ECDH example for openssl 0.9.8za
Hello users, I recently wrote a program to do ECDH secret derivation, using OpenSSL v1.0.1f. I actually followed the example given at http://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman, and I was able to make it work. But I need to make the program work on a machine with OpenSSL v0.9.8za, and I found that the example wouldn't compile as many of the functions like: EVP_PKEY_CTX_new_id EVP_PKEY_paramgen_init, and many more were introduced only in 1.0.0 and later. So does anyone know how to get the secret derivation working in OpenSSL v0.9.8 ? Because from what I read I think it was supported, so I guess I just don't know what functions to substitute for these. I'm developing on Ubuntu 14.04, but I'll be using an older version of OpenSSL (v0.9.8za) for my particular use case. Any help would be greatly appreciated. Thanks in advance! Pratyush Parimal.
Re: ECDH example for openssl 0.9.8za
Hi, Thanks a lot for the clarification. I understand now. Could you also let ne know the same about normal DH operations (not the ec counterparts)? Are they supported in v0.9.8 then? Regards, Pratyush. On Jun 23, 2014 7:07 PM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Mon, Jun 23, 2014 at 06:46:29PM -0400, pratyush parimal wrote: So does anyone know how to get the secret derivation working in OpenSSL v0.9.8? The EC support in 0.9.8 is incomplete, and disabled by default. You should treat 0.9.8 as NOT capable of doing EC. Because from what I read I think it was supported, so I guess I just don't know what functions to substitute for these. Your source was wrong. While some EC functionality is present in 0.9.8, it should not be used. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH example for openssl 0.9.8za
Thanks .. that helps! -pratyush On Jun 23, 2014 7:44 PM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Mon, Jun 23, 2014 at 07:18:06PM -0400, pratyush parimal wrote: Thanks a lot for the clarification. I understand now. Could you also let ne know the same about normal DH operations (not the ec counterparts)? Are they supported in v0.9.8 then? Prime DH is supported in 0.9.8. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Converting public part of 'EVP_PKEY' structure to 'unsigned char*' , and back.
Hi all, I was trying to use ECDH (in OpenSSL v1.0.1f) for a project, and after generating the EVP_PKEY structure, I needed to extract its public key and send it over to the other party. I was unable to find a straightforward way which worked for me. What I tried was this: EVP_PKEY* extract_peerkey_3(EVP_PKEY* EVP_PKEY_both) //'both' meaning it contains public + private { int len = 0; len = i2d_PUBKEY(EVP_PKEY_both, NULL); //find out required buffer length unsigned char *buf, *p; buf = (unsigned char*) malloc(len); //allocate p = buf; len = i2d_PUBKEY(EVP_PKEY_both, p); const unsigned char* p2 = buf; EVP_PKEY* EVP_PKEY_public = d2i_PUBKEY(NULL, p2, len); if (EVP_PKEY_public == NULL) { handleCryptoError(d2i failed, ERR_get_error()); } return EVP_PKEY_public; } The function doesn't throw an error, but when I pass the returned 'EVP_PKEY_public' structure to the function 'EVP_PKEY_derive_set_peer', I get an error message error:10071065:elliptic curve routines:EC_POINT_cmp:incompatible objects. I also tried to follow the steps given at http://stackoverflow.com/questions/1819/how-does-one-access-the-raw-ecdh-public-key-private-key-and-params-inside-opens . When i reconstruct the EVP_PKEY using the steps EC_POINT_oct2point() - EC_KEY_set_public_key() - EVP_PKEY_set1_EC_KEY(), the resulting EVP_PKEY does work for me. In fact I'm able to derive the same secret on both sides using this sequence, but I feel it's too roundabout. I also saw the following: http://marc.info/?l=openssl-usersm=116474297608094w=2, which talks about using 'i2d_PUBKEY', but I haven't been able to make it work so far. Is my usage of d2i_PUBKEY or i2d_PUBKEY wrong in some way? Does anyone know how to use them properly? Any help will be appreciated. Thanks! Pratyush Parimal
Fwd: Converting public part of 'EVP_PKEY' structure to 'unsigned char*' , and back.
