Re: OPenssl 3 Beta 1

2021-07-02 Thread The Doctor 
On Fri, Jul 02, 2021 at 04:12:29PM +0200, Tomas Mraz wrote:
> On Fri, 2021-07-02 at 07:53 -0600, The Doctor wrote:
> > So far working better with openssh 8.6 .
> > 
> > Ruby 2.7 and rust is of concern.
> 
> Language bindings are expected to require some minor changes to be able
> to properly work with OpenSSL 3.0. Hopefully the maintainers of these
> language bindings follow the alpha/beta releases and are working on
> fixes.
>

Hopefully they are doing it now!

> -- 
> Tom Mr??z
> No matter how far down the wrong road you've gone, turn back.
>   Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
> 
> 

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b  
Muscle, brain, will... all must be exercised if they will be strong.  -unknown 
Beware https://mindspring.com

OPenssl 3 Beta 1

2021-07-02 Thread The Doctor 


So far working better with openssh 8.6 .

Ruby 2.7 and rust is of concern.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b  
Muscle, brain, will... all must be exercised if they will be strong.  -unknown 
Beware https://mindspring.com

Re: CNG engine on GitHub

2021-07-02 Thread Selva Nair 
Hi

>
>>
>> This is great, but limiting RSA signature to  RSA-PKCS#1 v 1.5 is a major
>> limitation. It doesn't have to be that way as the OpenSSL engine interface
>> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
>>
>
> Yes I agree the lack of support for RSA-PSS is significant. There is a
> discussion (which includes you, I see ) around the root cause of that here:
> https://github.com/openssl/openssl/issues/7341 , among other places.
>

That discussion is valid only if you insist on using "legacy" rsa_sign or
other rsa_priv_dec  which have no mechanism for providing context info like
padding and hash type.


> It is not clear to me what you mean with "the OpenSSL engine interface
> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.".
> Can you elaborate (here or on the GitHub issue)?
>

To add to what Matt wrote:

As an example, see my PR for pkcs11-helper:
https://github.com/OpenSC/pkcs11-helper/pull/31  This uses a dummy engine
and passes the singing operation to the pkcs11 device, but the idea is the
same.

Selva

>

Re: CNG engine on GitHub

2021-07-02 Thread Matt Caswell 




On 02/07/2021 16:33, Matt Caswell wrote:

via the RSA_PKEY_METHOD


I meant RSA EVP_PKEY_METHOD.

Matt

Re: CNG engine on GitHub

2021-07-02 Thread Matt Caswell 




On 02/07/2021 16:18, Reinier Torenbeek wrote:
It is not clear to me what you mean with "the OpenSSL engine interface 
does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec 
etc.". Can you elaborate (here or on the GitHub issue)?


You can hook the RSA calls at different abstraction levels. You can 
provide a custom RSA_METHOD in an enigne, which means calls to the 
various RSA_*() functions go via the custom RSA_METHOD.


However these RSA_*() functions are considered the "low level" 
functions, and it is preferred that applications use the "high level" 
EVP API instead (in fact the "low level" functions are all deprecated in 
3.0). RSA PSS padding is *only* available via the EVP API.


Algorithm specific EVP functionality is implemented via an 
EVP_PKEY_METHOD. The built-in RSA EVP_PKEY_METHOD mostly just calls the 
low level RSA_*() functions in the right places. However it implements 
PSS padding directly. Since padding has already been added via the 
RSA_PKEY_METHOD, when it actually calls the lower level RSA_*() 
functions it does so with RSA_NO_PADDING. So this means that the 
RSA_METHOD has no opportunity to influence the PSS padding.


However, an alternative is to implement a custom EVP_PKEY_METHOD. By 
doing this you get the opportunity to hook the PSS padding.


Not sure I explained that too well. I hope it makes sense.

