Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build
In messageon Mon, 22 Aug 2016 19:35:35 +0100, Matt Caswell said: matt> matt> matt> On 22/08/16 18:12, John Foley wrote: matt> > Is anyone seeing the following error when building 1.0.2 stable on Windows: matt> > matt> > Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp matt> > IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest out32dll\sslv2conftest.exe.manifest -outputresource:out32dll\sslv2conftest.exe;1 matt> > cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH -DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c .\ssl\dtlstest.c matt> > dtlstest.c matt> > link /nologo /subsystem:console /opt:ref /debug /out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp matt> >Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp matt> > dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_ctx_pair referenced in function _test_dtls_unprocessed matt> > dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_objects referenced in function _test_dtls_unprocessed matt> > dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_connection referenced in function _test_dtls_unprocessed matt> > dtlstest.obj : error LNK2019: unresolved external symbol _bio_f_tls_dump_filter referenced in function _test_dtls_unprocessed matt> > dtlstest.obj : error LNK2019: unresolved external symbol _mempacket_test_inject referenced in function _test_dtls_unprocessed matt> > out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals matt> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\link.EXE"' : return code '0x460' matt> > Stop. matt> matt> Yes. It needs this to be merged: matt> matt> https://github.com/openssl/openssl/pull/1470 ... which finally happened, just now. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build
On 22/08/16 18:12, John Foley wrote: > Is anyone seeing the following error when building 1.0.2 stable on Windows: > > Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp > IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest > out32dll\sslv2conftest.exe.manifest > -outputresource:out32dll\sslv2conftest.exe;1 > cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 > -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo > -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN > -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m > -IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM > -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. > -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 > -DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH > -DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE > -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app > -c .\ssl\dtlstest.c > dtlstest.c > link /nologo /subsystem:console /opt:ref /debug > /out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp >Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp > dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_ctx_pair > referenced in function _test_dtls_unprocessed > dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_objects > referenced in function _test_dtls_unprocessed > dtlstest.obj : error LNK2019: unresolved external symbol > _create_ssl_connection referenced in function _test_dtls_unprocessed > dtlstest.obj : error LNK2019: unresolved external symbol > _bio_f_tls_dump_filter referenced in function _test_dtls_unprocessed > dtlstest.obj : error LNK2019: unresolved external symbol > _mempacket_test_inject referenced in function _test_dtls_unprocessed > out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio > 12.0\VC\BIN\link.EXE"' : return code '0x460' > Stop. Yes. It needs this to be merged: https://github.com/openssl/openssl/pull/1470 Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] OpenSSL_1_0_2-stable Windows build
Is anyone seeing the following error when building 1.0.2 stable on Windows: Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest out32dll\sslv2conftest.exe.manifest -outputresource:out32dll\sslv2conftest.exe;1 cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH -DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c .\ssl\dtlstest.c dtlstest.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_ctx_pair referenced in function _test_dtls_unprocessed dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_objects referenced in function _test_dtls_unprocessed dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_connection referenced in function _test_dtls_unprocessed dtlstest.obj : error LNK2019: unresolved external symbol _bio_f_tls_dump_filter referenced in function _test_dtls_unprocessed dtlstest.obj : error LNK2019: unresolved external symbol _mempacket_test_inject referenced in function _test_dtls_unprocessed out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\link.EXE"' : return code '0x460' Stop. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2676] 1.0.1-beta1 issue: RSA exponent 1 is NOT ok
This is fixed in 1.0.2 (commit 561530d) and master/1.1.0 (commit 464d59a). Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2676 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check
I may not have time to fully digest the change before the release date, but I'm not sure this snippet quite works: if (ctx->read_start == ctx->read_end) { /* time to read more data */ ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); ctx->read_end += BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); } i = ctx->read_end - ctx->read_start; if (i <= 0) { It's kind of an odd error-checking pattern and is only saved from undefined behavior by BUF_OFFSET. (Is a custom BIO allowed to return -1,000,000 on error or must it be -1? There are definitely some OpenSSL APIs which return -2 expecting that the usual error-check patterns don't care.) Anyway, I believe it gets stuck if non-blocking BIO causes BIO_read to fail on a retryable error like EWOULDBLOCK and we try again. I see calls to BIO_should_retry, so I gather this BIO is intended to work in front of a non-blocking BIO. Since the error path should only be reachable when BIO_read fails, maybe move that inside the "read more data" codepath? Then you don't need pointer tricks to avoid duplicating the code. David On Sun, Aug 21, 2016 at 5:57 PM Andy Polyakov via RTwrote: > There are two commits, one that addresses bio_enc problems and one > adding test. Please double-check. > > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628 > Please log in as guest with password guest if prompted > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
