ECDH example for openssl 0.9.8za

[pratyush parimal]

Hello users,

I recently wrote a program to do ECDH secret derivation, using OpenSSL
v1.0.1f.
I actually followed the example given at
http://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman, and I was
able to make it work.

But I need to make the program work on a machine with OpenSSL v0.9.8za, and
I found that the example wouldn't compile as many of the functions like:
EVP_PKEY_CTX_new_id
EVP_PKEY_paramgen_init,

and many more were introduced only in 1.0.0 and later.

So does anyone know how to get the secret derivation working in OpenSSL
v0.9.8 ? Because from what I read I think it was supported, so I guess I
just don't know what functions to substitute for these.

I'm developing on Ubuntu 14.04, but I'll be using an older version of
OpenSSL (v0.9.8za) for my particular use case.

Any help would be greatly appreciated.

Thanks in advance!
Pratyush Parimal.

Re: ECDH example for openssl 0.9.8za

[pratyush parimal]

Hi,

Thanks a lot for the clarification. I understand now.

Could you also let ne know the same about normal DH operations (not the ec
counterparts)? Are they supported in v0.9.8 then?

Regards,
Pratyush.
On Jun 23, 2014 7:07 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:

 On Mon, Jun 23, 2014 at 06:46:29PM -0400, pratyush parimal wrote:

  So does anyone know how to get the secret derivation working in OpenSSL
  v0.9.8?

 The EC support in 0.9.8 is incomplete, and disabled by default.
 You should treat 0.9.8 as NOT capable of doing EC.

  Because from what I read I think it was supported, so I guess I
  just don't know what functions to substitute for these.

 Your source was wrong.  While some EC functionality is present in
 0.9.8, it should not be used.

 --
 Viktor.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Re: ECDH example for openssl 0.9.8za

[pratyush parimal]

Thanks .. that helps!
-pratyush
On Jun 23, 2014 7:44 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:

 On Mon, Jun 23, 2014 at 07:18:06PM -0400, pratyush parimal wrote:

  Thanks a lot for the clarification. I understand now.
 
  Could you also let ne know the same about normal DH operations (not the
 ec
  counterparts)? Are they supported in v0.9.8 then?

 Prime DH is supported in 0.9.8.

 --
 Viktor.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Converting public part of 'EVP_PKEY' structure to 'unsigned char*' , and back.

[pratyush parimal]

Hi all,

I was trying to use ECDH (in OpenSSL v1.0.1f) for a project, and after
generating the EVP_PKEY structure, I needed to extract its public key and
send it over to the other party. I was unable to find a straightforward way
which worked for me.

What I tried was this:

EVP_PKEY*
extract_peerkey_3(EVP_PKEY* EVP_PKEY_both) //'both' meaning it contains
public + private
{
int len = 0;

len = i2d_PUBKEY(EVP_PKEY_both, NULL); //find out required buffer length
unsigned char *buf, *p;
buf = (unsigned char*) malloc(len); //allocate
p = buf;
len = i2d_PUBKEY(EVP_PKEY_both, p);

const unsigned char* p2 = buf;
EVP_PKEY* EVP_PKEY_public = d2i_PUBKEY(NULL, p2, len);
if (EVP_PKEY_public == NULL)
{
handleCryptoError(d2i failed, ERR_get_error());
}

return EVP_PKEY_public;
}

The function doesn't throw an error, but when I pass the returned
'EVP_PKEY_public' structure to the function 'EVP_PKEY_derive_set_peer', I
get an error message error:10071065:elliptic curve
routines:EC_POINT_cmp:incompatible objects.

I also tried to follow the steps given at
http://stackoverflow.com/questions/1819/how-does-one-access-the-raw-ecdh-public-key-private-key-and-params-inside-opens
.
When i reconstruct the EVP_PKEY using the steps EC_POINT_oct2point()
- EC_KEY_set_public_key()
- EVP_PKEY_set1_EC_KEY(), the resulting EVP_PKEY does work for me. In fact
I'm able to derive the same secret on both sides using this sequence, but I
feel it's too roundabout.

