[openssl-users] Removing some systems

2016-03-18 Thread Salz, Rich 
We are planning on removing the following systems from OpenSSL 1.1:

Netware

OS/2



There are a few reasons for this.  In no particular order they include: these 
platforms are no longer supported by the vendor; the configurations and builds 
have not been testable by the team for years and might not even work; nobody on 
the team has access to any of these.



As a hopefully mediating factor, please note that they are still part of 1.0.2, 
which we have said is an LTS release with support until 2019.



People interested in supporting any of these systems should look at building 
their own configuration with the template system; post on the openssl-dev list 
for help.  Reducing the footprint and tangle of #ifdef's is also very important.



We are also looking at others that are in a similar (although perhaps not 
identical) reason and will post here about them.

--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

2016-03-18 Thread Jeremy Farrell 

On 17/03/2016 06:32, Ranjith Kumar A. wrote:

> Need help.
This is a question about using the OpenSSL libraries, further discussion 
should be on openssl-users; I've set 'reply-to' appropriately, but I 
don't know what the mailing list will do with it.


I’m not able to encrypt a key using passphrase, below is the error  > message. > > **"error:0D07209B:asn1 encoding 
routines:ASN1_get_object:too long"** > > Have already googled for error 
but couldn't got much info > > unsigned char pass[] = "123456"; > > BIO 
*priv_bio = BIO_new( BIO_s_mem() ); > > RSA *rsa = RSA_generate_key( 
2048, 65537, NULL, NULL ) ret = > PEM_write_bio_RSAPrivateKey( priv_bio, 
rsa, EVP_aes_256_cbc(), pass, 64, NULL, NULL );
I don't know if or how it's related to your problem, but you have 
defined a 7 byte array as the passphrase then told the function to use 
64 bytes at that location. There's no saying what values the other 57 
bytes of the passphrase will have, assuming they're accessible at all.



...  > The same piece of code is working on openssl-0.9.8zg.

More luck than good judgement I suspect.


...

--
J. J. Farrell
Not speaking for Oracle.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL version 1.1.0 pre release 4 published

2016-03-18 Thread OpenSSL 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.1.0 pre release 4 (beta)
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   OpenSSL 1.1.0 is currently in beta. OpenSSL 1.1.0 pre release 4 has now
   been made available. For details of changes and known issues see the
   release notes at:

http://www.openssl.org/news/openssl-1.1.0-notes.html

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   The beta release is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.0-pre4.tar.gz
  Size: 5325012
  SHA1 checksum: 58119f6c784055a50622afc75b5b817eeae2a365
  SHA256 checksum: 
a2fe0bd293cdedde193ff0377cab75cbd042a9c20c11622d6b350890855a0a69

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.0-pre4.tar.gz
openssl sha256 openssl-1.1.0-pre4.tar.gz

   Please download and check this beta release as soon as possible.
   Bug reports should go to r...@openssl.org. Please check the release
   notes and mailing lists to avoid duplicate reports of known issues.

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJW6ZYnAAoJENXp5D99+e6MLLEP/jqfZLP8ziXZ/LwOCvtIwe7x
aCyYmRff8lsNfFbgb6IWFoUqA5oEwq2nAUSeJ5FWX4hhsIdvLrBskT5o47cDo+fA
8CQBXYfEcEq9Qvdezw20242TPpCpBDFBFh7L972yVElbvwGgsV0OaiJ5oGss7u1A
ZWXhrnpiYBr04Ovx5CtN5QedtV4U5ZEhQOumKpM+BgWD3lt2AlYGRrc9f3DytdQ/
cIVW5p2NlixQkKp2qqcsa5tXMtPoPz1IwJi3BpBR5ViBWCqzlSWAUqxuHL8t0piH
AQZr1dN+ABiSoM9B7wa1PHUZWNlUlK4aF8t6o4sg0deaaHOZbi/skitKgPhbuYtW
Zs4/et2SA7lctNODKPjwYL80KVCrvx+Hk3rUf6tLWhcCyfcAIIR0Bg8o86nD9SNU
fJ5fEoe6HpADWdF/RcoWVsWkLJbqq33VouXYuOlOrQTJ+11bxVyraMdwoC0NmnBm
4PdHkjVcfH3t1GwKp02aRw33VL/xa6x6gTT3OtTkVhwXXF0q5nDtxbUf421lVPvo
ZMB2UHnhnaNZhDO9X6m2ZBkizzjLMooqeMuAIiAXdwQZ4+Tee/Gcrf4wMP34pa6j
FvDqEBTa19BC6joLhC+mmfHgmQTTQWg7GiZ0a9VAjmnom9CxUNBzYVAdL4SYrk4z
jf78Hj1qn1w+4dVLo/o1
=O2sR
-END PGP SIGNATURE-
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Questions about OCB and Wrap modes