Hi all, Did anyone have any luck with this one? Thanks, Pratyush Parimal. -- Forwarded message -- From: pratyush parimal pratyush.pari...@gmail.com Date: Wed, Jun 25, 2014 at 10:43 AM Subject: Converting public part of 'EVP_PKEY' structure to 'unsigned char*' , and back. To: openssl-users@openssl.org Hi all, I was trying to use ECDH (in OpenSSL v1.0.1f) for a project, and after generating the EVP_PKEY structure, I needed to extract its public key and send it over to the other party. I was unable to find a straightforward way which worked for me. What I tried was this: EVP_PKEY* extract_peerkey_3(EVP_PKEY* EVP_PKEY_both) //'both' meaning it contains public + private { int len = 0; len = i2d_PUBKEY(EVP_PKEY_both, NULL); //find out required buffer length unsigned char *buf, *p; buf = (unsigned char*) malloc(len); //allocate p = buf; len = i2d_PUBKEY(EVP_PKEY_both, p); const unsigned char* p2 = buf; EVP_PKEY* EVP_PKEY_public = d2i_PUBKEY(NULL, p2, len); if (EVP_PKEY_public == NULL) { handleCryptoError(d2i failed, ERR_get_error()); } return EVP_PKEY_public; } The function doesn't throw an error, but when I pass the returned 'EVP_PKEY_public' structure to the function 'EVP_PKEY_derive_set_peer', I get an error message error:10071065:elliptic curve routines:EC_POINT_cmp:incompatible objects. I also tried to follow the steps given at http://stackoverflow.com/questions/1819/how-does-one-access-the-raw-ecdh-public-key-private-key-and-params-inside-opens . When i reconstruct the EVP_PKEY using the steps EC_POINT_oct2point() - EC_KEY_set_public_key() - EVP_PKEY_set1_EC_KEY(), the resulting EVP_PKEY does work for me. In fact I'm able to derive the same secret on both sides using this sequence, but I feel it's too roundabout. I also saw the following: http://marc.info/?l=openssl-usersm=116474297608094w=2, which talks about using 'i2d_PUBKEY', but I haven't been able to make it work so far. Is my usage of d2i_PUBKEY or i2d_PUBKEY wrong in some way? Does anyone know how to use them properly? Any help will be appreciated. Thanks! Pratyush Parimal
[openssl-users] How to find patches for a particular OpenSSL version?
Hi all, I am currently using openssl 1.0.1e (compiling from source), and I was wondering whether I needed to put in any patch files with it as well. Does anybody know? Let's assume I can't just use a later version's tarball. In general I wanted to know how I could reliably find out what patches I need to apply for a particular OpenSSL version. Thanks, Pratyush Parimal. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Disable EXPORT cipher suites during compilation
Hi everyone, I am trying to disable the EXPORT ciphers in my OpenSSL code, during compile-time. I'm able to do so at runtime by including '!EXP' in the string I use with SSL_CTX_set_cipher_list(). However, I'm wondering is there an option (like 'no-rc5') that I can pass to Configure? ./Configure --help says that I can use no-cipher to disable stuff, so I used no-exp, but I think that didn't work since the list of ciphers I get from SSL_get_ciphers() still includes EXP-... ciphers. So does anyone know of a way to compile them out? Thanks, Pratyush ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to get list of TLS protocols supported by OpenSSL?
Hi, I'm writing a client-server program that uses TLS for communication. I'm wondering if there's any way to programmatically find out which TLS protocol versions are supported by the OpenSSL library installed on my system. I'm currently aware of three ways which "sort of" provide this information: (1) After setting up the TLS communication, call: SSL_get_version(ssl); which returns "TLSV1.2", etc. (2) Try to connect to a server using TLS by specifying all possible TLS versions in the client program, and see which connections pass/fail. (3) Call: SSL_get_ciphers(), print their names, and try to correlate them with the protocol they're associated with. Unfortunately, none of the above answer my question completely. So is it possible to ascertain which TLS protocol versions are actually supported by my server-program, without trying the above methods? My purpose is not to simply make a list for my own reference, but rather finding it out on-the-fly in the server-side program, since I may run it on different versions of OpenSSL. Thanks in advance! Pratyush ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Custom Random number generation while in Fips mode
Hi Thomas, Thanks for your response! It clears up matters a lot :) There's one thing that I thought of though -- even though I'm generating the salt via non-OpenSSL means, the actual function that I'm using for hashing is "SHA512" from FIPS OpenSSL. Does the mere usage of salt that was generated via a non-FIPS-recommended approach violate my compliance ? I understand what you mean by "I'm not an auditor or a lawyer" , but I'd still appreciate your opinion / experience in the matter :) Thanks, Pratyush. On Thu, Jul 28, 2016 at 10:23 AM, Thomas Francis, Jr. < thomas.francis...@pobox.com> wrote: > > > On Jul 27, 2016, at 8:18 PM, pratyush parimal < > pratyush.pari...