State of EBCDIC support in OpenSSL

What is the current state of EBCDIC support in OpenSSL? While there are CHARSET_EBCDIC #ifdefs all over the source, a build on z/OS Unix System Services is possible and creation of signatures apparently works, there are several problems we ran into: - the openssl s_client command cannot be

Re: State of EBCDIC support in OpenSSL

Am 29.04.14 10:28, schrieb Tim Hudson: Bug reports on EBCDIC with patches are definitely interesting as there is an active community of OpenSSL z/OS users - at the very least the other users will benefit from any work you have already done. I can provide bug reports, but at the moment I cannot

Question about rationale for function X509_check_akid()

I'm using a verify callback function set via X509_STORE_set_verify_cb_func() to customize the behavior of X509_verify_cert(). For example errors related to the fact that no complete chain to a trusted root can be built are ignored, in order to still allow validation of other properties of

Re: Question about rationale for function X509_check_akid()

Am 30.04.14 16:13, schrieb Viktor Dukhovni: The function is part of the public API (its name starts with an upper case X509 not x509 as with internal interfaces), so changing its semantics would introduce an incompatibility with applications that rely on the old behaviour. Well, bug fixes in

valgrind reports uninitialized memory reads for elliptic curve signatures in OpenSSL 1.0.2

Hi, after switching to a current build from the OpenSSL_1_0_2-stable branch on a Linux 64-bit system I'm getting the below valgrind reports about use of uninitialised values when creating ECDSA signatures. This is a build created with -DPURIFY. Those didn't happen with OpenSSL 1.0.0c. I

Re: valgrind reports uninitialized memory reads for elliptic curve signatures in OpenSSL 1.0.2

Am 27.06.2014 18:10, schrieb Viktor Dukhovni: On Fri, Jun 27, 2014 at 05:29:52PM +0200, Stephan M?hlstrasser wrote: ==14780== Use of uninitialised value of size 8 ==14780==at 0x72378B: bn_GF2m_mul_1x1 (bn_gf2m.c:179) What is the commit id of the openssl version you're

Re: valgrind reports uninitialized memory reads for elliptic curve signatures in OpenSSL 1.0.2

Am 28.06.2014 04:42, schrieb Viktor Dukhovni: On Sat, Jun 28, 2014 at 12:28:45AM +0200, Stephan M?hlstrasser wrote: Maybe b is uninitialized? I would expect function arguments to be initialized by virtual of being passed to the function, and the use of uninitialized values to be attributed

Questions about ECDSA_METHOD in OpenSSL 1.0.2

Hi, OpenSSL 1.0.2 has a new interface for creating a new ECDSA_METHOD. Unlike the corresponding RSA_METHOD structure the ECDSA_METHOD structure is privately defined in header file ecs_locl.h, and there are functions like ECDSA_METHOD_set_sign() etc. to override members of the structure.

X509_verify_cert: How to retrieve the actual CRLs used to verifiy a certificate?

Hi, via X509_LOOKUP_load_file() resp. X509_LOOKUP_add_dir() I'm adding a PEM file containing multiple CRLs and/or a directory containing hashed CRL files to a X509_STORE. Then I'm using the X509_verify_cert() function to verify a certificate. After verification is successful, I would like

Re: X509_verify_cert: How to retrieve the actual CRLs used to verifiy a certificate?

Am 19.11.14 um 17:20 schrieb Stephan Mühlstrasser: Hi, via X509_LOOKUP_load_file() resp. X509_LOOKUP_add_dir() I'm adding a PEM file containing multiple CRLs and/or a directory containing hashed CRL files to a X509_STORE. Then I'm using the X509_verify_cert() function to verify a certificate

[openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()

Hi, I have a question about the behavior of OCSP_basic_verify() and the meaning of the OCSP_NOEXPLICIT flag. The OCSP_basic_verify() function is the only place where this flag has an effect in the whole OpenSSL source, and in the openssl ocsp application it can be set with the -no_explicit

Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()

Am 18.02.15 um 13:19 schrieb Stephan Mühlstrasser: Unfortunately the -no_explicit command line option is not documented: https://www.openssl.org/docs/apps/ocsp.html What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the -no_explicit command line option. What exactly

Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()

Am 24.02.2015 um 16:19 schrieb Salz, Rich: As there is no documentation and as noone seems to know the meaning of the -no_explicit for openssl ocsp, should I file a documentation defect in RT for that? yes, please. Never mind, Stephen already fixed the doc in master :) Sorry, I sent

Re: [openssl-users] Meaning of OCSP_NOEXPLICIT for OCSP_basic_verify()

Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson: If the responder root CA is set to be trusted for OCSP signing then it can be used to sign OCSP responses for any certificate (aka a global responder). This comes under: 1. Matches a local configuration of OCSP signing authority for the

[openssl-users] Is the structure of this CMS object correct?

Hi, I'm trying to decrypt a DER-encoded CMS object (created by Adobe Acrobat) with OpenSSL 1.0.2d: $ openssl cms -decrypt -in recipient.bin -inform DER -inkey atssecp521r1.key -recip atssecp521r1.pem Error reading S/MIME message 140735227593552:error:0D0680A8:asn1 encoding

Re: [openssl-users] Is the structure of this CMS object correct?

