Re: [openssl-users] openssl-users Digest, Vol 10, Issue 19 (lib4758cca.bad

2015-09-25 Thread neil carter 

I guess I missed that.  Works perfectly now!

Thanks, Viktor!!


Neil


On 9/25/2015 2:45 PM, openssl-users-requ...@openssl.org wrote:

Send openssl-users mailing list submissions to
openssl-users@openssl.org

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
openssl-users-requ...@openssl.org

You can reach the person managing the list at
openssl-users-ow...@openssl.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: lib4758cca.bad (Viktor Dukhovni)
2. How can i verify a signature without knowing the private key?
   not by openssl command but openssl function.
   (=?gb18030?B?1qrstvTDvLo=?=)
3. Re: How can i verify a signature without knowing the private
   key? not by openssl command but openssl function. (Scott Neugroschl)
4. Re: How can i verify a signature without knowing the private
   key? not by openssl command but openssl function. (Scott Neugroschl)
5. Browsers SSL handshake issues with   https://wiki.openssl.org
   (Bubnov Dmitriy)


--

Message: 1
Date: Thu, 24 Sep 2015 19:52:49 +
From: Viktor Dukhovni 
To: openssl-users@openssl.org
Subject: Re: [openssl-users] lib4758cca.bad
Message-ID: <20150924195249.gr21...@mournblade.imrryr.org>
Content-Type: text/plain; charset=us-ascii

On Thu, Sep 24, 2015 at 12:50:43PM -0500, neil carter wrote:


I just completed compiling the openssl-1.0.2d bundle on 64-bit linux (OEL
5.8).  I say completed, but I cheated somewhat.

steps:

 ./config --prefix=/usr/local shared no-dso
 make
 make install

When I ran the 'make install' the first time, it failed at the 4758cca
section with several errors  about all of the lib* files in the engines
sub-directory.

When you disable dynamic shared objects, you also need to disable
engine support.

Try:

 ./config --prefix=/usr/local shared no-dso no-engine
 make depend
 make

(Building with no-engine does not seem to work on the "master"
branch just now, but works for me with 1.0.2 from git, have not
tried 1.0.2d).



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Browsers SSL handshake issues with https://wiki.openssl.org

2015-09-25 Thread Bubnov Dmitriy 
Hello, All.

I have met an issue with different browsers behavior when opening a link 
https://wiki.openssl.org/. Investigations shows that it is SSL handshake issues.

Is it possible to correct situation for Safari browser?

Below is 'ssldump's and 'openssl version -a' logs.

>

>>> osx10.6.8 + chrome 45.0.2454.101; SSL session is OK
>>>
New TCP connection #1: 192.168.0.1(59718) <-> 194.97.150.234(443)
1 1  0.0506 (0.0506)  C>S V3.1(512)  Handshake
  ClientHello
Version 3.3 
random[32]=
  d2 e1 13 ee 12 ed 4a cd 48 ab 9a 84 89 5e 68 65 
  6c 74 d1 47 16 b6 a8 59 20 78 1e 73 1c 29 08 40 
resume [32]=
  96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 
  3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d 
cipher suites
Unknown value 0xcc14
Unknown value 0xcc13
Unknown value 0xcc15
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
  NULL
1 2  0.1002 (0.0496)  S>C V3.3(81)  Handshake
  ServerHello
Version 3.3 
random[32]=
  25 b5 71 fa 69 9c 64 26 91 48 e5 c1 6f 07 6c 4b 
  12 b7 22 a6 20 e6 fb 6d 80 00 dd a1 99 43 70 dc 
session_id[32]=
  96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 
  3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d 
cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
compressionMethod   NULL
1 3  0.1002 (0.)  S>C V3.3(1)  ChangeCipherSpec
1 4  0.1002 (0.)  S>C V3.3(40)  Handshake
1 5  0.1017 (0.0014)  C>S V3.3(1)  ChangeCipherSpec
1 6  0.1017 (0.)  C>S V3.3(40)  Handshake
1 7  0.1024 (0.0006)  C>S V3.3(521)  application_data
1 8  0.2268 (0.1244)  S>C V3.3(299)  application_data
1 9  4.0905 (3.8636)  C>S V3.3(426)  application_data
1 10 4.1691 (0.0786)  S>C V3.3(598)  application_data
1 11 4.1737 (0.0046)  C>S V3.3(495)  application_data
1 12 4.2673 (0.0935)  S>C V3.3(298)  application_data
19.2750 (5.0077)  S>C  TCP FIN
1   14.2687 (4.9936)  C>S  TCP FIN


