not really true. At least, for some of the tests. > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > That hijacks the RNG to feed the expected nonce, so it can check vs a > > KAT. > > > > Cheers, > > > > BBB > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > > wrote: > > > > > > Hello, > > > > > > your analysis is right. It does only pairwise consistency test as > > > the > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > nonce > > > being input of the signature algorithm and thus the signature > > > always > > > changes. > > > > > > Tomas > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > Hi, > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > says > > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > > ECDSA > > > > pairwise consistency test. > > > > > > > > Thanks, > > > > Nagarjun > > > > > > -- > > > Tom?? Mr?z > > > No matter how far down the wrong road you've gone, turn back. > > > Turkish proverb > > > [You'll know whether the road is wrong if you carefully listen to > > > your > > > conscience.] > > > > > > > > -- > Tom?? Mr?z > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomas at openssl.org Mon Aug 30 15:28:28 2021 From: tomas at openssl.org (Tomas Mraz) Date: Mon, 30 Aug 2021 17:28:28 +0200 Subject: Query regarding openssl-3.0.0 ecdsa self tests In-Reply-To: References: <4e58cffcf2e8d72e06f5408d2c5bb62124bd4127.camel@openssl.org> <808ebf9f8e278f9f54c7652fd3249ed06f019548.camel@openssl.org> Message-ID: <22391e4162658e8661a1c16c3d3ff270fcdb3ad1.camel@openssl.org> It is not a bug, the pairwise test is sufficient. It's just a misleading name. And I do not think it will cause any problem with FIPS validation, this can be documented. Tomas On Mon, 2021-08-30 at 16:53 +0530, Nagarjun J wrote: > Hello, > > Then, is this a bug in ECDSA POST ? Or have?to rename the test , as > it is misleading and can cause problems in FIPS certification ? > > Thanks, > Nagarjun > > On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz wrote: > > The question was about the fips module POST (power on self test) > > and > > there what I wrote applies. Having special RNG providing constant > > data > > to ECDSA/DSA would be possible to do but it is not required, it > > would > > needlessly complicate the code, and add a risk of having such > > constant > > RNG being accidentally used for something where real random numbers > > are > > needed. > > > > Tomas > > > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > > This is not really true. At least, for some of the tests. > > > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > > > That hijacks the RNG to feed the expected nonce, so it can check > > > vs > > a > > > KAT. > > > > > > Cheers, > > > > > > BBB > > > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > > > wrote: > > > > > > > > Hello, > > > > > > > > your analysis is right. It does only pairwise consistency test > > > > as > > > > the > > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > > nonce > > > > being input of the signature algorithm and thus the signature > > > > always > > > > changes. > > > > > > > > Tomas > > > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > > Hi, > > > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > > says > > > > > "ECDSA KAT :PASS. But when i debuged the code it actually > > > > > doing > > > > > ECDSA > > > > > pairwise consistency test. > > > > > > > > > > Thanks, > > > > > Nagarjun > > > > > > > > -- > > > > Tom?? Mr?z > > > > No matter how far down the wrong road you've gone, turn back. > > > > ????????????????????????????????????????????? Turkish proverb > > > > [You'll know whether the road is wrong if you carefully listen > > > > to > > > > your > > > > conscience.] > > > > > > > > > > -- Tom?? Mr?z No matter how far down the wrong road you've gone, turn back. ??????????????????????????????????????????????Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] From hiroshi.aoki.yc at hitachi-solutions.com Tue Aug 31 01:19:56 2021 From: hiroshi.aoki.yc at hitachi-solutions.com (=?iso-2022-jp?B?GyRCQERMWjQyGyhCIC8gQU9LSRskQiEkGyhCSElST1NISQ==?=) Date: Tue, 31 Aug 2021 01:19:56 +0000 Subject: Causes SSL_CTX_new to return NULL Message-ID: I would like some advice as to why I am getting NULLs returned as a result of calling SSL_CTX_new. The library I'm using is OpenSSL 1.1.1k. The argument to SSL_CTX_new is TLS_server_method(). The message retrieved by ERR_get_error and ERR_error_string was the following. "error:140A90F2:SSL routines:SSL_CTX_new:unable to load ssl3 md5 routines". The phenomenon does not always occur, but sometimes it does. In the environment where the problem occurred, many services were running and memory was scarce, so I suspect that lack of memory was the cause. Are there any other possible causes? -------- Hiroshi Aoki From dev at ddvo.net Tue Aug 31 05:50:40 2021 From: dev at ddvo.net (David