X509_STORE lookup problem

[Chris Bare]

I've implemented my own X509_STORE lookup functions.
The problem I'm having is that the store contains cert A which is being
returned when I lookup
cert B because they both have the same Common Name.
Is there a way to tell the store to look up via thumbprint rather than
Common Name?
I have a get_by_fingerprint function, but it never gets called.

-- 
Chris Bare

Re: EC_POINT_get_affine_coordinates replacement in 3.0

[Chris Bare]

Thanks, I'll check those out.

On Tue, May 3, 2022 at 4:53 PM William Roberts 
wrote:

> On Tue, May 3, 2022 at 3:18 PM Chris Bare  wrote:
> >
> >
> > On Tue, May 3, 2022 at 3:10 PM William Roberts 
> wrote:
> >>
> >> On Tue, May 3, 2022 at 1:14 PM Chris Bare  wrote:
> >> >
> >> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to
> get the coordinates
> >> > in a 3.0 way.
> >> > The old code is:
> >> > BN_CTX *ctx = BN_CTX_new ();
> >> > BIGNUM *X = NULL, *Y = NULL;
> >> > const EC_POINT *pubkey;
> >> > const EC_GROUP *group;
> >> > BN_CTX_start (ctx);
> >> > X = BN_CTX_get (ctx);
> >> > Y = BN_CTX_get (ctx);
> >> > pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey));
> >> > group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey));
> >> > EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx)
> >> >
> >> > What would be the 3.0 way to get X and Y without using deprecated
> functions?
> >>
> >> For EC_POINT_get_affine_coordinates_GFp it goes to
> >> EC_POINT_get_affine_coordinates, see:
> >>   -
> https://www.openssl.org/docs/man3.0/man3/EC_POINT_get_affine_coordinates.html
> >>
> >> Offhand I don't see any other deprecated functions, was that the only
> one?
> >>
> >> Thanks,
> >> Bill
> >
> >
> > all the EC_KEY_get0_ functions are deprecated. Is there a new way to
> access the internals of
> > the opaque structures, or am I stuck with the deprecated ones for this?
>
> I think you want the from and to data routines that provide the
> components from an EVP PKEY or produce an EVP_PKEY
> from the components:
>   - https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_todata.html
>   - https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
>


-- 
Chris Bare

Re: EC_POINT_get_affine_coordinates replacement in 3.0

[Chris Bare]

On Tue, May 3, 2022 at 3:10 PM William Roberts 
wrote:

> On Tue, May 3, 2022 at 1:14 PM Chris Bare  wrote:
> >
> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to get
> the coordinates
> > in a 3.0 way.
> > The old code is:
> > BN_CTX *ctx = BN_CTX_new ();
> > BIGNUM *X = NULL, *Y = NULL;
> > const EC_POINT *pubkey;
> > const EC_GROUP *group;
> > BN_CTX_start (ctx);
> > X = BN_CTX_get (ctx);
> > Y = BN_CTX_get (ctx);
> > pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey));
> > group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey));
> > EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx)
> >
> > What would be the 3.0 way to get X and Y without using deprecated
> functions?
>
> For EC_POINT_get_affine_coordinates_GFp it goes to
> EC_POINT_get_affine_coordinates, see:
>   -
> https://www.openssl.org/docs/man3.0/man3/EC_POINT_get_affine_coordinates.html
>
> Offhand I don't see any other deprecated functions, was that the only one?
>
> Thanks,
> Bill
>

all the EC_KEY_get0_ functions are deprecated. Is there a new way to access
the internals of
the opaque structures, or am I stuck with the deprecated ones for this?

-- 
Chris Bare

EC_POINT_get_affine_coordinates replacement in 3.0

[Chris Bare]

I'm converting some openssl 1.0 code to 3.0 and I don't know how to get the
coordinates
in a 3.0 way.
The old code is:
BN_CTX *ctx = BN_CTX_new ();
BIGNUM *X = NULL, *Y = NULL;
const EC_POINT *pubkey;
const EC_GROUP *group;
BN_CTX_start (ctx);
X = BN_CTX_get (ctx);
Y = BN_CTX_get (ctx);
pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey));
group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey));
EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx)

What would be the 3.0 way to get X and Y without using deprecated functions?
-- 
Chris Bare

Re: OpenSSL Memory Allocation Functions Issue

[Chris]

Hi Todd,

Thanks for the information.
I've looked at compiling. I'm assuming this is the file you're referring to?
/usr/local/src/openssl-1.1.1m/configdata.pm

What am I looking for in that file? There is no mention of malloc?
Do I alter this file before running

make clean

make

make install


Thanks,

Chris

On Wed, 30 Mar 2022 at 16:32, Todd Short  wrote:

> Each OS distribution may choose to enable/disable features as they see
> fit. And they may also patch the code.
>
> It's likely RHEL disabled the functionality.
>
> You would need to download the RPM source, build it, and see what is
> enabled (via configdata.pm) and what patches may have been applied.
>
> --
> -Todd Short
> // todd.sh...@me.com
> // “One if by land, two if by sea, three if by the Internet."
>
> On Mar 30, 2022, at 4:45 AM, Chris  wrote:
>
> Hi All,
>
>
> Experienced an issue with Kamailio which presented with the below error
>   tls_pre_init(): Unable to set the memory allocation functions
>
>
> I have two servers CentOS8 and RHEL8. CentOS8 runs as expected, RHEL8
> shows the errors
>
>
> This forum suggested this was related to an OpenSSL issue
> https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html
> <https://urldefense.com/v3/__https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html__;!!GjvTz_vk!AfL-J9AyplACFBlZMGroviNViIr_q6cV1xsicFVnuZ6r6VYVHs6K5HmWKLb-$>
>
>
> The below script was compiled and run as suggested in order confirm the
> OpenSSL was present
> #include 
> #include 
>
>
> static void *myMalloc( size_t s ) { return NULL; }
> static void *myRealloc( void *p, size_t s ) { return NULL; }
> static void myFree( void *p ) {}
>
>
> int main()
> {
>   if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc, myFree) )
>   {
> fprintf( stderr, "Unable to set the memory allocation functions\n");
> return -1;
>   }
>
>
>   return 0;
> }
>
>
> The output on each system was different
> CentOS – nothing outputted
> RHEL – “Unable to set the memory allocation functions”
>
>
> Though versions of OpenSSL installed appeared the same
> yum info openssl-libs openssl | grep 'Packages\|Name\|Version'
>
>
>   CentOS:
> Installed Packages
> Name : openssl
> Version  : 1.1.1k
> Name : openssl-libs
> Version  : 1.1.1k
>
>
>
>
>   RHEL:
> Installed Packages
> Name : openssl
> Version  : 1.1.1k
> Name : openssl-libs
> Version  : 1.1.1k
>
>
>
>
>   strings /usr/lib64/libcrypto.so | grep "^OpenSSL"
>   Both systems have the same output
>
>
>
>
> Would someone be able to confirm what is going on here?
> Does the above script suggest a problem with the OpenSSL-Libs?
> Am I looking in the right places to confirm a difference between the two
> VMs?
>
>
>
>
> Thanks,
> Chris
>
>
>

OpenSSL Memory Allocation Functions Issue

[Chris]

Hi All,



Experienced an issue with Kamailio which presented with the below error

  tls_pre_init(): Unable to set the memory allocation functions



I have two servers CentOS8 and RHEL8. CentOS8 runs as expected, RHEL8 shows
the errors



This forum suggested this was related to an OpenSSL issue
https://lists.kamailio.org/pipermail/sr-users/2013-August/079381.html



The below script was compiled and run as suggested in order confirm the
OpenSSL was present

#include 

#include 



static void *myMalloc( size_t s ) { return NULL; }

static void *myRealloc( void *p, size_t s ) { return NULL; }

static void myFree( void *p ) {}



int main()

{

  if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc, myFree) )

  {

fprintf( stderr, "Unable to set the memory allocation functions\n");

return -1;

  }



  return 0;

}



The output on each system was different

CentOS – nothing outputted

RHEL – “Unable to set the memory allocation functions”



Though versions of OpenSSL installed appeared the same

yum info openssl-libs openssl | grep 'Packages\|Name\|Version'



  CentOS:

Installed Packages

Name : openssl

Version  : 1.1.1k

Name : openssl-libs

Version  : 1.1.1k





  RHEL:

Installed Packages

Name : openssl

Version  : 1.1.1k

Name : openssl-libs

Version  : 1.1.1k





  strings /usr/lib64/libcrypto.so | grep "^OpenSSL"

  Both systems have the same output





Would someone be able to confirm what is going on here?

Does the above script suggest a problem with the OpenSSL-Libs?

Am I looking in the right places to confirm a difference between the two
VMs?





Thanks,

Chris

SHA256 openssl-1.1.1i Checksum Error

[Chris Outwin]

This is my first post.  OpenSSL is not my forte.

The code below returns an unexpected checksum value for openssl-1.1.1i..  
Strangely, when the same code is run for a previous version, the correct 
checksum value is returned.   Here is what I’ve tried:

1.  Downloaded the current SHA256 value for openssl-1.1.1i.tar.gz from 
https://www.openssl.org/source/
2.  Included that checksum value in the code below
3.  Run the code in macOS Version10.15.7’s Terminal app (using bash)
4.  Observed that the checksum value does not match the downloaded value in 
Step 1 above

Here is the part of the script associated with the problem.  Notice an 
incorrect checksum of 
c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e is returned at 
the end.  What am I doing wrong? 

#!/bin/zsh
# This script builds OpenSSL libssl and libcrypto for 64-bit devices.
# Binary distribution for ios64-cross-arm64 and ios64-cross-arm64e

VERSION=“1.1.1i”
VERSION_SHA256_CHECKSUM="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"

##
curl -Ov https://www.openssl.org/source/openssl-$VERSION.tar.gz

# Checksum to verify OpenSSL files are not corrupted.
FILE_CHECKSUM=$(shasum -a 256 openssl-$VERSION.tar.gz | awk '{print $1; exit}')
if [ "$FILE_CHECKSUM" != "$VERSION_SHA256_CHECKSUM" ]; then
echo "OpenSSL version $VERSION failed checksum."
echo "Checksum should be:" $VERSION_SHA256_CHECKSUM
echo "Actual downloaded file checksum:" $FILE_CHECKSUM
exit 1
fi

Here is the verbose listing returned by the script:

chrisoutwin@Chriss-iMac OpenSSL % bash build.sh
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
  Trying 23.2.168.18...
* TCP_NODELAY set
* Connected to www.openssl.org (23.2.168.18) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [229 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=www.openssl.org
*  start date: Oct 30 19:31:03 2020 GMT
*  expire date: Jan 28 19:31:03 2021 GMT
*  subjectAltName: host "www.openssl.org" matched cert's "www.openssl.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /source/openssl-“1.1.1i”.tar.gz HTTP/1.1
> Host: www.openssl.org
> User-Agent: curl/7.64.1
> Accept: */*
> 
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0< 
HTTP/1.1 404 Not Found
< Server: Apache/2.4.29 (Ubuntu)
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Accept-Ranges: bytes
< Content-Type: text/html; charset=UTF-8
< Content-Length: 4182
< Cache-Control: max-age=172800
< Expires: Wed, 30 Dec 2020 15:20:43 GMT
< Date: Mon, 28 Dec 2020 15:20:43 GMT
< Connection: keep-alive
< 
{ [1536 bytes data]
100  4182  100  41820 0   5873  0 --:--:-- --:--:-- --:--:--  5873
* Connection #0 to host www.openssl.org left intact
* Closing connection 0
OpenSSL version “1.1.1i” failed checksum.
Checksum should be: 
e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
Actual downloaded file checksum: 
c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e

CVE-1999-0428

[Chris Rhoads]

Hi openssl-users,


I am researching the known vulnerabilities of open source software that we
are considering.  According to the NIST NVD web site, the 1.1.1d version of
OpenSSL has a few known vulnerabilities:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced_type=overview_type=all_vendor=cpe%3A%2F%3Aopenssl_product=cpe%3A%2F%3A%3Aopenssl_version=cpe%3A%2F%3Aopenssl%3Aopenssl%3A1.1.1d


It appears most of the vulnerabilities that are listed by NIST can be
dismissed since the security vulnerability was actually in an application
that uses OpenSSL instead of being in OpenSSL itself.


But I've been unable to determine with certainty how the last vulnerability
on this list (CVE-1999-0428) was fixed.  In my research, I've found a
potential OpenSSL update in release 0.9.2b that may have addressed the
vulnerability: https://seclists.org/bugtraq/1999/Mar/144.  But this
security alert message doesn't reference any CVE number.


The OpenSSL Vulnerabilities web page (
https://www.openssl.org/news/vulnerabilities.html) doesn't go back to 1999,
so it doesn't provide any information regarding this vulnerability.


Can anyone point me to OpenSSL documentation that indicates CVE-1999-0428
was fixed?  Thanks.

fipsld in CMake

[Chris Fahlin]

Hello, 

I am trying to compile an openSSL wrapper for use on android, using fipsld to 
generate a fips compliant so file. 
It seems that android favors cmake now, so I was wondering if anyone got the 
fipsld steps working within cmake successfully and can give any pointers

Thanks

Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

[Chris Fernando via openssl-users]

> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users 
>  wrote:
> 
>> 
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users 
>>  wrote:
>> 
>> I perused the list archives for all of 2018 and did not see anything current 
>> relating to this problem, so if this is a question that has been asked & 
>> answered, please feel free to point me at the relevant location to read 
>> about what I'm doing incorrectly. =)
>> 
>> I'm not at all familiar with Windows & compiling Open Source projects, but I 
>> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual 
>> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module 
>> and OpenSSL 1.0.2q (NO FIPS) without issue.
>> 
>> [snip]
>> 
>> 
>> I am doing the following to compile FIPS:
>> cd c:\path\to\fips-source
>> ms\do_fips no-asm
>> 
>> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
>> cd c:\path\to\openssl-source
>> nmake -f ms\ntdll.mak clean
>> nmake -f ms\nt.mak clean
>> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
>> ms\do_win64a no-asm
>> nmake -f ms\ntdll.mak
>> 
>> [snip]
> 
> 
> Well, I managed to get the compile to move a bit further by copying "inc32" 
> to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source 
> directory, that I was including in --with-fipsdir= .
> 
> However, now I am getting the following error during the OpenSSL build 
> process.
> 
> [snip]

So, for anyone searching in the future, I managed to get it to compile ensuring 
the following:

Ensure the following is installed:
 * Perl (I used Strawberry Perl 5.24.4.1)
 * NASM (I used 2.14.02)
 * MS Visual Studio 2017 Community with the MS Windows SDK (what I used)

- Ensure your Windows PATH variable has NASM and Perl included (not including 
this is what was causing my errors).
- Start the Visual Studio 'Developer Command Prompt'.
- Change directory to the decompressed openssl source directory.
- Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure 
'--with-fipsdir=' pointed to where my FIPS object code was installed. It was, 
purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing 
problems for me.

I appreciate those who reached out to me directly to provide guidance in 
solving my compile issues.

Thanks,

Chris



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

[Chris Fernando via openssl-users]

> 
> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users 
>  wrote:
> 
> I perused the list archives for all of 2018 and did not see anything current 
> relating to this problem, so if this is a question that has been asked & 
> answered, please feel free to point me at the relevant location to read about 
> what I'm doing incorrectly. =)
> 
> I'm not at all familiar with Windows & compiling Open Source projects, but I 
> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual 
> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module 
> and OpenSSL 1.0.2q (NO FIPS) without issue.
> 
> [snip]
> 
> 
> I am doing the following to compile FIPS:
> cd c:\path\to\fips-source
> ms\do_fips no-asm
> 
> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
> cd c:\path\to\openssl-source
> nmake -f ms\ntdll.mak clean
> nmake -f ms\nt.mak clean
> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
> ms\do_win64a no-asm
> nmake -f ms\ntdll.mak
> 
> [snip]


Well, I managed to get the compile to move a bit further by copying "inc32" to 
"include", "util" to "bin", and "out32dll" to "lib" in the FIPS source 
directory, that I was including in --with-fipsdir= .

However, now I am getting the following error during the OpenSSL build process.


cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc
32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPEN
SSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_S
ECURE_NO_DEPRECATE -IC:\Users\cfernando\Downloads\ossl\ossl\openssl-fips/include
 -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -
DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS
 -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c C:\Users\cfernando\Downloads\
ossl\ossl\openssl-fips\lib\fips_premain.c
fips_premain.c
ml  /c ms\uptable.asm
Microsoft (R) Macro Assembler Version 14.16.27025.1
Copyright (C) Microsoft Corporation.  All rights reserved.

