X509_STORE lookup problem
I've implemented my own X509_STORE lookup functions. The problem I'm having is that the store contains cert A which is being returned when I lookup cert B because they both have the same Common Name. Is there a way to tell the store to look up via thumbprint rather than Common Name? I have a get_by_fingerprint function, but it never gets called. -- Chris Bare
Re: EC_POINT_get_affine_coordinates replacement in 3.0
Thanks, I'll check those out. On Tue, May 3, 2022 at 4:53 PM William Roberts wrote: > On Tue, May 3, 2022 at 3:18 PM Chris Bare wrote: > > > > > > On Tue, May 3, 2022 at 3:10 PM William Roberts > wrote: > >> > >> On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote: > >> > > >> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to > get the coordinates > >> > in a 3.0 way. > >> > The old code is: > >> > BN_CTX *ctx = BN_CTX_new (); > >> > BIGNUM *X = NULL, *Y = NULL; > >> > const EC_POINT *pubkey; > >> > const EC_GROUP *group; > >> > BN_CTX_start (ctx); > >> > X = BN_CTX_get (ctx); > >> > Y = BN_CTX_get (ctx); > >> > pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey)); > >> > group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey)); > >> > EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx) > >> > > >> > What would be the 3.0 way to get X and Y without using deprecated > functions? > >> > >> For EC_POINT_get_affine_coordinates_GFp it goes to > >> EC_POINT_get_affine_coordinates, see: > >> - > https://www.openssl.org/docs/man3.0/man3/EC_POINT_get_affine_coordinates.html > >> > >> Offhand I don't see any other deprecated functions, was that the only > one? > >> > >> Thanks, > >> Bill > > > > > > all the EC_KEY_get0_ functions are deprecated. Is there a new way to > access the internals of > > the opaque structures, or am I stuck with the deprecated ones for this? > > I think you want the from and to data routines that provide the > components from an EVP PKEY or produce an EVP_PKEY > from the components: > - https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_todata.html > - https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html > -- Chris Bare
Re: EC_POINT_get_affine_coordinates replacement in 3.0
On Tue, May 3, 2022 at 3:10 PM William Roberts wrote: > On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote: > > > > I'm converting some openssl 1.0 code to 3.0 and I don't know how to get > the coordinates > > in a 3.0 way. > > The old code is: > > BN_CTX *ctx = BN_CTX_new (); > > BIGNUM *X = NULL, *Y = NULL; > > const EC_POINT *pubkey; > > const EC_GROUP *group; > > BN_CTX_start (ctx); > > X = BN_CTX_get (ctx); > > Y = BN_CTX_get (ctx); > > pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey)); > > group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey)); > > EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx) > > > > What would be the 3.0 way to get X and Y without using deprecated > functions? > > For EC_POINT_get_affine_coordinates_GFp it goes to > EC_POINT_get_affine_coordinates, see: > - > https://www.openssl.org/docs/man3.0/man3/EC_POINT_get_affine_coordinates.html > > Offhand I don't see any other deprecated functions, was that the only one? > > Thanks, > Bill > all the EC_KEY_get0_ functions are deprecated. Is there a new way to access the internals of the opaque structures, or am I stuck with the deprecated ones for this? -- Chris Bare
EC_POINT_get_affine_coordinates replacement in 3.0
I'm converting some openssl 1.0 code to 3.0 and I don't know how to get the coordinates in a 3.0 way. The old code is: BN_CTX *ctx = BN_CTX_new (); BIGNUM *X = NULL, *Y = NULL; const EC_POINT *pubkey; const EC_GROUP *group; BN_CTX_start (ctx); X = BN_CTX_get (ctx); Y = BN_CTX_get (ctx); pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey)); group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey)); EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx) What would be the 3.0 way to get X and Y without using deprecated functions? -- Chris Bare
Re: OpenSSL Memory Allocation Functions Issue
Hi Todd, Thanks for the information. I've looked at compiling. I'm assuming this is the file you're referring to? /usr/local/src/openssl-1.1.1m/configdata.pm What am I looking for in that file? There is no mention of malloc? Do I alter this file before running make clean make make install Thanks, Chris On Wed, 30 Mar 2022 at 16:32, Todd Short wrote: > Each OS distribution may choose to enable/disable features as they see > fit. And they may also patch the code. > > It's likely RHEL disabled the functionality. > > You would need to download the RPM source, build it, and see what is > enabled (via configdata.pm) and what patches may have been applied. > > -- > -Todd Short > // todd.sh...@me.com > // “One if by land, two if by sea, three if by the Internet." > > On Mar 30, 2022, at 4:45 AM, Chris wrote: > > Hi All, > > > Experienced an issue with Kamailio which presented with the below error > tls_pre_init(): Unable to set the memory allocation functions > > > I have two servers CentOS8 and RHEL8. CentOS8 runs as expected, RHEL8 > shows the errors > > > This forum suggested this was related to an OpenSSL issue > https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html > <https://urldefense.com/v3/__https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html__;!!GjvTz_vk!AfL-J9AyplACFBlZMGroviNViIr_q6cV1xsicFVnuZ6r6VYVHs6K5HmWKLb-$> > > > The below script was compiled and run as suggested in order confirm the > OpenSSL was present > #include > #include > > > static void *myMalloc( size_t s ) { return NULL; } > static void *myRealloc( void *p, size_t s ) { return NULL; } > static void myFree( void *p ) {} > > > int main() > { > if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc, myFree) ) > { > fprintf( stderr, "Unable to set the memory allocation functions\n"); > return -1; > } > > > return 0; > } > > > The output on each system was different > CentOS – nothing outputted > RHEL – “Unable to set the memory allocation functions” > > > Though versions of OpenSSL installed appeared the same > yum info openssl-libs openssl | grep 'Packages\|Name\|Version' > > > CentOS: > Installed Packages > Name : openssl > Version : 1.1.1k > Name : openssl-libs > Version : 1.1.1k > > > > > RHEL: > Installed Packages > Name : openssl > Version : 1.1.1k > Name : openssl-libs > Version : 1.1.1k > > > > > strings /usr/lib64/libcrypto.so | grep "^OpenSSL" > Both systems have the same output > > > > > Would someone be able to confirm what is going on here? > Does the above script suggest a problem with the OpenSSL-Libs? > Am I looking in the right places to confirm a difference between the two > VMs? > > > > > Thanks, > Chris > > >
OpenSSL Memory Allocation Functions Issue
Hi All, Experienced an issue with Kamailio which presented with the below error tls_pre_init(): Unable to set the memory allocation functions I have two servers CentOS8 and RHEL8. CentOS8 runs as expected, RHEL8 shows the errors This forum suggested this was related to an OpenSSL issue https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html The below script was compiled and run as suggested in order confirm the OpenSSL was present #include #include static void *myMalloc( size_t s ) { return NULL; } static void *myRealloc( void *p, size_t s ) { return NULL; } static void myFree( void *p ) {} int main() { if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc, myFree) ) { fprintf( stderr, "Unable to set the memory allocation functions\n"); return -1; } return 0; } The output on each system was different CentOS – nothing outputted RHEL – “Unable to set the memory allocation functions” Though versions of OpenSSL installed appeared the same yum info openssl-libs openssl | grep 'Packages\|Name\|Version' CentOS: Installed Packages Name : openssl Version : 1.1.1k Name : openssl-libs Version : 1.1.1k RHEL: Installed Packages Name : openssl Version : 1.1.1k Name : openssl-libs Version : 1.1.1k strings /usr/lib64/libcrypto.so | grep "^OpenSSL" Both systems have the same output Would someone be able to confirm what is going on here? Does the above script suggest a problem with the OpenSSL-Libs? Am I looking in the right places to confirm a difference between the two VMs? Thanks, Chris
SHA256 openssl-1.1.1i Checksum Error
This is my first post. OpenSSL is not my forte. The code below returns an unexpected checksum value for openssl-1.1.1i.. Strangely, when the same code is run for a previous version, the correct checksum value is returned. Here is what I’ve tried: 1. Downloaded the current SHA256 value for openssl-1.1.1i.tar.gz from https://www.openssl.org/source/ 2. Included that checksum value in the code below 3. Run the code in macOS Version10.15.7’s Terminal app (using bash) 4. Observed that the checksum value does not match the downloaded value in Step 1 above Here is the part of the script associated with the problem. Notice an incorrect checksum of c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e is returned at the end. What am I doing wrong? #!/bin/zsh # This script builds OpenSSL libssl and libcrypto for 64-bit devices. # Binary distribution for ios64-cross-arm64 and ios64-cross-arm64e VERSION=“1.1.1i” VERSION_SHA256_CHECKSUM="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" ## curl -Ov https://www.openssl.org/source/openssl-$VERSION.tar.gz # Checksum to verify OpenSSL files are not corrupted. FILE_CHECKSUM=$(shasum -a 256 openssl-$VERSION.tar.gz | awk '{print $1; exit}') if [ "$FILE_CHECKSUM" != "$VERSION_SHA256_CHECKSUM" ]; then echo "OpenSSL version $VERSION failed checksum." echo "Checksum should be:" $VERSION_SHA256_CHECKSUM echo "Actual downloaded file checksum:" $FILE_CHECKSUM exit 1 fi Here is the verbose listing returned by the script: chrisoutwin@Chriss-iMac OpenSSL % bash build.sh % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 23.2.168.18... * TCP_NODELAY set * Connected to www.openssl.org (23.2.168.18) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [229 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [108 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [2556 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=www.openssl.org * start date: Oct 30 19:31:03 2020 GMT * expire date: Jan 28 19:31:03 2021 GMT * subjectAltName: host "www.openssl.org" matched cert's "www.openssl.org" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET /source/openssl-“1.1.1i”.tar.gz HTTP/1.1 > Host: www.openssl.org > User-Agent: curl/7.64.1 > Accept: */* > 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0< HTTP/1.1 404 Not Found < Server: Apache/2.4.29 (Ubuntu) < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload < Accept-Ranges: bytes < Content-Type: text/html; charset=UTF-8 < Content-Length: 4182 < Cache-Control: max-age=172800 < Expires: Wed, 30 Dec 2020 15:20:43 GMT < Date: Mon, 28 Dec 2020 15:20:43 GMT < Connection: keep-alive < { [1536 bytes data] 100 4182 100 41820 0 5873 0 --:--:-- --:--:-- --:--:-- 5873 * Connection #0 to host www.openssl.org left intact * Closing connection 0 OpenSSL version “1.1.1i” failed checksum. Checksum should be: e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 Actual downloaded file checksum: c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e
CVE-1999-0428
Hi openssl-users, I am researching the known vulnerabilities of open source software that we are considering. According to the NIST NVD web site, the 1.1.1d version of OpenSSL has a few known vulnerabilities: https://nvd.nist.gov/vuln/search/results?form_type=Advanced_type=overview_type=all_vendor=cpe%3A%2F%3Aopenssl_product=cpe%3A%2F%3A%3Aopenssl_version=cpe%3A%2F%3Aopenssl%3Aopenssl%3A1.1.1d It appears most of the vulnerabilities that are listed by NIST can be dismissed since the security vulnerability was actually in an application that uses OpenSSL instead of being in OpenSSL itself. But I've been unable to determine with certainty how the last vulnerability on this list (CVE-1999-0428) was fixed. In my research, I've found a potential OpenSSL update in release 0.9.2b that may have addressed the vulnerability: https://seclists.org/bugtraq/1999/Mar/144. But this security alert message doesn't reference any CVE number. The OpenSSL Vulnerabilities web page ( https://www.openssl.org/news/vulnerabilities.html) doesn't go back to 1999, so it doesn't provide any information regarding this vulnerability. Can anyone point me to OpenSSL documentation that indicates CVE-1999-0428 was fixed? Thanks.