I also saw the following:
http://marc.info/?l=openssl-usersm=116474297608094w=2, which talks about
using 'i2d_PUBKEY', but I haven't been able to make it work so far.

Is my usage of d2i_PUBKEY or i2d_PUBKEY wrong in some way? Does anyone know
how to use them properly?
Any help will be appreciated.

Thanks!
Pratyush Parimal

Fwd: Converting public part of 'EVP_PKEY' structure to 'unsigned char*' , and back.

[pratyush parimal]

Hi all,

Did anyone have any luck with this one?

Thanks,
Pratyush Parimal.

-- Forwarded message --
From: pratyush parimal pratyush.pari...@gmail.com
Date: Wed, Jun 25, 2014 at 10:43 AM
Subject: Converting public part of 'EVP_PKEY' structure to 'unsigned char*'
, and back.
To: openssl-users@openssl.org


Hi all,

I was trying to use ECDH (in OpenSSL v1.0.1f) for a project, and after
generating the EVP_PKEY structure, I needed to extract its public key and
send it over to the other party. I was unable to find a straightforward way
which worked for me.

What I tried was this:

EVP_PKEY*
extract_peerkey_3(EVP_PKEY* EVP_PKEY_both) //'both' meaning it contains
public + private
{
int len = 0;

 len = i2d_PUBKEY(EVP_PKEY_both, NULL); //find out required buffer length
unsigned char *buf, *p;
 buf = (unsigned char*) malloc(len); //allocate
p = buf;
len = i2d_PUBKEY(EVP_PKEY_both, p);

const unsigned char* p2 = buf;
EVP_PKEY* EVP_PKEY_public = d2i_PUBKEY(NULL, p2, len);
 if (EVP_PKEY_public == NULL)
{
handleCryptoError(d2i failed, ERR_get_error());
 }

return EVP_PKEY_public;
}

The function doesn't throw an error, but when I pass the returned
'EVP_PKEY_public' structure to the function 'EVP_PKEY_derive_set_peer', I
get an error message error:10071065:elliptic curve
routines:EC_POINT_cmp:incompatible objects.

I also tried to follow the steps given at
http://stackoverflow.com/questions/1819/how-does-one-access-the-raw-ecdh-public-key-private-key-and-params-inside-opens
.
When i reconstruct the EVP_PKEY using the steps EC_POINT_oct2point()
- EC_KEY_set_public_key()
- EVP_PKEY_set1_EC_KEY(), the resulting EVP_PKEY does work for me. In fact
I'm able to derive the same secret on both sides using this sequence, but I
feel it's too roundabout.

I also saw the following:
http://marc.info/?l=openssl-usersm=116474297608094w=2, which talks about
using 'i2d_PUBKEY', but I haven't been able to make it work so far.

Is my usage of d2i_PUBKEY or i2d_PUBKEY wrong in some way? Does anyone know
how to use them properly?
Any help will be appreciated.

Thanks!
Pratyush Parimal

[openssl-users] How to find patches for a particular OpenSSL version?

[pratyush parimal]

Hi all,

I am currently using openssl 1.0.1e (compiling from source), and I was
wondering whether I needed to put in any patch files with it as well. Does
anybody know? Let's assume I can't just use a later version's tarball.

In general I wanted to know how I could reliably find out what patches I
need to apply for a particular OpenSSL version.

Thanks,
Pratyush Parimal.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Disable EXPORT cipher suites during compilation

[pratyush parimal]

Hi everyone,

I am trying to disable the EXPORT ciphers in my OpenSSL code, during
compile-time.

I'm able to do so at runtime by including '!EXP' in the string I use with
SSL_CTX_set_cipher_list(). However, I'm wondering is there an option (like
'no-rc5') that I can pass to Configure?

./Configure --help says that I can use no-cipher to disable stuff, so I
used no-exp, but I think that didn't work since the list of ciphers I get
from SSL_get_ciphers() still includes EXP-... ciphers.

So does anyone know of a way to compile them out?

Thanks,
Pratyush
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to get list of TLS protocols supported by OpenSSL?

