Re: [openssl-users] openSSL and SLOTH attack

What is the problem with truncated 96-bit HMAC value? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Jakob Bohm Sent: Thursday, January 7, 2016 19:25 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Subject: Re: [openssl-users] openSSL and

Re: [openssl-users] Fwd: issue with dtls failure during openssl upgrade from 1.0.1m to q

I'm also speaking out of turn, but having both ends trying to be both server and client *on the same connection* just does not make sense, TLS or DTLS. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Jeffrey Walton Sent: Sunday, June 19,

Re: [openssl-users] openssl shared libs

Look at Intel SGX, available since Skylake CPU. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Salz, Rich Sent: Thursday, June 23, 2016 08:17 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Cc: Dominik Straßer Subject:

[openssl-users] pkeyutl does not invoke hash?

I’m not sure whether this is a bug (as I suspect – hence sending to openssl-dev), or a poorly-documented “feature” (so copying to openssl-users). I am trying to use “openssl pkeyutl” to digitally sign (and verify) a file. When the file size matches the size of the specified digest (32 bytes for

Re: [openssl-users] [openssl-dev] pkeyutl does not invoke hash?

.   Original Message   From: Hubert Kario Sent: Friday, January 15, 2016 07:00 To: Blumenthal, Uri - 0553 - MITLL Cc: openssl-...@openssl.org; openssl-users@openssl.org Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash? On Thursday 14 January 2016 19:11:54 Blumenthal, Uri - 0553

Re: [openssl-users] [openssl-dev] pkeyutl does not invoke hash?

On 1/13/16, 16:19 , "openssl-dev on behalf of Dr. Stephen Henson" <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: >On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote: >> >> >> If the input to "pkeyutl -sign" is suppo

Re: [openssl-users] [openssl-dev] pkeyutl does not invoke hash?

On 1/14/16, 14:54 , "openssl-users on behalf of Viktor Dukhovni" wrote: >>On Jan 14, 2016, at 2:52 PM, Salz, Rich wrote: >> >> Okay, how about this. First, remove the NOTES subhead. Add this to >>the

Re: [openssl-users] [openssl-dev] pkeyutl does not invoke hash?

On 1/14/16, 13:56 , "Hubert Kario" <hka...@redhat.com> wrote: >On Thursday 14 January 2016 14:41:20 Blumenthal, Uri - 0553 - MITLL wrote: >> If you already know what Dr. Henson explained in the quoted emails - >> then the man page is crystal clear. However, if you

Re: [openssl-users] [openssl-dev] pkeyutl does not invoke hash?

2016 21:32:47 Blumenthal, Uri - 0553 - MITLL wrote: > On 1/13/16, 16:19 , "openssl-dev on behalf of Dr. Stephen Henson" > > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > >The reason you can specify which hash the digest is for is that

[openssl-users] Simple sample of using engine?

I’m struggling with the following task. I’m writing a software application linked with OpenSSL-1.0.2. It receives an encrypted symmetric key (say, with identifying parameters) that needs to be decrypted using hardware token, accessible via PKCS#11. I know that engine_pkcs11 (or rather it’s current

[openssl-users] How to properly use ui_method in ENGINE_load_private_key()?

I am writing an app that needs to use RSA keys on a PKCS11-accessible token to encrypt and decrypt symmetric keys. For the context (no pun intended :) think of creating or mounting an existing encrypted file system. To begin with, and to grasp the finer details of the programmatic interface of

Re: [openssl-users] [openssl-dev] Question: Make X509_V_FLAG_TRUSTED_FIRST default in 1.0.2?

I may later regret saying this, but I think back-porting that change from 1.1.0 to 1.0.2 would be the right thing to do. Maybe after back-porting we could ‎give a "waiting period" to let users collect experience with it, and either leave it in, or if the complaints are too multiple and too

[openssl-users] How to properly use ui_method in ENGINE_load_private_key()?