fipsld in CMake
Hello, I am trying to compile an openSSL wrapper for use on android, using fipsld to generate a fips compliant so file. It seems that android favors cmake now, so I was wondering if anyone got the fipsld steps working within cmake successfully and can give any pointers Thanks
Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users > wrote: > >> >> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users >> wrote: >> >> I perused the list archives for all of 2018 and did not see anything current >> relating to this problem, so if this is a question that has been asked & >> answered, please feel free to point me at the relevant location to read >> about what I'm doing incorrectly. =) >> >> I'm not at all familiar with Windows & compiling Open Source projects, but I >> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual >> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module >> and OpenSSL 1.0.2q (NO FIPS) without issue. >> >> [snip] >> >> >> I am doing the following to compile FIPS: >> cd c:\path\to\fips-source >> ms\do_fips no-asm >> >> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): >> cd c:\path\to\openssl-source >> nmake -f ms\ntdll.mak clean >> nmake -f ms\nt.mak clean >> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source >> ms\do_win64a no-asm >> nmake -f ms\ntdll.mak >> >> [snip] > > > Well, I managed to get the compile to move a bit further by copying "inc32" > to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source > directory, that I was including in --with-fipsdir= . > > However, now I am getting the following error during the OpenSSL build > process. > > [snip] So, for anyone searching in the future, I managed to get it to compile ensuring the following: Ensure the following is installed: * Perl (I used Strawberry Perl 5.24.4.1) * NASM (I used 2.14.02) * MS Visual Studio 2017 Community with the MS Windows SDK (what I used) - Ensure your Windows PATH variable has NASM and Perl included (not including this is what was causing my errors). - Start the Visual Studio 'Developer Command Prompt'. - Change directory to the decompressed openssl source directory. - Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure '--with-fipsdir=' pointed to where my FIPS object code was installed. It was, purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing problems for me. I appreciate those who reached out to me directly to provide guidance in solving my compile issues. Thanks, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
> > On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users > wrote: > > I perused the list archives for all of 2018 and did not see anything current > relating to this problem, so if this is a question that has been asked & > answered, please feel free to point me at the relevant location to read about > what I'm doing incorrectly. =) > > I'm not at all familiar with Windows & compiling Open Source projects, but I > am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual > Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module > and OpenSSL 1.0.2q (NO FIPS) without issue. > > [snip] > > > I am doing the following to compile FIPS: > cd c:\path\to\fips-source > ms\do_fips no-asm > > I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): > cd c:\path\to\openssl-source > nmake -f ms\ntdll.mak clean > nmake -f ms\nt.mak clean > perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source > ms\do_win64a no-asm > nmake -f ms\ntdll.mak > > [snip] Well, I managed to get the compile to move a bit further by copying "inc32" to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source directory, that I was including in --with-fipsdir= . However, now I am getting the following error during the OpenSSL build process. cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc 32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPEN SSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_S ECURE_NO_DEPRECATE -IC:\Users\cfernando\Downloads\ossl\ossl\openssl-fips/include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 - DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c C:\Users\cfernando\Downloads\ ossl\ossl\openssl-fips\lib\fips_premain.c fips_premain.c ml /c ms\uptable.asm Microsoft (R) Macro Assembler Version 14.16.27025.1 Copyright (C) Microsoft Corporation. All rights reserved. Assembling: ms\uptable.asm ms\uptable.asm(9) : error A2006:undefined symbol : rsp ms\uptable.asm(10) : error A2006:undefined symbol : rsp ms\uptable.asm(11) : error A2006:undefined symbol : rsp ms\uptable.asm(12) : error A2006:undefined symbol : rsp ms\uptable.asm(13) : error A2006:undefined symbol : rcx ms\uptable.asm(14) : error A2006:undefined symbol : rdx ms\uptable.asm(16) : error A2006:undefined symbol : rcx ms\uptable.asm(17) : error A2006:undefined symbol : rdx ms\uptable.asm(18) : error A2006:undefined symbol : r8 ms\uptable.asm(19) : error A2006:undefined symbol : r9 ms\uptable.asm(20) : error A2006:undefined symbol : rax ms\uptable.asm(21) : error A2006:undefined symbol : rsp ms\uptable.asm(22) : error A2006:undefined symbol : rax ms\uptable.asm(29) : error A2006:undefined symbol : rsp ms\uptable.asm(30) : error A2006:undefined symbol : rsp ms\uptable.asm(31) : error A2006:undefined symbol : rsp ms\uptable.asm(32) : error A2006:undefined symbol : rsp ms\uptable.asm(33) : error A2006:undefined symbol : rcx ms\uptable.asm(34) : error A2006:undefined symbol : rdx ms\uptable.asm(36) : error A2006:undefined symbol : rcx ms\uptable.asm(37) : error A2006:undefined symbol : rdx ms\uptable.asm(38) : error A2006:undefined symbol : r8 ms\uptable.asm(39) : error A2006:undefined symbol : r9 ms\uptable.asm(40) : error A2006:undefined symbol : rax ms\uptable.asm(41) : error A2006:undefined symbol : rsp ms\uptable.asm(42) : error A2006:undefined symbol : rax ms\uptable.asm(49) : error A2006:undefined symbol : rsp ms\uptable.asm(50) : error A2006:undefined symbol : rsp ms\uptable.asm(51) : error A2006:undefined symbol : rsp ms\uptable.asm(52) : error A2006:undefined symbol : rsp ms\uptable.asm(53) : error A2006:undefined symbol : rcx ms\uptable.asm(54) : error A2006:undefined symbol : rdx ms\uptable.asm(56) : error A2006:undefined symbol : rcx ms\uptable.asm(57) : error A2006:undefined symbol : rdx ms\uptable.asm(58) : error A2006:undefined symbol : r8 ms\uptable.asm(59) : error A2006:undefined symbol : r9 ms\uptable.asm(60) : error A2006:undefined symbol : rax ms\uptable.asm(61) : error A2006:undefined symbol : rsp ms\uptable.asm(62) : error A2006:undefined symbol : rax ms\uptable.asm(69) : error A2006:undefined symbol : rsp ms\uptable.asm(70) : error A2006:undefined symbol : rsp ms\uptable.asm(71) : error A2006:undefined symbol : rsp ms\uptable.asm(72) : error A2006:undefined symbol : rsp ms\uptable.asm(73) : error A2006:undefined symbol : rcx ms\uptable.asm(74) : error A2006:undefined symbol : rdx ms\uptable.asm(76) : error A2006:undefined symbol : rcx ms\uptable.asm(77) : error A2006:undefined symbol : rdx ms\uptable.asm(78) : error A2006:undefined symbol : r8 ms\uptable.asm(79) : er
[openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =) I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue. When I try to compile OpenSSL with the FIPS canister, per the User Guide instructions, I end up with the following error. cl /Fotmp32dll\o_fips.obj -Iinc32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -Ic:\..\openssl-fips/ include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO _SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_ CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -DOPENSSL_BUIL D_SHLIBCRYPTO -c .\crypto\o_fips.c o_fips.c .\crypto\o_fips.c(61): fatal error C1083: Cannot open include file: 'openssl/fip s.h': No such file or directory NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017 \Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\cl.EXE"' : return code '0x2 ' Stop. I am doing the following to compile FIPS: cd c:\path\to\fips-source ms\do_fips no-asm I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): cd c:\path\to\openssl-source nmake -f ms\ntdll.mak clean nmake -f ms\nt.mak clean perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source ms\do_win64a no-asm nmake -f ms\ntdll.mak I feel like I'm missing something fundamental here and I know the User Guide says to install the FIPS files in a protected area. However, as I'm just building the source on this device, shouldn't I be able to to do the above and have it work? Any help would be greatly appreciated. Thanks, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Subject CN and SANs
A bit off-topic but is it also a good idea to follow these guidelines in non-browser use cases, for example for a client certificate which is used to autenticate on a TLS connection which will be used for another protocol such as MQTT? In this case the SubjectCN looks like a "natural" place to put the client's identity, but maybe it is still better to use subjectAltName? - Chris > Actually, per the latest CA/Browser forum guidelines, subject.CN is not > only optional but âdiscouragedâ. > > -FG > >> On Dec 23, 2018, at 4:29 PM, Kyle Hamilton wrote: >> >> SubjectCN is an operational requirement of X.509, I believe. It's not >> optional in the data structure, at any rate. >> >> -Kyle H >> >>> On Sun, Dec 23, 2018 at 9:22 AM Michael Richardson >>> wrote: >>> >>> >>> Salz, Rich via openssl-users wrote: >>>> Putting the DNS name in the CN part of the subjectDN has been >>>> deprecated for a very long time (more than 10 years), although it >>>> is still supported by many existing browsers. New certificates >>>> should only use the subjectAltName extension. >>> >>> Fair enough. >>> >>> It seems that the "openssl ca" mechanism still seem to want a subjectDN >>> defined. Am I missing some mechanism that would let me omit all of >>> that? Or >>> is a patch needed to kill what seems like a current operational >>> requirement? >>> >>> -- >>> ] Never tell me the odds! | ipv6 mesh >>> networks [ >>> ] Michael Richardson, Sandelman Software Works|IoT >>> architect [ >>> ] m...@sandelman.ca http://www.sandelman.ca/| ruby on >>> rails[ >>> >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Exclude unwanted ciphers during build
Is there a simple way of excluding unwanted ciphers or cipher suites during a build? I would like to remove ARIA in particular, but may want to remove additional ones in order to use a smaller footprint. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to compile 1.1.1 under Windows
Richard, Moving Glob.pm into the main directory of the latest stable snapshot openssl-1.1.1-stable-SNAP-20181022 allowed it to bypass the missing Glob.pm message, but then it failed with the same set of "error C2065: 'INT32_MAX' : undeclared identifier" messages as the older openssl-1.1.1-stable-SNAP-20181018. On Tue, Oct 23, 2018 at 3:31 AM Chris Clark wrote: > > Next I tried an older stable snapshot > openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but > I got a different compile result: > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 > /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\rand\drbg_ctr.obj > "crypto\rand\drbg_ctr.c" > drbg_ctr.c > crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from > 'size_t' to 'int', possible loss of data > crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > On Tue, Oct 23, 2018 at 3:17 AM Chris Clark wrote: > > > > Thanks Richard. I downloaded the latest stable snapshot in order to > > bypass the UINT16_MAX definition bug, but this version fails to > > configure: > > > > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A > > --prefix=c:/openssl no-makedepend > > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the > > OpenSSL::Glob module) (@INC contains: > > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib > > c:/perl/lib .) at Configure line 20. > > BEGIN failed--compilation aborted at Configure line 20. > > > > > > I'll try some of the older stable snapshots. > > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > > > > > Silly me, I forgot we already fixed that bug: > > > > > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > > > Author: Richard Levitte > > > Date: Wed Sep 12 02:06:26 2018 +0200 > > > > > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > > > > > Fixes #7186 > > > > > > Reviewed-by: Tim Hudson > > > (Merged from https://github.com/openssl/openssl/pull/7193) > > > > > > (cherry picked from commit > > > 88ea3685e4bf30fc529fe46e19effc6317726de8) > > > > > > Cheers, > > > Richard > > > > > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on > > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte > > > said: > > > > > > > That indicates we do things in the wrong order (foo.obj depends on > > > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > > > to write up a Github issue for it? > > > > > > > > In message > > > > on > > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark > > > > said: > > > > > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error &
Re: [openssl-users] How to compile 1.1.1 under Windows
Next I tried an older stable snapshot openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but I got a different compile result: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\rand\drbg_ctr.obj "crypto\rand\drbg_ctr.c" drbg_ctr.c crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. On Tue, Oct 23, 2018 at 3:17 AM Chris Clark wrote: > > Thanks Richard. I downloaded the latest stable snapshot in order to > bypass the UINT16_MAX definition bug, but this version fails to > configure: > > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A > --prefix=c:/openssl no-makedepend > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the > OpenSSL::Glob module) (@INC contains: > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib > c:/perl/lib .) at Configure line 20. > BEGIN failed--compilation aborted at Configure line 20. > > > I'll try some of the older stable snapshots. > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > > > Silly me, I forgot we already fixed that bug: > > > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > > Author: Richard Levitte > > Date: Wed Sep 12 02:06:26 2018 +0200 > > > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > > > Fixes #7186 > > > > Reviewed-by: Tim Hudson > > (Merged from https://github.com/openssl/openssl/pull/7193) > > > > (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) > > > > Cheers, > > Richard > > > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte > > said: > > > > > That indicates we do things in the wrong order (foo.obj depends on > > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > > to write up a Github issue for it? > > > > > > In message > > > on > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark > > > said: > > > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > > U1077, but now it fails due to an undeclared identifier: > > > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > &g
Re: [openssl-users] How to compile 1.1.1 under Windows
Thanks Richard. I downloaded the latest stable snapshot in order to bypass the UINT16_MAX definition bug, but this version fails to configure: C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend Can't locate OpenSSL/Glob.pm in @INC (you may need to install the OpenSSL::Glob module) (@INC contains: C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib c:/perl/lib .) at Configure line 20. BEGIN failed--compilation aborted at Configure line 20. I'll try some of the older stable snapshots. On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > Silly me, I forgot we already fixed that bug: > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > Author: Richard Levitte > Date: Wed Sep 12 02:06:26 2018 +0200 > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > Fixes #7186 > > Reviewed-by: Tim Hudson > (Merged from https://github.com/openssl/openssl/pull/7193) > > (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) > > Cheers, > Richard > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on Tue, > 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte said: > > > That indicates we do things in the wrong order (foo.obj depends on > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > to write up a Github issue for it? > > > > In message > > on > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark said: > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > U1077, but now it fails due to an undeclared identifier: > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > > > "crypto\sm2\sm2_sign.c" > > > sm2_sign.c > > > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared > > > identifier > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > > > Stop. > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > Stop. > > > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte > > > wrote: > > > > > > > > I suspect you'll find some kind of error message in > > > > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > > > > in VS 2008. > > > > > > > > There is a workaround for this problem, and it's to use the > > > > 'no-makedepend' option: > > > > > > > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > > > > > > > For a single build, that should be good enough. > > > > > > > > Cheers, > > > > Richard > > > > > > > > In message > > > > on > > > > Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark > > > > said: > > > > > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > > > > >
Re: [openssl-users] How to compile 1.1.1 under Windows
Thank you Richard. Adding the "no-makedepend" avoided the fatal error U1077, but now it fails due to an undeclared identifier: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj "crypto\sm2\sm2_sign.c" sm2_sign.c crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared identifier NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte wrote: > > I suspect you'll find some kind of error message in > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > in VS 2008. > > There is a workaround for this problem, and it's to use the > 'no-makedepend' option: > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > For a single build, that should be good enough. > > Cheers, > Richard > > In message > on Mon, > 22 Oct 2018 23:50:46 -0700, Chris Clark said: > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > 1.1.1 for VC-WIN64A I get the following compile error: > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > Files\\Common Files\\SSL\"" > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > Stop. > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > Stop. > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > perl Configure VC-WIN64A --prefix=c:/openssl > > nmake > > > > I also tried compiling the latest stable snapshot > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > version 1.1.0h compiles without error. Can anyone tell me what the > > problem is? > > > > Here is the configuration dump: > > > > Command line (with current working directory = .): > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > Perl information: > > c:\perl\bin\perl.exe > > 5.24.3 for MSWin32-x64-multi-thread > > Enabled features: > > aria > > asm > > async > > autoalginit > > autoerrinit > > autoload-config > > bf > > blake2 > > camell
Re: [openssl-users] How to compile 1.1.1 under Windows
Sorry, I meant to say I'm upgrading from 1.1.0h. On Tue, Oct 23, 2018 at 12:20 AM Dr. Matthias St. Pierre wrote: > > Oh, I should have read your mail until the end: > > Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions. > > > -Ursprüngliche Nachricht- > > Von: openssl-users Im Auftrag von Dr. > > Matthias St. Pierre > > Gesendet: Dienstag, 23. Oktober 2018 09:17 > > An: openssl-users@openssl.org > > Betreff: Re: [openssl-users] How to compile 1.1.1 under Windows > > > > Hi, > > > > a lot of structures where made opaque going from 1.0.2 to 1.1.0. > > This means, you will have to make changes to your program source code > > to compile it against 1.1.0 or 1.1.1. > > > > For details, see https://www.openssl.org/docs/faq.html#PROG2 > > > > HTH, > > Matthias > > > > > > > -Ursprüngliche Nachricht- > > > Von: openssl-users Im Auftrag von > > > Chris Clark > > > Gesendet: Dienstag, 23. Oktober 2018 08:51 > > > An: openssl-users@openssl.org > > > Betreff: [openssl-users] How to compile 1.1.1 under Windows > > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > > Files\\Common Files\\SSL\"" > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > > Stop. > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > Stop. > > > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > > perl Configure VC-WIN64A --prefix=c:/openssl > > > nmake > > > > > > I also tried compiling the latest stable snapshot > > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > > version 1.1.0h compiles without error. Can anyone tell me what the > > > problem is? > > > > > > Here is the configuration dump: > > > > > > Command line (with current working directory = .): > > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > > Perl information: > > > c:\perl\bin\perl.exe > > > 5.24.3 for MSWin32-x64-multi-thread > > > Enabled features: > > > aria > > > asm > > > async > > > autoalginit > > > autoerrinit > > > autoload-config > > > bf > > > blake2 > > > camellia > > > capieng > > > cast > > > chacha > > > cmac > > > cms > > > comp > > > ct > > > deprecated > > > des > > > dgram > > > dh > > > dsa > > > dso > > > dtls > > > dynamic-engine > > > ec > > > ec2m > > > ecdh > > > ecdsa > > > engine > > > err > > > filenames > > > gost > > > hw(-.+)? > > > idea > > > makedepend > > > md4 > > > mdc2 > > &g
[openssl-users] How to compile 1.1.1 under Windows
I am attempting to upgrade a project using OpenSSL 1.0.0h to version 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version 1.1.1 for VC-WIN64A I get the following compile error: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. My Command lines from the VS 2008 x64 Command Prompt are: perl Configure VC-WIN64A --prefix=c:/openssl nmake I also tried compiling the latest stable snapshot (openssl-1.1.1-stable-SNAP-20181022) with the same results. However version 1.1.0h compiles without error. Can anyone tell me what the problem is? Here is the configuration dump: Command line (with current working directory = .): c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl Perl information: c:\perl\bin\perl.exe 5.24.3 for MSWin32-x64-multi-thread Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dso dtls dynamic-engine ec ec2m ecdh ecdsa engine err filenames gost hw(-.+)? idea makedepend md4 mdc2 multiblock nextprotoneg ocb ocsp pic poly1305 posix-io psk rc2 rc4 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl static-engine stdio tests threads tls ts ui-console whirlpool tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng[not-linux] asan[default] OPENSSL_NO_ASAN crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 egd [default] OPENSSL_NO_EGD external-tests [default] OPENSSL_NO_EXTERNAL_TESTS fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER fuzz-afl[default] OPENSSL_NO_FUZZ_AFL heartbeats [default] OPENSSL_NO_HEARTBEATS md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) msan[default] OPENSSL_NO_MSAN rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) sctp[default] OPENSSL_NO_SCTP ssl-trace [default] OPENSSL_NO_SSL_TRACE ubsan [default] OPENSSL_NO_UBSAN unit-test [default] OPENSSL_NO_UNIT_TEST weak-ssl-ciphers[default] OPENSSL_NO_WEAK_SSL_CIPHERS zlib[default] zlib-dynamic[default] ssl3[default] OPENSSL_NO_SSL3 ssl3-method [default] OPENSSL_NO_SSL3_METHOD Config target attributes: AR => "lib", ARFLAGS => "/nologo", AS => "nasm", ASFLAGS => "-g", CC => "cl", CFLAGS => "/W3 /wd4090 /nologo /O2", CPP => "\$(CC) /EP /C", HASHBANGPERL => "/usr/bin/env perl", LD => "link", LDFLAGS => "/nologo /debug", MT => "mt", MTFLAGS => "-nologo", RANLIB => "CODE(0x65aff0)", RC => "rc", aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", apps_aux_src => "win32_init.c", apps_init_src => "../ms/applink.c", apps_obj => "win32_init.o", aroutflag => "/out:", asflags => "-Ox -f win64 -DNEAR", asoutflag => "-o ", bf_asm_src => "bf_enc.c", bf_obj => "bf_enc.o", bin_cflags => "/Zi /Fdapp.pdb",
Re: [openssl-users] Checksum for openssl-1.0.2p download
Thank you very much for your helpful reply. I’m a graphics programmer with no experience in PGP. The shell script I have calls: OPENSSL_ARCHIVE_URL="https://www.openssl.org/source/old/${BRANCH}/${OPENSSL_ARCHIVE_FILE_NAME}” in the process of downloading OpenSSL for use in building an iOS static implementation. Does https have a reasonable level of security? I believe I can include a block of code in the script to do a checksum. > On Sep 12, 2018, at 1:42 PM, Michael Wojcik > wrote: > >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf >> Of Matt Caswell >> Sent: Wednesday, September 12, 2018 14:29 >> >> On 12/09/18 19:24, Chris Outwin wrote: >>> I’m an OpenSSL newbie and this is my first post. I’m using OpenSSL for >> receipt validation in an iOS application. >>> >>> Is there a list of checksums to verify openssl download versions? >> >> Next to each download on the website there are links for SHA256/PGP/SHA1 >> checksums. >> >> https://www.openssl.org/source/ > > I'd strongly recommend verifying the PGP (OpenPGP, gpg) signature on the > tarball. The signature files are right there alongside the tarballs. > > If you're new to gpg (or whatever OpenPGP implementation of your choice), > there's a bit of learning and setup to do: you'll need to fetch the > appropriate key from a public keyserver or other trustworthy (-ish) source to > fully verify the signature, and you'll probably want to mark the key as > trusted so the output from gpg is clear. > > But once you've done that, it's very easy to verify the signature, and to > automate the process if you prefer. And the signatures add a bit of > defense-in-depth because publishing a tampered-with tarball would require > subverting the private key as well as to the OpenSSL web server. (If you're > just checking the SHA256 hash, an attacker could either get access to the > OpenSSL web server, or force you to a counterfeit server, for example via DNS > cache poisoning. And due to the systemic brokenness of the web PKI, it's > pretty easy to fool a lot of people with a counterfeit server.) > > So do the work now to set yourself up for verifying the signature, and > inculcate a good habit. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Checksum for openssl-1.0.2p download
I’m an OpenSSL newbie and this is my first post. I’m using OpenSSL for receipt validation in an iOS application. Is there a list of checksums to verify openssl download versions? I believe I should be using openssl-1.0.2p. Can openssl-1.1.1 be used in a production application yet? Why doesn’t openssl-1.1.1 end with a letter of the alphabet? Thank you very much. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PRNG is not seeded
> Of course people have been harvesting entropy, or trying to, from network > sources for decades. There's a famous paragraph regarding it in RFC 4086, > which is an expanded version of a similar statement from RFC 1750 (1994): > > Other external events, such as network packet arrival times and > lengths, can also be used, but only with great care. In particular, > the possibility of manipulation of such network traffic measurements > by an adversary and the lack of history at system start-up must be > carefully considered. If this input is subject to manipulation, it > must not be trusted as a source of entropy. > > (RFC 4086, 3.5) Good point about the possibility of manipulation; it sounds a bit far-fetched but so did a lot of other exploits before they became a reality. > More generally: It's often possible to harvest quite a bit of information > that can't be adequately predicted or statistically modeled by an attacker > from network sources, and these days distilling CPRNG entropy from such > inputs is straightforward thanks to the use of cryptographic compression > functions. It's the edge cases that bite you. 4086 mentions attacker > manipulation (flooding network sources with known data to flush entropy > out of the pool) and start-up (if you don't have persistent storage of > adequate seed material). Embedded devices may suffer from too little, or > too predictable, network traffic in their limited reception area. > > You can get stronger guarantees from hardware entropy devices, which are > cheap (in every sense: component cost, power consumption, size, ...). So > there's not a lot of incentive to do more research into gathering entropy > from external sources - it makes more sense to lean on device > manufacturers, or use add-on devices. Or carry forward entropy across reboots, provided that can be done without exposing another attack surface; or obtaining entropy from a trusted source if you can figure out how to make a secure connection with that source. My experience with "lean[ing] on device manufacturers" is not all that positive. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PRNG is not seeded
As it happens I am the proud owner of a made-in-UK Mathmos Lava Lamp and a couple of their Space Projectors : however I don't use them as a RNG. I am thinking more about the fact that there are a lot of devices which * have no hardware TRNG on board * do have one or more connections to wired or wireless internet and/or wide-area networks and/or various other communications channels such as BTLE or ZigBee * need to make a TLS/DTLS connection somewhere in order to be useful. By "literally in the air" I mean the entropy that is flying around in those radio channels or shared media; not the data which is being transmitted, but the inter-arrival times / collisions / etc. generated by a number of physically independent sources. I am sceptical of using haveged on such devices; of course I should be willing to test it and measure the results, but "measuring randomness" is a tricky business so I would be happy to see the results of some research. My own experiments in the past (with devices which had only a dial-up connection to the mother ship) were singularly unsuccessful in generating any useful degree of randomness. Thanks anyway for the suggestions everyone. > On 05/31/2018 03:03 PM, openssl-users-requ...@openssl.org distributed: >> Date: Thu, 31 May 2018 18:45:02 +1000 >> From: FooCrypt >> >> Place a teaspoon of fine grade white sand onto the skin of a snare drum > > Macroscopic hardware TRNGs are a *tad* yesteryear > > https://en.wikipedia.org/wiki/Lavarand > > because observing *quantum* random events doesn't require large devices > > https://en.wikipedia.org/wiki/Hardware_random_number_generator > > (not to mention being IIUC harder to influence by an attacker so as to > make them lose randomness). Nonetheless, if you don't have the hardware > (builtin TPM?) and cannot easily connect one to the given platform (as I > suspect for the OP's architecture) ... > > For general computing platforms, I've taken to installing (and, of > course, running and monitoring) haveged as a standard - on hosts *and* > VMs. It can run in an AIS-31 test mode if you want to check out the > entropy it collects. > > https://wiki.archlinux.org/index.php/Haveged > >>> On 31 May 2018, at 6:07 PM, chris.g...@kiffer.be wrote: >>> I've also encountered this quite often, and I have a feeling that on >>> today's connected devices there may be a lot of entropy "in the air" >>> (quite literally) which is not being captured. Does any one know of >>> research in this area? > > Not specifically for mobile phones or WiFi interfaces, if that's what > you're referring to with "in the air". However, squeezing available > entropy out of various less-than-predictable hardware and OS states is > what *all* non-hardware entropy gatherers ultimately do, from the Linux > kernel's /dev/random mechanisms to haveged to what-have-you. > > Regards, > -- > Jochen Bern > Systemingenieur > > www.binect.de > www.facebook.de/binect > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PRNG is not seeded
I've also encountered this quite often, and I have a feeling that on today's connected devices there may be a lot of entropy "in the air" (quite literally) which is not being captured. Does any one know of research in this area? > Hi Scott > > I donât know your OS or environment, have you tried the âopenssl > randâ functionality as a random source to seed your entropy issues ? > > openssl rand 102400 > some named pipe file that you can call as your > random source. > > perhaps rather than pseudo random, try a hardware device ? > > > >> On 30 May 2018, at 8:58 AM, Scott Neugroschl wrote: >> >> Hi, >> >> Iâm using PRNGD to seed my random numbers (Iâm on a system without >> /dev/random and /dev/urandom). I occasionally get the dreaded âPRNG >> is not seededâ error. >> >> I know this is caused by a lack of available entropy in the system; but >> what can I do to address this? Is it just a matter of waiting until >> enough entropy has been collected? Is there any kind of workaround? >> >> Thanks >> >> ScottN >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] how to control the cipher list of an openssl server
I have a fairly basic server set up based on various examples I've seen. I run an nmap script I found against it and see only 16 ciphers listed, none of which are supported by modern web browsers. Yet when I run "openssl ciphers I get a list of 97. I realize some of these are old and deprecated etc, but where does the default list come from? I tried this code to set it to use one of the more modern ciphers shown in the the openssl ciphers output: char *ssl_cipher = "ECDHE-ECDSA-AES128-GCM-SHA256"; if(!SSL_CTX_set_cipher_list(jav->ctx, ssl_cipher)) return (false); but after that the nmap script doesn't find any ciphers. Any suggestions? -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [EXTERNAL] Re: OpenSSL error message when decrypting Ethereum encrypted private key
Thank you to everyone that has weighed in on my question. Unfortunately, I have yet to find an answer that I'm fully satisfied with. I'm trying a different approach: I would like to create a sample encrypted Ethereum private key that shares the same 132 character PEM format as the string I'm trying to decrypt. I can then attempt to decrypt that string with an incorrect password, and see if I get the EVP_DecryptFinal_ex:wrong final block length error. Does that make sense? Here's my basic approach. I'm starting with Vincent Kobel's excellent "Create a Full Ethereum Wallet, Keypair and Address" article ( https://kobl.one/blog/create-full-ethereum-keypair-and-address/) He creates a 132-character PEM formatted unencrypted private key with this command: openssl ecparam -name secp256k1 -genkey -noout Unless I have completely failed at reading the man page correctly, there's no way to assign a password from the ecparam command. I write the 132 character unencrypted private key (not the -BEGIN/END EC PRIVATE KEY- characters) to a file named sample_pk.pem and I encrypt it with openssl: openssl enc -e -aes-256-cbc -a -in sample_pk.pem -out sample_epk.pem -pass pass:secret I now have a 256 character encrypted private string. (Note, the string length is 256 characters whether I use AES-128 or AES-256. That's probably obvious to all of you, but it wasn't to me). If I decrypt that string with the correct password openssl enc -d -aes256 -a -in sample_epk.pem -out recovered.key -pass pass:secret I get my original unencrypted private key back. Excellent! However, If I decrypt that string with an incorrect password: openssl enc -d -aes256 -a -in sample_epk.pem -out recovered.key -pass pass:secr3t I get a new error message: EVP_DecryptFinal_ex:bad decrypt And, that message does not match the EVP_DecryptFinal_ex:wrong final block length error message I was hoping to get. I think that all that I have proven with this exercise is that the original unencrypted private key was: - not a 132 character PEM formatted unencrypted private key - and/or - it was not encrypted using the -aes-256-cbc encryption algorithm So, on to the question! Can anyone help me figure out how to create an Ethereum private key such that when it is encrypted it is a 132 character long PEM formatted string? Alternately, is there a process for taking an encrypted string, and "backing in" to the details of how it was created? (ie what algorithm, etc?) Thanks, Chris On Mon, Jan 15, 2018 at 2:01 PM, Chris B <cryptoassetrecov...@gmail.com> wrote: > Hi Daniel, > > >Option #1 from the possibilities you mentioned below seems to be the > most logical to me. > Thank you, that's very helpful. > > Thanks, > Chris > > On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel <dnsa...@sandia.gov> wrote: > >> On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote: >> >> Hi Matt, >> >> >If you *are* using 1.1.0 then the default digest was changed between >> 1.0.2 and 1.1.0. >> Awesome thought, but I'm also using 1.0.2: >> >> $ openssl version >> >> OpenSSL 1.0.2k-fips 26 Jan 2017 >> >> (I also tried adding -md md5 to the previous command, but I got the same >> error message). >> >> >> Option #1 from the possibilities you mentioned below seems to be the most >> logical to me. If you use the wrong key, the padding data in the last block >> will also be decrypted to the wrong values, so the padding block check will >> fail. The padding is a necessary part of decryption because it needs to >> know how much plaintext is actually represented by that last block. >> >> >> > I'm not sure how to interpret that output. I could interpret it as: >> > o Your system for decrypting the password is perfect, but: this is not >> > the right password. >> > o There's something wrong with the EPK -- its length must be a multiple >> > of the AES block length. >> > o There's something wrong with the unencrypted private key -- its length >> > must be a multiple of the AES block length. >> > o Something else entirely >> >> >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [EXTERNAL] Re: OpenSSL error message when decrypting Ethereum encrypted private key