 Assembling: ms\uptable.asm
ms\uptable.asm(9) : error A2006:undefined symbol : rsp
ms\uptable.asm(10) : error A2006:undefined symbol : rsp
ms\uptable.asm(11) : error A2006:undefined symbol : rsp
ms\uptable.asm(12) : error A2006:undefined symbol : rsp
ms\uptable.asm(13) : error A2006:undefined symbol : rcx
ms\uptable.asm(14) : error A2006:undefined symbol : rdx
ms\uptable.asm(16) : error A2006:undefined symbol : rcx
ms\uptable.asm(17) : error A2006:undefined symbol : rdx
ms\uptable.asm(18) : error A2006:undefined symbol : r8
ms\uptable.asm(19) : error A2006:undefined symbol : r9
ms\uptable.asm(20) : error A2006:undefined symbol : rax
ms\uptable.asm(21) : error A2006:undefined symbol : rsp
ms\uptable.asm(22) : error A2006:undefined symbol : rax
ms\uptable.asm(29) : error A2006:undefined symbol : rsp
ms\uptable.asm(30) : error A2006:undefined symbol : rsp
ms\uptable.asm(31) : error A2006:undefined symbol : rsp
ms\uptable.asm(32) : error A2006:undefined symbol : rsp
ms\uptable.asm(33) : error A2006:undefined symbol : rcx
ms\uptable.asm(34) : error A2006:undefined symbol : rdx
ms\uptable.asm(36) : error A2006:undefined symbol : rcx
ms\uptable.asm(37) : error A2006:undefined symbol : rdx
ms\uptable.asm(38) : error A2006:undefined symbol : r8
ms\uptable.asm(39) : error A2006:undefined symbol : r9
ms\uptable.asm(40) : error A2006:undefined symbol : rax
ms\uptable.asm(41) : error A2006:undefined symbol : rsp
ms\uptable.asm(42) : error A2006:undefined symbol : rax
ms\uptable.asm(49) : error A2006:undefined symbol : rsp
ms\uptable.asm(50) : error A2006:undefined symbol : rsp
ms\uptable.asm(51) : error A2006:undefined symbol : rsp
ms\uptable.asm(52) : error A2006:undefined symbol : rsp
ms\uptable.asm(53) : error A2006:undefined symbol : rcx
ms\uptable.asm(54) : error A2006:undefined symbol : rdx
ms\uptable.asm(56) : error A2006:undefined symbol : rcx
ms\uptable.asm(57) : error A2006:undefined symbol : rdx
ms\uptable.asm(58) : error A2006:undefined symbol : r8
ms\uptable.asm(59) : error A2006:undefined symbol : r9
ms\uptable.asm(60) : error A2006:undefined symbol : rax
ms\uptable.asm(61) : error A2006:undefined symbol : rsp
ms\uptable.asm(62) : error A2006:undefined symbol : rax
ms\uptable.asm(69) : error A2006:undefined symbol : rsp
ms\uptable.asm(70) : error A2006:undefined symbol : rsp
ms\uptable.asm(71) : error A2006:undefined symbol : rsp
ms\uptable.asm(72) : error A2006:undefined symbol : rsp
ms\uptable.asm(73) : error A2006:undefined symbol : rcx
ms\uptable.asm(74) : error A2006:undefined symbol : rdx
ms\uptable.asm(76) : error A2006:undefined symbol : rcx
ms\uptable.asm(77) : error A2006:undefined symbol : rdx
ms\uptable.asm(78) : error A2006:undefined symbol : r8
ms\uptable.asm(79) : er

[openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

[Chris Fernando via openssl-users]

I perused the list archives for all of 2018 and did not see anything current 
relating to this problem, so if this is a question that has been asked & 
answered, please feel free to point me at the relevant location to read about 
what I'm doing incorrectly. =)

I'm not at all familiar with Windows & compiling Open Source projects, but I am 
having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 
2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and 
OpenSSL 1.0.2q (NO FIPS) without issue.

When I try to compile OpenSSL with the FIPS canister, per the User Guide 
instructions, I end up with the following error.

cl /Fotmp32dll\o_fips.obj  -Iinc32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS
 -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
-DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -Ic:\..\openssl-fips/
include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO
_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_
CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL  -DOPENSSL_BUIL
D_SHLIBCRYPTO -c .\crypto\o_fips.c
o_fips.c
.\crypto\o_fips.c(61): fatal error C1083: Cannot open include file: 'openssl/fip
s.h': No such file or directory
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017
\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\cl.EXE"' : return code '0x2
'
Stop.


I am doing the following to compile FIPS:
cd c:\path\to\fips-source
ms\do_fips no-asm

I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
cd c:\path\to\openssl-source
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak clean
perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
ms\do_win64a no-asm
nmake -f ms\ntdll.mak


I feel like I'm missing something fundamental here and I know the User Guide 
says to install the FIPS files in a protected area. However, as I'm just 
building the source on this device, shouldn't I be able to to do the above and 
have it work?

Any help would be greatly appreciated.


Thanks,

Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Subject CN and SANs

[chris . gray]

A bit off-topic but is it also a good idea to follow these guidelines in
non-browser use cases, for example for a client certificate which is used
to autenticate on a TLS connection which will be used for another protocol
such as MQTT? In this case the SubjectCN looks like a "natural" place to
put the client's identity, but maybe it is still better to use
subjectAltName?

 - Chris

> Actually, per the latest CA/Browser forum guidelines, subject.CN is not
> only optional but “discouraged”.
>
> -FG
>
>> On Dec 23, 2018, at 4:29 PM, Kyle Hamilton  wrote:
>>
>> SubjectCN is an operational requirement of X.509, I believe.  It's not
>> optional in the data structure, at any rate.
>>
>> -Kyle H
>>
>>> On Sun, Dec 23, 2018 at 9:22 AM Michael Richardson 
>>> wrote:
>>>
>>>
>>> Salz, Rich via openssl-users  wrote:
>>>> Putting the DNS name in the CN part of the subjectDN has been
>>>> deprecated for a very long time (more than 10 years), although it
>>>> is still supported by many existing browsers. New certificates
>>>> should only use the subjectAltName extension.
>>>
>>> Fair enough.
>>>
>>> It seems that the "openssl ca" mechanism still seem to want a subjectDN
>>> defined.  Am I missing some mechanism that would let me omit all of
>>> that?  Or
>>> is a patch needed to kill what seems like a current operational
>>> requirement?
>>>
>>> --
>>> ]   Never tell me the odds! | ipv6 mesh
>>> networks [
>>> ]   Michael Richardson, Sandelman Software Works|IoT
>>> architect   [
>>> ] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on
>>> rails[
>>>
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Exclude unwanted ciphers during build

[Chris Clark]

Is there a simple way of excluding unwanted ciphers or cipher suites
during a build?
I would like to remove ARIA in particular, but may want to remove
additional ones in order to use a smaller footprint.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

Richard, Moving Glob.pm into the main directory of the latest stable
snapshot openssl-1.1.1-stable-SNAP-20181022 allowed it to bypass the
missing Glob.pm message, but then it failed with the same set of
"error C2065: 'INT32_MAX' : undeclared identifier" messages as the
older openssl-1.1.1-stable-SNAP-20181018.
On Tue, Oct 23, 2018 at 3:31 AM Chris Clark  wrote:
>
> Next I tried an older stable snapshot
> openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but
> I got a different compile result:
>
> cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090
> /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
> -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2"
> -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5"
> -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM"
> -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM"
> -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM"
> -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program
> Files\\Common Files\\SSL\""
> -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
> -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
> -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
> -D"OPENSSL_USE_APPLINK" -D"NDEBUG"  -c /Focrypto\rand\drbg_ctr.obj
> "crypto\rand\drbg_ctr.c"
> drbg_ctr.c
> crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from
> 'size_t' to 'int', possible loss of data
> crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier
> crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier
> crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier
> crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
> Stop.
> On Tue, Oct 23, 2018 at 3:17 AM Chris Clark  wrote:
> >
> > Thanks Richard. I downloaded the latest stable snapshot in order to
> > bypass the UINT16_MAX definition bug, but this version fails to
> > configure:
> >
> > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A
> > --prefix=c:/openssl no-makedepend
> > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the
> > OpenSSL::Glob module) (@INC contains:
> > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib
> > c:/perl/lib .) at Configure line 20.
> > BEGIN failed--compilation aborted at Configure line 20.
> >
> >
> > I'll try some of the older stable snapshots.
> > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte  wrote:
> > >
> > > Silly me, I forgot we already fixed that bug:
> > >
> > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3
> > > Author: Richard Levitte 
> > > Date:   Wed Sep 12 02:06:26 2018 +0200
> > >
> > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
> > >
> > > Fixes #7186
> > >
> > > Reviewed-by: Tim Hudson 
> > > (Merged from https://github.com/openssl/openssl/pull/7193)
> > >
> > > (cherry picked from commit 
> > > 88ea3685e4bf30fc529fe46e19effc6317726de8)
> > >
> > > Cheers,
> > > Richard
> > >
> > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on 
> > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte 
> > >  said:
> > >
> > > > That indicates we do things in the wrong order (foo.obj depends on
> > > > foo.d, meaning foo.d gets "built" first), but that's a side issue.
> > > >
> > > > You found a bug in crypto\sm2\sm2_sign.c, thank you.  Are you willing
> > > > to write up a Github issue for it?
> > > >
> > > > In message 
> > > >  on 
> > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark  
> > > > said:
> > > >
> > > > > Thank you Richard. Adding the "no-makedepend" avoided the  fatal error
&

Re: [openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

Next I tried an older stable snapshot
openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but
I got a different compile result:

cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090
/nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
-D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2"
-D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5"
-D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM"
-D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM"
-D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM"
-D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program
Files\\Common Files\\SSL\""
-D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
-D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
-D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
-D"OPENSSL_USE_APPLINK" -D"NDEBUG"  -c /Focrypto\rand\drbg_ctr.obj
"crypto\rand\drbg_ctr.c"
drbg_ctr.c
crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from
'size_t' to 'int', possible loss of data
crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
Stop.
On Tue, Oct 23, 2018 at 3:17 AM Chris Clark  wrote:
>
> Thanks Richard. I downloaded the latest stable snapshot in order to
> bypass the UINT16_MAX definition bug, but this version fails to
> configure:
>
> C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A
> --prefix=c:/openssl no-makedepend
> Can't locate OpenSSL/Glob.pm in @INC (you may need to install the
> OpenSSL::Glob module) (@INC contains:
> C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib
> c:/perl/lib .) at Configure line 20.
> BEGIN failed--compilation aborted at Configure line 20.
>
>
> I'll try some of the older stable snapshots.
> On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte  wrote:
> >
> > Silly me, I forgot we already fixed that bug:
> >
> > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3
> > Author: Richard Levitte 
> > Date:   Wed Sep 12 02:06:26 2018 +0200
> >
> > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
> >
> > Fixes #7186
> >
> > Reviewed-by: Tim Hudson 
> > (Merged from https://github.com/openssl/openssl/pull/7193)
> >
> > (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8)
> >
> > Cheers,
> > Richard
> >
> > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on 
> > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte 
> >  said:
> >
> > > That indicates we do things in the wrong order (foo.obj depends on
> > > foo.d, meaning foo.d gets "built" first), but that's a side issue.
> > >
> > > You found a bug in crypto\sm2\sm2_sign.c, thank you.  Are you willing
> > > to write up a Github issue for it?
> > >
> > > In message 
> > >  on 
> > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark  
> > > said:
> > >
> > > > Thank you Richard. Adding the "no-makedepend" avoided the  fatal error
> > > > U1077, but now it fails due to an undeclared identifier:
> > > >
> > > > cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I
> > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC"
> > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT"
> > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM"
> > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM"
> > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM"
> &g

Re: [openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

Thanks Richard. I downloaded the latest stable snapshot in order to
bypass the UINT16_MAX definition bug, but this version fails to
configure:

C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A
--prefix=c:/openssl no-makedepend
Can't locate OpenSSL/Glob.pm in @INC (you may need to install the
OpenSSL::Glob module) (@INC contains:
C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib
c:/perl/lib .) at Configure line 20.
BEGIN failed--compilation aborted at Configure line 20.


I'll try some of the older stable snapshots.
On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte  wrote:
>
> Silly me, I forgot we already fixed that bug:
>
> commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3
> Author: Richard Levitte 
> Date:   Wed Sep 12 02:06:26 2018 +0200
>
> crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
>
> Fixes #7186
>
> Reviewed-by: Tim Hudson 
> (Merged from https://github.com/openssl/openssl/pull/7193)
>
> (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8)
>
> Cheers,
> Richard
>
> In message <20181023.103453.1842719922424343673.levi...@openssl.org> on Tue, 
> 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte  said:
>
> > That indicates we do things in the wrong order (foo.obj depends on
> > foo.d, meaning foo.d gets "built" first), but that's a side issue.
> >
> > You found a bug in crypto\sm2\sm2_sign.c, thank you.  Are you willing
> > to write up a Github issue for it?
> >
> > In message 
> >  on 
> > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark  said:
> >
> > > Thank you Richard. Adding the "no-makedepend" avoided the  fatal error
> > > U1077, but now it fails due to an undeclared identifier:
> > >
> > > cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I
> > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC"
> > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT"
> > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM"
> > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM"
> > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM"
> > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM"
> > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\""
> > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
> > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
> > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
> > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG"  -c /Focrypto\sm2\sm2_sign.obj
> > > "crypto\sm2\sm2_sign.c"
> > > sm2_sign.c
> > > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared 
> > > identifier
> > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> > > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2'
> > > Stop.
> > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
> > > Stop.
> > > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte  
> > > wrote:
> > > >
> > > > I suspect you'll find some kind of error message in
> > > > crypto\sm2\sm2_sign.d.  I suspect that /showIncludes isn't supported
> > > > in VS 2008.
> > > >
> > > > There is a workaround for this problem, and it's to use the
> > > > 'no-makedepend' option:
> > > >
> > > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend
> > > >
> > > > For a single build, that should be good enough.
> > > >
> > > > Cheers,
> > > > Richard
> > > >
> > > > In message 
> > > >  on 
> > > > Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark  
> > > > said:
> > > >
> > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version
> > > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
> > > > > 1.1.1 for VC-WIN64A I get the following compile error:
> > > > >
> > > >

Re: [openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

Thank you Richard. Adding the "no-makedepend" avoided the  fatal error
U1077, but now it fails due to an undeclared identifier:

cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I
"." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC"
-D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT"
-D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM"
-D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM"
-D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM"
-D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM"
-D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\""
-D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
-D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
-D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
-D"OPENSSL_USE_APPLINK" -D"NDEBUG"  -c /Focrypto\sm2\sm2_sign.obj
"crypto\sm2\sm2_sign.c"
sm2_sign.c
crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared identifier
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
Stop.
On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte  wrote:
>
> I suspect you'll find some kind of error message in
> crypto\sm2\sm2_sign.d.  I suspect that /showIncludes isn't supported
> in VS 2008.
>
> There is a workaround for this problem, and it's to use the
> 'no-makedepend' option:
>
> perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend
>
> For a single build, that should be good enough.
>
> Cheers,
> Richard
>
> In message 
>  on Mon, 
> 22 Oct 2018 23:50:46 -0700, Chris Clark  said:
>
> > I am attempting to upgrade a project using OpenSSL 1.0.0h to version
> > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
> > 1.1.1 for VC-WIN64A I get the following compile error:
> >
> >cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
> > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
> > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2"
> > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5"
> > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM"
> > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM"
> > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM"
> > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program
> > Files\\Common Files\\SSL\""
> > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
> > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
> > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
> > -D"OPENSSL_USE_APPLINK" -D"NDEBUG"  /Zs /showIncludes
> > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d
> > NMAKE : fatal error U1077: 'cl' : return code '0x2'
> > Stop.
> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
> > Stop.
> >
> > My Command lines from the VS 2008 x64 Command Prompt are:
> > perl Configure VC-WIN64A --prefix=c:/openssl
> > nmake
> >
> > I also tried compiling the latest stable snapshot
> > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However
> > version 1.1.0h compiles without error. Can anyone tell me what the
> > problem is?
> >
> > Here is the configuration dump:
> >
> > Command line (with current working directory = .):
> > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl
> > Perl information:
> > c:\perl\bin\perl.exe
> > 5.24.3 for MSWin32-x64-multi-thread
> > Enabled features:
> > aria
> > asm
> > async
> > autoalginit
> > autoerrinit
> > autoload-config
> > bf
> > blake2
> > camell

Re: [openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

Sorry, I meant to say I'm upgrading from 1.1.0h.
On Tue, Oct 23, 2018 at 12:20 AM Dr. Matthias St. Pierre
 wrote:
>
> Oh, I should have read your mail until the end:
>
> Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions.
>
> > -Ursprüngliche Nachricht-
> > Von: openssl-users  Im Auftrag von Dr. 
> > Matthias St. Pierre
> > Gesendet: Dienstag, 23. Oktober 2018 09:17
> > An: openssl-users@openssl.org
> > Betreff: Re: [openssl-users] How to compile 1.1.1 under Windows
> >
> > Hi,
> >
> > a lot of structures where made opaque going from 1.0.2 to 1.1.0.
> > This means, you will have to make changes to your program source code
> > to compile it against 1.1.0 or 1.1.1.
> >
> > For details, see https://www.openssl.org/docs/faq.html#PROG2
> >
> > HTH,
> > Matthias
> >
> >
> > > -Ursprüngliche Nachricht-
> > > Von: openssl-users  Im Auftrag von 
> > > Chris Clark
> > > Gesendet: Dienstag, 23. Oktober 2018 08:51
> > > An: openssl-users@openssl.org
> > > Betreff: [openssl-users] How to compile 1.1.1 under Windows
> > >
> > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version
> > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
> > > 1.1.1 for VC-WIN64A I get the following compile error:
> > >
> > >cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
> > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
> > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2"
> > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5"
> > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM"
> > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM"
> > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM"
> > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program
> > > Files\\Common Files\\SSL\""
> > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
> > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
> > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
> > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG"  /Zs /showIncludes
> > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d
> > > NMAKE : fatal error U1077: 'cl' : return code '0x2'
> > > Stop.
> > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
> > > Stop.
> > >
> > > My Command lines from the VS 2008 x64 Command Prompt are:
> > > perl Configure VC-WIN64A --prefix=c:/openssl
> > > nmake
> > >
> > > I also tried compiling the latest stable snapshot
> > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However
> > > version 1.1.0h compiles without error. Can anyone tell me what the
> > > problem is?
> > >
> > > Here is the configuration dump:
> > >
> > > Command line (with current working directory = .):
> > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl
> > > Perl information:
> > > c:\perl\bin\perl.exe
> > > 5.24.3 for MSWin32-x64-multi-thread
> > > Enabled features:
> > > aria
> > > asm
> > > async
> > > autoalginit
> > > autoerrinit
> > > autoload-config
> > > bf
> > > blake2
> > > camellia
> > > capieng
> > > cast
> > > chacha
> > > cmac
> > > cms
> > > comp
> > > ct
> > > deprecated
> > > des
> > > dgram
> > > dh
> > > dsa
> > > dso
> > > dtls
> > > dynamic-engine
> > > ec
> > > ec2m
> > > ecdh
> > > ecdsa
> > > engine
> > > err
> > > filenames
> > > gost
> > > hw(-.+)?
> > > idea
> > > makedepend
> > > md4
> > > mdc2
> > &g

[openssl-users] How to compile 1.1.1 under Windows

[Chris Clark]

I am attempting to upgrade a project using OpenSSL 1.0.0h to version
1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
1.1.1 for VC-WIN64A I get the following compile error:

   cl  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
/O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
-D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2"
-D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5"
-D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM"
-D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM"
-D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM"
-D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program
Files\\Common Files\\SSL\""
-D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32"
-D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE"
-D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
-D"OPENSSL_USE_APPLINK" -D"NDEBUG"  /Zs /showIncludes
"crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
Stop.