[pratyush parimal]

Hi,

I'm writing a client-server program that uses TLS for communication.
I'm wondering if there's any way to programmatically find out which TLS
protocol versions are supported by the OpenSSL library installed on my
system.

I'm currently aware of three ways which "sort of" provide this information:
(1) After setting up the TLS communication, call: SSL_get_version(ssl);
which returns "TLSV1.2", etc.
(2) Try to connect to a server using TLS by specifying all possible TLS
versions in the client program, and see which connections pass/fail.
(3) Call: SSL_get_ciphers(), print their names, and try to correlate them
with the protocol they're associated with.

Unfortunately, none of the above answer my question completely.

So is it possible to ascertain which TLS protocol versions are actually
supported by my server-program, without trying the above methods? My
purpose is not to simply make a list for my own reference, but rather
finding it out on-the-fly in the server-side program, since I may run it on
different versions of OpenSSL.

Thanks in advance!
Pratyush
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Custom Random number generation while in Fips mode

[pratyush parimal]

Hi Thomas,

Thanks for your response! It clears up matters a lot :)

There's one thing that I thought of though -- even though I'm generating
the salt via non-OpenSSL means, the actual function that I'm using for
hashing is "SHA512" from FIPS OpenSSL.
Does the mere usage of salt that was generated via a non-FIPS-recommended
approach violate my compliance ?

I understand what you mean by "I'm not an auditor or a lawyer" , but I'd
still appreciate your opinion / experience in the matter :)

Thanks,
Pratyush.

On Thu, Jul 28, 2016 at 10:23 AM, Thomas Francis, Jr. <
thomas.francis...@pobox.com> wrote:

>
> > On Jul 27, 2016, at 8:18 PM, pratyush parimal <
> pratyush.pari...@gmail.com> wrote:
> >
> > Hi all,
> >
> > I work on a consumer application which is striving to be fips-140-2
> compliant.
> >
> > I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certain parts of the same application, I'm
> using my own non-OpenSSL random number generator to generate salts for
> hashing passwords for the app user accounts(I'm not using RAND_bytes).
> >
> > Does anyone know if using my custom random number generator in this way
> violates the app's fips compliance?
>
> That’s almost certainly a violation.  There might be a few edge cases
> where it is not, but they’re very unlikely.  To determine if you’re even
> close to such cases, ask: Does the RNG I’m using come from another FIPS 140
> validated cryptographic module?  Am I using that module in approved mode?
> Am I using that module according to its security policy?  Do I have
> explicit permission from the customers’ auditors to mix two modules in my
> product?
>
> If the answer to all of those questions is yes, you _might_ be OK, for
> now.  A few auditors (in the past, anyway) considered it OK to mix modules,
> while other auditors say no.  My own reading of FIPS 140-2 is that you may
> not mix modules.  But I’m not an auditor or a lawyer. :)
>
> The other question to ask is: can I clearly explain that the use of the
> non-approved RNG is for non-cryptographic purposes, and easily justify that
> explanation?  Given what you said about why you’re using it, I’m pretty
> sure the answer to that one is “no”. :)  And even if you could, that’s
> still a very weak argument to be making to your customers’ auditors, who
> may decide it’s still not allowed even if they agree it’s for
> non-cryptographic purposes.
>
> > Am I really supposed to be using
> > RAND_bytes for compliance reasons?
>
> Yes.
>
> > Thanks in advance!
> > Pratyush.
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Recommended sequence for FIPS_mode_set(), RAND_load_file() and SSL_library_init()

[pratyush parimal]

Hi everyone,

I'm writing an application which can operate in FIPS mode, for which I'm
calling FIPS_mode_set().
At one point, I'm also seeding the PRNG using RAND_load_file() so I can
generate random bytes later.

What I'm unsure about is that for FIPS mode operation, am I required to do
the seeding after calling FIPS_mode_set() or is it OK for me to call it
before as well?

Also, what about the calls to initialization functions like
SSL_library_init() ?

I'd really appreciate if someone could help me understand the proper
sequence of these function calls from a FIPS 140-2 compliance perspective.

Thanks in advance!
Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Custom Random number generation while in Fips mode

[pratyush parimal]

Hi all,

I work on a consumer application which is striving to be fips-140-2
compliant.

