How to set "e" in RSA structure ?

2019-07-10 Thread Swamy J-S 
Recently i upgraded openssl from 1.0.2 to 1.1.0. As RSA structure is opaque in 
new opnessl i made some modifications in my code as follows :

Old Code
RSA* rsa = EVP_PKEY_get1_RSA(PKey);
if(NULL != rsa)
{
if(!BN_set_word(rsa->e, 65537) || !EVP_PKEY_set1_RSA(PKey, rsa))
--
New Code
RSA* rsa = EVP_PKEY_get1_RSA(PKey);
BIGNUM *e_new = BN_new();
if(NULL != rsa)
{
if(!BN_set_word(e_new, 65537) || !EVP_PKEY_set1_RSA(PKey, rsa))

But Now "e" variable is not set in 'rsa', So how to set "e" inside rsa? Pls 
suggest me corresponding API

Thanks and Regards,
SWAMY J S

Issue with EVP_sha256 and Tspi_Context_CreateObject

2019-06-10 Thread Swamy J-S 
Hi,

Earlier with openssl 1.0.2n version, I was using EVP_sha256 for creating 
Certificate Signing Request  and "TSS_HASH_OTHER" flag in 
Tspi_Context_CreateObject.

Recently I upgraded openssl to 1.1.0g version and now am getting "Signature 
Verify Failure" in my CSR. I have attached the screenshot here

If I use EVP_sha1 and TSS_HASH_SHA1, then I am able to generate certificate but 
if it fails in TLS Handshake with my HTTPS Server.

Are there any changes in openssl engine structure with respect to Signing and 
private key encryption in openssl 1.1.0?

c2i_ASN1_INTEGER function in Openssl 1.1.0

2019-05-30 Thread Swamy J-S 
Hi,


I recently updated openssl from 1.0.2n to 1.1.0g in linux system.


Earlier I was using

"ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, 
long len) " function. As this function is removed in openssl 1.1.0, now i 
replaced this with


"ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, 
long length)".

Now when i build my application then i get warning as

"Warning:0:-- SSL Error queue report --
Warning:0: - asn1 encoding routines|d2i_ASN1_UINTEGER|expecting an 
integer:218718323".


What is the solution for this problem?

RE: Where to copy custom openssl engine library in openssl 1.1.0

2019-04-25 Thread Swamy J-S 
Hi, Thanks for reply. I have a doubt here. Which config file you are referring 
too? Is there any file called “config” which is already existing somewhere or 
should I create a dummy file called config?

Just now I created a dummy file “config” and added the details you sent in this 
file.

Also added “export OPENSSL_CONF=path_to_config” in /etc/environment file. And 
ran the command “openssl engine store -t -c”.
Still am getting same error as store not found when I run my application.

Thanks and Regards,
SWAMY J S

From: Dmitry Belyavsky 
Sent: Thursday, April 25, 2019 1:44 PM
To: Swamy J-S 
Cc: openssl-users@openssl.org
Subject: Re: Where to copy custom openssl engine library in openssl 1.1.0

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Hello,

You should load your engine via config file.

It may look like
=
openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
storeengine = store_section

[store_section]
engine_id = store
dynamic_path = /usr/local/lib/engines/storeengine.so


Your application should load the config file, the way it works is different for 
different versions.


On Thu, Apr 25, 2019 at 11:07 AM Swamy J-S 
mailto:swamy@in.abb.com>> wrote:

Am working in Ubuntu 18.04 with openssl 1.1.0g version. I built a custom 
openssl engine and now i want to use this engine instead of default openssl 
engine.

My engine library name is libstoreengine.so and i copied this to 
/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ path.



When i run my application the it says Store Engine not found. There is path 
issue here, am i copying the library in right path? I copied my library in 
/lib/x86_64-linux-gnu still am getting same error.

Please let me know the right path where i have to copy this engine?

Thanks and Regards,
SWAMY J S



--
SY, Dmitry Belyavsky

Where to copy custom openssl engine library in openssl 1.1.0

2019-04-25 Thread Swamy J-S 
Am working in Ubuntu 18.04 with openssl 1.1.0g version. I built a custom 
openssl engine and now i want to use this engine instead of default openssl 
engine.

My engine library name is libstoreengine.so and i copied this to 
/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ path.



When i run my application the it says Store Engine not found. There is path 
issue here, am i copying the library in right path? I copied my library in 
/lib/x86_64-linux-gnu still am getting same error.

Please let me know the right path where i have to copy this engine?

Thanks and Regards,
SWAMY J S

Error in M_ASN1_New_of function in openssl 1.1.0g

2019-04-19 Thread Swamy J-S 
I upgraded openssl from 1.0.2n to 1.1.0g in Linux recently and am getting some 
errors in code because many of the openssl functions are deprecated in new 
version. One such function is malloc function which is M_ASN1_New_Malloc(Poll, 
CertInfo) which was defined in asn1_mac.h

After openssl upgradation, i searched alternate function to "M_ASN1_New_Malloc" 
and i changed my code as below
DECLARE_ASN1_ALLOC_FUNCTIONS(CertInfo)
CertInfo *Poll = NULL;
Poll = M_ASN1_New_of(CertInfo)

When i build my code am getting error as undefined reference to 'CertInfo_it'.

I don't why its adding "_it" to CertInfo unnecessarily**.


