Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?

[Salz, Rich via openssl-users]

> Then I've misunderstood the presence of the "-DSHA256_ASM" flag.
> 
> What's it specifically used for?

To remind me to double-check my answers? :(

Sorry, they are present.  The difference is that the help message in 1.0.2 
isn't complete.  Did you try the commands directly?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] automating my CA

[Salz, Rich via openssl-users]

> Alot of  Online certificate providers have some kind of REST API.
> 
> Is there such an API available as OSS or do i have to write one myself

You might want to look at the IETF ACME protocol.

There are many clients around.  And the LetsEncrypt code is open source.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] X509 subject public key id-RSASSA-PSS

[Salz, Rich via openssl-users]

1.0.2 does not have full RSA-PSS support; you can’t use it.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] X509 subject public key id-RSASSA-PSS

[Salz, Rich via openssl-users]

> Does your response mean, that RSA-PSS meanhile _is_ fully supported in 1.1.0?

I hesitate to  say fully, because there are no doubt parts that don't work.  
But RSAPSS signatures are supported.
But more importantly, 1.1.1 not 1.1.0

> Any estimations about how much work has to be done for adopting the newer 
> version?

It depends.  Almost all structures are opaque now, so you can't look inside at 
the fields direcdtly.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compatibility of OpenSSL (Debian)

[Salz, Rich via openssl-users]

 A file DES3 encrypted here by OpenSSL 1.0.1t  3 May 2016 (Debian 7 or 
earlier version) is not accessible
 by OpenSSL 1.1.0f  25 May 2017 (Debian 9).  Is this expected behavior?

https://www.openssl.org/docs/faq.html#USER3


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] documentation for 1.1.0

[Salz, Rich via openssl-users]

Links across versions don’t really work since we moved from “crypto” “ssl” to 
man3, etc.
Perhaps we should just take them down.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] reading DER format public keys

[Salz, Rich via openssl-users]

➢ pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);

That only reads PEM files.  If docs say otherwise, they are wrong.

➢ There must be a way to read DER format public keys.

A raw public key?  Or a cert?  Or a pkcs object?  Anyhow, doc/man3/d2i_X509.pod 
in master.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] 20170914 snapshots

[Salz, Rich via openssl-users]

We did some system upgrades and they were down during the update time.

As I’ve said before, please wait for at least a second day before writing about 
the snapshots.

On 9/14/17, 8:09 AM, "The Doctor"  wrote:

They are missing in action!



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Certificate Comparison

[Salz, Rich via openssl-users]

Convert from PEM to DER (via the X509_PEM_read_ funtions) and use X509_cmp.

PEM format is not guaranteed – you could have differnet linebreaks, for example.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Un-signed CSRs

[Salz, Rich via openssl-users]

Ø  Has anyone had success parsing un-signed CSRs?

By its definition a CSR is signed.  So this will not work.




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

[Salz, Rich via openssl-users]

➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.

Because it was seen to be a feature, not a bug-fix?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

[Salz, Rich via openssl-users]

➢ But the patch was put in git almost 10 months before 1.0.2 initial 
release.

We weren’t using git back then.  So maybe it’s a bad/confusing import.  Maybe 
matt can explain.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

[Salz, Rich via openssl-users]

Openssl 0.9.8 is old and obsolete and has security issues; you should upgrade.

But even if you upgrade, the ocsp command will not listen on HTTPS; that is not 
supported.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Research papers on TLS 1.3

[Salz, Rich via openssl-users]

You should look at the IETF TLS working group.  Also, there was a mini 
conference, TLS Ready or Not, that has a bunch of useful papers.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

[Salz, Rich via openssl-users]

1.0.2 and 1.1.0, whatever the highest letter is, are the supported releases.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

[Salz, Rich via openssl-users]

Okay, you seem to be looking for an answer and there isn’t one.

The release you are using has problems when it decided to walk the heap.  The 
release you are using WILL NOT BE FIXED.

Change your code, backport the fix, or move to a more modern release.  Sorry, 
there is no other way.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

[Salz, Rich via openssl-users]

You could try to backport the win_rand file from a more recent release.

Far better, as Michael first said, to move to 1.0.2 or later.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

[Salz, Rich via openssl-users]

Ah,  put -sha256 in the CLIENT request.  Seems kind of backward.  Or at 
least the server should have some control over the hash used?


Well, it is the client that is making the request, so therefore the client 
needs to hash the cert information.

A production-quality OCSP responder might have configuration controls to 
specify which type of digests it wants to see in the request.  As with most of 
the OpenSSL command-line interface, it’s not a product.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query on usage of openssl 1.1.0f with openssl-FIPS

[Salz, Rich via openssl-users]

Ø  I am unable to find the openssl-fips module for 1.1.0f. Do you know when it 
will be available?
 We have no date.  Work hasn’t fully started, and isn’t fully funded.  Perhaps 
your company would like to help? :) See our blog for updates (look in the 
archive for postings with FIPS in the title; https://www.openssl.org/blog )

Ø  Could you please let us know the latest openssl 1.0 version that can be 
compiled with “openssl-fips-2.0.16”?
1.0.2, latest release.
> Also, please let know if that version supports DTLS.
 I think no, but am not positive.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Env variables in config file to add a whole line

[Salz, Rich via openssl-users]

…

$crlDP
$ocspIAI


This is not supported.  You can only put variables in *values* 


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

[Salz, Rich via openssl-users]

An X509v3 certificate has “notBefore” and “notAfter” fields.  If either of 
those is not present, then it is not an X509v3 certificate.  The time marked by 
those fields is the validity period.

If you want “never expires” X509v3 certificates, the best you can do it put a 
very large value in the notAfter field.  Some software may have issues around 
32bit representation of classic Unix time_t and therefore have problems with 
times greater than 2038; OpenSSL does not have those problems.