2016-03-18 Thread Matt Caswell 


On 15/03/16 11:12, Michel wrote:
> Hi,
> 
>  
> 
> As there was some discussion about AEAD, I am still curious to know why
> OCB mode isn't flagged as one of them :
> 
> assert( EVP_CIPHER_flags( EVP_aes_128_ocb() ) &
> EVP_CIPH_FLAG_AEAD_CIPHER );failed ?
> 
>  
> 
> Can someone please explain this to me ?

Yes. It's a bug! :-)

Now fixed in git.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

2016-03-18 Thread lists 

On 03/14/2016 04:26 PM, PGNet Dev wrote:



Must use it,

(1) https://wiki.openssl.org/index.php/Compilation_and_Installation
Dependencies

If you are prompted to run make depend, then you must do so.


Which I currently attempt to do, but get the reported errors about not 
finding the stddef.h include etc.



I cannot see exactly what is that you find confusing.


That the wiki says you don't need to,

"Compilation

 After configuring the library, you should run make. If prompted, 
there's usually no need to make depend since you are building from a 
clean download."


IMHO the Wiki is wrong, also the phrase is not crystal clear to me: "If 
prompted" meaning? "Even if prompted to do so" or "If _not_ prompted"?
Anyway, the header-file-not-found issue is a bug, of course, apart from 
the necessity of running "make depend" or not. I doubt that without 
running "make depend" you'd do better.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] help on des_cblock

2016-03-18 Thread Scott Neugroschl 
My mistake.  I was reading the calls backwards.  The use of c_str() there is 
fine.  Ignore my previous comment.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Jason Qian
Sent: Friday, March 18, 2016 2:34 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] help on des_cblock

Thanks,
Jason

On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl 
mailto:scot...@xypro.com>> wrote:
I suspect the use of std::string and c_str().  Use a std::vector instead.

From: openssl-users 
[mailto:openssl-users-boun...@openssl.org]
 On Behalf Of Jason Qian
Sent: Friday, March 18, 2016 1:19 PM
To: openssl-users@openssl.org
Subject: [openssl-users] help on des_cblock

I am new on openSSl and run  into a issue need some help.


In our application, the client and server perform a Diffie Hellman Key exchange 
and then encrypt the data  The client is written in C++(using openSSL), and 
server is in java.

 Most of time, it is running correctly, but occasionally the server(java) throw 
a  "Given final block not properly padded" exception.

I added more log on the both side. When the exception happen,  the keys are 
offset by one(for the working case, they are the same)


Server -- java  get from getEncoded()

DES Key  size (8)(1,-83,-113,-74,-77,109,84,88)

Client -- openSSL  get from des_cblock struct

DES Key  size (8)   (-83,-113,-74,-77,109,84,88,8)
Thanks
Jason

Here is the C++ code

void DiffieHellmanCipher::init(const std::string &Y){
if (Y.length() == 0) {
return;
}
if (m_DH == NULL) {
return;
}

// convert the Y to BIGNUM
BIGNUM *bnY = NULL;
// Memory for bnY is allocated in BN_dec2bn call.
if (!BN_dec2bn(&bnY, Y.c_str())) {
if (bnY)
BN_free(bnY);
printf("Could not convert Diffie-Hellman Y value to BIGNUM");
}

// compute the secret key
int dhSize = DH_size(m_DH);
unsigned char *secretKey = (unsigned char*) new char[dhSize + 1];
int secretKeyLen = DH_compute_key(secretKey, bnY, m_DH);
BN_free(bnY);

if (secretKeyLen < 8) {
delete [] secretKey;
printf("Error computing secret key: key length is too short");
}

// convert from raw form to odd parity DES key
des_cblock desKey;
memcpy(desKey, secretKey, 8);
delete [] secretKey;
DES_set_odd_parity(&desKey);