Thanks and Regards,
SWAMY J S

CRYPTO_LOCK_X509_STORE in OpenSSL 1.1.0

2019-04-15 Thread Swamy J-S 
Hi All,


I updated openssl from 1.0.2n to 1.1.0g recently and facing some errors in 
building my application because many functions and structures are opaque now in 
1.1.0g. Errors am getting are as below :


error: ‘CRYPTO_LOCK_X509_STORE’ undeclared (first use in this function); did 
you mean ‘CRYPTO_EX_INDEX_X509_STORE’?
 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
   ^~
   CRYPTO_EX_INDEX_X509_STORE

 warning: implicit declaration of function ‘CRYPTO_w_lock’; did you mean 
‘CRYPTO_zalloc’? [-Wimplicit-function-declaration]
 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
 ^
 CRYPTO_zalloc


So what is the alternate option available for "CRYPTO_LOCK_X509_STORE" and 
"CRYPTO_w_lock" in openssl 1.1.0g ?

ASN1_CTX usage in openssl 1.1.0

2019-04-11 Thread Swamy J-S 
I have upgraded openssl from 1.0.2n to 1.1.0g on Ubuntu 18.04 recently. My 
application uses openssl. Now during build am facing some issues.



i used "EVP_MD_CTX ctx" earlier and now i modified it has



"EVP_MD_CTX *ctx

ctx=EVP_MD_CTX_new()" and this is working fine.



And i used "ASN1_CTX ctx" but this is not working if modify like above. And 
during build its suggesting to use "ASN1_SCTX ctx" but if I use this then I get 
error in "M_ASN1_New_Malloc"



So how to modify "ASN1_CTX ctx" in openssl 1.1.0g.



Also am getting error as /usr/include/openssl/asn1_mac.h:10:2: error: #error 
"This file is obsolete; please update your software."


Thanks and Regards,
SWAMY J S

How to disable TLS 1.3 in OpenSSL 1.1.1

2019-03-21 Thread Swamy J-S 
I have updated my openssl from 1.1.0 to 1.1.1 recently. Openssl 1.1.1 version 
supports TLS1.3 feature.

But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu 
18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how to 
enable TLS 1.2?



Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can i 
get any package from ubuntu to disable TLS 1.3 ?


Thanks and Regards,
SWAMY J S

RE: cURL with openSSL 1.1.1 version

2019-03-20 Thread Swamy J-S 
Ubuntu released any libssl development package already for openssl 1.1.1? I 
want to download package internally, I don’t want to download openssl and build 
it externally.

Right now “sudo apt install libssl-dev” installs openssl1.1.0g version, like 
this any command to install openssl 1.1.1??

Thanks and Regards,
SWAMY J S

From: Nicola 
Sent: Tuesday, March 19, 2019 2:22 PM
To: Swamy J-S 
Cc: openssl-users@openssl.org
Subject: Re: cURL with openSSL 1.1.1 version

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 
(https://packages.ubuntu.com/bionic/openssl<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpackages.ubuntu.com%2Fbionic%2Fopenssl=02%7C01%7Cswamy.j-s%40in.abb.com%7Ca64a60a8f0064a43ce5708d6ac48387f%7C372ee9e09ce04033a64ac07073a91ecd%7C0%7C0%7C636885823518561215=0nV1nWV7fC5GIwUDLLgidRS7u4LOSA%2Fiijni43%2F8beM%3D=0>)
 and official Ubuntu packages depending on OpenSSL link against this version.

1.1.0 will be EOL in September, and after that the decision on which level of 
support to provide depends on the Ubuntu project and their development 
strategies.

1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing 
applications shouldn't require major changes for the existing functionality, 
but ultimately it will be Ubuntu decision if they are going to maintain their 
fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1

If you are compiling your own application disregarding the distribution 
maintainers decisions, you are free to compile and link against your own 
version of openssl and to the best of my knowledge recent versions of curl will 
not create any issue when compiling against 1.1.1

If you have your own code using the OpenSSL API directly and have not updated 
since 1.0.2, some changes will most likely be required as since 1.1.0 most 
structs are opaque and you need to use accessors to get and set their members.

Best regards,

Nicola Tuveri

On Tue, Mar 19, 2019, 09:56 Swamy J-S 
mailto:swamy@in.abb.com>> wrote:
Hi,

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 
1.1.1 branch.

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am 
using many curl options such as CURLOPT_SSL_VERIFYPEER , 
CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? 
Or should I upgrade curl and other things also?? If you have any document or 
release notes regarding this the please let me know.

Regards,
SWAMY J S

cURL with openSSL 1.1.1 version

2019-03-19 Thread Swamy J-S 
Hi,

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 
1.1.1 branch.

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am 
using many curl options such as CURLOPT_SSL_VERIFYPEER , 
CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? 
Or should I upgrade curl and other things also?? If you have any document or 
release notes regarding this the please let me know.

Regards,
SWAMY J S

[openssl-users] Problem in Building openssl_1.0.2p in Visual Studio 2015

2018-08-30 Thread Swamy J-S 
Am building new release of openssl_1.0.2p using Visual Studio 2015 Command 
Prompts. I have installed perl and sed. I have written some batch files to 
build x86 and x64 libraries. When I built same openssl version in VS 2013 and 
VS 2017 am not facing any issue.

But while building in VS 2015 am unable to build. When I build x86 library in 
"VS2015 x86 Native Tools Command Prompt" then  its building fine and resulting 
in generating include and lib folder. But when I try to build DLL library then 
am getting fatal error which says

rc /fo"tmp32dll\libeay32.res" /d CRYPTO ms\version32.rc

'rc' is not recognized as an internal or external command,
operable program or batch file.

NMAKE : fatal error V1077: 'rc' : return code '0x1'
Stop.
1 dir(s) moved.
1 dir(s) moved."

I have attached screenshot too.

Thanks and Regards,
SWAMY J S

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users