Matt

Re: CNG engine on GitHub

2021-07-02 Thread Reinier Torenbeek 
Hi Selva,

On Fri, Jul 2, 2021 at 10:49 AM Selva Nair  wrote:

> Hi,
>
> On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
> reinier.torenb...@gmail.com> wrote:
>
>> Hi,
>>
>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
>> may want to check out this new OpenSSL CNG Engine project on GitHub:
>> https://github.com/rticommunity/openssl-cng-engine . The associated
>> User's Manual is on ReadTheDocs:
>> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
>>
>> The project implements the majority of the EVP interface, to leverage the
>> BCrypt crypto implementations, as well as a subset of the STORE interface,
>> for integration with the Windows Certificate and Keystore(s), via the
>> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
>> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
>>
>> Any feedback is welcome, please send it to me or open an issue on GitHub.
>>
>
> This is great, but limiting RSA signature to  RSA-PKCS#1 v 1.5 is a major
> limitation. It doesn't have to be that way as the OpenSSL engine interface
> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
>

Yes I agree the lack of support for RSA-PSS is significant. There is a
discussion (which includes you, I see ) around the root cause of that here:
https://github.com/openssl/openssl/issues/7341 , among other places.

It is not clear to me what you mean with "the OpenSSL engine interface does
allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". Can
you elaborate (here or on the GitHub issue)?

Thanks,
Reinier


> Selva
>
>>

Re: Need help in removing secp521r1 from openssl-1.1.1g and adding TLS_GREASE_BA cipher.

2021-07-02 Thread Matt Caswell 




On 02/07/2021 14:02, vinod mg wrote:
--> Is there a way I can compile openssl itself to exclude 'secp521r1' 
and install? The reason I ask is because application I am testing is 
squid(squid-cache.org ) for ssl bumping purposes 
and it has limited configurability.


Only by disabling *all* ec groups (via the "no-ec" configure option) but 
that is no solution at all really. I would not recommend that!


You might try starting squid with the OPENSSL_CONF environment variable 
pointing to a custom OpenSSL config file. Assuming squid doesn't 
suppress loading the config file then you can do the same thing as 
SSL_CTX_set1_groups_list via the "Groups" SSL_CONF setting. See the info 
here on configuring OpenSSL SSL/TLS settings via config file (see the 
section "SSL Configuration Module"):


https://www.openssl.org/docs/man1.1.1/man5/config.html

And see the documentation on "Groups" on this page:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html

Matt



Thanks,
Vinod


On Fri, Jul 2, 2021 at 4:32 PM Matt Caswell > wrote:




On 01/07/2021 07:21, vinod mg wrote:
 >     1) Supress or a way to remove secp521r1 from the currenlty
installed
 >     openssl.

You can specify the list of groups by calling SSL_CTX_set1_groups_list
(or SSL_set1_groups_list) from your application. See:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html


 >     2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we
see in
 >     chrome.

This is not a real cipher. It does nothing and is always ignored.
OpenSSL does not support sending this value.

Matt


 >
 >     I am ok with custom install as well, if above cannot be done with
 >     already installed openssl package. Please share any wiki I can
 >     follow to impliment the same.
 >
 >     ~]# openssl ecparam -list_curves
 >
 >     secp224r1 : NIST/SECG curve over a 224 bit prime field
 >
 >     secp256k1 : SECG curve over a 256 bit prime field
 >
 >     secp384r1 : NIST/SECG curve over a 384 bit prime field
 >
 >     /secp521r1 : NIST/SECG curve over a 521 bit prime field/
 >
 >     prime256v1: X9.62/SECG curve over a 256 bit prime field
 >
 >
 >     I am using below OS and version-
 >
 >     # cat /etc/redhat-release
 >
 >     Red Hat Enterprise Linux release 8.3 (Ootpa)
 >
 >
 >     # opensslversion -a
 >
 >     OpenSSL 1.1.1g FIPS21 Apr 2020
 >
 >     built on: Thu Mar 25 16:46:53 2021 UTC
 >
 >     platform: linux-x86_64
 >
 >     options:bn(64,64) md2(char) rc4(16x,int) des(int) idea(int)
 >     blowfish(ptr)
 >
 >     compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
-O2 -g
 >     -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
 >     -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong
 >     -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
 >     -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
 >     -fasynchronous-unwind-tables -fstack-clash-protection
 >     -fcf-protection -Wa,--noexecstack
 >     -Wa,--generate-missing-build-notes=yes
 >     -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-DOPENSSL_USE_NODELETE
 >     -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
 >     -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m
 >     -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM
 >     -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
 >     -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY
 >     -DDEVRANDOM="\"/dev/urandom\""
 >   
  -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"

 >
 >     OPENSSLDIR: "/etc/pki/tls"
 >
 >     ENGINESDIR: "/usr/lib64/engines-1.1"
 >
 >     Seeding source: os-specific
 >
 >     engines:rdrand dynamic
 >
 >
 >     Really appriciate your time and help, thanks in advance.
 >
 >     Thanks,
 >     Vinod
 >

Re: OPenssl 3 Beta 1

2021-07-02 Thread Tomas Mraz 
On Fri, 2021-07-02 at 07:53 -0600, The Doctor wrote:
> So far working better with openssh 8.6 .
> 
> Ruby 2.7 and rust is of concern.

Language bindings are expected to require some minor changes to be able
to properly work with OpenSSL 3.0. Hopefully the maintainers of these
language bindings follow the alpha/beta releases and are working on
fixes.

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

Re: CNG engine on GitHub

2021-07-02 Thread Reinier Torenbeek 
Hi Richard,

Glad you like it. The cert: scheme is a little inconvenient and I do not
know how extensively it is used in practice. But it seemed appropriate to
leverage it since it was around already and seemed to fit the bill.

Microsoft's documentation is not too extensive, but for anybody interested,
here is a starting point:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/about/about_certificate_provider?view=powershell-7.1

Best regards,
Reinier

On Fri, Jul 2, 2021 at 9:03 AM Richard Levitte  wrote:

> This is cool!
>
> I had some kind of skeleton of a start to make something similar, but
> time was never on my side.  I'm really glad to see this got picked up!
>
> This also answered a question I never got the answer for, what scheme
> to use for the STORE.  I know next to nothing about PowerShell, so
> hadn't discovered the 'cert:' "scheme".  That answers quite a lot :-)
>
> Time for me to throw away my skeleton then ;-)
>
> Cheers,
> Richard
>
> On Thu, 01 Jul 2021 19:49:00 +0200,
> Reinier Torenbeek wrote:
> >
> > Hi,
> >
> > For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this
> > new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine . The
> > associated User's Manual is on ReadTheDocs:
> > https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
> >
> > The project implements the majority of the EVP interface, to leverage
> the BCrypt crypto
> > implementations, as well as a subset of the STORE interface, for
> integration with the
> > Windows Certificate and Keystore(s), via the NCrypt and Cert APIs. It
> has been tested with 1.1.1k
> > on Windows 10, with Visual Studio 2017 and 2019. It is released under
> the Apache-2.0 license.
> >
> > Any feedback is welcome, please send it to me or open an issue on GitHub.
> >
> > Best regards,
> > Reinier
> >
> >
> --
> Richard Levitte levi...@openssl.org
> OpenSSL Project http://www.openssl.org/~levitte/
>

Re: CNG engine on GitHub

2021-07-02 Thread Selva Nair 
Hi,

On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
reinier.torenb...@gmail.com> wrote:

> Hi,
>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine . The associated
> User's Manual is on ReadTheDocs:
> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
>
> The project implements the majority of the EVP interface, to leverage the
> BCrypt crypto implementations, as well as a subset of the STORE interface,
> for integration with the Windows Certificate and Keystore(s), via the
> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
>
> Any feedback is welcome, please send it to me or open an issue on GitHub.
>

This is great, but limiting RSA signature to  RSA-PKCS#1 v 1.5 is a major
limitation. It doesn't have to be that way as the OpenSSL engine interface
does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.

Selva

>

Re: Need help in removing secp521r1 from openssl-1.1.1g and adding TLS_GREASE_BA cipher.

2021-07-02 Thread vinod mg 
Hi Matt,

Thanks for response.

> 1) Supress or a way to remove secp521r1 from the currenlty installed
> openssl.

You can specify the list of groups by calling SSL_CTX_set1_groups_list
(or SSL_set1_groups_list) from your application. See:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html

--> Is there a way I can compile openssl itself to exclude 'secp521r1' and
install? The reason I ask is because application I am testing is squid(
squid-cache.org) for ssl bumping purposes and it has limited configurability
.

Thanks,
Vinod


On Fri, Jul 2, 2021 at 4:32 PM Matt Caswell  wrote:

>
>
> On 01/07/2021 07:21, vinod mg wrote:
> > 1) Supress or a way to remove secp521r1 from the currenlty installed
> > openssl.
>
> You can specify the list of groups by calling SSL_CTX_set1_groups_list
> (or SSL_set1_groups_list) from your application. See:
>
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html
>
> > 2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we see in
> > chrome.
>
> This is not a real cipher. It does nothing and is always ignored.
> OpenSSL does not support sending this value.
>
> Matt
>
>
> >
> > I am ok with custom install as well, if above cannot be done with
> > already installed openssl package. Please share any wiki I can
> > follow to impliment the same.
> >
> > ~]# openssl ecparam -list_curves
> >
> > secp224r1 : NIST/SECG curve over a 224 bit prime field
> >
> > secp256k1 : SECG curve over a 256 bit prime field
> >
> > secp384r1 : NIST/SECG curve over a 384 bit prime field
> >
> > /secp521r1 : NIST/SECG curve over a 521 bit prime field/
> >
> > prime256v1: X9.62/SECG curve over a 256 bit prime field
> >
> >
> > I am using below OS and version-
> >
> > # cat /etc/redhat-release
> >
> > Red Hat Enterprise Linux release 8.3 (Ootpa)
> >
> >
> > # opensslversion -a
> >
> > OpenSSL 1.1.1g FIPS21 Apr 2020
> >
> > built on: Thu Mar 25 16:46:53 2021 UTC
> >
> > platform: linux-x86_64
> >
> > options:bn(64,64) md2(char) rc4(16x,int) des(int) idea(int)
> > blowfish(ptr)
> >
> > compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g
> > -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
> > -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong
> > -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> > -fasynchronous-unwind-tables -fstack-clash-protection
> > -fcf-protection -Wa,--noexecstack
> > -Wa,--generate-missing-build-notes=yes
> > -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE
> > -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
> > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
> > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM
> > -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> > -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY
> > -DDEVRANDOM="\"/dev/urandom\""
> > -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
> >
> > OPENSSLDIR: "/etc/pki/tls"
> >
> > ENGINESDIR: "/usr/lib64/engines-1.1"
> >
> > Seeding source: os-specific
> >
> > engines:rdrand dynamic
> >
> >
> > Really appriciate your time and help, thanks in advance.
> >
> > Thanks,
> > Vinod
> >
>

Re: OpenSSL CNG engine on GitHub

2021-07-02 Thread Reinier Torenbeek 
Hello David,

Thanks for checking this out and your positive feedback. I was not able to
find any substantial solution for this either. I do wonder why that is?
Possibly, Windows users are not as interested in a cross platform solution
like OpenSSL provides and they are fine with using the Windows APIs
directly -- that is just speculation though.

Best regards,
Reinier

On Fri, Jul 2, 2021 at 6:56 AM David von Oheimb  wrote:

> Hello Reinier,
>
> around five years back I was looking for such an implementation as an
> alternative to the rather limited CAPI engine, mostly because the C(rypto
> )API does not support ECC.
> The only thing I found at that time was
> https://mta.openssl.org/pipermail/openssl-dev/2016-June/007362.html and I
> do not know how it evolved since them.
> So I am very pleased to see that meanwhile there is a way of using core
> features of Windows CAPI Next Generation (CNG) from OpenSSL.
>
> Many thanks to RTI for providing this as open-source development under the
> Apache license.
> I currently do not have the time for a closer look or even trying it out,
> but this looks very good and well documented.
> In particular,
> https://openssl-cng-engine.readthedocs.io/en/latest/using/openssl_commands.html
> gives a nice example how to use the Windows cert & key store.
> Porting this to the new OpenSSL crypto provider interface will likely lift
> the limitation regarding RSA-PSS support, which lacks just due to the
> engine interface.
>
> Cheers,
>
> David
>
>
> On 01.07.21 19:49, Reinier Torenbeek wrote:
>
> Hi,
>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine . The associated
> User's Manual is on ReadTheDocs:
> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
>
> The project implements the majority of the EVP interface, to leverage the
> BCrypt crypto implementations, as well as a subset of the STORE interface,
> for integration with the Windows Certificate and Keystore(s), via the
> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.
>
> Any feedback is welcome, please send it to me or open an issue on GitHub.
>
> Best regards,
> Reinier
>
>