Hi Daniel, >Option #1 from the possibilities you mentioned below seems to be the most logical to me. Thank you, that's very helpful. Thanks, Chris On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel <dnsa...@sandia.gov> wrote: > On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote: > > Hi Matt, > > >If you *are* using 1.1.0 then the default digest was changed between > 1.0.2 and 1.1.0. > Awesome thought, but I'm also using 1.0.2: > > $ openssl version > > OpenSSL 1.0.2k-fips 26 Jan 2017 > > (I also tried adding -md md5 to the previous command, but I got the same > error message). > > > Option #1 from the possibilities you mentioned below seems to be the most > logical to me. If you use the wrong key, the padding data in the last block > will also be decrypted to the wrong values, so the padding block check will > fail. The padding is a necessary part of decryption because it needs to > know how much plaintext is actually represented by that last block. > > > > I'm not sure how to interpret that output. I could interpret it as: > > o Your system for decrypting the password is perfect, but: this is not > > the right password. > > o There's something wrong with the EPK -- its length must be a multiple > > of the AES block length. > > o There's something wrong with the unencrypted private key -- its length > > must be a multiple of the AES block length. > > o Something else entirely > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key
Hi Matt, >If you *are* using 1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Awesome thought, but I'm also using 1.0.2: $ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 (I also tried adding -md md5 to the previous command, but I got the same error message). Thanks, Chris On Sun, Jan 14, 2018 at 6:03 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 14/01/18 15:26, Chris B wrote: > > I'm trying to help someone recover his password for an older format > > ethereum encrypted private key (EPK). My plan has been to use his best > > guess at the password to brute force the actual password. > > > > The EPK is a 132 character string, and it looks something like this: > > U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ > 9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+ > EAy0tYb7Wtv2+IRWZzcpsE8e2a > > > > (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".) > > > > This article > > (https://www.reddit.com/r/Bitcoin/comments/3gwdge/ > importing_old_encrypted_private_keys/) > > seems to describe a very similar EPK. The author of that post decrypted > > their key with the following command: > > > > openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass > pass:"PASSWORD_HERE" > > > > I have tried this same approach, but I'm getting an error: > > > > EVP_DecryptFinal_ex:wrong final block length > > What version of OpenSSL are you using. The quoted article was written 2 > years ago so definitely wasn't using OpenSSL 1.1.0. If you *are* using > 1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Old > OpenSSL "enc" output defaulted to md5. The current default is sha256: > > https://www.openssl.org/docs/faq.html#USER3 > > Try adding "-md md5" onto your command line. > > Matt > > > > > > Here's an example: > > > > /usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out > > recovered.key -pass pass:TheBig7ebowski > > > > And here's the output: > > > > bad decrypt > > > > 140220549330848:error:0606506D:digital envelope > > routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581: > > > > I'm not sure how to interpret that output. I could interpret it as: > > o Your system for decrypting the password is perfect, but: this is not > > the right password. > > o There's something wrong with the EPK -- its length must be a multiple > > of the AES block length. > > o There's something wrong with the unencrypted private key -- its length > > must be a multiple of the AES block length. > > o Something else entirely > > > > Can anyone help me understand how to interpret this error message? > > > > Thanks, > > Chris > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key
>Any chance this is data corruption? Brilliant! You caught me. Although this key is encrypted I wasn't comfortable making it public on the interwebs. So, I randomly changed several of the characters. If I run openssl base64 -d... on the *actual* key it does indeed begin with Salted__: $ openssl base64 -d -in enc_private_key.txt | od -c 000 S a l t e d _ _ >You could try a dictionary attack on the actual 132-byte string, after base64-decoding, >provided it is not corrupted. This is basically what I was trying to do, although I was simply running a few hundred thousand strings that are related to the best guess password, rather using a dictionary attack. Is there a better command to proceed with a brute force attack than this one? /usr/bin/openssl enc -d -aes-256-cpc -a -in enc_private_key.txt -out recovered.key As I understand: - openssl enc -d => decrypt using openssl - -aes-256-cpc => use the AES 256 CPC algorithm - -a => base64 decrypt - -in=> read the encrypted string from enc_private_key.txt - -out => write the unencrypted string to recovered.key I tried running openssl in two steps: first doing the base64 decoding, then decrypting with -aes256, which I believe is functionally the same as the command mentioned above: $ openssl base64 -d -in enc_private_key.txt | openssl enc -d -aes256 -out recovered.key enter aes-256-cbc decryption password: bad decrypt 139845090879392:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581: Which brings me back to the original question. Does anyone know how to interpret "EVP_DecryptFinal_ex:wrong final block length" Thanks! -Chris On Sun, Jan 14, 2018 at 11:21 AM, Viktor Dukhovni < openssl-us...@dukhovni.org> wrote: > > > > On Jan 14, 2018, at 10:26 AM, Chris B <cryptoassetrecov...@gmail.com> > wrote: > > > > I'm trying to help someone recover his password for an older format > ethereum encrypted private key (EPK). My plan has been to use his best > guess at the password to brute force the actual password. > > > > The EPK is a 132 character string, and it looks something like this: > U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ > 9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+ > EAy0tYb7Wtv2+IRWZzcpsE8e2a > > > > (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".) > > This input is base64 encoded: > > $ openssl base64 -d < U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ9s8DzeGuBtYJPDCK > Dy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+EAy0tYb7Wtv2+IRWZzcpsE > 8e2a > END > 000S a l t e t _ _ 9 3 326 \0 k 375 273 246 > 020a / 027 0 271 246 242 310 343 025 253 003 252 . 031 P > 040 261 320 G 211 366 317 003 315 341 256 006 326 \t < 0 212 > 060 017 - & 363 L 257 035 324 030 \f 303 332 370 | /ؓ > 100 ** ۸ ** b M 241 C ! 025 j \ A m U 027 000 > 120 \0 313 K X o 265 255 277 o 210 E f s r 233 004 > 140 361 100 232 > > This does indeed look a lot like "openssl enc" output: > > $ echo foobar | openssl enc -aes256 -pass pass:foobar | od -c > 000S a l t e d _ _ 263 f 243 \0 242 ~ 031 3 > 020 266 035 Y 310 367 300 366 264 247 : $ s 236 266 4 340 > 040 > > Except that for some reason the "d" in "Salted" is a "t". Funny that these > are the voiced and unvoiced variants of the same consonant, but note also > that the ASCII code for 'd' = 0x64 and 't' = 0x74, so this is a 1 bit > change. > Any chance this is data corruption? > > > > > This article (https://www.reddit.com/r/Bitcoin/comments/3gwdge/ > importing_old_encrypted_private_keys/) > > seems to describe a very similar EPK. > > In that sample, the base64-decoded data starts with "Salted__" as expected. > > > The author of that post decrypted their key with the following command: > > > > openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass > pass:"PASSWORD_HERE" > > Hard to say whether that's correct, rather depends on the format of > "FILE_OF_KEYS". > You could try a dictionary attack on the actual 132-byte string, after > base64-decoding, > provided it is not corrupted. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key
Hi Rich, Thank you very much for the reply. I get the same error message using -aes256 as -aes-256-cbc /usr/bin/openssl enc -d -aes256 -a -in enc_private_key.txt -out recovered.key -pass pass:TheBig7ebowski bad decrypt 140383648536480:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581: Thanks, Chris On Sun, Jan 14, 2018 at 10:39 AM, Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > For CBC the encrypted text will be a multiple of the cipher size. So your > use of CBC is wrong. The quoted post uses aes256; you were using aes-cbc > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key
I'm trying to help someone recover his password for an older format ethereum encrypted private key (EPK). My plan has been to use his best guess at the password to brute force the actual password. The EPK is a 132 character string, and it looks something like this: U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+EAy0tYb7Wtv2+IRWZzcpsE8e2a (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".) This article ( https://www.reddit.com/r/Bitcoin/comments/3gwdge/importing_old_encrypted_private_keys/) seems to describe a very similar EPK. The author of that post decrypted their key with the following command: openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass pass:"PASSWORD_HERE" I have tried this same approach, but I'm getting an error: EVP_DecryptFinal_ex:wrong final block length Here's an example: /usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out recovered.key -pass pass:TheBig7ebowski And here's the output: bad decrypt 140220549330848:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581: I'm not sure how to interpret that output. I could interpret it as: o Your system for decrypting the password is perfect, but: this is not the right password. o There's something wrong with the EPK -- its length must be a multiple of the AES block length. o There's something wrong with the unencrypted private key -- its length must be a multiple of the AES block length. o Something else entirely Can anyone help me understand how to interpret this error message? Thanks, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] ENGINE API and a compromised client or server
Hi all, On a project I am working on we are wrestling with the problem of preventing discovery of the private key, in a consumer device. I have been advocating the use of the ENGINE API as a general model which can be used to provide the best isolation possible on the customer's chosen hardware: * at a minimum no direct accessibility of the private key file (or dedicated flash region) from the internet-facing process; * better still if internet-facing process runs in an LXC (esp. if unprivileged); * ideally of course true SHM ($$$); without needing to maintain multiple codebases. Some colleagues have expressed concern that API methods such as RSA_(public,private]_[en,de]crypt could be used by a compromised client/server to launch a chosen-plaintext attack. (For the record we are also using ECDSA, so this question is not purely RSA-specific). I am not unduly worried about the _public_ functions because we should be able to insist that a decent padding algorithm is used and then we are pretty safe, right? I am more nervous about RSA_public_encrypt, which I think is needed by TLS and which only seems to support RSA_PKCS1_PADDING (not good). Is this a feasible attack vector? Note that we are not only talking about servers here, rather we currently have only one internet-facing server (HTTPS) and a growing number of XXX-over-TLS clients, so if anything these are a greater source of concern. Any pointers are very welcome! Chris Gray -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] cms utility "-sign" doesn't include signed content
I'm struggling with a PKCS7 signing operation using openssl 1.0.2g. I want to create signed messages like the one in my 'original' file (below). It seemed like extracting and then re-signing this message would be a good start. I'm able to verify/unpack the original message, but not able to sign the unpacked message to get back to where I started. I have access to the signer's certificate and private key. I hope somebody can point me in the right direction? I'm extracting the message with: openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out extracted I thought I'd be able to re-sign this message using something like: openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer signer_cert -outform pem This 'sign' operation completes successfully, but produces an output that's missing the payload. Using the same procedure to sign 1MB of random data produces a result that's only 1396 bytes long: dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey signer_key -signer signer_cert -outform pem | grep -v -- -- | base64 --decode | wc -c 1396 Clearly this 'sign' function doesn't do what I thought it did. How can I sign blob of data so that it looks like my 'original'? The files I'm using: original https://pastebin.com/raw/CNPLyqcm CA_cert.pem https://pastebin.com/raw/HiE6gMTN signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not an actual secret) signer_cert https://pastebin.com/raw/ACtTVHdp Thank you! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] SSL_shutdown:shutdown while in init
I have the following code: setup_ssl (char *server_name, char *port, SSL_CTX *ctx) { BIO *output = BIO_new_ssl_connect (ctx); if (!output) { return (NULL); } BIO_get_ssl (output, ); SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY); SSL_set_verify (ssl, true, NULL); BIO_set_conn_hostname (output, server_name); BIO_set_conn_port(output, port); if (BIO_do_connect (output) <= 0) { BIO_free (output); return (NULL); } } If the server I'm trying to connect to does not have ssl enabled, I get the error: SSL23_GET_SERVER_HELLO:unknown protocol and BIO_do_connect fails as expected, but BIO_free gives this error: SSL_shutdown:shutdown while in init If I don't free it, I have a memory leak. Is there something else I need to do to clean up the BIO? I tried calling BIO_do_handshake, but that crashes (not surprised). -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How do I connect to this server
You should be able to do this using stunnel: see for example https://www.elastic.co/guide/en/cloud/current/tunneling-ssl.html where your telnet commands would be the "client which supports only http". But you can also learn a lot by playing with curl ... > I know that this is a TLS related question; however, do you know how you > can diagnose straight HTTP using: > > *telnet **server1 portnumber ?* > Then provide HTTP/1.1 etc? > > Is it possible to do the same thing with: *openssl s_client > server1:portnumber* then do the HTTP/1.1 etc... etc...? > > Is that a possible technique? I am interested in learning too? > > -- > Warron French > > > On Fri, Apr 21, 2017 at 6:29 PM, Salz, Rich via openssl-users < > openssl-users@openssl.org> wrote: > >> > https://username:passw...@server.com >> > How do I specify this username and password when using SSL_connect()? >> >> You don't. That stuff is at the protocol level about TLS/SSL. >> >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to detect AES-NI compatible CPU
My application links to OpenSSL 1.1.0 dynamically, and I would like to be able to determine if the CPU supports the AES-NI instruction set. Is there an OpenSSL API that can do this? -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c
On Thu, Jan 19, 2017 at 10:36 AM, Matt Caswell <m...@openssl.org> wrote: > Try this: > > openssl ciphers -v "ALL:@SECLEVEL=0" Okay that worked! Thanks to everyone that responded. I saw Rich Salz mentioned using ALL, but I didn't realize it was a parameter. -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c
2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHASSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 ECDHE-PSK-AES256-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c
On Wed, Jan 18, 2017 at 3:37 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: >> I am trying to compile OpenSSL 1.1.0c for Visual Studio with the > >depreciated RC4 cipher enabled. >> I tried the following configure line: >> perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4 >> > > Once I compile, and I run "openssl ciphers -v" it does not show any RC4 > > ciphers. > > Is there another parameter needed? > > Which "openssl" command did you run and against which libraries? > Report the output of "openssl version -a". OpenSSL 1.1.0c 10 Nov 2016 built on: reproducible build, date unspecified platform: compiler: cl " "VC-WIN64A OPENSSLDIR: "c:\openssl64" ENGINESDIR: "C:\openssl64\lib\engines-1_1" Here is the batch file I used: SET PREFIX=C:\openssl64 SET OPENSSLDIR=C:\openssl64 perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4 nmake >> I would also like to know, is it possible to also enable the depreciated SSL3 >> ciphers? > > Do you mean the ciphers or the protocol? Many SSLv3 ciphers are > still needed for interoperable TLS 1.0/1.1/1.2 Sorry, I meant to say the SSLv3 protocol. -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to enable RC4 in OpenSSL 1.1.0c
I am trying to compile OpenSSL 1.1.0c for Visual Studio with the depreciated RC4 cipher enabled. I tried the following configure line: perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4 Once I compile, and I run "openssl cipher -v" it does not show any RC4 ciphers. Is there another parameter needed? I would also like to know, is it possible to also enable the depreciated SSL3 ciphers? -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] X.509 Attribute Certificate status
Hi there, What is the current status of ACs (as defined in X.509 and RFC 575s5) in OpenSSL? When I did some work using them a few years back (10?) there was no real support in the mainline; now I have a use case where they look like a good solution but only if they are well-supported by the tools we and our customers use (which includes OpenSSL). Thanks for any indications Chris Gray -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
Ok, that makes sense with what I'm seeing. I just tried changing this: const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); to this: const EVP_MD* md = EVP_get_digestbyname("SHA256"); and it all worked correctly. so given that I have an OID for ecdsa-with-SHA256, is there a function that will return just the digest algorithm? I'm trying to be as flexible as possible, so I don't want to hard code this or have my own limited lookup table. On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 07/07/2016 20:08, Chris Bare wrote: > >> EVP_get_digestbyobj fails for ecdsa-with-SHA256 >> >> ecdsa-with-SHA256 is not a digest algorithm, it is a signature > algorithm with a specific choice of digest algorithm (SHA256). > > In OpenSSL 1.0.2 and older there is a very old compatibility > feature which allows accessing a few old signature+digest > algorithm pairs via a digest algorithm object. > > Specifically: > > RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224, > SHA256, SHA384 and SHA512 > DSA with SHA-0 and SHA1 > ECDSA with with SHA1 > > This has been deprecated for a long time, but the compatibility > code makes your code below work for the above algorithm pairs. > > The reason this compatibility code is deprecated is that it > causes the RSA algorithm to be referenced every time someone > tries to reference just the hash algorithm object for one of > the digest algorithms listed above. > > I'm trying to perform a standard signature verification using the EVP_* >> functions. >> I think my code is correct, because it all runs fine if the digest is >> RSA-SHA256. >> I have an ASN1_OBJECT that specifics the signature/disgest type. >> Here is my code that dumps out all the intermediate steps called by >> EVP_get_digestbyobj: >> >> ASN1_OBJECT * ; >> >> OBJ_obj2txt(name, 256, sig_alg_oid, 1); >> printf ("NAME %s", name); >> printf ("NID = %d", OBJ_obj2nid(sig_alg_oid)); >> printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid))); >> printf ("OBJ_NAME_get = %p", >> OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH)); >> const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); >> if(md == NULL) >> printf ("EVP_get_digestbyobj failed"); >> >> When I call this with the RSA-SHA256 I get: >> NAME 1.2.840.113549.1.1.11 >> NID = 668 >> sn = RSA-SHA256 >> OBJ_NAME_get = 0x7fe8846f1ee0 >> >> and the rest of the steps succeeed. >> Then when I call the same code (in the same program, so I'm sure the >> openssl library is correctly initialized) with >> ecdsa-with-SHA256, I get: >> NAME 1.2.840.10045.4.3.2 >> NID = 794 >> sn = ecdsa-with-SHA256 >> OBJ_NAME_get = (nil) >> EVP_get_digestbyobj failed >> >> So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails. >> >> I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10 >> >> Am I doing something wrong, or could this be a bug in the library? >> Any suggestions appreciated. >> > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
EVP_get_digestbyobj fails for ecdsa-with-SHA256 I'm trying to perform a standard signature verification using the EVP_* functions. I think my code is correct, because it all runs fine if the digest is RSA-SHA256. I have an ASN1_OBJECT that specifics the signature/disgest type. Here is my code that dumps out all the intermediate steps called by EVP_get_digestbyobj: ASN1_OBJECT * ; OBJ_obj2txt(name, 256, sig_alg_oid, 1); printf ("NAME %s", name); printf ("NID = %d", OBJ_obj2nid(sig_alg_oid)); printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid))); printf ("OBJ_NAME_get = %p", OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH)); const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); if(md == NULL) printf ("EVP_get_digestbyobj failed"); When I call this with the RSA-SHA256 I get: NAME 1.2.840.113549.1.1.11 NID = 668 sn = RSA-SHA256 OBJ_NAME_get = 0x7fe8846f1ee0 and the rest of the steps succeeed. Then when I call the same code (in the same program, so I'm sure the openssl library is correctly initialized) with ecdsa-with-SHA256, I get: NAME 1.2.840.10045.4.3.2 NID = 794 sn = ecdsa-with-SHA256 OBJ_NAME_get = (nil) EVP_get_digestbyobj failed So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails. I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10 Am I doing something wrong, or could this be a bug in the library? Any suggestions appreciated. -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Access to ECC X and Y
Is there a public interface to access the X and Y elements of an Ecc public key? I tried: EC_KEY *ecc; BN_num_bytes (ecc->pub_key->X); but get the compiler error: error: dereferencing pointer to incomplete type ‘EC_KEY {aka struct ec_key_st}’ -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] SSL errors connecting to some websites
Hi Our schools filtering product utilises OpenSSL with Squid; we're seeing issues connecting to some sites which seem OpenSSL related. Two sites with known issues are: https://www.spellanywhere.co.uk/ https://www.mymaths.co.uk/ Connecting to either of these Squid returns the error: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server failed: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error Running openssl tests direct from a schools box (OpenSSL 1.0.1) gets: # openssl s_client -connect www.spellanywhere.co.uk:443 CONNECTED(0003) 3073661128:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:734: Attempting to disable protocols for testing gets: openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -connect www.spellanywhere.co.uk:443 CONNECTED(0003) 3074005192:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:734: and eventually openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -no_ssl3 -no_ssl2 -connect www.spellanywhere.co.uk:443 CONNECTED(0003) 3073534152:error:140740BF:SSL routines:SSL23_CLIENT_HELLO:no protocols available:s23_clnt.c:385: While forcing dtls with openssl s_client -dtls1 -connect www.spellanywhere.co.uk:443 seems to establish a tunnel as expected. Using curl or wget on the same boxes to those sites works as expected. Tests on a local box with OpenSSL 1.0.2e return similar results, although the disabled protocols test returns a different error: openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -no_ssl3 -no_ssl2 -connect www.spellanywhere.co.uk:443 CONNECTED(0003) 139735616550552:error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol:s23_clnt.c:735: Is this some sort of SSL handshake fallback error? Is there anything we can do in terms of configuration? Are we barking up the wrong tree? All input/questions welcome. Thanks Chris --- Chris Puttick CEO & Chief Asst to the duck TwoTen http://twoten.is Making the Internet better. For kids. +44 7908 997 146 @putt1ck Two Ten Web Limited, Regd Company no. 7774762 Regd office Unit 6, Southill, Cornbury Park, Charlbury, Oxfordshire OX7 3EW United Kingdom -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Guidance on proper usage of OpenSSL_add_all_digests
> On Wed, Mar 2, 2016 at 12:27 PM, Neptunewrote: > [...] > You can perform initialization in a static C++ ctor, but it can be > tricky because the C++ committee has never addressed the problem of > initialization order across translation units. Also see What's the > "static initialization order fiasco"? > (http://www.parashift.com/c++-faq/static-init-order.html). So static initialisation in Java is not the most capricious and error-prone mechanism ever invented? My faith in mankind takes yet another knock. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FW: Website changing this weekend
Hi Rich, I'm curious why the new download page lists version 1.01p before version 1.02d? Is it suggesting that users download the 1.01 branch instead of the later one? -Chris On Fri, Aug 14, 2015 at 1:26 PM, Salz, Rich rs...@akamai.com wrote: From: Salz, Rich [mailto:rs...@akamai.com] Sent: Friday, August 14, 2015 4:20 PM To: openssl-annou...@openssl.org Subject: [openssl-announce] Website changing this weekend We’re bringing up a new website this weekend. Please be patient if you have problems. If you notice any broken links, let us know. Thanks. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Question on logjam
Folks, can you pls confirm that none of the below ciphers are affected by this logjam bug? From my understanding, only ciphers containing DH or DHE would be affected. TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62) TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_WITH_DES_CBC_SHA The above are weak (e.g. vulnerable to freak), no argument there, but just want to ensure these are not vulnerable to this newly published bug. Thanks all! Chris. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Delete a post to openssl-user mailing list
What is the security risk? Management ? :) There could be a perceived problem that the world now knows that company X has problems with OpenSSL, and a competitor could even try to make mischievous use of this information - it happened to me once (with another technology). Death of developer mailing lists predicted; film at 11. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org Many thanks Steve for the prompt response! That fixed it. Chris ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: EnvelopedData -- ./openssl asn1parse -in encsess.bin 0:d=0 hl=4 l= 312 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 15:d=1 hl=4 l= 297 cons: cont [ 0 ] 19:d=2 hl=4 l= 293 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :02 26:d=3 hl=3 l= 234 cons: SET 29:d=4 hl=3 l= 231 cons: cont [ 1 ] 32:d=5 hl=2 l= 1 prim: INTEGER :03 35:d=5 hl=2 l= 65 cons: cont [ 0 ] 37:d=6 hl=2 l= 63 cons: cont [ 1 ] 39:d=7 hl=2 l= 9 cons: SEQUENCE 41:d=8 hl=2 l= 7 prim: OBJECT:id-ecPublicKey 50:d=7 hl=2 l= 50 prim: BIT STRING 102:d=5 hl=2 l= 28 cons: SEQUENCE 104:d=6 hl=2 l= 9 prim: OBJECT :dhSinglePass-stdDH-sha1kdf-scheme 115:d=6 hl=2 l= 15 cons: SEQUENCE 117:d=7 hl=2 l= 11 prim: OBJECT:id-smime-alg-CMS3DESwrap 130:d=7 hl=2 l= 0 prim: NULL 132:d=5 hl=3 l= 128 cons: SEQUENCE 135:d=6 hl=2 l= 126 cons: SEQUENCE 137:d=7 hl=2 l= 82 cons: SEQUENCE 139:d=8 hl=2 l= 69 cons: SEQUENCE 141:d=9 hl=2 l= 11 cons: SET 143:d=10 hl=2 l= 9 cons: SEQUENCE 145:d=11 hl=2 l= 3 prim: OBJECT:countryName 150:d=11 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=9 hl=2 l= 19 cons: SET 156:d=10 hl=2 l= 17 cons: SEQUENCE 158:d=11 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=11 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=9 hl=2 l= 33 cons: SET 177:d=10 hl=2 l= 31 cons: SEQUENCE 179:d=11 hl=2 l= 3 prim: OBJECT:organizationName 184:d=11 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 210:d=8 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 221:d=7 hl=2 l= 40 prim: OCTET STRING [HEX DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99 263:d=3 hl=2 l= 51 cons: SEQUENCE 265:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 276:d=4 hl=2 l= 20 cons: SEQUENCE 278:d=5 hl=2 l= 8 prim: OBJECT:des-ede3-cbc 288:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E924DA6FC08FC3AC 298:d=4 hl=2 l= 16 prim: cont [ 0 ] cmadden@ubuntu:~/openssl-1.0.2a/apps$ Private Key cat ecc.key -BEGIN EC PARAMETERS- BggqhkjOPQMBAQ== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt sw== -END EC PRIVATE KEY- Public Key Cert ./openssl asn1parse -in ecc.crt 0:d=0 hl=4 l= 434 cons: SEQUENCE 4:d=1 hl=4 l= 359 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 24:d=2 hl=2 l= 10 cons: SEQUENCE 26:d=3 hl=2 l= 8 prim: OBJECT:ecdsa-with-SHA256 36:d=2 hl=2 l= 69 cons: SEQUENCE 38:d=3 hl=2 l= 11 cons: SET 40:d=4 hl=2 l= 9 cons: SEQUENCE 42:d=5 hl=2 l= 3 prim: OBJECT:countryName 47:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 51:d=3 hl=2 l= 19 cons: SET 53:d=4 hl=2 l= 17 cons: SEQUENCE 55:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 60:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 72:d=3 hl=2 l= 33 cons: SET 74:d=4 hl=2 l= 31 cons: SEQUENCE 76:d=5 hl=2 l= 3 prim: OBJECT:organizationName 81:d=5 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 107:d=2 hl=2 l= 30 cons: SEQUENCE 109:d=3 hl=2 l= 13 prim: UTCTIME :150326134803Z 124:d=3 hl=2 l= 13 prim: UTCTIME :150425134803Z 139:d=2 hl=2 l= 69 cons: SEQUENCE 141:d=3 hl=2 l= 11 cons: SET 143:d=4 hl=2 l= 9 cons: SEQUENCE 145:d=5 hl=2 l= 3 prim: OBJECT:countryName 150:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=3 hl=2 l= 19 cons: SET 156:d=4 hl=2 l= 17 cons: SEQUENCE 158:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=3 hl=2 l= 33 cons: SET 177:d=4 hl=2 l= 31 cons: SEQUENCE 179:d=5 hl=2 l= 3 prim: OBJECT
Re: [openssl-users] EVP_aes_256_gcm -- receiving of tag
Dr. Stephen Henson wrote (on Wed 21-Jan-2015 at 14:53 +): On Tue, Jan 20, 2015, 'Chris Hall' wrote: ... I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex() with then return 0 if the Tag is found to be incorrect. Unless you're using an old version of OpenSSL you should be able to specify the tag after any EVP_DecryptUpdate calls but it still has to be before EVP_DecryptFinal(). This was addressed by commit 96f7fafa24313106b121782f1dcf7928dd0838ed Thanks. It's very kind of EVP_DecryptFinal() to check the Tag, but I could do with a way of getting hold of the Tag generated. In particular, I want to append signed copy of the Tag to the message, so the receiver may not even know what the Tag is. I suppose I could send the Tag between the encrypted message and the trailing signature, but I don't particularly want to reveal the Tag. Also, this is messing with the message format to fit the library ! Thanks, Chris ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_aes_256_gcm -- receiving of tag
I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex() with then return 0 if the Tag is found to be incorrect. I was hoping to be able to get the Tag, by EVP_CTRL_GET_TAG, but the documentation say that only works for encryption. Is there a way of reaching into (or below) the EVP stuff, to (a) prevent EVP_DecryptFinal_ex() from requiring and checking the Tag, and (b) getting the Tag after EVP_DecryptFinal_ex() -- same like after EVP_EncryptFinal_ex() ? I ask because I have an application which encrypts an arbitrary amount of data and starts sending it before all of it has been encrypted. What I have found so far seems to require me to receive all the cipher-text, and only when the Tag (finally) arrives, can I start to decrypt :-( Thanks, Chris ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl, opencrypto integration
I have implemented a H/W encryption driver and have integrated it with cryptodev. In eng_cryptodev.c there is an array digests[]. In that array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the xform.c file definedes MD5 to have a keylen of 0. Why is the keylen not zero for the MD5 entry in this table?Cryptodev also defines the keylen in a structure. The keylen is zero there. A comparison happens on session creation. This difference causes a check in the session creation to fail and cryptodev always selects the s/w crypto engine. If I change the eng_cryptodev digests[] entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, however Key generation output changes. If you run the openssl test case for key generation it will fail. It seems that the files generated are smaller. I don't see how this change has this side affect with key generation. ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: [openssl-users] How to get current using openssl version
Try setting LD_LIBRARY_PATH to your local installation before running your program: export LD_LIBRARY_PATH=/alternate/path/usr/lib On Mon, Dec 15, 2014 at 5:15 AM, Jerry OELoo oylje...@gmail.com wrote: Hi All: I am installing openssl in local path, and when I use SSLeay_version(SSLEAY_VERSION); to get version, it will return SSL version: OpenSSL 1.0.1f 6 Jan 2014, But installed version is 1.0.1j. It seems to get system installed version not my manually installed version, So How can I get it. PS. I have added include path to gcc: -I./openssl/include/openssl -- Rejoice,I Desire! ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users -- Chris Bare ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
[openssl-users] eng_cryptodev question
I have implemented a H/W encryption driver and have integrated it with cryptodev. In eng_cryptodev.c there is an array digests[]. In that array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the xform.c file definedes MD5 to have a keylen of 0.Why is the keylen not zero for the MD5 entry in this table? Cryptodev also defines the keylen in a structure. The keylen is zero there. A comparison happens on session creation. This difference causes a check in the session creation to fail and cryptodev always selects the s/w crypto engine. If I change the eng_cryptodev digests[] entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, however Key generation output changes. If you run the openssl test case for key generation it will fail. It seems that the files generated are smaller. I don't see how this change has this side affect with key generation. Chris. ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Re: Small memory leak on multithreaded server
As the maintainer of an alternative JavaVM I can confirm that we absolutely had to support library unloading because one customer was using it heavily - and that was quite a few years ago. Early Sun VMs didn't support library unloading, but then those VMs also did not garbage-collect obsolete classes either. On 21-11-2014 23:23, Viktor Dukhovni wrote: On Fri, Nov 21, 2014 at 04:13:58PM -0500, Jeffrey Walton wrote: A fixed amount of memory that is not deallocated and is independent of the number of operations performed, is NOT a memory leak. Languages like Java and C# can continuously load and unload a library. You will see a growth in memory usage because the memory is not reclaimed. Unloading of shared libraries is generally unsafe. Loading and unloading of pure of Java packages may work well enough, but I would expect a Java runtime that unloads native libraries to stay running for very long. That is horribly outdated information and an assumption that no competent library author should make or rely on others to make. On modern systems, unloading of shared libraries that are used as plugins, and by extension any shared libraries that might be referenced by plugins without being referenced by the plugin-using application core, is a normal and frequent operation supported by the core shared library loader and most shared libraries. If a library contains code that needs to be automatically called when it is loaded or unloaded without that being an exposed API level init/cleanup function, then the library porter needs to do the target specific gymnastics to get called by the (C) runtime at the appropriate times, and it needs to deal with common restrictions on what such calls from the (C) runtime are not allowed to do (one of which is recursive calls to the dynamic loader API). For libraries written in C++, the static constructor and destructor language mechanisms are treated this way automatically and thus subject to the same limitations on permitted operations. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
which cipher was chosen?
Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. -- Chris Bare
Re: which cipher was chosen?