I'm using OpenSSL as recommended in the fips guide by invoking
fips_mode_set(). However, in certain parts of the same application, I'm
using my own non-OpenSSL random number generator to generate salts for
hashing passwords for the app user accounts(I'm not using RAND_bytes).

Does anyone know if using my custom random number generator in this way
violates the app's fips compliance? Am I really supposed to be using
RAND_bytes for compliance reasons?

Thanks in advance!
Pratyush.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?

[pratyush parimal]

Hi all,

I see a lot of questions and answers about how to
handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand
that the error is returned when the SSL library needs to do a handshake in
the middle of read/write operation, so we need to repeat the call when the
appropriate event happens.

But what I don't understand is, why does the library need to re-do the
handshake? If I set up my program so go through the SSL_connect/accept
calls properly (and handle SSL_ERROR_WANT_READ/WRITE in there properly) and
do the handshake successfully in the beginning itself, then why does the
library need to do a handshake again?

If I'm happy with my initial handshake, is there a way to disable
subsequent handshaking for that socket?

Thanks,
Pratyush.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Programmatically check private key and public key cert?

[pratyush parimal]

Hi,

Hope everyone is having a good new year so far!

I'm trying to find a way to make sure that a private-key/public-key-cert
pair I'm given, will absolutely work when I stick  them into my SSL_CTX*
object and try to use that for ssl. Short of trying to simulate a test ssl
connection over localhost for testing them out, is there a way to ensure
that?

After googling, it seems that I may be able to verify that by comparing the
modulus from the key and the cert. Does anyone know if that's sufficient,
and how to do it programmatically?

I was also wondering if I should just try to perform an encrypt-decrypt
sequence using the pair I have, and use the success of that as confirmation
that my ssl connection will work later, as far as the certs are concerned.
Would that be the right way to go about it?

What do you guys think?
Thanks in advance!
- Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL Cert serial number non-uniqueness impact

[pratyush parimal]

Hi everyone,

I read  from several sources that the serial number of a cert MUST be
unique within a CA. But could someone explain what would happen if the
serial number was not unique?

Would it cause SSL connections to fail in some manner? I think I'm a little
unclear about the "purpose" of the serial number in the first place. Is it
just something the CA uses to keep track of what/how many certificates it
has issued, or does it play a part in the SSL connection itself?

Thanks in advance!
Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Correct way to free SSL_CTX* ?

[pratyush parimal]

Hi all,

I'm trying to write an application in which I create an instance of
SSL_CTX* using SSL_CTX_new(), and set the following things in it:

(1) An EVP_PKEY* :
1a> created with PEM_read_bio_PrivateKey().
1b> set in the ctx using SSL_CTX_use_PrivateKey().

(2) A number of X509* instances (cuz chained certs) :
2a> all created with PEM_read_bio_X509().
2b> set in the ctx using SSL_CTX_use_certificate() or
SSL_CTX_add_extra_chain_cert().

At the end, I use SSL_CTX_free() to free up the ctx. According to the man
page for SSL_CTX_free():

"SSL_CTX_free() decrements the reference count of ctx, and removes the
SSL_CTX object pointed to by ctx and frees up the allocated memory if the
the reference count has reached 0.
   It also calls the free()ing procedures for indirectly affected
items, if applicable: the session cache, the list of ciphers, the list of
Client CAs, the certificates and keys. "

... which tells me that freeing the SSL_CTX should free up its memory as
well as the things I set inside of it (unless I'm interpreting it super
wrong?) like " ... certificates and keys".
The problem is, when run my application under valgrind, I keep seeing
memory leaks for both steps (1a) and (2a).

I tried to get rid of them, by using EVP_PKEY_free() after I'm done setting
in step (1b). This works, and the leak for step (1a) goes away.
When I try to do the same for step (2), i.e. calling X509_free() after
every successful "set" call, I get a coredump (backtrace is attached:
bt_1.txt), coming out of SSL_CTX_free, suggesting that I did something
wrong.


