Re: Windows 10 run-time issue

2019-10-03 Thread Andy Kennedy 
Please excuse the top post, replying from my cell phone.

And so it is.  My bad!

Andy

On Thu, Oct 3, 2019, 8:25 AM Matt Caswell  wrote:

>
>
> On 03/10/2019 00:50, Andy Kennedy wrote:
>
> > So, I connect to the app with the VS debugger and find:
> >
> > file: pki_crypto.c:
> >
> > function:  pki_signature_from_ecdsa_blob()
> >
> > line: (1769) SAFE_FREE(raw_sig_data);
>
> These symbols all appear to be libssh symbols so I don't think we can
> really
> advise you on this. Your question might be better posted on a libssh forum.
>
> Matt
>

Re: Windows 10 run-time issue

2019-10-03 Thread Matt Caswell 



On 03/10/2019 00:50, Andy Kennedy wrote:

> So, I connect to the app with the VS debugger and find:
> 
> file: pki_crypto.c:
> 
> function:  pki_signature_from_ecdsa_blob()
> 
> line: (1769) SAFE_FREE(raw_sig_data);

These symbols all appear to be libssh symbols so I don't think we can really
advise you on this. Your question might be better posted on a libssh forum.

Matt

Re: error 114

2019-10-03 Thread Vitezslav Cizek 
V Thu, 3 Oct 2019 06:32:48 -0600
 napsáno:

>   fetchmail fails when openssl reports an error 114 (I think)

Actually it doesn't.

> stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644,
> st_size=1354, ...}) = 0 openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0",
> O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
> read(4, "-BEGIN CERTIFICATE-\nMIID"..., 4096) = 1354
> read(4, "", 4096)   = 0
> close(4)= 0
> stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No
> such file or directory) write(1, "fetchmail: SSL verify callback
> d"..., 71) = 71 write(1, "fetchmail: Certificate chain, fr"..., 70) =
> 70 write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Certificate at depth "..., 35) = 35
> write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Server certificate:\n", 31) = 31
> write(1, "fetchmail: Issuer Organization: "..., 54) = 54
> write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
> write(1, "fetchmail: Subject Alternative N"..., 51) = 51
> write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
> fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
> write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
> write(3, "\25\3\3\0\2\2P", 7)   = 7
> write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114
> 
>   What is an error 114?

114 isn't an openssl error number, it's the amount of bytes the write()
syscall wrote.
Run strace -s1024 to get the whole error string. 

>   Why does openssl look for
> /etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

During c_rehash, if a certificate object has the same hash value as an
existing one, the last digit number is incremented to distinguish it.
So by looking for 4a6481c9.1, openssl is checking against a possible
conflict in the hashes.

> russell bell

  Vita

-- 
Vítězslav Čížek Emergency Update Team (EMU)
   "Consider it fixed."

Re: OpenSSL compilation errors in Windows

2019-10-03 Thread Matt Caswell 



On 03/10/2019 11:10, Nagalakshmi V J wrote:
> Hi Matthias,
> 
>  
> 
> Please find my response for your queries below.
> 
>  
> 
> It would be more helpful if you would tell us *why* you are including 
> ssl_locl.h
> and what you are trying to achieve. Then we might be able to tell you how you
> could achieve your goal using the officially supported API.
> 
> [Nagalakshmi]:
> 
> In our product code, we are using the structures 'ssl_st'  and 
> 'ssl_session_st'
> which were defined in ssl.h file in Openssl 1.0.2.j version.
> 
> Since the structure definitions are made opaque in openssl 1.1.1c, we used
> ssl_locl.h where the structure definitions are available.
> 
>  
> 
> Please note that many of the OpenSSL structures were made opaque in version
> 1.1.0. This means that there are only forward declarations of the structures 
> in
> the public headers and the compiler does not get to  see the structure 
> members.
> Instead of directly accessing the members, it is now necessary to use accessor
> functions (a.k.a. getters and setters).
> 
> [Nagalakshmi]:
> 
> Regarding usage of accessor functions, I got the following APIs.
> 
> SSL_get_session(s)
> 
> SSL_SESSION_get_master_key().
> 
>  
> 
> If we use those APIs, I am again getting errors like the below.
> 
> /.\odlibPrf_OSSL.h(164) : error C2027: use of undefined type 'ssl_session_st'/
> 
> /    ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see
> declaration of 'ssl_session_st'/
> 
> /.\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key'
> must point to class/struct/union/

This at least looks like a syntax error.


> 
> /.\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st'/
> 
> /    ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see
> declaration of 'ssl_st'/
> 
> /.\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point to
> class/struct/union/
> 
> /.\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must point to
> class/struct/union/

These suggest you're still trying to direct access structure members.


> 
> /.\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st'/


Please show us the source code for the lines these error message correspond to.