Thanks, that's just what I needed. By performance I mean the initial connection speed. It spends 4-5 seconds in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in the fast case. This is on a 200Mhz arm, so it's not a fast machine. On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Nov 21, 2014, Chris Bare wrote: Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. SSL_get_cipher_name(). What do you mean by peformance the initial connection speed or the data transfer rate? With ECC the curve used is also significant: you can query that using OpenSSL 1.0.2+ which allows you to get details of the server temporary key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Chris Bare
my custom lookup method is leaking certs
I have written my own X509_LOOKUP_METHOD to pull cert data from a database. When I make an ssl connection, X509_STORE_get_by_subject calls my get_cert_by_subject function, which returns a certificate allocated by d2i_X509. When I run this program under valgrind, that certificate data is leaked very time I make a connection. I thought that cert data would be freed when I call BIO_free_all on the ssl BIO, but it is not. I don't have a pointer to the cert data as it was passed to an internal openssl function. I could track it and add my own free function, but there must be a proper way to do this via openssl functions, can anyone enlighten me? -- Chris Bare
Re: SSL vs. SSH in the context of CVE 2014-0160
Thanks Wim. On Tue, Apr 8, 2014 at 10:36 PM, Wim Lewis w...@omnigroup.com wrote: On 8 Apr 2014, at 7:14 PM, Chris Hill wrote: Team, I am having a discussions with a few friends about why this OpenSSL vuln (CVE 2014-0160) does not affect SSH. This may be TOO basic for many of you (apologize in advance), but can't think of any other way to prove my point other than speaking to the folks who really know (that's u). Or maybe I am the one wrong, wouldn't be the first time ;). A quick response to my frieds could be simply diffing the files for the actual OpenSSL change, e.g. ssl/d1_both.c and ssl/t1_lib.c, but I want a more classy answer. Is the below ok or am I completely off? Thank you in advance SSH and SSL/TLS are simply different protocols (doh). They may share some similar underlying crypto implementations, but as of their respective RFCs, they are just different protocols. The TLS Heartbeat TLS extension would not apply to SSH. SSH may have its own way to keep alive, but that would be a different one. Chris. This is correct as I understand it. ssh uses openssl mostly for crypto operations, but the ssh protocol does not have anything in common with ssl/tls (other than some fairly general design aspects). The heartbeat bug is particular to the openssl implementation of the heartbeat feature in tls, and that code isn't used by openssh. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CVE 2014-0160 and FIPS 140-2 module
Can anyone confirm my understanding that the FIPS 140-2 certified module is NOT affected by the CVE 2014-0160 vulnerability? -- Chris Bare
Re: How to determine when data is finished on an SSL socket
Matthew Donald scripsit: Sockets (SSL or otherwise) are layer-3 objects while content is a layer-7 object. To get an accurate end-of-content marker, you'll need to parse the output, buts since you are using the https protocol, that's going to be easy. Essentially, parse out the Content-Length header and read that many bytes past the end of the http headers. True, except that in various circumstances the Content-Length header may be absent (e.g. special Transfer-Encoding, or a chunked response). For the full story see http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4 Regards Chris Gray On 11 January 2014 19:46, M. V. bored_to_deat...@yahoo.com wrote: Hi everybody, I'm writing an application that creates multiple non-blocking SSL connections to an https server, in each one I send a request and read the server's response. my problem is, whatever I do, I can't determine when the response data is finished. here's part of my code responsible for sending and receiving data: fd_set connectionfds;struct timeval timeout2; FD_ZERO(connectionfds); FD_SET(socket_server, connectionfds); timeout2.tv_usec = 0; timeout2.tv_sec = 1;while(1){ r=BIO_read(io,buf,BUFSIZZ-1); if (r0){ //gather data continue; } else if (SSL_get_error(ssl, r)==SSL_ERROR_WANT_READ){ int ret = select(socket_server + 1, connectionfds, NULL, NULL, timeout2); if (ret = 0){ break; } continue; } else{ break; }}// use whole gathered data my problem with above code is, if I set select timeout to a small time, I can't guarantee that all data is received (because some servers are really slow), and if I set timeout to a long time (5-10 seconds), my socket is getting stucked in wait-state for a long time and I can't use the response before that. I tried to make this work by using BIO_should_read() or BIO_pending() functions, but none of them is giving me what I want. so, Is there a way to determine when exactly there is nothing else to read on the SSL socket? Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Looking for a tech talk speaker on Secure Networking
I organize the speakers for the SF Bay Area Large-Scale Production Engineering meetup (http://www.meetup.com/SF-Bay-Area-Large-Scale-Production-Engineering/ ; take a look at the PAST tab to see the kinds of events we've had). For our event on Thursday October 17, 2013, I'm looking for speakers on the topic of Secure Networking (event: http://www.meetup.com/SF-Bay-Area-Large-Scale-Production-Engineering/events/129859602/ ). As you can see from looking at our past events, I pick a topic, and then try to get 2-3 talks on that topic. Talks are usually 20-25 minutes long. This is a technical audience, and they don't appreciate a marketing pitch. They're eager to get into the nuts and bolts of the topic, including demos, code samples, and architecture. If you're going to be in the Bay Area then, and would be interested in giving a talk, please let me know here, or (preferably) through meetup.com. Thanks, Chris Westin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSLv23_Server_Method() not working in OpenSSL 1.01e
I just updated my Win64 server app from OpenSSL 1.0.0k to 1.01e, and I noticed that although it was configured to use the SSLv23_Server_method(), it no longer accepts SSLv3 connections from clients as it did using 1.0.0k. It does accept TLSv1 connections this way however. If I change it to use SSLv23_method() on the server, then the client connects successfully. However if I force the client to connect using SSLv3 then the result is a TLSv1 connection instead. I double checked that everything works as it should when I go back to using OpenSSL 1.0.0k on my server app. Is this a known issue in 1.0.1e? -Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RAND_bytes() returns zero in pre-boot environment
Issue is fixed. So long as it's OK to generate the same random bytes at each power-on. This is quite a common problem with embedded devices: even after boot it can be hard to find entropy with which to seed the PRNG. The usual sources which are used in a PC environment (keystrokes, ethernet activity, ...) are often absent. The best solution is always hardware. If you wire up a digital i/o in such a way that reading it produces an unpredictable series of 0's and 1's[1] then at least you have some genuine entropy to work with. It doesn't have to be ERNIE[2] to be better than nothing. [1] Exactly how to do this is off-topic for this list. Quaerendo invenietis. [2] For non-Brits: http://en.wikipedia.org/wiki/Premium_Bond#ERNIE. FYI- As I am working on pre-boot, no OS is present. Which was resulting in no seeding. RAND_seed() has been called before using RAND_bytes(). Here is the code snippet. static const char rnd_seed[] = string to make the random number generator think it has entropy; RAND_seed(rnd_seed, sizeof rnd_seed); On Tue, Aug 13, 2013 at 6:16 PM, baban devkate baban...@gmail.com wrote: FYI - RAND_bytes(buf, bytes) receives correct parameters as bytes=256 for SHA256. int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth meth-bytes) { Print(L control is here\n);/---controll is here return meth-bytes(buf,num); } Print(L RAND_bytes fails\n); return(-1); } On Tue, Aug 13, 2013 at 3:35 PM, baban devkate baban...@gmail.com wrote: Hello, RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or /dev/randomon Linux and CryptGenRandom() on Windows. I want to know how it works in Pre-boot environement? In pre-boot environment, if RAND_bytes() returns zero then what does it mean? Is it because PRNG is not properly seeded? If yes, how to resolve it? ~Baban __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How do I mount a NAS device?
On Aug 8, 2013, at 2:45 PM, Ted Byers r.ted.by...@gmail.com wrote: I obtained a NAS, with a view toward running MySQL on a sever running MS Small Business Server 2003 (yes, I know, it is old, but I don't have authority to upgrade it or wipe it and install Linux on it). Anyway, the latest version of MySQL will not run on that machine. Therefore, I intend to run MySQL on the latest Suse (12.3) on a much newer server that I have almost fixed (this machine will have a 256 GB SSD). So, unless I can mount the NAS in such a way that MySQL on Suse can find it, the 4 TB NAS goes to waste (even though all machines on my LAN can see it and browse to it, which is fine if I only want to use Windows Explorer, or it's Linux equivalents, to copy files to it - but even on Windows, MySQL doesn't seem to see it unless I have mapped a specific MAS folder to a local drive letter, so I assume something similar is true on Linux). Hence my question. NB: I am a programmer, not a system administrator, so I am at a loss as to how to do this. NB: I did a Google search, which resulted in a very poor signal to noise ratio, but ended up confused by the different instructions given for the different distributions. And, worse, a lot of the pages I found were as old as that ancient SBS machine I can't use for this purpose. Obviously, things have changes a lot since then. So, then, how do I do this on the latest Suse releases (12.x)? The two ways that come to my mind are: 1) if the nas has iscsi support, config it on the nas and then config iscsi initiator on suse. 2) mount -t /dev/devid /mnt Btw, not sure how you think this is ssl mailing list material.
Re: connection encrypted (a question)
On May 12, 2013, at 6:38 PM, Salz, Rich wrote: Many people find the four-letter word at the start of your domain name offensive. I'm assuming you know English well enough to know that, and chose it deliberately. That's reading beyond the cover. It broadcasts a general lack of respect for those from whom you are asking to take time out of their schedules to answer what are really very basic questions. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSA_PKCS1_PSS_PADDING and CMS_verify (repost)
Sorry to repost this, but I didn't see a reply and though it might have gotten lost in the shuffle of recent server changes. I saw the message below on the mailing list. I have run into a situation where I have a CMS using the PSS padding and I wanted to see if this might be implemented by now in CMS_verify. If not, I have some experience working with the openssl source code, but some pointers would be appreciated. -- Chris Bare On Mon, Sep 12, 2011, Stef Hoeben wrote: Hi, we have an SOD (a CMS for e-passports and e-ID cards) file that we can read out and verify nicely if the signature algo is RSA_PKCS1_PADDING. But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1 dump), the verification fails. Below is a part of the stack trace, it looks like openssl still thinks the algorithm is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING: CMS_verify() { cms_signerinfo_verify() { EVP_DigestVerifyInit() { do_sigver_init() { EVP_PKEY_CTX_set_signature_md() { ... pkey_rsa_ctrl() { // type == EVP_PKEY_CTRL_DIGESTINIT EVP_DigestVerifyFinal() { ... pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) { RSA_PKEY_CTX *rctx = ctx-data; // rctx-pad_mode == RSA_PKCS1_PADDING (???) // and EVP_MD_type(rctx-md) = NID_sha256 (OK) Someone knows if the problem is with the encoding of the signature algo in the file, or with openssl itself? ... [show rest of quotehttp://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html# ] OpenSSL HEAD only supports PSS and only for certificates, not CMS. Can you include the DER format message itself instead of the ASN1 dump? This will be very useful when CMS+PSS is implemented. Steve. -- Chris Bare
RSA_PKCS1_PSS_PADDING and CMS_verify
I saw the message below on the mailing list. I have run into a situation where I have a CMS using the PSS padding and I wanted to see if this might be implemented by now in CMS_verify. If not, I have some experience working with the openssl source code, but some pointers would be appreciated. -- Chris Bare On Mon, Sep 12, 2011, Stef Hoeben wrote: Hi, we have an SOD (a CMS for e-passports and e-ID cards) file that we can read out and verify nicely if the signature algo is RSA_PKCS1_PADDING. But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1 dump), the verification fails. Below is a part of the stack trace, it looks like openssl still thinks the algorithm is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING: CMS_verify() { cms_signerinfo_verify() { EVP_DigestVerifyInit() { do_sigver_init() { EVP_PKEY_CTX_set_signature_md() { ... pkey_rsa_ctrl() { // type == EVP_PKEY_CTRL_DIGESTINIT EVP_DigestVerifyFinal() { ... pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) { RSA_PKEY_CTX *rctx = ctx-data; // rctx-pad_mode == RSA_PKCS1_PADDING (???) // and EVP_MD_type(rctx-md) = NID_sha256 (OK) Someone knows if the problem is with the encoding of the signature algo in the file, or with openssl itself? ... [show rest of quote http://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#] OpenSSL HEAD only supports PSS and only for certificates, not CMS. Can you include the DER format message itself instead of the ASN1 dump? This will be very useful when CMS+PSS is implemented. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.
[no subject]
I saw the message below which indicates that as of 9/2011 CMS_verify does not support RSA_PKCS1_PSS_PADDING. Has this been fixed since then? I have a CMS on a secure ID card which uses PSS. If this is not fixed, I could send the CMS if that would be useful. I also have some experience with the openssl code, and could try to fix it myself, but pointers would be helpful. -- Chris Bare On Mon, Sep 12, 2011, Stef Hoeben wrote: Hi, we have an SOD (a CMS for e-passports and e-ID cards) file that we can read out and verify nicely if the signature algo is RSA_PKCS1_PADDING. But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1 dump), the verification fails. Below is a part of the stack trace, it looks like openssl still thinks the algorithm is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING: CMS_verify() { cms_signerinfo_verify() { EVP_DigestVerifyInit() { do_sigver_init() { EVP_PKEY_CTX_set_signature_md() { ... pkey_rsa_ctrl() { // type == EVP_PKEY_CTRL_DIGESTINIT EVP_DigestVerifyFinal() { ... pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) { RSA_PKEY_CTX *rctx = ctx-data; // rctx-pad_mode == RSA_PKCS1_PADDING (???) // and EVP_MD_type(rctx-md) = NID_sha256 (OK) Someone knows if the problem is with the encoding of the signature algo in the file, or with openssl itself? OpenSSL HEAD only supports PSS and only for certificates, not CMS. Can you include the DER format message itself instead of the ASN1 dump? This will be very useful when CMS+PSS is implemented. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
EVP_get_digestbyname and 'standard' signature algorithm names
I'm trying to develop an application with OpenSSL that needs to verify a variety of digital signatures from different places. Currently I use EVP_get_digestbyname to get an EVP_MD handle identifying the algorithm used, and this works well for things that originally came from OpenSSL, but less well with things that come from elsewhere. For example, Oracle sends me signatures identified as SHA512withRSA, which I need to translate into sha512WithRSAEncryption in order for EVP_get_digestbyname to accept and give me something that works (note the case differences as well as the extra -Encryption suffix). Is there any sort of standard for what these strings should be? Is there a way to get OpenSSL to be more 'permissive' when looking up algorithms by name like this? Currently I'm just manually building up a set of aliases to translate to their OpenSSL equivalents as I run into them, but it seems it should be possible to do something more general. Chris Dodd d...@csl.sri.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Possible bug in verifying a certificate if default root store is configured
On Thu, Dec 6, 2012 at 2:16 AM, Ralph Holz ralph-openssl-...@ralphholz.de wrote: -CAfile fileA file of trusted certificates. The lookup first looks in the list of untrusted certificates and if no match is found the remaining lookups are from the trusted certificates. The root CA is always looked up in the trusted certificate list: if the certificate to verify is a root certificate then an exact match must be found in the trusted list. This has led me to believe -CAfile would cause openssl to ignore a default path to certs. I am surprised CAPath is still evaluated if you indicate a CAFile. However, as strace shows: I've attached a diff against HEAD for verify.pod. Is it any good? verify.pod-HEAD.diff Description: Binary data
Re: [openssl-users] Possible bug in verifying a certificate if default root store is configured
On Thu, Dec 6, 2012 at 12:00 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: There's the same behaviour with -CAfile. If -CAfile isn't specified, then the default platform CA file is used (by default, /usr/lib/ssl/cert.pem). This is true for verify, ocsp, smime, and cms. Oh, right. New diff attached. verify.pod-HEAD.diff Description: Binary data
CryptAcquireContext -- New KeyObject already exists error pop up
Hi, I'm programming in c++ on windows. And some times on testing I get a pop up box CryptAcquireContext -- New KeyObject already exists error pop up or CryptGenRandom The parameter is incorrect warning boxes. I know why I end up with the warnings and that's ok, but I need to know is it the OpenSSL library that is creating the actual alert pop-up boxes? And if so, how can I suppress them? Thanks, -- Chris Long Programmer/Analyst Charitable Gaming Division Canadian Bank Note Company Ltd. Phone: 705-251-1559 Cell: 705-257-1261 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Quick question if TLS renegotiations are supported
Hi, Just a quick question. Does OpenSSL 1.0.1c support renegotiation of TSL clients? I'm programming a small server/client and if my SSL_method is SSLv23_method()'s or TLSv1_method()'s and they negotiate a TLS connection I'm having trouble getting them to renegotiate. -- Chris Long Programmer/Analyst Charitable Gaming Division Canadian Bank Note Company Ltd. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL renegotiation problems with TLS
Hi, I was hoping to get some insight on renegotiation issues I've been having. The program I've been developing is using OpenSSL in C++ and is a small client/server application. But I am writing directly to memory bios and SSL as to use our existing socket server. Everything so far seems to be working good except for renegotiation in some instances. It looks like if the handshake between server and client comes up with an SSLv3 connection, the client can initiate a renegotiation and it looks like the process completes fine. However if the server and client handshake comes up with a TLS connection the renegotiation doesn't seem to complete. The client's SSL gets stuck in a state SSL_want_read it seems. So simple examples: Example 1) Server SSL_CTX uses SSLv23_server_method() or SSLv3_server_method() Client SSL_CTX uses SSLv3_client_method() Handshake creates a SSLv3 connection. Client initiates renegotiation with server and all completes ok. Example 2) Server SSL_CTX uses SSLv23_server_method() or TLSv1_server_method() Client SSL_CTX uses SSLv23_client_method() or TLSv1_client_method() Handshake creates a TLS 1.2 connection Client initiates renegotiation and a little data is sent back and forth between client and server (29bytes a couple of times) but the client permanently remains in SSL_want_read state. Any help is appreciated. I'm not sure if TLS renegotiation is supported, I know there was issues with it before. I can provide any more information or clarification as requested. Thank you, -- Chris Long Programmer/Analyst, Bingo Systems Lottery Systems Division Canadian Bank Note Company Ltd. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
n00b Cert Questions
Hi all! I am trying to generate Certs for use with strongswan VPN. Specifically, I am trying to fulfill: http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq So as to use windows 7 builtin VPN client. Has anyone here done this with strongswan? Can anyone point me to a doc that has the steps/commands to accomplish this using OpenSSL? Sent from my iPhone__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: weak key check?
On 02/19/2012 07:36 PM, anthony berglas wrote: Exactly. So you need about 112 bits of entropy / Pass Phrase to generate a good 2048 bit key. Remember that the vast majority of 2048 bit numbers are not valid key pairs. My question is, has this been done, or would it be easy to do given the existing structure. No, this is NOT true. While it is the case that a good 2048 bit RSA key gives you only about 112 bits of security, its not at all clear that you can generate such a good key from less than 2048 bits of entropy. Indeed, from the recently published Lenstra/Hughes attack, its clear that using 112 bits of entropy to generate an RSA key (of any length) cannot possibly give you more that 56 bits of security, and probably far less. Chris Dodd d...@csl.sri.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CApath with multiple client certs
I love this toolset; definitely value-add for the community! I am using OpenSSL to run through a sizable number of web server connections (~500), and tell me which certs are getting ready to expire. My utility has worked for a while (a couple years?) on 1.0.0 Beta3, and I recently upgraded to 1.0.0.n. So far, so good... no problems with the upgrade. Now I want to extend my usage of OpenSSL, to handle client-side certificates, because my current utility throws an error on web servers that require a client side certificate. It seems to work (at least some) regardless, because openssl s_client shows the server side certificate before having to provide the client side. But I want to get rid of all the errors, and ensure I'm getting all server side certs. In my lab, I've successfully been able to do manual testing, using the following command from a client: -- openssl s_client -nowait -connect 192.168.1.145:443 -cert .\CA\user\usercert.CRT -key .\CA\user\userkey.KEY And if I dumped both the CRT and KEY into a single PEM file, I could connect like this: -- openssl s_client -nowait -connect 192.168.1.145:443 -cert .\CA\user\combined.PEM [Note: If you're probably wondering what the '-nowait' option is. My utility runs on Windows. Since the distributed version (beta3 and .n) would often hang on the Windows connection, I added a '-nowait' option into the source and re-compiled the Windows version. Real easy, I'll attach the diff to the bottom in case anyone is interested in the change to s_client.] So far I know that when I provide the exact file to use on the command line, it connects fine. Now my challenge... For so many servers, I'd like a flexible openssl call that can use a directory of client certificates/keys, in order to avoid having to specify the cert for each connection command. That lead me towards the -CApath parameter. I believe the 'mklink' option on Win2003 or the CreateSymbolicLink function on Windows 2008 should be able to replace the 'ln -s' code for c_rehash. But I can't get it to work. I always get an ssl handshake failure. Sample failed output below. Maybe I'm not creating the base PEM file correctly before hashing the file to use the CApath? I've tried using a hash file for the CA cert, and one for the combined.PEM (user cert and user key in same file). And I've tried using a hash file with all three in one. I must be doing something obviously wrong. ;( I would appreciate some direction from the SSL gurus. Error snapshot follows: === Loading 'screen' into random state - done CONNECTED(00AC) depth=1 /C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net verify return:1 depth=0 /C=US/ST=Illinois/O=Leverage Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.net verify return:1 7192:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1160:SSL alert number 40 7192:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- Certificate chain 0 s:/C=US/ST=Illinois/O=Leverage Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.net i:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net 1 s:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net i:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net --- Server certificate -BEGIN CERTIFICATE- MIIDVTCCAv+gAwIBAgIJAItDpW8cTCDAMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlF1aW5jeTEbMBkG A1UEChMSTGV2ZXJhZ2UgRGlzY292ZXJ5MRcwFQYDVQQLEw5BZG1pbmlzdHJhdGlv bjEUMBIGA1UEAxMLQ0EgVkVSSUZJRVIxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRA Z2FyZXgubmV0LmNvbTAeFw0xMjAyMDMxOTI5MjBaFw0xMzAyMDIxOTI5MjBaMIGU MQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxGzAZBgNVBAoTEkxldmVy YWdlIERpc2NvdmVyeTEXMBUGA1UECxMOQWRtaW5pc3RyYXRpb24xFjAUBgNVBAMT DTE5Mi4xNjguMS4xNDUxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRAZ2FyZXgubmV0 LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPCxK0zbev3sHS4GN1uKqJZ4sV gSuZX/BCdwiKA4h8icyU3fI47+emhl+Z6fivOrv7/Hce+kli2vOyQ/YK8qnLAgMB
Re: CApath with multiple client certs
Hi Dave, Thanks for your ideas and response. Especially the explanation of CApath; very informative. You're right, I'm on version 'g' not 'n'. I'd say it was a typo, but I really thought I was on 'n'. ;) -Chris On Fri, Feb 3, 2012 at 4:48 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Chris Satterthwaite Sent: Friday, 03 February, 2012 15:55 I am using OpenSSL to run through a sizable number of web server connections (~500), and tell me which certs are getting ready to expire. My utility has worked for a while (a couple years?) on 1.0.0 Beta3, and I recently upgraded to 1.0.0.n. snip Aside: 1.0.0 is only up to g. Are you a Time Lord? Now I want to extend my usage of OpenSSL, to handle client-side certificates, because my current utility throws an error on web servers that require a client side certificate. It seems to work (at least some) regardless, because openssl s_client shows the server side certificate before having to provide the client side. But I want to get rid of all the errors, and ensure I'm getting all server side certs. It's actually 'without' not 'before', but same result. In my lab, I've successfully been able to do manual testing, using [-cert and -key, or -cert with combined] [Note: If you're probably wondering what the '-nowait' option is. My utility runs on Windows. Since the distributed version (beta3 and .n) would often hang on the Windows connection, I added a '-nowait' option into the source and re-compiled snip I doubt this is Windows specific. Your command line doesn't show any redirection of input, so if s_client successfully connects it waits for user input to be sent to the server and/or server output to be displayed to the user. Redirect NUL: (actually any filename *beginning* with NUL works, but that's a kludge) or an actual empty file. For so many servers, I'd like a flexible openssl call that can use a directory of client certificates/keys, in order to avoid having to specify the cert for each connection command. That lead me towards the -CApath parameter. I believe the 'mklink' option on Win2003 or the CreateSymbolicLink function on Windows 2008 should be able to replace the 'ln -s' code for c_rehash. But I can't get it to work. I always get an ssl handshake failure. Sample failed output below. snip rest You're looking in entirely the wrong place. Even if symlinks work on Windows and I'm not sure about that, CApath and/or CAfile supply CA certs to use to verify the *server* (in general the peer, which for s_client is the server), *not* prove the client, and no key(s) at all (which is necessary for client to prove). I believe, but haven't tracked down exactly, the default truststore (CApath and/or CAfile) is used to *add* chain certs for the client cert if needed, but it cannot be used to supply the client cert (and key) itself. In general if you want to interactively select client cert+key, you need to set _client_cert_cb (callback) or _client_cert_engine. s_client.c currently has the latter, if you write such an engine; or you can modify s_client.c to include and use a callback you write. Or you could write a custom app which just SSL_connect's and displays the server cert (or only server cert notAfter if that's all you want) and doesn't try to do the many other things s_client does. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Uninitialized variable detected in commit 1.76
Hi, We are using Sentry (a C/C++ static analysis tool) to analyze openssl on a nightly basis. Sentry found that an uninitialiezd variable was recently introduced in the commit 1.76 and 1.57.2.3.2.13. You can see the commit here, http://cvs.openssl.org/filediff?f=openssl/ssl/t1_enc.cv1=1.75v2=1.76 The import lines are, unsigned char *val; - uninitialized variable val ... buff = OPENSSL_malloc(olen); if (buff == NULL) goto err2;- malloc returned NULL ... err2: ... ret: if (buff != NULL) OPENSSL_free(buff); if (val != NULL) OPENSSL_free(val); - uninitialied variable val used ... Since the variable is uninitialized, it could be non NULL, which if passed to OPENSSL_free could potentially cause a crash. A solution to this problem would be to assign val to 0. Thanks, Chris -- Chris Wilson http://vigilantsw.com/ Vigilant Software, LLC __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
we have an issue
I have encountered an error and need to know how to fix it. The error is belowif anyone can help me it would be greatly appreciated... I typed in a term window in a linux machine the following command... $ openssl s_client -connect rsa6.fema.gov:7004 When the results are displayed there are two lines that show an error... Here is the error 47661220128736:error:140943FC: SSL routines: SSL3_READ_BYTES: sslv3 alert bad record mac:s3_pkt.c:1193:SSL alert number 20 47661220128736:error:140790E5:SSL routines:SSL23_WRITE: ssl handshake failure: s23_lib.c:177: After those lines...the certificate part of the command is displayed with the hashed cert. What can I do to fix this problem? Regards, Thanks for the help ahead of time. Chris Johnson SR. Software Engineer, MSE. FEMA NCP RE Office: (202)646-3531 Cell: (202)577-7441 inline: image001.gif
Re: What is the maximum data size for encrypting with rsautl command?
Roughly keysize - paddingsize is the limit. keysize in your case is 512 bytes and padding size for OAEP padding (the common standard) is ~41, so the limit is about 471 bytes. Usually when encrypting a file, you use a symmetric cipher with a randomly chosen key, and then encrypt the key with RSA and prepend that to the encrypted file. -chris On 06/27/2011 09:00 AM, ml.vladimbe...@gmail.com wrote: Hello. I tried to encrypt a file(1Mb), with RSA private key of 4096-bit length with command: openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out 2.srsa I get next error: Loading 'screen' into random state - done RSA operation error 5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:.\crypto\rsa\rsa_pk1.c:151: __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question regarding to memory leak
On Fri, Jun 24, 2011, Yan, Bob wrote: Hi, I have used IBM purify to check my test program which invokes openssl library. There are some memory leaks reported by Purify, please see below. Could somebody point to me from which function those leaks were generated, and how to avoid those leaks? Thanks, Bob MLK: 1104 bytes leaked in 46 blocks This memory was allocated from: malloc [rtlib.o] CRYPTO_malloc [libcrypto.so.1.0.0] ASN1_STRING_type_new [libcrypto.so.1.0.0] ASN1_primitive_new [libcrypto.so.1.0.0] asn1_item_ex_combine_new [libcrypto.so.1.0.0] asn1_item_ex_combine_new [libcrypto.so.1.0.0] ASN1_item_ex_d2i [libcrypto.so.1.0.0] asn1_template_noexp_d2i [libcrypto.so.1.0.0] Block of 24 bytes (46 times); last block at 0x2c0f7218 I've used valgrind with OpenSSL based programs to find memory leaks, and with it, you can use a --num-callers=N option to get deeper stack traces in the leak reports. You need a depth of 15-20 to get far enough to see where your code is calling into the OpenSSL code in most cases. There's probably a similar option for IBM purify. -chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL and multithreaded programs
Is the OpenSSL library supposed to be at all reentrant? I've had odd problems (intermittent errors) when trying to use OpenSSL in a multithreaded program (multiple threads each dealing with independent SSL connections), and have apparently solved them by creating a single global mutex and wrapping a mutex acquire around every call into the library. Is this kind of locking expected to be needed? Chris Dodd cd...@csl.sri.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BIO_f_buffer read behavior
I have pushed a BIO_f_buffer onto my BIO stack to get output buffering, This works fine. However, when I read from the BIO_f_buffer, it only returns when the buffer I give it is full. This is unlike the normal behavor of the below it in the stack, and different from a direct read. Is this the expected behavior of the BIO_f_buffer on a read? If so, is the only alternative to track a read and a write bio? I assume that I can read from the bio under the BIO_f_buffer without causing problems, is that correct. -- Chris Bare ch...@bareflix.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Installing openssl 1.0.0a in Ubuntu
However, when I do openssl version in bash I get 0.9.8k which is ubuntu's version and my /usr/lib/libcrypto and libssl links point to libcrypto.so.0.9.8 and libssl.so.0.9.8 respectively. I noticed that 1.0.0 manual build has not build respective libcrypto.so.1.0.0 and libssl.so.1.0.0 files. How do I make sure that ubuntu is using my /usr/local/ssl 1.0.0 build? You have 2 main options. You can either re-build to have openssl 1.0 installed in the normal directories, or you can set your paths to point to the /use/local locations first. to build and install in the normal places use: ./config --prefix=/usr/ --openssldir=/etc/ssl shared make make install To set your path to use /usr/local try: export PATH=/usr/local/bin:$PATH export LD_LIBRARY_PATH=/usr/local/lib Keep in mind that installing 1.0.0 in the normal locations may break other applications that expect 0.9.8 data files. Also programs linked with 0.9.8 libraries will have to be rebuilt to use the 1.0.0 libraries since the major version number has changed. Let's hope debian or ubuntu packages 1.0.0 soon. -- Chris Bare ch...@bareflix.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
.deb packages for 1.0.0?