The OpenSSL command-line tools do not handle every possible corner case, 
including the ability to reasonably set dates that more than 7,500 years in the 
future.  You will have to modify the source.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to emulate EVP_PKEY_meth_get_sign() on OpenSSL-1.0.2?

[Salz, Rich via openssl-users]

Ø  Is there a way to emulate the above calls, and achieve similar result on 
OpenSSL-1.0.2?

Just pull the fields out of the struct directly?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Manually shutdown the library

[Salz, Rich via openssl-users]

The original issue was discussed here:  
https://www.mail-archive.com/openssl-users@openssl.org/msg80781.html


There are no plans to do so.  You’ll have to modify the source and/or make a 
pull request.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ERR_add_error_data

[Salz, Rich via openssl-users]

Ø  What happens if I call the ERR_add_error_data twice? Will it add the 
arguments or replace them?

It replaces, free’ing the old.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

[Salz, Rich via openssl-users]

➢ But if I use format=der I do not get prompted for the password.
   
DER does not support encryption.  The bug is that the command does not tell you 
this.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

[Salz, Rich via openssl-users]

➢ OK.  And why does DER not support encryption

Because it is not defined.  If you want to encrypt keys, you need to use PKCS12 
which might be too much for your application.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using set_serial to control serial number size directly

[Salz, Rich via openssl-users]

But in doing this, I can't figure out if there is a risk on serial 
number size for a root CA cert as there is for any other cert.

I don’t understand what attack you are concerned about, but the size of the 
serial number should not matter for *any* certificate.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using set_serial to control serial number size directly

[Salz, Rich via openssl-users]

If the root is going to be trusted, make its serial number be one. ☺
Otherwise use eight bytes of random as the serial number, if you follow CABF 
guidelines.
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using set_serial to control serial number size directly

[Salz, Rich via openssl-users]

➢ Thus how large does this random number have 

It’s also to protect against predicting serial numbers and being able to 
leverage that.  It’s not just (nor really mainly) the MD5 digest attacks.  
According to CABForum, you need 8 octets.  No reason not to use more if you can.


➢ page was talking about in conjunction with the -CA option. With 'openssl 
ca' use of the serial file is mandatory according to the man page.  
There are no command line options for it.

Fixed in master and will be part of the next releases; the –rand_serial flag.   
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CVE 2017-3735 OOB read

[Salz, Rich via openssl-users]

From https://www.openssl.org/news/secadv/20170828.txt

OpenSSL Security Advisory [28 Aug 2017]


Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)
===

Severity: Low

If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.

As this is a low severity fix, no release is being made. The fix can be
found in the source repository (1.0.2, 1.1.0, and master branches); see
https://github.com/openssl/openssl/pull/4276. This bug has been present
since 2006.


This issue was found by Google's OSS-Fuzz project on August 22.
The fix was developed by Rich Salz of the OpenSSL development team.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cant seem to get prompt no to work

[Salz, Rich via openssl-users]

In the CA section, you have to specify which fields you need/want in the DN.  
This is the “policy” identifier which points to a section that names the RDN’s 
you want/need.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cant seem to get prompt no to work

[Salz, Rich via openssl-users]

Use the –batch flag to avoid all prompting

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] how to compile out selected ciphers

[Salz, Rich via openssl-users]

What version of openssl are you  building?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] How to use BIO_do_connect(), blocking and non-blocking with timeout, coping with errors

[Salz, Rich via openssl-users]

FWIW, there’s a ‘libtls’ library from the libre folks that might be worth 
looking at.

If you come up with useful snippets we can start by posting them to the wiki, 
for example


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

[Salz, Rich via openssl-users]

  *   Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no 
change

Sorry, then try 1.1.0  The HEAPWALK bug/issue is fixed there.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Openssl FIPS 186-4 Patch

[Salz, Rich via openssl-users]

➢ This FIPS186-4 is not just about SHA. It basically about the key
generation parameters. Especially I am looking for RSA key generation
parameters wrt FIPS 186-4.

I do not know how you got the opinion that OpenSSL has 186-4 support. It does 
not.  Perhaps other people have written patches.  If you find them, ask them to 
share with us (

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CRL signature verification

[Salz, Rich via openssl-users]

➢   I was more talking about the parsing. Currently I have 40 LOC [1] to

Look at X509_get1_ocsp which is in crypto/x509v3/v3_utl.c  That’s in 1.0.2 and 
later

➢ > X509_CRL_verify.  And yes, looking through to find the serial# is what you 
have to do.

➢ That's 1.1-specific, correct?

Yes.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CRL signature verification

[Salz, Rich via openssl-users]

➢ I used libcrypto to parse out the OCSP URL from the certificate validate
it against a whitelist of valid OCSP URLs, send an OCSP request and
validate the response and its signature against a custom certificate
store, and then parse out the result.

Two points on that:
➢ - This seems like something that should be in libcrypto rather than in
my own code. Did I miss something obvious?

We generally don’t do any kind of network traffic (except SSL) and would rather 
leave that up to the application.  Especially because there are all sorts of 
other frameworks, blocking issues, DNS, etc., that make things a non-simple 
matter.

➢ - Currently I don't fall back to CRLs when the OCSP server is
unavailable. I would like to do so; however, I can't figure out how to
validate the signature on a CRL (which would be a pretty obvious
failure). Alternatively, is there an obvious alternative thing that I
should be doing, rather than manually parsing the CRL?
  