@gmail.com> wrote: > > > > Hi all, > > > > I work on a consumer application which is striving to be fips-140-2 > compliant. > > > > I'm using OpenSSL as recommended in the fips guide by invoking > fips_mode_set(). However, in certain parts of the same application, I'm > using my own non-OpenSSL random number generator to generate salts for > hashing passwords for the app user accounts(I'm not using RAND_bytes). > > > > Does anyone know if using my custom random number generator in this way > violates the app's fips compliance? > > That’s almost certainly a violation. There might be a few edge cases > where it is not, but they’re very unlikely. To determine if you’re even > close to such cases, ask: Does the RNG I’m using come from another FIPS 140 > validated cryptographic module? Am I using that module in approved mode? > Am I using that module according to its security policy? Do I have > explicit permission from the customers’ auditors to mix two modules in my > product? > > If the answer to all of those questions is yes, you _might_ be OK, for > now. A few auditors (in the past, anyway) considered it OK to mix modules, > while other auditors say no. My own reading of FIPS 140-2 is that you may > not mix modules. But I’m not an auditor or a lawyer. :) > > The other question to ask is: can I clearly explain that the use of the > non-approved RNG is for non-cryptographic purposes, and easily justify that > explanation? Given what you said about why you’re using it, I’m pretty > sure the answer to that one is “no”. :) And even if you could, that’s > still a very weak argument to be making to your customers’ auditors, who > may decide it’s still not allowed even if they agree it’s for > non-cryptographic purposes. > > > Am I really supposed to be using > > RAND_bytes for compliance reasons? > > Yes. > > > Thanks in advance! > > Pratyush. > > > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Recommended sequence for FIPS_mode_set(), RAND_load_file() and SSL_library_init()
Hi everyone, I'm writing an application which can operate in FIPS mode, for which I'm calling FIPS_mode_set(). At one point, I'm also seeding the PRNG using RAND_load_file() so I can generate random bytes later. What I'm unsure about is that for FIPS mode operation, am I required to do the seeding after calling FIPS_mode_set() or is it OK for me to call it before as well? Also, what about the calls to initialization functions like SSL_library_init() ? I'd really appreciate if someone could help me understand the proper sequence of these function calls from a FIPS 140-2 compliance perspective. Thanks in advance! Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Custom Random number generation while in Fips mode
Hi all, I work on a consumer application which is striving to be fips-140-2 compliant. I'm using OpenSSL as recommended in the fips guide by invoking fips_mode_set(). However, in certain parts of the same application, I'm using my own non-OpenSSL random number generator to generate salts for hashing passwords for the app user accounts(I'm not using RAND_bytes). Does anyone know if using my custom random number generator in this way violates the app's fips compliance? Am I really supposed to be using RAND_bytes for compliance reasons? Thanks in advance! Pratyush. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?
Hi all, I see a lot of questions and answers about how to handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand that the error is returned when the SSL library needs to do a handshake in the middle of read/write operation, so we need to repeat the call when the appropriate event happens. But what I don't understand is, why does the library need to re-do the handshake? If I set up my program so go through the SSL_connect/accept calls properly (and handle SSL_ERROR_WANT_READ/WRITE in there properly) and do the handshake successfully in the beginning itself, then why does the library need to do a handshake again? If I'm happy with my initial handshake, is there a way to disable subsequent handshaking for that socket? Thanks, Pratyush. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Programmatically check private key and public key cert?
Hi, Hope everyone is having a good new year so far! I'm trying to find a way to make sure that a private-key/public-key-cert pair I'm given, will absolutely work when I stick them into my SSL_CTX* object and try to use that for ssl. Short of trying to simulate a test ssl connection over localhost for testing them out, is there a way to ensure that? After googling, it seems that I may be able to verify that by comparing the modulus from the key and the cert. Does anyone know if that's sufficient, and how to do it programmatically? I was also wondering if I should just try to perform an encrypt-decrypt sequence using the pair I have, and use the success of that as confirmation that my ssl connection will work later, as far as the certs are concerned. Would that be the right way to go about it? What do you guys think? Thanks in advance! - Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] SSL Cert serial number non-uniqueness impact
Hi everyone, I read from several sources that the serial number of a cert MUST be unique within a CA. But could someone explain what would happen if the serial number was not unique? Would it cause SSL connections to fail in some manner? I think I'm a little unclear about the "purpose" of the serial number in the first place. Is it just something the CA uses to keep track of what/how many certificates it has issued, or does it play a part in the SSL connection itself? Thanks in advance! Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Correct way to free SSL_CTX* ?
