Need a .gitignore fix on master

2019-10-18 Thread Salz, Rich via openssl-users 

>; git status
>On branch master
>Your branch is up-to-date with 'origin/master'.
>Untracked files:
>  (use "git add ..." to include in what will be committed)
>
>include/openssl/opensslv.h
>
>nothing added to commit but untracked files present (use "git add" to
>track)
>;

Re: OpenSSL compilation errors in Windows

2019-10-18 Thread Matt Caswell 



On 18/10/2019 11:49, Nagalakshmi V J wrote:
> Now the issue is SSL_session structure is also having accessor APIs
> which I am not aware of. So I need to get the APIs for accessing the
> master_key_length,etc.. given in the above code. Those are not listed
> in the openssl link referred.

On this page look a the various functions beginning with "SSL_SESSION_"
in the name:

https://www.openssl.org/docs/man1.1.1/man3/

>From the code sample you gave you are probably mostly interested in the
functions on this page:

https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_master_key.html

Matt

RE: OpenSSL compilation errors in Windows

2019-10-18 Thread Nagalakshmi V J 
Hi Matt,

Sorry I missed your reply as all the conversations are jumbled in that mail.

Please find the sample code snippet. This is a small part.  Like the below 
sample, we are using SSL and SSL_SESSION structures in many places.

struct PRF_GENERATOR
{
unsigned char master_secret[48];
unsigned char server_random[32];
unsigned char client_random[32];
};


int functionA(SSL* s, PRF_GENERATOR* pGenerator)
{

if( s->session->master_key_length != sizeof(pGenerator->master_secret) )
return -1;
memcpy(pGenerator->master_secret, s->session->master_key, 
sizeof(pGenerator->master_secret));
memcpy(pGenerator->server_random, s->s3->server_random, 
sizeof(pGenerator->server_random));
memcpy(pGenerator->client_random, s->s3->client_random, 
sizeof(pGenerator->client_random));
return 0;
}

In the above function, they are accessing the session from SSL structure as 
s->session (using openssl 1.0.2j). We cannot access like this 1.1.1c. So we 
need to use the accessor API which is SSL_get_session(s).
Referred this link (https://www.openssl.org/docs/man1.1.0/man7/ssl.html)

Now the issue is SSL_session structure is also having accessor APIs which I am 
not aware of. So I need to get the APIs for accessing the 
master_key_length,etc.. given in the above code. Those are not listed in the 
openssl link referred.

It would be helpful if I can get to know about the accessor APIs. If you know 
any documentation link which talks about accessor APIs or any files where all 
these details are there, you can refer me that.

Kindly let me know if you have any queries with respect to this sample code.

Thanks and regards,
Nagalakshmi

-Original Message-
From: openssl-users  On Behalf Of Matt 
Caswell
Sent: Thursday, October 3, 2019 6:51 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows

** This mail has been sent from an external source **


On 03/10/2019 11:10, Nagalakshmi V J wrote:
> Hi Matthias,
>
>
>
> Please find my response for your queries below.
>
>
>
> It would be more helpful if you would tell us *why* you are including
> ssl_locl.h and what you are trying to achieve. Then we might be able
> to tell you how you could achieve your goal using the officially supported 
> API.
>
> [Nagalakshmi]:
>
> In our product code, we are using the structures 'ssl_st'  and 
> 'ssl_session_st'
> which were defined in ssl.h file in Openssl 1.0.2.j version.
>
> Since the structure definitions are made opaque in openssl 1.1.1c, we
> used ssl_locl.h where the structure definitions are available.
>
>
>
> Please note that many of the OpenSSL structures were made opaque in
> version 1.1.0. This means that there are only forward declarations of
> the structures in the public headers and the compiler does not get to  see 
> the structure members.
> Instead of directly accessing the members, it is now necessary to use
> accessor functions (a.k.a. getters and setters).
>
> [Nagalakshmi]:
>
> Regarding usage of accessor functions, I got the following APIs.
>
> SSL_get_session(s)
>
> SSL_SESSION_get_master_key().
>
>
>
> If we use those APIs, I am again getting errors like the below.
>
> /.\odlibPrf_OSSL.h(164) : error C2027: use of undefined type
> 'ssl_session_st'/
>
> /..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see
> declaration of 'ssl_session_st'/
>
> /.\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key'
> must point to class/struct/union/

This at least looks like a syntax error.


>
> /.\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st'/
>
> /..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see
> declaration of 'ssl_st'/
>
> /.\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point
> to class/struct/union/
>
> /.\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must
> point to class/struct/union/

These suggest you're still trying to direct access structure members.


>
> /.\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st'/


Please show us the source code for the lines these error message correspond to.

Matt

>
>
>
> Can you help me to get the corresponding accessor functions for these 2 
> structures.
>
>
>
> Thanks and regards,
>
> Nagalakshmi
>
>
>
> -Original Message-
> From: Nagalakshmi V J 
> Sent: Tuesday, October 1, 2019 6:33 PM
> To: Dr. Matthias St. Pierre ;
> Nagalakshmi V J 
> Cc: openssl-users@openssl.org; Umamaheswari Nagarajan
> 
> Subject: RE: OpenSSL compilation errors in Windows
>
>
>
> Thank you Matthias for the explanation. I am going through my code to
> understand why ssl_locl.h is included. I will check and get back on
> this ASAP. Also if there is other way to achieve that I will use the same.
>
>
>
> Thanks and regards,
>
> Nagalakshmi
>
>
>
> -Original Message-
>
> From: Dr. Matthias St. Pierre  >
>
> Sent: Tuesday, October 1, 2019 4:43 PM
>
> To: Nagalakshmi V

Re: Compute EC_KEY starting from X or Y coordinate only

2019-10-18 Thread Luca Di Mauro 

Thank you very much for the reply!
Yes, I have also the additional information about on which of two  
solutions I should take.


I'll check the guides you linked below.

Luca Di Mauro

Nicola Tuveri  ha scritto:


Hi,

with traditional EC from the x coordinate alone you can't really do that,
because there are always 2 possible solutions for y (in R the curve is
symmetrical on the x axis).

The standards define a "compressed point" format in which you can send the
coordinate x and an additional bit to select which of the 2 y solutions to
pick.

You can read more about it in EC_GROUP_set_point_conversion_form at
https://www.openssl.org/docs/man1.1.1/man3/EC_GROUP_copy.html

and in EC_POINT_set_compressed_coordinates at
https://www.openssl.org/docs/man1.1.1/man3/EC_POINT_new.html

Hope this helps,

Nicola Tuveri


On Fri, Oct 18, 2019, 11:31 Luca Di Mauro  wrote:



Hello all,

I don't know if it is the correct mailing list to ask this, so I'm
sorry if it is the wrong palce.

I'm using openssl v1.1, and I'm trying to compute both the X and Y
coordinates of an elliptic curve point starting from a single
coordinate (X or Y).

How can i perform that in C/C++ language using libssl? I searched on
google for a couple of days but i haven't found a solution.

Luca Di Mauro

Re: Compute EC_KEY starting from X or Y coordinate only

2019-10-18 Thread Nicola Tuveri 
Hi,

with traditional EC from the x coordinate alone you can't really do that,
because there are always 2 possible solutions for y (in R the curve is
symmetrical on the x axis).

The standards define a "compressed point" format in which you can send the
coordinate x and an additional bit to select which of the 2 y solutions to
pick.

You can read more about it in EC_GROUP_set_point_conversion_form at
https://www.openssl.org/docs/man1.1.1/man3/EC_GROUP_copy.html

and in EC_POINT_set_compressed_coordinates at
https://www.openssl.org/docs/man1.1.1/man3/EC_POINT_new.html

Hope this helps,

Nicola Tuveri


On Fri, Oct 18, 2019, 11:31 Luca Di Mauro  wrote:

>
> Hello all,
>
> I don't know if it is the correct mailing list to ask this, so I'm
> sorry if it is the wrong palce.
>
> I'm using openssl v1.1, and I'm trying to compute both the X and Y
> coordinates of an elliptic curve point starting from a single
> coordinate (X or Y).
>
> How can i perform that in C/C++ language using libssl? I searched on
> google for a couple of days but i haven't found a solution.
>
> Luca Di Mauro
>
>
>

Compute EC_KEY starting from X or Y coordinate only

2019-10-18 Thread Luca Di Mauro 



Hello all,

I don't know if it is the correct mailing list to ask this, so I'm  
sorry if it is the wrong palce.


I'm using openssl v1.1, and I'm trying to compute both the X and Y  
coordinates of an elliptic curve point starting from a single  
coordinate (X or Y).


How can i perform that in C/C++ language using libssl? I searched on  
google for a couple of days but i haven't found a solution.


Luca Di Mauro

RE: Base64 or Base64url

2019-10-18 Thread Benjamin ENTE 
Thank you for your answer.

I know, my version is old and I need to update (and I will). It's installed on 
IBM AIX server.

I was not precise enough in my question, I need to have base64url natively 
supported for a certification purpose.

I'm using openssl in some bash scripts, I can easily replace characters to 
bypass the problem of / and + but I don't think I will be authorized to do so.

Is there any other options ?

Best regards




[http://www.cromology.com/mail/cromology-it.gif]

Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
benjamin.e...@cromology.com
www.cromology.com

Merci de penser à l'environnement avant d'imprimer ce message.



De : Dr. Matthias St. Pierre 
Envoyé : vendredi 18 octobre 2019 09:10
À : Benjamin ENTE ; openssl-users@openssl.org 

Objet : AW: Base64 or Base64url


Just noticed your OpenSSL version: it is _very_ old and not supported anymore.

its successor, OpenSSL 1.0.2, will be EOL by the end of this year.

The current stable LTS version is OpenSSL 1.1.1.



Matthias





[NCP engingeering GmbH] Dr. Matthias St. Pierre

Senior Software Engineer
matthias.st.pie...@ncp-e.com
Phone: +49 911 9968-0
www.ncp-e.com

Follow us on: Facebook | 
Twitter | 
Xing | 
YouTube | 
LinkedIn

Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • 
Nuremberg
North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085
East Coast Office: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • 
Clearwater, FL 33755

Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich
Registry Court: Lower District Court of Nuremberg
Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 
133557619

This e-mail message including any attachments is for the sole use of the 
intended recipient(s) and may contain privileged or confidential information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please immediately contact the sender by reply 
e-mail and delete the original message and destroy all copies thereof.



Von: openssl-users  Im Auftrag von Benjamin 
ENTE
Gesendet: Freitag, 18. Oktober 2019 08:51
An: openssl-users@openssl.org
Betreff: Base64 or Base64url



Hi everyone



I'm looking for an information I can't find.

I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in 
base64 or in base64url.

Thank you in advance for your help

Best regards



Benjamin





[http://www.cromology.com/mail/cromology-it.gif]

Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
benjamin.e...@cromology.com
www.cromology.com

Merci de penser à l'environnement avant d'imprimer ce message.

AW: Base64 or Base64url

2019-10-18 Thread Dr. Matthias St. Pierre 
P.S: My answer to your original question applies to 1.0.1 as well:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/doc/crypto/EVP_EncodeInit.pod


Von: openssl-users  Im Auftrag von Dr. 
Matthias St. Pierre
Gesendet: Freitag, 18. Oktober 2019 09:10
An: Benjamin ENTE ; openssl-users@openssl.org
Betreff: AW: Base64 or Base64url

Just noticed your OpenSSL version: it is _very_ old and not supported anymore.
its successor, OpenSSL 1.0.2, will be EOL by the end of this year.
The current stable LTS version is OpenSSL 1.1.1.

Matthias

Von: openssl-users 
mailto:openssl-users-boun...@openssl.org>> 
Im Auftrag von Benjamin ENTE
Gesendet: Freitag, 18. Oktober 2019 08:51
An: openssl-users@openssl.org
Betreff: Base64 or Base64url

Hi everyone

I'm looking for an information I can't find.

I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in 
base64 or in base64url.

Thank you in advance for your help

Best regards

Benjamin


[http://www.cromology.com/mail/cromology-it.gif]


Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
benjamin.e...@cromology.com
www.cromology.com

Merci de penser à l'environnement avant d'imprimer ce message.

AW: Base64 or Base64url

2019-10-18 Thread Dr. Matthias St. Pierre 
Just noticed your OpenSSL version: it is _very_ old and not supported anymore.
its successor, OpenSSL 1.0.2, will be EOL by the end of this year.
The current stable LTS version is OpenSSL 1.1.1.

Matthias

Von: openssl-users  Im Auftrag von Benjamin 
ENTE
Gesendet: Freitag, 18. Oktober 2019 08:51
An: openssl-users@openssl.org
Betreff: Base64 or Base64url

Hi everyone

I'm looking for an information I can't find.

I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in 
base64 or in base64url.

Thank you in advance for your help

Best regards

Benjamin


[http://www.cromology.com/mail/cromology-it.gif]


Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
benjamin.e...@cromology.com
www.cromology.com

Merci de penser à l'environnement avant d'imprimer ce message.

AW: Base64 or Base64url

2019-10-18 Thread Dr. Matthias St. Pierre 
OpenSSL is using regular base64 encoding, see for example
https://www.openssl.org/docs/man1.1.1/man3/EVP_EncodeInit.html

But if you need base64url encoding, no problem: a simple string replace will 
help.
https://brockallen.com/2014/10/17/base64url-encoding/

Regards,
Matthias


Von: openssl-users  Im Auftrag von Benjamin 
ENTE
Gesendet: Freitag, 18. Oktober 2019 08:51
An: openssl-users@openssl.org
Betreff: Base64 or Base64url

Hi everyone

I'm looking for an information I can't find.

I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in 
base64 or in base64url.

Thank you in advance for your help

Best regards

Benjamin



Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
mailto:%22benjamin.e...@cromology.com%22 
http://www.cromology.com/
Merci de penser à l'environnement avant d'imprimer ce message.

Base64 or Base64url

2019-10-18 Thread Benjamin ENTE 
Hi everyone

I'm looking for an information I can't find.

I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in 
base64 or in base64url.

Thank you in advance for your help

Best regards

Benjamin



[http://www.cromology.com/mail/cromology-it.gif]

Benjamin ENTE
Ingénieur système et BDD
Services Infrastructure
71, Bd du Général Leclerc - 92583 Clichy cedex
Tel. +33(0)175338276 | Mobile. +33(0)678003942
benjamin.e...@cromology.com
www.cromology.com

Merci de penser à l'environnement avant d'imprimer ce message.