All merged now, closing ticket. On Mon Aug 22 13:30:02 2016, levitte wrote: > Perfect. > > Fix has been merged into master, but I'll wait with closing this until > I get a > yay or nay about the corresponding 1.0.2 fix. > > Cheers, > Richard > > On Mon Aug 22 13:12:58 2016, beld...@gmail.com wrote: > > Dear Richard, > > > > Thank you, it works. > > > > On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT > >> > wrote: > > > > > The issue isn't with the pre-created key, but because '-x509' > > > doesn't > > > fully > > > flag that something new is to be created. The freeze is because > > > 'openssl > > > req' > > > tries to read a csr... '-newkey', however, does flag the creation > > > of > > > a csr > > > / > > > x509, that's why the alternative command works. > > > > > > Fix in https://github.com/openssl/openssl/pull/1479 > > > > > > Cheers, > > > Richard > > > > > > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote: > > > > Hello openssl team, > > > > > > > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev > > > > > > > > I use Debian GNU Linux, the version is 8.5 > > > > The kernel version is > > > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016- > > > > 04- > > > > 08) > > > > x86_64 GNU/Linux > > > > > > > > I have created a private key with a command > > > > > > > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 > > > > > > > > in the build directory. > > > > > > > > When I execute the command > > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req > > > > -x509 > > > -key > > > > rsa2048.pem -keyform PEM -out cert.pem > > > > > > > > in the build directory, it seems to hang and does not print any > > > > prompt. > > > > > > > > The command line > > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req > > > > -x509 > > > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > > > > > works ok. > > > > > > > > What's done wrong by me? > > > > > > > > > > > > > -- > > > Richard Levitte > > > levi...@openssl.org > > > > > > -- > > > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > > > Please log in as guest with password guest if prompted > > > > > > > > > -- > Richard Levitte > levi...@openssl.org -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4657] Bug - SSL Library Error - BUF_MEM_grow:malloc failure
Hi, Our product (32-bit process) uses OpenSSL third-party libraries for EAP protocols. During the debugging of a customer issue in PEAP protocol, we got to understand that SSL_Accept has returned failure. STATE_HANDSHAKE SSL_ERROR_SSL error retrun code [1] and peak error translate code [39] and err_get_reason [1048] // Error code, Error cases(Reason) 8900:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:.\ssl\s3_pkt.c:1235:SSL alert number 48 // Error Queue SSL_ERROR_SSL Handshake failure On further analyzing, we found that handshake failure is due to the "BUF_MEM_grow : malloc failure" in the server after the 'n' number of authentications. The memory buffer gets completely allocated and handshake is failed when we tried to allocate the memory. STATE_HANDSHAKE SSL_ERROR_SSL error retrun code [1] and peak error translate code [2] and err_get_reason [65] 7820:error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure:.\crypto\buffer\buffer.c:122: SSL_ERROR_SSL Handshake failure Total memory that is installed on the server: 4GB Process memory size when the issue occurs: 360 ~ 370 MB Operating System Version - Windows Server 2008 OpenSSL version - 0.9.7e, 1.0.0s Please let us know if there are known issues related to the same or let us know if you require further information for your debugging. Regards, Nomalatha A -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4657 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4656] [BUG] print_bin could access memory off the end of a buffer
In file crypto/ec/eck_prn.c, if the function print_bin is called with len >= 15 and off >= 124, we would eventually hit line 261: memset( &(str[1]), ' ', off + 4 ); which would write >= 128 bytes into a 127-byte buffer. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4656 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
Perfect. Fix has been merged into master, but I'll wait with closing this until I get a yay or nay about the corresponding 1.0.2 fix. Cheers, Richard On Mon Aug 22 13:12:58 2016, beld...@gmail.com wrote: > Dear Richard, > > Thank you, it works. > > On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT >> wrote: > > > The issue isn't with the pre-created key, but because '-x509' doesn't > > fully > > flag that something new is to be created. The freeze is because > > 'openssl > > req' > > tries to read a csr... '-newkey', however, does flag the creation of > > a csr > > / > > x509, that's why the alternative command works. > > > > Fix in https://github.com/openssl/openssl/pull/1479 > > > > Cheers, > > Richard > > > > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote: > > > Hello openssl team, > > > > > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev > > > > > > I use Debian GNU Linux, the version is 8.5 > > > The kernel version is > > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04- > > > 08) > > > x86_64 GNU/Linux > > > > > > I have created a private key with a command > > > > > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 > > > > > > in the build directory. > > > > > > When I execute the command > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req > > > -x509 > > -key > > > rsa2048.pem -keyform PEM -out cert.pem > > > > > > in the build directory, it seems to hang and does not print any > > > prompt. > > > > > > The command line > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req > > > -x509 > > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > > > works ok. > > > > > > What's done wrong by me? > > > > > > > > > -- > > Richard Levitte > > levi...@openssl.org > > > > -- > > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > > Please log in as guest with password guest if prompted > > > > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