>


>>> osx10.6.8 safari5.1.10(6534.59.10); SSL session is BROKEN
>>>
New TCP connection #1: 192.168.0.1(59771) <-> 194.97.150.234(443)
1 1  0.0598 (0.0598)  C>S V3.1(158)  Handshake
  ClientHello
Version 3.1 
random[32]=
  56 05 6d 21 f6 ef c5 31 be 10 7d ef e8 b4 78 cf 
  a5 47 61 7a 23 42 29 30 a2 6e c3 dc e3 0f 67 4b 
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
compression methods
  NULL
10.1143 (0.0545)  S>C  TCP FIN
10.1158 (0.0014)  C>S  TCP FIN
New TCP connection #2: 192.168.0.1(59773) <-> 194.97.150.234(443)
2 1  0.0569 (0.0569)  C>S V3.0(81)  Handshake
  ClientHello
Version 3.0 
random[32]=
  56 05 6d 21 d2 ca b5 6f 97 90 79 52 f9 c6 af 40 
  20 77 73 28 de 7d 60 48 c0 58 fc d8 a8 df 9d d0 
cipher suites

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

2015-09-25 Thread Scott Neugroschl 
Ignore me.  I completely misread your email.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Scott Neugroschl
Sent: Friday, September 25, 2015 10:32 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

That's the whole point of private key encryption.  You don't NEED to know the 
private key.

What you do is write out the data (abcde1234).  Then hash it (SHA-256), and 
encrypt the *HASH* with the private key.
The recipient reads the data and encrypted hash.  He then decrypts the hash 
with the public key, compares it to the hash of the data.  If the two hashes 
match, the data is authentic.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Sent: Friday, September 25, 2015 3:52 AM
To: openssl-users
Subject: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

Hi guys
i want to write two programd to learn the details of ecdsa signature.
program A read the private key from private.pem, sign a string, like 
"abcde1234", save the signature as sig.pem.
program B read the public key from pub.pem, read the sig.pem, and verify 
the signature.
can anybody provide me a example code?

my implementation is as follow:
1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out 
private.pem" and extract the public key by "openssl ec -in private.pem -out 
public.pem -pubout"
2, read the private key by "PEM_read_PrivateKey()", and sign with 
"ECDSA_do_sign", there is no problem. program A works well.
3, the problem is how to read the public key from public.pem ? i find 
PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code.  how can 
i verify the signature without knowing the private key?


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

2015-09-25 Thread Scott Neugroschl 
That's the whole point of private key encryption.  You don't NEED to know the 
private key.

What you do is write out the data (abcde1234).  Then hash it (SHA-256), and 
encrypt the *HASH* with the private key.
The recipient reads the data and encrypted hash.  He then decrypts the hash 
with the public key, compares it to the hash of the data.  If the two hashes 
match, the data is authentic.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Sent: Friday, September 25, 2015 3:52 AM
To: openssl-users
Subject: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

Hi guys
i want to write two programd to learn the details of ecdsa signature.
program A read the private key from private.pem, sign a string, like 
"abcde1234", save the signature as sig.pem.
program B read the public key from pub.pem, read the sig.pem, and verify 
the signature.
can anybody provide me a example code?

my implementation is as follow:
1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out 
private.pem" and extract the public key by "openssl ec -in private.pem -out 
public.pem -pubout"
2, read the private key by "PEM_read_PrivateKey()", and sign with 
"ECDSA_do_sign", there is no problem. program A works well.
3, the problem is how to read the public key from public.pem ? i find 
PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code.  how can 
i verify the signature without knowing the private key?


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

2015-09-25 Thread ???????? 
Hi guys
i want to write two programd to learn the details of ecdsa signature. 
program A read the private key from private.pem, sign a string, like 
"abcde1234", save the signature as sig.pem.
program B read the public key from pub.pem, read the sig.pem, and verify 
the signature.
can anybody provide me a example code?


my implementation is as follow:
1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out 
private.pem" and extract the public key by "openssl ec -in private.pem -out 
public.pem -pubout"
2, read the private key by "PEM_read_PrivateKey()", and sign with 
"ECDSA_do_sign", there is no problem. program A works well.
3, the problem is how to read the public key from public.pem ? i find 
PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code.  how can 
i verify the signature without knowing the private key?___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users