My Command lines from the VS 2008 x64 Command Prompt are:
perl Configure VC-WIN64A --prefix=c:/openssl
nmake

I also tried compiling the latest stable snapshot
(openssl-1.1.1-stable-SNAP-20181022) with the same results. However
version 1.1.0h compiles without error. Can anyone tell me what the
problem is?

Here is the configuration dump:

Command line (with current working directory = .):
c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl
Perl information:
c:\perl\bin\perl.exe
5.24.3 for MSWin32-x64-multi-thread
Enabled features:
aria
asm
async
autoalginit
autoerrinit
autoload-config
bf
blake2
camellia
capieng
cast
chacha
cmac
cms
comp
ct
deprecated
des
dgram
dh
dsa
dso
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
engine
err
filenames
gost
hw(-.+)?
idea
makedepend
md4
mdc2
multiblock
nextprotoneg
ocb
ocsp
pic
poly1305
posix-io
psk
rc2
rc4
rdrand
rfc3779
rmd160
scrypt
seed
shared
siphash
sm2
sm3
sm4
sock
srp
srtp
sse2
ssl
static-engine
stdio
tests
threads
tls
ts
ui-console
whirlpool
tls1
tls1-method
tls1_1
tls1_1-method
tls1_2
tls1_2-method
tls1_3
dtls1
dtls1-method
dtls1_2
dtls1_2-method
Disabled features:
afalgeng[not-linux]
asan[default]   OPENSSL_NO_ASAN
crypto-mdebug   [default]   OPENSSL_NO_CRYPTO_MDEBUG
crypto-mdebug-backtrace [default]   OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
devcryptoeng[default]   OPENSSL_NO_DEVCRYPTOENG
ec_nistp_64_gcc_128 [default]   OPENSSL_NO_EC_NISTP_64_GCC_128
egd [default]   OPENSSL_NO_EGD
external-tests  [default]   OPENSSL_NO_EXTERNAL_TESTS
fuzz-libfuzzer  [default]   OPENSSL_NO_FUZZ_LIBFUZZER
fuzz-afl[default]   OPENSSL_NO_FUZZ_AFL
heartbeats  [default]   OPENSSL_NO_HEARTBEATS
md2 [default]   OPENSSL_NO_MD2 (skip crypto\md2)
msan[default]   OPENSSL_NO_MSAN
rc5 [default]   OPENSSL_NO_RC5 (skip crypto\rc5)
sctp[default]   OPENSSL_NO_SCTP
ssl-trace   [default]   OPENSSL_NO_SSL_TRACE
ubsan   [default]   OPENSSL_NO_UBSAN
unit-test   [default]   OPENSSL_NO_UNIT_TEST
weak-ssl-ciphers[default]   OPENSSL_NO_WEAK_SSL_CIPHERS
zlib[default]
zlib-dynamic[default]
ssl3[default]   OPENSSL_NO_SSL3
ssl3-method [default]   OPENSSL_NO_SSL3_METHOD
Config target attributes:
AR => "lib",
ARFLAGS => "/nologo",
AS => "nasm",
ASFLAGS => "-g",
CC => "cl",
CFLAGS => "/W3 /wd4090 /nologo /O2",
CPP => "\$(CC) /EP /C",
HASHBANGPERL => "/usr/bin/env perl",
LD => "link",
LDFLAGS => "/nologo /debug",
MT => "mt",
MTFLAGS => "-nologo",
RANLIB => "CODE(0x65aff0)",
RC => "rc",
aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s
aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s
aesni-mb-x86_64.s",
aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
aesni-mb-x86_64.o",
apps_aux_src => "win32_init.c",
apps_init_src => "../ms/applink.c",
apps_obj => "win32_init.o",
aroutflag => "/out:",
asflags => "-Ox -f win64 -DNEAR",
asoutflag => "-o ",
bf_asm_src => "bf_enc.c",
bf_obj => "bf_enc.o",
bin_cflags => "/Zi /Fdapp.pdb",

Re: [openssl-users] Checksum for openssl-1.0.2p download

[Chris Outwin]

Thank you very much for your helpful reply.  

I’m a graphics programmer with no experience in PGP.  The shell script I have 
calls:   
OPENSSL_ARCHIVE_URL="https://www.openssl.org/source/old/${BRANCH}/${OPENSSL_ARCHIVE_FILE_NAME}”
 in the process of downloading OpenSSL for use in building an iOS static 
implementation.  Does https have a reasonable level of security?  I believe I 
can include a block of code in the script to do a checksum.

> On Sep 12, 2018, at 1:42 PM, Michael Wojcik  
> wrote:
> 
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Matt Caswell
>> Sent: Wednesday, September 12, 2018 14:29
>> 
>> On 12/09/18 19:24, Chris Outwin wrote:
>>> I’m an OpenSSL newbie and this is my first post. I’m using OpenSSL for
>> receipt validation in an iOS application.
>>> 
>>> Is there a list of checksums to verify openssl download versions?
>> 
>> Next to each download on the website there are links for SHA256/PGP/SHA1
>> checksums.
>> 
>> https://www.openssl.org/source/
> 
> I'd strongly recommend verifying the PGP (OpenPGP, gpg) signature on the 
> tarball. The signature files are right there alongside the tarballs.
> 
> If you're new to gpg (or whatever OpenPGP implementation of your choice), 
> there's a bit of learning and setup to do: you'll need to fetch the 
> appropriate key from a public keyserver or other trustworthy (-ish) source to 
> fully verify the signature, and you'll probably want to mark the key as 
> trusted so the output from gpg is clear.
> 
> But once you've done that, it's very easy to verify the signature, and to 
> automate the process if you prefer. And the signatures add a bit of 
> defense-in-depth because publishing a tampered-with tarball would require 
> subverting the private key as well as to the OpenSSL web server.  (If you're 
> just checking the SHA256 hash, an attacker could either get access to the 
> OpenSSL web server, or force you to a counterfeit server, for example via DNS 
> cache poisoning. And due to the systemic brokenness of the web PKI, it's 
> pretty easy to fool a lot of people with a counterfeit server.)
> 
> So do the work now to set yourself up for verifying the signature, and 
> inculcate a good habit.
> 
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Checksum for openssl-1.0.2p download

[Chris Outwin]

I’m an OpenSSL newbie and this is my first post. I’m using OpenSSL for receipt 
validation in an iOS application.  

Is there a list of checksums to verify openssl download versions?  I believe I 
should be using openssl-1.0.2p.  Can openssl-1.1.1 be used in a production 
application yet?  Why doesn’t openssl-1.1.1 end with a letter of the alphabet? 

 Thank you very much.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[chris . gray]

> Of course people have been harvesting entropy, or trying to, from network
> sources for decades. There's a famous paragraph regarding it in RFC 4086,
> which is an expanded version of a similar statement from RFC 1750 (1994):
>
> Other external events, such as network packet arrival times and
> lengths, can also be used, but only with great care.  In particular,
> the possibility of manipulation of such network traffic measurements
> by an adversary and the lack of history at system start-up must be
> carefully considered.  If this input is subject to manipulation, it
> must not be trusted as a source of entropy.
>
> (RFC 4086, 3.5)

Good point about the possibility of manipulation; it sounds a bit
far-fetched but so did a lot of other exploits before they became a
reality.

> More generally: It's often possible to harvest quite a bit of information
> that can't be adequately predicted or statistically modeled by an attacker
> from network sources, and these days distilling CPRNG entropy from such
> inputs is straightforward thanks to the use of cryptographic compression
> functions. It's the edge cases that bite you. 4086 mentions attacker
> manipulation (flooding network sources with known data to flush entropy
> out of the pool) and start-up (if you don't have persistent storage of
> adequate seed material). Embedded devices may suffer from too little, or
> too predictable, network traffic in their limited reception area.
>
> You can get stronger guarantees from hardware entropy devices, which are
> cheap (in every sense: component cost, power consumption, size, ...). So
> there's not a lot of incentive to do more research into gathering entropy
> from external sources - it makes more sense to lean on device
> manufacturers, or use add-on devices.

Or carry forward entropy across reboots, provided that can be done without
exposing another attack surface; or obtaining entropy from a trusted
source if you can figure out how to make a secure connection with that
source. My experience with "lean[ing] on device manufacturers" is not all
that positive.

> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[chris . gray]

As it happens I am the proud owner of a made-in-UK Mathmos Lava Lamp and a
couple of their Space Projectors : however I don't use them as a RNG.

I am thinking more about the fact that there are a lot of devices which
 * have no hardware TRNG on board
 * do have one or more connections to wired or wireless internet and/or
wide-area networks and/or various other communications channels such as
BTLE or ZigBee
 * need to make a TLS/DTLS connection somewhere in order to be useful.

By "literally in the air" I mean the entropy that is flying around in
those radio channels or shared media; not the data which is being
transmitted, but the inter-arrival times / collisions / etc. generated by
a number of physically independent sources.

I am sceptical of using haveged on such devices; of course I should be
willing to test it and measure the results, but "measuring randomness" is
a tricky business so I would be happy to see the results of some research.
My own experiments in the past (with devices which had only a dial-up
connection to the mother ship) were singularly unsuccessful in generating
any useful degree of randomness.

Thanks anyway for the suggestions everyone.

> On 05/31/2018 03:03 PM, openssl-users-requ...@openssl.org distributed:
>> Date: Thu, 31 May 2018 18:45:02 +1000
>> From: FooCrypt 
>>
>> Place a teaspoon of fine grade white sand onto the skin of a snare drum
>
> Macroscopic hardware TRNGs are a *tad* yesteryear
>
> https://en.wikipedia.org/wiki/Lavarand
>
> because observing *quantum* random events doesn't require large devices
>
> https://en.wikipedia.org/wiki/Hardware_random_number_generator
>
> (not to mention being IIUC harder to influence by an attacker so as to
> make them lose randomness). Nonetheless, if you don't have the hardware
> (builtin TPM?) and cannot easily connect one to the given platform (as I
> suspect for the OP's architecture) ...
>
> For general computing platforms, I've taken to installing (and, of
> course, running and monitoring) haveged as a standard - on hosts *and*
> VMs. It can run in an AIS-31 test mode if you want to check out the
> entropy it collects.
>
> https://wiki.archlinux.org/index.php/Haveged
>
>>> On 31 May 2018, at 6:07 PM, chris.g...@kiffer.be wrote:
>>> I've also encountered this quite often, and I have a feeling that on
>>> today's connected devices there may be a lot of entropy "in the air"
>>> (quite literally) which is not being captured. Does any one know of
>>> research in this area?
>
> Not specifically for mobile phones or WiFi interfaces, if that's what
> you're referring to with "in the air". However, squeezing available
> entropy out of various less-than-predictable hardware and OS states is
> what *all* non-hardware entropy gatherers ultimately do, from the Linux
> kernel's /dev/random mechanisms to haveged to what-have-you.
>
> Regards,
> --
> Jochen Bern
> Systemingenieur
>
> www.binect.de
> www.facebook.de/binect
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[chris . gray]

I've also encountered this quite often, and I have a feeling that on
today's connected devices there may be a lot of entropy "in the air"
(quite literally) which is not being captured. Does any one know of 
research in this area?

> Hi Scott
>
> I don’t know your OS or environment, have you tried the ‘openssl
> rand’ functionality as a random source to seed your entropy issues ?
>
> openssl rand 102400 > some named pipe file that you can call as your
> random source.
>
> perhaps rather than pseudo random, try a hardware device ?
>
>
>
>> On 30 May 2018, at 8:58 AM, Scott Neugroschl  wrote:
>>
>> Hi,
>>
>> I’m using PRNGD to seed my random numbers (I’m on a system without
>> /dev/random and /dev/urandom).   I occasionally get the dreaded “PRNG
>> is not seeded” error.
>>
>> I know this is caused by a lack of available entropy in the system; but
>> what can I do to address this?  Is it just a matter of waiting until
>> enough entropy has been collected?  Is there any kind of workaround?
>>
>> Thanks
>>
>> ScottN
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] how to control the cipher list of an openssl server

[Chris Bare]

I have a fairly basic server set up based on various examples I've seen.

I run an nmap script I found against it and see only 16 ciphers listed,
none of which are supported by modern web browsers.
Yet when I run "openssl ciphers I get a list of 97.

I realize some of these are old and deprecated etc, but where does the
default list come from?

I tried this code to set it to use one of the more modern ciphers shown in
the the openssl ciphers output:

char *ssl_cipher = "ECDHE-ECDSA-AES128-GCM-SHA256";
if(!SSL_CTX_set_cipher_list(jav->ctx, ssl_cipher))
 return (false);

but after that the nmap script doesn't find any ciphers.

Any suggestions?

-- 
Chris Bare
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Re: OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

Thank you to everyone that has weighed in on my question.  Unfortunately, I
have yet to find an answer that I'm fully satisfied with.

I'm trying a different approach: I would like to create a sample encrypted
Ethereum private key that shares the same 132 character PEM format as the
string I'm trying to decrypt.  I can then attempt to decrypt that string
with an incorrect password, and see if I get the EVP_DecryptFinal_ex:wrong
final block length error.  Does that make sense?

Here's my basic approach.  I'm starting with Vincent Kobel's excellent
"Create a Full Ethereum Wallet, Keypair and Address" article (
https://kobl.one/blog/create-full-ethereum-keypair-and-address/)

He creates a 132-character PEM formatted unencrypted private key with this
command:

openssl ecparam -name secp256k1 -genkey -noout

Unless I have completely failed at reading the man page correctly, there's
no way to assign a password from the ecparam command.

I write the 132 character unencrypted private key (not the -BEGIN/END
EC PRIVATE KEY-  characters) to a file named sample_pk.pem and I
encrypt it with openssl:

openssl enc -e -aes-256-cbc -a -in sample_pk.pem -out sample_epk.pem -pass
pass:secret


I now have a 256 character encrypted private string.  (Note, the string
length is 256 characters whether I use AES-128 or AES-256.  That's probably
obvious to all of you, but it wasn't to me).

If I decrypt that string with the correct password


openssl enc -d -aes256 -a -in sample_epk.pem -out recovered.key -pass
pass:secret


I get my original unencrypted private key back.  Excellent!


However, If I decrypt that string with an incorrect password:

openssl enc -d -aes256 -a -in sample_epk.pem -out recovered.key -pass
pass:secr3t

I get a new error message:

EVP_DecryptFinal_ex:bad decrypt


And, that message does not match the EVP_DecryptFinal_ex:wrong final block
length error message I was hoping to get.


I think that all that I have proven with this exercise is that the original
unencrypted private key was:


   - not a 132 character PEM formatted unencrypted private key
   - and/or
   - it was not encrypted using the -aes-256-cbc encryption algorithm

So, on to the question!  Can anyone help me figure out how to create an
Ethereum private key such that when it is encrypted it is a 132 character
long PEM formatted string?

Alternately, is there a process for taking an encrypted string, and
"backing in" to the details of how it was created?  (ie what algorithm,
etc?)

Thanks,
Chris


On Mon, Jan 15, 2018 at 2:01 PM, Chris B <cryptoassetrecov...@gmail.com>
wrote:

> Hi Daniel,
>
> >Option #1 from the possibilities you mentioned below seems to be the
> most logical to me.
> Thank you, that's very helpful.
>
> Thanks,
> Chris
>
> On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel <dnsa...@sandia.gov> wrote:
>
>> On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
>>
>> Hi Matt,
>>
>> >If you *are* using 1.1.0 then the default digest was changed between
>> 1.0.2 and 1.1.0.
>> Awesome thought, but I'm also using 1.0.2:
>>
>> $ openssl version
>>
>> OpenSSL 1.0.2k-fips  26 Jan 2017
>>
>> (I also tried adding -md md5 to the previous command, but I got the same
>> error message).
>>
>>
>> Option #1 from the possibilities you mentioned below seems to be the most
>> logical to me. If you use the wrong key, the padding data in the last block
>> will also be decrypted to the wrong values, so the padding block check will
>> fail. The padding is a necessary part of decryption because it needs to
>> know how much plaintext is actually represented by that last block.
>>
>>
>> > I'm not sure how to interpret that output. I could interpret it as:
>> > o Your system for decrypting the password is perfect, but: this is not
>> > the right password.
>> > o There's something wrong with the EPK -- its length must be a multiple
>> > of the AES block length.
>> > o There's something wrong with the unencrypted private key -- its length
>> > must be a multiple of the AES block length.
>> > o Something else entirely
>>
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Re: OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

Hi Daniel,

>Option #1 from the possibilities you mentioned below seems to be the most
logical to me.
Thank you, that's very helpful.

Thanks,
Chris

On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel <dnsa...@sandia.gov> wrote:

> On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
>
> Hi Matt,
>
> >If you *are* using 1.1.0 then the default digest was changed between
> 1.0.2 and 1.1.0.
> Awesome thought, but I'm also using 1.0.2:
>
> $ openssl version
>
> OpenSSL 1.0.2k-fips  26 Jan 2017
>
> (I also tried adding -md md5 to the previous command, but I got the same
> error message).
>
>
> Option #1 from the possibilities you mentioned below seems to be the most
> logical to me. If you use the wrong key, the padding data in the last block
> will also be decrypted to the wrong values, so the padding block check will
> fail. The padding is a necessary part of decryption because it needs to
> know how much plaintext is actually represented by that last block.
>
>
> > I'm not sure how to interpret that output. I could interpret it as:
> > o Your system for decrypting the password is perfect, but: this is not
> > the right password.
> > o There's something wrong with the EPK -- its length must be a multiple
> > of the AES block length.
> > o There's something wrong with the unencrypted private key -- its length
> > must be a multiple of the AES block length.
> > o Something else entirely
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

Hi Matt,

>If you *are* using 1.1.0 then the default digest was changed between 1.0.2
and 1.1.0.
Awesome thought, but I'm also using 1.0.2:

$ openssl version

OpenSSL 1.0.2k-fips  26 Jan 2017

(I also tried adding -md md5 to the previous command, but I got the same
error message).

Thanks,
Chris

On Sun, Jan 14, 2018 at 6:03 PM, Matt Caswell <m...@openssl.org> wrote:

>
>
> On 14/01/18 15:26, Chris B wrote:
> > I'm trying to help someone recover his password for an older format
> > ethereum encrypted private key (EPK). My plan has been to use his best
> > guess at the password to brute force the actual password.
> >
> > The EPK is a 132 character string, and it looks something like this:
> > U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ
> 9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+
> EAy0tYb7Wtv2+IRWZzcpsE8e2a
> >
> > (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".)
> >
> > This article
> > (https://www.reddit.com/r/Bitcoin/comments/3gwdge/
> importing_old_encrypted_private_keys/)
> > seems to describe a very similar EPK. The author of that post decrypted
> > their key with the following command:
> >
> > openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass
> pass:"PASSWORD_HERE"
> >
> > I have tried this same approach, but I'm getting an error:
> >
> > EVP_DecryptFinal_ex:wrong final block length
>
> What version of OpenSSL are you using. The quoted article was written 2
> years ago so definitely wasn't using OpenSSL 1.1.0. If you *are* using
> 1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Old
> OpenSSL "enc" output defaulted to md5. The current default is sha256:
>
> https://www.openssl.org/docs/faq.html#USER3
>
> Try adding "-md md5" onto your command line.
>
> Matt
>
>
> >
> > Here's an example:
> >
> > /usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out
> > recovered.key -pass pass:TheBig7ebowski
> >
> > And here's the output:
> >
> > bad decrypt
> >
> > 140220549330848:error:0606506D:digital envelope
> > routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:
> >
> > I'm not sure how to interpret that output. I could interpret it as:
> > o Your system for decrypting the password is perfect, but: this is not
> > the right password.
> > o There's something wrong with the EPK -- its length must be a multiple
> > of the AES block length.
> > o There's something wrong with the unencrypted private key -- its length
> > must be a multiple of the AES block length.
> > o Something else entirely
> >
> > Can anyone help me understand how to interpret this error message?
> >
> > Thanks,
> > Chris
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

>Any chance this is data corruption?

Brilliant!  You caught me.  Although this key is encrypted I wasn't
comfortable making it public on the interwebs.  So, I randomly changed
several of the characters.  If I run openssl base64 -d... on the *actual*
key it does indeed begin with Salted__:

$ openssl base64 -d -in enc_private_key.txt | od -c


000   S   a   l   t   e   d   _   _


>You could try a dictionary attack on the actual 132-byte string, after
base64-decoding,
>provided it is not corrupted.

This is basically what I was trying to do, although I was simply running a
few hundred thousand strings that are related to the best guess password,
rather using a dictionary attack.

Is there a better command to proceed with a brute force attack than this
one?

/usr/bin/openssl enc -d -aes-256-cpc -a -in enc_private_key.txt -out
recovered.key


As I understand:

   - openssl enc -d => decrypt using openssl
   - -aes-256-cpc   => use the AES 256 CPC algorithm
   - -a => base64 decrypt
   - -in=> read the encrypted string from enc_private_key.txt
   - -out   => write the unencrypted string to recovered.key

I tried running openssl in two steps: first doing the base64 decoding, then
decrypting with -aes256, which I believe is functionally the same as the
command mentioned above:

$ openssl base64 -d -in enc_private_key.txt | openssl enc -d -aes256 -out
recovered.key

enter aes-256-cbc decryption password:

bad decrypt

139845090879392:error:0606506D:digital envelope
routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:

Which brings me back to the original question.  Does anyone know how to
interpret "EVP_DecryptFinal_ex:wrong final block length"

Thanks!
-Chris

On Sun, Jan 14, 2018 at 11:21 AM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:

>
>
> > On Jan 14, 2018, at 10:26 AM, Chris B <cryptoassetrecov...@gmail.com>
> wrote:
> >
> > I'm trying to help someone recover his password for an older format
> ethereum encrypted private key (EPK). My plan has been to use his best
> guess at the password to brute force the actual password.
> >
> > The EPK is a 132 character string, and it looks something like this:
> U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ
> 9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+
> EAy0tYb7Wtv2+IRWZzcpsE8e2a
> >
> > (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".)
>
> This input is base64 encoded:
>
> $ openssl base64 -d < U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ9s8DzeGuBtYJPDCK
> Dy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+EAy0tYb7Wtv2+IRWZzcpsE
> 8e2a
> END
> 000S   a   l   t   e   t   _   _   9   3 326  \0   k 375 273 246
> 020a   / 027   0 271 246 242 310 343 025 253 003 252   . 031   P
> 040  261 320   G 211 366 317 003 315 341 256 006 326  \t   <   0 212
> 060  017   -   & 363   L 257 035 324 030  \f 303 332 370   |   /ؓ
> 100   **   ۸  **   b   M 241   C   ! 025   j   \   A   m   U 027 000
> 120   \0 313   K   X   o 265 255 277   o 210   E   f   s   r 233 004
> 140  361 100 232
>
> This does indeed look a lot like "openssl enc" output:
>
> $ echo foobar | openssl enc -aes256 -pass pass:foobar | od -c
> 000S   a   l   t   e   d   _   _ 263   f 243  \0 242   ~ 031   3
> 020  266 035   Y 310 367 300 366 264 247   :   $   s 236 266   4 340
> 040
>
> Except that for some reason the "d" in "Salted" is a "t".  Funny that these
> are the voiced and unvoiced variants of the same consonant, but note also
> that the ASCII code for 'd' = 0x64 and 't' = 0x74, so this is a 1 bit
> change.
> Any chance this is data corruption?
>
> >
> > This article (https://www.reddit.com/r/Bitcoin/comments/3gwdge/
> importing_old_encrypted_private_keys/)
> > seems to describe a very similar EPK.
>
> In that sample, the base64-decoded data starts with "Salted__" as expected.
>
> > The author of that post decrypted their key with the following command:
> >
> > openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass
> pass:"PASSWORD_HERE"
>
> Hard to say whether that's correct, rather depends on the format of
> "FILE_OF_KEYS".
> You could try a dictionary attack on the actual 132-byte string, after
> base64-decoding,
> provided it is not corrupted.
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

Hi Rich,

Thank you very much for the reply.

I get the same error message using -aes256 as -aes-256-cbc

/usr/bin/openssl enc -d -aes256 -a -in enc_private_key.txt -out
recovered.key -pass pass:TheBig7ebowski


bad decrypt

140383648536480:error:0606506D:digital envelope
routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:

Thanks,
Chris

On Sun, Jan 14, 2018 at 10:39 AM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:

> For CBC the encrypted text will be a multiple of the cipher size.  So your
> use of CBC is wrong.  The quoted post uses aes256; you were using aes-cbc
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key

[Chris B]

I'm trying to help someone recover his password for an older format
ethereum encrypted private key (EPK). My plan has been to use his best
guess at the password to brute force the actual password.

The EPK is a 132 character string, and it looks something like this:
U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+EAy0tYb7Wtv2+IRWZzcpsE8e2a

(That is: 128 ASCII digits and/or letters, plus three "+" and a "/".)

This article (
https://www.reddit.com/r/Bitcoin/comments/3gwdge/importing_old_encrypted_private_keys/)
seems to describe a very similar EPK. The author of that post decrypted
their key with the following command:

openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass pass:"PASSWORD_HERE"

I have tried this same approach, but I'm getting an error:

EVP_DecryptFinal_ex:wrong final block length

Here's an example:

/usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out
recovered.key -pass pass:TheBig7ebowski

And here's the output:

bad decrypt

140220549330848:error:0606506D:digital envelope
routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:

I'm not sure how to interpret that output. I could interpret it as:
o Your system for decrypting the password is perfect, but: this is not the
right password.
o There's something wrong with the EPK -- its length must be a multiple of
the AES block length.
o There's something wrong with the unencrypted private key -- its length
must be a multiple of the AES block length.
o Something else entirely

Can anyone help me understand how to interpret this error message?

Thanks,
Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] ENGINE API and a compromised client or server

[chris . gray]

Hi all,

On a project I am working on we are wrestling with the problem of
preventing discovery of the private key, in a consumer device. I have been
advocating the use of the ENGINE API as a general model which can be used
to provide the best isolation possible on the customer's chosen hardware:
 * at a minimum no direct accessibility of the private key file (or
dedicated flash region) from the internet-facing process;
 * better still if internet-facing process runs in an LXC (esp. if
unprivileged);
 * ideally of course true SHM ($$$);
without needing to maintain multiple codebases.

Some colleagues have expressed concern that API methods such as
RSA_(public,private]_[en,de]crypt could be used by a compromised
client/server to launch a chosen-plaintext attack. (For the record we are
also using ECDSA, so this question is not purely RSA-specific). I am not
unduly worried about the _public_ functions because we should be able to
insist that a decent padding algorithm is used and then we are pretty
safe, right? I am more nervous about RSA_public_encrypt, which I think is
needed by TLS and which only seems to support RSA_PKCS1_PADDING (not
good). Is this a feasible attack vector?

Note that we are not only talking about servers here, rather we currently
have only one internet-facing server (HTTPS) and a growing number of
XXX-over-TLS clients, so if anything these are a greater source of
concern.

Any pointers are very welcome!

Chris Gray


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] cms utility "-sign" doesn't include signed content

[Chris Marget]

I'm struggling with a PKCS7 signing operation using openssl 1.0.2g.

I want to create signed messages like the one in my 'original' file
(below). It seemed like extracting and then re-signing this message would
be a good start.

I'm able to verify/unpack the original message, but not able to sign the
unpacked message to get back to where I started. I have access to the
signer's certificate and private key.

I hope somebody can point me in the right direction?

I'm extracting the message with:

openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out
extracted

I thought I'd be able to re-sign this message using something like:

openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer
signer_cert -outform pem

This 'sign' operation completes successfully, but produces an output that's
missing the payload. Using the same procedure to sign 1MB of random data
produces a result that's only 1396 bytes long:

dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey
signer_key -signer signer_cert -outform pem | grep -v -- -- | base64
--decode | wc -c

1396

Clearly this 'sign' function doesn't do what I thought it did.

How can I sign blob of data so that it looks like my 'original'?

The files I'm using:
original https://pastebin.com/raw/CNPLyqcm
CA_cert.pem https://pastebin.com/raw/HiE6gMTN
signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not an
actual secret)
signer_cert https://pastebin.com/raw/ACtTVHdp

Thank you!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL_shutdown:shutdown while in init

[Chris Bare]

I have the following code:

setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
{
BIO *output = BIO_new_ssl_connect (ctx);
if (!output)
{
return (NULL);
}
BIO_get_ssl (output, );
SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
SSL_set_verify (ssl, true, NULL);
BIO_set_conn_hostname (output, server_name);
BIO_set_conn_port(output, port);

if (BIO_do_connect (output) <= 0)
{
BIO_free (output);
return (NULL);
}
}

If the server I'm trying to connect to does not have ssl enabled, I get the
error:
SSL23_GET_SERVER_HELLO:unknown protocol
and BIO_do_connect fails as expected, but BIO_free gives this error:
SSL_shutdown:shutdown while in init

If I don't free it, I have a memory leak.
Is there something else I need to do to clean up the BIO?
I tried calling BIO_do_handshake, but that crashes (not surprised).

-- 
Chris Bare
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How do I connect to this server

[chris . gray]

You should be able to do this using stunnel: see for example

https://www.elastic.co/guide/en/cloud/current/tunneling-ssl.html

where your telnet commands would be the "client which supports only http".
But you can also learn a lot by playing with curl ...

> I know that this is a TLS related question; however, do you know how you
> can diagnose straight HTTP using:
>
> *telnet **server1 portnumber  ?*
> Then provide HTTP/1.1 etc?
>
> Is it possible to do the same thing with:  *openssl   s_client
>  server1:portnumber* then do the HTTP/1.1 etc... etc...?
>
> Is that a possible technique?  I am interested in learning too?
>
> --
> Warron French
>
>
> On Fri, Apr 21, 2017 at 6:29 PM, Salz, Rich via openssl-users <
> openssl-users@openssl.org> wrote:
>
>> > https://username:passw...@server.com
>> > How do I specify this username and password when using SSL_connect()?
>>
>> You don't.  That stuff is at the protocol level about TLS/SSL.
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to detect AES-NI compatible CPU

[Chris Clark]

My application links to OpenSSL 1.1.0 dynamically, and I would like to
be able to determine if the CPU supports the AES-NI instruction set.
Is there an OpenSSL API that can do this?

-Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

[Chris Clark]

On Thu, Jan 19, 2017 at 10:36 AM, Matt Caswell <m...@openssl.org> wrote:

> Try this:
>
> openssl ciphers -v "ALL:@SECLEVEL=0"

Okay that worked! Thanks to everyone that responded. I saw Rich Salz
mentioned using ALL, but I didn't realize it was a parameter.

-Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

[Chris Clark]

2 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHASSLv3 Kx=ECDH Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK
Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK
Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384   TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK  Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK  Au=PSK
Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK  Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=SRP  Enc=AES(256)  Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
AES256-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA1
PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK  Au=PSK  Enc=AES(256)  Mac=SHA384
PSK-AES256-CBC-SHA  SSLv3 Kx=PSK  Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA SSLv3 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP  Au=SRP  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
AES128-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA1
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK  Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA  SSLv3 Kx=PSK  Au=PSK  Enc=AES(128)  Mac=SHA1

-Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

[Chris Clark]

On Wed, Jan 18, 2017 at 3:37 PM, Viktor Dukhovni
<openssl-us...@dukhovni.org> wrote:

>> I am trying to compile OpenSSL 1.1.0c for Visual Studio with the
> >depreciated RC4 cipher enabled.

>> I tried the following configure line:
>> perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4
>>
> > Once I compile, and I run "openssl ciphers -v" it does not show any RC4 
> > ciphers.
> > Is there another parameter needed?
>
> Which "openssl" command did you run and against which libraries?
> Report the output of "openssl version -a".

OpenSSL 1.1.0c  10 Nov 2016
built on: reproducible build, date unspecified
platform:
compiler: cl " "VC-WIN64A
OPENSSLDIR: "c:\openssl64"
ENGINESDIR: "C:\openssl64\lib\engines-1_1"


Here is the batch file I used:
SET PREFIX=C:\openssl64
SET OPENSSLDIR=C:\openssl64
perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4
nmake

>> I would also like to know, is it possible to also enable the depreciated SSL3
>> ciphers?
>
> Do you mean the ciphers or the protocol?  Many SSLv3 ciphers are
> still needed for interoperable TLS 1.0/1.1/1.2

Sorry, I meant to say the SSLv3 protocol.

-Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to enable RC4 in OpenSSL 1.1.0c

[Chris Clark]

I am trying to compile OpenSSL 1.1.0c for Visual Studio with the
depreciated RC4 cipher enabled.

I tried the following configure line:
perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4


Once I compile, and I run "openssl cipher -v" it does not show any RC4 ciphers.
Is there another parameter needed?

I would also like to know, is it possible to also enable the
depreciated SSL3 ciphers?

-Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] X.509 Attribute Certificate status

[chris . gray]

Hi there,

What is the current status of ACs (as defined in X.509 and RFC 575s5) in
OpenSSL? When I did some work using them a few years back (10?) there was
no real support in the mainline; now I have a use case where they look
like a good solution but only if they are well-supported by the tools we
and our customers use (which includes OpenSSL).

Thanks for any indications

Chris Gray


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256

[Chris Bare]

Ok, that makes sense with what I'm seeing. I just tried changing this:
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
to this:
const EVP_MD* md = EVP_get_digestbyname("SHA256");

and it all worked correctly.
so given that I have an OID for ecdsa-with-SHA256, is there a function that
will return just the digest algorithm?
I'm trying to be as flexible as possible, so I don't want to hard code this
or have my own limited lookup table.

On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:

> On 07/07/2016 20:08, Chris Bare wrote:
>
>> EVP_get_digestbyobj fails for ecdsa-with-SHA256
>>
>> ecdsa-with-SHA256 is not a digest algorithm, it is a signature
> algorithm with a specific choice of digest algorithm (SHA256).
>
> In OpenSSL 1.0.2 and older there is a very old compatibility
> feature which allows accessing a few old signature+digest
> algorithm pairs via a digest algorithm object.
>
> Specifically:
>
> RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224,
>  SHA256, SHA384 and SHA512
> DSA with SHA-0 and SHA1
> ECDSA with with SHA1
>
> This has been deprecated for a long time, but the compatibility
> code makes your code below work for the above algorithm pairs.
>
> The reason this compatibility code is deprecated is that it
> causes the RSA algorithm to be referenced every time someone
> tries to reference just the hash algorithm object for one of
> the digest algorithms listed above.
>
> I'm trying to perform a standard signature verification using the EVP_*
>> functions.
>> I think my code is correct, because it all runs fine if the digest is
>> RSA-SHA256.
>> I have an ASN1_OBJECT that specifics the signature/disgest type.
>> Here is my code that dumps out all the intermediate steps called by
>> EVP_get_digestbyobj:
>>
>> ASN1_OBJECT * ;
>>
>> OBJ_obj2txt(name, 256, sig_alg_oid, 1);
>> printf ("NAME %s", name);
>> printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
>> printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
>> printf ("OBJ_NAME_get = %p",
>> OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
>> const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
>> if(md == NULL)
>> printf ("EVP_get_digestbyobj failed");
>>
>> When I call this with the RSA-SHA256 I get:
>> NAME 1.2.840.113549.1.1.11
>> NID = 668
>> sn = RSA-SHA256
>> OBJ_NAME_get = 0x7fe8846f1ee0
>>
>> and the rest of the steps succeeed.
>> Then when I call the same code (in the same program, so I'm sure the
>> openssl library is correctly initialized) with
>> ecdsa-with-SHA256, I get:
>> NAME 1.2.840.10045.4.3.2
>> NID = 794
>> sn = ecdsa-with-SHA256
>> OBJ_NAME_get = (nil)
>> EVP_get_digestbyobj failed
>>
>> So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
>>
>> I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
>>
>> Am I doing something wrong, or could this be a bug in the library?
>> Any suggestions appreciated.
>>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Chris Bare
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256

[Chris Bare]

EVP_get_digestbyobj fails for ecdsa-with-SHA256

I'm trying to perform a standard signature verification using the EVP_*
functions.
I think my code is correct, because it all runs fine if the digest is
RSA-SHA256.
I have an ASN1_OBJECT that specifics the signature/disgest type.
Here is my code that dumps out all the intermediate steps called by
EVP_get_digestbyobj:

ASN1_OBJECT * ;

OBJ_obj2txt(name, 256, sig_alg_oid, 1);
printf ("NAME %s", name);
printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
printf ("OBJ_NAME_get = %p",
OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
if(md == NULL)
printf ("EVP_get_digestbyobj failed");

When I call this with the RSA-SHA256 I get:
NAME 1.2.840.113549.1.1.11
NID = 668
sn = RSA-SHA256
OBJ_NAME_get = 0x7fe8846f1ee0

and the rest of the steps succeeed.
Then when I call the same code (in the same program, so I'm sure the
openssl library is correctly initialized) with
ecdsa-with-SHA256, I get:
NAME 1.2.840.10045.4.3.2
NID = 794
sn = ecdsa-with-SHA256
OBJ_NAME_get = (nil)
EVP_get_digestbyobj failed

So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.