Dear Richard, Thank you, it works. On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RTwrote: > The issue isn't with the pre-created key, but because '-x509' doesn't fully > flag that something new is to be created. The freeze is because 'openssl > req' > tries to read a csr... '-newkey', however, does flag the creation of a csr > / > x509, that's why the alternative command works. > > Fix in https://github.com/openssl/openssl/pull/1479 > > Cheers, > Richard > > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote: > > Hello openssl team, > > > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev > > > > I use Debian GNU Linux, the version is 8.5 > > The kernel version is > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) > > x86_64 GNU/Linux > > > > I have created a private key with a command > > > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 > > > > in the build directory. > > > > When I execute the command > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 > -key > > rsa2048.pem -keyform PEM -out cert.pem > > > > in the build directory, it seems to hang and does not print any prompt. > > > > The command line > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > works ok. > > > > What's done wrong by me? > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
Dear Richard, Thank you, it works. On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RTwrote: > The issue isn't with the pre-created key, but because '-x509' doesn't fully > flag that something new is to be created. The freeze is because 'openssl > req' > tries to read a csr... '-newkey', however, does flag the creation of a csr > / > x509, that's why the alternative command works. > > Fix in https://github.com/openssl/openssl/pull/1479 > > Cheers, > Richard > > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote: > > Hello openssl team, > > > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev > > > > I use Debian GNU Linux, the version is 8.5 > > The kernel version is > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) > > x86_64 GNU/Linux > > > > I have created a private key with a command > > > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 > > > > in the build directory. > > > > When I execute the command > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 > -key > > rsa2048.pem -keyform PEM -out cert.pem > > > > in the build directory, it seems to hang and does not print any prompt. > > > > The command line > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > works ok. > > > > What's done wrong by me? > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
The issue isn't with the pre-created key, but because '-x509' doesn't fully flag that something new is to be created. The freeze is because 'openssl req' tries to read a csr... '-newkey', however, does flag the creation of a csr / x509, that's why the alternative command works. Fix in https://github.com/openssl/openssl/pull/1479 Cheers, Richard On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote: > Hello openssl team, > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev > > I use Debian GNU Linux, the version is 8.5 > The kernel version is > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) > x86_64 GNU/Linux > > I have created a private key with a command > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 > > in the build directory. > > When I execute the command > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -key > rsa2048.pem -keyform PEM -out cert.pem > > in the build directory, it seems to hang and does not print any prompt. > > The command line > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > works ok. > > What's done wrong by me? > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key
Hello openssl team, I experience problems with openssl version OpenSSL 1.1.0-pre7-dev I use Debian GNU Linux, the version is 8.5 The kernel version is Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux I have created a private key with a command LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048 in the build directory. When I execute the command OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem in the build directory, it seems to hang and does not print any prompt. The command line OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem -nodes works ok. What's done wrong by me? -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg
>>> * Fix ecp_nistz256_mul_by_2 and ecp_nistz256_mul_by_3 to fully reduce >>> their outputs. >>> >>> * Fix ecp_nistz256_add to fully reduce its output. >> >> As for specifically addition see below. As for fixing mul_by_[23] and >> the fact that they use addition. There are two ways. a) Modify addition >> so that it *preserves* property of being fully reduced and leave >> mul_by_[23] as is. b) Let addition as is and add additional step to >> mul_by_[23]. The choice of approach can be platform-specific. For >> example on x86_64 a) is simpler and appears more efficient. After considering other ecp_nistz256-enabled platforms a) appears better choice on all of them. It probably holds universally true, but I would still mention b) in commentary... -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Crypto Module Config
In message <42bcb3fd-f5e2-404e-8981-e5cd304f4...@unh.newhaven.edu> on Mon, 22 Aug 2016 04:16:22 +, "Schmicker, Robert"said: rschm2> Hello, rschm2> rschm2> I am working on building a new crypto module that works with openssl. rschm2> I have looked through the source code and found the /crypto/ folder rschm2> which would be where this module would reside. However, if I duplicate rschm2> a folder such as md5 within the /crypto/ folder and rename it to say rschm2> “helloworld”, helloworld does not show up to be compiled in the rschm2> makefile. I edited line 856 to include “helloworld” in the config rschm2> file. What is the proper way for the config file, in the root rschm2> directory, to add “helloworld” into the makefile. rschm2> rschm2> Any guidance would be much appreciated. Assuming we're talking about the master branch (i.e. upcoming version 1.1), then you need to add "helloworld" to the 'sdirs' configuration. In line 250 in Configure, you will find this line: $config{sdirs} = [ Simply add "helloworld" to the values you find following that line. Assuming we're talking about the version 1.0.2 series, then the procedure is approximately the same. There, you have to look up this line in Makefile.org: SDIRS= \ ... and add helloworld to its values. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Crypto Module Config
Hello, I am working on building a new crypto module that works with openssl. I have looked through the source code and found the /crypto/ folder which would be where this module would reside. However, if I duplicate a folder such as md5 within the /crypto/ folder and rename it to say “helloworld”, helloworld does not show up to be compiled in the makefile. I edited line 856 to include “helloworld” in the config file. What is the proper way for the config file, in the root directory, to add “helloworld” into the makefile. Any guidance would be much appreciated. Best, Rob Schmicker -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev