> Then I've misunderstood the presence of the "-DSHA256_ASM" flag.
>
> What's it specifically used for?
To remind me to double-check my answers? :(
Sorry, they are present. The difference is that the help message in 1.0.2
isn't complete. Did you try the commands directly?
--
openssl-users
> Alot of Online certificate providers have some kind of REST API.
>
> Is there such an API available as OSS or do i have to write one myself
You might want to look at the IETF ACME protocol.
There are many clients around. And the LetsEncrypt code is open source.
--
openssl-users mailing
1.0.2 does not have full RSA-PSS support; you can’t use it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Does your response mean, that RSA-PSS meanhile _is_ fully supported in 1.1.0?
I hesitate to say fully, because there are no doubt parts that don't work.
But RSAPSS signatures are supported.
But more importantly, 1.1.1 not 1.1.0
> Any estimations about how much work has to be done for
A file DES3 encrypted here by OpenSSL 1.0.1t 3 May 2016 (Debian 7 or
earlier version) is not accessible
by OpenSSL 1.1.0f 25 May 2017 (Debian 9). Is this expected behavior?
https://www.openssl.org/docs/faq.html#USER3
--
openssl-users mailing list
To unsubscribe:
Links across versions don’t really work since we moved from “crypto” “ssl” to
man3, etc.
Perhaps we should just take them down.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);
That only reads PEM files. If docs say otherwise, they are wrong.
➢ There must be a way to read DER format public keys.
A raw public key? Or a cert? Or a pkcs object? Anyhow, doc/man3/d2i_X509.pod
in master.
We did some system upgrades and they were down during the update time.
As I’ve said before, please wait for at least a second day before writing about
the snapshots.
On 9/14/17, 8:09 AM, "The Doctor" wrote:
They are missing in action!
--
openssl-users mailing
Convert from PEM to DER (via the X509_PEM_read_ funtions) and use X509_cmp.
PEM format is not guaranteed – you could have differnet linebreaks, for example.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Ø Has anyone had success parsing un-signed CSRs?
By its definition a CSR is signed. So this will not work.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Because it was seen to be a feature, not a bug-fix?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ But the patch was put in git almost 10 months before 1.0.2 initial
release.
We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe
matt can explain.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Openssl 0.9.8 is old and obsolete and has security issues; you should upgrade.
But even if you upgrade, the ocsp command will not listen on HTTPS; that is not
supported.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
You should look at the IETF TLS working group. Also, there was a mini
conference, TLS Ready or Not, that has a bunch of useful papers.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
1.0.2 and 1.1.0, whatever the highest letter is, are the supported releases.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Okay, you seem to be looking for an answer and there isn’t one.
The release you are using has problems when it decided to walk the heap. The
release you are using WILL NOT BE FIXED.
Change your code, backport the fix, or move to a more modern release. Sorry,
there is no other way.
--
You could try to backport the win_rand file from a more recent release.
Far better, as Michael first said, to move to 1.0.2 or later.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
least the server should have some control over the hash used?
Well, it is the client that is making the request, so therefore the client
needs to hash the cert information.
A production-quality OCSP
Ø I am unable to find the openssl-fips module for 1.1.0f. Do you know when it
will be available?
We have no date. Work hasn’t fully started, and isn’t fully funded. Perhaps
your company would like to help? :) See our blog for updates (look in the
archive for postings with FIPS in the title;
…
$crlDP
$ocspIAI
This is not supported. You can only put variables in *values*
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
An X509v3 certificate has “notBefore” and “notAfter” fields. If either of
those is not present, then it is not an X509v3 certificate. The time marked by
those fields is the validity period.
If you want “never expires” X509v3 certificates, the best you can do it put a
very large value in the
Ø Is there a way to emulate the above calls, and achieve similar result on
OpenSSL-1.0.2?
Just pull the fields out of the struct directly?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The original issue was discussed here:
Ø What happens if I call the ERR_add_error_data twice? Will it add the
arguments or replace them?
It replaces, free’ing the old.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ But if I use format=der I do not get prompted for the password.
DER does not support encryption. The bug is that the command does not tell you
this.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ OK. And why does DER not support encryption
Because it is not defined. If you want to encrypt keys, you need to use PKCS12
which might be too much for your application.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
But in doing this, I can't figure out if there is a risk on serial
number size for a root CA cert as there is for any other cert.
I don’t understand what attack you are concerned about, but the size of the
serial number should not matter for *any* certificate.
--
openssl-users
If the root is going to be trusted, make its serial number be one. ☺
Otherwise use eight bytes of random as the serial number, if you follow CABF
guidelines.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ Thus how large does this random number have
It’s also to protect against predicting serial numbers and being able to
leverage that. It’s not just (nor really mainly) the MD5 digest attacks.
According to CABForum, you need 8 octets. No reason not to use more if you can.
➢ page was
From https://www.openssl.org/news/secadv/20170828.txt
OpenSSL Security Advisory [28 Aug 2017]
Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)
===
Severity: Low
If an
In the CA section, you have to specify which fields you need/want in the DN.
This is the “policy” identifier which points to a section that names the RDN’s
you want/need.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Use the –batch flag to avoid all prompting
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
What version of openssl are you building?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
FWIW, there’s a ‘libtls’ library from the libre folks that might be worth
looking at.
If you come up with useful snippets we can start by posting them to the wiki,
for example
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
change
Sorry, then try 1.1.0 The HEAPWALK bug/issue is fixed there.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ This FIPS186-4 is not just about SHA. It basically about the key
generation parameters. Especially I am looking for RSA key generation
parameters wrt FIPS 186-4.
I do not know how you got the opinion that OpenSSL has 186-4 support. It does
not. Perhaps other people have written
➢ I was more talking about the parsing. Currently I have 40 LOC [1] to
Look at X509_get1_ocsp which is in crypto/x509v3/v3_utl.c That’s in 1.0.2 and
later
➢ > X509_CRL_verify. And yes, looking through to find the serial# is what you
have to do.
➢ That's 1.1-specific, correct?
➢ I used libcrypto to parse out the OCSP URL from the certificate validate
it against a whitelist of valid OCSP URLs, send an OCSP request and
validate the response and its signature against a custom certificate
store, and then parse out the result.
Two points on that:
➢ -
Can you build with debugging enabled? IT might make things easier. But note
that BIO_method_type is a trivial function,
return b->method->type;
which implies that a pointer got clobbered as being a likely cause. Are you
sure your code didn’t smash something?
#5
* FYI, I came up with following manual solution to correctly build 1.0.2l
static library with FIPS - 2.0.16 on Windows, using Visual Studio 2015. This
seems to work, and I no longer need to carry run time DLLs along with the
application. I feel this should be an acceptable solution. Does
* Whether openssl 1.0.x and 1.1.x can interwork ?
Yup. As long as they share a TLS version, no problem.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* 1. Why does s_server need option "-servername"?
For debugging, so that you can test that clients are sending the right SNI
extension and properly handling the TLS error when they don’t.
* 2. It looks options -servername and -alpn cannot work together.
Yes, kind-of. The s_client
The “server name” is something that the client sends to the server.
This allows a single host to server multiple “virtual hosts”
From: John Jiang
Reply-To: openssl-users
Date: Sunday, November 26, 2017 at 9:59 PM
To: openssl-users
> That said, it wouldn't hurt for the OMC to post a message to the list stating
> that business will continue as planned, since two very key figures have left
> the project.
I have two reactions, just my personal view. First, it’s premature to say
anything, we’re still figuring things out.
We are no longer doing additional platforms for the existing certifications.
We are working on a plan for future FIPS validation, based on the 1.1.x line.