I am writing an app that needs to use RSA keys on a PKCS11-accessible token to encrypt and decrypt symmetric keys. For the context (no pun intended :) think of creating or mounting an existing encrypted file system. To begin with, and to grasp the finer details of the programmatic interface of

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

 network.   Original Message   From: Viktor Dukhovni Sent: Thursday, March 17, 2016 17:57 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Subject: Re: [openssl-users] Naive: how to generate EC public key from EC private key? > On Mar 17, 2016, at 5:17 PM, Blumenthal,

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO primitives for this task. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Blumenthal, Uri - 0553 - MITLL Sent: Thursday, March 17, 2016 18:09 To: Viktor Dukhovni

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

First, Stephen and Viktor - thank you! On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson" wrote: >On Thu, Mar 17, 2016, Viktor Dukhovni wrote: >> >>Well you can work with

Re: [openssl-users] OpenSSL RSA engine - RSA verify failure

Not sure I understand what you’re doing. But compiling/building eng_rsax.c (provided by Intel) with the only mod being addition of dynamic bind, produces the following result: $ openssl engine rsax -t (rsax) RSAX engine support [ available ] $ sync $ openssl speed rsa512 -engine rsax engine

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Answered my own question: should use EVP_PKEY_bits(pkey) instead. -- Regards, Uri Blumenthal On 3/18/16, 14:57 , "openssl-users on behalf of Blumenthal, Uri - 0553 - MITLL" <openssl-users-boun...@openssl.org on behalf of u...@ll.mit.edu> wrote: >First, Stephen and

[openssl-users] Naive: how to generate EC public key from EC private key?

I’ve an extremely naïve question. I am generating ephemeral EC keys for ECDH, following the example in https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation But it looks like the example ends on generation of the private key: /* Generate the key */ if (!EVP_PKEY_keygen(kctx, )) goto

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

> >> On Fri, Mar 18, 2016 at 06:59:36PM +, Blumenthal, Uri - 0553 - >>MITLL wrote: >> >> > Answered my own question: should use EVP_PKEY_bits(pkey) instead. >> >> That's not the right way to determine the curve id. >> >> > >Ho

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Viktor and Jeffrey, Thank you! Now I understand. And it works. ;) -- Regards, Uri Blumenthal On 3/20/16, 22:38, "openssl-users on behalf of Viktor Dukhovni" <openssl-users-boun...@openssl.org on behalf of openssl-us...@dukhovni.org> wrote: > >> On Mar 20, 2016, at

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

? > On Mar 20, 2016, at 10:32 PM, Blumenthal, Uri - 0553 - MITLL > <u...@ll.mit.edu> wrote: > > dup_ekey = EVP_PKEY_get1_EC_KEY(pubkey); > group = (EC_GROUP*) EC_KEY_get0_group(dup_ekey); Declare the group as: const EC_GROUP *group; Then: group = EC_KEY_get0_group(); > nid =

Re: [openssl-users] RDRAND and engine (was: how to generate EC public key from EC private key)

Thank you - employing the pointers (no pun intended :) that you gave, the code now is doing exactly what’s needed, and utilizes RDRAND (as required by the specs I have, and my personal preferences as well). > set the default RAND_method to the engine This is what I did not do originally -

Re: [openssl-users] X509_verify_cert cannot be called twice

On 3/25/16, 16:10 , "openssl-users on behalf of Michael Wojcik" wrote: >>I'm sure I'm missing something obvious, but why isn't the operation >> XXX_verify_xxx() idempotent? It seems very weird that two subsequent >>

Re: [openssl-users] X509_verify_cert cannot be called twice

I'm sure I'm missing something obvious, but why isn't the operation XXX_verify_xxx() idempotent? It seems very weird that two subsequent calls to verify() wouldn't return exactly the same thing. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message  

Re: [openssl-users] X509_verify_cert cannot be called twice

On 3/25/16, 17:17 , "openssl-users on behalf of Viktor Dukhovni" wrote: >>If I ask “is your passport valid”, I expect to be able to repeat this >> question and (as long as this all is within a reasonably short time) get

Re: [openssl-users] More secure use of DSA?

On 9/2/16, 12:09 , "openssl-users on behalf of Salz, Rich" wrote: I thought DSA was more secure than RSA? Granted, "I thought" is a newbie understanding. This is completely wrong. If you have a consistently good

Re: [openssl-users] More secure use of DSA?

>> There is a need to combine algorithms of different kind. Since the security >> of >> the chain is that of its weakest links - it necessitates comparison between >> those different algorithms. > > Only if you think everything has to be equally protected.   Usually it is not “equally” but “at

Re: [openssl-users] RSA sign using SHA256 with mgf1 padding

And if you want to run it on OpenSSL-1.1, see the attached. ☺ --  Regards, Uri Blumenthal On 9/1/16, 6:18 , "openssl-users on behalf of mowiener" wrote: Many thanks Mounir, this is what I was looking for. \

Re: [openssl-users] More secure use of DSA?

Disagree? Then propose a better way to combine algorithms. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Salz, Rich Sent: Sunday, September 4, 2016 08:44 To: noloa...@gmail.com; openssl-users@openssl.org Reply To:

Re: [openssl-users] More secure use of DSA?

It is *not* keyspace. It is algorithm *strength* (complexity/best known effort required to break it) expressed through key length. Again, propose better ways if you can. So what's your proposed method of combining algorithms?‎ You reject the commonly accepted approach, but when asked to offer

Re: [openssl-users] More secure use of DSA?

There is a need to combine algorithms of different kind. Since the security of the chain is that of its weakest links - it necessitates comparison between those different algorithms. Thus the assertion that the algorithms combined together should match each other in strength, to avoid both

Re: [openssl-users] X25519 not listed in ecparam -list_curves

As "-list-curves" is not supposed to work here, what would be a good way to tell if a given installation supports X25519? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Dr. Stephen Henson Sent: Monday, November 14, 2016 15:02 To:

[openssl-users] How to "unwrap" S/MIME messages using openssl?

I’m trying to debug the case of a (bad) email client sending encrypted S/MIME email that the recipient cannot decrypt (we suspect the problem is that the sender chooses a wrong public key/certificate to encrypt to). Unfortunately, recipient email clients do not help figuring this out. All

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

For S/MIME input: $ openssl cms -in cms.eml -cmsout -print For DER input: $ openssl cms -inform DER -in cms.der -cmsout -print Thank you!!! The above gave me: CMS_ContentInfo: contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3) . . . . .

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

I have no experience with engines and little interest at present in going there. ( For CMS decryption without engines: $ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml Thank you!! Decryption succeeded (using the signing key – which the sender

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

If the message is signed and then encrypted, you can then check the signature on the decrypted output. This is what the decrypted message looks like (it’s first few lines): $ head ~/Documents/test-smime-decr.txt Content-Type: multipart/signed;

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

You really should peruse the cms(1) manpage, daunting as that might be. :-) Alas, it is! ;-) > And if I (failing to validate the certificate chain) want to just check > whether the decrypted message was tampered with – is there a way to do > that (without validating the

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> > wrote: Two problems here, the "Verification successful" message is just a diagnostic message to "stderr" and should not be considered a reliable indication of signat

Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?

The "numeric code" is the *exit* status of the program. You can find it in "$?" directly after the execution of the command (in any POSIX shell). Got it, thanks! Luckily for me, it’s zero. ;-) > Is there an equivalent, either in openssl tool itself, or in the email > clients

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> Handshake failed > > The SSL handshake could not be performed. > > Host: Reason: error:14094416:SSL > routines:ssl3_read_bytes:sslv3 alert certificate unknown:state > 23:Application response 500 handshakefailed > > > generated 2017-04-24 15:28:13 by

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> I use a 3rd-party application that is trying to update itself (so it’s trying to “call home”). > Naturally, I’m behind a corporate firewall and Web proxy. The app has been configured to use > that proxy. It fails to connect. Packet capture reveals the following: You're

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> I went through the capture between the app (local end) and the proxy. It appears that the sequence is: > > ClientHello -> (from app to proxy, with a ton of cipher suites, including 0xc02f) > <- ServerHello (with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 – present in

Re: [openssl-users] OpenSSL Engine for TPM

And in most cases (except those involving TPM-based platform attestation, which I don’t think has anything to do with OpenSSL use cases), a separate hardware token (like a smartcard, or an HSM) would IMHO be a much better and more usable choice. PKCS#11 engine (libp11) to access those is quite

[openssl-users] How many SAN entries...?

A naïve question. A certificate that contains SAN attribute(s) – is there a limit on how many, say, RFC822 SAN attributes can a valid certificate have? It’s been my understanding that a cert can contain as many SAN attributes as needed, but it appears that Apple believes it has to be only

Re: [openssl-users] How many SAN entries...?

> It’s been my understanding that a cert can contain as many SAN attributes as needed, > but it appears that Apple believes it has to be only one (because certificates with > more than one are not processed properly). Perhaps CAs have rarely issued email certificates with

Re: [openssl-users] How many SAN entries...?

y be owned/controlled by different organizations. Regards, Uri Sent from my iPhone > On Apr 27, 2017, at 09:41, Jochen Bern <jochen.b...@binect.de> wrote: > > On 04/26/2017 07:13 PM, Viktor Dukhovni was digested as writing: >> On Apr 26, 2017, at 1:03 PM, Blumen

Re: [openssl-users] How many SAN entries...?

04/27/2017 04:09 PM, openssl-users-requ...@openssl.org digested: >> From: "Blumenthal, Uri - 0553 - MITLL" <u...@ll.mit.edu> >> >> You do not "revoke" a subset of attributes aka SAN emails. When any of >> the certified attributes changes (i.e., is c

Re: [openssl-users] AES-256 Do I need random IV?

Classic requirement is that IV is unique per key. As theoretical crypto evolved, and attacks like Chosen Ciphertext Attack (you can make the victim to encrypt any plaintext of your choice (aka CPA), *and* *decrypt* any ciphertext of your choice) were developed, CBC could not hold against such

[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

I use a 3rd-party application that is trying to update itself (so it’s trying to “call home”). Naturally, I’m behind a corporate firewall and Web proxy. The app has been configured to use that proxy. It fails to connect. Packet capture reveals the following: Handshake failed The SSL handshake

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> extensions: 4 items > Extension (ns_cert_exts.comment) > Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment) > BER Error: String with tag=22 expected but

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> Thank you! So it is the *client* that breaks the connection, > and it is unhappy either about MiTM, or the encoding. I will > check for both (though not much I can do about either). Presumably you've added that cert to some trust store on the system in question.

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: I get slightly annoyed when I take the time to help, but my response is skimmed over and not read carefully. Upthread I said:

[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I tried the OpenSSL manual pages, but still coming short of complete understanding. :-) This is how I initialize the contexts (error handlers removed for brevity):   ctx = EVP_PKEY_CTX_new(privkey, NULL);  

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?

> connection and then pass the detail of the application > from the user to the remote machine.. You do this to many > > Sent from Mail for Windows 10 > > From: Blumenthal, Uri - 0553 - MITLL > Sent: Friday, April 28, 2017 4:33 PM > To: openssl-users@openssl.org > Subj

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init properly? How to free correctly?

gical warfare, sending us depressing messages to break our spirit. > Fortunately, as TLS users, we have built up a tremendous tolerance for > depressing messages.) > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > From: openssl-users [mailto:openssl-u

Re: [openssl-users] Is RDRAND the default engine in OpenSSL 1.1.0?

I sincerely hope it is not so. -- Regards, Uri Blumenthal On 7/28/17, 15:47, "openssl-users on behalf of Jeffrey Walton" wrote: I thought RDRAND was disabled as the default random engine since 1.0.1f. Has that changed

Re: [openssl-users] keyusage digitalSignature in CA certs

AFAIK it must. Regards, Uri Sent from my iPhone > On Aug 17, 2017, at 09:21, Robert Moskowitz wrote: > > Should digitalSignature be included in keyusage in CA certs? > > > https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html > > Includes

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

I concur with Rich. CentOS is known for having outdated packages. Regards, Uri Sent from my iPhone On May 28, 2017, at 16:43, Salz, Rich via openssl-users wrote: >> I am trying to compile / install a utility from Source on CentOS that >> utilizes OpenSSL 1.1.0

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

, 2017, Blumenthal, Uri - 0553 - MITLL wrote: >> >> >> Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I >> tried that (without using DigestSign of course), signing succeeded but >> verification always failed. Was that expected? Are th

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

just setting the padding type? Thanks! Regards, Uri Sent from my iPhone > On Apr 29, 2017, at 19:34, Matt Caswell <m...@openssl.org> wrote: > > > >> On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote: >> I’m playing with RSA-PSS signatures, and stumbled u

[openssl-users] -pkeyopt parameters?

I seem unable to figure how to configure RSA-OAEP parameters (hash and MGF functions) for “opensl pkeyutl” command. The man page seems to say that only thing I can do is tell openssl CLI that I want OAEP padding, and nothing more. File “apps/pkeyutl.c” was of no help. Where can I find

Re: [openssl-users] [ANN] M2Crypto 0.27.0

I have to report that this M2Crypto release is broken, as it cannot find OpenSSL installed in /opt/local (apologies for spamming multiple lists and people): /usr/bin/clang -fno-strict-aliasing -fno-common -dynamic -pipe -Os -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes

Re: [openssl-users] OpenSSL on side

7-10-11, 11:35 GMT, Blumenthal, Uri - 0553 - MITLL wrote: >> And it is not installable via PIP, though to me being placed >> on pypi site suggested that it should be (that's how I tried >> to install it). > > What’s needed for package to be pip installable? I would think >

Re: [openssl-users] OpenSSL on side

t; said: > > mcepl> On 2017-10-10, 21:17 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > mcepl> > I have to report that this M2Crypto release is broken, as it > mcepl> > cannot find OpenSSL installed in /opt/local (apologies for > mcepl> > spamming multiple li

[openssl-users] How to load the right engine?

I’m debugging programmatic access to a (modified) pkcs11 engine. My system has several OpenSSL installations: Apple-provided OpenSSL-0.9.8 (kept as that came with the OS :), Macports-installed OpenSSL-1.0.2l (the main one installed to /opt/local, used by everything Macports builds, and what I

[openssl-users] How to emulate EVP_PKEY_meth_get_sign() on OpenSSL-1.0.2?

An engine works with OpenSSL-1.1.0+. It needs to hook some methods, and it accesses them via EVP_PKEY_meth_get_sign(), EVP_PKEY_meth_get_decrypt(), and EVP_PKEY_meth_get_encrypt(). And the corresponding set() calls. I’d like to backport this engine to OpenSSL-1.0.2. But 1.0.2 does not

Re: [openssl-users] Missing EVP_PKEY method to set engine?

18:54, Dr. Stephen Henson <st...@openssl.org> wrote: > >> On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote: >> >> Apologies in advance for cross-posting ??? but I???m not sure which of the >> two mailing lists this belongs to. >> >> A key (sa

[openssl-users] Missing EVP_PKEY method to set engine?

Apologies in advance for cross-posting – but I’m not sure which of the two mailing lists this belongs to. A key (say, private key) is loaded from the pkcs11 engine via privkey = ENGINE_load_private_key(engine, ); and this operation succeeds. However the resulting key handle has its

[openssl-users] Dgst sigopt parameters

OpenSSL dgst manual page only days that sigopt value are algorithm-specific. Where are they described for ECDSA and RSA PSS? Thanks! Regards, Uri Sent from my iPhone smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Internet Draft Guide to creating an EDSA PKI

On 9/1/17, 16:26, "openssl-users on behalf of Michael Wojcik" wrote: >Bob, I just want to say thanks for producing this. Even if it never makes > it out of I-D stage, there's a lot of useful information here. >

Re: [openssl-users] OpenSSL on side

7-10-11, 12:11 GMT, Blumenthal, Uri - 0553 - MITLL wrote: >> Unfortunately, not quite. Being pip-installable means to the >> majority of users that the package in question can be >> installed via, e.g., >> >> pip install M2Crypto > > I understand that, m

Re: [openssl-users] Storing private key on tokens

AFAIK, at this point pkcs11 engine doesn't support key generation. The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific applications like yubico-piv-tool. Regards, Uri Sent from my iPhone > On Sep 27, 2017, at 08:23, Dmitry Belyavsky wrote: > >

Re: [openssl-users] stunnel 5.46 released

FWIW, I'm with Viktor in this argument. From cryptography point of view he's right. I suspect he's right from the practical point of view as well. P.S. Those concerned that a nation-state would attack them, are advised to change the default config anyway. -- Regards, Uri Blumenthal On

Re: [openssl-users] error (openssl-1.1.0g)

Funny. I have the same problem with the current master on one of my two MacOS High Sierra machines. Surprisingly, the other machine builds and runs the current master just fine. Configuration and build scripts are automated and exactly the same between the two. The “bad” machine runs a

Re: [openssl-users] error (openssl-1.1.0g)

so waiting for the answers right? Yes I certainly am. 2018-02-15 6:57 GMT+09:00 Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>: Funny. I have the same problem with the current master on one of my two MacOS High Sierra machines. Surprisingly, the other machine builds and runs the

Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?

Actually, it all works just fine. Viktor's point about adding terminating "\n" to the input text helped. -BEGIN PRIVATE KEY- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK

Re: [openssl-users] openssl-1.1.0-stable-SNAP-20180802 issue

Same problem on Linux. Regards, Uri Sent from my iPhone > On Aug 2, 2018, at 07:47, The Doctor wrote: > > While compiling today's openssl 1.1.0 snap on FreeBSD 11.2 > > I got > > /usr/bin/cc -I. -Icrypto/include -Iinclude -DZLIB -DZLIB_SHARED -DDSO_DLFCN > -DHAVE_DLFCN_H -DNDEBUG

Re: [openssl-users] OpenSSL version 1.1.1 pre release 9 published

Since this example would show how to generate certificates that people may not have a lot of experience dealing with - I think it would make a lot of sense to document as much as possible. In short: yes please do include the examples of both what the certs should look like, and how to generate

Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

> Here's the standards OpenSSL claims to implement: > https://www.openssl.org/docs/standards.html. So do many others, and yet when the RFC is impractical, a more practical alternative is implemented. I did not see RFC 5280 in the list of the implemented/supported standards.

Re: [openssl-users] What to do with deprecation errors

ssl-1.1/lib -lcrypto $ ./ttt OPENSSL_VERSION_NUMBER 10101010 $ gcc -o ttt ttt.c -lcrypto $ ./ttt OPENSSL_VERSION_NUMBER 1000210f $ On Sun, 2018-10-21 at 00:36 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > I'm not sure I understand what you're doing, but: > &g

Re: [openssl-users] What to do with deprecation errors

I'm not sure I understand what you're doing, but: $ cat ttt.c #include #include int main(void) { printf("OPENSSL_VERSION_NUMBER %lx\n",OPENSSL_VERSION_NUMBER); return 0; } $ gcc -o ttt ttt.c -lcrypto $ ./ttt OPENSSL_VERSION_NUMBER 1000210f $ gcc -o ttt -I$HOME/openssl-1.1/include ttt.c

Re: [openssl-users] Engines on Mac OS X

If it builds a dummy engine - then shouldn't a dummy engine respond gracefully to requests with something like "sorry I can't do anything useful", instead of spitting outa puke of error messages in response to "openssl engine -t capi"? Regards, Uri Sent from my iPhone > On Sep 3, 2018, at

Re: [openssl-users] Engines on Mac OS X

my iPhone > On Sep 3, 2018, at 14:31, Blumenthal, Uri - 0553 - MITLL > wrote: > > If it builds a dummy engine - then shouldn't a dummy engine respond > gracefully to requests with something like "sorry I can't do anything > useful", instead of spitting outa puke of err

Re: [openssl-users] updating openssl on MacOS

On 9/20/18, 4:39 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: Despite (IMHO) its increasing obsolescence and irrelevance, the LibreSSL fork of OpenSSL 1.0.2 also supports ECDSA. Yep. > so openssl 1.1.0 or newer, and his Mac is infested with > 0.98letter.

Re: [openssl-users] updating openssl on MacOS

Macports team is working on upgrading OpenSSL to 1.1.1. It takes time because they plan to move all the ports that depend on OpenSSL to that level. I assume that once that is done, 1.0.2 won't be supported/available on Macports anymore. Installation - as Dominyk said: "sudo port install

Re: [openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys fail.

Note that the key to reproducing this issue is compiling SoftHSMv2 with 1.1.1. When compiled with 1.0.2p, everything else can be compiled against 1.1.1 and it works ok. Regards, Uri Sent from my iPhone > On Sep 21, 2018, at 02:09, Paras Shah (parashah) via openssl-users > wrote: > > I

Re: [openssl-users] openssl 1.1.1 manuals

The docs site is screwed up. CMS_sign is indeed documented for 1.1.1 - but you have to go there via https://www.openssl.org/docs/man1.1.1 -> Libraries -> CMS_sign.html, which would bring you to https://www.openssl.org/docs/man1.1.1/man3/CMS_sign.html On 12/27/18, 14:00, "openssl-users on

[openssl-users] FW: Dgst sigopt parameters?

I still would like to know where all the acceptable "dgst -sigopt" parameters are described for RSA and ECDSA. Google search and scouring openssl.org manual pages did not bring me anything. On 8/24/17, 5:42 PM, "Blumenthal, Uri - 0553 - MITLL" wrote: OpenSSL dgst m

Re: [openssl-users] FW: Dgst sigopt parameters?

:23 PM, Blumenthal, Uri - 0553 - MITLL >> wrote: >> >> I still would like to know where all the acceptable "dgst -sigopt" >> parameters are described for RSA and ECDSA. >> >> Google search and scouring openssl.org manual pages did not bring me &g

Re: [openssl-users] Question on implementing the ameth ctrl ASN1_PKEY_CTRL_DEFAULT_MD_NID

The way I understand the ECDSA standard, it is supposed to truncate the provided hash - which is why it is possible to have ECDSA-over-P256-SHA384. One possibility would be for you to truncate the SHA2 output yourself, IMHO. On 11/30/18, 12:36 PM, "openssl-users on behalf of Fuchs, Andreas"

Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

as "letting the > perfect be the enemy of the good", which is also known as "cutting off the > nose to spite the face". It still cuts down on a huge number of potential > attacks, and doing away with it allows those attacks to flourish again. > (Which, by the way

Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

>> Quoting from Peter Gutmann's "Engineering Security", >> section "EV Certificates: PKI-me-Harder" >> >> Indeed, cynics would say that this was exactly the problem that >> certificates and CAs were supposed to solve in the first place, and >> that

Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

> "Provided chain ends with unknown self-signed certificate". I like this. IMHO "unrecognized" would be more confusing. I hope the team makes up their mind quickly. On 12/4/18, 6:17 PM, "openssl-users on behalf of Michael Wojcik" wrote: > From: openssl-users

Re: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Since OpenSSL is more than just a TLS implementation, I agree with Michael and support relaxing these checks when appropriate. Regards, Uri Sent from my iPhone On Mar 6, 2019, at 10:22, Michael Wojcik wrote: >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of >>

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

First, let me prefix that while I don't want to badmouth anybody, even incompetence cannot excuse deliberately generating bad/unparsable encoding. That's one of the cases when the cure is clearly worse than the disease. On 3/21/19, 13:58, "openssl-users on behalf of Viktor Dukhovni" wrote:

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

Hmm... Registering an OID dedicated to express this case should be feasible, and perfectly within the ASN.1 rules. One question - where in the OID tree would it live, as offhand I don't have any idea. It can't be too deep down, and also, it better be fairly short. >From the ASN.1 point of

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

+1 to Viktor's points. Regards, Uri Sent from my iPhone > On Mar 21, 2019, at 12:52, Viktor Dukhovni wrote: > > On Thu, Mar 21, 2019 at 01:00:14PM +, Salz, Rich via openssl-users wrote: > >>> This software however is 7 years old, we’re not in a position to drop >>> everything and

Re: [openssl-users] Smartcard cert used for encrypt\decrypt

On 1/31/19, 09:19, "openssl-users on behalf of Antonio Iacono" wrote:     > Does anybody know how to use the smartcard to encrypt and decrypt files? Smartcard performs public-key crypto operations, which aren't suitable for bulk processing, such as file encryption/decryption. In

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On 6/18/19, 5:44 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: We should perhaps provide getter/setter functions for the flags, or perhaps even a specific function for indicating the value is a bitstring, and how many bits it holds. For now the ASN.1 string is not an

  1   2   >