Which brings me to my question, does anyone know the correct way to free
memory in SSL_CTX ? Or, what's wrong with my steps? The application doesn't
even perform SSL yet, I'm just trying to create/destroy SSL_CTX objects
without leaks first. Any help would be appreciated!


Thanks in advance,
-Pratyush.
Leak when I don't free the X509* objects manually.
Line test_ssl_leak.cpp:241 actually has a call to PEM_read_bio_X509.

==27639== 
==27639== HEAP SUMMARY:
==27639== in use at exit: 163,236 bytes in 2,948 blocks
==27639==   total heap usage: 5,063 allocs, 2,115 frees, 398,442 bytes allocated
==27639== 
==27639== 3,659 (184 direct, 3,475 indirect) bytes in 1 blocks are definitely 
lost in loss record 278 of 282
==27639==at 0x4C2DB8F: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27639==by 0x5105E77: CRYPTO_malloc (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==27639==by 0x51E1443: asn1_item_ex_combine_new (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==27639==by 0x51E3EB0: ASN1_item_ex_d2i (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==27639==by 0x51E449A: ASN1_item_d2i (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==27639==by 0x51F33AD: PEM_ASN1_read_bio (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==27639==by 0x4173B8: makeDataSSLCtx(std::__cxx11::basic_string const&, 
std::__cxx11::basic_string 
const&, std::__cxx11::basic_string const&, bool) (test_ssl_leak.cpp:241)
==27639==by 0x417BE0: test_ssl_leak() (test_ssl_leak.cpp:487)
==27639==by 0x4083CE: main (test2.cpp:53)
==27639== 
==27639== LEAK SUMMARY:
==27639==definitely lost: 184 bytes in 1 blocks
==27639==indirectly lost: 3,475 bytes in 94 blocks
==27639==  possibly lost: 0 bytes in 0 blocks
==27639==still reachable: 159,577 bytes in 2,853 blocks
==27639== suppressed: 0 bytes in 0 blocks
==27639== Reachable blocks (those to which a pointer was found) are not shown.
==27639== To see them, rerun with: --leak-check=full --show-leak-kinds=all


==
Core dump after I do call X509_free after a successful call to 
SSL_CTX_use_certificate() or SSL_CTX_add_extra_chain_cert()


#0  ASN1_STRING_free (a=0x40) at asn1_lib.c:428
#1  0x7f53f2fa5675 in ASN1_primitive_free (pval=, 
it=) at tasn_fre.c:244
#2  0x7f53f2fa5aaf in ASN1_template_free (pval=0x1627060, 
tt=tt@entry=0x7f53f3295970 ) at tasn_fre.c:191
#3  0x7f53f2fa57e2 in asn1_item_combine_free 
(pval=pval@entry=0x7ffe273ef1a8, it=0x7f53f328eb20 , 
combine=combine@entry=0) at tasn_fre.c:166
#4  0x7f53f2fa59f5 in ASN1_item_free (val=0x1627050, it=) at 
tasn_fre.c:72
#5  0x7f53f2f81041 in sk_pop_free (st=0x1628520, func=0x405380 
) at stack.c:327
#6  0x7f53f32e8da7 in SSL_CTX_free (a=0x16249d0) at ssl_lib.c:2152
#7  0x00417d69 in std::unique_ptr::reset (this=0x7ffe273ef220, __p=0x16249d0) at 
/usr/include/c++/5/bits/unique_ptr.h:344
#8  0x00417c33 in test_ssl_leak () at ../src/test_ssl_leak.cpp:492
#9  0x004083cf in main () at ../src/test2.cpp:53
-- 
openssl-users mailing list
To unsubscribe: 

Re: [openssl-users] Correct way to free SSL_CTX* ?

[pratyush parimal]

Hi all,

I think I found the way to fix the memory leak in my application. Just
floating it here in case it helps out someone else.
The answer was on the wiki page for SSL_CTX_add_extra_chain_cert():

"The *x509* certificate provided to SSL_CTX_add_extra_chain_cert() will be
freed by the library when the *SSL_CTX* is destroyed. An application *should
not* free the *x509* object."