From: Sandeep Umesh
Reply-To: openssl-users
Date: Wednesday, November 29, 2017 at 7:30 AM
> My number one complaint is that it seems like the defaults are generally set
> up to do the wrong things, and the application has to either explicitly set
> "yes, you should be secure" options or do stuff on its own. This seems to
> have been getting better - gaining hostname validation, for
➢ It probably wouldn't hurt to post something to the lists when there's a blog
post with news like this - items that subscribers would likely feel is
important. Blog posts like the recent "OpenSSL in China" series probably don't
need to be mentioned on the lists. But it's subjective, and I
Okay, FF does ECDHE not DHE/EDH. The whole industry does that, and most are
using X25519 which was developed by Dan Bernstein.
The Guardian article you referenced didn’t even have the word curve in it. My
question – do you have a reference that shows Schneier says not to use elliptic
curve –
* My target can’t support native build environment, so I must use cross.
* Is there any way to fix those errors?
If you make any changes to the FIPS build procedure, then the result is not
FIPS validated. I think the build procedure does not support cross-compiling
very well, because
* I find that Firefox refuses to do any ephemeral ciphers whatsoever. What
the heck? Why am I surprised. Somebody paid them.
I don’t know what server you are testing against, but FF does ECDHE all the
time with no problems.
* If you follow Schnieder, elliptic curve is not an
The s_server program is not multi-threaded, it does one connection at a time.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ Hmmmits working for me. Perhaps an Akamai issue Rich Salz?
Don’t know, looked okay to me. I re-flushed the cache
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢
http://openssl.6102.n7.nabble.com/Memory-issues-with-ssl-handshake-td20851.html#a20854.
➢ Don't understand why this issue is not encountered by other users and why
it
has not been fixed for so many years.
The first part answer the second. It is not encountered by others,
➢ -days on req when generating a request does noting, and should perhaps
produce a warning, since this option is only meaningful when used with
the -x509 option to produce a self-signed cert instead of a request.
https://github.com/openssl/openssl/pull/4692
--
openssl-users mailing
There is something strange with the RSA private key or it’s BN_CONT object.
Are you sure that you are properly releasing all OpenSSL objecdts in your code?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ Please share if any patch available for CAVS algorithm test support
for RSA 186-4.
There is not. Unless someone in the community has one they are willing to
share.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
1.0.1 or 1.1.0 release? I’m guessing 1.0.1, since many of those engines are
removed from 1.1.0
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Have you thought of putting a packet-capture on, say, the client side and then
viewing it?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* When I see SSL certificates, their serial number is like this :
0A:8D:9A:4Q:8X:1A:0B:88:18:1Z
Serial numbers are displayed as hex values, so my guess is you just typed that
“as an example” since Q X Z aren’t valid hex characters. Or perhaps it was an
extension (like device serial) that
>My personal priority list for OpenSSL is bug fixes and code cleanup
> (static and dynamic analysis of the 1.1.x codebase would be good, and one of
> these days I'll get around to doing it myself),
We do run coverity weekly, and anyone can sign up to see the results BTW
--
openssl-users
README.ECC has never been part of 1.0.2 and is always part of the the 1.1.0
tarballs; do you have evidence otherwise?
I don’t think the team is going to answer any questions beyond what is already
in the distrubtuion and website except to say that the license is NOT limited
to the FIPS
➢ The OP claimed the file was only in the FIPS tarballs, and not in the
OpenSSL tarballs. My questions were based on that.
So the OP is wrong.
➢ Saying "in the distribution and website" is also quite vague and
thus another example of a non-answer.
No it’s not. The OpenSSL
➢Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so
if you have a TLSv1.3 connection, it will never renegotiate.
But it could ask for a certificate, which would trigger SSL_WANT_WRITE
--
openssl-users mailing list
To unsubscribe:
You can re-use the keys, but then you get no forward secrecy, and sessions
generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with
legacy), you really should use ECDHE.
--
openssl-users mailing list
To unsubscribe:
They are NOT using a 25519 certificate; it says “key exchange”
From: Codarren Velvindron
Date: Saturday, October 21, 2017 at 9:38 AM
To: Rich Salz , openssl-users
Subject: Re: [openssl-users] Generating CSR based on an x25519
* How would we be able to achieve this? I have read somewhere on a 2016
mail in the archives that it is an "encrypt-only" algorithm and that is not
possible.
X25519 is a key-exchange-only algorithm. Ed25519 is a signing algorithm.
Unlike classic RSA, the signing and the key exchange are
5537: asn1_do_lock (tasn_utl.c:79)
==31919==by 0xB352767: asn1_item_embed_free (tasn_fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)
Regards,
Raghavendra
On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users
<openssl-users@openssl.org<mailto:openssl-u
The print routine does not free anything.
From: Raghavendra a
Reply-To: openssl-users
Date: Friday, May 11, 2018 at 5:53 AM
To: openssl-users
Subject: [openssl-users] freeing of X509_CRL object
Hi All,
In my program,
fre.c:88)
==31919==by 0xB3528D4: ASN1_item_free (tasn_fre.c:20)
Regards,
Raghavendra
On Fri, May 11, 2018 at 3:40 PM, Salz, Rich via openssl-users
<openssl-users@openssl.org<mailto:openssl-users@openssl.org>> wrote:
The print routine does not free anything.
From: Raghavendra a <r
There are TLS control messages which could flow in either direction,
spontaneously. Renegotiation (pre TLS 1.3), tickets (TLS 1.3), and so on.
I cannot comment on if your proposal would work or not, sorry.
From: Alex H
Date: Saturday, May 19, 2018 at 5:03 AM
To: Rich
>In 1.1.0 and later it is documented:
And in 1.0.2 it was documented in January, 2017.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
In 1.1.0 and later, the flag takes a single parameter in name=value. Yes
that’s strange, but it means that in the common case you don’t need to do any
quoting:
-header Host=ocsp.example.com
In 1.0.2 it takes two parameters
-header Host ocsp.example.com
--
What version of OpenSSL are you using?
Using the time to seed the RNG is horrible; DO NOT DO THAT.
Not trying to be insulting, but if you think time is a good source, then you
really don't know what you're doing for RNG's. Consider looking at the master
branch, with its highly-improve seeding
>Well what I was alluding to is this the correct use of the RAND_add
> function
to seed the Key generation. Its a bit confusing certainly.
You are calling the API correctly. That should have been clear from the
manpage.
You still did not tell us what version of OpenSSL you are using.
TLS is a bidirectional protocol. You can’t throttle only one side.
From: Alex H
Reply-To: openssl-users
Date: Friday, May 18, 2018 at 7:21 PM
To: openssl-users
Subject: [openssl-users] Receive throttling on SSL
* So is there is any other way we can still make it work without disabling
FIPS mode ?
No. The version of openssh you are using makes API calls that are not allowed
in FIPS mode. I suspect later versions of OpenSSH also do this, and therefore
“FIPS mode openssh” will require some coding
>This is one of several reasons why FIPS 140-2 is a problem. Unfortunately
> the FIPS 140-3 effort seems to be moribund, and I haven't heard anything
> about "ISO FIPS" in some time.
If I understood what was said at the ICMC conference last month, the FIPS 140-3
plan is to just point to
It looks like in OpenSSL 1.1.0 I can no longer do that. There are only
functions available that return various function pointers from a
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there
are no corresponding counterparts to set the function pointers.
This
>Should I file an issue on GitHub about the missing setters?
That would be great, thanks. Glad you got something to work.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>Just curious, is there a possibility to patch CHACHA cipher specific
> changes to OpenSSL 1.0.2 version still and get SSL handshake succeed?
It can be done; CloudFlare posted some patches at
https://github.com/cloudflare/sslconfig/tree/master/patches but I think they
used the pre-IETF
>This didn't show up in my RSS client. Is the RSS feed not working, or is
> it just my client?
It probably sat in draft form for too long, and went out with the old date.
Oops.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>I know this is caused by a lack of available entropy in the system; but what
>can I do to address this? Is it just a matter of waiting until enough entropy
>has been collected? Is there any kind of workaround?
Assuming you don’t have another source of randomness that you can add in, then
* We generated intermediate02 such that it has "basicConstraints" extension
and "keyUsage" missing. Now we used this intermediate 02 CA to sign server
certificate.
If those extensions, which are *optional,* are not present, then there is no
limit on how the keys may be used, or how long
is there.
But it is getting called only for server certificate.
Thanks
Sandeep
On Thu, May 31, 2018, 11:39 PM Salz, Rich via openssl-users
mailto:openssl-users@openssl.org>> wrote:
* We generated intermediate02 such that it has "basicConstraints" extension
and "keyUsage&
Without commenting on whether or not your understanding is correct (the client
gets the params and can see how big the key is, no?), I will point out that the
way DHE works is defined by the IETF RFC’s, and they have not changed.
--
openssl-users mailing list
To unsubscribe:
We just posted a new blog entry on long-term support, the different phases, and
so on. It’s here:
https://www.openssl.org/blog/blog/2018/05/18/new-lts/
TL;DR is that the upcoming 1.1.1 will be our next LTS release.
--
openssl-users mailing list
To unsubscribe:
>The code above does what I want - except for renegotiations!
Do you absolutely, positively, HAVE TO support renegotiation?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
As in sending a non-fatal alert? There's no API to do that. And it probably
wouldn't work anyway, as most runtimes treat any alert as fatal.
Your best bet is to implement the right callback (depends on which version of
openssl you are using) and return an error if the SNI isn't one of your
* Do you still plan to switch to Apache license for the final 1.1.1 release?
That is still our goal, as stated.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>connecting s_client to s_server with TLS 1.3 seems to cause two
successive session tickets to be sent by the server (see below).
>Is this expected?
Yes.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>Thanks, it does not happen with mozzilla implementation
(tls13.crypto.mozilla.org), is this openssl specific or part of the
specification?
The specification allows a server to send one or more tickets, at its
discretion.
--
openssl-users mailing list
To unsubscribe:
>Interoperability issues with middle-boxes or existing software written for
> TLS 1.2.
Facebook, Google, and Mozilla did lots of testing with TLS 1.3 and middleboxes.
If something was missed, the whole Internet will have problems. Existing
software is the question we are trying to
* I have posted my question into the forum. Please kindly approve it as
soon as possible.
Which forum?
The fact that you were able to post to the openssl-users mailing list means you
should just post your question, well, to the openssl-users mailing list. ☺
--
openssl-users mailing list
Akamai has had millions of connections with megabytes of data exchanged. This
is with partial deployment on our network, and requiring customers to opt in to
enable beta-testing. We have found no issues. We don't do 0RTT. We are using
our own server.
I was surprised by how many connections
Sorry, typo. We've had hundreds of millions of connections, with megabytes of
data exchanged."
On 4/30/18, 11:52 AM, "Salz, Rich" wrote:
Akamai has had millions of connections with megabytes of data exchanged.
This is with partial deployment on our network, and
>The issue is most likely that no one "in the wild" has done any testing
of significance.
I thought the Akamai numbers were significant.
I can certainly see tls1.2 exchange but there is nothing for tls1.3 and
so I am working on getting a site up pronto ( in the wild ) to
On 5/3/18, 4:24 AM, "morthalan" wrote:
No, technically not. I am just searching for a simple method just to check a
certificate is signed by CA or not.
Because. Something like signing check, I am not quite sure, I do not have
proper knowledge on
>After the generation of SignedCertificate.pem. I would like to write
function to verify the SignedCertificate.pem, whether it is signed or not.
That is still not an accurate description. By definition, a certificate is
*signed data.* It appears as a bitstring in the X509 data
The combination of (issuer,serial#) is the only way to get a unique identifier
for a certificate. Lots of software depends on certs being uniquely
identifiable. What happens if that assertion is not true? Some things will
break. What? Well, it depends on the software, and which certs are
For CBC the encrypted text will be a multiple of the cipher size. So your use
of CBC is wrong. The quoted post uses aes256; you were using aes-cbc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
101 - 200 of 453 matches
Mail list logo