von Oheimb) Date: Tue, 31 Aug 2021 07:50:40 +0200 Subject: OpenSSL API CRL Revoke Check: Coverage In-Reply-To: References: Message-ID: <66c1936b-0eb7-5432-9b0f-2615f67ca6f7@ddvo.net> Hello Dennis, here are answers to your questions. * All CRL signatures are (by default) verified - otherwise status checking by CRLs would be insecure. The function used is def_crl_verify() in crypto/x509/x_crl.c * All CRLs are kept in the X509_STORE such that they can be reused for multiple cert verification calls, which typically have their own X509_STORE_CTX. When the cert chain has been build during verification of the target cert, the public keys of the intermediate (untrusted, but then verified) CA certs are used to verify the CRL signatures. * One needs to interpret "Untrusted objects should not be added in this way." in the context of the preceding sentence : "X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object to the X509_STORE's local storage." Certs can be trusted or not, but CRLs are not trusted by themselves. So the above sentence is in fact a bit misleading and should better be re-phrased to: "Untrusted certificates should not be added in this way." Regards, ??? David On 28.08.21 03:52, bl4ck ness wrote: > > Hello, > > I'm trying to use OpenSSL to validate a certificate chain with CRLs. > To achieve this, I create a X509_STORE and add trusted (root) > certificates into it via X509_STORE_add_cert(). I also add CRLs > published by root and intermediate CAs into the store using > X509_STORE_add_crl(). Then I create a X509_STORE_CTX for this store > and using X509_STORE_CTX_init() function I set intermediate certs via > its chain parameter and target (leaf) cert via its x509 parameter. > > When I verify cert chain using X509_verify_cert: > > * Are these CRLs checked for a valid digital signature (both CRLs > root & intermediate) ? > * Since store should only contain trusted root certificates why > should I add CRLs published by intermediate certificates into the > store but not to somewhere else (for example ctx)? > * Documentation for X509_STORE_add_crl "Untrusted objects should not > be added in this way". What does this mean? > > > Dennis K. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Tue Aug 31 06:02:16 2021 From: dev at ddvo.net (David von Oheimb) Date: Tue, 31 Aug 2021 08:02:16 +0200 Subject: Causes SSL_CTX_new to return NULL In-Reply-To: References: Message-ID: <439132ec-1c57-93cf-71b2-a4e8043b5d51@ddvo.net> Hello Hiroshi, unfortunately the memory allocation failure reporting of OpenSSL is still unsystematic; see also https://github.com/openssl/openssl/issues/6251. SSL_CTX_new() is pretty complex and can fail for many reasons. In the case you quote below, its call of EVP_get_digestbyname("ssl3-md5") fails for some reason. Since you get this behavior not all the time, its is clear that this cannot be due to a statically determined reason (such as the MD5 implementation not being available), so this must be due to lack of memory. It might be also due to some (other) issue with multi-threading, but very likely not. ??? David On 31.08.21 03:19, ??? / AOKI?HIROSHI wrote: > I would like some advice as to why I am getting NULLs returned as a result of calling SSL_CTX_new. > > The library I'm using is OpenSSL 1.1.1k. > The argument to SSL_CTX_new is TLS_server_method(). > The message retrieved by ERR_get_error and ERR_error_string was the following. > "error:140A90F2:SSL routines:SSL_CTX_new:unable to load ssl3 md5 routines". > The phenomenon does not always occur, but sometimes it does. > > In the environment where the problem occurred, many services were running and memory was scarce, so I suspect that lack of memory was the cause. > Are there any other possible causes? > -------- > Hiroshi Aoki > -------------- next part -------------- An HTML attachment was scrubbed... URL: From brahmaji.k at gmail.com Tue Aug 31 08:00:29 2021 From: brahmaji.k at gmail.com (Brahmaji K) Date: Tue, 31 Aug 2021 13:30:29 +0530 Subject: RSA private key DER decode fails without CRT components Message-ID: Hi Team, I'm trying to decode the RSA private key which was DER encoded earlier without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the same openssl version for both encoding and decoding, encoding works fine but decode fails. In decode, we call EVP_PKEY2PKCS8() function, this is failing with below error: 469393408:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=p, Type=RSAPrivateKey The above error is because field p is NULL, but with same p is NULL encoding is successful. Any idea why encode is Success but decode fails? Thanks and Regards, Brahmaji K -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Tue Aug 31 08:03:58 2021 From: beldmit at gmail.com (Dmitry Belyavsky) Date: Tue, 31 Aug 2021 10:03:58 +0200 Subject: RSA private key DER decode fails without CRT components In-Reply-To: References: Message-ID: Hello, First, may I ask you which version of OpenSSL do you use? Secondly, could you please report the issue via GitHub to make sure that it will not be lost? On Tue, Aug 31, 2021 at 10:01 AM Brahmaji K wrote: > Hi Team, > > I'm trying to decode the RSA private key which was DER encoded earlier > without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the > same openssl version for both encoding and decoding, encoding works fine > but decode fails. In decode, we call EVP_PKEY2PKCS8() function, this is > failing with below error: > > 469393408:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field > missing:crypto/asn1/tasn_dec.c:425:Field=p, Type=RSAPrivateKey > > The above error is because field p is NULL, but with same p is NULL > encoding is successful. Any idea why encode is Success but decode fails? > > Thanks and Regards, > Brahmaji K > -- SY, Dmitry Belyavsky -------------- next part -------------- An HTML attachment was scrubbed... URL: From brahmaji.k at gmail.com Tue Aug 31 08:06:27 2021 From: brahmaji.k at gmail.com (Brahmaji K) Date: Tue, 31 Aug 2021 13:36:27 +0530 Subject: RSA private key DER decode fails without CRT components In-Reply-To: References: Message-ID: Hi, I could see this with openssl version 1.1.1d. Sure I'll update. On Tue, Aug 31, 2021 at 1:34 PM Dmitry Belyavsky wrote: > Hello, > > First, may I ask you which version of OpenSSL do you use? > Secondly, could you please report the issue via GitHub to make sure that > it will not be lost? > > On Tue, Aug 31, 2021 at 10:01 AM Brahmaji K wrote: > >> Hi Team, >> >> I'm trying to decode the RSA private key which was DER encoded earlier >> without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the >> same openssl version for both encoding and decoding, encoding works fine >> but decode fails. In decode, we call EVP_PKEY2PKCS8() function, this is >> failing with below error: >> >> 469393408:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field >> missing:crypto/asn1/tasn_dec.c:425:Field=p, Type=RSAPrivateKey >> >> The above error is because field p is NULL, but with same p is NULL >> encoding is successful. Any idea why encode is Success but decode fails? >> >> Thanks and Regards, >> Brahmaji K >> > > > -- > SY, Dmitry Belyavsky > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bl4cknesstr at gmail.com Tue Aug 31 19:19:07 2021 From: bl4cknesstr at gmail.com (bl4ck ness) Date: Tue, 31 Aug 2021 22:19:07 +0300 Subject: OpenSSL API CRL Revoke Check: Coverage In-Reply-To: <66c1936b-0eb7-5432-9b0f-2615f67ca6f7@ddvo.net> References: <66c1936b-0eb7-5432-9b0f-2615f67ca6f7@ddvo.net> Message-ID: Thanks for the clarification David. Your help is much appreciated. David von Oheimb , 31 A?u 2021 Sal, 08:50 tarihinde ?unu yazd?: > Hello Dennis, > > here are answers to your questions. > > > - All CRL signatures are (by default) verified - otherwise status > checking by CRLs would be insecure. The function used is def_crl_verify() > in crypto/x509/x_crl.c > - All CRLs are kept in the X509_STORE such that they can be reused for > multiple cert verification calls, which typically have their own > X509_STORE_CTX. > When the cert chain has been build during verification of the target > cert, > the public keys of the intermediate (untrusted, but then verified) CA > certs are used to verify the CRL signatures. > - One needs to interpret "Untrusted objects should not be added in > this way." in the context of the preceding sentence : > "X509_STORE_add_cert() and X509_STORE_add_crl() add the respective > object to the X509_STORE's local storage." > Certs can be trusted or not, but CRLs are not trusted by themselves. > So the above sentence is in fact a bit misleading > and should better be re-phrased to: "Untrusted certificates should not > be added in this way." > > Regards, > > David > On 28.08.21 03:52, bl4ck ness wrote: > > Hello, > > I'm trying to use OpenSSL to validate a certificate chain with CRLs. To > achieve this, I create a X509_STORE and add trusted (root) certificates > into it via X509_STORE_add_cert(). I also add CRLs published by root and > intermediate CAs into the store using X509_STORE_add_crl(). Then I create a > X509_STORE_CTX for this store and using X509_STORE_CTX_init() function I > set intermediate certs via its chain parameter and target (leaf) cert via > its x509 parameter. > > When I verify cert chain using X509_verify_cert: > > - Are these CRLs checked for a valid digital signature (both CRLs root > & intermediate) ? > - Since store should only contain trusted root certificates why should > I add CRLs published by intermediate certificates into the store but not to > somewhere else (for example ctx)? > - Documentation for X509_STORE_add_crl "Untrusted objects should not > be added in this way". What does this mean? > > > Dennis K. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: