Re: [openssl-users] Errors in building 1.0.2f
Yes, I did. It still failed. I manually made the symbolic links and the compilation completed without problem. But this should have been taken care of by Configure, should it not? Alex On 2/11/16, 1:07 AM, "openssl-users on behalf of Matt Caswell" <openssl-users-boun...@openssl.org on behalf of m...@openssl.org> wrote: > > >On 11/02/16 01:03, Alex Chen wrote: >> I tried to build openssl 1.0.2f on MacOS with the following >> configuration options "Configure no-bf" but it failed because there is >> no header file blowfish.h in include/openssl directory. >> This does not happen in 1.0.2d where include/openssl/blowfish.h is a >> symbolic link to ../../crypto/bf/blowfish.h. >> This is true for idea, cast, jpake, camellia, too. >> >> What has changed? > >Configure should have instructed you to run "make depend", i.e. mine says: > >*** Because of configuration changes, you MUST do the following before >*** building: > > make depend > >Did you run it? > >Matt >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Errors in building 1.0.2f
I tried to build openssl 1.0.2f on MacOS with the following configuration options "Configure no-bf" but it failed because there is no header file blowfish.h in include/openssl directory. This does not happen in 1.0.2d where include/openssl/blowfish.h is a symbolic link to ../../crypto/bf/blowfish.h. This is true for idea, cast, jpake, camellia, too. What has changed? Alex -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Elliptic curves approved or recommended by government
Thanks for the reply Jakob. Is there a mapping in the government's elliptic curve names to the names in OpenSSL? For instance, the API EC_KEY_new_by_curve_name( int nid ) takes an id of the EC name where the id can be something like NID_X9_62_prime256v1, NID_X9_62_prime239v3, etc. that are defined in ob_jmac.h. What I would like to know is how the names are related to NIST's recommendation list? Is there a convention? Thanks On 11/11/2015 1:08 PM, Jakob Bohm wrote: On 11/11/2015 21:02, Alex Chen wrote: I see there is a list of recommended list by NIST in http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, but it is very old (1999) Is there a up to date list of elliptic curves approved or recommended for government use in OpenSSL? Is NID_X9_62_prime256v1 the strongest? First of all, it depends on *which government*, NIST is for the USA Government only, though some allied countries may have copied their decisions. Secondly, since ca. 1999, the official list has been mostly unchanged, namely those that are listed in the official NIST standard FIPS 186-2 for use with ECDSA and in NIST Special publication SP 800-56A for ECDH. So far, the public adjustments have been: 2005: The official Suite B list of ciphers was published and included the P-256 and P-384 bit curves as minimum. Around the same time they made a secret Suite A list of ciphers for stuff more secret than "top secret". 2015: NSA announced that they will soon start work on a new list, and that government departments should not waste taxpayers money doing the upgrade to Suite B just a few years before it becomes obsolete. However for use at this time they recommend P-384 or 3072 bit RSA/DH as a good minimum while accepting the next step down (P-256 or 2048 bit RSA/DH) in already built systems. They also recommend the use of pure symmetric key solutions with strong (256 random bits) keys as the best current solution where possible. The (non-classified) current official advice can be read at https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Elliptic curves approved or recommended by government
I see there is a list of recommended list by NIST in http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, but it is very old (1999) Is there a up to date list of elliptic curves approved or recommended for government use in OpenSSL? Is NID_X9_62_prime256v1 the strongest? Thanks Alex ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 option flags
I assume SSL_OP_NO_TLSv1 affect TLS v1.0 only but not TLS v1.x in general? Alex
Disable SSLv2
I want to disable SSv2 support in OpenSSL and use the flag -DOPENSSL_NO_SSL2 when configuring OpenSSL. It builds fine and passes all tests during 'make test' phase. However there a quite a few of SSLv2 tests and they all seem to have passed, or at least do not indicate 'not supported' errors. === Test log test sslv2 Available compression methods: 1: zlib compression TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2 with server authentication Available compression methods: 1: zlib compression server authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2 with client authentication Available compression methods: 1: zlib compression client authentication depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 1 handshakes of 256 bytes done test sslv2 with both client and server authentication . === Is this expected response of the tests? Alex
Building OpenSSL 1.0.1e on MacOS
I downloaded OpenSSL 1.0.1e and tried to build it for both 32-bit and 64-bit with release and debug configurations but it failed on 64-bit debug configuration. There are only darwin-i386-cc, debug-darwin-i386-cc and darwin64-x86_64-cc in 'Configure' of 1.0.1e: # MacOS X (a.k.a. Rhapsody or Darwin) setup (from 1.0.1e) ... darwin-i386-cc,cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:.eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, debug-darwin-i386-cc,cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, darwin64-x86_64-cc,cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:.eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, ... There is a debug-darwin64-x86_64-cc entry in 'Configure' of 1.0.1c that is missing in 1.0.1e # MacOS X (a.k.a. Rhapsody or Darwin) setup (from 1.0.1c) ... darwin-i386-cc,cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:.eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, debug-darwin-i386-cc,cc:-arch i386 -g -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:.eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, darwin64-x86_64-cc,cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:.eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, debug-darwin64-x86_64-cc,cc:-arch x86_64 -g -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:.eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib, ... Is this is mistake in Configure or is it intentional. If so, what is the reason? Thanks for the help. Alex
Re: Set up the protocol
Thanks for the reply Florian, Can't I just call SSL_CTX_set_options on the current SSL context I am using before I initiate the connection? Another question is how to enforce the 'server' side preference of the cipher suite selection? Is it also part of the SSL_CTX_set_options() API? On 12/11/2012 2:30 AM, Florian Weimer wrote: On 12/11/2012 02:44 AM, Alex Chen wrote: I want to set up SSL so it does not use SSL v2 or older, just like that Apache has in its httpd-ssl.conf SSLProtocol all -SSLv2 What is the equivalent API to do this? After reviewing existing documentation and code, I came up with this: // Configure a client connection context. Send a hendshake for the // highest supported TLS version, and disable compression. const SSL_METHOD *const req_method = SSLv23_client_method(); SSL_CTX *const ctx = SSL_CTX_new(req_method); if (ctx == NULL) { ERR_print_errors(bio_err); exit(1); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); (Error handling is only exploratory, of course.) With version 1.0.0j, this sends a TLS 1.0 hello, and with 1.0.1c, a TLS 1.2 hello. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Set up the protocol
I want to set up SSL so it does not use SSL v2 or older, just like that Apache has in its httpd-ssl.conf SSLProtocol all -SSLv2 What is the equivalent API to do this? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl rsa command
Thanks to Mr. Hohnstaedt and Dr. Henson for answering my questions. It was very useful. Alex On 12/6/2012 4:38 AM, Dr. Stephen Henson wrote: On Thu, Dec 06, 2012, Christian Hohnstaedt wrote: On Wed, Dec 05, 2012 at 10:38:59AM -0800, Alex Chen wrote: I am trying to change the password of a private key with 'openssl rsa' command. The original key file, server.key.enc has the following format: -BEGIN ENCRYPTED PRIVATE KEY- -END ENCRYPTED PRIVATE KEY- This is a private key in PKCS#8 format. When I used the command openssl rsa -in server.key.enc -passin pass:old_password -out server.key, a new decrypted key file is generated with the following format: -BEGIN RSA PRIVATE KEY- ... -END RSA PRIVATE KEY- But when I use the command openssl rsa -in server.key.enc -passin pass:old_password -out server.key -passout pass:new_password, hoping the new key file will be encrypted with the new password, I still get the same decrypted key file below -BEGIN RSA PRIVATE KEY- ... -END RSA PRIVATE KEY- You must use one of the -des, -aes128, -aes192, -aes256 options to get an encrypted RSA key. It then looks like: -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,B9A804CC6B6B2B3B fpz9643saAI47PWga4Or3xcBY372owuck/9jGO19rBbrfW6NSyUvJevHRWvcHNGM . -END RSA PRIVATE KEY- However, this format is an OpenSSL specific extension. To get the key in the same format (PKCS#8) as before, just with a changed password, use: openssl pkcs8 -topk8 -in server.key.enc -passin pass:old_password \ -out server.key -passout pass:new_password In OpenSSL 1.0.0 and later it's rather easier. You can for example: openssl pkey -in old.pem -out new.pem -aes256 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl rsa command
I am trying to change the password of a private key with 'openssl rsa' command. The original key file, server.key.enc has the following format: -BEGIN ENCRYPTED PRIVATE KEY- -END ENCRYPTED PRIVATE KEY- When I used the command openssl rsa -in server.key.enc -passin pass:old_password -out server.key, a new decrypted key file is generated with the following format: -BEGIN RSA PRIVATE KEY- ... -END RSA PRIVATE KEY- But when I use the command openssl rsa -in server.key.enc -passin pass:old_password -out server.key -passout pass:new_password, hoping the new key file will be encrypted with the new password, I still get the same decrypted key file below -BEGIN RSA PRIVATE KEY- ... -END RSA PRIVATE KEY- Do I use the command correctly, or do I misunderstand what the argument meant? What is the correct way to re-encrypt a RSA private key with a new password? Thanks for any help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Encryption algorithm
We only use OpenSSL_add_all_algorithms during SSL initialization, no other SSL_[CTX]_set_cipher_list calls are made, therefore the cipher used should be the default DHE-RSA-AES256-SHA then. Alex On Oct 14, 2012, at 3:01 PM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen Sent: Friday, 12 October, 2012 21:31 The 'openssl cipher -v' command shows the following cipher suites: snip If both the client and server uses the sample version of openssl library and they only calls OpenSSL_add_all_algorithms() to initialize the cipher list. I assume the first 'preferred' cipher, DHE-RSA-AES256-SHA, will be used, correct? Not necessarily. If either client or server calls SSL_[CTX_]set_cipher_list that changes the list and order of ciphersuites it uses. If not, they will both use the default list, which is same default list used and shown by ciphers [-v] with no argument. The client sends its list in ClientHello. Unless you set server preference the server chooses the first ciphersuite in the client's list also in the server's list and usable. An RSA-DHE suite is only usable, and will only be chosen, if the server has an RSA key+cert configured and either a tmp_dh key (or maybe parameters?), or a tmp_dh_callback. (According to RFC, the cert must allow digitalSignature, but I don't think openssl enforces this.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Encryption algorithm
The 'openssl cipher -v' command shows the following cipher suites: $ openssl ciphers -v DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-SEED-SHASSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHASSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 SEED-SHASSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export If both the client and server uses the sample version of openssl library and they only calls OpenSSL_add_all_algorithms() to initialize the cipher list. I assume the first 'preferred' cipher, DHE-RSA-AES256-SHA, will be used, correct? Alex
Re: OpenSSL support of Intel AES instruction set
Is the AES-NI support enabled by default for x84/x86_64 architecture or do we need to set specific flags to 'Configure' to enable the support? I found a link from Intel: http://software.intel.com/en-us/articles/boosting-openssl-aes-encryption-with-intel-ipp/ What does it offer that is different from what is already done by OpenSSL? Alex On Sep 25, 2012, at 3:49 AM, Klaus Darilion wrote: On 24.09.2012 23:56, Alex Chen wrote: Sorry I did not use new mail command to start a new topic. Let me start over again. I remember seeing somewhere that OpenSSL supports Intel AES instruction set. If so, which release is that and what flag is needed to enable it. Does the 'no-asm' flag in 'Configure' disable the use of these instructions? There were patches for certains releases which addes AES support as an engine. When AES support was added to openssl it was not implemented as engine, but natively. See http://www.openssl.org/news/changelog.html and search for AES-NI regards klaus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL support of Intel AES instruction set.
I remember seeing somewhere that OpenSSL supports Intel AES instruction set. If so, which release is that and what flag is needed to enable it. Does the 'no-asm' flag in 'Configure' disable the use of these instructions? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL support of Intel AES instruction set
Sorry I did not use new mail command to start a new topic. Let me start over again. I remember seeing somewhere that OpenSSL supports Intel AES instruction set. If so, which release is that and what flag is needed to enable it. Does the 'no-asm' flag in 'Configure' disable the use of these instructions? Alex
FIPS mode and SSL
When FIPS mode is turned on, I assume OpenSSL will only use FIPS 140-2 approved encryption algorithms for network traffic encryptions as well, correct? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module 1.2.4 support for Apple iOS and OS X
Thanks, Steve. Alex On 7/6/12 4:36 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 07/05/2012 12:43 PM, Alex Chen wrote: Thanks for the information, Steve. I do have some questions about the FIPS module. 1. What does 'support' mean? Does it involve source code change or is it simple changes in the configure script to make the code compile correctly in a specific OS and generate the proper library? In this context it means we expect to be adding iOS to the OpenSSL FIPS Object Module 2.0 (#1747) validation as a formally tested platform (Operational Environment), which will mean that module can be used on iOS where FIPS 140-2 validation is required. 2. Since the FIPS module 2.0 has already been certified will it require a new certification if iOS support is added? Or is it going to fall into the 'Change Letter' modification category? Yes, iOS will be added to the existing #1747 validation via a change letter process. 3. From what is currently available, if a user wants to use OpenSSL FIPS module for MacOS, the only option seems to be FIPS module 1.2.4 (and implicitly OpenSSL 0.9.8)? Correct. 4. It seems there is a sponsor for FIPS module 1.2.4 for MacOS but not in FIPS module 2.0. What is involved in a 'sponsorship'? Money (always!) and sometimes the provision of suitable platforms to test on. In the case of Mac OS X we will need access to appropriate hardware for the duration of the testing process (several weeks). 5. If we take the source code and create an Xcode project to build the library instead of using the configure script but use the same flags and defines specified in the Makefile, will the resulting library still be consider valid, assuming it passes all the tests that come with the source code? Only the FIPS module itself (the fipscanister object file) is validated. That must be generated *exactly* as documented in the Security Policy, and the documented process does not use Xcode for OS X. Once that is done there are essentially no restrictions on how you subsequently link it with your application code. So, you're stuck with the config/Configure scripts for the module build; no room for creativity there. We used Xcode to build the test programs used for the OS X and iOS validation testing. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module 1.2.4 support for Apple iOS and OS X
Thanks for the information, Steve. I do have some questions about the FIPS module. 1. What does 'support' mean? Does it involve source code change or is it simple changes in the configure script to make the code compile correctly in a specific OS and generate the proper library? 2. Since the FIPS module 2.0 has already been certified will it require a new certification if iOS support is added? Or is it going to fall into the 'Change Letter' modification category? 3. From what is currently available, if a user wants to use OpenSSL FIPS module for MacOS, the only option seems to be FIPS module 1.2.4 (and implicitly OpenSSL 0.9.8)? 4. It seems there is a sponsor for FIPS module 1.2.4 for MacOS but not in FIPS module 2.0. What is involved in a 'sponsorship'? 5. If we take the source code and create an Xcode project to build the library instead of using the configure script but use the same flags and defines specified in the Makefile, will the resulting library still be consider valid, assuming it passes all the tests that come with the source code? Alex On 7/4/12 6:05 AM, Steve Marquess marqu...@opensslfoundation.com wrote: On 07/03/2012 07:35 PM, Alex Chen wrote: I assume this module will work with both OpenSSL 1.0.0 and 1.0.1? No, the OpenSSL FIPS Object Module 1.2.4 is only compatible with OpenSSL 0.9.8. We do expect to be adding support for iOS to the 2.0 FIPS module in the near future. The 2.0 FIPS module is compatible with OpenSSL 1.0.1. There are no current plans to add Mac OS X to the 2.0 FIPS module (no sponsors). -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Object Module 1.2.4 support for Apple iOS and OS X
I assume this module will work with both OpenSSL 1.0.0 and 1.0.1? On 6/25/12 7:03 AM, Steve Marquess marqu...@opensslfoundation.com wrote: The OpenSSL FIPS Object Module 1.2 has been extended to include support for the iOS and Mac OS X operating systems, as the newly released revision 1.2.4. This new support was made possible by a collaboration with Thursby Software Systems, Inc, (http://www.thursby.com/), a leading vendor of commercial Apple enterprise integration products. This module corresponds to the FIPS 140-2 validation certificate #1051, see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1051 The new 1.2.4 source distribution can be found at: http://openssl.org/source/openssl-fips-1.2.4.tar.gz An update to the 1.2 User Guide document should be forthcoming in a few days: http://openssl.org/docs/fips/UserGuide-1.2.pdf Note UserGuide.pdf is currently a symlink to UserGuide-1.2.pdf, but will soon reference the new User Guide 2.0 document for the upcoming OpenSSL FIPS Object Module 2.0. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org Announcement Mailing List openssl-annou...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Exchange information without SSL
Thanks for the reply Erwin. Let me clarify the goal: the client wants to send an encrypted message to the server for security reason and the connection may not be secured (cannot be changed during communication). Although the connection can be set up to use SSL, it is configured by the user and the application has no control. In order to decrypt the encrypted, an key is needed on the server side. We do not want to use hardcoded key or send the key over the wire for obvious reason. That's way Diffie-Hellman is an option. But it requires extra calls to do key agreement handshake. Since both client and server have a pair of certificate and private key, so the user can configure SSL connections, therefore PKI seems to be more straightforward. I am thinking of using the client's private key to encrypt the message, i.e. RSA_private_encrypt(), and let the server use the client public key to decrypt it, RSA_public_decrypt(). But I am not familiar with the API . How do I get the RSA data from a PEM file? Thanks. Alex On May 2, 2012, at 6:15 PM, Erwin Himawan wrote: I have the impression you want to protect (providing message integrity, message authentication, and confidentiality) messages between a client and a server. The options are: 1. Protect individual message with known techniques such as S/MIME, CMS and send it in unprotected connection. 2. Protect the connection between the client and server using known techniques such TLS or DTLS, and IPSec. Send the message in clear. S/MIME, TLS, and DTLS protection is integrated with the application. IPSec protection is not integrated with application. If you do not like any of those techniques, you can use your own technique. However, it may be option-1, option-2, or combination of option-1 and option-2. Level of difficulty to implement. IPSec: Low. Client and server do not need any new functionality. If your OS kernel has IPSec stack, you can enable and configure it and you are done. TLS, DTLS: Medium. Client and server do need modification, making TLS or DTLS API calls. It is relatively simple to implement security using TLS or DTLS; TLS and DTLS API semantics are similar to networking API semantics. It is a simpler to implement because a lot of crypto API calls are hidden. S/MIME (CMS): High. Client and server do need modification. A lot of crypto API calls need to be called to create CMS envelopedData, signedData, creating/verifying digital signature, encrypting/decrypting using public key and symmetric keys, creating symmetric key. If my understanding is correct, Diffie-Hellman is key agreement protocol; PKI is public key management mechanism. These two do not provide the protection you are looking for. They enable message protection by providing the crypto keys needed by S/MIME, TLS, DTLS, and IPSec to protect the message. Erwin On Wed, May 2, 2012 at 4:46 PM, Alex Chen alex_c...@filemaker.com wrote: I want to send encrypted information from a client to the server via non-SSL connections without using hardcode encryption key, i.e. a typical scenario. Both client and server have their private key and certificate. (RAS key, PEM format) I am thinking of two options to exchange the encryption key, which will then be use to symmetric encryption/decryption. 1. Use Diffie-Hellman 2. Use PKI Which approach is a better? If I go with 2., what APIs are used to extract the private key and public key from the PEM file? Thanks for the help. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Exchange information without SSL
I want to send encrypted information from a client to the server via non-SSL connections without using hardcode encryption key, i.e. a typical scenario. Both client and server have their private key and certificate. (RAS key, PEM format) I am thinking of two options to exchange the encryption key, which will then be use to symmetric encryption/decryption. 1. Use Diffie-Hellman 2. Use PKI Which approach is a better? If I go with 2., what APIs are used to extract the private key and public key from the PEM file? Thanks for the help. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Random number generator
There is a 'rand' command in the openssl command line tool to generate 'pseudo' random number generator. But I cannot find the API from either the 'ssl' or 'crypto' man pages. Can someone point me to the API page if it is available? Is this RNG implementation different in the regular distribution and the FIPS Object module? Thanks. Alex__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Module 2.0 status update
Steve, Unfortunately it has been four weeks and the status is still stuck in 'coordination'. Well, we all know the government pace is a 'little slower' than the rest of the industry. There is a 'finalization' status after 'coordination', what is involved in that status? When an application reaches 'finalization', I assume it will eventually 'graduate', i.e. removed, from that list and gets a certificate number, right? Alex On Mar 6, 2012, at 3:08 AM, Steve Marquess wrote: The OpenSSL FIPS Object Module 2.0 is now in coordination status at the CMVP. That's usually a good sign that the formal validation award is imminent (as in a week or three...). -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Module 2.0 status update
Thanks for the response, Steve. Alex On Apr 4, 2012, at 4:58 PM, Steve Marquess wrote: On 04/04/2012 07:17 PM, Alex Chen wrote: Steve, Unfortunately it has been four weeks and the status is still stuck in 'coordination'. Well, we all know the government pace is a 'little slower' than the rest of the industry. There is a 'finalization' status after 'coordination', what is involved in that status? I had expected coordination to take less time per experience with previous validations. Since the test lab doing this validation reports no known issues or complications I'm still hoping for this to conclude any day now. This morning I had a long talk with another test lab that reports they are also seeing unusually long durations for coordination for their pending validations. The wait for a validation can vary dramatically with no obvious rhyme or reason. Several years ago we waited thirteen months for one validation, by which time it was no longer of any economic value. I still don't know why that one took so long when other essentially identical concurrent validations took only half the time. Frankly, if a vendor has a validation need that was more schedule than cost sensitive it would be prudent to do several validation attempts in parallel to try and dodge the risk of being a long wait outlier; and in fact some vendors have done that. We didn't have the funding to burn for this validation. When an application reaches 'finalization', I assume it will eventually 'graduate', i.e. removed, from that list and gets a certificate number, right? Yes, the finalization phase is usually very brief ... of course I thought that of the coordination phase as well. The test lab will typically be informed of the successful validation award several days before the web site is updated, and we will announce that happy news here when it happens. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.net __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AES encryption block size
When the padding is disabled by setting the padding size to 0 in EVP_CIPHER_CTX_set_padding(), is the output data block size the same as the input block size? Will this reduce the encryption strength? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.1 and FIPS Object Module v 2.0
My mistake in the subject line in previous mail. What I have actually downloaded is FIPS 2.0. The questions below are still valid. Alex On Mar 16, 2012, at 6:48 PM, Alex Chen alex_c...@filemaker.com wrote: I have downloaded the OpenSSL 1.0.1 and FIPS object module v2.0. Both will build a libcrypto.a library. I have some questions and hope someone can clarify them for me. This FIPS thing is totally new so please if forgive me if the questions are off the target. 1. Is the crypto code in FIPS a subset of the OpenSSL source? Does it include only FIPS approved cryptographic algorithms? 2. I assume libssl depends on libcrypto so if I need to use libcrypto in addition to SSL, should I build OpenSSL to get both libssl and libcrypto and replace libcrypto with the one built from FIPS? 3. Is the 'FIPS_mode_set' API defined only in libcrypto built from the FIPS object module source? 4. The 'fips' configuration is accepted in Configure, but not document in the script. What is the use of 'fips' configuration setting when building OpenSSL? When I run ./config threads shared fips no-hw zlib-dynamic no-idea no-rc2 no-rc4 no-rc5 no-camellia no-bf make depend make make test I get the following errors during 'make test' phase Doing certs testing... cc -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o bntest.o bntest.c (cd ..; make DIRS=crypto all) making all in crypto... cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o o_fips.o o_fips.c o_fips.c:60:26: error: openssl/fips.h: No such file or directory o_fips.c:61:31: error: openssl/fips_rand.h: No such file or directory o_fips.c: In function ‘FIPS_mode_set’: o_fips.c:84: warning: passing argument 1 of ‘RAND_set_rand_method’ makes pointer from integer without a cast make[3]: *** [o_fips.o] Error 1 make[2]: *** [build_crypto] Error 1 make[1]: *** [../libcrypto.a] Error 2 make: *** [tests] Error 2 5. What is the incore script for? If I run it without any parameters under MacOS 10.7, I get the error instead of usage $ ./incore Modification of non-creatable array value attempted, subscript -1 at ./incore line 366. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.1 and FIPS Object Module v1.2
I have downloaded the OpenSSL 1.0.1 and FIPS object module v1.2. Both will build a libcrypto.a library. I have some questions and hope someone can clarify them for me. This FIPS thing is totally new so please if forgive me if the questions are off the target. 1. Is the crypto code in FIPS a subset of the OpenSSL source? Does it include only FIPS approved cryptographic algorithms? 2. I assume libssl depends on libcrypto so if I need to use libcrypto in addition to SSL, should I build OpenSSL to get both libssl and libcrypto and replace libcrypto with the one built from FIPS? 3. Is the 'FIPS_mode_set' API defined only in libcrypto built from the FIPS object module source? 4. The 'fips' configuration is accepted in Configure, but not document in the script. What is the use of 'fips' configuration setting when building OpenSSL? When I run ./config threads shared fips no-hw zlib-dynamic no-idea no-rc2 no-rc4 no-rc5 no-camellia no-bf make depend make make test I get the following errors during 'make test' phase Doing certs testing... cc -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o bntest.o bntest.c (cd ..; make DIRS=crypto all) making all in crypto... cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o o_fips.o o_fips.c o_fips.c:60:26: error: openssl/fips.h: No such file or directory o_fips.c:61:31: error: openssl/fips_rand.h: No such file or directory o_fips.c: In function ‘FIPS_mode_set’: o_fips.c:84: warning: passing argument 1 of ‘RAND_set_rand_method’ makes pointer from integer without a cast make[3]: *** [o_fips.o] Error 1 make[2]: *** [build_crypto] Error 1 make[1]: *** [../libcrypto.a] Error 2 make: *** [tests] Error 2 5. What is the incore script for? If I run it without any parameters under MacOS 10.7, I get the error instead of usage $ ./incore Modification of non-creatable array value attempted, subscript -1 at ./incore line 366. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Final release of Openssl-1.0.1 and FIPS-2.0
When can we expect the final release of OpenSSL 1.0.1? Does FIPS 2.0 only work with OpenSSL 1.0.1 but not 1.0.0? There is a document, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf, of pending FIPS certificate and OpenSSL object module is there. Is that for FIPS 2.0? When was it filed and is there an expected approval date? Thanks. Alex
Build OpenSSL on Mac OS X
I downloaded OpenSSL 0.9.8t and tried to build it under Mac OS X 10.6.8. I want to build a dynamic library with both 32-bit and 64-bit (Universal binary). I tried various flag with the Configure script but failed. Here are the parameters I feed to 'Configure': ./Configure threads shared no-hw zlib-dynamic no-idea no-rc2 no-rc4 no-rc5 no-camellia no-bf darwin64-x86_64-cc:gcc -pipe -Wno-trigraphs -fmessage-length=0 -fpascal-strings -fasm-blocks -mmacosx-version-min=10.6 ( I got some of the compiler flags from the 'version -a' command in 'openssl' command line, which is shipped with Mac OS X. ) 1. After I run ' make install', the libraries generated in /usr/local/ssl/lib are still libcrypto.a and libssl.a, why? Doesn't the 'shared' flag control that? 2. The 'SHLIB_EXT' macro in Makefile is changed from .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib to an empty string. What triggers that? 3. The -OPENSSL_NO_RFC3779 CFLAG is always there, even if I feed the 'rfc3779' parameter to 'Configure'. Why? How to fix that? Can someone shed some light on these questions? Alex
Re: FIPS object module
Thanks for the information Jakob. I cannot find such module from OpenSSL source download page. Alex On Feb 17, 2012, at 2:19 AM, Jakob Bohm wrote: On 2/16/2012 10:28 PM, Alex Chen wrote: From what I saw in OpenSSL site and the user guide, the FIPS object module is only compatible with OpenSSL 0.9.8, not 1.0. Is that still valid? Does that mean if I cannot use that module to work with OpenSSL 1.0? No, that is the old FIPS module, whose certification might still be technically valid, but whose available features don't match current FIPS criteria. There is a new FIPS module, known as FIPS module 2.0, which is currently going through the certification process and will hopefully get its own certification number when/if it passes. The new module is for OpenSSL 1.0.1 or 1.0.2, which are also future/beta releases. Mr. Fowler was testing out the beta version to make sure it could build in his environment. The FIPS 140 certification number 1051 is for source code module and from what I understand it has to be build without any changes. If we need to build it in 64-bit mode, does the build script support that? How about building it on Windows? Does it also have batch file to build on Windows and for 64-bit, too? -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS object module
From what I saw in OpenSSL site and the user guide, the FIPS object module is only compatible with OpenSSL 0.9.8, not 1.0. Is that still valid? Does that mean if I cannot use that module to work with OpenSSL 1.0? The FIPS 140 certification number 1051 is for source code module and from what I understand it has to be build without any changes. If we need to build it in 64-bit mode, does the build script support that? How about building it on Windows? Does it also have batch file to build on Windows and for 64-bit, too? Any help is appreciated. Alex
OpenSSL FIPS
I am reading the OpenSSL FIPS user guide and the first thing I notice is that it says it only supports openssl 0.9.8j and up but not openssl 1.0.0. We are currently using openssl 1.0.0. Does that mean we cannot use the FIPS module? Do we have to move back to 0.9.8 branch? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Support of SHA-2
So if I want to use SHA-2 in my certificates, how do I choose on from the available SHA-2 family? The only thing I see in the config file we use is default_md = md5 and the generated pem file has the following entry: Signature Algorithm: md5WithRSAEncryption Which SHA-2 family can I use? Alex On Aug 10, 2010, at 10:44 AM, Erwann ABALEA wrote: Hodie IV Id. Aug. MMX, Alex Chen scripsit: I am only a end user and not familiar with SSL internal. If I understand the replies correctly, OpenSSL 1.0.x currently supports SHA-2 in certificates but not in the cipher suites used in network communication protocol. Is that a correct statement? That's it. OpenSSL implements the SHA2 family and is able to use wherever it needs to (certificate+CRL, CMS, ...), but only implements TLS1.0 (and in a near future TLS1.1) protocol. SHA256 (member of the SHA2 family) is defined in ciphersuites defined by TLS1.2, and these ciphersuites (and the protocol itself) need to be used differently than what was done previously. -- Erwann ABALEA erwann.aba...@keynectis.com Département RD KEYNECTIS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Support of SHA-2
I changed the default_md to sha512 in the configuration file and the generated pem file shows Signature Algorithm: sha512WithRSAEncryption Client and server are still able to communicate. ( Server uses the new pem file and the client uses an old pem file with md5 ). So I guess that works for sha256, sha384, etc., too, correct? Alex On 9/1/2010 4:28 PM, Alex Chen wrote: So if I want to use SHA-2 in my certificates, how do I choose on from the available SHA-2 family? The only thing I see in the config file we use is default_md = md5 and the generated pem file has the following entry: Signature Algorithm: md5WithRSAEncryption Which SHA-2 family can I use? Alex On Aug 10, 2010, at 10:44 AM, Erwann ABALEA wrote: Hodie IV Id. Aug. MMX, Alex Chen scripsit: I am only a end user and not familiar with SSL internal. If I understand the replies correctly, OpenSSL 1.0.x currently supports SHA-2 in certificates but not in the cipher suites used in network communication protocol. Is that a correct statement? That's it. OpenSSL implements the SHA2 family and is able to use wherever it needs to (certificate+CRL, CMS, ...), but only implements TLS1.0 (and in a near future TLS1.1) protocol. SHA256 (member of the SHA2 family) is defined in ciphersuites defined by TLS1.2, and these ciphersuites (and the protocol itself) need to be used differently than what was done previously. -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cipher selection
The command 'openssl ciphers -v DEFAULT' gives the following ciphers: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Based on my limited understanding, an openssl client and server will do some 'hello' handshaking and select a cipher supported by both and with the highest security, correct? For people that uses openssl right out of the box and does not any special cipher selection, if we use the same version of openssl on both ends I assume the cipher used in the connection will be the first one, DHE-RSA-AES256-SHA, right? Alex On Aug 12, 2010, at 7:15 AM, Michael S. Zick wrote: On Wed August 11 2010, Tim Cloud wrote: Let's pretend for a moment that an out of the box application uses openssl to provide access not through a browser, but rather through a SOAP client like Eclipse. And let's also say that you have no access to the code internal to that application. Is there any other way to limit the ciphers? Some kind of config file or a special way to compile the executable? The quick answer: cipher list is not limited by an external, run-time, config file. I am a bit confused by the limits to your question, the two parts: have no access to the code internal to that application and the: special way to compile the executable seem to conflict (at least in my mind). I suppose you know what you meant - I'll go with that assumption. ;-) The cipers that might be used are established by agreement between client and server - Two ends at which control might be effected. Server end: (not mentioned in your limits) - remove the unwanted ciphers from the openssl build. I.E: If the server doesn't have them, it can't offer them, and the client can choose one of them. Client end: If the client uses the dynamic openssl libraries - just do the same as above. Client end: If the I can't rebuild it part of the client was staticly linked against the openssl libraries - then you will have to do a few handsprings - One possible choice - put a https (or other as required) proxy on your gateway - edit the cipher lists offered by client and/or server on the fly. Note: Does not sound like fun to me. Mike From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton [aerow...@gmail.com] Sent: Wednesday, August 11, 2010 9:11 PM To: openssl-users@openssl.org Cc: Alex Chen Subject: Re: Cipher selection No, OpenSSL chooses the cipher from the argument to SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure. On 8/11/10 4:57 PM, Alex Chen wrote: Does openssl choose the cipher from the pem file? If so, which section of the following pem file sets the cipher for communication? - CONFIDENTIALITY NOTICE This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution
Cipher selection
Does openssl choose the cipher from the pem file? If so, which section of the following pem file sets the cipher for communication? Certificate: Data: Signature Algorithm: md5WithRSAEncryption Issuer: . Validity Not Before: ... Not After : Subject: ... Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): ... X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 72:0E:96:69:FD:C2:A2:3D:01:D3:5E:0D:2F:62:82:32:FA:8D:35:18 X509v3 Authority Key Identifier: keyid:97:A5:E9:E2:0B:EE:98:74:A5:CD:47:3D:41:95:61:D2:45:C5:00:22 DirName: serial:01 Signature Algorithm: md5WithRSAEncryption -BEGIN CERTIFICATE- . -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,669497216E1EF12B . -END RSA PRIVATE KEY- -BEGIN CERTIFICATE REQUEST- . -END CERTIFICATE REQUEST- Thanks for the help Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Support of SHA-2
I am only a end user and not familiar with SSL internal. If I understand the replies correctly, OpenSSL 1.0.x currently supports SHA-2 in certificates but not in the cipher suites used in network communication protocol. Is that a correct statement? Alex On Aug 9, 2010, at 6:44 AM, Jakob Bohm wrote: On 08-08-2010 01:13, Dr. Stephen Henson wrote: On Fri, Aug 06, 2010, Alex Chen wrote: Is SHA-2 supported in OpenSSL 1.0 or the latest version? From my search in Google, I found the following entry in openssl-dev mailing list: List: openssl-dev Subject:Re: SHA-2 support in openssl? From: smitha daggubatismithad123 () gmail ! com Date: 2009-11-18 9:56:55 Message-ID: 40a23ffd0911180144m27523ca3g9be5cf6be406bd0b () mail ! gmail ! com [Download message RAW] Marc, Thanks for the reply. On Wed, Nov 18, 2009 at 2:54 PM, Jean-Marc Desperrierjmd...@free.frwrote: smitha daggubati wrote: Does openssl have support for SHA-2. ? I know that SHA-2 is part of the crypto library but looking at the way the context is setup in ssl_ctx_new we are setiing up ret-sha1=EVP_get_digestbyname(ssl3-sha1)) So is there a way to establish an openssl connection using SHA-2 currently? Yes openssl has support for SHA-2, but what it doesn't have is support for a SSL cipher suite using SHA-2. It's a bit late in being updated to support the SHA-2 suites from RFC5289. I suppose this not the main priority of the development team, since sha1 inside tls is not actually endangered at the moment. Any help in implementing it, and rearchitecturing the code where use of SHA-1 is hardcoded, would certainly be welcomed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-...@openssl.org Automated List Manager majord...@openssl.org Does that means SHA-2 is still not in OpenSSL 1.0 yet? It depends on what you mean by in. Support for SHA-2 algorithms is in OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS for example. Since OpenSSL doesn't currently support TLS 1.2 it will not be used for TLS ciphersuites since none in TLS 1.1 or earlier use SHA-2 algorithms. I believe this is an unfortunate reading of the RFCs. Fundamentally, the SSL3/TLS protocols do not tie the availability of a cipher suite to the version of the protocol document which was current when it was introduced. The fact that the most common cipher suites are defined in the same documents as the protocols themselves really should not be treated as more important than the fact that there is a single IANA registry for these values. So I believe the better implementation strategy would be to offer any implemented cipher suite value which is not fundamentally incompatible with the SSL/TLS version, rather than holding back improved algorithms until unrelated aspects of new TLS versions are implemented. Formally: RFC2246, RFC4346 and RFC5246 all refer to IANA for the cipher suite list. IANA's cipher suite list refers to different RFCs for different suite values, including RFC2712 and RFC5246. The cipher suites so defined are thus equally applicable to the TLS versions (1.0, 1.1 and 1.2) defined in RFC2246, RFC4346 and RFC5246 unless there is a cipher suite specific reason not to use them with specific TLS versions. Of cause using an SHA-2 based cipher suite with TLS 1.1 or older implies that the keys will still be created from a master secret produced using the old MD5/SHA-1 PRF. But at least the HMACs for the data will be done with SHA-2 , thus limiting the attack surface for exploiters of SHA-1 weaknesses. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Support of SHA-2
Is SHA-2 supported in OpenSSL 1.0 or the latest version? From my search in Google, I found the following entry in openssl-dev mailing list: List: openssl-dev Subject:Re: SHA-2 support in openssl? From: smitha daggubati smithad123 () gmail ! com Date: 2009-11-18 9:56:55 Message-ID: 40a23ffd0911180144m27523ca3g9be5cf6be406bd0b () mail ! gmail ! com [Download message RAW] Marc, Thanks for the reply. On Wed, Nov 18, 2009 at 2:54 PM, Jean-Marc Desperrier jmd...@free.frwrote: smitha daggubati wrote: Does openssl have support for SHA-2. ? I know that SHA-2 is part of the crypto library but looking at the way the context is setup in ssl_ctx_new we are setiing up ret-sha1=EVP_get_digestbyname(ssl3-sha1)) So is there a way to establish an openssl connection using SHA-2 currently? Yes openssl has support for SHA-2, but what it doesn't have is support for a SSL cipher suite using SHA-2. It's a bit late in being updated to support the SHA-2 suites from RFC5289. I suppose this not the main priority of the development team, since sha1 inside tls is not actually endangered at the moment. Any help in implementing it, and rearchitecturing the code where use of SHA-1 is hardcoded, would certainly be welcomed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-...@openssl.org Automated List Manager majord...@openssl.org Does that means SHA-2 is still not in OpenSSL 1.0 yet? Alex
Re: SHA-1 vs. SHA-2
Thanks for the information, Viktor. I am not familiar with the algorithms used in SSL, but if I understand correctly, SHA-1/SHA-2 is only a hash function, right? In OpenSSL source code, I see references of SHA-256, SHA-512, etc. that belong to SHA-2 suites. If OpenSSL only supports SHA-1 HMAC, where and how does the code get used? I look at one of our self-signed certificate (.pem) file with the following entries: Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption It appears that this certificate was generated with MD5 hash instead of SHA hash, correct? How do we set the hash function to SHA instead of MD5? Alex On May 7, 2009, at 12:46 PM, Victor Duchovni wrote: On Thu, May 07, 2009 at 10:54:50AM -0700, Alex Chen wrote: How does openssl decide which SHA function to use if we simply uses ssl connection, i.e. what control the use of different SHA function? There are no SHA-2 cipher-suites in TLS 1.0 and TLS 1.1. TLS 1.2 is very new, and not yet implemented by OpenSSL. If you enable all algorithms rather than all ssl algorithms, you will be able to verify certificates signed with SHA-2 with the current OpenSSL release but the SSL cipher-suite will still use a SHA-1 HMAC. This said, most clients and servers will break with SHA-2 certificates, so you can only use these in closed systems, not on the public Internet. TLS 1.2 supports negotiation of certificate signature algorithms, but it will be a long time before systems are able to make use of SHA-2 certs... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SHA-1 vs. SHA-2
Thanks again for the detail explanation, Viktor. We use OpenSSL only between our client and server, both use OpenSSL, therefore interoperability with other SSL entity is not a concern. Is there a 'sha2' flag for 'req' command so we can use SHA-2 as the hash function? In your previous response, you mentioned something about If you enable all algorithms rather than all ssl algorithms, you will be able to verify certificates signed with SHA-2 with the current OpenSSL release but the SSL cipher-suite will still use a SHA-1 HMAC. === Does this means SHA-2 is only used in certificate verification, but not in any other crypto suite used for traffic? And do we 'enable' the all algorithm? Any man page for more information? Thanks. Alex On May 8, 2009, at 11:40 AM, Victor Duchovni wrote: On Fri, May 08, 2009 at 10:11:22AM -0700, Alex Chen wrote: Thanks for the information, Viktor. I am not familiar with the algorithms used in SSL, but if I understand correctly, SHA-1/SHA-2 is only a hash function, right? SHA-1 and the 3 members of the SHA-2 family are hash functions, they are building blocks for higher-level algorithms, HMAC, private key signature and public key verification of message digests, ... In OpenSSL source code, I see references of SHA-256, SHA-512, etc. that belong to SHA-2 suites. If OpenSSL only supports SHA-1 HMAC, where and how does the code get used? The OpenSSL toolkit can use any of the digests it supports in any context where the standards support a variable digest algorithm with a digest of the indicated type. In the context of SSL cipher-suites, SHA-2 is not an option for message integrity with SSLv2, SSLv3, TLS 1.0 and TLS 1.1. OpenSSL does not yet implement TLS 1.2. In the context of X.509 certificates, SHA-2 support can be enabled, but this is not inter-operable with most fielded systems that have no such support or have not enabled it. I look at one of our self-signed certificate (.pem) file with the following entries: Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption It appears that this certificate was generated with MD5 hash instead of SHA hash, correct? How do we set the hash function to SHA instead of MD5? The man pages for req(1) and x509(1) cover this. Also, sha1 is the default with OpenSSL 0.9.8 and later (0.9.7 and earlier default to md5). The -sha1, -md5, options are what you are looking for. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SHA-1 vs. SHA-2
How does openssl decide which SHA function to use if we simply uses ssl connection, i.e. what control the use of different SHA function? Is there a way users can select it? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Which version of SSL is supported in OpenSSL 0.9.7e
We are using OpenSSL 0.9.7e and would like to know if it supports SSL 3.0? Alex
pq_compat.h
The header file crypto/pqueue/pq_compat.h does not have the following directive #ifndef HEADER_PQ_COMPAT_H #define HEADER_PQ_COMPAT_H #enedif The effect is that we get warnings about PQ_64BIT being redefined because ssl.h includes ssl3.h, which includes pq_compat.h, and dtls1.h, which also reference pq_compat.h eventually. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Year 2038 problem
That is great news, Dr. Hensen. In our test with openssl 0.9.7e, the behavior of certificate expiration date calculation does not seem to be consistent across different OS. For instance, when we use openssl to generate pem files on Windows and MacOS X with system time set beyond 2012, we get different expiration dates if we specify the 'default_days' to but do not specify 'default_enddate' in the config file. The Windows certificate contains proper expiration date while the MacOS certificate wraps the certicate expiration date back to 1900. Hopefully your fix will make the behavior consistent as well. Alex Dr. Stephen Henson wrote: To those interested in the year 2038 issues I've just added some experimental code to HEAD (which will be OpenSSL 0.9.9). This should make sensible things happen when longer expiry dates are used during certificate creation. Let me know of any issues. At some point this could be backported. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Missing '-d' flag in the usage