Re: CNG engine on GitHub

2021-07-02 Thread Reinier Torenbeek 
Thanks Matt.
>From your response, it seems that this would be a good moment to start
looking into the provider interface. I will check it out (and may get back
with questions after that...)
Reinier

On Fri, Jul 2, 2021 at 4:21 AM Matt Caswell  wrote:

>
>
> On 02/07/2021 04:25, Reinier Torenbeek wrote:
> > Hi Matt,
> >
> > I am aware of the deprecation of the engine interface with 3.0 but have
> not looked into the details of support providers yet. I  expect converting
> an engine to a support provider could be done with quite a bit of code
> reuse, correct? Would you say the interface and design of support providers
> is stable at this point?
>
> The engine and provider interfaces are quite different - but since the
> underlying operations are the same I imagine there will be quite a bit
> of reuse.
>
> Yes, we consider the provider interface to be stable now.
>
> Matt
>
>
> >
> > Thanks,
> > Reinier
> >
> >> On Jul 1, 2021, at 4:41 PM, Matt Caswell  wrote:
> >>
> >> Nice! Are there any thoughts to support providers? The engine
> interface is deprecated in 3.0.
> >>
> >> Matt
> >>
> >>
> >>> On 01/07/2021 18:49, Reinier Torenbeek wrote:
> >>> Hi,
> >>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1,
> you may want to check out this new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine <
> https://github.com/rticommunity/openssl-cng-engine> . The associated
> User's Manual is on ReadTheDocs:
> https://openssl-cng-engine.readthedocs.io/en/latest/index.html <
> https://openssl-cng-engine.readthedocs.io/en/latest/index.html> .
> >>> The project implements the majority of the EVP interface, to leverage
> the BCrypt crypto implementations, as well as a subset of the STORE
> interface, for integration with the Windows Certificate and Keystore(s),
> via the NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10,
> with Visual Studio 2017 and 2019. It is released under the Apache-2.0
> license.
> >>> Any feedback is welcome, please send it to me or open an issue on
> GitHub.
> >>> Best regards,
> >>> Reinier
> >
>

Re: CNG engine on GitHub

2021-07-02 Thread Richard Levitte 
This is cool!

I had some kind of skeleton of a start to make something similar, but
time was never on my side.  I'm really glad to see this got picked up!

This also answered a question I never got the answer for, what scheme
to use for the STORE.  I know next to nothing about PowerShell, so
hadn't discovered the 'cert:' "scheme".  That answers quite a lot :-)

Time for me to throw away my skeleton then ;-)

Cheers,
Richard

On Thu, 01 Jul 2021 19:49:00 +0200,
Reinier Torenbeek wrote:
> 
> Hi,
> 
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may 
> want to check out this
> new OpenSSL CNG Engine project on GitHub: 
> https://github.com/rticommunity/openssl-cng-engine . The
> associated User's Manual is on ReadTheDocs: 
> https://openssl-cng-engine.readthedocs.io/en/latest/index.html .
> 
> The project implements the majority of the EVP interface, to leverage the 
> BCrypt crypto
> implementations, as well as a subset of the STORE interface, for integration 
> with the
> Windows Certificate and Keystore(s), via the NCrypt and Cert APIs. It has 
> been tested with 1.1.1k
> on Windows 10, with Visual Studio 2017 and 2019. It is released under the 
> Apache-2.0 license.
> 
> Any feedback is welcome, please send it to me or open an issue on GitHub.
> 
> Best regards,
> Reinier
> 
> 
-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Re: Need help in removing secp521r1 from openssl-1.1.1g and adding TLS_GREASE_BA cipher.

2021-07-02 Thread Matt Caswell 




On 01/07/2021 07:21, vinod mg wrote:

1) Supress or a way to remove secp521r1 from the currenlty installed
openssl.


You can specify the list of groups by calling SSL_CTX_set1_groups_list 
(or SSL_set1_groups_list) from your application. See:


https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html


2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we see in
chrome.


This is not a real cipher. It does nothing and is always ignored. 
OpenSSL does not support sending this value.


Matt




I am ok with custom install as well, if above cannot be done with
already installed openssl package. Please share any wiki I can
follow to impliment the same.

~]# openssl ecparam -list_curves

secp224r1 : NIST/SECG curve over a 224 bit prime field

secp256k1 : SECG curve over a 256 bit prime field

secp384r1 : NIST/SECG curve over a 384 bit prime field

/secp521r1 : NIST/SECG curve over a 521 bit prime field/

prime256v1: X9.62/SECG curve over a 256 bit prime field


I am using below OS and version-

# cat /etc/redhat-release

Red Hat Enterprise Linux release 8.3 (Ootpa)


# opensslversion -a

OpenSSL 1.1.1g FIPS21 Apr 2020

built on: Thu Mar 25 16:46:53 2021 UTC

platform: linux-x86_64

options:bn(64,64) md2(char) rc4(16x,int) des(int) idea(int)
blowfish(ptr)

compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g
-pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong
-grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
-fasynchronous-unwind-tables -fstack-clash-protection
-fcf-protection -Wa,--noexecstack
-Wa,--generate-missing-build-notes=yes
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE
-DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM
-DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
-DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY
-DDEVRANDOM="\"/dev/urandom\""
-DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"

OPENSSLDIR: "/etc/pki/tls"

ENGINESDIR: "/usr/lib64/engines-1.1"

Seeding source: os-specific

engines:rdrand dynamic


Really appriciate your time and help, thanks in advance.

Thanks,
Vinod

Re: OpenSSL CNG engine on GitHub

2021-07-02 Thread David von Oheimb 
Hello Reinier,

around five years back I was looking for such an implementation as an
alternative to the rather limited CAPI engine, mostly because the
C(rypto )API does not support ECC.
The only thing I found at that time was
https://mta.openssl.org/pipermail/openssl-dev/2016-June/007362.html and
I do not know how it evolved since them.
So I am very pleased to see that meanwhile there is a way of using core
features of Windows CAPI Next Generation (CNG) from OpenSSL.

Many thanks to RTI for providing this as open-source development under
the Apache license.
I currently do not have the time for a closer look or even trying it
out, but this looks very good and well documented.
In particular,
https://openssl-cng-engine.readthedocs.io/en/latest/using/openssl_commands.html
gives a nice example how to use the Windows cert & key store.
Porting this to the new OpenSSL crypto provider interface will likely
lift the limitation regarding RSA-PSS support, which lacks just due to
the engine interface.

Cheers,

    David


On 01.07.21 19:49, Reinier Torenbeek wrote:
> Hi,
>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1,
> you may want to check out this new OpenSSL CNG Engine project on
> GitHub: https://github.com/rticommunity/openssl-cng-engine . The
> associated User's Manual is on
> ReadTheDocs: https://openssl-cng-engine.readthedocs.io/en/latest/index.html
> .
>
> The project implements the majority of the EVP interface, to leverage
> the BCrypt crypto implementations, as well as a subset of the STORE
> interface, for integration with the Windows Certificate and
> Keystore(s), via the NCrypt and Cert APIs. It has been tested with
> 1.1.1k on Windows 10, with Visual Studio 2017 and 2019. It is released
> under the Apache-2.0 license.
>
> Any feedback is welcome, please send it to me or open an issue on GitHub.
>
> Best regards,
> Reinier

Re: How to simulate "TLS 1.3 Session Resumption" through OpenSSL tools?