Bonjour Erwann, Am 09.02.16 um 11:53 schrieb Erwann Abalea: Bonjour, Le 9 févr. 2016 à 10:15, Stephan Mühlstrasser <s...@pdflib.com <mailto:s...@pdflib.com>> a écrit : ... SET { [1] { SEQUENCE { INTEGER 3 … This is th

Re: [openssl-users] Is the structure of this CMS object correct?

Am 09.02.2016 um 16:39 schrieb Erwann Abalea: Bonjour Stephan, ... I can also not decrypt the recipient.bin file with the "openssl smime" command. Do I understand it correctly then that the input file is neither a correct PKCS#7 file nor a correct CMS file? PKCS#7 and CMS are pretty much

Re: [openssl-users] Is the structure of this CMS object correct?

Am 23.02.16 um 18:26 schrieb Dr. Stephen Henson: On Tue, Feb 23, 2016, Stephan M?hlstrasser wrote: ... So yes it's pretty broken. Steve. Thank you for taking the time to analyse this, Steve. -- Stephan -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Is the structure of this CMS object correct?

Am 09.02.16 um 16:39 schrieb Erwann Abalea: Bonjour Stephan, ... PKCS#7 and CMS are pretty much interchangeable. Here, your file is strictly not a PKCS#7v1.5, because in this version, RecipientInfo wasn’t a CHOICE (see RFC2315 to see PKCS#7v1.5 definitions). How did you generate this

Re: [openssl-users] Is the structure of this CMS object correct?

Am 23.02.16 um 14:04 schrieb Dr. Stephen Henson: On Tue, Feb 23, 2016, Stephan M?hlstrasser wrote: Am 09.02.16 um 16:39 schrieb Erwann Abalea: Bonjour Stephan, ... PKCS#7 and CMS are pretty much interchangeable. Here, your file is strictly not a PKCS#7v1.5, because in this version,

Re: [openssl-users] Is the structure of this CMS object correct?

Am 25.02.16 um 13:16 schrieb Dr. Stephen Henson: So yes it's pretty broken. Just as a quick followup. If you change the two tags I mentioned above the result does then parse. However I've no idea if it will actually decrypt: the key derivation might be broken too. Thanks for the follow-up.

[openssl-users] OpenSSL cannot decrypt RC4-encrypted CMS object

Hi, I create a self-signed certificate, encrypt some data as a CMS message with "-rc4", and try to decrypt it. This fails with an error message (tested with OpenSSL 1.0.2): $ echo "abcdefg" >data.txt $ openssl req -x509 -newkey rsa:2048 -keyout key.pem -nodes -out cert.pem -days 100 -subj

Re: [openssl-users] How to plug in different digest algorithm implementation into the PKCS7 functions?

Am 26.04.16 um 16:25 schrieb Stephan Mühlstrasser: Hi, I'm trying to plug my own digest algorithm implementation into the PKCS7 functions for creating a signature (using OpenSSL 1.0.2). The hash computation shall be performed on a hardware device. For that purpose I wanted to supply my own

[openssl-users] How to plug in different digest algorithm implementation into the PKCS7 functions?

Hi, I'm trying to plug my own digest algorithm implementation into the PKCS7 functions for creating a signature (using OpenSSL 1.0.2). The hash computation shall be performed on a hardware device. For that purpose I wanted to supply my own EVP_MD data structure to PKCS7_add_signature(). A

Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

Am 06.07.16 um 05:15 schrieb Dr. Stephen Henson: ... Is the CMS object broken, or is this a problem in OpenSSL? Well the OpenSSL version does interop OK with the Bouncy Castle version of ECDH and CMS. I've checked through your test message and the problem is that the AES unwrapping algorithm

Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

Am 07.07.16 um 00:16 schrieb Dr. Stephen Henson: On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: While doing research on this, we found one thing that looks suspicious in the CMS objects generated by OpenSSL 1.0.2. When dumping the CMS object with dumpasn1, the key wrap algorithm is encoded

Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

Am 06.07.16 um 23:35 schrieb Dr. Stephen Henson: ... Yes, the other version cannot decrypt the CMS object generated by OpenSSL. I did some tests with Bouncy Castle, and it also cannot decrypt the CMS object. What might be interesting is that on the other hand Windows CryptoAPI is able to

Re: [openssl-users] How to turn on certain elements in CMS objects

Am 06.07.16 um 16:02 schrieb Dr. Stephen Henson: On Wed, Jul 06, 2016, Dr. Stephen Henson wrote: On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: First the AlgorithmIdentifier includes the EC curve name: 40 19: SEQUENCE { 427: OBJECT IDENTIFIER

Re: [openssl-users] How to turn on certain elements in CMS objects

Am 06.07.16 um 15:46 schrieb Dr. Stephen Henson: ... Second the following: 129 10: [1] { 1318: OCTET STRING B1 04 4A FD FC 8B 70 6D : } If I match this correctly to RFC 5652, this is ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL inside the

[openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

Hi, we are testing OpenSSL interoperability with a third-party application, and we cannot decrypt a CMS object that is encrypted by the third-party application with a prime256v1 elliptic-curve certificate. I have attached the following files: demo_signer_ec_secp256r1.cms.der: DER-encoded

[openssl-users] How to turn on certain elements in CMS objects

Hi, this message is related to another question that I sent with subject "Unable to decrypt CMS object encrypted with EC prime256v1 certificate". Below I have included the full ASN.1 dump of the CMS object generated by a third-party application. The CMS object has two properties that I so

[openssl-users] Why is the signing-time signed attribute added unconditionally in CMS signatures?