X509_CRL_verify.  And yes, looking through to find the serial# is what you have 
to do.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Issue with DTLS for UDP

[Salz, Rich via openssl-users]

Can you build with debugging enabled?  IT might make things easier.  But note 
that BIO_method_type is a trivial function,
return b->method->type;
which implies that a pointer got clobbered as being a likely cause.  Are you 
sure your code didn’t smash something?
#5  0x7fdf1a5c8a83 in FI_check_scrutation_list (AI_nb=1) at 
sip_trp_polling.c:875
I have no idea what this does, but I love the name “scrutation” :)
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compiling OpenSSL 1.0.2l static library with FIPS -2.0.16 on Windows

[Salz, Rich via openssl-users]

  *   FYI, I came up with following manual solution to correctly build 1.0.2l 
static library with FIPS - 2.0.16 on Windows, using Visual Studio 2015. This 
seems to work, and I no longer need to carry run time DLLs along with the 
application. I feel this should be an acceptable solution. Does anyone see any 
problems with editing the switch from /MD to /MT in the generated Makefiles?

If you edit the makefiles, then you are no longer officially FIPS validated.

See https://docs/fipsnotes.html

This may not be a problem for you, but you should know this info.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compatibility between different openssl versions

[Salz, Rich via openssl-users]

  *   Whether openssl 1.0.x and 1.1.x can interwork ?

Yup.  As long as they share a TLS version, no problem.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to get SNI info from s_client debug logs?

[Salz, Rich via openssl-users]

  *   1. Why does s_server need option "-servername"?

For debugging, so that you can test that clients are sending the right SNI 
extension and properly handling the TLS error when they don’t.



  *   2. It looks options -servername and -alpn cannot work together.

Yes, kind-of.  The s_client and s_server programs aren’t fully-featured 
production programs.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to get SNI info from s_client debug logs?

[Salz, Rich via openssl-users]

The “server name” is something that the client sends to the server.

This allows a single host to server multiple “virtual hosts”

From: John Jiang 
Reply-To: openssl-users 
Date: Sunday, November 26, 2017 at 9:59 PM
To: openssl-users 
Subject: [openssl-users] How to get SNI info from s_client debug logs?

Hi,
The following is my OpenSSL version info,
OpenSSL 1.1.0f  25 May 2017
I supposed the below command can give me some SNI info, but nothing was found.
openssl s_client -debug -tlsextdebug -msg -connect  -servername 
 < /dev/null | grep "server name"
But I found SNI extension with Wireshark while running the above command.

Is it possible get SNI info with s_client?
Thanks!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS certification for openssl

[Salz, Rich via openssl-users]

> That said, it wouldn't hurt for the OMC to post a message to the list stating 
> that business will continue as planned, since two very key figures have left 
> the project.

I have two reactions, just my personal view.  First, it’s premature to say 
anything, we’re still figuring things out. Second, what open source project can 
guarantee that things will continue as they were after people left?  Or the 
larger question, what guarantees can any project really make?

➢ Indeed, over the past few years I have seen an increasing tendency to hide 
monumental news in the blog, in press releases etc.

To pick a nit, it’s just the blog.  The press release was copied to the blog, 
and I don’t know of anything that would qualify as “etc” -- can you remind me?  
We started using the blog because we thought it would be a better way to get 
higher-quality information out, without being swallowed up by the volume of 
email messages.

➢  Anywhere but the well established and independently archived public mailing 
lists.

It’s not the same Internet that it used to be…  Lots of discussion happens on 
GitHub issues these days, which I’m not thrilled with either.  (Hey you kids, 
get off my lawn.)   It seems that posting a note to the lists would be useful 
whenever we post a blog entry?  

>One really has to wonder if this is still OpenSSL that the world has known 
> and loved for 20 years, or just some expensive imitation.

I am biased, but I believe the project is better, by almost any metric, then it 
used to be.  If you have specific suggestions for how you think it could be 
improved, it would be great to see them.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS certification for openssl

[Salz, Rich via openssl-users]

We are no longer doing additional platforms for the existing certifications.

We are working on a plan for future FIPS validation, based on the 1.1.x line.

From: Sandeep Umesh 
Reply-To: openssl-users 
Date: Wednesday, November 29, 2017 at 7:30 AM
To: openssl-users , "i...@openssl.org" 

Subject: [openssl-users] FIPS certification for openssl


Hello

As per this blog:
https://www.openssl.org/blog/blog/2017/10/27/steve-marquess/

Steve who is instrumental in handling FIPS certification for openssl object 
module is no more associated with OSF.
How can we proceed for future FIPS certification ? Is there any other contact 
person to perform FIPS certification for openssl object module ?
Thanks

Regards
Sandeep

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS certification for openssl

[Salz, Rich via openssl-users]

> My number one complaint is that it seems like the defaults are generally set 
> up to do the wrong things, and the application has to either explicitly set 
> "yes, you should be secure" options or do stuff on its own.  This seems to 
> have been getting better - gaining hostname validation, for instance - but 
> really a client should be able to say "give me a secure connection to 
> host:port" and have sensible and secure things happen with a single call.  
> Maybe two, one to create a handle and the other to actually set up the 
> connection (to allow for intervening calls that customize the connection).

I agree with you, but a problem is that “safe and secure” changes over time 
when new  crypto and other new features are added. And then users get upset 
when their connections no longer work.

I think the right approach is to be able to specify a policy, then at least you 
know what you’re signing up for. Right now it’s a collection of low-level 
things.  And the policy is “SECLEVEL” which ain’t great.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS certification for openssl

[Salz, Rich via openssl-users]

➢ It probably wouldn't hurt to post something to the lists when there's a blog 
post with news like this  - items that subscribers would likely feel is 
important. Blog posts like the recent "OpenSSL in China" series probably don't 
need to be mentioned on the lists. But it's subjective, and I wouldn't want to 
create more work for anyone.

It’s a lot easier than writing the blog posts (

We should have been doing this from the very beginning, oops.  We’ll try to do 
better.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

[Salz, Rich via openssl-users]

Okay, FF does ECDHE not DHE/EDH.  The whole industry does that, and most are 
using X25519 which was developed by Dan Bernstein.

The Guardian article you referenced didn’t even have the word curve in it.  My 
question – do you have a reference that shows Schneier says not to use elliptic 
curve – was not answered.

  *   The NSA actually provided the elliptic curves for NIST's standards.  And 
the Snowden docs now show that those curves are related.
No they do not show that the curves are related.  And BTW, NIST just put 25519 
and 448 into their recommended list.

  *   PS - does OpenSSL get funding from the DoD?
Not that we know of, not at the present time.  Various branches did help fund 
FIPS work in the past.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS 2.0 build_tests using cross for ppc64

[Salz, Rich via openssl-users]

  *   My target can’t support native build environment, so I must use cross.
  *   Is there any way to fix those errors?

If you make any changes to the FIPS build procedure, then the result is not 
FIPS validated.  I think the build procedure does not support cross-compiling 
very well, because it expects to execute the built programs on the building 
host – it needs some things to run “natively” to get the digest of the built 
library so it can be incorporated into its power-on checks.

So you’ll have to do your own validation, hire a lab, etc.  Or wait until the 
project releases a new module.  That *might* support cross-compiling better, or 
it might not.

Sorry we don’t have better news.


  *   This e-mail message is intended for the recipient only and contains 
information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received 
this
transmission in error, please inform us by e-mail, phone or fax, and then 
delete the original
and all copies thereof.

BTW, let your mgmt. know that this kind of disclaimer is obnoxious and 
impossible to enforce when posting to a public mailing list.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

[Salz, Rich via openssl-users]

  *   I find that Firefox refuses to do any ephemeral ciphers whatsoever.  What 
the heck?  Why am I surprised.  Somebody paid them.

I don’t know what server you are testing against, but FF does ECDHE all the 
time with no problems.



  *   If you follow Schnieder, elliptic curve is not an option.

That’s interesting, you have a reference for that?



  *   I know you guys are severely underfunded, but is there any chance that 
lattice encryption will be coming soon?  I've searched until my face turned 
blue.

We will most likely follow the IETF recommendation and see what the NIST 
post-quantum work comes up with.  That’s my personal opinion, not necessarily 
that of the whole time.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Multiple parallel connections in s_server?

[Salz, Rich via openssl-users]

The s_server program is not multi-threaded, it does one connection at a time.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Latest releases missing from website

[Salz, Rich via openssl-users]

➢ Hmmmits working for me. Perhaps an Akamai issue Rich Salz?

Don’t know, looked okay to me.  I re-flushed the cache

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Potential memory leak in RSA_private_decrypt

[Salz, Rich via openssl-users]

➢ 
http://openssl.6102.n7.nabble.com/Memory-issues-with-ssl-handshake-td20851.html#a20854.
 

➢ Don't understand why this issue is not encountered by other users and why 
it
has not been fixed for so many years.

The first part answer the second.  It is not encountered by others, so there 
might not be anything in OpenSSL to fix.  Can you use valgrind or something, to 
see where the memory is being leaked?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Help with making a SHA >1 certificate

[Salz, Rich via openssl-users]

➢ -days on req when generating a request does noting, and should perhaps
produce a warning, since this option is only meaningful when used with
the -x509 option to produce a self-signed cert instead of a request.

https://github.com/openssl/openssl/pull/4692


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Potential memory leak in RSA_private_decrypt

[Salz, Rich via openssl-users]

There is something strange with the RSA private key or it’s BN_CONT object.  
Are you sure that you are properly releasing all OpenSSL objecdts in your code? 
   

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS 186-4 RSA CAVS

[Salz, Rich via openssl-users]

➢ Please share if any patch available for CAVS algorithm test support
for RSA 186-4.

There is not.  Unless someone in the community has one they are willing to 
share.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Wanted details on ./config or Configure options

[Salz, Rich via openssl-users]

> remove unwanted engine files to go away from compilation. OpenSSL 1.01x

1.0.1 or 1.1.0 release?  I’m guessing 1.0.1, since many of those engines are 
removed from 1.1.0

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Troubleshooting SSL connections

[Salz, Rich via openssl-users]

Have you thought of putting a packet-capture on, say, the client side and then 
viewing it?
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Serial Number with OpenSSL

[Salz, Rich via openssl-users]

  *   When I see SSL certificates, their serial number is like this : 
0A:8D:9A:4Q:8X:1A:0B:88:18:1Z
Serial numbers are displayed as hex values, so my guess is you just typed that 
“as an example” since Q X Z aren’t valid hex characters.  Or perhaps it was an 
extension (like device serial) that isn’t the “real” serial number.

On master, you can specify a random serial number
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS certification for openssl

[Salz, Rich via openssl-users]

>My personal priority list for OpenSSL is bug fixes and code cleanup 
> (static and dynamic analysis of the 1.1.x codebase would be good, and one of 
> these days I'll get around to doing it myself),

We do run coverity weekly, and anyone can sign up to see the results BTW

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Salz, Rich via openssl-users]

README.ECC has never been part of 1.0.2 and is always part of the the 1.1.0 
tarballs; do you have evidence otherwise?

I don’t think the team is going to answer any questions beyond what is already 
in the distrubtuion and website except to say that the license is NOT limited 
to the FIPS releases.
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Salz, Rich via openssl-users]

➢ The OP claimed the file was only in the FIPS tarballs, and not in the
OpenSSL tarballs.  My questions were based on that.

So the OP is wrong. 

➢ Saying "in the distribution and website" is also quite vague and
thus another example of a non-answer.

No it’s not.  The OpenSSL distributions, starting with 1.1.0 have a README.ECC 
file that points to a license on the Website.  

We are an open source project, we do not provide legal advice.  This is 
consistent, we have never given patent advice, nor crypto import or export 
advice.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?

[Salz, Rich via openssl-users]

➢Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so 
if you have a TLSv1.3 connection, it will never renegotiate.

But it could ask for a certificate, which would trigger SSL_WANT_WRITE


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

[Salz, Rich via openssl-users]

You can re-use the keys, but then you get no forward secrecy, and sessions 
generated with one connection are vulnerable to another.

Why are you using DH?  Unless you have compelling reasons (interop with 
legacy), you really should use ECDHE.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generating CSR based on an x25519 public key

[Salz, Rich via openssl-users]

They are NOT using a 25519 certificate; it says “key exchange”

From: Codarren Velvindron 
Date: Saturday, October 21, 2017 at 9:38 AM
To: Rich Salz , openssl-users 
Subject: Re: [openssl-users] Generating CSR based on an x25519 public key

https://tls13.crypto.mozilla.org
 is using : The connection to this site is encrypted and authenticated using a 
strong protocol (TLS 1.3), a strong key exchange (X25519), and a strong cipher 
(AES_128_GCM).

Using openssl standard tools is it possible to generate a CSR through Ed25519 ?


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generating CSR based on an x25519 public key

[Salz, Rich via openssl-users]

  *   How would we be able to achieve this? I have read somewhere on a 2016 
mail in the archives that it is an "encrypt-only" algorithm  and that is not 
possible.

X25519 is a key-exchange-only algorithm.  Ed25519 is a signing algorithm.  
Unlike classic RSA, the signing and the key exchange are two different 
operations (well, technically RSA doesn’t have key exchange).  Both are defined 
by IETF RFC’s.  OpenSSL doesn’t fully support Ed25519.



  *   But I have found many sites on let's encrypt already using this.

Are you sure?  Please post a key.  Ed25519 is quite different from EdDSA or 
ECDSA or DSA, which typically use a P-256 curve.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] freeing of X509_CRL object

[Salz, Rich via openssl-users]

Something else is going wrong.  Is that the only valgrind error?   Are you sure 
you didn’t free the object in your code?

From: Raghavendra a <raghua...@gmail.com>
Date: Friday, May 11, 2018 at 6:22 AM
To: Rich Salz <rs...@akamai.com>, openssl-users <openssl-users@openssl.org>
Subject: Re: [openssl-users] freeing of X509_CRL object

Hi Rich,
Thanks for information.
Any idea, why is X509_CRL_free reporting below error with valgrind?

Valgrind output:
==31919== Invalid read of size 4
==31919==at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)
==31919==by 0xB355537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)


Regards,
Raghavendra


On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users 
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>> wrote:
The print routine does not free anything.

From: Raghavendra a <raghua...@gmail.com<mailto:raghua...@gmail.com>>
Reply-To: openssl-users 
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>>
Date: Friday, May 11, 2018 at 5:53 AM
To: openssl-users <openssl-users@openssl.org<mailto:openssl-users@openssl.org>>
Subject: [openssl-users] freeing of X509_CRL object

Hi All,
In my program,
converting X509_CRL object to string format using X509_CRL_print and 
BIO_get_mem_data.  after that if de-allocate  _x509crl  using X509_CRL_free.  
it is crashing with below reason.
Valgrind output:
==31919== Invalid read of size 4
==31919==at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)
==31919==by 0xB355537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)
not sure if X509_CRL_print de-allocates some part of _x509crl ,  external 
freeing of X509_CRL again leading to double free?
Please help on this issue.

Regards,
Raghavendra




--
openssl-users mailing list
To unsubscribe: 
https://mta.openssl.org/mailman/listinfo/openssl-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=4cUZMk1U7D4tMKrZ53Zr2Sdx_PYdB1UlZxh1L5dbRxU=JmKoop4-SO14yQPJtfttNOklBqfEKTCBlWU--64FlHg=>

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] freeing of X509_CRL object

[Salz, Rich via openssl-users]

The print routine does not free anything.

From: Raghavendra a 
Reply-To: openssl-users 
Date: Friday, May 11, 2018 at 5:53 AM
To: openssl-users 
Subject: [openssl-users] freeing of X509_CRL object

Hi All,
In my program,
converting X509_CRL object to string format using X509_CRL_print and 
BIO_get_mem_data.  after that if de-allocate  _x509crl  using X509_CRL_free.  
it is crashing with below reason.
Valgrind output:
==31919== Invalid read of size 4
==31919==at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)
==31919==by 0xB355537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)
not sure if X509_CRL_print de-allocates some part of _x509crl ,  external 
freeing of X509_CRL again leading to double free?
Please help on this issue.

Regards,
Raghavendra



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] freeing of X509_CRL object

[Salz, Rich via openssl-users]

Based on the information you provided, I don’t have any other advice.  The 
print routine does not free the CRL. You must be free’ing it twice.  Perhaps 
run under a debugger with a breakpoint

From: Raghavendra a <raghua...@gmail.com>
Date: Tuesday, May 15, 2018 at 2:58 AM
To: Rich Salz <rs...@akamai.com>
Cc: openssl-users <openssl-users@openssl.org>
Subject: Re: [openssl-users] freeing of X509_CRL object

Hi,
Yes, I am freeing _x509crl  using X509_CRL_free  after using in X509_CRL_print.
Above valgrind error is for free operation, is it wrong?
Regards,
Raghavendra

On Fri, May 11, 2018 at 5:21 PM, Salz, Rich 
<rs...@akamai.com<mailto:rs...@akamai.com>> wrote:
Something else is going wrong.  Is that the only valgrind error?   Are you sure 
you didn’t free the object in your code?

From: Raghavendra a <raghua...@gmail.com<mailto:raghua...@gmail.com>>
Date: Friday, May 11, 2018 at 6:22 AM
To: Rich Salz <rs...@akamai.com<mailto:rs...@akamai.com>>, openssl-users 
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>>
Subject: Re: [openssl-users] freeing of X509_CRL object

Hi Rich,
Thanks for information.
Any idea, why is X509_CRL_free reporting below error with valgrind?

Valgrind output:
==31919== Invalid read of size 4
==31919==at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)
==31919==by 0xB355537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)

Regards,
Raghavendra


On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users 
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>> wrote:
The print routine does not free anything.

From: Raghavendra a <raghua...@gmail.com<mailto:raghua...@gmail.com>>
Reply-To: openssl-users 
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>>
Date: Friday, May 11, 2018 at 5:53 AM
To: openssl-users <openssl-users@openssl.org<mailto:openssl-users@openssl.org>>
Subject: [openssl-users] freeing of X509_CRL object

Hi All,
In my program,
converting X509_CRL object to string format using X509_CRL_print and 
BIO_get_mem_data.  after that if de-allocate  _x509crl  using X509_CRL_free.  
it is crashing with below reason.
Valgrind output:
==31919== Invalid read of size 4
==31919==at 0xB475EF2: CRYPTO_atomic_add (threads_pthread.c:155)
==31919==by 0xB355537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)
not sure if X509_CRL_print de-allocates some part of _x509crl ,  external 
freeing of X509_CRL again leading to double free?
Please help on this issue.

Regards,
Raghavendra




--
openssl-users mailing list
To unsubscribe: 
https://mta.openssl.org/mailman/listinfo/openssl-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=4cUZMk1U7D4tMKrZ53Zr2Sdx_PYdB1UlZxh1L5dbRxU=JmKoop4-SO14yQPJtfttNOklBqfEKTCBlWU--64FlHg=>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Receive throttling on SSL sockets

[Salz, Rich via openssl-users]

There are TLS control messages which could flow in either direction, 
spontaneously.  Renegotiation (pre TLS 1.3), tickets (TLS 1.3), and so on.

I cannot comment on if your proposal would work or not, sorry.

From: Alex H 
Date: Saturday, May 19, 2018 at 5:03 AM
To: Rich Salz , openssl-users 
Subject: Re: [openssl-users] Receive throttling on SSL sockets

Okay that's a good theoretical answer but practically not very useful.

I know for instance Node.js to implement their Streams interface with both TCP 
and SSL sockets. They both have pause / resume functions for receive-throttling 
and I've tested it with SSL and it seems to work somehow.

One solution (I guess?) would be to stop polling for readable until SSL_write 
demands data then immediately stop polling for readable again once SSL_write is 
happy. In the case of getting unwanted data while throttling then SSL_peek can 
be used instead of SSL_read. That would not guarantee no buildup but would work 
for the most part, right?

Do you see any flaw with this? Could it still fail due to mass buildup when 
throttling for long?

Den lör 19 maj 2018 04:57Salz, Rich via openssl-users 
> skrev:
TLS is a bidirectional protocol.  You can’t throttle only one side.

From: Alex H >
Reply-To: openssl-users 
>
Date: Friday, May 18, 2018 at 7:21 PM
To: openssl-users >
Subject: [openssl-users] Receive throttling on SSL sockets

How do you properly implement receive throttling on SSL sockets without 
hindering writing?

As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply 
by stop polling for readable events on the underlying raw TCP socket. SSL_write 
still could require reading of data so simply stop polling for readable would 
potentially hinder writing of data which is not okay.

Is there any such receive-throttling functionality in the SSL protocol itself? 
I don't see how SSL_peek would solve the issue since I would still be buffering 
(potentially uncontrolled amount of) data in a BIO.

Even if I would _only_ enable readable polling when _absolutely needed_ as per 
SSL_write error, I still cannot guarantee not reading a chunk of data (which I 
would then need to buffer up in a BIO since the application is not expecting 
it).

How are we supposed to solve this issue without potentially building up 
backpressure?

Thanks
--
openssl-users mailing list
To unsubscribe: 
https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Proper syntax for -header host switch

[Salz, Rich via openssl-users]

>In 1.1.0 and later it is documented:
  
And in 1.0.2 it was documented in January, 2017.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Proper syntax for -header host switch

[Salz, Rich via openssl-users]

In 1.1.0 and later, the flag takes a single parameter in name=value.  Yes 
that’s strange, but it means that in the common case you don’t need to do any 
quoting:
-header Host=ocsp.example.com

In 1.0.2 it takes two parameters
-header Host ocsp.example.com

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK

[Salz, Rich via openssl-users]

What version of OpenSSL are you using?

Using the time to seed the RNG is horrible; DO NOT DO THAT.

Not trying to be insulting, but if you think time is a good source, then you 
really don't know what you're doing for RNG's.  Consider looking at the master 
branch, with its highly-improve seeding and RNG code.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK

[Salz, Rich via openssl-users]

>Well what I was alluding to is this the correct use of the RAND_add 
> function 
to seed the Key generation. Its a bit confusing certainly.

You are calling the API correctly.  That should have been clear from the 
manpage.

You still did not tell us what version of OpenSSL you are using.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Receive throttling on SSL sockets

[Salz, Rich via openssl-users]

TLS is a bidirectional protocol.  You can’t throttle only one side.

From: Alex H 
Reply-To: openssl-users 
Date: Friday, May 18, 2018 at 7:21 PM
To: openssl-users 
Subject: [openssl-users] Receive throttling on SSL sockets

How do you properly implement receive throttling on SSL sockets without 
hindering writing?

As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply 
by stop polling for readable events on the underlying raw TCP socket. SSL_write 
still could require reading of data so simply stop polling for readable would 
potentially hinder writing of data which is not okay.

Is there any such receive-throttling functionality in the SSL protocol itself? 
I don't see how SSL_peek would solve the issue since I would still be buffering 
(potentially uncontrolled amount of) data in a BIO.