2021-07-02 Thread Matt Caswell 




On 02/07/2021 10:09, Nan Xiao wrote:

Hi OpenSSL users,

Greetings from me! From this article
(https://www.qacafe.com/resources/examples-of-tls-1-3/) and pcap file
(https://www.cloudshark.org/captures/64d433b1585a), I know we can use
s_server and s_client to simulate "TLS 1.3 Session Resumption". I
tried following command:

echo | openssl s_client -tls1_3  -connect tls13.cloudflare.com:443 -reconnect



That looks like you've stumbled across an s_client bug. This should 
work, but it doesn't appear to. I just raised an issue for it:


https://github.com/openssl/openssl/issues/15979




But it seems not to work since there is no "pre_shared_key" extension,
and every time s_client just initiated a new connection instead of
resumption.

Could anybody advise how to simulate "TLS 1.3 Session Resumption"
through OpenSSL tools? Thanks very much in advance!


You can do this another way. Create an initial connection (add 
"-connect" option as appropriate):


openssl s_client -tls1_3 -sess_out sess.pem

And then resume like this:

openssl s_client -tls1_3 -sess_in sess.pem

However, note that with TLSv1.3 the session data doesn't arrive until 
post-handshake. In the case of the cloudflare server it doesn't send any 
session tickets until it has received some application data from the 
client. So in order to get a valid resumable session you will have to 
type some HTTP command into s_client once it has created its initial 
connection. This should cause the cloudflare server to respond with a 
session ticket, which will get saved to the sess.pem file. You can then 
use that in the subsequent resumption attempt.


Matt

How to simulate "TLS 1.3 Session Resumption" through OpenSSL tools?

2021-07-02 Thread Nan Xiao 
Hi OpenSSL users,

Greetings from me! From this article
(https://www.qacafe.com/resources/examples-of-tls-1-3/) and pcap file
(https://www.cloudshark.org/captures/64d433b1585a), I know we can use
s_server and s_client to simulate "TLS 1.3 Session Resumption". I
tried following command:

echo | openssl s_client -tls1_3  -connect tls13.cloudflare.com:443 -reconnect

But it seems not to work since there is no "pre_shared_key" extension,
and every time s_client just initiated a new connection instead of
resumption.

Could anybody advise how to simulate "TLS 1.3 Session Resumption"
through OpenSSL tools? Thanks very much in advance!

Best Regards
Nan Xiao

Re: CNG engine on GitHub

2021-07-02 Thread Matt Caswell 




On 02/07/2021 04:25, Reinier Torenbeek wrote:

Hi Matt,

I am aware of the deprecation of the engine interface with 3.0 but have not 
looked into the details of support providers yet. I  expect converting an 
engine to a support provider could be done with quite a bit of code reuse, 
correct? Would you say the interface and design of support providers is stable 
at this point?


The engine and provider interfaces are quite different - but since the 
underlying operations are the same I imagine there will be quite a bit 
of reuse.


Yes, we consider the provider interface to be stable now.

Matt




Thanks,
Reinier


On Jul 1, 2021, at 4:41 PM, Matt Caswell  wrote:

Nice! Are there any thoughts to support providers? The engine interface is 
deprecated in 3.0.

Matt



On 01/07/2021 18:49, Reinier Torenbeek wrote:
Hi,
For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may want to check 
out this new OpenSSL CNG Engine project on GitHub: 
https://github.com/rticommunity/openssl-cng-engine 
 . The associated User's Manual 
is on ReadTheDocs: https://openssl-cng-engine.readthedocs.io/en/latest/index.html 
 .
The project implements the majority of the EVP interface, to leverage the 
BCrypt crypto implementations, as well as a subset of the STORE interface, for 
integration with the Windows Certificate and Keystore(s), via the NCrypt and 
Cert APIs. It has been tested with 1.1.1k on Windows 10, with Visual Studio 
2017 and 2019. It is released under the Apache-2.0 license.
Any feedback is welcome, please send it to me or open an issue on GitHub.
Best regards,
Reinier