Hi, I'm wondering why OpenSSL adds the signing-time signed attribute unconditionally to a CMS signedData object. See function CMS_SignerInfo_sign() in source file cms_sd.c: if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { if (!cms_add1_signingTime(si, NULL))

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Am 17.02.17 um 16:09 schrieb Jakob Bohm: On 17/02/2017 15:25, Stephan Mühlstrasser wrote: Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Jakob, Am 17.02.17 um 18:43 schrieb Jakob Bohm: ... Some token keys on some tokens (think e-mail decryption private keys or TLS server private keys) intentionally support decryption of a wrapped symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or OAEP. The precise set of

[openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA signatures with PSS padding this strategy doesn't work anymore, because OpenSSL wants to

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Am 27.02.17 um 15:34 schrieb Dr. Stephen Henson: On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: How is it supposed to be possible to retrieve the original operations from an EVP_PKEY_METHOD pointer? Ah I see you're using OpenSSL 1.0.2. There isn't a way to get the existing function

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Am 11.01.17 um 17:09 schrieb Salz, Rich: OpenSSL does not support platforms where the memory representation of the NULL pointer contains non-zero bytes. IIRC there are even tests for this. Could someone from the OpenSSL team please explain the rationale for this decision? What is the problem

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Am 03.01.17 um 21:26 schrieb Viktor Dukhovni: On Jan 3, 2017, at 2:55 PM, Ken Goldman wrote: 1 - Is this a bit of a bug? ECDSA_SIG_free() frees the r and s BIGNUMs before is frees the structure itself. However, ECDSA_SIG_new() doesn't set r and s to NULL. It calls

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Am 12.01.17 um 13:19 schrieb Salz, Rich: My question was meant to ask why the pointers are initialized with memset() instead of initializing them by an assignment with NULL or 0. Was this a deliberate decision for some reason, or did it just creep in and no one cares now to fix it? Would the

[openssl-users] OpenSSL 1.1.0: How to get X509_STORE from X509_LOOKUP?

Hi, I'm migrating from OpenSSL 1.0.2 to OpenSSL 1.1.0. The application attaches additional data to X509 certificate data structures via the X509_set_ex_data()/X509_get_ex_data() functions. A tricky detail is that the additional data must be attached when OpenSSL loads certificates from PEM

Re: [openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

Am 15.06.18 um 16:36 schrieb Salz, Rich via openssl-users: It looks like in OpenSSL 1.1.0 I can no longer do that. There are only functions available that return various function pointers from a X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there are no

[openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

Hi, while porting from OpenSSL 1.0.2. to OpenSSL 1.1.0 I ran into the following problem: With OpenSSL 1.0.2. I plugged into the certificate verification mechanism in order to capture the X509_CRL that was used to validate a certificate. The original function pointer stored in the cert_crl

Re: [openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

Am 15.06.18 um 16:55 schrieb Salz, Rich via openssl-users: Should I file an issue on GitHub about the missing setters? That would be great, thanks. Glad you got something to work. Submitte new OpenSSL issue #6505: https://github.com/openssl/openssl/issues/6505 -- Stephan --

Re: Problems porting Openssl 1.1.1d to zos.

Am 14.04.20 um 14:57 schrieb K Lengauer: Hi Stephan, Thank you for your quick response and also the link to your github issue. I must have brushed over it when searching for similar issues, apologies. Anyway, this seems to further confirm the issue(s) at hand... Did you have any success or have

Re: Problems porting Openssl 1.1.1d to zos.

Hello Kevin, Am 14.04.20 um 10:00 schrieb K Lengauer: Dear all, I want to add another issue that occurred to me and would appreciate some input from others using zOS OpenSSL. Calls like "ossl_isascii(c)" such as is done in "a_print.c" in method "int ASN1_PRINTABLE_type(const unsigned char

Explicit thread cleanup in OpenSSL 1.1.1 possible?

Hi, with OpenSSL 1.1.1 it is possible to turn off the automatic cleanup with an atexit() handler by passing the flag OPENSSL_INIT_NO_ATEXIT to OPENSSL_init_crypto(). Is it possible to configure this also at the thread level, so that no automatic thread cleanup occurs, with the option to do

Re: Explicit thread cleanup in OpenSSL 1.1.1 possible?

Hello Michael, Am 27.03.20 um 15:46 schrieb Michael Wojcik: As a workaround, what about first making a JNI call to a trivial shared object that does an explicit dlopen of the OpenSSL shared object? The JVM wouldn't know about that load, and its subsequent unload of the shared object wouldn't