The trick was to realize that the cert added via SSL_CTX_use_certificate()
can be (and should be, I think) free'd manually right after this call.
Otherwise you've got a memory leak on your hands. But the certs added
using SSL_CTX_add_extra_chain_cert() should not be free'd up manually -
those are cleaned up SSL_CTX_free later at the end of the application.

After doing this, the memory leak and the crash both went away.

Thanks,
-Pratyush.


On Sun, Jan 28, 2018 at 10:20 PM, J Decker <d3c...@gmail.com> wrote:

>
>
> On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal <
> pratyush.pari...@gmail.com> wrote:
>
>> Hi all,
>>
>> I'm trying to write an application in which I create an instance of
>> SSL_CTX* using SSL_CTX_new(), and set the following things in it:
>>
>> (1) An EVP_PKEY* :
>> 1a> created with PEM_read_bio_PrivateKey().
>> 1b> set in the ctx using SSL_CTX_use_PrivateKey().
>>
> after setting key, free key
>
>>
>> (2) A number of X509* instances (cuz chained certs) :
>> 2a> all created with PEM_read_bio_X509().
>> 2b> set in the ctx using SSL_CTX_use_certificate() or
>> SSL_CTX_add_extra_chain_cert().
>>
> after setting certs, free certs.
>
>>
>> At the end, I use SSL_CTX_free() to free up the ctx. According to the man
>> page for SSL_CTX_free():
>>
>> "SSL_CTX_free() decrements the reference count of ctx, and removes the
>> SSL_CTX object pointed to by ctx and frees up the allocated memory if the
>> the reference count has reached 0.
>>It also calls the free()ing procedures for indirectly affected
>> items, if applicable: the session cache, the list of ciphers, the list of
>> Client CAs, the certificates and keys. "
>>
>> ... which tells me that freeing the SSL_CTX should free up its memory as
>> well as the things I set inside of it (unless I'm interpreting it super
>> wrong?) like " ... certificates and keys".
>> The problem is, when run my application under valgrind, I keep seeing
>> memory leaks for both steps (1a) and (2a).
>>
>> I tried to get rid of them, by using EVP_PKEY_free() after I'm done
>> setting in step (1b). This works, and the leak for step (1a) goes away.
>> When I try to do the same for step (2), i.e. calling X509_free() after
>> every successful "set" call, I get a coredump (backtrace is attached:
>> bt_1.txt), coming out of SSL_CTX_free, suggesting that I did something
>> wrong.
>>
>>
>> Which brings me to my question, does anyone know the correct way to free
>> memory in SSL_CTX ? Or, what's wrong with my steps? The application doesn't
>> even perform SSL yet, I'm just trying to create/destroy SSL_CTX objects
>> without leaks first. Any help would be appreciated!
>>
>>
>> Thanks in advance,
>> -Pratyush.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to compile OpenSSL 1.0.x with versioned symbols ?

[pratyush parimal]

Hi all,

Are people familiar with how to get symbols versioned with versions
like "OPENSSL_1.0.x" in the libcrypto.so after compiling it
yourselves?

I have an application which was compiled and dynamically linked
against OpenSSL 1.0.2k on a CentOS 6.7 machine. I'm trying to run it
on a system where I've built and installed OpenSSL 1.0.2k myself. For
compilation, I followed the instructions on the wiki page:
https://wiki.openssl.org/index.php/Compilation_and_Installation? ,
i.e. I did:
./Configure ...
make depend
make
make install

Problem is, on execution my application complains that: "OPENSSL_1.0.2
not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so
on the CentOS machine, I see some symbols versioned with the version
number "OPENSSL_1.0.2" within the library. But these seem to be
missing in the libcrypto.so which I built using the instructions
above. Any idea how to get those symbols in ? Or how to get around
this issue?

Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not
have this problem. In fact, as part of the build process, it seems to
generate two map files: ssl.map and crypto.map, which get passed as
--version-script=ssl.map and --version-script=crypto.map sometime to
the compiler. I also noticed that in that version of OpenSSL, there's
a script called util/mkdef.pl which generates those map files.

OpenSSL 1.0.2k for example, does not seem to generate those map files
as part of the build process. Any idea how to generate them? I saw an
example of how CentOS seems to be putting versioned symbols in using a
patch 
(https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch),
but if someone could explain how to do that for any OpenSSL version,
it would be very helpful.