  //just print out des_cblock
secretKeyString="(";
char ch[10]="\0";
for(int i=0;i<8;i++){
sprintf(ch,"%d",(char)desKey[i]);
  secretKeyString+=ch;
  if(i != 7){
secretKeyString+=",";
  }
}
secretKeyString+=")";


int skRet;
if ((skRet = DES_set_key(&desKey, &m_DESKey)) != 0) {
delete [] secretKey;
printf("Error computing secret key: generated key is weak");
}

m_bInited = true;
}

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

2016-03-18 Thread Salz, Rich 

> > Wait, are you saying that OpenSSL 1.1.0 no longer implements all the
> > known SSL/TLS versions (some of which are disabled by default because
> > of security)?
> >
> > That would mean it is no longer a full featured TLS and SSL toolkit?

SSlv2 is a bug, not a feature :)

Perhaps less flippantly, OpenSSL 1.0.2 is a long-term supported release and 
fully supports SSLv2 if configured to do so.

So OpenSSL can still claim to be a full-featured TLS and SSL toolkit with a 
straight face.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

2016-03-18 Thread Jakob Bohm 

On 16/03/2016 22:52, Jeffrey Walton wrote:

After

 ./configure ...

I'm prompted

 Since you've disabled or enabled at least one algorithm, you need to
do
 the following before building:

 make depend

Exec'ing the 'make depend' stage returns lots of warnings,



I'm not sure what's going on here. A lot has changed recently, and
something could have been knocked loose.


Reading wiki & reports at openssl, there's confusing, if not conflicting,
advice.


OK, so the issue here is... Painting with a broad brush, there are
three OpenSSL distros - 1.0.1, 1.0.2 and 1.1.0 (and even 0.9.8). There
are also two build systems - the classic one from 1.0.1/1.0.2 (and
even 0.9.8) and the new unified one from 1.1.0.

Our task is to come up with one rule that "just works" everywhere to
teach users. We want "one rule to rule them all" because its easiest
on users. We don't want multiple rules. Its the reason 1.1.0 accepts a
config of "./config no-ssl2 ..." even though SSLv2 has been removed.
Its the rule we've been pounding into people's head's.

Wait, are you saying that OpenSSL 1.1.0 no longer implements
all the known SSL/TLS versions (some of which are disabled by
default because of security)?

That would mean it is no longer a full featured TLS and SSL
toolkit?


The rule I've been following/practicing is the following. I do it
regardless of whether I am prompted or not (because I like one simple
rule to follow):

  make depend && make clean && make

 - 'make depend' gets the dependencies right
 - 'make clean' gets rid of old/dated artifacts (with dependencies
accounted for)
 - 'make' builds under a "good" state (since depend and clean have executed)



Regarding this from the wiki:

 After configuring the library, you should run make. If prompted,
 there's usually no need to make depend since you are building
 from a clean download."

We should probably remove that statement and replace it with the one
rule. Sadly, I'm probably the guy who put it there. I'll get that
fixed later today.



If I can ask as a user, if I say do this _all the time_, then
would it be easiest on you?

 make depend && make clean && make

Or is there something else you would recommend?



As far as not configuring because stddef.h, that sounds like a bug.

Jeff



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

2016-03-18 Thread Viktor Dukhovni 

> On Mar 17, 2016, at 6:32 PM, Blumenthal, Uri - 0553 - MITLL  
> wrote:
> 
> Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO 
> primitives for this task.

Well you can work with 
http://openssl.org/docs/manmaster/crypto/EC_KEY_key2buf.html
to extract EC public key octets.  If you want an ASN.1 encoded "SPKI" object 
(i.e. an
X509_PUBKEY in OpenSSL) then you can use

X509_PUBKEY *pk = NULL;
unsigned char *buf = NULL;
EVP_PKEY *key;

key = ... ; /* Get a keypair */

if (X509_PUBKEY_set(&pk, key) <= 0) {
/* error */
}

len = i2d_X509_PUBKEY(pk, &buf);
if (len < 0 || buf == NULL) {
/* error */
}

/* buf contains ASN.1-encoded SPKI, use it */

OPENSSL_free(buf);
X509_PUBKEY_free(pk);
EVP_PKEY_free(key); /* If no longer needed */

A shorter version of the above is possible via i2d_PUBKEY() which
handles the creation, encoding and destruction of the intermediate
X509_PUBKEY:

  int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
  {
X509_PUBKEY *xpk = NULL;
int ret;
if (!a)
return 0;
if (!X509_PUBKEY_set(&xpk, a))
return 0;
ret = i2d_X509_PUBKEY(xpk, pp);
X509_PUBKEY_free(xpk);
return ret;
  }


Looks like we need documentation for X509_PUBKEY_set() and friends...
Any volunteers?