I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10

Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.

-- 
Chris Bare
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Access to ECC X and Y

[Chris Bare]

Is there a public interface to access the X and Y elements of an Ecc public
key?
I tried:

EC_KEY *ecc;

BN_num_bytes (ecc->pub_key->X);

but get the compiler error:

error: dereferencing pointer to incomplete type ‘EC_KEY {aka struct
ec_key_st}’

-- 
Chris Bare
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL errors connecting to some websites

[Chris Puttick]

Hi

Our schools filtering product utilises OpenSSL with Squid; we're seeing issues 
connecting to some sites which seem OpenSSL related. Two sites with known 
issues are:

https://www.spellanywhere.co.uk/

https://www.mymaths.co.uk/

Connecting to either of these Squid returns the error:

(71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:14077438:SSL 
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

Running openssl tests direct from a schools box (OpenSSL 1.0.1) gets:

# openssl s_client -connect www.spellanywhere.co.uk:443
CONNECTED(0003)
3073661128:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert 
internal error:s23_clnt.c:734:

Attempting to disable protocols for testing gets:

openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -connect 
www.spellanywhere.co.uk:443
CONNECTED(0003)
3074005192:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
handshake failure:s23_clnt.c:734:

and eventually

openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -no_ssl3 -no_ssl2 -connect 
www.spellanywhere.co.uk:443
CONNECTED(0003)
3073534152:error:140740BF:SSL routines:SSL23_CLIENT_HELLO:no protocols 
available:s23_clnt.c:385:

While forcing dtls with 

openssl s_client -dtls1 -connect www.spellanywhere.co.uk:443

seems to establish a tunnel as expected. 

Using curl or wget on the same boxes to those sites works as expected. Tests on 
a local box with OpenSSL 1.0.2e return similar results, although the disabled 
protocols test returns a different error:

openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -no_ssl3 -no_ssl2 -connect 
www.spellanywhere.co.uk:443
CONNECTED(0003)
139735616550552:error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported 
protocol:s23_clnt.c:735:

Is this some sort of SSL handshake fallback error? Is there anything we can do 
in terms of configuration? Are we barking up the wrong tree?

All input/questions welcome.

Thanks

Chris


---
Chris Puttick
CEO & Chief Asst to the duck
TwoTen
http://twoten.is
Making the Internet better. For kids.
+44 7908 997 146
@putt1ck
Two Ten Web Limited, Regd Company no. 7774762 Regd office Unit 6, Southill, 
Cornbury Park, Charlbury, Oxfordshire OX7 3EW United Kingdom

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Guidance on proper usage of OpenSSL_add_all_digests

[chris . gray]

> On Wed, Mar 2, 2016 at 12:27 PM, Neptune  wrote:
> [...]
> You can perform initialization in a static C++ ctor, but it can be
> tricky because the C++ committee has never addressed the problem of
> initialization order across translation units. Also see What's the
> "static initialization order fiasco"?
> (http://www.parashift.com/c++-faq/static-init-order.html).

So static initialisation in Java is not the most capricious and
error-prone mechanism ever invented?  My faith in mankind takes yet
another knock.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FW: Website changing this weekend

[Chris Clark]

Hi Rich,

I'm curious why the new download page lists version 1.01p before version 1.02d?
Is it suggesting that users download the 1.01 branch instead of the later one?

-Chris

On Fri, Aug 14, 2015 at 1:26 PM, Salz, Rich rs...@akamai.com wrote:


 From: Salz, Rich [mailto:rs...@akamai.com]
 Sent: Friday, August 14, 2015 4:20 PM
 To: openssl-annou...@openssl.org
 Subject: [openssl-announce] Website changing this weekend



 We’re bringing up a new website this weekend.  Please be patient if you have
 problems.  If you notice any broken links, let us know.



 Thanks.






 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Question on logjam

[Chris Hill]

Folks, can you pls confirm that none of the below ciphers are affected by
this logjam bug? From my understanding, only ciphers containing DH or DHE
would be affected.

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_WITH_DES_CBC_SHA

The above are weak (e.g. vulnerable to freak), no argument there, but just
want to ensure these are not vulnerable to this newly published bug.

Thanks all!
Chris.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Delete a post to openssl-user mailing list

[chris . gray]

 What is the security risk?

 Management ?  :)

There could be a perceived problem that the world now knows that company
X has problems with OpenSSL, and a competitor could even try to make
mischievous use of this information - it happened to me once (with
another technology).

Death of developer mailing lists predicted; film at 11.



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Chris Madden]

 Hi,
 I am playing with openssl 1.0.2a - specifically CMS support for ECC.
 But what I think should work doesn't.
 Commands used and parsed data shown.
 (I gave an RSA example as a known good working example)

 ./openssl version
 OpenSSL 1.0.2a 19 Mar 2015

 echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


 #EC fails
 
   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
   ./openssl req -x509 -new -key ecc.key -out ecc.crt
   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM
ecc.crt
   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
 -inkey ecc.key
 Error decrypting CMS structure
 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
 decrypt:evp_enc.c:529:


RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Many thanks Steve for the prompt response!
That fixed it.
Chris


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Chris Madden]

Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)

./openssl version
OpenSSL 1.0.2a 19 Mar 2015

echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


#EC fails

  ./openssl ecparam -name prime192v1 -genkey -out ecc.key
  ./openssl req -x509 -new -key ecc.key -out ecc.crt
  ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
  ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
-inkey ecc.key
Error decrypting CMS structure
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:529:


EnvelopedData
--
./openssl asn1parse -in encsess.bin
0:d=0  hl=4 l= 312 cons: SEQUENCE
4:d=1  hl=2 l=   9 prim: OBJECT:pkcs7-envelopedData
   15:d=1  hl=4 l= 297 cons: cont [ 0 ]
   19:d=2  hl=4 l= 293 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER   :02
   26:d=3  hl=3 l= 234 cons: SET
   29:d=4  hl=3 l= 231 cons: cont [ 1 ]
   32:d=5  hl=2 l=   1 prim: INTEGER   :03
   35:d=5  hl=2 l=  65 cons: cont [ 0 ]
   37:d=6  hl=2 l=  63 cons: cont [ 1 ]
   39:d=7  hl=2 l=   9 cons: SEQUENCE
   41:d=8  hl=2 l=   7 prim: OBJECT:id-ecPublicKey
   50:d=7  hl=2 l=  50 prim: BIT STRING
  102:d=5  hl=2 l=  28 cons: SEQUENCE
  104:d=6  hl=2 l=   9 prim: OBJECT
 :dhSinglePass-stdDH-sha1kdf-scheme
  115:d=6  hl=2 l=  15 cons: SEQUENCE
  117:d=7  hl=2 l=  11 prim: OBJECT:id-smime-alg-CMS3DESwrap
  130:d=7  hl=2 l=   0 prim: NULL
  132:d=5  hl=3 l= 128 cons: SEQUENCE
  135:d=6  hl=2 l= 126 cons: SEQUENCE
  137:d=7  hl=2 l=  82 cons: SEQUENCE
  139:d=8  hl=2 l=  69 cons: SEQUENCE
  141:d=9  hl=2 l=  11 cons: SET
  143:d=10 hl=2 l=   9 cons: SEQUENCE
  145:d=11 hl=2 l=   3 prim: OBJECT:countryName
  150:d=11 hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=9  hl=2 l=  19 cons: SET
  156:d=10 hl=2 l=  17 cons: SEQUENCE
  158:d=11 hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=11 hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=9  hl=2 l=  33 cons: SET
  177:d=10 hl=2 l=  31 cons: SEQUENCE
  179:d=11 hl=2 l=   3 prim: OBJECT:organizationName
  184:d=11 hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  210:d=8  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
  221:d=7  hl=2 l=  40 prim: OCTET STRING  [HEX
DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99
  263:d=3  hl=2 l=  51 cons: SEQUENCE
  265:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
  276:d=4  hl=2 l=  20 cons: SEQUENCE
  278:d=5  hl=2 l=   8 prim: OBJECT:des-ede3-cbc
  288:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:E924DA6FC08FC3AC
  298:d=4  hl=2 l=  16 prim: cont [ 0 ]
cmadden@ubuntu:~/openssl-1.0.2a/apps$



Private Key

cat ecc.key
-BEGIN EC PARAMETERS-
BggqhkjOPQMBAQ==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA
BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt
sw==
-END EC PRIVATE KEY-


Public Key Cert

./openssl asn1parse -in ecc.crt
0:d=0  hl=4 l= 434 cons: SEQUENCE
4:d=1  hl=4 l= 359 cons: SEQUENCE
8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER   :02
   13:d=2  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
   24:d=2  hl=2 l=  10 cons: SEQUENCE
   26:d=3  hl=2 l=   8 prim: OBJECT:ecdsa-with-SHA256
   36:d=2  hl=2 l=  69 cons: SEQUENCE
   38:d=3  hl=2 l=  11 cons: SET
   40:d=4  hl=2 l=   9 cons: SEQUENCE
   42:d=5  hl=2 l=   3 prim: OBJECT:countryName
   47:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
   51:d=3  hl=2 l=  19 cons: SET
   53:d=4  hl=2 l=  17 cons: SEQUENCE
   55:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
   60:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
   72:d=3  hl=2 l=  33 cons: SET
   74:d=4  hl=2 l=  31 cons: SEQUENCE
   76:d=5  hl=2 l=   3 prim: OBJECT:organizationName
   81:d=5  hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  107:d=2  hl=2 l=  30 cons: SEQUENCE
  109:d=3  hl=2 l=  13 prim: UTCTIME   :150326134803Z
  124:d=3  hl=2 l=  13 prim: UTCTIME   :150425134803Z
  139:d=2  hl=2 l=  69 cons: SEQUENCE
  141:d=3  hl=2 l=  11 cons: SET
  143:d=4  hl=2 l=   9 cons: SEQUENCE
  145:d=5  hl=2 l=   3 prim: OBJECT:countryName
  150:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=3  hl=2 l=  19 cons: SET
  156:d=4  hl=2 l=  17 cons: SEQUENCE
  158:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=3  hl=2 l=  33 cons: SET
  177:d=4  hl=2 l=  31 cons: SEQUENCE
  179:d=5  hl=2 l=   3 prim: OBJECT

Re: [openssl-users] EVP_aes_256_gcm -- receiving of tag

['Chris Hall']

Dr. Stephen Henson wrote (on Wed 21-Jan-2015 at 14:53 +):
 On Tue, Jan 20, 2015, 'Chris Hall' wrote:
...
  I find that the EVP_aes_256_gcm for decrypt requires the Tag to be
  set before the first call of EVP_DecryptUpdate(), and
  EVP_DecryptFinal_ex() with then return 0 if the Tag is found to
  be incorrect.

 Unless you're using an old version of OpenSSL you should be able to
 specify the tag after any EVP_DecryptUpdate calls but it still has to
 be before EVP_DecryptFinal().
 
 This was addressed by commit 96f7fafa24313106b121782f1dcf7928dd0838ed

Thanks.

It's very kind of EVP_DecryptFinal() to check the Tag, but I could do
with a way of getting hold of the Tag generated.  In particular, I want
to append signed copy of the Tag to the message, so the receiver may not
even know what the Tag is.

I suppose I could send the Tag between the encrypted message and the
trailing signature, but I don't particularly want to reveal the Tag.
Also, this is messing with the message format to fit the library !

Thanks,

Chris

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] EVP_aes_256_gcm -- receiving of tag

['Chris Hall']

I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set
before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex()
with then return 0 if the Tag is found to be incorrect.

I was hoping to be able to get the Tag, by EVP_CTRL_GET_TAG, but the
documentation say that only works for encryption.

Is there a way of reaching into (or below) the EVP stuff, to (a) prevent
EVP_DecryptFinal_ex() from requiring and checking the Tag, and (b)
getting the Tag after EVP_DecryptFinal_ex() -- same like after
EVP_EncryptFinal_ex() ?

I ask because I have an application which encrypts an arbitrary amount
of data and starts sending it before all of it has been encrypted.  What
I have found so far seems to require me to receive all the cipher-text,
and only when the Tag (finally) arrives, can I start to decrypt :-(

Thanks,

Chris

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl, opencrypto integration

[Chris Eltervoog]

I have implemented a H/W encryption driver and have integrated it with cryptodev. In eng_cryptodev.c there is an array digests[]. In that array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the xform.c file definedes MD5 to have a keylen of 0.  Why is the keylen not zero for the MD5 entry in this table?Cryptodev also defines the keylen in a structure. The keylen is zero there. A comparison happens on session creation. This difference causes a check in the session creation to fail and cryptodev always selects the s/w crypto engine. If I change the eng_cryptodev digests[] entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, however Key generation output changes. If you run the openssl test case for key generation it will fail. It seems that the files generated are smaller. I don't see how this change has this side affect with key generation.
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

Re: [openssl-users] How to get current using openssl version

[Chris Bare]

Try setting LD_LIBRARY_PATH to your local installation before running your
program:

export LD_LIBRARY_PATH=/alternate/path/usr/lib

On Mon, Dec 15, 2014 at 5:15 AM, Jerry OELoo oylje...@gmail.com wrote:

 Hi All:
 I am installing openssl in local path, and when I use
 SSLeay_version(SSLEAY_VERSION); to get version, it will return SSL
 version: OpenSSL 1.0.1f 6 Jan 2014, But installed version is 1.0.1j.

 It seems to get system installed version not my manually installed
 version, So How can I get it.
 PS. I have added include path to gcc: -I./openssl/include/openssl


 --
 Rejoice,I Desire!
 ___
 openssl-users mailing list
 openssl-users@openssl.org
 https://mta.opensslfoundation.net/mailman/listinfo/openssl-users



-- 
Chris Bare
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

[openssl-users] eng_cryptodev question

[Chris Eltervoog]

I have implemented a H/W encryption driver and have integrated it with 
cryptodev.  In eng_cryptodev.c there is an array digests[].  In that array it 
defines CRYPTO_MD5 to have a keylen of 16.  In cryptodev, the xform.c file 
definedes MD5 to have a keylen of 0.Why is the keylen not zero for the MD5 
entry in this table?
 
Cryptodev also defines the keylen in a structure.  The keylen is zero there.  A 
comparison happens on session creation.  This difference causes a check in the 
session creation to fail and cryptodev always selects the s/w crypto engine. If 
I change the eng_cryptodev digests[] entry for CRYPTO_MD5 to have a keylen of 
zero the MD5 hashing works, however Key generation output changes.  If you run 
the openssl test case for key generation it will fail.  It seems that the files 
generated are smaller. I don't see how this change has this side affect with 
key generation.
 
 
Chris.
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

Re: Small memory leak on multithreaded server

[chris . gray]

As the maintainer of an alternative JavaVM I can confirm that we
absolutely had to support library unloading because one customer was using
it heavily - and that was quite a few years ago. Early Sun VMs didn't
support library unloading, but then those VMs also did not garbage-collect
obsolete classes either.


 On 21-11-2014 23:23, Viktor Dukhovni wrote:
 On Fri, Nov 21, 2014 at 04:13:58PM -0500, Jeffrey Walton wrote:
 A fixed amount of memory that is not deallocated and is independent
 of the number of operations performed, is NOT a memory leak.
 Languages like Java and C# can continuously load and unload a library.
 You will see a growth in memory usage because the memory is not
 reclaimed.
 Unloading of shared libraries is generally unsafe.  Loading and
 unloading of pure of Java packages may work well enough, but I
 would expect a Java runtime that unloads native libraries to stay
 running for very long.

 That is horribly outdated information and an assumption that no
 competent library author should make or rely on others to make.

 On modern systems, unloading of shared libraries that are used
 as plugins, and by extension any shared libraries that might be
 referenced by plugins without being referenced by the plugin-using
 application core, is a normal and frequent operation supported
 by the core shared library loader and most shared libraries.

 If a library contains code that needs to be automatically called
 when it is loaded or unloaded without that being an exposed API
 level init/cleanup function, then the library porter needs to do
 the target specific gymnastics to get called by the (C) runtime
 at the appropriate times, and it needs to deal with common
 restrictions on what such calls from the (C) runtime are not
 allowed to do (one of which is recursive calls to the dynamic
 loader API).  For libraries written in C++, the static constructor
 and destructor language mechanisms are treated this way
 automatically and thus subject to the same limitations on
 permitted operations.

 Enjoy

 Jakob
 --
 Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
 Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
 This public discussion message is non-binding and may contain errors.
 WiseMo - Remote Service Management for PCs, Phones and Embedded
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

which cipher was chosen?

[Chris Bare]

Is there a way to query the BIO or SSL object to see which cipher is being
used?
I have a case where my openssl client's performance is significantly slower
when talking to server A vs server B. AFAIK, the only difference between A
and B is the level of Windows updates, so I'm suspicious that Windows has
started to favor the slower ECC ciphers, but I need a way to prove it.

-- 
Chris Bare

Re: which cipher was chosen?

[Chris Bare]

Thanks, that's just what I needed.

By performance I mean the initial connection speed. It spends 4-5 seconds
in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in
the fast case.
This is on a 200Mhz arm, so it's not a fast machine.

On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson st...@openssl.org
wrote:

 On Fri, Nov 21, 2014, Chris Bare wrote:

  Is there a way to query the BIO or SSL object to see which cipher is
 being
  used?
  I have a case where my openssl client's performance is significantly
 slower
  when talking to server A vs server B. AFAIK, the only difference between
 A
  and B is the level of Windows updates, so I'm suspicious that Windows has
  started to favor the slower ECC ciphers, but I need a way to prove it.
 

 SSL_get_cipher_name().

 What do you mean by peformance the initial connection speed or the data
 transfer rate? With ECC the curve used is also significant: you can query
 that
 using OpenSSL 1.0.2+ which allows you to get details of the server
 temporary
 key.

 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org




-- 
Chris Bare

my custom lookup method is leaking certs

[Chris Bare]

I have written my own X509_LOOKUP_METHOD to pull cert data from a database.
When I make an ssl connection, X509_STORE_get_by_subject calls my
get_cert_by_subject function, which returns a certificate allocated by
d2i_X509.

When I run this program under valgrind, that certificate data is leaked
very time I make a connection.

I thought that cert data would be freed when I call BIO_free_all on the ssl
BIO, but it is not.
I don't have a pointer to the cert data as it was passed to an internal
openssl function.
I could track it and add my own free function, but there must be a proper
way to do this via openssl functions, can anyone enlighten me?
-- 
Chris Bare

Re: SSL vs. SSH in the context of CVE 2014-0160

[Chris Hill]

Thanks Wim.


On Tue, Apr 8, 2014 at 10:36 PM, Wim Lewis w...@omnigroup.com wrote:


 On 8 Apr 2014, at 7:14 PM, Chris Hill wrote:
  Team, I am having a discussions with a few friends about why this
 OpenSSL vuln (CVE 2014-0160) does not affect SSH. This may be TOO basic for
 many of you (apologize in advance), but can't think of any other way to
 prove my point other than speaking to the folks who really know (that's u).
 Or maybe I am the one wrong, wouldn't be the first time ;).
 
  A quick response to my frieds could be simply diffing the files for the
 actual OpenSSL change, e.g. ssl/d1_both.c and ssl/t1_lib.c, but I want a
 more classy answer.
 
  Is the below ok or am I completely off?
 
  Thank you in advance
 
  SSH and SSL/TLS are simply different protocols (doh). They may share
 some similar underlying crypto implementations, but as of their respective
 RFCs, they are just different protocols. The TLS Heartbeat TLS extension
 would not apply to SSH. SSH may have its own way to keep alive, but that
 would be a different one.
 
  Chris.

 This is correct as I understand it. ssh uses openssl mostly for crypto
 operations, but the ssh protocol does not have anything in common with
 ssl/tls (other than some fairly general design aspects). The heartbeat bug
 is particular to the openssl implementation of the heartbeat feature in
 tls, and that code isn't used by openssh.


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

CVE 2014-0160 and FIPS 140-2 module

[Chris Bare]

Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?

-- 
Chris Bare

Re: How to determine when data is finished on an SSL socket

[chris . gray]

Matthew Donald scripsit:

 Sockets (SSL or otherwise) are layer-3 objects while content is a
layer-7
 object.  To get an accurate end-of-content marker, you'll need to parse the
 output, buts since you are using the https protocol, that's going to be
easy.
 Essentially, parse out the Content-Length header and read that many bytes
 past the end of the http headers.

True, except that in various circumstances the Content-Length header may
be absent (e.g. special Transfer-Encoding, or a chunked response).  For
the full story see
http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4

Regards

Chris Gray

 On 11 January 2014 19:46, M. V. bored_to_deat...@yahoo.com wrote:
 Hi everybody,
 I'm writing an application that creates multiple non-blocking SSL
connections to an https server, in each one I send a request and read
the
 server's response. my problem is, whatever I do, I can't determine when
the
 response data is finished. here's part of my code responsible for sending
 and receiving data:
 
 fd_set connectionfds;struct timeval timeout2;
 FD_ZERO(connectionfds);
 FD_SET(socket_server, connectionfds);
 timeout2.tv_usec = 0;
 timeout2.tv_sec = 1;while(1){
 r=BIO_read(io,buf,BUFSIZZ-1);
 if (r0){
 //gather data
 continue;
 }
 else if (SSL_get_error(ssl, r)==SSL_ERROR_WANT_READ){
 int ret = select(socket_server + 1, connectionfds, NULL, NULL,
 timeout2);
 if (ret = 0){
 break;
 }
 continue;
 }
 else{
 break;
 }}// use whole gathered data
 my problem with above code is, if I set select timeout to a small time, I
 can't guarantee that all data is received (because some servers are really
 slow), and if I set timeout to a long time (5-10 seconds), my socket is
getting stucked in wait-state for a long time and I can't use the
response
 before that. I tried to make this work by using BIO_should_read() or
BIO_pending() functions, but none of them is giving me what I want.
so,
 Is there a way to determine when exactly there is nothing else to read on
 the SSL socket?
 Thank you.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Looking for a tech talk speaker on Secure Networking

[Chris Westin]

I organize the speakers for the SF Bay Area Large-Scale Production Engineering
meetup (http://www.meetup.com/SF-Bay-Area-Large-Scale-Production-Engineering/ ;
take a look at the PAST tab to see the kinds of events we've had).

For our event on Thursday October 17, 2013, I'm looking for speakers on the
topic of Secure Networking (event: 
http://www.meetup.com/SF-Bay-Area-Large-Scale-Production-Engineering/events/129859602/
 ).

As you can see from looking at our past events, I pick a topic, and
then try to get 2-3 talks on that topic. Talks are usually 20-25 minutes
long. This is a technical audience, and they don't appreciate a marketing
pitch. They're eager to get into the nuts and bolts of the topic, including
demos, code samples, and architecture.

If you're going to be in the Bay Area then, and would be interested in giving
a talk, please let me know here, or (preferably) through meetup.com.

Thanks,
Chris Westin

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

SSLv23_Server_Method() not working in OpenSSL 1.01e

[Chris Clark]

I just updated my Win64 server app from OpenSSL 1.0.0k to 1.01e, and I
noticed that although it was configured to use the
SSLv23_Server_method(), it no longer accepts SSLv3 connections from
clients as it did using 1.0.0k. It does accept TLSv1 connections this
way however.

If I change it to use SSLv23_method() on the server, then the client
connects successfully. However if I force the client to connect using
SSLv3 then the result is a TLSv1 connection instead.

I double checked that everything works as it should when I go back to
using OpenSSL 1.0.0k on my server app. Is this a known issue in
1.0.1e?

-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: RAND_bytes() returns zero in pre-boot environment

[chris . gray]

 Issue is fixed.

So long as it's OK to generate the same random bytes at each power-on.

This is quite a common problem with embedded devices: even after boot it
can be hard to find entropy with which to seed the PRNG.  The usual
sources which are used in a PC environment (keystrokes, ethernet activity,
...) are often absent.

The best solution is always hardware. If you wire up a digital i/o in such
a way that reading it produces an unpredictable series of 0's and 1's[1]
then at least you have some genuine entropy to work with.  It doesn't have
to be ERNIE[2] to be better than nothing.

[1] Exactly how to do this is off-topic for this list. Quaerendo invenietis.
[2] For non-Brits: http://en.wikipedia.org/wiki/Premium_Bond#ERNIE.

 FYI-
 As I am working on pre-boot, no OS is present. Which was resulting in no
 seeding.
 RAND_seed() has been called before using RAND_bytes().

 Here is the code snippet.
 static const char rnd_seed[] = string to make the random number generator
 think it has entropy;
  RAND_seed(rnd_seed, sizeof rnd_seed);


 On Tue, Aug 13, 2013 at 6:16 PM, baban devkate baban...@gmail.com wrote:


   FYI -

 RAND_bytes(buf, bytes) receives  correct parameters as bytes=256 for
 SHA256.


 int RAND_bytes(unsigned char *buf, int num)
 {
 const RAND_METHOD *meth = RAND_get_rand_method();
  if (meth  meth-bytes)
 {
 Print(L   control is here\n);/---controll is here
  return meth-bytes(buf,num);
 }
 Print(L   RAND_bytes fails\n);

 return(-1);
 }


 On Tue, Aug 13, 2013 at 3:35 PM, baban devkate baban...@gmail.com
 wrote:

 Hello,

 RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or
 /dev/randomon Linux and CryptGenRandom() on Windows.

 I want to know how it works in Pre-boot environement?

 In pre-boot environment, if RAND_bytes() returns zero then what does it
 mean?

 Is it because PRNG is not properly seeded? If yes, how to resolve it?


 ~Baban





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How do I mount a NAS device?

[Chris Arnold]

On Aug 8, 2013, at 2:45 PM, Ted Byers r.ted.by...@gmail.com wrote:

 I obtained a NAS, with a view toward running MySQL on a sever running
 MS Small Business Server 2003 (yes, I know, it is old, but I don't
 have authority to upgrade it or wipe it and install Linux on it).
 Anyway, the latest version of MySQL will not run on that machine.
 Therefore, I intend to run MySQL on the latest Suse (12.3) on a much
 newer server that I have almost fixed (this machine will have a 256 GB
 SSD).  So, unless I can mount the NAS in such a way that MySQL on Suse
 can find it, the 4 TB NAS goes to waste (even though all machines on
 my LAN can see it and browse to it, which is fine if I only want to
 use Windows Explorer, or it's Linux equivalents, to copy files to it -
 but even on Windows, MySQL doesn't seem to see it unless I have mapped
 a specific MAS folder to a local drive letter, so I assume something
 similar is true on Linux).  Hence my question.
 
 NB: I am a programmer, not a system administrator, so I am at a loss
 as to how to do this.
 NB: I did a Google search, which resulted in a very poor signal to
 noise ratio, but ended up confused by the different instructions given
 for the different distributions.  And, worse, a lot of the pages I
 found were as old as that ancient SBS machine I can't use for this
 purpose.  Obviously, things have changes a lot since then.
 
 So, then, how do I do this on the latest Suse releases (12.x)?

The two ways that come to my mind are:
1) if the nas has iscsi support, config it on the nas and then config iscsi 
initiator on suse.
2) mount -t /dev/devid /mnt

Btw, not sure how you think this is ssl mailing list material.

Re: connection encrypted (a question)

[Chris L]

On May 12, 2013, at 6:38 PM, Salz, Rich wrote:

 Many people find the four-letter word at the start of your domain name 
 offensive.
 
 I'm assuming you know English well enough to know that, and chose it 
 deliberately.
 
 That's reading beyond the cover.

It broadcasts a general lack of respect for those from whom you are asking to 
take time out of their schedules to answer what are really very basic questions.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RSA_PKCS1_PSS_PADDING and CMS_verify (repost)

[Chris Bare]

Sorry to repost this, but I didn't see a reply and though it might have
gotten lost in the shuffle of recent server changes.

I saw the message below on the mailing list. I have run into a situation
where I have a CMS using the PSS padding and I wanted to see if this might
be implemented by now in CMS_verify.

If not, I have some experience working with the openssl source code, but
some pointers would be appreciated.

--
Chris Bare

On Mon, Sep 12, 2011, Stef Hoeben wrote:

 Hi,

 we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
 out and verify nicely if the signature algo is RSA_PKCS1_PADDING.

 But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
 dump),
 the verification fails.
 Below is a part of the stack trace, it looks like  openssl still thinks
 the algorithm
 is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:

 CMS_verify() {
cms_signerinfo_verify() {
  EVP_DigestVerifyInit() {
  do_sigver_init() {
EVP_PKEY_CTX_set_signature_md() {
  ...
 pkey_rsa_ctrl() {
   // type == EVP_PKEY_CTRL_DIGESTINIT

  EVP_DigestVerifyFinal() {
...
  pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
RSA_PKEY_CTX *rctx = ctx-data;
// rctx-pad_mode == RSA_PKCS1_PADDING (???)
// and EVP_MD_type(rctx-md) = NID_sha256  (OK)

 Someone knows if the problem is with the encoding of the signature algo
 in the file, or with openssl itself?

... [show rest of
quotehttp://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#
]

OpenSSL HEAD only supports PSS and only for certificates, not CMS.

Can you include the DER format message itself instead of the ASN1 dump?
This
will be very useful when CMS+PSS is implemented.

Steve.


-- 
Chris Bare

RSA_PKCS1_PSS_PADDING and CMS_verify

[Chris Bare]

I saw the message below on the mailing list. I have run into a situation 
where I have a CMS using the PSS padding and I wanted to see if this 
might be implemented by now in CMS_verify.


If not, I have some experience working with the openssl source code, but 
some pointers would be appreciated.


--
Chris Bare

On Mon, Sep 12, 2011, Stef Hoeben wrote:

 Hi,

 we have an SOD (a CMS for e-passports and e-ID cards) file that we 
can read

 out and verify nicely if the signature algo is RSA_PKCS1_PADDING.

 But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
 dump),
 the verification fails.
 Below is a part of the stack trace, it looks like  openssl still thinks
 the algorithm
 is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:

 CMS_verify() {
cms_signerinfo_verify() {
  EVP_DigestVerifyInit() {
  do_sigver_init() {
EVP_PKEY_CTX_set_signature_md() {
  ...
 pkey_rsa_ctrl() {
   // type == EVP_PKEY_CTRL_DIGESTINIT

  EVP_DigestVerifyFinal() {
...
  pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
RSA_PKEY_CTX *rctx = ctx-data;
// rctx-pad_mode == RSA_PKCS1_PADDING (???)
// and EVP_MD_type(rctx-md) = NID_sha256  (OK)

 Someone knows if the problem is with the encoding of the signature algo
 in the file, or with openssl itself?

... [show rest of quote 
http://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#]


OpenSSL HEAD only supports PSS and only for certificates, not CMS.

Can you include the DER format message itself instead of the ASN1 dump? 
This

will be very useful when CMS+PSS is implemented.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.

[no subject]

[Chris Bare]

I saw the message below which indicates that as of 9/2011 CMS_verify does
not support RSA_PKCS1_PSS_PADDING. Has this been fixed since then?

I have a CMS on a secure ID card which uses PSS. If this is not fixed, I
could send the CMS if that would be useful.
I also have some experience with the openssl code, and could try to fix it
myself, but pointers would be helpful.


-- Chris Bare


On Mon, Sep 12, 2011, Stef Hoeben wrote:

 Hi,

 we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
 out and verify nicely if the signature algo is RSA_PKCS1_PADDING.

 But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
 dump),
 the verification fails.
 Below is a part of the stack trace, it looks like  openssl still thinks
 the algorithm
 is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:

 CMS_verify() {
cms_signerinfo_verify() {
  EVP_DigestVerifyInit() {
  do_sigver_init() {
EVP_PKEY_CTX_set_signature_md() {
  ...
 pkey_rsa_ctrl() {
   // type == EVP_PKEY_CTRL_DIGESTINIT

  EVP_DigestVerifyFinal() {
...
  pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
RSA_PKEY_CTX *rctx = ctx-data;
// rctx-pad_mode == RSA_PKCS1_PADDING (???)
// and EVP_MD_type(rctx-md) = NID_sha256  (OK)

 Someone knows if the problem is with the encoding of the signature algo
 in the file, or with openssl itself?


OpenSSL HEAD only supports PSS and only for certificates, not CMS.

Can you include the DER format message itself instead of the ASN1 dump? This
will be very useful when CMS+PSS is implemented.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

EVP_get_digestbyname and 'standard' signature algorithm names

[Chris Dodd]

I'm trying to develop an application with OpenSSL that needs to verify
a variety of digital signatures from different places.  Currently I use
EVP_get_digestbyname to get an EVP_MD handle identifying the algorithm
used, and this works well for things that originally came from OpenSSL,
but less well with things that come from elsewhere.

For example, Oracle sends me signatures identified as SHA512withRSA,
which I need to translate into sha512WithRSAEncryption in order for
EVP_get_digestbyname to accept and give me something that works (note
the case differences as well as the extra -Encryption suffix).

Is there any sort of standard for what these strings should be?  Is
there a way to get OpenSSL to be more 'permissive' when looking up
algorithms by name like this?  Currently I'm just manually building
up a set of aliases to translate to their OpenSSL equivalents as I
run into them, but it seems it should be possible to do something
more general.


Chris Dodd
d...@csl.sri.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] Possible bug in verifying a certificate if default root store is configured

[Chris Palmer]

On Thu, Dec 6, 2012 at 2:16 AM, Ralph Holz
ralph-openssl-...@ralphholz.de wrote:

 -CAfile fileA file of trusted certificates.

 The lookup first looks in the list of untrusted certificates and if no
 match is found the remaining lookups are from the trusted certificates.
 The root CA is always looked up in the trusted certificate list: if the
 certificate to verify is a root certificate then an exact match must be
 found in the trusted list.

 This has led me to believe -CAfile would cause openssl to ignore a
 default path to certs. I am surprised CAPath is still evaluated if you
 indicate a CAFile. However, as strace shows:

I've attached a diff against HEAD for verify.pod. Is it any good?


verify.pod-HEAD.diff
Description: Binary data

Re: [openssl-users] Possible bug in verifying a certificate if default root store is configured

[Chris Palmer]

On Thu, Dec 6, 2012 at 12:00 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:

 There's the same behaviour with -CAfile. If -CAfile isn't specified, then
 the default platform CA file is used (by default, /usr/lib/ssl/cert.pem).
 This is true for verify, ocsp, smime, and cms.

Oh, right. New diff attached.


verify.pod-HEAD.diff
Description: Binary data

CryptAcquireContext -- New KeyObject already exists error pop up

[Chris Long]

Hi,
I'm programming in c++ on windows.  And some times on testing I get a 
pop up box CryptAcquireContext -- New KeyObject already exists error 
pop up or
CryptGenRandom The parameter is incorrect warning boxes.  I know why I 
end up with the warnings and that's ok, but I need to know is it the 
OpenSSL library that is creating the actual alert pop-up boxes?  And if 
so, how can I suppress them?


Thanks,

--
Chris Long
Programmer/Analyst
Charitable Gaming Division
Canadian Bank Note Company Ltd.
Phone: 705-251-1559
Cell: 705-257-1261

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Quick question if TLS renegotiations are supported

[Chris Long]

Hi,

Just a quick question.  Does OpenSSL 1.0.1c support renegotiation of TSL 
clients?  I'm programming a small server/client and if my SSL_method is 
SSLv23_method()'s or TLSv1_method()'s and they negotiate a TLS 
connection I'm having trouble getting them to renegotiate.


--
Chris Long
Programmer/Analyst
Charitable Gaming Division
Canadian Bank Note Company Ltd.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL renegotiation problems with TLS

[Chris Long]

Hi,

I was hoping to get some insight on renegotiation issues I've been having.

The program I've been developing is using OpenSSL in C++ and is a small 
client/server application.  But I am writing directly to memory bios and 
SSL as to use our existing socket server.  Everything so far seems to be 
working good except for renegotiation in some instances.  It looks like 
if the handshake between server and client comes up with an SSLv3 
connection, the client can initiate a renegotiation and it looks like 
the process completes fine.  However if the server and client handshake 
comes up with a TLS connection the renegotiation doesn't seem to 
complete.  The client's SSL gets stuck in a state SSL_want_read it seems.