Thanks in advance!
Pratyush.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Workaround for "SSL_CTX_use_certificate:ca md too weak"

[pratyush parimal]

Hi everyone,

I'm upgrading a server application from using OpenSSL 1.0.2n to using
OpenSSL 1.1.0g.
I noticed that after the upgrade, some SSL certs get rejected because they
use an MD5 digest, with the error:
"SSL_CTX_use_certificate:ca md too weak"

While I could ask clients to get a better CA certificate, it takes some of
them a long time to do so. I was wondering if there's a way I could
compile/configure the OpenSSL on my server to accept those certificates
after all. Does anyone know?

I found links such as:
https://mta.openssl.org/pipermail/openssl-users/2017-October/006670.html
and
https://www.spinics.net/lists/openssl-users/msg06669.html
and a few others but they don't apply to my case I think.

Also, if the client does find it possible to get re-generated certs, would
it be both the client cert and the CA? Or just one of them?

Thanks in advance!
Best,
Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Should I stop using locking callbacks in OpenSSL 1.1.0x ?

[pratyush parimal]

Hi all,

I'm trying to migrate some application code from OpenSSL 1.0.1e to 1.1.0g.
I keep seeing that the locking and threading callbacks I had used earlier
(with CRYPTO_set_locking_callback and CRYPTO_set_id_callback respectively)
now show up as "unused" during compilation.

I checked https://www.openssl.org/blog/blog/2017/02/21/threads/ and it
seems like OpenSSL is trying to ditch callbacks and use more native
facilities. In 1.1.0g's crypto.h, CRYPTO_set_locking_callback is defined as
a no-op, with the following comment:

/*
 * The old locking functions have been removed completely without
compatibility
 * macros. This is because the old functions either could not properly
report
 * errors, or the returned error values were not clearly documented.
 * Replacing the locking functions with with no-ops would cause race
condition
 * issues in the affected applications. It is far better for them to fail at
 * compile time.
 * On the other hand, the locking callbacks are no longer used.
Consequently,
 * the callback management functions can be safely replaced with no-op
macros.
 */

Does this mean I can safely remove all usages of the above functions from
my application code? I'd appreciate if someone could explain the above
comment in a little more detail or confirm what I'm saying. Or has anyone
else been in the same situation?

Thanks,
Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Is EVP_BytesToKey() still recommended ?

[pratyush parimal]

Hi everyone,

I'm trying to find a way to convert a string password to an AES-256
encryption key. I came across EVP_BytesToKey(), but the man-page says at
the end:

"Newer applications should use a more modern algorithm such as PBKDF2 as
defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".

Does this mean I shouldn't use EVP_BytesToKey(), and should instead find
out how to use PBKDF2 ? Or do I need to find out how to get EVP_BytesToKey()
to use PBKDF2?

Any clarifications will be appreciated!
-Pratyush.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] When to call ERR_clear_error() ?

[pratyush parimal]

Hi all,

I have a multi-threaded SSL server application which uses
SSL_write()/SSL_read() calls.

In my write-loop, whenever SSL_write() returns <= 0, I call
SSL_get_error() to see what happened, and then proceed based on what I
find. After that, I call ERR_clear_error() because I think I need to
clear the error queue for the current thread.

Is calling ERR_clear_error() the right thing to do? The manpage for
SSL_get_error() says:

" ... SSL_get_error() inspects the current thread's OpenSSL error
queue.  Thus, SSL_get_error() must be used in the same thread that
performed the TLS/SSL I/O operation, and no other OpenSSL function
calls should appear in between.  The current thread's error queue must
be empty before the TLS/SSL I/O operation is attempted, or
SSL_get_error() will not work reliably."


My reason for calling ERR_clear_error() is to make sure that  " ...
current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted ...".  My application is multi-threaded and I
don't want SSL errors from one thread to cause with other threads.
What can happen if I don't call ERR_clear_error() ? Could someone
explain the correct/reasonable places I should be using that function?

Thanks,
Pratyush
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users