X509_PUBKEY_free();
X509_PUBKEY_get();
X509_PUBKEY_get0();
X509_PUBKEY_get0_param();
X509_PUBKEY_new();
X509_PUBKEY_set();
X509_PUBKEY_set0_param();
d2i_DSA_PUBKEY_bio();
d2i_DSA_PUBKEY_fp();
d2i_EC_PUBKEY_bio();
d2i_EC_PUBKEY_fp();
d2i_PUBKEY_bio();
d2i_PUBKEY_fp();
d2i_RSA_PUBKEY_bio();
d2i_RSA_PUBKEY_fp();
i2d_DSA_PUBKEY_bio();
i2d_DSA_PUBKEY_fp();
i2d_EC_PUBKEY_bio();
i2d_EC_PUBKEY_fp();
i2d_PUBKEY_bio();
i2d_PUBKEY_fp();
i2d_RSA_PUBKEY_bio();
i2d_RSA_PUBKEY_fp();

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] About no-ssl2

2016-03-18 Thread Richard Moore 
On 16 March 2016 at 22:58, Viktor Dukhovni 
wrote:

> On Wed, Mar 16, 2016 at 10:52:39PM +, Richard Moore wrote:
>
> > On 16 March 2016 at 22:39, Viktor Dukhovni 
> > wrote:
> >
> > > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> > > with OPENSSL_NO_SSL2.  The "OPENSSL_NO_..." macros specify disabled
> > > features, not deleted code.
> > >
> >
> > ​That's the major flaw of the current design of flagging when features
> are
> > disabled rather than when they're present. I'm sure you'll get plenty
> more
> > reports like this.
>
> Use feature probing via autoconf, or just:
>
> #if OPENSSL_VERSION_NUMBER < 0x1010L && !defined(OPENSSL_NO_SSL2)
> /* SSLv2 available */
> #else
> /* SSLv2 not available */
> #endif
>
> Better yet, drop support for SSLv2, and then you don't care whether OpenSSL
> provides it or not.
>
>
​SSL2 is simply an example of this issue, the same applies to others eg. it
will no doubt occur in future for NPN since ALPN has replaced it. ​

​The problem is the concept itself since it will require every app to have
coded into it when a given feature was removed should it attempt to support
it when present.

Rich.​
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

2016-03-18 Thread Dr. Stephen Henson 
On Fri, Mar 18, 2016, Viktor Dukhovni wrote:

> On Fri, Mar 18, 2016 at 06:59:36PM +, Blumenthal, Uri - 0553 - MITLL 
> wrote:
> 
> > Answered my own question: should use EVP_PKEY_bits(pkey) instead.
> 
> That's not the right way to determine the curve id.
> 
> > >How do I determine what curve the above key is on?
> 
> For that you need to determine the EVP_PKEY algorithm type:
> 
>   int type = EVP_PKEY_base_id(pkey);
> 
>   if (type == EVP_PKEY_EC) {
>   EC_KEY *key = EVP_PKEY_get0_EC_KEY(pkey);
>   EC_GROUP *group = EC_KEY_get0_group(key);
> 
>   /* Use that group to generate more points */
>   }
> 
> So you don't need code to specifically identify the group, but if
> you want to constrain the supported groups:
> 
>   switch (EC_GROUP_get_curve_name(group)) {
>   case NID_undef:
>   default:
>   /* Unknown or not named group */
> 
>   case NID_X9_62_prime256v1:
>   /* P-256 */
>   ...
> 
>   case NID_secp384r1:
>   /* P-384 */
> 
>   ...
>   }
> 

There is another way too. An EVP_PKEY can also be used to contain parameters
and it is permissible to pass a private or public key as a set of parameters.

In outline you call:

 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(privkey, NULL);
 EVP_PKEY_keygen_init(pctx);
 EVP_PKEY_keygen(pctx, &newkey);
 EVP_PKEY_CTX_free(pctx);

This works with other algorithms like DSA/DH too so you'll probably want to
check the key is of the correct type first.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users