Has anyone seen .deb packages for openssl 1.0.0? I took a quick stab at converting the 0.9.8 debian files, but I ran into a lot of problems and it takes a long time to debug. -- Chris Bare ch...@bareflix.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error signing certificates with my own CA... Configuration file?
Not discouraged at all (just short on time trying to meet a deadline). I'll check out TinyCA (and the like) in the meantime, but actually do hope to delve into the source and figure out those directives when I get some time. I do appreciate your time and attention!! On 09/28/2010 09:41 AM, Mark H. Wood wrote: I don't want to discourage you from learning the details yourself, but you may want to look at some wrapper software that is already worked out and takes care of these things for you. For example, I usually find TinyCA adequate to my minuscule certificate-processing needs. Even if you decide not to use such a tool, you may learn some useful things by studying the code. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error signing certificates with my own CA... Configuration file?
I've found the alternative to self-signing (namely signing with your own CA) to be a potentially great path for the web application that we develop; however I can't quite figure out how exactly to tweak the configuration file to get what I want. It is hard (impossible?) to find any detailed information about each of the directives in that file. Basically, I've successfully(?) created my own CA (the certificate is able to be installed automatically as trusted root, and everything), but when I go to sign or use a server certificate (for the end-user) using that, I get problems. In order to attempt all this voodoo, I've basically created two separate directories (one for my CA and another for my end-user certificates)... each containing their own directory structure (private, certs, etc.) and their own openssl config files. Is this the right approach, first of all? I assume since the CA has its own unique configuration directives (e.g. CA=True), the end-user cert should be different... right? So, first, I want to make sure I am creating the CA keys properly Can someone provide a list of configuration directives (or link to them) that are necessary for a CA in my type of situation? I at least know CA=True and keyUsage needs to include certSign (many thanks to Patrick!)... but what, if anything, else? Then, same for the end-user certificates... anything special there? Thanks! Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Self-signed CA problem for internal web application
Sure.. but please excuse me as this is the first time posting on this forum ~ post in plain text or does this system support attached files? Patrick Patterson wrote: Hi Chris: Can you post the certificates in question? My guess is that you don't have the various extensions set according to the PKIX standards that the Browsers are expecting. Thanks. Patrick. On 2010-09-22, at 2:57 PM, Chris Rider wrote: We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to There's a Problem With Security! / Allow Exception, etc. If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. So, as I said, I've created my own CA (using this link as a guide: http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own certificates without problem. I then install the root certificate, followed by a server certificate signed by that CA. And, while I can click allow exception in the browser to make it all work, that is not the desired way. We just want to be able to have the end-user install a trusted root certificate and everything just work from there. Testing in IE and FireFox nets the same big scary warning message, no matter what combination of fields I use in the CSR, etc. We really don't want to go with a third party CA like VeriSign, for example -- not so much because of the cost, but we just don't want to deal with updating countless remote installations of our product whenever the certificate expires. Not to mention the support that would be associated with doing that! The other issue is that some/most of these installations do not have outside internet connectivity with which to query the CA's (for CRL's, or whatever). We really need to manage our own certificates, all in all but without these warning messages. Is it possible? If so, what am I missing? -- Chris Rider, Systems Architect MessageNet Systems chris.ri...@messagenetsystems.com __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org --- Patrick Patterson President and Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca tel: +1 514 485 0789 mobile: +1 514 994 8699 fax: +1 450 424 9559 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Self-signed CA problem for internal web application
I think we're on to something here... thank you for your time and attention, btw! I still can't see anything about the AIA thing, but I took another go at the basicConstraints and keyUsage, and seem to have slightly better results. I changed basicConstraints to True (it was FALSE by default), so that makes sense. I also just tacked on certSign to the end of the keyUsage string. Now, when I generate the keys and install the CA's certificate on the client, even IE will automatically detect/install as a trusted root... which it wasn't before. So I think we're onto something with my CA. But now, when I go to sign the server certificate using my CA, I am getting the following errors: (using the exact same process -- scripted -- as before, so the only thing changed is the CA config file / CA keys) Error Loading extension section usr_cert 14488:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/pki_MessageNet/CA/index.txt.attr','rb') 14488:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: 14488:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197: 14488:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn 14488:error:2206E068:X509 V3 routines:X509V3_get_value_bool:invalid boolean string:v3_utl.c:229:section:,name:CA,value:True 14488:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=basicConstraints, value=CA:True What is the best way to include my file contents for you? (worried about posting something a mile long) Patrick Patterson wrote: Hi Chris: On 2010-09-22, at 4:13 PM, Chris Rider wrote: For now, I've just copied the CA's public .crt file to a public_html type directory and downloading on the client ~ from there, depending on whether I use FireFox or IE, I go into the respective certificates manager and import the one I downloaded. I've been very deliberate in making sure it actually gets installed under the root/trusted category, and not some other category. I haven't investigated the AIA field... (didn't even know about it) Would that be specified when creating the CA's keys? Is that best specified in my CA's cnf file somewhere? Yes - it would. Barring all else, it seems to me like the browser is hanging up on the fact that the CA's certificate is self-signed. (??) Things that would make the browser hang include: CA cert not including basicConstraints: CA=True, or keyUsage not including certSign. and User Certs that DO include either of those values. Also, what could be happening is a mismatch between AKI and SKI values in the CA and Server certs. That's why I requested you to send along a copy of the certs that you are using - the values need to be set correctly, just having one key signed by the other, which happens to be self signed, is not enough. Unless you have extensively edited your openssl.cnf file, you are probably not generating correct CA or end entity certs. Have fun. Patrick. -Chris Hugo Garza wrote: Hi Chris, how are you installing the root CA on the client machines? In windows once you double click the root certificate you get a message dialog box and click the install certificate button. On the following screen press next and on the next screen tell it to install the certificate to the Trusted Root Certificate Authorities, hit next then finish. You should get a Windows dialog warning saying that you are adding a root certificate, and you just say yes. Now the other possible problem is that on the server certificate that you created you aren't including the Authority Information Access (AIA) field. This is crucial so that your customers only have to install the root CA and implicitly trust any certificates signed by the root. On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider chris.ri...@messagenetsystems.com mailto:chris.ri...@messagenetsystems.com wrote: We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to There's a Problem With Security! / Allow Exception, etc. If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. So, as I said, I've created my own CA (using this link
Re: Self-signed CA problem for internal web application
Sorry, I think I should make clear that I'm using two different setups... one for the CA and another for the end user certificate. For example, my CA is in /etc/pki_MessageNet/CA while my end-user is in /etc/pki_MessageNet/tls --- so when I generate my CA keys, it has its own config file / scope... and when I generate my end user CSR, it has its own config file / scope. I am, however, granting my CSR from within the scope of my CA and its configuration. In other words, I'm replicating a real world type situation -- or that is the hope! Chris Rider wrote: I think we're on to something here... thank you for your time and attention, btw! I still can't see anything about the AIA thing, but I took another go at the basicConstraints and keyUsage, and seem to have slightly better results. I changed basicConstraints to True (it was FALSE by default), so that makes sense. I also just tacked on certSign to the end of the keyUsage string. Now, when I generate the keys and install the CA's certificate on the client, even IE will automatically detect/install as a trusted root... which it wasn't before. So I think we're onto something with my CA. But now, when I go to sign the server certificate using my CA, I am getting the following errors: (using the exact same process -- scripted -- as before, so the only thing changed is the CA config file / CA keys) Error Loading extension section usr_cert 14488:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/pki_MessageNet/CA/index.txt.attr','rb') 14488:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: 14488:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197: 14488:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn 14488:error:2206E068:X509 V3 routines:X509V3_get_value_bool:invalid boolean string:v3_utl.c:229:section:,name:CA,value:True 14488:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=basicConstraints, value=CA:True What is the best way to include my file contents for you? (worried about posting something a mile long) Patrick Patterson wrote: Hi Chris: On 2010-09-22, at 4:13 PM, Chris Rider wrote: For now, I've just copied the CA's public .crt file to a public_html type directory and downloading on the client ~ from there, depending on whether I use FireFox or IE, I go into the respective certificates manager and import the one I downloaded. I've been very deliberate in making sure it actually gets installed under the root/trusted category, and not some other category. I haven't investigated the AIA field... (didn't even know about it) Would that be specified when creating the CA's keys? Is that best specified in my CA's cnf file somewhere? Yes - it would. Barring all else, it seems to me like the browser is hanging up on the fact that the CA's certificate is self-signed. (??) Things that would make the browser hang include: CA cert not including basicConstraints: CA=True, or keyUsage not including certSign. and User Certs that DO include either of those values. Also, what could be happening is a mismatch between AKI and SKI values in the CA and Server certs. That's why I requested you to send along a copy of the certs that you are using - the values need to be set correctly, just having one key signed by the other, which happens to be self signed, is not enough. Unless you have extensively edited your openssl.cnf file, you are probably not generating correct CA or end entity certs. Have fun. Patrick. -Chris Hugo Garza wrote: Hi Chris, how are you installing the root CA on the client machines? In windows once you double click the root certificate you get a message dialog box and click the install certificate button. On the following screen press next and on the next screen tell it to install the certificate to the Trusted Root Certificate Authorities, hit next then finish. You should get a Windows dialog warning saying that you are adding a root certificate, and you just say yes. Now the other possible problem is that on the server certificate that you created you aren't including the Authority Information Access (AIA) field. This is crucial so that your customers only have to install the root CA and implicitly trust any certificates signed by the root. On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider chris.ri...@messagenetsystems.com mailto:chris.ri...@messagenetsystems.com wrote: We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed
Re: Self-signed CA problem for internal web application
Thanks for the suggestion, but I've already tried that, more or less My web server config already has that mime type configured, and the client is capable of recognizing the properly served filetype. I've tried installing certificates through IE's wizard automatically in such a way... as well as manually in it and other browsers (downloading certificate and importing). My primary skills are that of webmaster (using that word should tell how long I've been in that game! grin), so I am aware of how much the browsers vary in doing things... which is why I tried every way of installing in every browser I have. I agree with you about the latest versions of MSIE and that stupid wizard they now use! I'm pretty sure it something in my generating keys, rather than client issues. John R Pierce wrote: On 09/22/10 11:57 AM, Chris Rider wrote: We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to There's a Problem With Security! / Allow Exception, etc. If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. take your selfsigned CA public certificate, name it something.cer, and place it on a web server, making sure the webserver understands that .cer is mime type application/x-x509-ca-cert give your clients the link to that .CER ... they have to accept it and add it to their trusted root certificate storage, the specifics of doing this vary by web browser (current versions of MSIE have made this harder than it should be) once that .cer is installed in the browsers trusted root authorities, then anything signed by that CA will be accepted. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Self-signed CA problem for internal web application
We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to "There's a Problem With Security! / Allow Exception, etc." If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. So, as I said, I've created my own CA (using this link as a guide: http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own certificates without problem. I then install the root certificate, followed by a server certificate signed by that CA. And, while I can click "allow exception" in the browser to make it all work, that is not the desired way. We just want to be able to have the end-user install a trusted root certificate and everything just work from there. Testing in IE and FireFox nets the same big scary warning message, no matter what combination of fields I use in the CSR, etc. We really don't want to go with a third party CA like VeriSign, for example -- not so much because of the cost, but we just don't want to deal with updating countless remote installations of our product whenever the certificate expires. Not to mention the support that would be associated with doing that! The other issue is that some/most of these installations do not have outside internet connectivity with which to query the CA's (for CRL's, or whatever). We really need to manage our own certificates, all in all but without these warning messages. Is it possible? If so, what am I missing? -- Chris Rider, Systems Architect MessageNet Systems chris.ri...@messagenetsystems.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Self-signed CA problem for internal web application
We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to There's a Problem With Security! / Allow Exception, etc. If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. So, as I said, I've created my own CA (using this link as a guide: http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own certificates without problem. I then install the root certificate, followed by a server certificate signed by that CA. And, while I can click allow exception in the browser to make it all work, that is not the desired way. We just want to be able to have the end-user install a trusted root certificate and everything just work from there. Testing in IE and FireFox nets the same big scary warning message, no matter what combination of fields I use in the CSR, etc. We really don't want to go with a third party CA like VeriSign, for example -- not so much because of the cost, but we just don't want to deal with updating countless remote installations of our product whenever the certificate expires. Not to mention the support that would be associated with doing that! The other issue is that some/most of these installations do not have outside internet connectivity with which to query the CA's (for CRL's, or whatever). We really need to manage our own certificates, all in all but without these warning messages. Is it possible? If so, what am I missing? -- Chris Rider, Systems Architect MessageNet Systems __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Self-signed CA problem for internal web application
For now, I've just copied the CA's public .crt file to a public_html type directory and downloading on the client ~ from there, depending on whether I use FireFox or IE, I go into the respective certificates manager and import the one I downloaded. I've been very deliberate in making sure it actually gets installed under the root/trusted category, and not some other category. I haven't investigated the AIA field... (didn't even know about it) Would that be specified when creating the CA's keys? Is that best specified in my CA's cnf file somewhere? Barring all else, it seems to me like the browser is hanging up on the fact that the CA's certificate is self-signed. (??) -Chris Hugo Garza wrote: Hi Chris, how are you installing the root CA on the client machines? In windows once you double click the root certificate you get a message dialog box and click the install certificate button. On the following screen press next and on the next screen tell it to install the certificate to the Trusted Root Certificate Authorities, hit next then finish. You should get a Windows dialog warning saying that you are adding a root certificate, and you just say yes. Now the other possible problem is that on the server certificate that you created you aren't including the Authority Information Access (AIA) field. This is crucial so that your customers only have to install the root CA and implicitly trust any certificates signed by the root. On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider chris.ri...@messagenetsystems.com mailto:chris.ri...@messagenetsystems.com wrote: We have a client/server architecture based product that needs to allow SSL communication between our server (CentOS) and various clients' web browsers (and additionally, other devices, but that's beyond the scope of this post). We've been able to get SSL working in both of two different ways (self-signed certificate self-signed CA with certificates signed by that) -- so that is not the issue. Rather, our whole issue is that we don't want the end-users to confronted with a big scary browser message that says something akin to There's a Problem With Security! / Allow Exception, etc. If they must install a certificate or two, that would be acceptable, though. So I thought that creating my own CA to sign certificates with would be a solution apparently not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! Very frustrating. So, as I said, I've created my own CA (using this link as a guide: http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own certificates without problem. I then install the root certificate, followed by a server certificate signed by that CA. And, while I can click allow exception in the browser to make it all work, that is not the desired way. We just want to be able to have the end-user install a trusted root certificate and everything just work from there. Testing in IE and FireFox nets the same big scary warning message, no matter what combination of fields I use in the CSR, etc. We really don't want to go with a third party CA like VeriSign, for example -- not so much because of the cost, but we just don't want to deal with updating countless remote installations of our product whenever the certificate expires. Not to mention the support that would be associated with doing that! The other issue is that some/most of these installations do not have outside internet connectivity with which to query the CA's (for CRL's, or whatever). We really need to manage our own certificates, all in all but without these warning messages. Is it possible? If so, what am I missing? -- Chris Rider, Systems Architect MessageNet Systems __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Displaying modulus
Hi Michael, There are always an extra null-byte at the beginning, which has an effect on the sign of the modulus value. The null-byte character would make the modulus a positive value. I've been using the following application with Wine to view my X.509 certificates: http://lipingshare.com/Asn1Editor/ There's also a very neat online ASN.1 parser available here: http://geminisecurity.com/parse.php Regards, Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org