Hi all, I'm trying to write an application in which I create an instance of SSL_CTX* using SSL_CTX_new(), and set the following things in it: (1) An EVP_PKEY* : 1a> created with PEM_read_bio_PrivateKey(). 1b> set in the ctx using SSL_CTX_use_PrivateKey(). (2) A number of X509* instances (cuz chained certs) : 2a> all created with PEM_read_bio_X509(). 2b> set in the ctx using SSL_CTX_use_certificate() or SSL_CTX_add_extra_chain_cert(). At the end, I use SSL_CTX_free() to free up the ctx. According to the man page for SSL_CTX_free(): "SSL_CTX_free() decrements the reference count of ctx, and removes the SSL_CTX object pointed to by ctx and frees up the allocated memory if the the reference count has reached 0. It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. " ... which tells me that freeing the SSL_CTX should free up its memory as well as the things I set inside of it (unless I'm interpreting it super wrong?) like " ... certificates and keys". The problem is, when run my application under valgrind, I keep seeing memory leaks for both steps (1a) and (2a). I tried to get rid of them, by using EVP_PKEY_free() after I'm done setting in step (1b). This works, and the leak for step (1a) goes away. When I try to do the same for step (2), i.e. calling X509_free() after every successful "set" call, I get a coredump (backtrace is attached: bt_1.txt), coming out of SSL_CTX_free, suggesting that I did something wrong. Which brings me to my question, does anyone know the correct way to free memory in SSL_CTX ? Or, what's wrong with my steps? The application doesn't even perform SSL yet, I'm just trying to create/destroy SSL_CTX objects without leaks first. Any help would be appreciated! Thanks in advance, -Pratyush. Leak when I don't free the X509* objects manually. Line test_ssl_leak.cpp:241 actually has a call to PEM_read_bio_X509. ==27639== ==27639== HEAP SUMMARY: ==27639== in use at exit: 163,236 bytes in 2,948 blocks ==27639== total heap usage: 5,063 allocs, 2,115 frees, 398,442 bytes allocated ==27639== ==27639== 3,659 (184 direct, 3,475 indirect) bytes in 1 blocks are definitely lost in loss record 278 of 282 ==27639==at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==27639==by 0x5105E77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==27639==by 0x51E1443: asn1_item_ex_combine_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==27639==by 0x51E3EB0: ASN1_item_ex_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==27639==by 0x51E449A: ASN1_item_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==27639==by 0x51F33AD: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==27639==by 0x4173B8: makeDataSSLCtx(std::__cxx11::basic_stringconst&, std::__cxx11::basic_string const&, std::__cxx11::basic_string const&, bool) (test_ssl_leak.cpp:241) ==27639==by 0x417BE0: test_ssl_leak() (test_ssl_leak.cpp:487) ==27639==by 0x4083CE: main (test2.cpp:53) ==27639== ==27639== LEAK SUMMARY: ==27639==definitely lost: 184 bytes in 1 blocks ==27639==indirectly lost: 3,475 bytes in 94 blocks ==27639== possibly lost: 0 bytes in 0 blocks ==27639==still reachable: 159,577 bytes in 2,853 blocks ==27639== suppressed: 0 bytes in 0 blocks ==27639== Reachable blocks (those to which a pointer was found) are not shown. ==27639== To see them, rerun with: --leak-check=full --show-leak-kinds=all == Core dump after I do call X509_free after a successful call to SSL_CTX_use_certificate() or SSL_CTX_add_extra_chain_cert() #0 ASN1_STRING_free (a=0x40) at asn1_lib.c:428 #1 0x7f53f2fa5675 in ASN1_primitive_free (pval=, it=) at tasn_fre.c:244 #2 0x7f53f2fa5aaf in ASN1_template_free (pval=0x1627060, tt=tt@entry=0x7f53f3295970 ) at tasn_fre.c:191 #3 0x7f53f2fa57e2 in asn1_item_combine_free (pval=pval@entry=0x7ffe273ef1a8, it=0x7f53f328eb20 , combine=combine@entry=0) at tasn_fre.c:166 #4 0x7f53f2fa59f5 in ASN1_item_free (val=0x1627050, it=) at tasn_fre.c:72 #5 0x7f53f2f81041 in sk_pop_free (st=0x1628520, func=0x405380 ) at stack.c:327 #6 0x7f53f32e8da7 in SSL_CTX_free (a=0x16249d0) at ssl_lib.c:2152 #7 0x00417d69 in std::unique_ptr ::reset (this=0x7ffe273ef220, __p=0x16249d0) at /usr/include/c++/5/bits/unique_ptr.h:344 #8 0x00417c33 in test_ssl_leak () at ../src/test_ssl_leak.cpp:492 #9 0x004083cf in main () at ../src/test2.cpp:53 -- openssl-users mailing list To unsubscribe:
Re: [openssl-users] Correct way to free SSL_CTX* ?
Hi all, I think I found the way to fix the memory leak in my application. Just floating it here in case it helps out someone else. The answer was on the wiki page for SSL_CTX_add_extra_chain_cert(): "The *x509* certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the *SSL_CTX* is destroyed. An application *should not* free the *x509* object." The trick was to realize that the cert added via SSL_CTX_use_certificate() can be (and should be, I think) free'd manually right after this call. Otherwise you've got a memory leak on your hands. But the certs added using SSL_CTX_add_extra_chain_cert() should not be free'd up manually - those are cleaned up SSL_CTX_free later at the end of the application. After doing this, the memory leak and the crash both went away. Thanks, -Pratyush. On Sun, Jan 28, 2018 at 10:20 PM, J Decker <d3c...@gmail.com> wrote: > > > On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal < > pratyush.pari...@gmail.com> wrote: > >> Hi all, >> >> I'm trying to write an application in which I create an instance of >> SSL_CTX* using SSL_CTX_new(), and set the following things in it: >> >> (1) An EVP_PKEY* : >> 1a> created with PEM_read_bio_PrivateKey(). >> 1b> set in the ctx using SSL_CTX_use_PrivateKey(). >> > after setting key, free key > >> >> (2) A number of X509* instances (cuz chained certs) : >> 2a> all created with PEM_read_bio_X509(). >> 2b> set in the ctx using SSL_CTX_use_certificate() or >> SSL_CTX_add_extra_chain_cert(). >> > after setting certs, free certs. > >> >> At the end, I use SSL_CTX_free() to free up the ctx. According to the man >> page for SSL_CTX_free(): >> >> "SSL_CTX_free() decrements the reference count of ctx, and removes the >> SSL_CTX object pointed to by ctx and frees up the allocated memory if the >> the reference count has reached 0. >>It also calls the free()ing procedures for indirectly affected >> items, if applicable: the session cache, the list of ciphers, the list of >> Client CAs, the certificates and keys. " >> >> ... which tells me that freeing the SSL_CTX should free up its memory as >> well as the things I set inside of it (unless I'm interpreting it super >> wrong?) like " ... certificates and keys". >> The problem is, when run my application under valgrind, I keep seeing >> memory leaks for both steps (1a) and (2a). >> >> I tried to get rid of them, by using EVP_PKEY_free() after I'm done >> setting in step (1b). This works, and the leak for step (1a) goes away. >> When I try to do the same for step (2), i.e. calling X509_free() after >> every successful "set" call, I get a coredump (backtrace is attached: >> bt_1.txt), coming out of SSL_CTX_free, suggesting that I did something >> wrong. >> >> >> Which brings me to my question, does anyone know the correct way to free >> memory in SSL_CTX ? Or, what's wrong with my steps? The application doesn't >> even perform SSL yet, I'm just trying to create/destroy SSL_CTX objects >> without leaks first. Any help would be appreciated! >> >> >> Thanks in advance, >> -Pratyush. >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to compile OpenSSL 1.0.x with versioned symbols ?
Hi all, Are people familiar with how to get symbols versioned with versions like "OPENSSL_1.0.x" in the libcrypto.so after compiling it yourselves? I have an application which was compiled and dynamically linked against OpenSSL 1.0.2k on a CentOS 6.7 machine. I'm trying to run it on a system where I've built and installed OpenSSL 1.0.2k myself. For compilation, I followed the instructions on the wiki page: https://wiki.openssl.org/index.php/Compilation_and_Installation? , i.e. I did: ./Configure ... make depend make make install Problem is, on execution my application complains that: "OPENSSL_1.0.2 not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so on the CentOS machine, I see some symbols versioned with the version number "OPENSSL_1.0.2" within the library. But these seem to be missing in the libcrypto.so which I built using the instructions above. Any idea how to get those symbols in ? Or how to get around this issue? Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not have this problem. In fact, as part of the build process, it seems to generate two map files: ssl.map and crypto.map, which get passed as --version-script=ssl.map and --version-script=crypto.map sometime to the compiler. I also noticed that in that version of OpenSSL, there's a script called util/mkdef.pl which generates those map files. OpenSSL 1.0.2k for example, does not seem to generate those map files as part of the build process. Any idea how to generate them? I saw an example of how CentOS seems to be putting versioned symbols in using a patch (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch), but if someone could explain how to do that for any OpenSSL version, it would be very helpful. Thanks in advance! Pratyush. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Workaround for "SSL_CTX_use_certificate:ca md too weak"
Hi everyone, I'm upgrading a server application from using OpenSSL 1.0.2n to using OpenSSL 1.1.0g. I noticed that after the upgrade, some SSL certs get rejected because they use an MD5 digest, with the error: "SSL_CTX_use_certificate:ca md too weak" While I could ask clients to get a better CA certificate, it takes some of them a long time to do so. I was wondering if there's a way I could compile/configure the OpenSSL on my server to accept those certificates after all. Does anyone know? I found links such as: https://mta.openssl.org/pipermail/openssl-users/2017-October/006670.html and https://www.spinics.net/lists/openssl-users/msg06669.html and a few others but they don't apply to my case I think. Also, if the client does find it possible to get re-generated certs, would it be both the client cert and the CA? Or just one of them? Thanks in advance! Best, Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Should I stop using locking callbacks in OpenSSL 1.1.0x ?
Hi all, I'm trying to migrate some application code from OpenSSL 1.0.1e to 1.1.0g. I keep seeing that the locking and threading callbacks I had used earlier (with CRYPTO_set_locking_callback and CRYPTO_set_id_callback respectively) now show up as "unused" during compilation. I checked https://www.openssl.org/blog/blog/2017/02/21/threads/ and it seems like OpenSSL is trying to ditch callbacks and use more native facilities. In 1.1.0g's crypto.h, CRYPTO_set_locking_callback is defined as a no-op, with the following comment: /* * The old locking functions have been removed completely without compatibility * macros. This is because the old functions either could not properly report * errors, or the returned error values were not clearly documented. * Replacing the locking functions with with no-ops would cause race condition * issues in the affected applications. It is far better for them to fail at * compile time. * On the other hand, the locking callbacks are no longer used. Consequently, * the callback management functions can be safely replaced with no-op macros. */ Does this mean I can safely remove all usages of the above functions from my application code? I'd appreciate if someone could explain the above comment in a little more detail or confirm what I'm saying. Or has anyone else been in the same situation? Thanks, Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Is EVP_BytesToKey() still recommended ?
Hi everyone, I'm trying to find a way to convert a string password to an AES-256 encryption key. I came across EVP_BytesToKey(), but the man-page says at the end: "Newer applications should use a more modern algorithm such as PBKDF2 as defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC". Does this mean I shouldn't use EVP_BytesToKey(), and should instead find out how to use PBKDF2 ? Or do I need to find out how to get EVP_BytesToKey() to use PBKDF2? Any clarifications will be appreciated! -Pratyush. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] When to call ERR_clear_error() ?
Hi all, I have a multi-threaded SSL server application which uses SSL_write()/SSL_read() calls. In my write-loop, whenever SSL_write() returns <= 0, I call SSL_get_error() to see what happened, and then proceed based on what I find. After that, I call ERR_clear_error() because I think I need to clear the error queue for the current thread. Is calling ERR_clear_error() the right thing to do? The manpage for SSL_get_error() says: " ... SSL_get_error() inspects the current thread's OpenSSL error queue. Thus, SSL_get_error() must be used in the same thread that performed the TLS/SSL I/O operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably." My reason for calling ERR_clear_error() is to make sure that " ... current thread's error queue must be empty before the TLS/SSL I/O operation is attempted ...". My application is multi-threaded and I don't want SSL errors from one thread to cause with other threads. What can happen if I don't call ERR_clear_error() ? Could someone explain the correct/reasonable places I should be using that function? Thanks, Pratyush -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users