In OpenSSL 0.9.8i, if I try to get the openssl build information, I get C:\OpenSSL\0.9.8i\ms\releaseopenssl OpenSSL version OpenSSL 0.9.8i 15 Sep 2008 OpenSSL version -h usage:version -[avbofp] error in version OpenSSL version -d OPENSSLDIR: /usr/local/ssl Apparently the '-d' flag is missing in the usage text. Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Year 2038 problem
Seriously, if we use openssl version 0.9.7 to generate a certificate on MacOS and set the end day to from now, i.e. set 'default_days' to but do not have 'default_enddate' in the config, we get Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Oct 6 20:41:18 2008 GMT Not After : Jan 15 14:13:02 1900 GMT Switch to version 0.9.7e works better, but it still fails if we set the system clock in 2010. It means for applications that only want to have the maximum validity by specifying days when they generate 'self-signed' certificate, the certificate will either fail now, or in a couple of years. This is not a problem we can casually brush off assuming it is not going to happen before we are all retired. Alex On Oct 6, 2008, at 9:43 AM, Mark H. Wood wrote: On Mon, Oct 06, 2008 at 10:19:08AM -0500, Michael S. Zick wrote: On Mon October 6 2008, Thomas J. Hruska wrote: Philipp Gühring wrote: Hi, The biggest Problem with the Y2038 problem I see is that most people believe that it will go away due to the migration to 64 Bit machines. But this isn't going to happen. We have to start fixing 2038 now, also for all our 32 Bit platforms, 16 Bit platforms and 8 Bit platforms. Best regards, Philipp Gühring Well, that and the problem that it is so hard to get anyone to think about time formats w.r.t. any time other than right now. Already the idea 31 years from now is inexpressible. Oh...you mean like these problems (disclaimer: Found on the Internet and taken out of context): Having spent a few years in testing development fuze and guidance systems... Don't worry about that one. If you are seriously concerned, move at least 150 miles away from any of the A-List cities. ;) (50 mile error allowance, 50 mile 100% kill zone, plus room to hide.) A more likely possibility - All of the crypto-locks on the physical facilities will not work, nor any of the access cards - nobody will be able to get in. Meaning the world will be effectively, totally disarmed. So long as *none* of the parties fix their clocks first. We must not have a clock-width gap! :-) -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is intuitive he means the exact opposite. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Year 2038 problem
When we use openssl to generate the certificate, we add a certain time, i.e. thirty years, to the time when the certificate is created. It is 2008 now and this makes the expiration date 2038. Unfortunately this triggers the infamous year 2038 problem http://en.wikipedia.org/wiki/Year_2038_problem This means new installation will get the expiration date in 1901. How does openssl address this problem? Is there a patch so that it does not set the expiration date beyond the 2038 wrap around time? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Link error
I am updating OpenSSL from 0.9.7e to 0.9.8i. There are some new files and some files are moved. Most noticeably, there is a new 'engines' directory that seems to host some files previously was under crypto/engine, or their equivalent. I first followed the instruction in INSTALL.WIN32 and run perl Configure VC-WIN32 ms\do_ms nmake -f ms\ntdll.mak This seems to build fine. But we use Visual Studio to do the official build, therefore I include the same *.def files and the same C source files in Visual Studio to build the library and I get the following errors: 1-- Build started: Project: libcrypto, Configuration: Debug Win32 -- 1Linking... 1e_4758cca.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_4758cca.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_aep.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_aep.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_atalla.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_atalla.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_chil.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_chil.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_cswift.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_cswift.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_gmp.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_gmp.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_nuron.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_nuron.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_sureware.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_sureware.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1e_ubsec.obj : error LNK2005: _v_check already defined in eng_padlock.obj 1e_ubsec.obj : error LNK2005: _bind_engine already defined in eng_padlock.obj 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_4758cca 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_aep 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_atalla 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_chil 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_cswift 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_nuron 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_sureware 1libeay32.def : error LNK2001: unresolved external symbol ENGINE_load_ubsec 1C:\Projects\Mammoth\Shared\OpenSSL\0.9.8i\ms\Debug\libeay32.lib : fatal error LNK1120: 8 unresolved externals I believe the LNK2001 errors are the result of the LNK2005 errors. But I do not know the reason of the LNK2005. The ntdll.mk does build all the files in 'engines' as well as eng_padlock. Can anyone shed some light? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Building OpenSSL on Windows
I downloaded OpenSSL 0.9.8i on my Vista machine and tried to build it without any changes but failed. I have Cygwin and gcc installed on my machine. I ran 'config' on the top level and then ran 'make' to build. The build process stopped with the following error: gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.c In file included from mdc2dgst.c:63: ../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled. make[2]: *** [mdc2dgst.o] Error 1 make[2]: Leaving directory `/cygdrive/c/Downloads/OpenSSL/openssl-0.9.8i/crypto/mdc2' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/cygdrive/c/Downloads/OpenSSL/openssl-0.9.8i/crypto' make: *** [build_crypto] Error 1 bash-3.2$ Did i do anything wrong? How do these OPENSSL_NO_XXX macros get included in the compiler flags? Alex __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Using openssl vs. Java's keytool
I am trying to setup SSL connections between Java and C for HTTPS, i.e. between tomcat and gSOAP, which uses openssl to handle the SSL part. The java side uses keytool to generate the keystore and export its certificate. In openssl side, it can generate its certificate and keys. Java's keytool can import a certificate into its keystore, but how does openssl do this? Do I use openssl with some flags to import the certificate or do I simply copy the certificate from the java side (in base64 encoded text format) into a *.pem file? Can it take multiple certificates?