So simple examples:

Example 1)
Server SSL_CTX uses SSLv23_server_method() or SSLv3_server_method()
Client SSL_CTX uses SSLv3_client_method()
Handshake creates a SSLv3 connection.

Client initiates renegotiation with server and all completes ok.

Example 2)
Server SSL_CTX uses SSLv23_server_method() or TLSv1_server_method()
Client SSL_CTX uses SSLv23_client_method() or TLSv1_client_method()
Handshake creates a TLS 1.2 connection

Client initiates renegotiation and a little data is sent back and forth 
between client and server (29bytes a couple of times) but the client 
permanently remains in SSL_want_read state.


Any help is appreciated.  I'm not sure if TLS renegotiation is 
supported, I know there was issues with it before.  I can provide any 
more information or clarification as requested.


Thank you,

--
Chris Long
Programmer/Analyst, Bingo Systems
Lottery Systems Division
Canadian Bank Note Company Ltd.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

n00b Cert Questions

[Chris Arnold]

Hi all! I am trying to generate Certs for use with strongswan VPN. 
Specifically, I am trying to fulfill:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq

So as to use windows 7 builtin VPN client. Has anyone here done this with 
strongswan? Can anyone point me to a doc that has the steps/commands to 
accomplish this using OpenSSL?

Sent from my 
iPhone__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: weak key check?

[Chris Dodd]

On 02/19/2012 07:36 PM, anthony berglas wrote:

 Exactly. So you need about 112 bits of entropy / Pass Phrase to
 generate a good 2048 bit key. Remember that the vast majority of 2048
 bit numbers are not valid key pairs.

 My question is, has this been done, or would it be easy to do given
 the existing structure.


No, this is NOT true.  While it is the case that a good 2048 bit RSA key
gives you only about 112 bits of security, its not at all clear that you
can generate such a good key from less than 2048 bits of entropy.

Indeed, from the recently published Lenstra/Hughes attack, its clear
that using 112 bits of entropy to generate an RSA key (of any length)
cannot possibly give you more that 56 bits of security, and probably
far less.

Chris Dodd
d...@csl.sri.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

CApath with multiple client certs

[Chris Satterthwaite]

I love this toolset; definitely value-add for the community!

I am using OpenSSL to run through a sizable number of web server
connections (~500), and tell me which certs are getting ready to expire. My
utility has worked for a while (a couple years?) on 1.0.0 Beta3, and I
recently upgraded to 1.0.0.n. So far, so good... no problems with the
upgrade.

Now I want to extend my usage of OpenSSL, to handle client-side
certificates, because my current utility throws an error on web servers
that require a client side certificate. It seems to work (at least some)
regardless, because openssl s_client shows the server side certificate
before having to provide the client side. But I want to get rid of all the
errors, and ensure I'm getting all server side certs.

In my lab, I've successfully been able to do manual testing, using the
following command from a client:
 -- openssl s_client -nowait -connect 192.168.1.145:443 -cert
.\CA\user\usercert.CRT -key .\CA\user\userkey.KEY

And if I dumped both the CRT and KEY into a single PEM file, I could
connect like this:
 -- openssl s_client -nowait -connect 192.168.1.145:443 -cert
.\CA\user\combined.PEM

[Note: If you're probably wondering what the '-nowait' option is. My
utility runs on Windows. Since the distributed version (beta3 and .n) would
often hang on the Windows connection, I added a '-nowait' option into the
source and re-compiled the Windows version. Real easy, I'll attach the diff
to the bottom in case anyone is interested in the change to s_client.]

So far I know that when I provide the exact file to use on the command
line, it connects fine. Now my challenge...

For so many servers, I'd like a flexible openssl call that can use a
directory of client certificates/keys, in order to avoid having to specify
the cert for each connection command. That lead me towards the -CApath
parameter. I believe the 'mklink' option on Win2003 or the
CreateSymbolicLink function on Windows 2008 should be able to replace the
'ln -s' code for c_rehash. But I can't get it to work. I always get an ssl
handshake failure. Sample failed output below.

Maybe I'm not creating the base PEM file correctly before hashing the file
to use the CApath? I've tried using a hash file for the CA cert, and one
for the combined.PEM (user cert and user key in same file). And I've tried
using a hash file with all three in one. I must be doing something
obviously wrong. ;(

I would appreciate some direction from the SSL gurus.

Error snapshot follows:
===
Loading 'screen' into random state - done
CONNECTED(00AC)
depth=1 /C=US/ST=Illinois/L=Quincy/O=Leverage
Discovery/OU=Administration/CN=CA
VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net
verify return:1
depth=0 /C=US/ST=Illinois/O=Leverage
Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.net
verify return:1
7192:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1160:SSL alert number 40
7192:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:184:
---
Certificate chain
0 s:/C=US/ST=Illinois/O=Leverage
Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:Discovery/OU=Administration/CN=192.168.1.145/emailAddress=supp...@test.net
i:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA
VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net
1 s:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA
VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net
i:/C=US/ST=Illinois/L=Quincy/O=Leverage Discovery/OU=Administration/CN=CA
VERIFIER/emailAddress=supp...@test.netmhtml:{0A5176EE-A535-4161-97E6-387F35505019}mid://1174/!x-usc:mailto:VERIFIER/emailAddress=supp...@test.net
---
Server certificate
-BEGIN CERTIFICATE-
MIIDVTCCAv+gAwIBAgIJAItDpW8cTCDAMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD
VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlF1aW5jeTEbMBkG
A1UEChMSTGV2ZXJhZ2UgRGlzY292ZXJ5MRcwFQYDVQQLEw5BZG1pbmlzdHJhdGlv
bjEUMBIGA1UEAxMLQ0EgVkVSSUZJRVIxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRA
Z2FyZXgubmV0LmNvbTAeFw0xMjAyMDMxOTI5MjBaFw0xMzAyMDIxOTI5MjBaMIGU
MQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxGzAZBgNVBAoTEkxldmVy
YWdlIERpc2NvdmVyeTEXMBUGA1UECxMOQWRtaW5pc3RyYXRpb24xFjAUBgNVBAMT
DTE5Mi4xNjguMS4xNDUxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRAZ2FyZXgubmV0
LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPCxK0zbev3sHS4GN1uKqJZ4sV
gSuZX/BCdwiKA4h8icyU3fI47+emhl+Z6fivOrv7/Hce+kli2vOyQ/YK8qnLAgMB

Re: CApath with multiple client certs

[Chris Satterthwaite]

Hi Dave,

Thanks for your ideas and response.  Especially the explanation of CApath;
very informative.

You're right, I'm on version 'g' not 'n'.  I'd say it was a typo, but I
really thought I was on 'n'.  ;)
-Chris


On Fri, Feb 3, 2012 at 4:48 PM, Dave Thompson dthomp...@prinpay.com wrote:

From: owner-openssl-us...@openssl.org On Behalf Of Chris
 Satterthwaite
Sent: Friday, 03 February, 2012 15:55

I am using OpenSSL to run through a sizable number of web server
  connections (~500), and tell me which certs are getting ready to expire.
  My utility has worked for a while (a couple years?) on 1.0.0 Beta3,
  and I recently upgraded to 1.0.0.n. snip

 Aside: 1.0.0 is only up to g. Are you a Time Lord?

Now I want to extend my usage of OpenSSL, to handle client-side
  certificates, because my current utility throws an error on web servers
  that require a client side certificate. It seems to work (at least some)
  regardless, because openssl s_client shows the server side certificate
  before having to provide the client side. But I want to get rid of
  all the errors, and ensure I'm getting all server side certs.

 It's actually 'without' not 'before', but same result.

In my lab, I've successfully been able to do manual testing,
  using [-cert and -key, or -cert with combined]
[Note: If you're probably wondering what the '-nowait' option is.
  My utility runs on Windows. Since the distributed version (beta3 and .n)
  would often hang on the Windows connection, I added a '-nowait' option
  into the source and re-compiled snip

 I doubt this is Windows specific. Your command line doesn't show
 any redirection of input, so if s_client successfully connects
 it waits for user input to be sent to the server and/or server
 output to be displayed to the user. Redirect NUL: (actually
 any filename *beginning* with NUL works, but that's a kludge)
 or an actual empty file.

For so many servers, I'd like a flexible openssl call that
  can use a directory of client certificates/keys, in order to avoid
  having to specify the cert for each connection command. That lead me
  towards the -CApath parameter. I believe the 'mklink' option on Win2003
  or the CreateSymbolicLink function on Windows 2008 should be able
  to replace the 'ln -s' code for c_rehash. But I can't get it to work.
  I always get an ssl handshake failure. Sample failed output below.
 snip rest

 You're looking in entirely the wrong place. Even if symlinks work
 on Windows and I'm not sure about that, CApath and/or CAfile supply
 CA certs to use to verify the *server* (in general the peer, which
 for s_client is the server), *not* prove the client, and no key(s)
 at all (which is necessary for client to prove). I believe, but
 haven't tracked down exactly, the default truststore (CApath and/or
 CAfile) is used to *add* chain certs for the client cert if needed,
 but it cannot be used to supply the client cert (and key) itself.

 In general if you want to interactively select client cert+key,
 you need to set _client_cert_cb (callback) or _client_cert_engine.
 s_client.c currently has the latter, if you write such an engine;
 or you can modify s_client.c to include and use a callback you write.

 Or you could write a custom app which just SSL_connect's and displays
 the server cert (or only server cert notAfter if that's all you want)
 and doesn't try to do the many other things s_client does.


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Uninitialized variable detected in commit 1.76

[Chris Wilson]

Hi,

We are using Sentry (a C/C++ static analysis tool) to analyze
openssl on a nightly basis. Sentry found that an uninitialiezd variable
was recently introduced in the commit 1.76 and 1.57.2.3.2.13.

You can see the commit here,
  http://cvs.openssl.org/filediff?f=openssl/ssl/t1_enc.cv1=1.75v2=1.76

The import lines are,
unsigned char *val; - uninitialized variable val
...
buff = OPENSSL_malloc(olen);
if (buff == NULL) goto err2;- malloc returned NULL 
...
  err2:
...
  ret:
if (buff != NULL) OPENSSL_free(buff);
if (val != NULL) OPENSSL_free(val); - uninitialied variable val used
...

Since the variable is uninitialized, it could be non NULL, which if
passed to OPENSSL_free could potentially cause a crash.

A solution to this problem would be to assign val to 0.

Thanks,
Chris

-- 
Chris Wilson
http://vigilantsw.com/
Vigilant Software, LLC
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

we have an issue

[Johnson, Chris E (OGA)]

I have encountered an error and need to know how to fix it. The error is 
belowif anyone can help me it would be greatly appreciated...
I typed in a term window in a linux machine the following command...
$ openssl s_client -connect  rsa6.fema.gov:7004

When the results are displayed there are two lines that show an error...
Here is the error
47661220128736:error:140943FC: SSL routines: SSL3_READ_BYTES: sslv3 alert bad 
record mac:s3_pkt.c:1193:SSL alert number 20
47661220128736:error:140790E5:SSL routines:SSL23_WRITE: ssl handshake failure: 
s23_lib.c:177:


After those lines...the certificate part of the command is displayed with the 
hashed cert.

What can I do to fix this problem?

Regards, Thanks for the help ahead of time.

Chris Johnson
SR. Software Engineer, MSE.
FEMA NCP RE
Office: (202)646-3531
Cell: (202)577-7441


inline: image001.gif

Re: What is the maximum data size for encrypting with rsautl command?

[Chris Dodd]

Roughly keysize - paddingsize is the limit.  keysize in your case is 512 
bytes and padding size for OAEP padding (the common standard) is ~41, so 
the limit is about 471 bytes.


Usually when encrypting a file, you use a symmetric cipher with a 
randomly chosen key, and then encrypt the key with RSA and prepend that 
to the encrypted file.


-chris


On 06/27/2011 09:00 AM, ml.vladimbe...@gmail.com wrote:

Hello.
I tried to encrypt a file(1Mb), with RSA private key of 4096-bit 
length with command:


openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out 
2.srsa


I get next error:

Loading 'screen' into random state - done
RSA operation error
5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too 
large for

key size:.\crypto\rsa\rsa_pk1.c:151:
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Question regarding to memory leak

[Chris Dodd]

 On Fri, Jun 24, 2011, Yan, Bob wrote:


 Hi,

 I have used IBM purify to check my test program which invokes openssl
 library. There are some memory leaks reported by Purify, please see
 below. Could somebody point to me from which function those leaks were
 generated, and how to avoid those leaks? Thanks, Bob


 MLK: 1104 bytes leaked in 46 blocks
 This memory was allocated from:
 malloc [rtlib.o]
 CRYPTO_malloc [libcrypto.so.1.0.0]
 ASN1_STRING_type_new [libcrypto.so.1.0.0]
 ASN1_primitive_new [libcrypto.so.1.0.0]
 asn1_item_ex_combine_new [libcrypto.so.1.0.0]
 asn1_item_ex_combine_new [libcrypto.so.1.0.0]
 ASN1_item_ex_d2i [libcrypto.so.1.0.0]
 asn1_template_noexp_d2i [libcrypto.so.1.0.0]
 Block of 24 bytes (46 times); last block at 0x2c0f7218


I've used valgrind with OpenSSL based programs to find memory leaks,
and with it, you can use a --num-callers=N option to get deeper stack
traces in the leak reports.  You need a depth of 15-20 to get far enough
to see where your code is calling into the OpenSSL code in most cases.

There's probably a similar option for IBM purify.

-chris

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL and multithreaded programs

[Chris Dodd]

Is the OpenSSL library supposed to be at all reentrant?  I've had odd
problems (intermittent errors) when trying to use OpenSSL in a multithreaded
program (multiple threads each dealing with independent SSL connections),
and have apparently solved them by creating a single global mutex and
wrapping a mutex acquire around every call into the library.  Is
this kind of locking expected to be needed?

Chris Dodd
cd...@csl.sri.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

BIO_f_buffer read behavior

[Chris Bare]

I have pushed a BIO_f_buffer onto my BIO stack to get output buffering, This
works fine. However, when I read from the BIO_f_buffer, it only returns when
the buffer I give it is full. This is unlike the normal behavor of the below
it in the stack, and different from a direct read.
Is this the expected behavior of the BIO_f_buffer on a read?
If so, is the only alternative to track a read and a write bio? I assume that
I can read from the bio under the BIO_f_buffer without causing problems, is
that correct.
-- 
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Installing openssl 1.0.0a in Ubuntu

[Chris Bare]

 However, when I do openssl version in bash I get 0.9.8k which is ubuntu's
 version and my /usr/lib/libcrypto and libssl links point to
 libcrypto.so.0.9.8 and libssl.so.0.9.8 respectively. I noticed that 1.0.0
 manual build has not build respective libcrypto.so.1.0.0 and libssl.so.1.0.0
 files.
 
 How do I make sure that ubuntu is using my /usr/local/ssl
 1.0.0 build?
 

You have 2 main options. You can either re-build to have openssl 1.0 installed
in the normal directories, or you can set your paths to point to the
/use/local locations first.

to build and install in the normal places use:

./config --prefix=/usr/ --openssldir=/etc/ssl shared
make
make install

To set your path to use /usr/local try:

export PATH=/usr/local/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/lib

Keep in mind that installing 1.0.0 in the normal locations may break other
applications that expect 0.9.8 data files. Also programs linked with 0.9.8
libraries will have to be rebuilt to use the 1.0.0 libraries since the major
version number has changed.

Let's hope debian or ubuntu packages 1.0.0 soon.
-- 
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

.deb packages for 1.0.0?

[Chris Bare]

Has anyone seen .deb packages for openssl 1.0.0?
I took a quick stab at converting the 0.9.8 debian files, but I ran into a lot
of problems and it takes a long time to debug.
-- 
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Error signing certificates with my own CA... Configuration file?

[Chris Rider]

 Not discouraged at all (just short on time trying to meet a deadline).

I'll check out TinyCA (and the like) in the meantime, but actually do 
hope to delve into the source and figure out those directives when I get 
some time. I do appreciate your time and attention!!



On 09/28/2010 09:41 AM, Mark H. Wood wrote:

I don't want to discourage you from learning the details yourself, but
you may want to look at some wrapper software that is already worked
out and takes care of these things for you.  For example, I usually
find TinyCA adequate to my minuscule certificate-processing needs.

Even if you decide not to use such a tool, you may learn some useful
things by studying the code.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Error signing certificates with my own CA... Configuration file?

[Chris Rider]

  I've found the alternative to self-signing (namely signing with your 
own CA) to be a potentially great path for the web application that we 
develop; however I can't quite figure out how exactly to tweak the 
configuration file to get what I want. It is hard (impossible?) to find 
any detailed information about each of the directives in that file.


Basically, I've successfully(?) created my own CA (the certificate is 
able to be installed automatically as trusted root, and everything), but 
when I go to sign or use a server certificate (for the end-user) using 
that, I get problems.


In order to attempt all this voodoo, I've basically created two separate 
directories (one for my CA and another for my end-user certificates)... 
each containing their own directory structure (private, certs, etc.) and 
their own openssl config files. Is this the right approach, first of 
all? I assume since the CA has its own unique configuration directives 
(e.g. CA=True), the end-user cert should be different... right?


So, first, I want to make sure I am creating the CA keys properly
Can someone provide a list of configuration directives (or link to them) 
that are necessary for a CA in my type of situation?


I at least know CA=True and keyUsage needs to include certSign (many 
thanks to Patrick!)... but what, if anything, else?


Then, same for the end-user certificates... anything special there?

Thanks!
Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Self-signed CA problem for internal web application

[Chris Rider]

Sure.. but please excuse me as this is the first time posting on this 
forum ~ post in plain text or does this system support attached files?



Patrick Patterson wrote:

Hi Chris:

Can you post the certificates in question? My guess is that you don't have the 
various extensions set according to the PKIX standards that the Browsers are 
expecting.

Thanks.

Patrick.
On 2010-09-22, at 2:57 PM, Chris Rider wrote:

  

We have a client/server architecture based product that needs to allow SSL 
communication between our server (CentOS) and various clients' web browsers 
(and additionally, other devices, but that's beyond the scope of this post).

We've been able to get SSL working in both of two different ways (self-signed certificate 
 self-signed CA with certificates signed by that) -- so that is not the issue. Rather, 
our whole issue is that we don't want the end-users to confronted with a big scary browser 
message that says something akin to There's a Problem With Security! / Allow Exception, 
etc. If they must install a certificate or two, that would be acceptable, though. So I 
thought that creating my own CA to sign certificates with would be a solution apparently 
not. I'm now getting browser messages that say the certificate's issuer is not trusted!!! 
Very frustrating.

So, as I said, I've created my own CA (using this link as a guide: 
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own certificates 
without problem. I then install the root certificate, followed by a server certificate 
signed by that CA. And, while I can click allow exception in the browser to 
make it all work, that is not the desired way. We just want to be able to have the 
end-user install a trusted root certificate and everything just work from there. Testing 
in IE and FireFox nets the same big scary warning message, no matter what combination of 
fields I use in the CSR, etc.

We really don't want to go with a third party CA like VeriSign, for example -- 
not so much because of the cost, but we just don't want to deal with updating 
countless remote installations of our product whenever the certificate expires. 
Not to mention the support that would be associated with doing that! The other 
issue is that some/most of these installations do not have outside internet 
connectivity with which to query the CA's (for CRL's, or whatever). We really 
need to manage our own certificates, all in all but without these warning 
messages.

Is it possible?
If so, what am I missing?

--
Chris Rider,
Systems Architect
MessageNet Systems
chris.ri...@messagenetsystems.com
__ OpenSSL 
Project http://www.openssl.org User Support Mailing List 
openssl-users@openssl.org Automated List Manager majord...@openssl.org



---
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca

tel: +1 514 485 0789
mobile: +1 514 994 8699
fax: +1 450 424 9559





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


  

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Self-signed CA problem for internal web application

[Chris Rider]

I think we're on to something here... thank you for your time and 
attention, btw!


I still can't see anything about the AIA thing, but I took another go at 
the basicConstraints and keyUsage, and seem to have slightly better 
results. I changed basicConstraints to True (it was FALSE by default), 
so that makes sense. I also just tacked on certSign to the end of the 
keyUsage string. Now, when I generate the keys and install the CA's 
certificate on the client, even IE will automatically detect/install as 
a trusted root... which it wasn't before. So I think we're onto 
something with my CA.


But now, when I go to sign the server certificate using my CA, I am 
getting the following errors: (using the exact same process -- scripted 
-- as before, so the only thing changed is the CA config file / CA keys)

Error Loading extension section usr_cert
14488:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:122:fopen('/etc/pki_MessageNet/CA/index.txt.attr','rb')

14488:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
14488:error:0E078072:configuration file routines:DEF_LOAD:no such 
file:conf_def.c:197:
14488:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=email_in_dn
14488:error:2206E068:X509 V3 routines:X509V3_get_value_bool:invalid 
boolean string:v3_utl.c:229:section:,name:CA,value:True
14488:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
extension:v3_conf.c:93:name=basicConstraints, value=CA:True


What is the best way to include my file contents for you? (worried about 
posting something a mile long)



Patrick Patterson wrote:

Hi Chris:
On 2010-09-22, at 4:13 PM, Chris Rider wrote:

  

For now, I've just copied the CA's public .crt file to a public_html type 
directory and downloading on the client ~ from there, depending on whether I 
use FireFox or IE, I go into the respective certificates manager and import the 
one I downloaded. I've been very deliberate in making sure it actually gets 
installed under the root/trusted category, and not some other category.

I haven't investigated the AIA field... (didn't even know about it)

Would that be specified when creating the CA's keys? Is that best specified in 
my CA's cnf file somewhere?




Yes - it would. 

  

Barring all else, it seems to me like the browser is hanging up on the fact 
that the CA's certificate is self-signed. (??)




Things that would make the browser hang include:

CA cert not including basicConstraints: CA=True, or keyUsage not including 
certSign.
and
User Certs that DO include either of those values.

Also, what could be happening is a mismatch between AKI and SKI values in the 
CA and Server certs.

That's why I requested you to send along a copy of the certs that you are using 
- the values need to be set correctly, just having one key signed by the other, 
which happens to be self signed, is not enough. Unless you have extensively 
edited your openssl.cnf file, you are probably not generating correct CA or end 
entity certs.

Have fun.

Patrick.


  

-Chris


Hugo Garza wrote:


Hi Chris, how are you installing the root CA on the client machines?

In windows once you double click the root certificate you get a message dialog 
box and click the install certificate button. On the following screen press 
next and on the next screen tell it to install the certificate to the Trusted 
Root Certificate Authorities, hit next then finish. You should get a Windows 
dialog warning saying that you are adding a root certificate, and you just say 
yes.

Now the other possible problem is that on the server certificate that you 
created you aren't including the Authority Information Access (AIA) field. This 
is crucial so that your customers only have to install the root CA and 
implicitly trust any certificates signed by the root.

On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider chris.ri...@messagenetsystems.com 
mailto:chris.ri...@messagenetsystems.com wrote:

   We have a client/server architecture based product that needs to
   allow SSL communication between our server (CentOS) and various
   clients' web browsers (and additionally, other devices, but that's
   beyond the scope of this post).

   We've been able to get SSL working in both of two different ways
   (self-signed certificate  self-signed CA with certificates signed
   by that) -- so that is not the issue. Rather, our whole issue is
   that we don't want the end-users to confronted with a big scary
   browser message that says something akin to There's a Problem
   With Security! / Allow Exception, etc. If they must install a
   certificate or two, that would be acceptable, though. So I thought
   that creating my own CA to sign certificates with would be a
   solution apparently not. I'm now getting browser messages that
   say the certificate's issuer is not trusted!!! Very frustrating.

   So, as I said, I've created my own CA (using this link

Re: Self-signed CA problem for internal web application

[Chris Rider]

Sorry, I think I should make clear that I'm using two different 
setups... one for the CA and another for the end user certificate.


For example, my CA is in /etc/pki_MessageNet/CA while my end-user is in 
/etc/pki_MessageNet/tls --- so when I generate my CA keys, it has its 
own config file / scope... and when I generate my end user CSR, it has 
its own config file / scope. I am, however, granting my CSR from within 
the scope of my CA and its configuration. In other words, I'm 
replicating a real world type situation -- or that is the hope!



Chris Rider wrote:
I think we're on to something here... thank you for your time and 
attention, btw!


I still can't see anything about the AIA thing, but I took another go 
at the basicConstraints and keyUsage, and seem to have slightly better 
results. I changed basicConstraints to True (it was FALSE by default), 
so that makes sense. I also just tacked on certSign to the end of the 
keyUsage string. Now, when I generate the keys and install the CA's 
certificate on the client, even IE will automatically detect/install 
as a trusted root... which it wasn't before. So I think we're onto 
something with my CA.


But now, when I go to sign the server certificate using my CA, I am 
getting the following errors: (using the exact same process -- 
scripted -- as before, so the only thing changed is the CA config file 
/ CA keys)

Error Loading extension section usr_cert
14488:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:122:fopen('/etc/pki_MessageNet/CA/index.txt.attr','rb') 

14488:error:2006D080:BIO routines:BIO_new_file:no such 
file:bss_file.c:125:
14488:error:0E078072:configuration file routines:DEF_LOAD:no such 
file:conf_def.c:197:
14488:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=email_in_dn
14488:error:2206E068:X509 V3 routines:X509V3_get_value_bool:invalid 
boolean string:v3_utl.c:229:section:,name:CA,value:True
14488:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
extension:v3_conf.c:93:name=basicConstraints, value=CA:True


What is the best way to include my file contents for you? (worried 
about posting something a mile long)



Patrick Patterson wrote:

Hi Chris:
On 2010-09-22, at 4:13 PM, Chris Rider wrote:

 
For now, I've just copied the CA's public .crt file to a public_html 
type directory and downloading on the client ~ from there, depending 
on whether I use FireFox or IE, I go into the respective 
certificates manager and import the one I downloaded. I've been very 
deliberate in making sure it actually gets installed under the 
root/trusted category, and not some other category.


I haven't investigated the AIA field... (didn't even know about it)

Would that be specified when creating the CA's keys? Is that best 
specified in my CA's cnf file somewhere?





Yes - it would.
 
Barring all else, it seems to me like the browser is hanging up on 
the fact that the CA's certificate is self-signed. (??)





Things that would make the browser hang include:

CA cert not including basicConstraints: CA=True, or keyUsage not 
including certSign.

and
User Certs that DO include either of those values.

Also, what could be happening is a mismatch between AKI and SKI 
values in the CA and Server certs.


That's why I requested you to send along a copy of the certs that you 
are using - the values need to be set correctly, just having one key 
signed by the other, which happens to be self signed, is not enough. 
Unless you have extensively edited your openssl.cnf file, you are 
probably not generating correct CA or end entity certs.


Have fun.

Patrick.


 

-Chris


Hugo Garza wrote:
   

Hi Chris, how are you installing the root CA on the client machines?

In windows once you double click the root certificate you get a 
message dialog box and click the install certificate button. On the 
following screen press next and on the next screen tell it to 
install the certificate to the Trusted Root Certificate 
Authorities, hit next then finish. You should get a Windows dialog 
warning saying that you are adding a root certificate, and you just 
say yes.


Now the other possible problem is that on the server certificate 
that you created you aren't including the Authority Information 
Access (AIA) field. This is crucial so that your customers only 
have to install the root CA and implicitly trust any certificates 
signed by the root.


On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider 
chris.ri...@messagenetsystems.com 
mailto:chris.ri...@messagenetsystems.com wrote:


   We have a client/server architecture based product that needs to
   allow SSL communication between our server (CentOS) and various
   clients' web browsers (and additionally, other devices, but that's
   beyond the scope of this post).

   We've been able to get SSL working in both of two different ways
   (self-signed certificate  self-signed CA with certificates signed

Re: Self-signed CA problem for internal web application

[Chris Rider]

Thanks for the suggestion, but I've already tried that, more or less
My web server config already has that mime type configured, and the 
client is capable of recognizing the properly served filetype. I've 
tried installing certificates through IE's wizard automatically in such 
a way... as well as manually in it and other browsers (downloading 
certificate and importing).
My primary skills are that of webmaster (using that word should tell how 
long I've been in that game! grin), so I am aware of how much the 
browsers vary in doing things... which is why I tried every way of 
installing in every browser I have. I agree with you about the latest 
versions of MSIE and that stupid wizard they now use!


I'm pretty sure it something in my generating keys, rather than client 
issues.



John R Pierce wrote:

 On 09/22/10 11:57 AM, Chris Rider wrote:
We have a client/server architecture based product that needs to 
allow SSL communication between our server (CentOS) and various 
clients' web browsers (and additionally, other devices, but that's 
beyond the scope of this post).


We've been able to get SSL working in both of two different ways 
(self-signed certificate  self-signed CA with certificates signed by 
that) -- so that is not the issue. Rather, our whole issue is that we 
don't want the end-users to confronted with a big scary browser 
message that says something akin to There's a Problem With Security! 
/ Allow Exception, etc. If they must install a certificate or two, 
that would be acceptable, though. So I thought that creating my own 
CA to sign certificates with would be a solution apparently not. 
I'm now getting browser messages that say the certificate's issuer is 
not trusted!!! Very frustrating.


take your selfsigned CA public certificate, name it something.cer, and 
place it on a web server, making sure the webserver understands that 
.cer is mime type application/x-x509-ca-cert


give your clients the link to that .CER ...  they have to accept it 
and add it to their trusted root certificate storage, the specifics of 
doing this vary by web browser (current versions of MSIE have made 
this harder than it should be)



once that .cer is installed in the browsers trusted root authorities, 
then anything signed by that CA will be accepted.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Self-signed CA problem for internal web application

[Chris Rider]

We have a client/server architecture based product that needs to allow
SSL communication between our server (CentOS) and various clients' web
browsers (and additionally, other devices, but that's beyond the scope
of this post).

We've been able to get SSL working in both of two different ways
(self-signed certificate  self-signed CA with certificates signed
by that) -- so that is not the issue. Rather, our whole issue is that
we don't want the end-users to confronted with a big scary browser
message that says something akin to "There's a Problem With Security! /
Allow Exception, etc." If they must install a certificate or two, that
would be acceptable, though. So I thought that creating my own CA to
sign certificates with would be a solution apparently not. I'm now
getting browser messages that say the certificate's issuer is not
trusted!!! Very frustrating.

So, as I said, I've created my own CA (using this link as a guide:
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my
own certificates without problem. I then install the root certificate,
followed by a server certificate signed by that CA. And, while I can
click "allow exception" in the browser to make it all work, that is not
the desired way. We just want to be able to have the end-user install a
trusted root certificate and everything just work from there. Testing
in IE and FireFox nets the same big scary warning message, no matter
what combination of fields I use in the CSR, etc.

We really don't want to go with a third party CA like VeriSign, for
example -- not so much because of the cost, but we just don't want to
deal with updating countless remote installations of our product
whenever the certificate expires. Not to mention the support that would
be associated with doing that! The other issue is that some/most of
these installations do not have outside internet connectivity with
which to query the CA's (for CRL's, or whatever). We really need to
manage our own certificates, all in all but without these warning
messages.

Is it possible?
If so, what am I missing?

-- 

Chris Rider,
Systems Architect

MessageNet Systems
chris.ri...@messagenetsystems.com




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Self-signed CA problem for internal web application

[Chris Rider]

We have a client/server architecture based product that needs to allow 
SSL communication between our server (CentOS) and various clients' web 
browsers (and additionally, other devices, but that's beyond the scope 
of this post).


We've been able to get SSL working in both of two different ways 
(self-signed certificate  self-signed CA with certificates signed by 
that) -- so that is not the issue. Rather, our whole issue is that we 
don't want the end-users to confronted with a big scary browser message 
that says something akin to There's a Problem With Security! / Allow 
Exception, etc. If they must install a certificate or two, that would 
be acceptable, though. So I thought that creating my own CA to sign 
certificates with would be a solution apparently not. I'm now 
getting browser messages that say the certificate's issuer is not 
trusted!!! Very frustrating.


So, as I said, I've created my own CA (using this link as a guide: 
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign my own 
certificates without problem. I then install the root certificate, 
followed by a server certificate signed by that CA. And, while I can 
click allow exception in the browser to make it all work, that is not 
the desired way. We just want to be able to have the end-user install a 
trusted root certificate and everything just work from there. Testing in 
IE and FireFox nets the same big scary warning message, no matter what 
combination of fields I use in the CSR, etc.


We really don't want to go with a third party CA like VeriSign, for 
example -- not so much because of the cost, but we just don't want to 
deal with updating countless remote installations of our product 
whenever the certificate expires. Not to mention the support that would 
be associated with doing that! The other issue is that some/most of 
these installations do not have outside internet connectivity with which 
to query the CA's (for CRL's, or whatever). We really need to manage our 
own certificates, all in all but without these warning messages.


Is it possible?
If so, what am I missing?

--
Chris Rider,
Systems Architect
MessageNet Systems
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Self-signed CA problem for internal web application

[Chris Rider]

For now, I've just copied the CA's public .crt file to a public_html 
type directory and downloading on the client ~ from there, depending on 
whether I use FireFox or IE, I go into the respective certificates 
manager and import the one I downloaded. I've been very deliberate in 
making sure it actually gets installed under the root/trusted category, 
and not some other category.


I haven't investigated the AIA field... (didn't even know about it)

Would that be specified when creating the CA's keys? Is that best 
specified in my CA's cnf file somewhere?


Barring all else, it seems to me like the browser is hanging up on the 
fact that the CA's certificate is self-signed. (??)


-Chris


Hugo Garza wrote:

Hi Chris, how are you installing the root CA on the client machines?

In windows once you double click the root certificate you get a 
message dialog box and click the install certificate button. On the 
following screen press next and on the next screen tell it to install 
the certificate to the Trusted Root Certificate Authorities, hit next 
then finish. You should get a Windows dialog warning saying that you 
are adding a root certificate, and you just say yes.


Now the other possible problem is that on the server certificate that 
you created you aren't including the Authority Information Access 
(AIA) field. This is crucial so that your customers only have to 
install the root CA and implicitly trust any certificates signed by 
the root.


On Wed, Sep 22, 2010 at 2:29 PM, Chris Rider 
chris.ri...@messagenetsystems.com 
mailto:chris.ri...@messagenetsystems.com wrote:


We have a client/server architecture based product that needs to
allow SSL communication between our server (CentOS) and various
clients' web browsers (and additionally, other devices, but that's
beyond the scope of this post).

We've been able to get SSL working in both of two different ways
(self-signed certificate  self-signed CA with certificates signed
by that) -- so that is not the issue. Rather, our whole issue is
that we don't want the end-users to confronted with a big scary
browser message that says something akin to There's a Problem
With Security! / Allow Exception, etc. If they must install a
certificate or two, that would be acceptable, though. So I thought
that creating my own CA to sign certificates with would be a
solution apparently not. I'm now getting browser messages that
say the certificate's issuer is not trusted!!! Very frustrating.

So, as I said, I've created my own CA (using this link as a guide:
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ ), and can sign
my own certificates without problem. I then install the root
certificate, followed by a server certificate signed by that CA.
And, while I can click allow exception in the browser to make it
all work, that is not the desired way. We just want to be able to
have the end-user install a trusted root certificate and
everything just work from there. Testing in IE and FireFox nets
the same big scary warning message, no matter what combination of
fields I use in the CSR, etc.

We really don't want to go with a third party CA like VeriSign,
for example -- not so much because of the cost, but we just don't
want to deal with updating countless remote installations of our
product whenever the certificate expires. Not to mention the
support that would be associated with doing that! The other issue
is that some/most of these installations do not have outside
internet connectivity with which to query the CA's (for CRL's, or
whatever). We really need to manage our own certificates, all in
all but without these warning messages.

Is it possible?
If so, what am I missing?

-- 
Chris Rider,

Systems Architect
MessageNet Systems
__
OpenSSL Project http://www.openssl.org
User Support Mailing List  
 openssl-users@openssl.org mailto:openssl-users@openssl.org
Automated List Manager  
majord...@openssl.org mailto:majord...@openssl.org




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Displaying modulus

[Chris Kistner]

Hi Michael,

There are always an extra null-byte at the beginning, which has an
effect on the sign of the modulus value. The null-byte character would
make the modulus a positive value.

I've been using the following application with Wine to view my X.509
certificates: http://lipingshare.com/Asn1Editor/
There's also a very neat online ASN.1 parser available here:
http://geminisecurity.com/parse.php

Regards,
Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org