Re: [openssl-users] Fwd: Makefile.org in openSSL 1.1.0d

2017-02-13 Thread murugesh pitchaiah 
Thank you Rich.

I was using 1.0.2.h earlier. It was using Makefile.org and then
Configure script was run to generate the Makefile. The template
available in Makefile.org was used to prepare the Makefile.

Can you please share if any thread, details on new build system, how
to use that?

Thanks,
Murugesh P.

On 2/13/17, Salz, Rich  wrote:
>
>> Can someone explain why 'Makefile.org' is removed now and how to tackle
>> it
>> ?
>
> The whole build system changed; there is no Makefile.org any more.  What
> were you trying to do?
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Karl Denninger 
On 2/13/2017 18:41, Salz, Rich wrote:
>> It is a home grown HTTPS server.
> Well, then what does your server do?
>
> To be very very clear:  TLS is a *send the bytes* protocol.  It knows nothing 
> about EBCDIC, ASCII, text, etc.

To back up what Rich has said I pass a LOT of data, including HTTPS and
binary protocols between different machines (which may contain any
particular set of bytes in a packet format) using OpenSSL as the
encryption method for said transport and I've had no issues whatsoever
with whatever I stuff in the pipe coming out the other end unmolested.

Do be aware of the semantics and exceptions (which you must handle -- or
else) described in the documentation however -- especially for
non-blocking sockets.  Due to the potential for renegotiations and
similar failing to pay attention to those can result in some pretty
interesting "surprises".

-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Salz, Rich 
> It is a home grown HTTPS server.

Well, then what does your server do?

To be very very clear:  TLS is a *send the bytes* protocol.  It knows nothing 
about EBCDIC, ASCII, text, etc.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Viktor Dukhovni 

> On Feb 13, 2017, at 3:53 PM, Salz, Rich  wrote:
> 
> What’s the serer on the other side?  If it’s a web server, then \0 characters 
> are generally illegal.  If it’s s_server, then it, too, really wants ASCII 
> lines.

For binary-clean input use the "-nocommads" option to s_client.
The remaining behaviour is then up to the server, though on EBCDIC
systems, the input is still assumed to be textual and ASCII conversion
will be attempted.  The s_client(1) command is not "stunnel", it is a
diagnostic tool, not a proxy.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Anamitra Dutta Majumdar 
It is a home grown HTTPS server.


Anamitra Dutta Majumdar
Product Security Architect
Office: 4152663903
Email: amajum...@splunk.com
Splunk Inc. San Francisco | Cupertino | London | Hong Kong | Washington D.C. | 
Seattle | Plano | Singapore | Munich | Tokyo | Shanghai


From: openssl-users  on behalf of "Salz, 
Rich" 
Reply-To: "openssl-users@openssl.org" 
Date: Monday, February 13, 2017 at 12:53 PM
To: "openssl-users@openssl.org" 
Subject: Re: [openssl-users] OpenSSL behavior for NULL characters

What’s the serer on the other side?  If it’s a web server, then \0 characters 
are generally illegal.  If it’s s_server, then it, too, really wants ASCII 
lines.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Salz, Rich 
What’s the serer on the other side?  If it’s a web server, then \0 characters 
are generally illegal.  If it’s s_server, then it, too, really wants ASCII 
lines.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL behavior for NULL characters

2017-02-13 Thread Anamitra Dutta Majumdar 
I am trying to figure out what is the default OpenSSL server side behavior when 
we send the following command

openssl s_client -connect localhost:8089 < /dev/zero 2>&1

What is the expected/default  behavior of a TLS server.
Should it close the connection , or continue to accept the NULL characters.


Anamitra Dutta Majumdar
Product Security Architect
Office: 4152663903
Email: amajum...@splunk.com
Splunk Inc. San Francisco | Cupertino | London | Hong Kong | Washington D.C. | 
Seattle | Plano | Singapore | Munich | Tokyo | Shanghai

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Fwd: Makefile.org in openSSL 1.1.0d

2017-02-13 Thread Salz, Rich 
 
> Can someone explain why 'Makefile.org' is removed now and how to tackle it
> ?