Matt

> 
>  
> 
> Can you help me to get the corresponding accessor functions for these 2 
> structures.
> 
>  
> 
> Thanks and regards,
> 
> Nagalakshmi
> 
>  
> 
> -Original Message-
> From: Nagalakshmi V J 
> Sent: Tuesday, October 1, 2019 6:33 PM
> To: Dr. Matthias St. Pierre ; Nagalakshmi V J
> 
> Cc: openssl-users@openssl.org; Umamaheswari Nagarajan
> 
> Subject: RE: OpenSSL compilation errors in Windows
> 
>  
> 
> Thank you Matthias for the explanation. I am going through my code to 
> understand
> why ssl_locl.h is included. I will check and get back on this ASAP. Also if
> there is other way to achieve that I will use the same.
> 
>  
> 
> Thanks and regards,
> 
> Nagalakshmi
> 
>  
> 
> -Original Message-
> 
> From: Dr. Matthias St. Pierre  >
> 
> Sent: Tuesday, October 1, 2019 4:43 PM
> 
> To: Nagalakshmi V J  >
> 
> Cc: openssl-users@openssl.org ; Umamaheswari
> Nagarajan  >
> 
> Subject: AW: OpenSSL compilation errors in Windows
> 
>  
> 
> ** This mail has been sent from an external source **
> 
>  
> 
>  
> 
>> We are using OpenSSL APIs in our product code. We are not making any changes
> in OpenSSL.
> 
>> Our product code is a C++ code and it makes use of openSSL APIs for some
> functionality.
> 
>  
> 
> Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the
> official OpenSSL API.
> 
> Please don't expect any support w.r.t. compilation or compatibility problems 
> if
> you do include them in your application, even more if it's compiled using a 
> C++
> compiler.
> 
>  
> 
> It would be more helpful if you would tell us *why* you are including 
> ssl_locl.h
> and what you are trying to achieve. Then we might be able to tell you how you
> could achieve your goal using the officially supported API.
> 
>  
> 
> Please note that many of the OpenSSL structures were made opaque in version
> 1.1.0. This means that there are only forward declarations of the structures 
> in
> the public headers and the compiler does not get to  see the structure 
> members.
> Instead of directly accessing the members, it is now necessary to use accessor
> functions (a.k.a. getters and setters). If this is the reason why you are
> including private OpenSSL headers then you should adopt you application to use
> the new accessors instead, instead of forcing the impossible to circumvent the
> new policy.
> 
>  
> 
> For more information, see
> 
>  
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.openssl.org_index.php_OpenSSL-5F1.1.0-5FChanges&d=DwIGaQ&c=cxWN2QSDopt5SklNfbjIjg&r=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5at

Re: error 114

2019-10-03 Thread Jakob Bohm via openssl-users 

On 03/10/2019 14:32, russellb...@gmail.com wrote:

fetchmail fails when openssl reports an error 114 (I think)

stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
read(4, "-BEGIN CERTIFICATE-\nMIID"..., 4096) = 1354
read(4, "", 4096)   = 0
close(4)= 0
stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No such file or 
directory)
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate chain, fr"..., 70) = 70
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate at depth "..., 35) = 35
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Server certificate:\n", 31) = 31
write(1, "fetchmail: Issuer Organization: "..., 54) = 54
write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
write(1, "fetchmail: Subject Alternative N"..., 51) = 51
write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
write(3, "\25\3\3\0\2\2P", 7)   = 7
write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114


What is an error 114?  Why does openssl look for
/etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

Linux kernel 5.3.2, Slackware latest, fetchmail 6.4.1, OpenSSL 1.1.1d  
10 Sep 2019


This looks like the output of running strace on fetchmail.

114 in the last line is just the number of characters in the error
message printed by fetchmail, the first 33 of those 114 characters
are "fetchmail: OpenSSL reported: err", the remaining 81 are not
shown above.

The hashed name ending in ".1" is OpenSSL looking to see if you
have more than one cert with the hash value 4a6481c9, which does
happen for some users.  If you had such a second cert, OpenSSL
wouldalso load 4a6481c9.2, then 4a6481c9.3 and so on until it
reaches a name you don't have.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

error 114

2019-10-03 Thread russellbell 
fetchmail fails when openssl reports an error 114 (I think)

stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
read(4, "-BEGIN CERTIFICATE-\nMIID"..., 4096) = 1354
read(4, "", 4096)   = 0
close(4)= 0
stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No such file or 
directory)
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate chain, fr"..., 70) = 70
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate at depth "..., 35) = 35
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Server certificate:\n", 31) = 31
write(1, "fetchmail: Issuer Organization: "..., 54) = 54
write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
write(1, "fetchmail: Subject Alternative N"..., 51) = 51
write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
write(3, "\25\3\3\0\2\2P", 7)   = 7
write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114


What is an error 114?  Why does openssl look for
/etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

Linux kernel 5.3.2, Slackware latest, fetchmail 6.4.1, OpenSSL 1.1.1d  
10 Sep 2019


russell bell

RE: OpenSSL compilation errors in Windows

2019-10-03 Thread Nagalakshmi V J 
Hi Matthias,



Please find my response for your queries below.



It would be more helpful if you would tell us *why* you are including 
ssl_locl.h and what you are trying to achieve. Then we might be able to tell 
you how you could achieve your goal using the officially supported API.

[Nagalakshmi]:

In our product code, we are using the structures 'ssl_st'  and 'ssl_session_st' 
which were defined in ssl.h file in Openssl 1.0.2.j version.

Since the structure definitions are made opaque in openssl 1.1.1c, we used 
ssl_locl.h where the structure definitions are available.



Please note that many of the OpenSSL structures were made opaque in version 
1.1.0. This means that there are only forward declarations of the structures in 
the public headers and the compiler does not get to  see the structure members. 
Instead of directly accessing the members, it is now necessary to use accessor 
functions (a.k.a. getters and setters).

[Nagalakshmi]:

Regarding usage of accessor functions, I got the following APIs.

SSL_get_session(s)

SSL_SESSION_get_master_key().



If we use those APIs, I am again getting errors like the below.

.\odlibPrf_OSSL.h(164) : error C2027: use of undefined type 'ssl_session_st'

..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see 
declaration of 'ssl_session_st'

.\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key' 
must point to class/struct/union

.\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st'

..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see 
declaration of 'ssl_st'

.\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point to 
class/struct/union

.\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must point to 
class/struct/union

.\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st'



Can you help me to get the corresponding accessor functions for these 2 
structures.



Thanks and regards,

Nagalakshmi



-Original Message-
From: Nagalakshmi V J 
Sent: Tuesday, October 1, 2019 6:33 PM
To: Dr. Matthias St. Pierre ; Nagalakshmi V J 

Cc: openssl-users@openssl.org; Umamaheswari Nagarajan 

Subject: RE: OpenSSL compilation errors in Windows



Thank you Matthias for the explanation. I am going through my code to 
understand why ssl_locl.h is included. I will check and get back on this ASAP. 
Also if there is other way to achieve that I will use the same.



Thanks and regards,

Nagalakshmi



-Original Message-

From: Dr. Matthias St. Pierre 
mailto:matthias.st.pie...@ncp-e.com>>

Sent: Tuesday, October 1, 2019 4:43 PM

To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>

Cc: openssl-users@openssl.org; Umamaheswari 
Nagarajan 
mailto:umamaheswari.nagara...@altran.com>>

Subject: AW: OpenSSL compilation errors in Windows



** This mail has been sent from an external source **





> We are using OpenSSL APIs in our product code. We are not making any changes 
> in OpenSSL.

> Our product code is a C++ code and it makes use of openSSL APIs for some 
> functionality.



Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the 
official OpenSSL API.

Please don't expect any support w.r.t. compilation or compatibility problems if 
you do include them in your application, even more if it's compiled using a C++ 
compiler.



It would be more helpful if you would tell us *why* you are including 
ssl_locl.h and what you are trying to achieve. Then we might be able to tell 
you how you could achieve your goal using the officially supported API.



Please note that many of the OpenSSL structures were made opaque in version 
1.1.0. This means that there are only forward declarations of the structures in 
the public headers and the compiler does not get to  see the structure members. 
Instead of directly accessing the members, it is now necessary to use accessor 
functions (a.k.a. getters and setters). If this is the reason why you are 
including private OpenSSL headers then you should adopt you application to use 
the new accessors instead, instead of forcing the impossible to circumvent the 
new policy.



For more information, see



https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.openssl.org_index.php_OpenSSL-5F1.1.0-5FChanges&d=DwIGaQ&c=cxWN2QSDopt5SklNfbjIjg&r=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA&m=wpEV8Q2RDZjERhtJGZl9HajV9jd2dJFF10J30_YrPQo&s=sX1YilJaXloAQDzrjD3Lz-I6DOej3QduhsAanXOYxVM&e=



Matthias











Dr. Matthias St. Pierre

Senior Software Engineer

matthias.st.pie...@ncp-e.com

Phone: +49 911 9968-0

www.ncp-e.com



Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • 
Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • 
Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland 
Str., Suite 501-25 • Clearwater, FL 33755



Authorized representati

OPENSSL IS NOT GENERATING RESPONSE

2019-10-03 Thread shiva kumar 
HI,
when I run the following command the response is not generated
*util/shlib_wrap.sh apps/openssl  ts -config test/CAtsa.cnf -reply -section
tsa_config1 -queryfile req1.tsq  -out resp1.tsr*

output
>>Using configuration from test/CAtsa.cnf
>>Response is not generated.

though I have run and generated the file request file req1.tsq
can anyone let me know why I'm getting this error?


-- 
*With Best Regards*
*Shivakumar S*