Even if I would _only_ enable readable polling when _absolutely needed_ as per 
SSL_write error, I still cannot guarantee not reading a chunk of data (which I 
would then need to buffer up in a BIO since the application is not expecting 
it).

How are we supposed to solve this issue without potentially building up 
backpressure?

Thanks
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Error compiling openssh with openssl

[Salz, Rich via openssl-users]

  *   So is there is any other way we can still make it work without disabling 
FIPS mode ?

No.  The version of openssh you are using makes API calls that are not allowed 
in FIPS mode. I suspect later versions of OpenSSH also do this, and therefore 
“FIPS mode openssh” will require some coding work.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Error compiling openssh with openssl

[Salz, Rich via openssl-users]

>This is one of several reasons why FIPS 140-2 is a problem. Unfortunately 
> the FIPS 140-3 effort seems to be moribund, and I haven't heard anything 
> about "ISO FIPS" in some time.
 
If I understood what was said at the ICMC conference last month, the FIPS 140-3 
plan is to just point to the ISO FIPS-equivalent spec.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

[Salz, Rich via openssl-users]

It looks like in OpenSSL 1.1.0 I can no longer do that. There are only 
functions available that return various function pointers from a 
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there 
are no corresponding counterparts to set the function pointers.

This could be viewed as a bug; we had no idea people wanted to *set* various 
fields.  WE consider missing accessors/setters in opaque datatypes a bug.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

[Salz, Rich via openssl-users]

>Should I file an issue on GitHub about the missing setters?
  
That would be great, thanks.  Glad you got something to work.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL patch for CHACHA cipher support in OpenSSL 1.0.2

[Salz, Rich via openssl-users]

>Just curious, is there a possibility to patch CHACHA cipher specific 
> changes to OpenSSL 1.0.2 version still and get SSL handshake succeed?
  
It can be done; CloudFlare posted some patches at 
https://github.com/cloudflare/sslconfig/tree/master/patches but I think they 
used the pre-IETF version and so might need some tweaks.  The OpenSSL project 
won't do it (we don't add features to existing releases).

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Blog post on the new LTS release

[Salz, Rich via openssl-users]

>This didn't show up in my RSS client. Is the RSS feed not working, or is 
> it just my client?
  
It probably sat in draft form for too long, and went out with the old date.  
Oops.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[Salz, Rich via openssl-users]

>I know this is caused by a lack of available entropy in the system; but what 
>can I do to address this?  Is it just a matter of waiting until enough entropy 
>has been collected?  Is there any kind of workaround?

Assuming you don’t have another source of randomness that you can add in, then 
you should wait.  IF you don’t, you run the risk that your random numbers 
(session keys, RSA or other long-term keys, etc) could be guessed by an 
attacker.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Fwd: basic constraints check

[Salz, Rich via openssl-users]

  *   We generated intermediate02 such that it has "basicConstraints" extension 
and "keyUsage" missing. Now we used this intermediate 02 CA to sign server 
certificate.

If those extensions, which are *optional,* are not present, then there is no 
limit on how the keys may be used, or how long the cert chain may be.  OpenSSL 
is doing the right thing.

If you want to add them, and you cannot upgrade, then read about the openssl 
config file syntax.  Good luck.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Fwd: basic constraints check

[Salz, Rich via openssl-users]

I don’t recall the details of 1.0.2, sorry.  Maybe someone else on this list 
knows the best place to insert your checks.

From: Sandeep Deshpande 
Date: Thursday, May 31, 2018 at 6:08 PM
To: Rich Salz , openssl-users 
Subject: Re: [openssl-users] Fwd: basic constraints check

Hi Rich.. Thanks..
We want to add a check in our openssl library on client side to reject such 
server certificate which are generated by the intermediate CA with missing 
extensions like basic constraints..
How do we go about it?

I looked at the code. In crypto/x509v3/v3_purp.c I see that check_ca is there. 
But it is getting called only for server certificate.


Thanks
Sandeep

On Thu, May 31, 2018, 11:39 PM Salz, Rich via openssl-users 
mailto:openssl-users@openssl.org>> wrote:

  *   We generated intermediate02 such that it has "basicConstraints" extension 
and "keyUsage" missing. Now we used this intermediate 02 CA to sign server 
certificate.

If those extensions, which are *optional,* are not present, then there is no 
limit on how the keys may be used, or how long the cert chain may be.  OpenSSL 
is doing the right thing.

If you want to add them, and you cannot upgrade, then read about the openssl 
config file syntax.  Good luck.
--
openssl-users mailing list
To unsubscribe: 
https://mta.openssl.org/mailman/listinfo/openssl-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers=DwMFaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=DKOBwoCo7ectmyCA7_m3cOyRKCM9lxSO6nxCei8nOK4=RwnA-oRy8UC_wVuu40XbIthr0H-ML6HQhIGGl1uc3d4=>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Selection of DHE ciphers based on modulus size of DH

[Salz, Rich via openssl-users]

Without commenting on whether or not your understanding is correct (the client 
gets the params and can see how big the key is, no?), I will point out that the 
way DHE works is defined by the IETF RFC’s, and they have not changed.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Blog post on the new LTS release

[Salz, Rich via openssl-users]

We just posted a new blog entry on long-term support, the different phases, and 
so on.  It’s here:
https://www.openssl.org/blog/blog/2018/05/18/new-lts/

TL;DR is that the upcoming 1.1.1 will be our next LTS release.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Polling fd before SSL_read() and renegotiations

[Salz, Rich via openssl-users]

>The code above does what I want - except for renegotiations! 
  
Do you absolutely, positively, HAVE TO support renegotiation?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to send alert in handshake?

[Salz, Rich via openssl-users]

As in sending a non-fatal alert?  There's no API to do that.  And it probably 
wouldn't work anyway, as most runtimes treat any alert as fatal.

Your best bet is to implement the right callback (depends on which version of 
openssl you are using) and return an error if the SNI isn't one of your allowed 
values.

On 6/27/18, 8:45 AM, "Felipe Gasper"  wrote:

RFC 3546, in describing the SNI extension, recommends that servers send a 
warning to clients that request an unknown server name. (Page 9)

I’d like to implement that warning .. could someone please point me to 
which API functions expose this ability?

Thank you!

-Felipe Gasper
Mississauga, ON
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] License change still scheduled for 1.1.1 ?

[Salz, Rich via openssl-users]

  *   Do you still plan to switch to Apache license for the final 1.1.1 release?

That is still our goal, as stated.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Double TLS 1.3 session ticket?

[Salz, Rich via openssl-users]

>connecting s_client to s_server with TLS 1.3 seems to cause two
successive session tickets to be sent by the server (see below).

>Is this expected?
  
Yes.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Double TLS 1.3 session ticket?

[Salz, Rich via openssl-users]

>Thanks, it does not happen with mozzilla implementation
(tls13.crypto.mozilla.org), is this openssl specific or part of the
specification?
  
The specification allows a server to send one or more tickets, at its 
discretion.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Call for testing TLS 1.3

[Salz, Rich via openssl-users]

>Interoperability issues with middle-boxes or existing software written for 
> TLS 1.2.
 
Facebook, Google, and Mozilla did lots of testing with TLS 1.3 and middleboxes. 
 If something was missed, the whole Internet will have problems.  Existing 
software is the question we are trying to answer.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Posting a question

[Salz, Rich via openssl-users]

  *   I have posted my question into the forum. Please kindly approve it as 
soon as possible.

Which forum?

The fact that you were able to post to the openssl-users mailing list means you 
should just post your question, well, to the openssl-users mailing list. ☺
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Call for testing TLS 1.3

[Salz, Rich via openssl-users]

Akamai has had millions of connections with megabytes of data exchanged. This 
is with partial deployment on our network, and requiring customers to opt in to 
enable beta-testing.  We have found no issues.  We don't do 0RTT. We are using 
our own server.

I was surprised by how many connections and how much data we are already 
seeing.  I think that makes a very strong argument that TLS 1.3 should be 
enabled by default if it all possible.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Call for testing TLS 1.3

[Salz, Rich via openssl-users]

Sorry, typo.  We've had hundreds of millions of connections, with megabytes of 
data exchanged."

On 4/30/18, 11:52 AM, "Salz, Rich"  wrote:

Akamai has had millions of connections with megabytes of data exchanged. 
This is with partial deployment on our network, and requiring customers to opt 
in to enable beta-testing.  We have found no issues.  We don't do 0RTT. We are 
using our own server.

I was surprised by how many connections and how much data we are already 
seeing.  I think that makes a very strong argument that TLS 1.3 should be 
enabled by default if it all possible.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Call for testing TLS 1.3

[Salz, Rich via openssl-users]

>The issue is most likely that no one "in the wild" has done any testing 
of significance.

I thought the Akamai numbers were significant.

I can certainly see tls1.2 exchange but there is nothing for tls1.3 and
so I am working on getting a site up pronto ( in the wild ) to test.

I am sorry if it wasn't clear, but I was referring to *Akamai* not *OpenSSL.*  
Let me repost the whole message edited a bit.

AKAMAI has partially deployed TLS 1.3 on one of its networks using its own 
server. Customer can opt-in to beta-test.  AKAMAI has already seen hundreds of 
millions of connections, with [xxx, elided] megabytes of data exchanged.   
AKAMAI has found no issues.  AKAMAI does not do 0RTT. This is production 
traffic, not staging or test. AKAMAI has received no customer complaints.

I was surprised by how many connections and how much data AKAMAI is already 
seeing.  I think that makes a very strong argument that TLS 1.3 should be 
enabled by default if it all possible.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to prove a Certificate is Signed or not

[Salz, Rich via openssl-users]

On 5/3/18, 4:24 AM, "morthalan"  wrote:

No, technically not. I am just searching for a simple method just to check a
certificate is signed by CA or not. 
Because. Something like signing check, I am not quite sure, I do not have
proper knowledge on Openssl.


If you have a cert, and a list of CA's that you trust, look at the verify 
command.
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to prove a Certificate is Signed or not

[Salz, Rich via openssl-users]

>After the generation of SignedCertificate.pem. I would like to write
function to verify the SignedCertificate.pem, whether it is signed or not.
  
That is still not an accurate description.  By definition, a certificate is 
*signed data.*  It appears as a bitstring in the X509 data structure.

Is this want you want to do?  You have a certificate, and a CA key or 
certificate.  You want to know if the CA's public key generated the signature 
that is in the certificate that you have.  Look at the X509_verify function.  
You will need to take your CA cert (or key) and make a key object, but start 
with that first manpage and follow the references.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL Cert serial number non-uniqueness impact

[Salz, Rich via openssl-users]

The combination of (issuer,serial#) is the only way to get a unique identifier 
for a certificate.  Lots of software depends on certs being uniquely 
identifiable.  What happens if that assertion is not true?  Some things will 
break.  What?  Well, it depends on the software, and which certs are 
“duplicates” and so on.  There’s no way to know, really.  Just don’t do it.

For example, if cert-A has a keypair and cert-B has a keypair, then site-B 
could send a TLS chain with cert-A and while it would look correct, the 
connection would fail.  This is silly if B is doing it, but it is a DoS attack 
if a man in the middle does it.
 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key

[Salz, Rich via openssl-users]

For CBC the encrypted text will be a multiple of the cipher size.  So your use 
of CBC is wrong.  The quoted post uses aes256; you were using aes-cbc

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users