The whole build system changed; there is no Makefile.org any more.  What were 
you trying to do?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Fwd: Makefile.org in openSSL 1.1.0d

2017-02-13 Thread murugesh pitchaiah 
Team,

I downloaded the openSSL 1.1.0d now and was trying to use that.
Previously I was using openSSL 1.0.2.h.

I do not see the 'Makefile.org' in the new 1.1.0d. In my application I
was using this file. Now as it is not present in 1.1.0d, could not
complete the upgrade.

Can someone explain why 'Makefile.org' is removed now and how to tackle it ?

Thanks,
Murugesh P.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Using RSASSA-PSS in command line smime / cms utility

2017-02-13 Thread Harakiri via openssl-users 
Can i set the padding RSASSA-PSS or alg ECDSA via command line when using 
openssl smime or openssl cms command?
I can't find an option for it.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RSA engine is not using the functions mentioned in struct

2017-02-13 Thread khurram ashraf 
Respected Mr. Levitte,

I have created the symlink to 
/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/librsa_engine.so. During 
encryption and decryption it mentions that "engine "rsa-engine 1" set", but it 
doesnot use the function in the struct and also doesnot output the printf. 
Furthermore, I also tried the method you recomended but still no result.


Best Regards.

Khurram



From: openssl-users  on behalf of Richard 
Levitte 
Sent: Monday, February 13, 2017 11:15 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] RSA engine is not using the functions mentioned in 
struct

In message 

 on Mon, 13 Feb 2017 10:57:27 +, khurram ashraf 
 said:

khurramashraf_786> Here the engine loads but when i try to encrypt a text file 
by using
khurramashraf_786> following command
khurramashraf_786>
khurramashraf_786> openssl pkeyutl -encrypt -in message.txt -pubin -inkey 
pubkey-B.pem -engine rsa_engine -out cipher.bin
khurramashraf_786> openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem 
-engine rsa_engine -out rec.txt
khurramashraf_786>
khurramashraf_786> It seems that it is not using the functions which I defined 
in the
khurramashraf_786> struct_rsa. It is also not giving the output from the printf 
in the
khurramashraf_786> function.

You need to tell it where to find the engine as well.  libcrypto looks
in the standard system places (typically /usr/lib or so) and the path
given by the environment variable OPENSSL_ENGINES.  Try these lines
and see if that makes a difference:

OPENSSL_ENGINES=.
export OPENSSL_ENGINES
openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey-B.pem -engine 
rsa_engine -out cipher.bin
openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem -engine rsa_engine 
-out rec.txt

Cheers,
Richard

--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
openssl-users Info Page
mta.openssl.org
This mailing list is for discussion among those using the OpenSSL software. To 
see the collection of prior postings to the list, visit the openssl-users 
Archives


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RSA engine is not using the functions mentioned in struct

2017-02-13 Thread Richard Levitte 
In message 

 on Mon, 13 Feb 2017 10:57:27 +, khurram ashraf 
 said:

khurramashraf_786> Here the engine loads but when i try to encrypt a text file 
by using
khurramashraf_786> following command
khurramashraf_786> 
khurramashraf_786> openssl pkeyutl -encrypt -in message.txt -pubin -inkey 
pubkey-B.pem -engine rsa_engine -out cipher.bin
khurramashraf_786> openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem 
-engine rsa_engine -out rec.txt
khurramashraf_786> 
khurramashraf_786> It seems that it is not using the functions which I defined 
in the
khurramashraf_786> struct_rsa. It is also not giving the output from the printf 
in the
khurramashraf_786> function.

You need to tell it where to find the engine as well.  libcrypto looks
in the standard system places (typically /usr/lib or so) and the path
given by the environment variable OPENSSL_ENGINES.  Try these lines
and see if that makes a difference:

OPENSSL_ENGINES=.
export OPENSSL_ENGINES
openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey-B.pem -engine 
rsa_engine -out cipher.bin
openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem -engine rsa_engine 
-out rec.txt

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] RSA engine is not using the functions mentioned in struct

2017-02-13 Thread khurram ashraf 

I am new to making engines in openssl. Basically I want to implement an OpenSSL 
RSA engine that uses the functions I mentioned while encrypting and decrypting. 
My engine compiles and loads but it seems that it is not using the functions I 
want it to use for encryption and decryption.

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

static int
eng_rsa_pub_enc (int flen, const unsigned char *from,
 unsigned char *to, RSA * rsa, int padding)
{

printf ("Engine is encrypting using pub key \n");
RSA_public_encrypt (flen, from, to, rsa, RSA_PKCS1_PADDING);
}

static int
eng_rsa_pub_dec (int flen, const unsigned char *from,
 unsigned char *to, RSA * rsa, int padding)
{

   printf ("Engine is decrypting using pub key \n");
   RSA_public_decrypt (flen, from, to, rsa, RSA_PKCS1_PADDING);
}

static int
eng_rsa_priv_enc (int flen, const unsigned char *from, unsigned char *to,
  RSA * rsa, int padding __attribute__ ((unused)))
{
   printf ("Engine is encrypting using priv key \n");
   RSA_private_encrypt (flen, from, to, rsa, RSA_PKCS1_PADDING);
}


static int
eng_rsa_priv_dec (int flen, const unsigned char *from, unsigned char *to,
  RSA * rsa, int padding __attribute__ ((unused)))
{
   printf ("Engine is decrypting using priv key \n");
   RSA_private_decrypt (flen, from, to, rsa, RSA_PKCS1_PADDING);
}

/* Constants used when creating the ENGINE */
static const char *engine_rsa_id = "rsa-engine 1";
static const char *engine_rsa_name = "engine for testing 1";



static RSA_METHOD struct_rsa = {
"RSA engine for demo",
eng_rsa_pub_enc,
eng_rsa_pub_dec,
eng_rsa_priv_enc,
eng_rsa_priv_dec,
NULL,
NULL,
NULL,
NULL,
RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
NULL,
NULL,
NULL
};

static int bind (ENGINE * e, const char *id)
{
  printf ("%s\n", id);

  if (!ENGINE_set_id (e, engine_rsa_id) ||
  !ENGINE_set_name (e, engine_rsa_name) ||
  !ENGINE_set_RSA (e, _rsa))
  return 0;

  return 1;
}

IMPLEMENT_DYNAMIC_BIND_FN (bind)
IMPLEMENT_DYNAMIC_CHECK_FN ()


I am compiling the code using following command.

gcc -fPIC -c rsa-engine.c
gcc -shared -o librsa_engine.so -lcrypto rsa-engine.o
openssl engine -t -c rsa_engine


Here the engine loads but when i try to encrypt a text file by using following 
command

openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey-B.pem -engine 
rsa_engine -out cipher.bin
openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem -engine rsa_engine 
-out rec.txt


It seems that it is not using the functions which I defined in the struct_rsa. 
It is also not giving the output from the printf in the function.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Forthcoming OpenSSL release

2017-02-13 Thread OpenSSL 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Forthcoming OpenSSL release
===

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL version 1.1.0e

This release will be made available on 16th February 2017 between 1200-1600
UTC, and will include a fix for a security defect classified as severity "High".
This issue does not affect OpenSSL versions prior to 1.1.0.

Please see the following page for further details of severity levels:
https://www.openssl.org/policies/secpolicy.html

Yours

The OpenSSL Project Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCAAGBQJYoXCaAAoJEAEKUEB8TIy92GwH+gMIr6v8IQE04/aHWlp+ilep
RIPM3x+NAQCkBTSZDhYPRIfJPnbEfGY1hi6Og28SQwHyfClL8Kyg0rkcgEJa9Q1A
evhXesZD6xwWiPbqS4yu/iAnjapCPDuNQOeH8toRBs97N4bZ5/SLN6a5UUQg3lQ6
4t3zHJMK3RDRl6O39xmU84qpP7iumGW8Br/0XD2DfPvF0hAJVO+IfvTHK1WEFZg3
j1bYFUEP3lFWnXQDN7h4e9dOKRioSADdl/Tj+Ibh51OBYwaE2xjqqsOs4VAjbG8x
V17okImTVhXhKSEOw3wsNirjW/+ui6fDIjszUGTcmNSp+MLXvUB21+8OXaVTDQs=
=DVlI
-END PGP SIGNATURE-
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users